Classic ASP VBScript OAuth

Logged in as: [sign out]
test tweet

DEMO: Click the "Sign in with Twitter" button below.

---

top

What this is:
This page hosts an example of a Generic Classic ASP VBScript OAuth Library in action. The example uses Twitter's OAuth Authentication Flow (Sign-in with Twitter) to illustrate usage. The project in its entirety, with full source code, is available for download here:

    PATH: http://scottdesapio.com/VBScriptOAuth/oAuthASPExample.zip
    MD5: 335092c3c1d6c2cbd7e141772e0a474f
    RELEASE DATE: 10.12.10
    LAST UPDATE: 12.04.12
    GITHUB (OAuth Library Only): http://github.com/sdesapio/Classic-ASP-VBScript-OAuth

---

top

What this is NOT:
Although the Twitter REST API is used, this example project is not so much a "Twitter" example as it is a "VBScript OAuth" example.

This DEMO is also NOT a CSS or JavaScript tutorial. Pay no attention to the CSS and JavaScript. The CSS and Javascript used in the example project would require their own tutorials and exist only to help illustrate the implementation. IGNORE all CSS and JavaScript. NEITHER SHOULD BE CONSIDERED PRODUCTION READY (or remotely production usable for that matter).

What you REALLY want to focus on is the "oauth" folder inside of the example project - specifically the cLibOAuth.asp file.

---

top

Quick Start Instructions:
These Quick Start instructions assume you're not interested in the example project and already have a solid grasp on including external libraries. If you're not yet comfortable with including external libraries, skip this Quick Start and follow the example project setup instructions below.

NOTE: Use these instructions only after you've acquired a Consumer Key and Secret provided by your OAuth service provider.

1. Download the VBScript Example Project.
2. Extract all of the files into a temp directory.
3. Copy and paste the "oauth" folder from the Temp directory into the root of your project.
4. Create a new folder in the root of your project named "OAuthTest"
5. Create a new file in your OAuthTest folder named "default.asp"
6. As a starting point, copy and paste the basic code example into your "OAuthTest/default.asp" file.
7. Replace all of the {TOKENS} with valid values
8. Browse to http://localhost/{YOUR_PROJECT_NAME}/OAuthTest/default.asp in your browser

Example Project Directory
Although the following example directory structure is used in this example project, the example project itself utilizes quite a few more files. When utilising the VBScript OAuth Lib, your project should AT MINIMUM follow this structure:

+-root/
  +-oauth/
  | +-_inc/
    | +-_base.asp
    | +-constants_oauth.asp
    | +-hex_sha1_base64.asp
  | +-cLibOAuth.asp
  | +-cLibOAuth.QS.asp
  | +-cLibOAuth.RequestURL.asp
  | +-cLibOAuth.Utils.asp
  +-default.asp
				

---

top

Basic Code Flow
The following four steps outline the basic code flow of instantiaing and utilizing the VBScript OAuth Lib:

1. Instantiate an instance of the cLibOAuth object.
2. Add proprietary request parameters.
3. Make the call.
4. Evaluate the response.

Basic Code Example
By referencing the cLibOAuth.asp files (<!--#include file="../oauth/cLibOAuth.asp"-->) in your project, your code should end up resembling the following. Values surrounded by brackets ({...}) would of course be replaced by proprietary values.

<!--#include file="../oauth/cLibOAuth.asp"--> <% ''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''' ' 1. Instantiate an instance of the OAuth object. ''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''' Dim objOAuth : Set objOAuth = New cLibOAuth     objOAuth.ConsumerKey = {YOUR_CONSUMER_KEY}     objOAuth.ConsumerSecret = {YOUR_CONSUMER_SECRET}     objOAuth.EndPoint = {SERVICE_PROVIDER_ENDPOINT_URL}     objOAuth.Host = {YOUR_HOST_HEADER_VALUE} ' required for twitter apps     objOAuth.RequestMethod = OAUTH_REQUEST_METHOD_POST     objOAuth.TimeoutURL = {YOUR_TIMEOUT_URL}     objOAuth.UserAgent = {YOUR_USER-AGENT_HEADER_VALUE} ' required for twitter apps ''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''' ' 2. Add proprietary request parameters. '''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''     objOAuth.Parameters.Add {PARAM_NAME_1}, {PARAM_VALUE_1}     objOAuth.Parameters.Add {PARAM_NAME_2}, {PARAM_VALUE_2} ''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''' ' 3. Make the call. '''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''     objOAuth.Send() ''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''' ' 4. Evaluate the response. ''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''' Dim strResponse : strResponse = _     objOAuth.Get_ResponseValue({RESPONSE_PARAM_NAME}) %>

NOTE: The above example should not be taken literally. It is meant only to illustrate basic structure. For actual working examples, check out the project files referenced below.

---

top

Example Project Setup Instructions
As noted earlier, although the example project can be regarded as a straight up example of Twitter VBScript OAuth, it is meant only to illustrate core library usage. None of the files existing outside of the "oauth" folder should be considered production ready. Also, please note that this example project was designed as a client example and expects a browser. Server side implementations may require some modifiction to deal with Session state as reported by several users (see comments below).

1. Log in to your twitter account and register your application. (http://twitter.com/apps)
2. Download the example VBScript OAuth project.
3. Extract the contents of the file to C:\Inetpub\wwwroot\oAuthASPExample
4. In notepad, open C:\Inetpub\wwwroot\oAuthASPExample\twitter\_config.asp and add your Consumer Key and Secret as provided by twitter.
5. Open up your browser and navigate to http://127.0.0.1/oAuthASPExample/

Example Project NOTES:

• You MUST start the example project from 127.0.0.1 or the callback on authenticate will fail.
• The JUICE is the "oauth" folder. The "oauth" folder contains the generic classes you'll be using in all of your vbscript projects that require OAuth. Every other file in the package is just an "EXAMPLE Project" file and should be considered freely editable and NOT production ready.
• Here's a link to some helpful bookmarks I'd saved while researching OAuth.
• Leave comments below if you run in to any trouble or @sdesapio me.

---

top

EXAMPLE PROJECT CODE: This is the actual code, used on this page, illustrating the Sign-in with Twitter workflow accompanied by a status update.

1. Acquire "request token"

FILE: authenticate.asp:
DESC: Before doing ANYTHING, we first need to acquire a "request token" from the service provider.

<!--#include file="../oauth/cLibOAuth.asp"--> <!--#include file="_config.asp"--> <% ''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''' ' 1. Instantiate an instance of the OAuth object. ''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''' Dim objOAuth : Set objOAuth = New cLibOAuth     objOAuth.ConsumerKey = OAUTH_EXAMPLE_CONSUMER_KEY     objOAuth.ConsumerSecret = OAUTH_EXAMPLE_CONSUMER_SECRET     objOAuth.EndPoint = TWITTER_OAUTH_URL_REQUEST_TOKEN     objOAuth.Host = TWITTER_API_HOST     objOAuth.RequestMethod = OAUTH_REQUEST_METHOD_GET     objOAuth.TimeoutURL = OAUTH_EXAMPLE_TIMEOUT_URL     objOAuth.UserAgent = TWITTER_APP_NAME ''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''' ' 2. Add proprietary request parameters. '''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''     objOAuth.Parameters.Add "oauth_callback", OAUTH_EXAMPLE_CALLBACK_URL ''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''' ' 3. Make the call. '''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''     objOAuth.Send() ''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''' ' 4. Evaluate the response. ''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''' Dim strRequestToken : strRequestToken = objOAuth.Get_ResponseValue(OAUTH_TOKEN) ''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''' ' set the redirect url ''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''' Dim strRedirectURL : If Not IsNull(objOAuth.ErrorCode) Then     ' set redirect to generic error (do specific error handling here)     strRedirectURL = OAUTH_EXAMPLE_ERROR_URL Else     ' store the request token     Session(OAUTH_TOKEN_REQUEST) = strRequestToken     ' set redirect to authenticate     strRedirectURL = TWITTER_OAUTH_URL_AUTHENTICATE & _         "?oauth_token=" & strRequestToken & _         "&force_login=" & LCase(CStr(OAUTH_EXAMPLE_FORCE_LOGIN)) End If ''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''' ' kill obj ref. ''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''' Set objOAuth = Nothing ''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''' ' redirect user ''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''' Response.Redirect strRedirectURL %>

2. Store access tokens.

FILE: callback.asp:
DESC: Upon successful request token acquisition, the service provider will issue a redirect to the client (based on the callback set in "oauth_callback" parameter in step 1) where we can then acquire and store our access tokens and forward to a custom complete page.

