Answer the question
In order to leave comments, you need to log in
K
K
koi com2016-09-18 23:01:50
koi com, 2016-09-18 23:01:50
How to safely use vk.com oauth widget?
I want to use the oauth widget on the site for authorization through VKontakte. The widget is provided by vk.com itself. After the user confirms access, he is redirected to my site with get parameters: uid, firstname, lastname, photo_url, hash. URL looks like this
koi.pythonanywhere.com/dev/Login?uid=77754028&firs...
After checking authorization by hash, I successfully register or login user. But what if someone gets access to the user's device and copies this url in the browser's history? It turns out that he will be able to log in as user N everywhere and from any device? If so, how can this be prevented? For example, Google aouth also returns the time parameter, which apparently serves to prevent such incidents from happening. But what if vk.com doesn't return anything like that?
2 answer(s)
@alexZzZzZzZ
A
alexZzZzZzZ, 2016-09-22 @alexZzZzZzZ
Judging by the documentation (I doubt that the off widget uses other requests), the code goes bad after 1 hour.
Similar questions
V
vanoqwerty2017-04-08 18:55:38
Adding product to cart without reloading WordPress+Woocommerce page?
2Reply
K
Konstantin2017-06-26 14:22:13
Is there a bugless equivalent of Punto Switcher for Mac OS Sierra?
3Reply
E
I
R
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question