April 12, 2011 at 17:26Support for OAuth 2.0 on the VK platform
Yesterday, VKontakte added support for the OAuth 2.0 open authorization standard. Now integrating sites and client applications with a social network has become much easier.
On the page with the documentation of the new authorization system it is written that two types of authorization are supported: server and client.
After passing the authorization procedure of an external site, the developer's server will be able to fulfill requests to the VKontakte API at any time without user intervention. In order to get an “eternal” session, simply add the parameter scope = offline when opening the authorization dialog.
Client authorization for Desktop and mobile applications is also supported. Despite the novelty of the OAuth 2.0 protocol, now on his site you can find libraries in most popular programming languages.
In addition to the appearance of OAuth support in VKontakte, the way of interacting with the API has changed. Now all requests are sent over the secure HTTPS protocol, as a result of which there is no need to sign each request.
For example, in order to get public statuses from the user's wall, it is enough to contact at:
https://api.vk.com/method/wall.get?owner_id=1
To obtain the user's private data, it is necessary to fulfill an authorized request by simply adding the access_token parameter. This is a standard access key obtained as a result of passing the authorization procedure.
Many methods, such as wall.get, have become open and do not require authorization, so I prepared a small example demonstrating how this can work:
http://skdy.org/illarionov (in the address you can specify the short name or id of any user .)
1) When you click on the "Enter VKontakte" button, you need to redirect to the address of the form:
http://api.vk.com/oauth/authorize?client_id=2271023&redirect_uri=http://skdy.org/illarionov&display=page
2) After the user has taken the necessary action, he will be redirected to the specified callback with the parameter code or error and error_desc if an error occurs.
3) After receiving the code, from the server side, you can get access_token by contacting at:
https://api.vk.com/oauth/token?client_id=2271023&code=xxx&client_secret=xxx , where you need to specify a protected key as client_secret, which you can get in the form of editing the application.
That's all, the access_token received allows us to work with the API.
On the page with the documentation of the new authorization system it is written that two types of authorization are supported: server and client.
After passing the authorization procedure of an external site, the developer's server will be able to fulfill requests to the VKontakte API at any time without user intervention. In order to get an “eternal” session, simply add the parameter scope = offline when opening the authorization dialog.
Client authorization for Desktop and mobile applications is also supported. Despite the novelty of the OAuth 2.0 protocol, now on his site you can find libraries in most popular programming languages.
In addition to the appearance of OAuth support in VKontakte, the way of interacting with the API has changed. Now all requests are sent over the secure HTTPS protocol, as a result of which there is no need to sign each request.
For example, in order to get public statuses from the user's wall, it is enough to contact at:
https://api.vk.com/method/wall.get?owner_id=1
To obtain the user's private data, it is necessary to fulfill an authorized request by simply adding the access_token parameter. This is a standard access key obtained as a result of passing the authorization procedure.
Many methods, such as wall.get, have become open and do not require authorization, so I prepared a small example demonstrating how this can work:
http://skdy.org/illarionov (in the address you can specify the short name or id of any user .)
A simple example of VK authorization:
1) When you click on the "Enter VKontakte" button, you need to redirect to the address of the form:
http://api.vk.com/oauth/authorize?client_id=2271023&redirect_uri=http://skdy.org/illarionov&display=page
2) After the user has taken the necessary action, he will be redirected to the specified callback with the parameter code or error and error_desc if an error occurs.
3) After receiving the code, from the server side, you can get access_token by contacting at:
https://api.vk.com/oauth/token?client_id=2271023&code=xxx&client_secret=xxx , where you need to specify a protected key as client_secret, which you can get in the form of editing the application.
$code = $_GET['code'];
$secret = 'xxx';
$resp = file_get_contents('https://api.vk.com/oauth/token?client_id=2271023&code='.$code.'&client_secret='.$secret);
$data = json_encode($resp, true);
if ($data['access_token']) {
// работа с API
}
* This source code was highlighted with Source Code Highlighter.That's all, the access_token received allows us to work with the API.