I found the answer: key was to use cfhttpparam type 'body'. As per livedocs "body: specifies the body of the HTTP request. ColdFusion does not automatically set a content-type header or URL encode the body contents. To specify the content-type, use a separate cfhttp tag with type=header. "
Below code is returning me access token now :)
<cfset client_id = "458381219741.apps.googleusercontent.com">
<cfset client_secret = "**********">
<cfset callback = "http://console.mbwebportal.com/oauth2callback">
<cfset postBody = "code=" & UrlEncodedFormat(url.code) & "&">
<cfset postBody = postBody & "client_id=" & UrlEncodedFormat(client_id) & "&">
<cfset postBody = postBody & "client_secret=" & UrlEncodedFormat(client_secret) & "&">
<cfset postBody = postBody & "redirect_uri=" & UrlEncodedFormat(callback) & "&">
<cfset postBody = postBody & "grant_type=authorization_code">
<cfhttp method="post" url="https://accounts.google.com/o/oauth2/token">
<cfhttpparam name="Content-Type" type="header" value="application/x-www-form-urlencoded">
<cfhttpparam type="body" value="#postBody#">
</cfhttp>