<!--#include file="../oauth/cLibOAuth.asp"--> <!--#include file="_config.asp"--> <% ''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''' ' 1. catch the passed in qs param from twitter ''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''' Dim strOAuthVerifier : strOAuthVerifier = Request.QueryString(OAUTH_VERIFIER) ''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''' ' 2. Instantiate an instance of the OAuth object. ''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''' Dim objOAuth : Set objOAuth = New cLibOAuth     objOAuth.ConsumerKey = OAUTH_EXAMPLE_CONSUMER_KEY     objOAuth.ConsumerSecret = OAUTH_EXAMPLE_CONSUMER_SECRET     objOAuth.EndPoint = TWITTER_OAUTH_URL_ACCESS     objOAuth.Host = TWITTER_API_HOST     objOAuth.RequestMethod = OAUTH_REQUEST_METHOD_GET     objOAuth.TimeoutURL = OAUTH_EXAMPLE_TIMEOUT_URL     objOAuth.UserAgent = TWITTER_APP_NAME ''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''' ' 3. Add proprietary request parameters. '''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''     objOAuth.Parameters.Add "oauth_token", Session(OAUTH_TOKEN_REQUEST)     objOAuth.Parameters.Add "oauth_verifier", strOAuthVerifier ''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''' ' 4. Make the call. '''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''     objOAuth.Send() ''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''' ' 5. check for error ''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''' Dim strRedirectURL : If Not IsNull(objOAuth.ErrorCode) Then     ' set redirect to failure handler (do specific error handling here)     strRedirectURL = OAUTH_EXAMPLE_LOGIN_FAILURE_URL Else     ' save session variables     Session(OAUTH_TOKEN) = objOAuth.Get_ResponseValue(OAUTH_TOKEN)     Session(OAUTH_TOKEN_SECRET) = objOAuth.Get_ResponseValue(OAUTH_TOKEN_SECRET)     Session(TWITTER_SCREEN_NAME) = objOAuth.Get_ResponseValue(TWITTER_SCREEN_NAME)     ' set redirect to success handler     strRedirectURL = OAUTH_EXAMPLE_LOGIN_SUCCESS_URL & _         "?" & Session(TWITTER_SCREEN_NAME) End If ''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''' ' kill obj ref ''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''' Set objOAuth = Nothing ''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''' ' redirect user ''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''' Response.Redirect strRedirectURL %>

3. Execute a status update.

FILE: update_status.asp:
DESC: Now that we've been authorized by the user and authenticated by the service provider, we can freely make calls to protected resources.

<!--#include file="../oauth/cLibOAuth.asp"--> <!--#include file="_config.asp"--> <% ''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''' ' 1. Instantiate an instance of the OAuth object. ''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''' Dim objOAuth : Set objOAuth = New cLibOAuth ''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''' ' 2. Check if the user is logged in ''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''' If objOAuth.LoggedIn Then     '''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''     ' 3. grab passed in status parameters     '''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''     Dim strStatus : strStatus = Request.Form("post")     Dim intReplyId : intReplyId = Request.Form("replyId")     Dim strReplyTo : strReplyTo = Request.Form("replyTo")     '''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''     ' 4. Setup the oAuth object     '''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''     objOAuth.ConsumerKey = OAUTH_EXAMPLE_CONSUMER_KEY     objOAuth.ConsumerSecret = OAUTH_EXAMPLE_CONSUMER_SECRET     objOAuth.EndPoint = TWITTER_OAUTH_URL_UPDATE_STATUS     objOAuth.Host = TWITTER_API_HOST     objOAuth.RequestMethod = OAUTH_REQUEST_METHOD_POST     objOAuth.UserAgent = TWITTER_APP_NAME     '''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''     ' 5. Add proprietary "status update" request parameters.     '''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''     objOAuth.Parameters.Add "in_reply_to", strReplyTo     objOAuth.Parameters.Add "in_reply_to_status_id", intReplyID     objOAuth.Parameters.Add "oauth_token", Session(OAUTH_TOKEN)     objOAuth.Parameters.Add "status", strStatus     '''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''     ' 6. Make the call.     '''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''     objOAuth.Send()     '''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''     ' 7. Evaluate the response     '''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''     Dim strResponseText : strResponseText = objOAuth.ResponseText     '''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''     ' 8. Check for error code     '''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''     Dim strErrorCode : strErrorCode = objOAuth.ErrorCode     '''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''     ' 9. Setup response     '''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''     If Not IsNull(strErrorCode) Then         Response.Status = RESPONSE_STATUS_500         Response.Write strErrorCode     Else         Response.ContentType = "text/html"         Response.CharSet = "utf-8"         Response.Write strResponseText     End If Else     ' if not logged in, return forbidden     Response.Status = RESPONSE_STATUS_403 End If ''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''' ' kill object ref. ''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''' Set objOAuth = Nothing %>

