Security News
Weekly Downloads Now Available in npm Package Search Results
Socket's package search now displays weekly downloads for npm packages, helping developers quickly assess popularity and make more informed decisions.
vk-auth-library
Advanced tools
This Library helps to do Authentication/Authorization using VK OAuth Or VK Open-ID securely in Backend
This package supports two different type of Server-Side Authentication/Authorization Using VK. 1-OAuth 2-Open API (OpenID) For more information about other type of authentication and information abouth them in VK please visit this discussion in GitHub
The client side implementation of this method is described in an article at VK: Authorization Cod Flow
For Complete Server-Side OAuth Authorization the following Steps should be done:
1- First you should create a link in your code and handle it using button onClick event handler/anchor href
. This link is in the following format:
https://oauth.vk.com/authorize?client_id=1&display=page&redirect_uri=http://example.com/callback&scope=friends&response_type=code&v=5.130
You can read important noted about this link in VK development documents but consider that redirect_uri
and response_type
are the most important here. redirect_uri
should be first set at App setting in VK and this is the route that you handle server-side part of work. Also you should set response_type=code
to be able to run APIs in Server. Otherwise in (response_type=token
) the token only can be used at the same ip.
2- In controller/middlewares implemented for the redirect_uri
you can implement the following to verify the Authentication and simulatenousely get the user data directly from VK in the backend not from the client side:
const {OAuthClient}=require("vk-auth-library");
const client=OAuthClient(client_id,client_secret,redirect_uri);
then use the created client to get access_token
and user_id
and user
data in the following way:
client.verifyUserData(code).then(result=>{
const {user_id,access_token,user}=result;
});
Note that you can only use the received code from the VK once and after that, it is expired. So if you plan to use other API methods too, use the following method first to get access_token
and user_id
and then use that token and user id to do other API method calls.
client.getAccessToken(code).then(result=>{
const {user_id,access_token}=result;
});
Here you can get User Info from the API or using the following method:
const user=await client.getUserProfile(user_id,access_token);
All the three method return promises so can be used using await
or then/catch
block to handle the result.
To use Open ID version of VK Authentication you should first add the js library which developed by VK as follow. you can use it in main index.html inside the body tag (and above other js framework code). You can get the implementation of this method in VK dev here. In front end you should firt add this library:
<script src="//vk.com/js/api/openapi.js" type="text/javascript"></script>
Then you should initialize it somewhere. for example in React code you can init it at componentDidMount
life cycle. it initialize as below:
VK.init({
apiId: YOUR_APP_ID
});
Then for login you should add a button for example and add the following code:
VK.Auth.login(function(response) {
const {session:{expire,mid,secret,sid,sig}}=response;
if (session) {
fetch(`/auth/vk`, {
credentials: "include",
method: "POST",
headers: { "content-type": "application/json" },
body: JSON.stringify({ data: {{expire,mid,secret,sid,sig}} }),
})
Here callback function in login should send the session data to backend. In the back you should add the library and use it as below:
const {OpenIDClient}=require("vk-auth-library");
const client=OpenIDClient(client_id,client_secret,service_token);
Here we can do three things:
1- Verify Login: this do using the boolean function client.verifySignature({expire,mid,secret,sid,sig})
;
2- Get User Data from VK: const user=client.getUserProfile(mid);
3- Verify Login and Get User Data client.verifyUserData({expire,mid,secret,sid,sig}).then(result=>{let user=result});
FAQs
This Library helps to do Authentication/Authorization using VK OAuth Or VK Open-ID securely in Backend
The npm package vk-auth-library receives a total of 4 weekly downloads. As such, vk-auth-library popularity was classified as not popular.
We found that vk-auth-library demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Socket's package search now displays weekly downloads for npm packages, helping developers quickly assess popularity and make more informed decisions.
Security News
A Stanford study reveals 9.5% of engineers contribute almost nothing, costing tech $90B annually, with remote work fueling the rise of "ghost engineers."
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.