Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
I
I
ideas4ru2012-10-23 08:19:31
In contact with
ideas4ru, 2012-10-23 08:19:31

VK API: how to check that access_token matches uid with minimal permissions?

Hello everyone,
There is the following scenario: a client and a server written in Java.
The client goes through VKontakte authentication and receives a uid and access_token that it sends to the server.
Next, the server makes a test request to the API with the received access_token and uid and receives the username.
But how do you make sure that the access_token matches a fixed uid?
At the same time, I do not want to scare the user by asking permission to extract such data, where this match is possible and will be checked.
For example, a client, having passed authentication, can send its access_token and not its uid to the server. But since the access_token will be correct, then the requests will be fine

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

4 answer(s)
Report
P
Pavel Gromadchuk, 2013-01-26
@Gromadchuk

I hope it's not too late to write an answer, but you can check the user id through the received access_token. To do this, you need to execute the users.get method, passing it the received access_token ( https://api.vk.com/method/users.get?access_token=TOKEN ).

Report
D
Damir Abdullin, 2012-10-23
@damirazo

I didn’t quite understand the question, but the uid match is checked by auth_key, which should be equal to md5(viewer_id(uid)+'_'+app_id+'_'+app_secret_key),
where viewer_id is the ID of the user viewing the page, app_id is the ID of the application and auth_secret_key this is the secret key of the application. The hash of this expression must be equal to the auth_key parameter, otherwise the specified user does not match the real one.

Report
N
nixan, 2013-01-22
@nixan

If we are talking about Android, then kick the vkontakte developers to implement normal work with AccountManager)

Report
D
Denis Morozov, 2014-03-12
@morozovdenis

here's what I did:
vk.com/dev/users.search - this request needs an access_token and thus by making a request here you can check the validity of the access_token
url:

https://api.vk.com/method/users.search?access_token=<access_token>&sig=<sig>

where sig
+ this is the concatenation of
SECRET this is the secret field from the VKAccessToken structure iOS ( Android )

Similar questions
S
SilentImp2011-02-25 11:16:59
How to set site description for Facebook Like button without changing description meta tag? 2Reply
K
Kirill Sidorov2011-03-03 13:08:11
Authorization Vkontakte cURL 4Reply
A
Alexander Ivanov2018-02-08 14:54:22
What is the alternative to getProfile and is it possible to get json api of public pages without creating an application? 1Reply
D
Dev123452020-04-20 15:13:55
Is there a VkCoin application code (something like VkCoin)? 1Reply
T
theslim2011-04-04 19:36:49
What about api from vkontakte? 1Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question