---

top

Public Properties:

ConsumerKey (Let)
REQUIRED: Yes
TYPE: String
DESCRIPTION: Your "consumer key" as received from the Service Provider. For instance, after successfully registering your app with twitter, you'll be forward to a page displaying your "consumer key."
USAGE: objOAuth.ConsumerKey = "123456789asdfghjkl"

ConsumerSecret (Let)
REQUIRED: Yes
TYPE: String
DESCRIPTION: Your "consumer secret" as received from the Service Provider.
USAGE: objOAuth.ConsumerSecret = "123456789asdfghjklzxcvbnm"

EndPoint (Let)
REQUIRED: Yes
TYPE: String
DESCRIPTION: The URL of the oauth request. (e.g. http://twitter.com/statuses/update.json)
USAGE: objOAuth.EndPoint = "http://twitter.com/statuses/update.json"

ErrorCode (Get)
REQUIRED: N/A
TYPE: Integer
DESCRIPTION: ASP Error code (Err.number) returned on error.
USAGE: Dim strErr : strErr = objOAuth.ErrorCode

Host (Let)
REQUIRED: Varies (required for twitter implementation)
TYPE: String
DESCRIPTION: The "Host" request header value (required for twitter implementation)
USAGE: objOAuth.Host = "api.twitter.com"

LoggedIn (Get)
REQUIRED: N/A
TYPE: Boolean
DESCRIPTION: Convenience property that returns "logged in" state - requires you to save session variables as illustrated in "twitter/callback.asp" in the example project.
USAGE: Dim blnLoggedIn : blnLoggedIn = objOAuth.LoggedIn

Parameters (Set)
REQUIRED: No
TYPE: Object
DESCRIPTION: Dictionary object containing proprietary request query string pairs. For instance, twitter's "statuses/update" method requires a "status" parameter and potentially an "in_reply_to" parameter. You'll add these pairs as parameters (UNENCODED).
USAGE: objOAuth.Parameters.Add key, value

RequestMethod (Let)
REQUIRED: No (Default is POST)
TYPE: String
DESCRIPTION: Request type (e.g. "GET", "POST")
USAGE: objOAuth.RequestMethod = "POST"

ResponseText (Get)
REQUIRED: N/A
TYPE: String
DESCRIPTION: The proprietary service provider response string. (e.g. twitter will return json string on "statuses/update.json" call - the json is the ResponseText)
USAGE: Dim strResponseText : strResponseText = objOAuth.ResponseText

TimeoutURL (Let)
REQUIRED: No
TYPE: String
DESCRIPTION: Where to direct the user in the case of a timeout. MUST be an ABSOLUTE path (e.g. "http://mySite/Timeout.html")
USAGE: objOAuth.TimeoutURL = "http://www.myOAuthSite.com/Timeout.html"

UserAgent (Let)
REQUIRED: Varies (required for twitter implementation)
TYPE: String
DESCRIPTION: The "User-Agent" request header value (required for twitter implementation)
USAGE: objOAuth.UserAgent = "Your Twitter App Name"

---

top

Public Methods:

Get_ResponseValue(strParamName)
PARAMETERS: strParamName (string)
DESCRIPTION: Convenience method used to extract a value from a key=value pair returned by service provider.
RETURNS: strParamValue (string)
USAGE: objOAuth.Get_ResponseValue(strParamName)

Send()
PARAMETERS: None
DESCRIPTION: Makes the call after all properties have been set.
RETURNS: Void
USAGE: objOAuth.Send()