1
votes

I make the following request:

https://oauth.vk.com/authorize?redirect_uri=https%3A%2F%2Foauth.vk.com%2Fblank.html&response_type=token&client_id=5842359&v=5.63&scope=friends%2Coffline&display=page

to retrieve an access token. This url leads to a login page on vk.com (if not logged in already), then prompts a user to authorize application and then redirects to https://oauth.vk.com/blank.html#access_token={token}&expires_in=0&user_id={id}. So to actually retrieve an access token one needs to manually copy it from the address bar. This procedure is specified in the official API. Is there a way to go around this? How do I get a token using only python code?

Below is the procedure that generates the url:

import requests

def authorize_app(client_id, redirect_uri = None):
'''
    The function generates an url, which redirects to login page (optional, if not logged in) and app authorization. 
'''
if redirect_uri == None:
    redirect_uri = 'https://oauth.vk.com/blank.html' # default callback url
oauth = requests.get('https://oauth.vk.com/authorize', params = {'client_id' : str(client_id), 
                                                                'redirect_uri' : redirect_uri,
                                                                'display' : 'page',
                                                                'scope' : ['friends,offline'], # offline option makes the token permanent
                                                                'response_type' : 'token',
                                                                'v' : 5.63})
return oauth.url
1
Link to API documentation and oauth: vk.com/dev/access_token - jackdawrites
Can't you change the redirect_uri? The usual procedure would be to open a local webserver (say on localhost:5000) and redirect the user there, then stop the server once it receives the token. - Aran-Fey
@Rawing thanks, I'll try that. - jackdawrites

1 Answers

0
votes

You can use Authorization Code flow wherein you receive Auth_code and then use this code to retrieve access_token.

Getting auth_code and access_tokens are just POST requests to the OAuth server.

In your code response_type should be code to get the auth code and then use this code to retrieve acccess_token

Refer to this https://vk.com/dev/auth_sites. Generally, this flow is same on any OAuth provider.