Facebook OAuth2 for Classic ASP – Step 1

This is a series of two posts to demonstrate implementing OAuth2 Authorization for Facebook in Classic ASP.
(Also see: Facebook OAuth2 for Classic ASP – Step 2)

The 1st step is to redirect to the Facebook Login Dialog where the Facebook account owner can grant access to the application.  Facebook will then return a response that redirects to your ASP page that implements Step 2.

Here is the ASP for Step 1:

AuthorizationEndpoint = "https://www.facebook.com/dialog/oauth"
TokenEndpoint = "https://graph.facebook.com/oauth/access_token"

' Replace these with actual values.

' Set the Scope to a comma-separated list of permissions the app wishes to request.
' See https://developers.facebook.com/docs/facebook-login/permissions/ for a full list of permissions.
Scope = "public_profile,user_friends,email,user_posts,user_likes,user_photos,publish_actions"

' (State) Chilkat typically uses a 32 random bytes in base64url form.
' However, it can be anything (and any length), and doesn't need to be base64url encoded.
' For this example, I typed some random chars here:
State = "dkrh345y3895hyrtyowiurh3948rhteuirth"

' I'm using ngrok to callback to my web server running on localhost..
'RedirectUri = Server.URLEncode("https://www.your-website.com/fb_finishOAuth2.asp")
RedirectUri = Server.URLEncode("https://abca3bde.ngrok.io/fb_finishOAuth2.asp")

FbAuthUrl = AuthorizationEndpoint & "?response_type=code&scope=" & Scope & "&redirect_uri=" & RedirectUri & "&client_id=" & AppId & "&state=" & State

' Let's save our random state in a session variable.
Session("oauth2_state") = State

Response.Redirect FbAuthUrl

' Note: When I first used ngrok.io, I got the following error from Facebook:
'     Can't Load URL: The domain of this URL isn't included in the app's domains. 
'     To be able to load this URL, add all domains and subdomains of your app to the App Domains field in your app settings.
' To fix, I temporarily changed my Facebook App's Site Url to https://abca3bde.ngrok.io/,
' and then added "abca3bde.ngrok.io" to the list of App Domains.

C# Streaming Decompression Example (from System.IO.Stream –> System.IO.Stream)

// Streaming decompression from System.IO.Stream --> System.IO.Stream

// In this example, the source and sink streams are files.
// However, they can be any type of System.IO.Stream, such as a System.Net.Sockets.NetworkStream
System.IO.FileStream fsSource = File.OpenRead("qa_data/image.compressed");
Chilkat.StreamConnector scSource = new Chilkat.StreamConnector();

System.IO.FileStream fsSink = File.OpenWrite("qa_data/image.bmp");
Chilkat.StreamConnector scSink = new Chilkat.StreamConnector();

Chilkat.Compression compress = new Chilkat.Compression();
compress.Algorithm = "deflate";

// Create a Chilkat.Stream object, and set the source/sink to the System.IO.Stream objects.
Chilkat.Stream stream = new Chilkat.Stream();
scSource.SetAsSource(fsSource, stream);
scSink.SetAsSink(fsSink, stream);

// Do the streaming decompress -- reading from fsSource and writing to fsSink
bool success = compress.DecompressStream(stream);

v9.5.0.65 Release Notes

  • SshTunnel – Significantly improved the background tunnel management threads.
  • JsonArray.TypeAt – Discovered that this method erroneously always returns the value 4.  This is fixed.
  • JsonObject – Added new methods: UpdateNumber, UpdateNull
  • Bug Fix: .NET Async Methods that pass in Byte Arrays  There was a memory leak specific to async .NET methods that pass in byte arrays.  See Byte Array Memory Not Freed for .NET Async Methods
  • Socket: Added new methods: SendBd, SendSb, ReceiveBd, ReceiveBdN, and ReceiveSb.  These are for sending/receiving directly from/to BinData and StringBuilder objects.
  • JsonObject: Added new methods: UpdateNull and UpdateNumber.
  • StringBuilder: Added AppendLine method.
  • FTP2:   Fixed: The following FTP2 methods returned the current date/time instead of NULL for failure:  GetLastAccessDtByName, GetLastModDtByName, GetCreateDtByName, GetLastAccessDt, GetLastModDt, GetCreateDt.  The methods now correctly return NULL (i.e. 0, null, Nothing, etc.)
  • MailMan: Fixed the GetHeaders method.  The fromIndex and toIndex arguments are inclusive.  For example, if getting headers for emails 1 to 10, then 11 emails should be returned (assuming the mailbox has at least 11 emails).  The fix had to do with the case when the fromIndex = 0.  If fetching emails 0 to 2, then only 2 emails were returned.  This is now fixed.  Fetching 0 to 2 should return 3 emails.
  • Crypt2 (PBES2) — When setting the CryptAlgorithm = “PBES2”, Chilkat was doing PBES1 encryption.  This problem started sometime after v9.5.0.45.  This is now fixed.
  • Added the CkDateTime.DiffSeconds to get the difference in seconds between two CkDateTime objects.
  • Fixed auto-create issue in JsonObject.UpdateString, UpdateInt, etc. for array paths that end in a primitive.  For example the following C++ code
    CkJsonObject json;
    std::cout << json.emit() << "\r\n";

