Why different permissions when changing redirect

J

jenya77712018-10-11 12:58:21

In contact with

jenya7771, 2018-10-11 12:58:21

Why different permissions when changing redirect_uri when getting VK token?

Hello, why are there different permissions when receiving a VKontakte token?
If you specify redirect_uri https://oauth.vk.com/blank.html
Then the permissions will be all that are needed

https://oauth.vk.com/authorize?client_id=1234567&scope=groups,wall,offline,photos&redirect_uri=https://oauth.vk.com/blank.html&display=page&v=5.74&response_type=token

And if you point the redirect_uri to your site, having previously specified it in the application settings, then the permission to access the wall disappears

https://oauth.vk.com/authorize?client_id=1234567&scope=groups,wall,offline,photos&redirect_uri=http://site.com/get-token/vk&display=page&v=5.74&response_type=token

How to solve such a problem?

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

I

iBird Rose, 2018-10-11
@iiiBird

Most likely you have an application of the "web site" type. It doesn't work there https://vk.com/dev/permissions

S

Sergey Sokolov, 2018-10-11
@sergiks

You probably already figured out that a server token with the right wallcan only be obtained with a redirect to https://oauth.vk.com/blank.html. This is how VK fights spam when the user is given permission once, and then spammed on behalf of his account.
You can solve the problem in several not very pleasant ways. They all boil down to getting the full address bar after redirecting to blank.html:
Can you describe in more detail the intended functionality? It can probably be implemented in other ways as well. For example, posting to communities can be done from your (backup) account. Have admins who want to use your app add that account to their Community Editors so they can post on the wall. And you will be able to authorize one of your accounts and pick up its token using any of the methods described above.