This is a series of two posts to demonstrate implementing OAuth2 Authorization for Facebook in Classic ASP.
(Also see: Facebook OAuth2 for Classic ASP – Step 2)

The 1st step is to redirect to the Facebook Login Dialog where the Facebook account owner can grant access to the application.  Facebook will then return a response that redirects to your ASP page that implements Step 2.

Here is the ASP for Step 1:

AuthorizationEndpoint = ""
TokenEndpoint = ""

' Replace these with actual values.

' Set the Scope to a comma-separated list of permissions the app wishes to request.
' See for a full list of permissions.
Scope = "public_profile,user_friends,email,user_posts,user_likes,user_photos,publish_actions"

' (State) Chilkat typically uses a 32 random bytes in base64url form.
' However, it can be anything (and any length), and doesn't need to be base64url encoded.
' For this example, I typed some random chars here:
State = "dkrh345y3895hyrtyowiurh3948rhteuirth"

' I'm using ngrok to callback to my web server running on localhost..
'RedirectUri = Server.URLEncode("")
RedirectUri = Server.URLEncode("")

FbAuthUrl = AuthorizationEndpoint & "?response_type=code&scope=" & Scope & "&redirect_uri=" & RedirectUri & "&client_id=" & AppId & "&state=" & State

' Let's save our random state in a session variable.
Session("oauth2_state") = State

Response.Redirect FbAuthUrl

' Note: When I first used, I got the following error from Facebook:
'     Can't Load URL: The domain of this URL isn't included in the app's domains. 
'     To be able to load this URL, add all domains and subdomains of your app to the App Domains field in your app settings.
' To fix, I temporarily changed my Facebook App's Site Url to,
' and then added "" to the list of App Domains.