ASP VBscript and Office365 OAuth2 Access Token

The Chilkat.OAuth2 class is designed for desktop applications, not server-side web applications.

To explain further: The call to OAuth2.StartAuth does 2 things:

  1. Returns a URL you’ll open in a browser to interactively get authorization from the service’s account owner.
  2. Starts a background thread to act as a web server for the redirect request that will be forwarded from the local web browser.


If using a desktop application, you’ll specify http://localhost:<portNumber> as the callback URI in the web portal where you define your app.
The callback comes to Chilkat’s background thread which is waiting for the HTTP request at the given port number.

The callback is from your local browser to your app, which is on the same machine. It cannot use TLS because (obviously) your application is not an actual web server
and does not have a server certificate that would be acceptable (trusted) by the web browser. In addition, the callback is not traversing the Internet, so TLS is not necessary anyway.

For web server applications (Classic ASP, ASP.NET, etc.) you wouldn’t use Chilkat.OAuth2 and your redirect URL would instead be the URL of your ASP page.
You would instead implement OAuth2 directly. (You might use Chilkat in a supporting role for it.)
There are online examples for ASP and ASP.NET here:

and here: