How to obtain a token VK?

Hello, I am writing an app in nodeJS and I need to get the access token of the user. He should click on the page at the link:
https://oauth.vk.com/authorize?client_id=000000&scope=groups,wall,offline,photos&redirect_uri=http://oauth.vk.com/blank.html&display=page&v=5.21&response_type=token

And after he authenticates and is thrown back to the website.
The question is whether to make the button just a link or is it better to do a form POST, then its the app itself will redirect the link.
And what redirect needs to be after? a link with a token such as /vk/{checkToken}#access_token=12345 where checkToken I will create, and after the transition to understand which user has performed the procedure for obtaining the token. Or just make /vk/{idUser}#access_token=12345?
How to make more appropriate and safer?
March 12th 20 at 07:57
1 answer
March 12th 20 at 07:59
Solution
After logging in and transfer to http://oauth.vk.com/blank.html c token in the hash, to get it you can just, being "above" the user's browser. Web extension installed in the user's browser or the whole of your application on any Electron with the component of the browser will be able to obtain such data. In normal browser it does not do: alien domain.

On the second question. Having the token to obtain the user id can calling users.get() on the token: returns data of the user that issued the token.
Will throw the user on my website, which you customize the application in VK added. The question is how to redirect a link, and whether a link to which will redirect to add a token that will remain in the database and using it will get the user id on your website. - Elmer.Bradtke commented on March 12th 20 at 08:02
In the redirect_uri parameter will point to your website - Elmer.Bradtke commented on March 12th 20 at 08:05
You can athiwat by clikk a new window in which the authorization of the VC. And when planting after a token send from this window message.post in the window.opener with the token. - eino_Hil commented on March 12th 20 at 08:08
@Elmer.Bradtke, with redirecting to your website will not get the right wall. - eino_Hil commented on March 12th 20 at 08:11
@eino_HilI Got to work, when you click on the link, then redirect to my site and access_token - Elmer.Bradtke commented on March 12th 20 at 08:14
@Elmer.Bradtke, but there is no right wall, probably. Try to post on the wall with this token. - eino_Hil commented on March 12th 20 at 08:17
@eino_Hil, Yes, there is, throws to the login page - Elmer.Bradtke commented on March 12th 20 at 08:20
I can understand how to obtain a token which page to do a redirect, which is a unique hash which I will save in DB, and then it will be able to check which user on the site has received the token. - Elmer.Bradtke commented on March 12th 20 at 08:23
Or how more correctly to make? - Elmer.Bradtke commented on March 12th 20 at 08:26
@Elmer.Bradtke, I would have accepted just a token and nothing more. The server immediately tried to use it for users.get() – if triggered, it means, first, the token is valid, and secondly from the response of a known ACC. user_id. - eino_Hil commented on March 12th 20 at 08:29
@eino_Hil, I need a token to post in the group, I will be able to see which groups the user is a admin? - Elmer.Bradtke commented on March 12th 20 at 08:32
@Elmer.Bradtke, why not just try?

You see, because you asked the rights groups. Cm. parameter filter of method groups.get() - eino_Hil commented on March 12th 20 at 08:35
@eino_Hil, I Understand what you mean, darling idea! Thank you!
Now there is a problem to heshe from exile in express.js but that is another question) - Elmer.Bradtke commented on March 12th 20 at 08:38

Find more questions by tags VKontakte