OAuth 2.0 support for the VKontakte platform
Yesterday, VKontakte added support for the open OAuth 2.0 authorization standard. Now it became much easier to integrate websites and client applications with a social network.
On the page with the documentation of the authorization system it is written that two types of authorization are supported: server and client.
')
After going through the authorization procedure of the external site, the developer’s server will be able to perform requests to the VK API at any time without user intervention. In order to get an “eternal” session, simply add the parameter scope = offline when opening the authorization dialog.
Client authorization for Desktop and mobile applications is also supported. Despite the novelty of the OAuth 2.0 protocol, now on its website you can find libraries in most popular programming languages.
In addition to the appearance of OAuth support on VKontakte, the way that API interacts has changed. Now all requests are sent over the secure HTTPS protocol, as a result of which there is no need to sign each request.
For example, in order to get public statuses from the user's wall, it is enough to contact the following address:
https://api.vk.com/method/wall.get?owner_id=1
To obtain private user data, you must perform an authorized request by simply adding the access_token parameter. This is the standard access key obtained as a result of the authorization procedure.
Many methods, such as wall.get, have become open and do not require authorization, so I have prepared a small example showing how this can work:
http://skdy.org/illarionov (in the address you can specify a short name or id of any user.)
1) When clicking on the “Login to VKontakte” button, you need to redirect to the address of the form:
http://api.vk.com/oauth/authorize?client_id=2271023&redirect_uri=http://skdy.org/illarionov&display=page
2) After the user has performed the necessary action, he will be redirected to the specified callback with the code or error parameter and error_desc if an error has occurred.
3) After receiving the code, already from the server side, you can get access_token by contacting:
https://api.vk.com/oauth/token?client_id=2271023&code=xxx&client_secret=xxx , where you need to specify a secure key as the client_secret, which you can get in the application editing form.
That's all, the resulting access_token allows you to work with the API.
On the page with the documentation of the authorization system it is written that two types of authorization are supported: server and client.
')
After going through the authorization procedure of the external site, the developer’s server will be able to perform requests to the VK API at any time without user intervention. In order to get an “eternal” session, simply add the parameter scope = offline when opening the authorization dialog.
Client authorization for Desktop and mobile applications is also supported. Despite the novelty of the OAuth 2.0 protocol, now on its website you can find libraries in most popular programming languages.
In addition to the appearance of OAuth support on VKontakte, the way that API interacts has changed. Now all requests are sent over the secure HTTPS protocol, as a result of which there is no need to sign each request.
For example, in order to get public statuses from the user's wall, it is enough to contact the following address:
https://api.vk.com/method/wall.get?owner_id=1
To obtain private user data, you must perform an authorized request by simply adding the access_token parameter. This is the standard access key obtained as a result of the authorization procedure.
Many methods, such as wall.get, have become open and do not require authorization, so I have prepared a small example showing how this can work:
http://skdy.org/illarionov (in the address you can specify a short name or id of any user.)
A simple example of logging in to VK:
1) When clicking on the “Login to VKontakte” button, you need to redirect to the address of the form:
http://api.vk.com/oauth/authorize?client_id=2271023&redirect_uri=http://skdy.org/illarionov&display=page
<button onclick="location.href='http://api.vk.com/oauth/authorize?client_id=2271023&redirect_uri=http://skdy.org/illarionov&display=page';"> </button>2) After the user has performed the necessary action, he will be redirected to the specified callback with the code or error parameter and error_desc if an error has occurred.
3) After receiving the code, already from the server side, you can get access_token by contacting:
https://api.vk.com/oauth/token?client_id=2271023&code=xxx&client_secret=xxx , where you need to specify a secure key as the client_secret, which you can get in the application editing form.
$code = $_GET[ 'code' ];
$secret = 'xxx' ;
$resp = file_get_contents( 'https://api.vk.com/oauth/token?client_id=2271023&code=' .$code. '&client_secret=' .$secret);
$data = json_encode($resp, true );
if ($data[ 'access_token' ]) {
// API
}
* This source code was highlighted with Source Code Highlighter .That's all, the resulting access_token allows you to work with the API.
Source: https://habr.com/ru/post/117211/
All Articles