Classic ASP VBScript OAuth

Try it out:
The demo is no longer active as a Microsoft environment is required and this site is now hosted on Google App Engine. To demo the library, download the example project and follow the instructions below.

top

What this is:
This page hosts an example of a Generic Classic ASP VBScript OAuth Library in action. The example uses Twitter's OAuth Authentication Flow (Sign-in with Twitter) to illustrate usage. The project in its entirety, with full source code, is available for download here:

    PATH: https://www.dropbox.com/s/hnzbg93j2cxx5up/OAuthASPExample.zip?dl=0
    LAST UPDATE: 01.15.14
    GITHUB (OAuth Library Only): http://github.com/sdesapio/Classic-ASP-VBScript-OAuth

top

What this is NOT:
Although the Twitter REST API is used, this example project is not so much a "Twitter" example as it is a "VBScript OAuth" example.

This DEMO is also NOT a CSS or JavaScript tutorial. Pay no attention to the CSS and JavaScript. The CSS and Javascript used in the example project would require their own tutorials and exist only to help illustrate the implementation. IGNORE all CSS and JavaScript. NEITHER SHOULD BE CONSIDERED PRODUCTION READY (or remotely production usable for that matter).

What you REALLY want to focus on is the "oauth" folder inside of the example project - specifically the cLibOAuth.asp file.

top

Quick Start Instructions:
These Quick Start instructions assume you're not interested in the example project and already have a solid grasp on including external libraries. If you're not yet comfortable with including external libraries, skip this Quick Start and follow the example project setup instructions below.

NOTE: Use these instructions only after you've acquired a Consumer Key and Secret provided by your OAuth service provider.

Download the VBScript Example Project.
Extract all of the files into a temp directory.
Copy and paste the "oauth" folder from the Temp directory into the root of your project.
Create a new folder in the root of your project named "OAuthTest"
Create a new file in your OAuthTest folder named "default.asp"
As a starting point, copy and paste the basic code example into your "OAuthTest/default.asp" file.
Replace all of the {TOKENS} with valid values
Browse to http://localhost/{YOUR_PROJECT_NAME}/OAuthTest/default.asp in your browser

Example Project Directory
Although the following example directory structure is used in this example project, the example project itself utilizes quite a few more files. When utilising the VBScript OAuth Lib, your project should AT MINIMUM follow this structure:

top

Basic Code Flow
The following four steps outline the basic code flow of instantiaing and utilizing the VBScript OAuth Lib:

Instantiate an instance of the cLibOAuth object.
Add proprietary request parameters.
Make the call.
Evaluate the response.

Basic Code Example
By referencing the cLibOAuth.asp files () in your project, your code should end up resembling the following. Values surrounded by brackets ({...}) would of course be replaced by proprietary values.

<% ''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''' ' 1. Instantiate an instance of the OAuth object. ''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''' Dim objOAuth : Set objOAuth = New cLibOAuth objOAuth.ConsumerKey = {YOUR_CONSUMER_KEY} objOAuth.ConsumerSecret = {YOUR_CONSUMER_SECRET} objOAuth.EndPoint = {SERVICE_PROVIDER_ENDPOINT_URL} objOAuth.Host = {YOUR_HOST_HEADER_VALUE} ' required for twitter apps objOAuth.RequestMethod = OAUTH_REQUEST_METHOD_POST objOAuth.TimeoutURL = {YOUR_TIMEOUT_URL} objOAuth.UserAgent = {YOUR_USER-AGENT_HEADER_VALUE} ' required for twitter apps ''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''' ' 2. Add proprietary request parameters. ''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''' objOAuth.Parameters.Add {PARAM_NAME_1}, {PARAM_VALUE_1} objOAuth.Parameters.Add {PARAM_NAME_2}, {PARAM_VALUE_2} ''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''' ' 3. Make the call. ''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''' objOAuth.Send() ''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''' ' 4. Evaluate the response. ''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''' Dim strResponse : strResponse = _ objOAuth.Get_ResponseValue({RESPONSE_PARAM_NAME}) %>

NOTE: The above example should not be taken literally. It is meant only to illustrate basic structure. For actual working examples, check out the project files referenced below.

top

Example Project Setup Instructions
As noted earlier, although the example project can be regarded as a straight up example of Twitter VBScript OAuth, it is meant only to illustrate core library usage. None of the files existing outside of the "oauth" folder should be considered production ready. Also, please note that this example project was designed as a client example and expects a browser. Server side implementations may require some modifiction to deal with Session state as reported by several users (see comments below).

Log in to your twitter account and register your application. (http://twitter.com/apps)
Download the example VBScript OAuth project.
Extract the contents of the file to C:\Inetpub\wwwroot\oAuthASPExample
In notepad, open C:\Inetpub\wwwroot\oAuthASPExample\twitter\_config.asp and add your Consumer Key and Secret as provided by twitter.
Edit OAUTH_EXAMPLE_CALLBACK_URL to reflect the path to your callback.asp: "http://127.0.0.1/oAuthASPExample/twitter/callback.asp"
Open up your browser and navigate to http://127.0.0.1/oAuthASPExample/

Example Project NOTES:

You MUST start the example project from 127.0.0.1 or the callback on authenticate will fail.
The JUICE is the "oauth" folder. The "oauth" folder contains the generic classes you'll be using in all of your vbscript projects that require OAuth. Every other file in the package is just an "EXAMPLE Project" file and should be considered freely editable and NOT production ready.
Leave comments below if you run in to any trouble or @sdesapio me.

top

EXAMPLE PROJECT CODE: This is the actual code, used on this page, illustrating the Sign-in with Twitter workflow accompanied by a status update.

1. Acquire "request token"

FILE: authenticate.asp:
DESC: Before doing ANYTHING, we first need to acquire a "request token" from the service provider.

<% ''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''' ' 1. Instantiate an instance of the OAuth object. ''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''' Dim objOAuth : Set objOAuth = New cLibOAuth objOAuth.ConsumerKey = OAUTH_EXAMPLE_CONSUMER_KEY objOAuth.ConsumerSecret = OAUTH_EXAMPLE_CONSUMER_SECRET objOAuth.EndPoint = TWITTER_OAUTH_URL_REQUEST_TOKEN objOAuth.Host = TWITTER_API_HOST objOAuth.RequestMethod = OAUTH_REQUEST_METHOD_GET objOAuth.TimeoutURL = OAUTH_EXAMPLE_TIMEOUT_URL objOAuth.UserAgent = TWITTER_APP_NAME ''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''' ' 2. Add proprietary request parameters. ''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''' objOAuth.Parameters.Add "oauth_callback", OAUTH_EXAMPLE_CALLBACK_URL ''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''' ' 3. Make the call. ''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''' objOAuth.Send() ''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''' ' 4. Evaluate the response. ''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''' Dim strRequestToken : strRequestToken = objOAuth.Get_ResponseValue(OAUTH_TOKEN) ''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''' ' set the redirect url ''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''' Dim strRedirectURL : If Not IsNull(objOAuth.ErrorCode) Then ' set redirect to generic error (do specific error handling here) strRedirectURL = OAUTH_EXAMPLE_ERROR_URL Else ' store the request token Session(OAUTH_TOKEN_REQUEST) = strRequestToken ' set redirect to authenticate strRedirectURL = TWITTER_OAUTH_URL_AUTHENTICATE & _ "?oauth_token=" & strRequestToken & _ "&force_login=" & LCase(CStr(OAUTH_EXAMPLE_FORCE_LOGIN)) End If ''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''' ' kill obj ref. ''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''' Set objOAuth = Nothing ''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''' ' redirect user ''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''' Response.Redirect strRedirectURL %>

2. Store access tokens.

FILE: callback.asp:
DESC: Upon successful request token acquisition, the service provider will issue a redirect to the client (based on the callback set in "oauth_callback" parameter in step 1) where we can then acquire and store our access tokens and forward to a custom complete page.

