Coldfusion - Google OAuth2.0 not working in hosted environment on Safari

1.8k views Asked by At

I am having an issue with the Google OAuth using cfhttp in Safari. It works in my local environment but on our hosted environment everytime I use google oauth, I get the return code below:

Error detail:

string  400 Bad Request

File content:

string  { "error" : "invalid_grant", "error_description" : "Code was already redeemed." }

Header:

string HTTP/1.1 400 Bad Request Content-Type: application/json Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Fri, 01 Jan 1990 00:00:00 GMT Date: Sat, 22 Nov 2014 01:38:30 GMT X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN X-XSS-Protection: 1; mode=block Server: GSE Alternate-Protocol: 443:quic,p=0.02 Transfer-Encoding: chunked

    <cffunction name="getGoogleToken" access="public" output="false">
    <cfargument name="Event" type="any">
    <cfargument name="code" type="any">
    <cfset var rc = Event.getCollection() />
    <cfscript>
        var postBody = "code=" & UrlEncodedFormat(arguments.code) & "&";
             postBody = postBody & "client_id=" & UrlEncodedFormat(rc.googleclientid) & "&";
             postBody = postBody & "client_secret=" & UrlEncodedFormat(rc.googleclientsecret) & "&";
             postBody = postBody & "redirect_uri=" & UrlEncodedFormat(rc.googlecallback) & "&";
             postBody = postBody & "grant_type=authorization_code";

    </cfscript>
    <cfhttp url="https://accounts.google.com/o/oauth2/token" method="post" result="result" charset="utf-8"> 
        <cfhttpparam type="header" name="Content-Type" value="application/x-www-form-urlencoded"> 
        <cfhttpparam type="body" value="#postBody#"> 
    </cfhttp>               
    <cfdump var="#result#" />
    <cfabort>
    <cfreturn deserializeJSON(result.filecontent.toString()) />
</cffunction>
1

There are 1 answers

0
Parisa Taherian On

"Code was already redeemed." error means that you are trying to use an authorization code that has already been used. for example it call in two functions and therefore twice send a request for access token. Note that the given authorization code can be used only once.