curlcoldfusioncfhttp

Converting cURL request command to Coldfusion (cfhttp)


I am trying to mimic the following cURL request using ColdFusion CFHTTP

curl -u myCl13nt1D:my53cR3tK3Y -X POST --data "grant_type=password&username=x&password=y" https://www.sitename.net/token
<cfhttp url="https://www.sitename.net/token" method="post" username="x" password="y">
  <cfhttpparam type="url" name="client_id"     value="myCl13nt1D" />
  <cfhttpparam type="url" name="client_secret" value="my53cR3tK3Y" />

  <!--- attempt 1 - without using cfhttp username/password attributes
  <cfhttpparam type="formfield" name="grant_type" value="password" />
  <cfhttpparam type="formfield" name="username" value="x" />
  <cfhttpparam type="formfield" name="password" value="y" /> 
  --->
  <!--- attempt 2 - without using cfhttp username/password attributes
  <cfhttpparam type="formField" name="data" value="grant_type=password&username=x&password=y" />
  --->

  <!--- attempt 3 - using cfhttp username/password attributes --->
  <cfhttpparam type="formField" name="data" value="grant_type=password" />
</cfhttp>

In command prompt, cURL request works returing expected result but using CFHTTP I get the following error (status code 401 Unauthorized )

{"error":"unauthorized_client","error_description":"That application is not registred or blocked"}

I've attempted different ways to pass the required parameters but they all return the same error.


Solution

  • -u myCl13nt1D:my53cR3tK3Y is BasicAuth and split as username/password attributes in cfhttp. Try this instead:

    <cfhttp url="https://www.sitename.net/token" method="post" username="myCl13nt1D" password="my53cR3tK3Y">
      <cfhttpparam type="formfield" name="grant_type" value="password" />
      <cfhttpparam type="formfield" name="username"   value="x"        />
      <cfhttpparam type="formfield" name="password"   value="y"        />
    </cfhttp>
    

    Looking at this request, you are authenticated using BasicAuth, and authorized with the endpoint's username/password login mechanism, most likely OAuth2.