Fork me on GitHub

Classic ASP VBScript OAuth

By Scott DeSapio


Follow Scott:


top

Try it out:
The demo is no longer active as a Microsoft environment is required and this site is now hosted on Google App Engine. To demo the library, download the example project and follow the instructions below.


top

What this is:
This page hosts an example of a Generic Classic ASP VBScript OAuth Library in action. The example uses Twitter's OAuth Authentication Flow (Sign-in with Twitter) to illustrate usage. The project in its entirety, with full source code, is available for download here:

    PATH: https://www.dropbox.com/s/hnzbg93j2cxx5up/OAuthASPExample.zip?dl=0
    LAST UPDATE: 01.15.14
    GITHUB (OAuth Library Only): http://github.com/sdesapio/Classic-ASP-VBScript-OAuth


top

What this is NOT:
Although the Twitter REST API is used, this example project is not so much a "Twitter" example as it is a "VBScript OAuth" example.

This DEMO is also NOT a CSS or JavaScript tutorial. Pay no attention to the CSS and JavaScript. The CSS and Javascript used in the example project would require their own tutorials and exist only to help illustrate the implementation. IGNORE all CSS and JavaScript. NEITHER SHOULD BE CONSIDERED PRODUCTION READY (or remotely production usable for that matter).

What you REALLY want to focus on is the "oauth" folder inside of the example project - specifically the cLibOAuth.asp file.


top

Quick Start Instructions:
These Quick Start instructions assume you're not interested in the example project and already have a solid grasp on including external libraries. If you're not yet comfortable with including external libraries, skip this Quick Start and follow the example project setup instructions below.

NOTE: Use these instructions only after you've acquired a Consumer Key and Secret provided by your OAuth service provider.

  1. Download the VBScript Example Project.
  2. Extract all of the files into a temp directory.
  3. Copy and paste the "oauth" folder from the Temp directory into the root of your project.
  4. Create a new folder in the root of your project named "OAuthTest"
  5. Create a new file in your OAuthTest folder named "default.asp"
  6. As a starting point, copy and paste the basic code example into your "OAuthTest/default.asp" file.
  7. Replace all of the {TOKENS} with valid values
  8. Browse to http://localhost/{YOUR_PROJECT_NAME}/OAuthTest/default.asp in your browser

Example Project Directory
Although the following example directory structure is used in this example project, the example project itself utilizes quite a few more files. When utilising the VBScript OAuth Lib, your project should AT MINIMUM follow this structure:

+-root/
  +-oauth/
  | +-_inc/
    | +-_base.asp
    | +-constants_oauth.asp
    | +-hex_sha1_base64.asp
  | +-cLibOAuth.asp
  | +-cLibOAuth.QS.asp
  | +-cLibOAuth.RequestURL.asp
  | +-cLibOAuth.Utils.asp
  +-default.asp


top

Basic Code Flow
The following four steps outline the basic code flow of instantiaing and utilizing the VBScript OAuth Lib:

  1. Instantiate an instance of the cLibOAuth object.
  2. Add proprietary request parameters.
  3. Make the call.
  4. Evaluate the response.

Basic Code Example
By referencing the cLibOAuth.asp files (<!--#include file="../oauth/cLibOAuth.asp"-->) in your project, your code should end up resembling the following. Values surrounded by brackets ({...}) would of course be replaced by proprietary values.

<!--#include file="../oauth/cLibOAuth.asp"-->
<%
'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
' 1. Instantiate an instance of the OAuth object.
'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
Dim objOAuth : Set objOAuth = New cLibOAuth
    objOAuth.ConsumerKey = {YOUR_CONSUMER_KEY}
    objOAuth.ConsumerSecret = {YOUR_CONSUMER_SECRET}
    objOAuth.EndPoint = {SERVICE_PROVIDER_ENDPOINT_URL}
    objOAuth.Host = {YOUR_HOST_HEADER_VALUE} ' required for twitter apps
    objOAuth.RequestMethod = OAUTH_REQUEST_METHOD_POST
    objOAuth.TimeoutURL = {YOUR_TIMEOUT_URL}
    objOAuth.UserAgent = {YOUR_USER-AGENT_HEADER_VALUE} ' required for twitter apps


