Closed olegyablokov closed 2 years ago
Hello.
We don't implement authorization flow manually. Plugin is just a wrapper around native SDK (Android, iOS).
You can check validity of the token from backend with secure.checkToken
.
Do I understand correctly that the token is some metadata encrypted by VK servers with a private/public key pair? If yes then secure.CheckToken
fetches the public key and decodes the token, right?
Have no idea =)
Ok, I see, we can indeed check the validity of a token from backend.
For newcomers: secure.CheckToken
is from Vk's REST API: https://vk.com/dev/api_requests.
Thank you!)
Hello! If I understand correctly this library uses the Implicit Flow (docs: https://vk.com/dev/access_token), but the problem with this approach is that I cannot check the validity of a token on the backend side. The only hack I found is to try to make a request with this token to VK servers: if VK responses that the token is bad then I shouldn't authenticate the user and if it responses that the ip is not correct (the Implicit Flow is assigned to the user's ip) then I authenticate the user.
I could use a webview but we are on Android and iOS and I don't want users to fill login/password when they have VK app installed.
So, could we add support for Authorization Code Flow that allows not to fill credentials if VK app is installed?