ColdFusion 11 and Obtaining Authorization Token

Hi All,

Like I’ve seen a few people here, I seem to have trouble with the the oauth_token and having a user log into my website using their twitch account. Please see below for details about the process.

Below is the process I currently have in place:

  1. Success - Client reaches page: and clicks “Login with Twitch”
  2. Success - The request gets sent to Twitch for authentication where the client accepts/approves the request
  3. Success - The client is redirected to
  4. Success - A POST is made to “
  5. Help - Once the POST is made, the client stays on “” where the access_token, refresh_token, and scope are all visible.

What I need help doing, is understanding how to redirect the user (after obtaining the access_token) back to It seems like I have gotten all the information/authorization needed, but at the end of the day, the client finishes this process on twitch’s site and not

Please let me know if I can provide more information.


Don’t send the user to, make the POST request from your application so that your application gets the reply with the token information.

1 Like

You’re not supposed to do this directly with the browser of the client.

One can make the POST request using AJAX in an async way, though again, this uses the client and might be vurnerable.

But the best way to do it, is using PHP on your page, that makes the request before sending the the user somewhere. this would happen in your “redirect.cfm”. If it failed to do this post in PHP, it could actually redirect the user to an error page.

Thank you for the very quick responses guys! I guess my confusion (or just lack of knowledge) is how to make the application make the POST request without the user doing anything. Up until 2 minutes ago, I would have considered myself an average-level CF Programmer… Guess I have some learning to do.

Thanks for the info.

A quick google would give rise to the this LINK -> suggesting to use threads to do it async. I hope this can help you, as I don’t have much CF knowledge.

Perfect JB. Thank you. I had a buddy of mine mention something about a Session Model Theory Hierarchy or something and he suggested looking into that theory to gain an understanding of the processes involved. Unfortunately, my memory wasn’t working that day and I can’t seem to remember the actual name of that theory/hierarchy.

Just to share some more information in case others come across this thread, Ben Nadel is a great resource for Cold Fusion demos and knowledge.

He wrote up a very nice blog on Asynchronous CFThread Tags. Only reason I didn’t come across this sooner was because I didn’t know of the terminology to search for.

Below is the code which ended up resolving my issue. I needed to use the CFHTTP (method = POST) with all of the parameters specified. After that, I needed to deserialize the JSON which was resturned by Twitch. Deserializing the JSON allowed the variables to become accessible to ColdFusion functions.

    <cfhttp url="" method="POST" throwOnError="no" redirect="no" timeout="10" result="token_result">
        <cfhttpparam name="client_id" type="FormField" value="#c_id#">
        <cfhttpparam name="client_secret" type="FormField" value="#c_secret#">
        <cfhttpparam name="grant_type" type="FormField" value="authorization_code">
        <cfhttpparam name="redirect_uri" type="FormField" value="#redirect_uri#">
        <cfhttpparam name="code" type="FormField" value="#code#">

    <cfdump var="#token_result#">

    <cfif isJSON(token_result.Filecontent)>
        <cfset auth_data = DeserializeJSON(#token_result.Filecontent#)>
        <cfdump var="#auth_data#">
        <!--- Enter Error Handeling --->

    <cfcatch type="any">

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.