'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
' 2. Add proprietary request parameters.
'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
    objOAuth.Parameters.Add {PARAM_NAME_1}, {PARAM_VALUE_1}
    objOAuth.Parameters.Add {PARAM_NAME_2}, {PARAM_VALUE_2}

'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
' 3. Make the call.
'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
    objOAuth.Send()

'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
' 4. Evaluate the response.
'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
Dim strResponse : strResponse = _
    objOAuth.Get_ResponseValue({RESPONSE_PARAM_NAME})
%>

NOTE: The above example should not be taken literally. It is meant only to illustrate basic structure. For actual working examples, check out the project files referenced below.


top

Example Project Setup Instructions
As noted earlier, although the example project can be regarded as a straight up example of Twitter VBScript OAuth, it is meant only to illustrate core library usage. None of the files existing outside of the "oauth" folder should be considered production ready. Also, please note that this example project was designed as a client example and expects a browser. Server side implementations may require some modifiction to deal with Session state as reported by several users (see comments below).

  1. Log in to your twitter account and register your application. (http://twitter.com/apps)
  2. Download the example VBScript OAuth project.
  3. Extract the contents of the file to C:\Inetpub\wwwroot\oAuthASPExample
  4. In notepad, open C:\Inetpub\wwwroot\oAuthASPExample\twitter\_config.asp and add your Consumer Key and Secret as provided by twitter.
  5. Edit OAUTH_EXAMPLE_CALLBACK_URL to reflect the path to your callback.asp: "http://127.0.0.1/oAuthASPExample/twitter/callback.asp"
  6. Open up your browser and navigate to http://127.0.0.1/oAuthASPExample/

Example Project NOTES:


top

EXAMPLE PROJECT CODE: This is the actual code, used on this page, illustrating the Sign-in with Twitter workflow accompanied by a status update.

1. Acquire "request token"

FILE: authenticate.asp:
DESC: Before doing ANYTHING, we first need to acquire a "request token" from the service provider.

<!--#include file="../oauth/cLibOAuth.asp"-->
<!--#include file="_config.asp"-->
<%

'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
' 1. Instantiate an instance of the OAuth object.
'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
Dim objOAuth : Set objOAuth = New cLibOAuth
    objOAuth.ConsumerKey = OAUTH_EXAMPLE_CONSUMER_KEY
    objOAuth.ConsumerSecret = OAUTH_EXAMPLE_CONSUMER_SECRET
    objOAuth.EndPoint = TWITTER_OAUTH_URL_REQUEST_TOKEN
    objOAuth.Host = TWITTER_API_HOST
    objOAuth.RequestMethod = OAUTH_REQUEST_METHOD_GET
    objOAuth.TimeoutURL = OAUTH_EXAMPLE_TIMEOUT_URL
    objOAuth.UserAgent = TWITTER_APP_NAME

'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
' 2. Add proprietary request parameters.
'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
    objOAuth.Parameters.Add "oauth_callback", OAUTH_EXAMPLE_CALLBACK_URL

'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
' 3. Make the call.
'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
    objOAuth.Send()

'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
' 4. Evaluate the response.
'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
Dim strRequestToken : strRequestToken = objOAuth.Get_ResponseValue(OAUTH_TOKEN)

'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
' set the redirect url
'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
Dim strRedirectURL : If Not IsNull(objOAuth.ErrorCode) Then
    ' set redirect to generic error (do specific error handling here)
    strRedirectURL = OAUTH_EXAMPLE_ERROR_URL
Else
    ' store the request token
    Session(OAUTH_TOKEN_REQUEST) = strRequestToken

    ' set redirect to authenticate
    strRedirectURL = TWITTER_OAUTH_URL_AUTHENTICATE & _
        "?oauth_token=" & strRequestToken & _
        "&force_login=" & LCase(CStr(OAUTH_EXAMPLE_FORCE_LOGIN))
End If

'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
' kill obj ref.
'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
Set objOAuth = Nothing

'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
' redirect user
'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
Response.Redirect strRedirectURL
%>

2. Store access tokens.

FILE: callback.asp:
DESC: Upon successful request token acquisition, the service provider will issue a redirect to the client (based on the callback set in "oauth_callback" parameter in step 1) where we can then acquire and store our access tokens and forward to a custom complete page.

