Answer the question
In order to leave comments, you need to log in
VK API: how to check that access_token matches uid with minimal permissions?
Hello everyone,
There is the following scenario: a client and a server written in Java.
The client goes through VKontakte authentication and receives a uid and access_token that it sends to the server.
Next, the server makes a test request to the API with the received access_token and uid and receives the username.
But how do you make sure that the access_token matches a fixed uid?
At the same time, I do not want to scare the user by asking permission to extract such data, where this match is possible and will be checked.
For example, a client, having passed authentication, can send its access_token and not its uid to the server. But since the access_token will be correct, then the requests will be fine
Answer the question
In order to leave comments, you need to log in
I hope it's not too late to write an answer, but you can check the user id through the received access_token. To do this, you need to execute the users.get method, passing it the received access_token ( https://api.vk.com/method/users.get?access_token=TOKEN ).
I didn’t quite understand the question, but the uid match is checked by auth_key, which should be equal to md5(viewer_id(uid)+'_'+app_id+'_'+app_secret_key),
where viewer_id is the ID of the user viewing the page, app_id is the ID of the application and auth_secret_key this is the secret key of the application. The hash of this expression must be equal to the auth_key parameter, otherwise the specified user does not match the real one.
If we are talking about Android, then kick the vkontakte developers to implement normal work with AccountManager)
here's what I did:
vk.com/dev/users.search - this request needs an access_token and thus by making a request here you can check the validity of the access_token
url:
https://api.vk.com/method/users.search?access_token=<access_token>&sig=<sig>
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question