<% ''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''' ' 1. catch the passed in qs param from twitter ''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''' Dim strOAuthVerifier : strOAuthVerifier = Request.QueryString(OAUTH_VERIFIER) ''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''' ' 2. Instantiate an instance of the OAuth object. ''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''' Dim objOAuth : Set objOAuth = New cLibOAuth objOAuth.ConsumerKey = OAUTH_EXAMPLE_CONSUMER_KEY objOAuth.ConsumerSecret = OAUTH_EXAMPLE_CONSUMER_SECRET objOAuth.EndPoint = TWITTER_OAUTH_URL_ACCESS objOAuth.Host = TWITTER_API_HOST objOAuth.RequestMethod = OAUTH_REQUEST_METHOD_GET objOAuth.TimeoutURL = OAUTH_EXAMPLE_TIMEOUT_URL objOAuth.UserAgent = TWITTER_APP_NAME ''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''' ' 3. Add proprietary request parameters. ''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''' objOAuth.Parameters.Add "oauth_token", Session(OAUTH_TOKEN_REQUEST) objOAuth.Parameters.Add "oauth_verifier", strOAuthVerifier ''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''' ' 4. Make the call. ''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''' objOAuth.Send() ''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''' ' 5. check for error ''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''' Dim strRedirectURL : If Not IsNull(objOAuth.ErrorCode) Then ' set redirect to failure handler (do specific error handling here) strRedirectURL = OAUTH_EXAMPLE_LOGIN_FAILURE_URL Else ' save session variables Session(OAUTH_TOKEN) = objOAuth.Get_ResponseValue(OAUTH_TOKEN) Session(OAUTH_TOKEN_SECRET) = objOAuth.Get_ResponseValue(OAUTH_TOKEN_SECRET) Session(TWITTER_SCREEN_NAME) = objOAuth.Get_ResponseValue(TWITTER_SCREEN_NAME) ' set redirect to success handler strRedirectURL = OAUTH_EXAMPLE_LOGIN_SUCCESS_URL & _ "?" & Session(TWITTER_SCREEN_NAME) End If ''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''' ' kill obj ref ''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''' Set objOAuth = Nothing ''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''' ' redirect user ''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''' Response.Redirect strRedirectURL %>

3. Execute a status update.

FILE: update_status.asp:
DESC: Now that we've been authorized by the user and authenticated by the service provider, we can freely make calls to protected resources.

<% ''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''' ' 1. Instantiate an instance of the OAuth object. ''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''' Dim objOAuth : Set objOAuth = New cLibOAuth ''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''' ' 2. Check if the user is logged in ''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''' If objOAuth.LoggedIn Then ''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''' ' 3. grab passed in status parameters ''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''' Dim strStatus : strStatus = Request.Form("post") Dim intReplyId : intReplyId = Request.Form("replyId") Dim strReplyTo : strReplyTo = Request.Form("replyTo") ''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''' ' 4. Setup the oAuth object ''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''' objOAuth.ConsumerKey = OAUTH_EXAMPLE_CONSUMER_KEY objOAuth.ConsumerSecret = OAUTH_EXAMPLE_CONSUMER_SECRET objOAuth.EndPoint = TWITTER_OAUTH_URL_UPDATE_STATUS objOAuth.Host = TWITTER_API_HOST objOAuth.RequestMethod = OAUTH_REQUEST_METHOD_POST objOAuth.UserAgent = TWITTER_APP_NAME ''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''' ' 5. Add proprietary "status update" request parameters. ''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''' objOAuth.Parameters.Add "in_reply_to", strReplyTo objOAuth.Parameters.Add "in_reply_to_status_id", intReplyID objOAuth.Parameters.Add "oauth_token", Session(OAUTH_TOKEN) objOAuth.Parameters.Add "status", strStatus ''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''' ' 6. Make the call. ''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''' objOAuth.Send() ''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''' ' 7. Evaluate the response ''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''' Dim strResponseText : strResponseText = objOAuth.ResponseText ''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''' ' 8. Check for error code ''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''' Dim strErrorCode : strErrorCode = objOAuth.ErrorCode ''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''' ' 9. Setup response ''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''' If Not IsNull(strErrorCode) Then Response.Status = RESPONSE_STATUS_500 Response.Write strErrorCode Else Response.ContentType = "text/html" Response.CharSet = "utf-8" Response.Write strResponseText End If Else ' if not logged in, return forbidden Response.Status = RESPONSE_STATUS_403 End If ''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''' ' kill object ref. ''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''' Set objOAuth = Nothing %>

top

Public Properties:

