Vkontakte API re-authorization?

D

dirty_valera2014-05-24 07:16:39

In contact with

dirty_valera, 2014-05-24 07:16:39

It is necessary to make two ways of registration/authorization for the mobile application:
1) Email + password
2) VK API
Everything is clear with the first point: when registering, the user specifies the mail + password, which are stored on the server. With each new authorization (let's say the user logged out and logs in again), the server generates a key that sends it to the user, all subsequent requests to the server API are signed with this key, so the server knows that everything is fine.
It is not entirely clear how to do these actions using the VK API. Based on the vk policy, no one except the user should know the password. Then the question is: how to re-authorize the user? Let's say that I save the token on the server (and even assume that it does not have an expiration date) and I will check all requests from the user against it. However, what if the user loses it (no matter how) and upon re-authorization, the VK API will send him another token? How can the server identify the user in this case? I can store the user's contact id or his mail on the server and use them to determine who is who, but what should I use as a shared secret?

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

D

dirty_valera, 2014-05-24
@dirty_valera

It turns out that you can send such a request
https://api.vk.com/method/users.get?access_token=TOKEN
It will return the uid of the user associated with this token. So the server can compare this uid with the sender's id and authorize it