<!--#include file="../oauth/cLibOAuth.asp"-->
<!--#include file="_config.asp"-->
<%

'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
' 1. catch the passed in qs param from twitter
'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
Dim strOAuthVerifier : strOAuthVerifier = Request.QueryString(OAUTH_VERIFIER)

'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
' 2. Instantiate an instance of the OAuth object.
'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
Dim objOAuth : Set objOAuth = New cLibOAuth
    objOAuth.ConsumerKey = OAUTH_EXAMPLE_CONSUMER_KEY
    objOAuth.ConsumerSecret = OAUTH_EXAMPLE_CONSUMER_SECRET
    objOAuth.EndPoint = TWITTER_OAUTH_URL_ACCESS
    objOAuth.Host = TWITTER_API_HOST
    objOAuth.RequestMethod = OAUTH_REQUEST_METHOD_GET
    objOAuth.TimeoutURL = OAUTH_EXAMPLE_TIMEOUT_URL
    objOAuth.UserAgent = TWITTER_APP_NAME

'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
' 3. Add proprietary request parameters.
'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
    objOAuth.Parameters.Add "oauth_token", Session(OAUTH_TOKEN_REQUEST)
    objOAuth.Parameters.Add "oauth_verifier", strOAuthVerifier

'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
' 4. Make the call.
'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
    objOAuth.Send()

'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
' 5. check for error
'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
Dim strRedirectURL : If Not IsNull(objOAuth.ErrorCode) Then
    ' set redirect to failure handler (do specific error handling here)
    strRedirectURL = OAUTH_EXAMPLE_LOGIN_FAILURE_URL
Else
    ' save session variables
    Session(OAUTH_TOKEN) = objOAuth.Get_ResponseValue(OAUTH_TOKEN)
    Session(OAUTH_TOKEN_SECRET) = objOAuth.Get_ResponseValue(OAUTH_TOKEN_SECRET)
    Session(TWITTER_SCREEN_NAME) = objOAuth.Get_ResponseValue(TWITTER_SCREEN_NAME)

    ' set redirect to success handler
    strRedirectURL = OAUTH_EXAMPLE_LOGIN_SUCCESS_URL & _
        "?" & Session(TWITTER_SCREEN_NAME)
End If

'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
' kill obj ref
'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
Set objOAuth = Nothing

'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
' redirect user
'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
Response.Redirect strRedirectURL
%>

3. Execute a status update.

FILE: update_status.asp:
DESC: Now that we've been authorized by the user and authenticated by the service provider, we can freely make calls to protected resources.

<!--#include file="../oauth/cLibOAuth.asp"-->
<!--#include file="_config.asp"-->
<%

'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
' 1. Instantiate an instance of the OAuth object.
'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
Dim objOAuth : Set objOAuth = New cLibOAuth

'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
' 2. Check if the user is logged in
'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
If objOAuth.LoggedIn Then

    '''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
    ' 3. grab passed in status parameters
    '''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
    Dim strStatus : strStatus = Request.Form("post")
    Dim intReplyId : intReplyId = Request.Form("replyId")
    Dim strReplyTo : strReplyTo = Request.Form("replyTo")

    '''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
    ' 4. Setup the oAuth object
    '''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
    objOAuth.ConsumerKey = OAUTH_EXAMPLE_CONSUMER_KEY
    objOAuth.ConsumerSecret = OAUTH_EXAMPLE_CONSUMER_SECRET
    objOAuth.EndPoint = TWITTER_OAUTH_URL_UPDATE_STATUS
    objOAuth.Host = TWITTER_API_HOST
    objOAuth.RequestMethod = OAUTH_REQUEST_METHOD_POST
    objOAuth.UserAgent = TWITTER_APP_NAME

    '''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
    ' 5. Add proprietary "status update" request parameters.
    '''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
    objOAuth.Parameters.Add "in_reply_to", strReplyTo
    objOAuth.Parameters.Add "in_reply_to_status_id", intReplyID
    objOAuth.Parameters.Add "oauth_token", Session(OAUTH_TOKEN)
    objOAuth.Parameters.Add "status", strStatus

    '''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
    ' 6. Make the call.
    '''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
    objOAuth.Send()

