[ColdBox 4.1] OAuth 2.0


Lately, I have been reading about OAuth 2.0 in an effort to create the OAuth 2.0 Provider side. However, I am either not looking in the right places on the internet or there simply not much out there for CFML developers to implement the OAuth 2.0 Provider portion. Everything I am finding related to OAuth 2.0 and CFML is designed for the Client side and I find one Provider in CFML written for OAuth 1.0 in RIAForge.

Would any of you happen to have or can refer to shareable code or references to lead me in the right direction for creating the OAuth 2.0 to implement as a Provider? Essentially, I need to create the OAuth server (preferably using ColdBox) for Clients to connect to us.

Thank you for any assistance!
Ryan Hinton

Hi Ryan,

I was posting a similar thread. Strange coincidence.

I also need an oauth2 provider for coldbox and haven’t found anything on cfml world. However I’ve found this php library: GitHub - thephpleague/oauth2-server: A spec compliant, secure by default PHP OAuth 2.0 Server that seems very well suited for my needs.
So I’m thinking to port this library to coldfusion and I’d like some suggestion from Luis on what would be the best approach to convert this library to a coldbox module.

I also need an oauth2 provider for coldbox and haven’t found anything on cfml world.





Oops. That first link was supposed to be

Those seems client library. I would like to build an oauth2 server provider.

Hi Guys,

Thank you for the your feedback, I was being to think I was hearing crickets on this topic. haha

QuackFuzed, Tropicalista is correct. Those are OAuth Clients, except for Harry Klein’s which supplies both Client and Provider, but that version on RIAForge is OAuth 1.0 and not OAuth 2.0.

I was communicating with someone on the Lucee forum and they are thinking that maybe Harry Klein’s OAuth 1.0 might be able to be refactored into becoming OAuth 2.0. I’m not sure since I have not viewed Harry’s code to see what it would take, but maybe it might also be a possibly to upgrade it from 1.0 to 2.0, Tropicalista?

We are currently looking at spinning up a server solely as a OAuth Provider utilizing Apache OLTU. It looks solid. While we get that up and running, I think it would still be great to get something ported over and then we could always swap OLTU out with a ported CFML OAuth 2.0 Provider, if we ever wanted to do so.

I would like to keep tabs with you Tropicalista, if you do not mind.

  • Ryan Hinton

Ah. Sorry, guys. :frowning:

No worries at all, QuackFuzed. When I saw your post, I was excited for a second that there might be something! lol :slight_smile:

Out of curiosity, have you looked at Java or Groovy options? I’d be pretty surprised if there aren’t any solid options available there. And it’d be no biggie to leverage that from Railo/Lucee.

Hi Matt,

We have decided to implement a Java version for now.

:: thumbs up ::