Fork me on GitHub

Classic ASP VBScript OAuth

By Scott DeSapio

Follow Scott:

Share this page:

Logged in as: [sign out]

DEMO: Click the "Sign in with Twitter" button below.


What this is:
This page hosts an example of a Generic Classic ASP VBScript OAuth Library in action. The example uses Twitter's OAuth Authentication Flow (Sign-in with Twitter) to illustrate usage. The project in its entirety, with full source code, is available for download here:

    LAST UPDATE: 01.15.14
    GITHUB (OAuth Library Only):


What this is NOT:
Although the Twitter REST API is used, this example project is not so much a "Twitter" example as it is a "VBScript OAuth" example.

This DEMO is also NOT a CSS or JavaScript tutorial. Pay no attention to the CSS and JavaScript. The CSS and Javascript used in the example project would require their own tutorials and exist only to help illustrate the implementation. IGNORE all CSS and JavaScript. NEITHER SHOULD BE CONSIDERED PRODUCTION READY (or remotely production usable for that matter).

What you REALLY want to focus on is the "oauth" folder inside of the example project - specifically the cLibOAuth.asp file.


Quick Start Instructions:
These Quick Start instructions assume you're not interested in the example project and already have a solid grasp on including external libraries. If you're not yet comfortable with including external libraries, skip this Quick Start and follow the example project setup instructions below.

NOTE: Use these instructions only after you've acquired a Consumer Key and Secret provided by your OAuth service provider.

  1. Download the VBScript Example Project.
  2. Extract all of the files into a temp directory.
  3. Copy and paste the "oauth" folder from the Temp directory into the root of your project.
  4. Create a new folder in the root of your project named "OAuthTest"
  5. Create a new file in your OAuthTest folder named "default.asp"
  6. As a starting point, copy and paste the basic code example into your "OAuthTest/default.asp" file.
  7. Replace all of the {TOKENS} with valid values
  8. Browse to http://localhost/{YOUR_PROJECT_NAME}/OAuthTest/default.asp in your browser

Example Project Directory
Although the following example directory structure is used in this example project, the example project itself utilizes quite a few more files. When utilising the VBScript OAuth Lib, your project should AT MINIMUM follow this structure:

  | +-_inc/
    | +-_base.asp
    | +-constants_oauth.asp
    | +-hex_sha1_base64.asp
  | +-cLibOAuth.asp
  | +-cLibOAuth.QS.asp
  | +-cLibOAuth.RequestURL.asp
  | +-cLibOAuth.Utils.asp


Basic Code Flow
The following four steps outline the basic code flow of instantiaing and utilizing the VBScript OAuth Lib:

  1. Instantiate an instance of the cLibOAuth object.
  2. Add proprietary request parameters.
  3. Make the call.
  4. Evaluate the response.

Basic Code Example
By referencing the cLibOAuth.asp files (<!--#include file="../oauth/cLibOAuth.asp"-->) in your project, your code should end up resembling the following. Values surrounded by brackets ({...}) would of course be replaced by proprietary values.

NOTE: The above example should not be taken literally. It is meant only to illustrate basic structure. For actual working examples, check out the project files referenced below.


Example Project Setup Instructions
As noted earlier, although the example project can be regarded as a straight up example of Twitter VBScript OAuth, it is meant only to illustrate core library usage. None of the files existing outside of the "oauth" folder should be considered production ready. Also, please note that this example project was designed as a client example and expects a browser. Server side implementations may require some modifiction to deal with Session state as reported by several users (see comments below).

  1. Log in to your twitter account and register your application. (
  2. Download the example VBScript OAuth project.
  3. Extract the contents of the file to C:\Inetpub\wwwroot\oAuthASPExample
  4. In notepad, open C:\Inetpub\wwwroot\oAuthASPExample\twitter\_config.asp and add your Consumer Key and Secret as provided by twitter.
  5. Edit OAUTH_EXAMPLE_CALLBACK_URL to reflect the path to your callback.asp: ""
  6. Open up your browser and navigate to

Example Project NOTES:


EXAMPLE PROJECT CODE: This is the actual code, used on this page, illustrating the Sign-in with Twitter workflow accompanied by a status update.

1. Acquire "request token"

FILE: authenticate.asp:
DESC: Before doing ANYTHING, we first need to acquire a "request token" from the service provider.

2. Store access tokens.

FILE: callback.asp:
DESC: Upon successful request token acquisition, the service provider will issue a redirect to the client (based on the callback set in "oauth_callback" parameter in step 1) where we can then acquire and store our access tokens and forward to a custom complete page.

3. Execute a status update.

FILE: update_status.asp:
DESC: Now that we've been authorized by the user and authenticated by the service provider, we can freely make calls to protected resources.


Public Properties:

ConsumerKey (Let)
TYPE: String
DESCRIPTION: Your "consumer key" as received from the Service Provider. For instance, after successfully registering your app with twitter, you'll be forward to a page displaying your "consumer key."
USAGE: objOAuth.ConsumerKey = "123456789asdfghjkl"

ConsumerSecret (Let)
TYPE: String
DESCRIPTION: Your "consumer secret" as received from the Service Provider.
USAGE: objOAuth.ConsumerSecret = "123456789asdfghjklzxcvbnm"

EndPoint (Let)
TYPE: String
DESCRIPTION: The URL of the oauth request. (e.g.
USAGE: objOAuth.EndPoint = ""

ErrorCode (Get)
TYPE: Integer
DESCRIPTION: ASP Error code (Err.number) returned on error.
USAGE: Dim strErr : strErr = objOAuth.ErrorCode

Host (Let)
REQUIRED: Varies (required for twitter implementation)
TYPE: String
DESCRIPTION: The "Host" request header value (required for twitter implementation)
USAGE: objOAuth.Host = ""

LoggedIn (Get)
TYPE: Boolean
DESCRIPTION: Convenience property that returns "logged in" state - requires you to save session variables as illustrated in "twitter/callback.asp" in the example project.
USAGE: Dim blnLoggedIn : blnLoggedIn = objOAuth.LoggedIn

Parameters (Set)
TYPE: Object
DESCRIPTION: Dictionary object containing proprietary request query string pairs. For instance, twitter's "statuses/update" method requires a "status" parameter and potentially an "in_reply_to" parameter. You'll add these pairs as parameters (UNENCODED).
USAGE: objOAuth.Parameters.Add key, value

RequestMethod (Let)
REQUIRED: No (Default is POST)
TYPE: String
DESCRIPTION: Request type (e.g. "GET", "POST")
USAGE: objOAuth.RequestMethod = "POST"

ResponseText (Get)
TYPE: String
DESCRIPTION: The proprietary service provider response string. (e.g. twitter will return json string on "statuses/update.json" call - the json is the ResponseText)
USAGE: Dim strResponseText : strResponseText = objOAuth.ResponseText

TimeoutURL (Let)
TYPE: String
DESCRIPTION: Where to direct the user in the case of a timeout. MUST be an ABSOLUTE path (e.g. "http://mySite/Timeout.html")
USAGE: objOAuth.TimeoutURL = ""

UserAgent (Let)
REQUIRED: Varies (required for twitter implementation)
TYPE: String
DESCRIPTION: The "User-Agent" request header value (required for twitter implementation)
USAGE: objOAuth.UserAgent = "Your Twitter App Name"


Public Methods:

PARAMETERS: strParamName (string)
DESCRIPTION: Convenience method used to extract a value from a key=value pair returned by service provider.
RETURNS: strParamValue (string)
USAGE: objOAuth.Get_ResponseValue(strParamName)

DESCRIPTION: Makes the call after all properties have been set.
USAGE: objOAuth.Send()


blog comments powered by Disqus