    '''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
    ' 7. Evaluate the response
    '''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
    Dim strResponseText : strResponseText = objOAuth.ResponseText

    '''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
    ' 8. Check for error code
    '''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
    Dim strErrorCode : strErrorCode = objOAuth.ErrorCode

    '''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
    ' 9. Setup response
    '''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
    If Not IsNull(strErrorCode) Then
        Response.Status = RESPONSE_STATUS_500
        Response.Write strErrorCode
    Else
        Response.ContentType = "text/html"
        Response.CharSet = "utf-8"
        Response.Write strResponseText
    End If

Else
    ' if not logged in, return forbidden
    Response.Status = RESPONSE_STATUS_403
End If

'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
' kill object ref.
'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
Set objOAuth = Nothing
%>


top

Public Properties:

ConsumerKey (Let)
REQUIRED: Yes
TYPE: String
DESCRIPTION: Your "consumer key" as received from the Service Provider. For instance, after successfully registering your app with twitter, you'll be forward to a page displaying your "consumer key."
USAGE: objOAuth.ConsumerKey = "123456789asdfghjkl"

ConsumerSecret (Let)
REQUIRED: Yes
TYPE: String
DESCRIPTION: Your "consumer secret" as received from the Service Provider.
USAGE: objOAuth.ConsumerSecret = "123456789asdfghjklzxcvbnm"

EndPoint (Let)
REQUIRED: Yes
TYPE: String
DESCRIPTION: The URL of the oauth request. (e.g. http://twitter.com/statuses/update.json)
USAGE: objOAuth.EndPoint = "http://twitter.com/statuses/update.json"

ErrorCode (Get)
REQUIRED: N/A
TYPE: Integer
DESCRIPTION: ASP Error code (Err.number) returned on error.
USAGE: Dim strErr : strErr = objOAuth.ErrorCode

Host (Let)
REQUIRED: Varies (required for twitter implementation)
TYPE: String
DESCRIPTION: The "Host" request header value (required for twitter implementation)
USAGE: objOAuth.Host = "api.twitter.com"

LoggedIn (Get)
REQUIRED: N/A
TYPE: Boolean
DESCRIPTION: Convenience property that returns "logged in" state - requires you to save session variables as illustrated in "twitter/callback.asp" in the example project.
USAGE: Dim blnLoggedIn : blnLoggedIn = objOAuth.LoggedIn

Parameters (Set)
REQUIRED: No
TYPE: Object
DESCRIPTION: Dictionary object containing proprietary request query string pairs. For instance, twitter's "statuses/update" method requires a "status" parameter and potentially an "in_reply_to" parameter. You'll add these pairs as parameters (UNENCODED).
USAGE: objOAuth.Parameters.Add key, value

RequestMethod (Let)
REQUIRED: No (Default is POST)
TYPE: String
DESCRIPTION: Request type (e.g. "GET", "POST")
USAGE: objOAuth.RequestMethod = "POST"

ResponseText (Get)
REQUIRED: N/A
TYPE: String
DESCRIPTION: The proprietary service provider response string. (e.g. twitter will return json string on "statuses/update.json" call - the json is the ResponseText)
USAGE: Dim strResponseText : strResponseText = objOAuth.ResponseText

TimeoutURL (Let)
REQUIRED: No
TYPE: String
DESCRIPTION: Where to direct the user in the case of a timeout. MUST be an ABSOLUTE path (e.g. "http://mySite/Timeout.html")
USAGE: objOAuth.TimeoutURL = "http://www.myOAuthSite.com/Timeout.html"

UserAgent (Let)
REQUIRED: Varies (required for twitter implementation)
TYPE: String
DESCRIPTION: The "User-Agent" request header value (required for twitter implementation)
USAGE: objOAuth.UserAgent = "Your Twitter App Name"


top

Public Methods:

Get_ResponseValue(strParamName)
PARAMETERS: strParamName (string)
DESCRIPTION: Convenience method used to extract a value from a key=value pair returned by service provider.
RETURNS: strParamValue (string)
USAGE: objOAuth.Get_ResponseValue(strParamName)

Send()
PARAMETERS: None
DESCRIPTION: Makes the call after all properties have been set.
RETURNS: Void
USAGE: objOAuth.Send()


top