ConsumerKey (Let)
REQUIRED: Yes
TYPE: String
DESCRIPTION: Your "consumer key" as received from the Service Provider. For instance, after successfully registering your app with twitter, you'll be forward to a page displaying your "consumer key."
USAGE: objOAuth.ConsumerKey = "123456789asdfghjkl"

ConsumerSecret (Let)
REQUIRED: Yes
TYPE: String
DESCRIPTION: Your "consumer secret" as received from the Service Provider.
USAGE: objOAuth.ConsumerSecret = "123456789asdfghjklzxcvbnm"

EndPoint (Let)
REQUIRED: Yes
TYPE: String
DESCRIPTION: The URL of the oauth request. (e.g. http://twitter.com/statuses/update.json)
USAGE: objOAuth.EndPoint = "http://twitter.com/statuses/update.json"

ErrorCode (Get)
REQUIRED: N/A
TYPE: Integer
DESCRIPTION: ASP Error code (Err.number) returned on error.
USAGE: Dim strErr : strErr = objOAuth.ErrorCode

Host (Let)
REQUIRED: Varies (required for twitter implementation)
TYPE: String
DESCRIPTION: The "Host" request header value (required for twitter implementation)
USAGE: objOAuth.Host = "api.twitter.com"

LoggedIn (Get)
REQUIRED: N/A
TYPE: Boolean
DESCRIPTION: Convenience property that returns "logged in" state - requires you to save session variables as illustrated in "twitter/callback.asp" in the example project.
USAGE: Dim blnLoggedIn : blnLoggedIn = objOAuth.LoggedIn

Parameters (Set)
REQUIRED: No
TYPE: Object
DESCRIPTION: Dictionary object containing proprietary request query string pairs. For instance, twitter's "statuses/update" method requires a "status" parameter and potentially an "in_reply_to" parameter. You'll add these pairs as parameters (UNENCODED).
USAGE: objOAuth.Parameters.Add key, value

RequestMethod (Let)
REQUIRED: No (Default is POST)
TYPE: String
DESCRIPTION: Request type (e.g. "GET", "POST")
USAGE: objOAuth.RequestMethod = "POST"

ResponseText (Get)
REQUIRED: N/A
TYPE: String
DESCRIPTION: The proprietary service provider response string. (e.g. twitter will return json string on "statuses/update.json" call - the json is the ResponseText)
USAGE: Dim strResponseText : strResponseText = objOAuth.ResponseText

TimeoutURL (Let)
REQUIRED: No
TYPE: String
DESCRIPTION: Where to direct the user in the case of a timeout. MUST be an ABSOLUTE path (e.g. "http://mySite/Timeout.html")
USAGE: objOAuth.TimeoutURL = "http://www.myOAuthSite.com/Timeout.html"

UserAgent (Let)
REQUIRED: Varies (required for twitter implementation)
TYPE: String
DESCRIPTION: The "User-Agent" request header value (required for twitter implementation)
USAGE: objOAuth.UserAgent = "Your Twitter App Name"

top

Public Methods:

Get_ResponseValue(strParamName)
PARAMETERS: strParamName (string)
DESCRIPTION: Convenience method used to extract a value from a key=value pair returned by service provider.
RETURNS: strParamValue (string)
USAGE: objOAuth.Get_ResponseValue(strParamName)

Send()
PARAMETERS: None
DESCRIPTION: Makes the call after all properties have been set.
RETURNS: Void
USAGE: objOAuth.Send()

Classic ASP VBScript OAuth

By Scott DeSapio

Try it out

About

Basics

Example Project

Properties & Methods

Feedback

1. Acquire "request token"

2. Store access tokens.

3. Execute a status update.

Public Properties:

Public Methods: