This is a series of two posts to demonstrate implementing OAuth2 Authorization for Facebook in Classic ASP.
(Also see: Facebook OAuth2 for Classic ASP – Step 2)
The 1st step is to redirect to the Facebook Login Dialog where the Facebook account owner can grant access to the application. Facebook will then return a response that redirects to your ASP page that implements Step 2.
Here is the ASP for Step 1:
AuthorizationEndpoint = "https://www.facebook.com/dialog/oauth"
TokenEndpoint = "https://graph.facebook.com/oauth/access_token"
' Replace these with actual values.
AppId = "FACEBOOK-APP-ID"
AppSecret = "FACEBOOK-APP-SECRET"
' Set the Scope to a comma-separated list of permissions the app wishes to request.
' See https://developers.facebook.com/docs/facebook-login/permissions/ for a full list of permissions.
Scope = "public_profile,user_friends,email,user_posts,user_likes,user_photos,publish_actions"
' (State) Chilkat typically uses a 32 random bytes in base64url form.
' However, it can be anything (and any length), and doesn't need to be base64url encoded.
' For this example, I typed some random chars here:
State = "dkrh345y3895hyrtyowiurh3948rhteuirth"
' I'm using ngrok to callback to my web server running on localhost..
'RedirectUri = Server.URLEncode("https://www.your-website.com/fb_finishOAuth2.asp")
RedirectUri = Server.URLEncode("https://abca3bde.ngrok.io/fb_finishOAuth2.asp")
FbAuthUrl = AuthorizationEndpoint & "?response_type=code&scope=" & Scope & "&redirect_uri=" & RedirectUri & "&client_id=" & AppId & "&state=" & State
' Let's save our random state in a session variable.
Session("oauth2_state") = State
' Note: When I first used ngrok.io, I got the following error from Facebook:
' Can't Load URL: The domain of this URL isn't included in the app's domains.
' To be able to load this URL, add all domains and subdomains of your app to the App Domains field in your app settings.
' To fix, I temporarily changed my Facebook App's Site Url to https://abca3bde.ngrok.io/,
' and then added "abca3bde.ngrok.io" to the list of App Domains.
// Streaming decompression from System.IO.Stream --> System.IO.Stream
// In this example, the source and sink streams are files.
// However, they can be any type of System.IO.Stream, such as a System.Net.Sockets.NetworkStream
System.IO.FileStream fsSource = File.OpenRead("qa_data/image.compressed");
Chilkat.StreamConnector scSource = new Chilkat.StreamConnector();
System.IO.FileStream fsSink = File.OpenWrite("qa_data/image.bmp");
Chilkat.StreamConnector scSink = new Chilkat.StreamConnector();
Chilkat.Compression compress = new Chilkat.Compression();
compress.Algorithm = "deflate";
// Create a Chilkat.Stream object, and set the source/sink to the System.IO.Stream objects.
Chilkat.Stream stream = new Chilkat.Stream();
// Do the streaming decompress -- reading from fsSource and writing to fsSink
bool success = compress.DecompressStream(stream);
- SshTunnel – Significantly improved the background tunnel management threads.
- JsonArray.TypeAt – Discovered that this method erroneously always returns the value 4. This is fixed.
- JsonObject – Added new methods: UpdateNumber, UpdateNull
- Bug Fix: .NET Async Methods that pass in Byte Arrays There was a memory leak specific to async .NET methods that pass in byte arrays. See Byte Array Memory Not Freed for .NET Async Methods
- Socket: Added new methods: SendBd, SendSb, ReceiveBd, ReceiveBdN, and ReceiveSb. These are for sending/receiving directly from/to BinData and StringBuilder objects.
- JsonObject: Added new methods: UpdateNull and UpdateNumber.
- StringBuilder: Added AppendLine method.
- FTP2: Fixed: The following FTP2 methods returned the current date/time instead of NULL for failure: GetLastAccessDtByName, GetLastModDtByName, GetCreateDtByName, GetLastAccessDt, GetLastModDt, GetCreateDt. The methods now correctly return NULL (i.e. 0, null, Nothing, etc.)
- MailMan: Fixed the GetHeaders method. The fromIndex and toIndex arguments are inclusive. For example, if getting headers for emails 1 to 10, then 11 emails should be returned (assuming the mailbox has at least 11 emails). The fix had to do with the case when the fromIndex = 0. If fetching emails 0 to 2, then only 2 emails were returned. This is now fixed. Fetching 0 to 2 should return 3 emails.
- Crypt2 (PBES2) — When setting the CryptAlgorithm = “PBES2”, Chilkat was doing PBES1 encryption. This problem started sometime after v18.104.22.168. This is now fixed.
- Added the CkDateTime.DiffSeconds to get the difference in seconds between two CkDateTime objects.
- Fixed auto-create issue in JsonObject.UpdateString, UpdateInt, etc. for array paths that end in a primitive. For example the following C++ code
std::cout << json.emit() << "\r\n";
Now correctly produces:
- Turned on TCP_NODELAY socket option for HTTP. See http://www.chilkatforum.com/questions/11570/http-is-slow
- Updated C++ headers to avoid QT’s “emit” macro. QT defines the word “emit” as a macro, and Chilkat’s JsonObject and JsonArray classes both have an “emit” function. QT’s macro definition causes compile failures for any C++ source that uses any variable, function, etc. named “emit”. To avoid the macro definition, Chilkat does the following:
const char *emit(void);
const char *emit(void);
- Added the “eda” encoding for UN/EDIFACT Syntax Level A. See https://www.example-code.com/csharp/edifact_eda_syntax_level_A_encoding.asp. Also see: http://cknotes.com/chilkat-binary-encoding-list/
- Added new methods to CkDateTime: AddSeconds, GetAsUnixTimeStr, GetAsIso8601.
- Added the AuthAzureSAS class. (For Shared Access Signature authorization)
- Added the Rest.SetAuthAzureSas method. (For Shared Access Signature authorization)
- Fixed Rest.AddQueryParams (note that this is the plural: AddQueryParams method, not AddQueryParam). If values in the param string were URL encoded, the AddQueryParams did not properly URL decode each value. This would result in query params being doubly URL encoded when the actual request was sent.
- Added Crypt.BcryptWorkFactor, BCryptHash, and BCryptVerify to support BCrypt password hashing and verification.
- Fixed an Android issue w/ IMAP ProgressInfo callbacks. The problem only occurred when a ProgressInfo callback happened for Login where the username includes a non-usascii char, such as one with an umlaut.
- Socket.TlsRenegotiate — fixed a problem that occurred under certain conditions when the SslAllowedCiphers property is set to restrict TLS cipher suite choices.
- Ftp2 – Fixed problem with “Unix Cway” servers where 0-byte files were getting downloaded (instead of the full file). This was caused because the FTP server inaccurately reports that the file is “0 bytes” in the intermediate reply to the RETR command. Chilkat now ignores what this particular server says.
- (Email) Fixed: An incoming email’s header specifies the sender as this:From: "FAXG3/+5554555920"@faxsrv.intraThe email is loaded into a CkEmail object using the C++ edition of Chilkat.Problem is, the CkEmail.get_FromAddress() method returns @faxsrv.intra as the email address instead of FAXG3email@example.com
- ActiveX LastStringResultLen property incorrectly returned the size of the string in bytes (utf-16) rather than in number of characters. This is fixed to return the number of characters. (Note: this is a property that only exists in ActiveX classes, and is only useful for certain programming languages such as SQL Server to help programs determine if temp tables are required..)
- SSH – Added the following methods: QuickShell, QuickCommand, QuickCmdSend, and QuickCmdCheck. These methods help simplify executing remote commands running shell sessions.
When running a VBScript, on a 64-bit Windows system it is possible to run either as a 32-bit process, or a 64-bit process. If running 32-bit, then you need the 32-bit ActiveX. If running 64-bit, then you need the 64-bit ActiveX.
To run a 32-bit VBScript on a 64-bit system, you do this:
REM This is the 32-bit cscript.
To run a 64-bit VBScript, you do this:
REM This is the 64-bit cscript.
or simply this:
If you double-click on the .vbs to run it from Windows Explorer, then you’ll be running as a 64-bit process. The default, unless you took care to explicitly run as 32-bit by invoking the cscript.exe under sysWOW64, is that you’ll be running as a 64-bit process, and in that case you’ll need the 64-bit Chilkat ActiveX registered on your system.
Starting now, Chilkat is going to log the changes, fixes, and new features for the next release as the work is completed. Pre-release builds can be requested for most programming languages and operating systems. Many builds are quick and easy to provide: .NET, ActiveX, C++, Java, Perl, Python, PHP, and others. Some however, are time-consuming and a request for one of the following builds may take as many as several days: WinRT, Node.js, Mono, Xojo, PureBasic, and .NET Core. Send email to firstname.lastname@example.org if a pre-release build is desired.
(Chilkat is currently working on implementing Xero API examples, and many of the new features are related to making life easier to implement these examples. The new features are general and apply to any programming task. )
The GitHub C# Project to Check ActiveX Registration and Which VC++ Redistributables are Installed has been updated.
Note: It should contain a pre-compiled executable located in bin\x86\Release (for non .NET programmers).
Check ActiveX Registration and Installed VC++ Redistributables
Version 22.214.171.124 is a new version that almost immediately follows v126.96.36.199. It will only be released for a few programming languages (ActiveX, .NET, Delphi, and Excel). Chilkat will provide this release in other programming languages / operating system upon request.
The reason for releasing is that Chilkat wishes to create Quickbooks REST API examples, and it was discovered that the Quickbooks server-side is unable to consume HTTP requests that use MIME header folding. Therefore, Chilkat added an AllowHeaderFolding property to both the Http and Rest classes.
There were a few other very minor fixes / additions:
- Added the Email.AddAttachmentBd method.
- Added the Http.DownloadBd and http.DownloadSb methods. (See the previous release notes for information about “Bd” and “Sb” methdos: http://cknotes.com/v9-5-0-62-release-notes/ )
- Made the Http.RequireSslCertVerify method more flexible in handling out-of-order certs from a web server. See http://www.chilkatforum.com/questions/11402/certificate-order-issue-enhancement
Added a C# project on GitHub to demonstrate async sockets: C# Async Sockets