Authorization vk.com + iframe = problems

P

propovednik2012-10-23 12:45:44

OAuth

propovednik, 2012-10-23 12:45:44

I wanted to make a comment system on the site with the possibility of authorization in social networks. I didn’t want to do it “as usual”, that is, with a pop-up window or a transition to another page and then return to the original one, but I wanted to do this: there is a hidden iframe on the page, when you click on the radio button “send a comment via Vkontakte”, this is displayed iframe and loading the page into it oauth.vk.com/authorize?client_id= *****&scope=photo&response_type=code&redirect_uri=http://www.***.com/auth.php
If successful, the redirect page is called JS code that inserts the user's avatar and his name on the page.
Everything works well if the person is already authorized in the social network, but if not, then the page in the iframe is loaded in the code of which

  if (parent && parent != window) {
    location.href = "https://oauth.vk.com/blank.html";
  }

And there is a redirect to an empty page with the inscription "Login success".

Tell me, is it possible to somehow authorize through VKontakte in the way that I described (i.e. through the appearing iframe)

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

N

nick4fake, 2012-10-24
@nick4fake

Already answered that it doesn't, but I'll clarify. This cannot be done at all in principle (and not with VKontakte), because. HOW does the user know it's not a phishing page? It would be reckless on the part of VKontakte to allow an iframe, and on the part of the user it would be extremely stupid to enter their data in such a window.

Y

Yuri Popov, 2012-10-23
@DjPhoeniX

VK does not allow you to embed itself in an iframe for security reasons. You can authorize a user only by opening the window.