npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

vk-auth-library

v1.0.5

Published

This Library helps to do Authentication/Authorization using VK OAuth Or VK Open-ID securely in Backend

Downloads

13

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Maintainers

abdollahkahneabdollahkahne

Keywords

VKAuthenticationAuthorizationaccess_tokenservice_tokenVKontakteOAuthOpenIDOpenAPI

Readme

This package supports two different type of Server-Side Authentication/Authorization Using VK.

1-OAuth (For a simple example see this): This can be used for Both authentication and authorization. With this method you specify a callback for your app first. Int the client-side you only add a link to VK Authorize endpoint as described below. In Server-Side you implement the callback-uri you specify for your app and get an access token and user information. If you want to use other VK API in server-side (in behalf of user), you can use that access token there. So it is some sort of Authorization too.

2-Open API (OpenID) (As an simple example see this ): This only used for authentication in server-side. Here you can add an script from VK to client side and then for verification you can implement an API at the backend (with arbitary url) and verify user login in server-side and also get User Info (In behalf of your app). In this case if you want call other API you can only use the VK Script at client-side (in behalf of user)

For more information about other type of authentication and information abouth them in VK please visit this discussion in GitHub

OAuth

The client side implementation of this method is described in an article at VK: Authorization Code Flow.

For Complete Server-Side OAuth Authentication/Authorization the following Steps should be done:

1- In client-side, you create a hyperlink in your UI in the form of a or button. This link is in the following format:

https://oauth.vk.com/authorize?client_id=1&display=page&redirect_uri=http://example.com/callback&scope=friends&response_type=code&v=5.130

You can read important notes about this link in here, but consider that redirect_uri and response_type are the most important here. redirect_uri should be first set at App setting in VK and this is the route that you handle server-side part of work. Also you should set response_type=code to be able to run APIs in Server (for example to verify request genuinety).

2- In Server-Side the redirect_uri you specified in link should be implemented. Here is where this package comes to work. we use the following code to verify the Authentication and simulatenousely get the user data directly from VK in the backend and not from the client side:

const {OAuthClient}=require("vk-auth-library");

const client=OAuthClient(client_id,client_secret,redirect_uri);

note that here the redirect_uri should be same as what is used in the client side and also what is defined in App setting.

then use the created client to get access_token and user_id and user data in the following way (you also get a access_token here for further API_requests in behlaf of User):

client.verifyUserData(code).then(result=>{
    const {user_id,access_token,user}=result;
});

Note that you can only use the received code from the VK once and after that, it is expired.

So if you plan to use other API methods later in Server and in Behalf of User, save the received access_token and user_id in a variable for more use.

As an alternative, can get this token with the following code too and then use the API Call to get User General Information (first_name,last_name,id)

client.getAccessToken(code).then(result=>{
    const {user_id,access_token}=result;
});

If You have access_token and user_id, you can get the general User Info using the following method too: const user=await client.getUserProfile(user_id,access_token);

All the three method return promises so can be used using await or then/catch block to handle the result.

Open ID

To use Open ID version of VK Authentication you should first add the js library which developed by VK as follow. you can use it in main index.html inside the body tag (and above other js framework code). You can get the implementation of this method in VK dev here. So the following steps should be done here: 1- In front end (Client-Side) you should firt add this script tag inside body somewhere:

<script src="//vk.com/js/api/openapi.js" type="text/javascript"></script>

Then you should initialize it somewhere (in a script tag in index.html or for example in React code you can init it at componentDidMount life cycle of Component). it initialize as below:

VK.init({
    apiId: YOUR_APP_ID
  });

Then for login you should add a button for example and add the following code:

VK.Auth.login(function(response) {
      const {session:{expire,mid,secret,sid,sig}}=response;
      if (sig) {
        fetch(`/auth/vk`, {
              credentials: "include",
              method: "POST",
              headers: { "content-type": "application/json" },
              body: JSON.stringify({ data: {{expire,mid,secret,sid,sig}} }),
        },permissionScope)

Here callback function run after the success full login. in the permissionScope you can optionally sepcify an integer for permission level (Default is zero and by default you will access general user information after login but you can set other integer too according to VK permission scope masks).

2- In the back (Server-Side) you should add the library and use it as below:

const {OpenIDClient}=require("vk-auth-library");

const client=OpenIDClient(client_id,client_secret,service_token);

Here we can do three things: 1- Verify Login and Get User Data: client.verifyUserData({expire,mid,secret,sid,sig}).then(result=>{let {user}=result});

2- Only Verify Login (Use the user info that you get at client-side or get user info by an additional method which defined in 3): this do using the boolean function:

client.verifySignature({expire,mid,secret,sid,sig});

3- Get User Data from VK ( This is done in behalf of App):

const user=client.getUserProfile(mid);

If you want to call other API's you can call them in behalf of App in server using the service code or in client side in behalf of loggedIn User using the following method:

VK.Api.call(methodName,params,callback)