1. Opening Authorization Dialog
2. Granting Access Permissions
3. Receiving access_token
For iOS, Android and Windows phone applications we recommend using simplified authorization through SDK.
Redirect user browser to https://oauth.vk.com/authorize
and send following parameters:
|Application id. |
|Address to redirect user after authorization (see redirect_uri). |
|display||Sets authorization page appearance. The supported values are:
- page — authorization form in a separate window;
- popup — a pop-up window;
|scope||Permissions bit mask, to check on authorization and request if necessary. |
|response_type||Response type to receive. Set token. |
|v||API version to use. The actual version is 5.130. |
|state||An arbitrary string that will be returned together with authorization result. |
|revoke=1||Sets that permissions request should not be skipped even if a user is already authorized. |
is a URL where user browser will be redirected after the permissions are granted.
should contain the address of a page on your site. For security reasons the same address should be specified in the application settings (Site address, Base domain, Authorized redirect URI fields). Note that in this case you can not use methods marked as available for Standalone apps only.
In other cases (mobile, desktop application) use the default redirect_uri
If a user is not authorized in VK in current browser they will be offered to enter a login and a password in the dialog window.
After successful login on the site, user will be prompted to authorize the application by allowing access to necessary settings, requested using the scope
parameter. For the full settings list see Application Access Permissions
With an access token received through Implicit Flow you can work with the largest amount of access permissions and methods comparing to other authorization flows.
Note that some permissions can only be requested by a Standalone app (for example messages
). It means that default redirect_uri
is required (see redirect_uri
After successful authorization user browser will be redirected to the redirect_uri
specified in the authorization dialog box. Access_token
and other parameters will be sent in URL part of the link:
Together with access_token
lifetime will be shown (in seconds). If the key is expired, you need to repeat all the steps above but in this case user will not be asked to grant permissions again. You should also request access_token if user changes their login or password or deletes the application at settings page.
will be transmitted among the parameters, it is authorized user's page id.
In case of authorization error, information about this error will be sent in a GET parameter to redirect_uri