search

Innim / flutter_login_vk

Flutter Plugin to login via VK.com
BSD 3-Clause "New" or "Revised" License
18 stars 17 forks source link

Add support for Authorization Code Flow #18

Closed olegyablokov closed 2 years ago

olegyablokov commented 2 years ago

Hello! If I understand correctly this library uses the Implicit Flow (docs: https://vk.com/dev/access_token), but the problem with this approach is that I cannot check the validity of a token on the backend side. The only hack I found is to try to make a request with this token to VK servers: if VK responses that the token is bad then I shouldn't authenticate the user and if it responses that the ip is not correct (the Implicit Flow is assigned to the user's ip) then I authenticate the user.

I could use a webview but we are on Android and iOS and I don't want users to fill login/password when they have VK app installed.

So, could we add support for Authorization Code Flow that allows not to fill credentials if VK app is installed?

greymag commented 2 years ago

Hello.

We don't implement authorization flow manually. Plugin is just a wrapper around native SDK (Android, iOS).

You can check validity of the token from backend with secure.checkToken.

olegyablokov commented 2 years ago

Do I understand correctly that the token is some metadata encrypted by VK servers with a private/public key pair? If yes then secure.CheckToken fetches the public key and decodes the token, right?

greymag commented 2 years ago

Have no idea =)

olegyablokov commented 2 years ago

Ok, I see, we can indeed check the validity of a token from backend. For newcomers: secure.CheckToken is from Vk's REST API: https://vk.com/dev/api_requests. Thank you!)