Google oauth token giving 405 error

Question 1

I found the answer: key was to use cfhttpparam type 'body'. As per livedocs "body: specifies the body of the HTTP request. ColdFusion does not automatically set a content-type header or URL encode the body contents. To specify the content-type, use a separate cfhttp tag with type=header. "

Below code is returning me access token now :)

<cfset client_id = "458381219741.apps.googleusercontent.com">
<cfset client_secret = "**********">
<cfset callback = "http://console.mbwebportal.com/oauth2callback">

<cfset postBody = "code=" & UrlEncodedFormat(url.code) & "&">
<cfset postBody = postBody & "client_id=" & UrlEncodedFormat(client_id) & "&">
<cfset postBody = postBody & "client_secret=" & UrlEncodedFormat(client_secret) & "&">
<cfset postBody = postBody & "redirect_uri=" & UrlEncodedFormat(callback) & "&">
<cfset postBody = postBody & "grant_type=authorization_code">
<cfhttp method="post" url="https://accounts.google.com/o/oauth2/token">
    <cfhttpparam name="Content-Type" type="header" value="application/x-www-form-urlencoded">
    <cfhttpparam type="body" value="#postBody#">
</cfhttp>

Question 2

Found a similar post here Google OAuth 2 authorization - swapping code for token. The answer for them was to url encode the client secret key and redirect uri. In ColdFusion you can use the URLEncodedFormat() function to do that for you.

<cfhttp method="POST" url="http://accounts.google.com/o/oauth2/token" >
    <cfhttpparam type="Formfield" name="code" value="#url.CODE#">
    <cfhttpparam type="Formfield" name="client_id" value="458381219741.apps.googleusercontent.com">
    <cfhttpparam type="Formfield" name="client_secret" value="#URLEncodedFormat(XXXXXXX)#">
    <cfhttpparam type="Formfield" name="redirect_uri" value="#URLEncodedFormat("http://console.mbwebportal.com/oauth2callback")#">
    <cfhttpparam type="Formfield" name="grant_type" value="authorization_code">
</cfhttp>

And please validate your url.CODE value before using it as anything can be passed in the URL.