Why different permissions when you change the redirect_uri when obtaining a token for VK?

Hello, why different resolution upon receipt of the token Vkontakte?
If you specify a redirect_uri https://oauth.vk.com/blank.html
The permissions are all that are needed
5bbf1e17129d8967307061.png
https://oauth.vk.com/authorize?client_id=1234567&scope=groups,wall,offline,photos&redirect_uri=https://oauth.vk.com/blank.html&display=page&v=5.74&response_type=token


But if redirect_uri to point to your site, after putting in the app settings, you do not permission to access to the wall
5bbf1e4a6cffd425396024.png
https://oauth.vk.com/authorize?client_id=1234567&scope=groups,wall,offline,photos&redirect_uri=http://site.com/get-token/vk&display=page&v=5.74&response_type=token


How to solve this problem?
March 12th 20 at 08:41
2 answers
March 12th 20 at 08:43
most likely you have the application type "web site". There it doesn't work https://vk.com/dev/permissions
cSRwNn81.png
Yes, it is, going straight on blacks and I get a token. There are other options how to get a token for the application type "web site"? - tre.Block commented on March 12th 20 at 08:46
@tre.Block, the sooner you have to beg for support describing your app and saying that you wall etc.
but according to rumors, now it is very difficult to elicit. you will simply be advised to create "app community." - Okey_Gorcza commented on March 12th 20 at 08:49
@Okey_Gorcza, I was wrong, I have a Standalone application, so it is impossible to invent anything? - tre.Block commented on March 12th 20 at 08:52
@tre.Block, with redirecting to your website - no. Only if you do the redirect blank.html and beg the user to give you a token. - Berneice_Mayert commented on March 12th 20 at 08:55
March 12th 20 at 08:45
Probably already figured out that the server token with the right wall can be obtained only with a redirect to https://oauth.vk.com/blank.html. So the VC has zero tolerance for spam when the user once get permission, and then spam on behalf of its account.
If you did not understand.
Access rights:
This privilege is not available by default for sites (is ignored when you try authorization for application of type "Web site" or the schema of the Authorization Code Flow).


To solve the problem in several not very pleasant ways. They all boil down to, to get the full address bar after the redirect to blank.html:
  1. ⚠Ido not do it! Ask the user to copy the address bar and paste into the form on your website
  2. To write a browser extension and ask user to install it – not all will agree to bother
  3. To register the web client as a downloadable app. Electron, nwjs, that's all Inside it will be a web component that will open the VC website and the user is authenticated with the same redirect. The difference is that this "browser" is fully controlled by your code – take the URI, send in the background on your server. But to download such a heavy application would be even less than the plugin in your browser. And you must have a great reputation to your people to enter their login/password from the VC.


Maybe describe in detail the intended functionality? It probably can be implemented in other ways. For example, posting in the community you can do from your (spare) account. Let the admins who want to use your app, add the account to the Editors of their community – so he will be able to create posts on the wall. And only one your account you will be able to authorize and get the token for any of the above described methods.
Hello, the point is that users can add their groups, and I could do posts in the group. You can think of for this? - tre.Block commented on March 12th 20 at 08:48
@tre.Block, the last paragraph of the answer. Create multiple accounts VK for which will post.
Admins wishing to have you post in their groups, it is necessary to inform you of the group and add your account to the administrators her community. - Ebba.Smitham commented on March 12th 20 at 08:51
@Ebba.Smitham, And why several? There are some limits and they are small? With the token you can do 3 requests per second for each user. - tre.Block commented on March 12th 20 at 08:54
@tre.Block, and a limited.
Thought about a few, as in the case of a ban that account will have to charge new and ask all users to add it to the administrators groups. When you publish the same type of posts, the captcha will come out more likely. - Ebba.Smitham commented on March 12th 20 at 08:57

Find more questions by tags VKontakte