Now correctly produces:

  "cc_emails": [
  • Turned on TCP_NODELAY socket option for HTTP.  See http://www.chilkatforum.com/questions/11570/http-is-slow
  • Updated C++ headers to avoid QT’s “emit” macro.  QT defines the word “emit” as a macro, and Chilkat’s JsonObject and JsonArray classes both have an “emit” function.  QT’s macro definition causes compile failures for any C++ source that uses any variable, function, etc. named “emit”.    To avoid the macro definition, Chilkat does the following:
#if defined(QT_VERSION)
#pragma push_macro("emit")
#undef emit
const char *emit(void);
#pragma pop_macro("emit")
const char *emit(void);
  • Added the “eda” encoding for UN/EDIFACT Syntax Level A.  See https://www.example-code.com/csharp/edifact_eda_syntax_level_A_encoding.asp. Also see: http://cknotes.com/chilkat-binary-encoding-list/
  • Added new methods to CkDateTime:  AddSeconds, GetAsUnixTimeStr, GetAsIso8601.
  • Added the AuthAzureSAS class.  (For Shared Access Signature authorization)
  • Added the Rest.SetAuthAzureSas method.  (For Shared Access Signature authorization)
  • Fixed Rest.AddQueryParams  (note that this is the plural:  AddQueryParams method, not AddQueryParam).   If values in the param string were URL encoded, the AddQueryParams did not properly URL decode each value.  This would result in query params being doubly URL encoded when the actual request was sent.
  • Added Crypt.BcryptWorkFactor, BCryptHash, and BCryptVerify to support BCrypt password hashing and verification.
  • Fixed an Android issue w/ IMAP ProgressInfo callbacks.  The problem only occurred when a ProgressInfo callback happened for Login where the username includes a non-usascii char, such as one with an umlaut.
  • Socket.TlsRenegotiate — fixed a problem that occurred under certain conditions when the SslAllowedCiphers property is set to restrict TLS cipher suite choices.
  • Ftp2 – Fixed problem with “Unix Cway” servers where 0-byte files were getting downloaded (instead of the full file).  This was caused because the FTP server inaccurately reports that the file is “0 bytes” in the intermediate reply to the RETR command.  Chilkat now ignores what this particular server says.
  • (Email) Fixed: An incoming email’s header specifies the sender as this:From: "FAXG3/+5554555920"@faxsrv.intraThe email is loaded into a CkEmail object using the C++ edition of Chilkat.Problem is, the CkEmail.get_FromAddress() method returns @faxsrv.intra as the email address instead of FAXG3/+5554555920@faxsrv.intra
  • ActiveX LastStringResultLen property incorrectly returned the size of the string in bytes (utf-16) rather than in number of characters. This is fixed to return the number of characters.  (Note: this is a property that only exists in ActiveX classes, and is only useful for certain programming languages such as SQL Server to help programs determine if temp tables are required..)
  • SSH – Added the following methods: QuickShell, QuickCommand, QuickCmdSend, and QuickCmdCheck.   These methods help simplify executing remote commands running shell sessions.



Running VBScript 32-bit or 64-bit

When running a VBScript, on a 64-bit Windows system it is possible to run either as a 32-bit process, or a 64-bit process. If running 32-bit, then you need the 32-bit ActiveX. If running 64-bit, then you need the 64-bit ActiveX.

To run a 32-bit VBScript on a 64-bit system, you do this:

REM This is the 32-bit cscript.
C:\windows\sysWOW64\cscript jsonTest.vbs

To run a 64-bit VBScript, you do this:

REM This is the 64-bit cscript.
C:\windows\system32\cscript jsonTest.vbs

or simply this:

cscript jsonTest.vbs

If you double-click on the .vbs to run it from Windows Explorer, then you’ll be running as a 64-bit process. The default, unless you took care to explicitly run as 32-bit by invoking the cscript.exe under sysWOW64, is that you’ll be running as a 64-bit process, and in that case you’ll need the 64-bit Chilkat ActiveX registered on your system.

v9.5.0.64 Release Notes

Starting now, Chilkat is going to log the changes, fixes, and new features for the next release as the work is completed.  Pre-release  builds can be requested for most programming languages and operating systems.  Many builds are quick and easy to provide: .NET, ActiveX, C++, Java, Perl, Python, PHP, and others.  Some however, are time-consuming and a request for one of the following builds may take as many as several days: WinRT, Node.js, Mono, Xojo, PureBasic, and .NET Core.    Send email to support@chilkatsoft.com if a pre-release build is desired.

(Chilkat is currently working on implementing Xero API examples, and many of the new features are related to making life easier to implement these examples.  The new features are general and apply to any programming task. )

v9.5.0.64 Updates

  • Modified the ActiveX DLLs to automatically do per-user ActiveX registration if administrative privileges are not available.  This will allow non-administrators to register the ActiveX.  However, when per-user registration happens, other user accounts on the same Windows computer will not find the ActiveX registered.  Therefore, to properly register the ActiveX for ASP, a Windows Service, or for a SQL Server database, the ActiveX would still need to be registered with admin privileges.
  • .NET ToString Method:  Chilkat avoids naming any of its methods “ToString”, because all .NET objects by default have a ToString method.  Chilkat v9.5.0.64 now automatically implements ToString for all classes in the Chilkat .NET API (although it won’t be publicly documented).  (This does not yet apply to the Mono, .NET Core, or WinRT Chilkat API.)   The ToString method maps to the already-existing Chilkat method that makes most sense.  (For example, Chilkat.Xml.ToString returns the same as Chilkat.Xml.GetXml.)   For objects where it makes no sense to have a ToString method, then ToString returns an empty string.
  • Added a number of methods and properties to the Chilkat.Xml API.  These new methods are related to the “path” and I,J,K techniques that were found to be so handy w/ the Chilkat JSON API.  (These new methods will be heavily used in the Xero examples, because Xero requests and responses are in XML, and these new features greatly simplify the coding.)  The new methods/properties are:
    • EmitCompact (property)
    • I, J, K (properties)
    • UpdateAt
    • UpdateAttrAt
    • NumChildrenAt

    The following methods are updated to accept either a tag or “tag path”:

    • NewChild2
    • NewChildInt2
    • GetChildContent
    • GetChildIntValue
    • GetChildBoolValue
    • many other methods are updated.  These methods will be noted in the reference documentation.  The 1st argument will be named “tagPath”, and a note in the documentation will indicate that the 1st arg can be either a tag or tagPath, and that support for tag paths began in v9.5.0.64
  • The Xml.ChilkatPath method was updated to allow for “[i]”, “[j]”, and “[k]” to be used in path strings.  When used, each is substituted with the current value of the I, J, and K properties.
  • Added the Http.QuickGetSb method.
  • Added the Imap.MoveMessages method (to move email messages from one mailbox to another on the same IMAP server in the same session).  Requires the IMAP server to support the MOVE extension.  (Most IMAP servers support the MOVE extension.)
  • Fixed: The Task.Cancel method was not working in the ActiveX.
  • Fixed: The Global.FinalizeThreadPool method will now cancel any asynchronous methods that are still running and causes all async background threads to exit.  There are certain problems that can happen if the main thread of a program exits while background threads remain running:
    • If the program is a VBScript, then I’ve found that AVG Anti-Virus will alert the user of a General Behavioral Threat. Making sure that all async method calls have finished, and that all thread pool threads have exited, should prevent this problem.
    • If running a VB6 program from the IDE, the IDE will hang on program exit until all threads have exited.
    • It is likely that existing the main UI thread while background threads remain will cause problems in many other programming environments.
  • Modified: The Global.FinalizeThreadPool method returns the software to the pristine initial state — where no background threads are running, and the thread pool thread is not yet started.  Previously, after FinalizeThreadPool was called, it was not possible to continue using asynchronous Chilkat methods (without restarting the application).  Now the FinalizeThreadPool method returns the application to the initial pristine state.  A subsequent asynchronous method call will cause the thread pool thread to automatically restart, and everything proceeds as usual.   (This is needed for cases where the ActiveX is used in debugging sessions within an IDE, because the ActiveX DLL is not loaded/unloaded between each debug run.)
  • OAuth1 — Added the SetRsaKey method and now supports “RSA-SHA1” and “RSA-SHA2”.
  • Rest — Added the ClearAllParts method.  This is needed if a new REST request is to be sent just after sending a multipart request.
  • FileAccess — Added methods: FileReadBd, FileWriteBd, GetFileName, GetDirectoryName, GetExtension, GetFileNameWithoutExtension
  • JsonArray — Added the Load and LoadSb methods.  Added the EmitCompact and EmitCrlf properties.  A JsonArray object can now be created by an application and loaded directly with a JSON array string, such as “[ 1, 2, 3, 4]”.



v9.5.0.63 Release Notes

Version is a new version that almost immediately follows v9.5.0.62.   It will only be released for a few programming languages (ActiveX, .NET, Delphi, and Excel).   Chilkat will provide this release in other programming languages / operating system upon request.

The reason for releasing is that Chilkat wishes to create Quickbooks REST API examples, and it was discovered that the Quickbooks server-side is unable to consume HTTP requests that use MIME header folding.  Therefore, Chilkat added an AllowHeaderFolding property to both the Http and Rest classes.

There were a few other very minor fixes / additions:

  • Added the Email.AddAttachmentBd method.
  • Added the Http.DownloadBd and http.DownloadSb methods.  (See the previous release notes for information about “Bd” and “Sb” methdos: http://cknotes.com/v9-5-0-62-release-notes/ )
  • Made the Http.RequireSslCertVerify method more flexible in handling out-of-order certs from a web server.  See http://www.chilkatforum.com/questions/11402/certificate-order-issue-enhancement

v9.5.0.62 Release Notes

  • Added StringTable class.  The StringTable class differs from the StringArray class in that it’s intended to hold a table of strings that is mostly read-only.  The internal storage of all the strings is in a single contiguous block of memory for efficient (minimized) memory storage.
  • Expanded the BinData class by adding new methods and making it available in all programming languages.
  • Expanded the StringBuilder class by adding many more methods.
  • Note: BinData and StringBuilder are consistently the same across all programming languages, whereas CkString and CkByteData are not.   CkString and CkByteData will continue to be used in future versions, are still an integral part of Chilkat, and are NOT deprecated.
  • Note: One use of BinData and StringBuilder is in use of new methods ending in “Sb” and “Bd”.  These methods are for returning or passing text or binary data, especially large amounts of text or data.  For example, imagine one Chilkat method is used to retrieve a large amount of data, and then that data is passed to another Chilkat method.  A large waste of time and memory is consumed in returning the string (or binary bytes) to the programming language, and then immediately passing it back to Chilkat.  If it is .NET, then the data must be marshaled from unmanaged to managed, and then, to pass back to Chilkat it is marshaled from managed to unmanaged.  The same applies when using the ActiveX (with BSTR’s and Variants).  By retrieving results directly into a BinData or StringBuilder, and then passing the data by passing the object, the data stays on the native side.  For example, the new Rest.ReadRespSb method reads the REST response directly in to a StringBuilder.  If it is JSON, this can be loaded directly into a JsonObject via the JsonObject.LoadSb.  In the future, new “Sb” and “Bd” methods will be added in places where large amounts of data are likely to be encountered.  This will create pathways allowing data to stay native as much as possible.

    Version adds the following initial set of Sb/Bd methods:





  • SshTunnel – Now automatically keeps the SSH connection alive during idle times by sending IGNORE messages every 20 seconds (when idle).
  • The 32-bit .NET VS2015 build now uses the /LARGEADDRESSAWARE linker option.  (See /LARGEADDRESSAWARE)
  • Minor CSV fix where the last line in a CSV file was inadvertently being trimmed of whitespace on both ends.
  • Added the Global.UnlockStatus property to allow applications to programmatically know if the UnlockBundle (or UnlockComponent) method call succeeded because of the 30-day trial or a recognized/purchased unlock code.
  • Rest – allows Basic authentication for non-secure connections to localhost.  Normally, Chilkat disallows the Basic authentication method if the connection is not TLS.  There is one exception now, and that is for connections to localhost.