Simple check for the existence of the user (VK API)?


What is the easiest way on the backend to check whether correct data is coming from the app(IFRAME)?

More specifically — whether access_token of the user(viewer_id). And then I have discounts of app issues — don't want the substitution uid given a new discount.

Search on Google shows a bunch of options with authorization, but it is not quite that.
October 8th 19 at 01:16
2 answers
October 8th 19 at 01:18
To calculate and compare auth_key
What you need, thank you! - Easton_Kessl commented on October 8th 19 at 01:21
October 8th 19 at 01:20
uid is the id of the current user?
if Yes, then you can do the first request to the API at boot (there is direct contact there is a setting) for example like this:


then when you download have in the get['viewer_id'] real aydishnik.
I have it all in an iframe app. I make a request to the backend via ajax and sends a uid token and the service data. The problem is that I don't want to be able to forge the request. Therefore, I want to check whether the user token ID. - Easton_Kessl commented on October 8th 19 at 01:23
in this case, it is something I do not understand... As I see the communication with the server from the app:
the user launched the app we had stolen id and recorded in its database on the backend
all requests can now be performed not on contactskin id but your own
plus you need to send a hash which was generated by the server based on the transmitted data (generation method known only to You)
even as an option, you can limit the lifetime of the query ie to pull with each request a timestamp - Easton_Kessl commented on October 8th 19 at 01:26

Find more questions by tags VKontakteAPIPHP