How to make this page available only to authorized users. How to view VKontakte pages without registering there

This article considers a desktop application in Java as an example, however general principles and the scheme will be similar for any other language.

How does authorization occur?

Authorization on VKontakte is no different from any other authorization through third party server. This process was perfectly described by a StackOverflow user qnub:

1. On the service (in in this case VK) you need to register the application and get an API key.
2. After this, the application (site) can request the user’s personal data from a third-party service through this very API, for which:
   • redirect the user (the user's browser by sending him a 302 Redirect HTTP response) by specially generated link to a service providing an API;
   • the user will perform some actions there, presumably log in and allow access to the data.
3. Upon completion of the actions, the user will be redirected third party service using the same 302 Redirect to the URL passed in the parameters specially generated link.

Step one. Register your application and get a key

This step is the easiest. You need to go to the VK page for developers: https://vk.com/dev- and click on the “Create application” button. We indicate the type as “Standalone application”; the name, of course, is arbitrary. After this, in the section "My Applications"(what do you think?) your application will appear. Feel free to click “edit”, then go to the “Settings” section - there in the first line you will see the inscription “Application ID: 1234567 " These numbers are all you need to remember to log in.

Note that there is no point in hiding the application ID - it is publicly shown, for example, when posting a wall message through this application. Neither tokens nor any other information can be stolen using an ID. In general, you can even use my application ID (if you need to write small script for yourself).

Step two. Generating a special link

Next, you need to direct the user to a specially generated address (its mentions are highlighted in bold in the first section of the article), where he will confirm that he wants to allow your application to perform some actions with his account. How is this link formed?

This process is described in detail in documentation. However, if you turned to this article, I assume that you did not have enough information in the documentation, and therefore I will retell everything in my own words. The link looks like this: host?parameters. The parameters take the form of several key=value pairs separated by & symbols.

The host always remains the same: https://oauth.vk.com/authorize. The set of parameters is also unchanged:

• client_id. Here it is worth indicating the same numbers that we obtained in the first step.
• redirect_uri. The address to which the user will be redirected. For Standalone applications this is only https://oauth.vk.com/blank.html.
• display. This parameter determines how the login page will be displayed. There are three options available: page, popup and mobile. If you're not sure, use page .
• scope. In this parameter, you should list the access parameters that you need, separated by commas. Full list available parameters are shown on corresponding page documentation. Please note that you can not specify anything at all and simply not write this parameter. To find out what access options you need, look at method documentation that you are going to use.
• response_type. We specify the token and move on.
• v. API version. Current – 5.59 .

https://oauth.vk.com/authorize?client_id=1&display=page&redirect_uri=http://example.com/callback&scope=friends&response_type=token&v=5.59

Step three. What's next?

http://REDIRECT_URI#access_token= TOKEN 3&expires_in= TIME&user_id= ID

We are interested TOKEN. How to direct the user to a page from a Java application and how to get the address of the page to which VK will redirect him (in order to extract a token from it)? There are two ways.

If you decide to go this route, then you simply open the system's default browser with the link you received above, and somehow tell the user that he should copy the token from the URL and paste it into some field. Obviously, this method has terrible UX, but it can be implemented quickly and easily. It is quite suitable if you are writing an application for yourself - to download music or receive notifications. It is implemented as follows:

Public String askToken(String link) throws IOException, URISyntaxException( //Opens link in default browser Desktop.getDesktop().browse(new URI(link)); //Asks user to input token from browser manually return JOptionPane.showInputDialog(" Please input access_token param from browser: "); )

Bourgeois, via web components

If you decide to go this route, then you will need to use some third party GUI library (or at least JavaFX), which has its own browser component in its arsenal. Your program will have full power over such a browser, and you will be able to retrieve the address to which VK redirected you, software. In JavaFX this can be implemented as follows:

Import javafx.application.Application; import javafx.beans.value.ChangeListener; import javafx.beans.value.ObservableValue; import javafx.scene.Scene; import javafx.scene.web.WebEngine; import javafx.scene.web.WebView; import javafx.stage.Stage; public class Main extends Application( public static final String REDIRECT_URL = "https://oauth.vk.com/blank.html"; public static final String VK_AUTH_URL = ""; //TODO!!! public static String tokenUrl; public static void main(String args)( System.out.println(Main.getTokenUrl()); ) public static String getTokenUrl())( launch(Main.class); return tokenUrl; ) @Override public void start(Stage primaryStage) throws Exception ( final WebView view = new WebView(); final WebEngine engine = view.getEngine(); engine.load(VK_AUTH_URL); primaryStage.setScene(new Scene(view)); primaryStage.show(); engine.locationProperty( ).addListener(new ChangeListener ()( @Override public void changed(ObservableValueobservable, String oldValue, String newValue) ( ​​if(newValue.startsWith(REDIRECT_URL))( tokenUrl=newValue; primaryStage.close(); ) ) ); ) )

Conclusion

Thus, we learned how to obtain a VKontakte access token, with which you can call API methods. If this article arouses interest in the community, in the next article I will describe how to call certain API methods using a token, how to check the validity of a token (the secure.checkToken() method, of course), and write some kind of demo application, for example, to save all the music from a playlist to your computer. By the way, do not forget that in fact everything was invented before us, and there are already libraries for working with the VK API for almost any language. We have, in which we tried to collect the best of them.

If you have any ideas or questions, welcome to the comments (I read them and answer them all). You can also ask questions

Go to the VKontakte website http://vk.com/. In the address bar (at the top of the window) put “/” and write search. Press Enter.

Step 2

A search window will open. In the line, enter the first and last name of the person whose page you are looking for. If there are many people with the same name, fill out the advanced search form on the right.

Step 3

You go to the page and look at it. What to do if “The page is available only to authorized users.”? There is a solution! Do you know who has this person as a friend? If so, find a “middleman.” For example, you searched for Vasya Pupkin, and his “Page is available only to authorized users.” Vasya is a friend of Ololoshi Ololoev. So, look for this Ololosha Ololoev.

Step 4

Once you find him, look at his friends list. Have you found the person you need? Hover over his photo and click “Enlarge”. Below the photo you will see this (look at the picture). Click on “Photos from Page...”. A window will open with all the photo albums of the person you need.

Step 5

What should you do if you go to Ololoshi Ololoev’s page, but there is no list of his friends? The answer is simple: if Pupkin is his friend, he probably liked it. Open any photo and see the list of people who liked it. Have you found the person you need? Hover over his photo and click “Enlarge”.

You've probably already heard that Today you can get information about almost any person through social networks, and especially through VKontakte. Moreover, very often it is not at all necessary to be registered in it. It is enough to type the last name, first name and city of residence of the desired person in the search engine and that’s it.

I won’t go into detail about why this is bad (anyone who wants to can read the article I wrote on this subject about protecting a VKontakte account), but I’ll focus on how to make life even a little more difficult for curious people.

How to block your contact page from search engines? (Yandex, Google, etc.)

In the upper right corner click on the avatar. Select the item “ Settings».

Select the tab " Privacy" Scroll down to the block “ Other" Opposite the line “Who can see my page on the Internet” set the value “”.

If you have the old VKontakte design active

We go to the section “ My settings", tab " Privacy" and opposite the bottom line "Who can see my page on the Internet" set the value " Only VKontakte users».

To check if you did everything correctly, do the following. Select from the menu " My page", then click on " Log out».

After this, the following message should appear. " The page is available only to authorized users».

How to close your VKontakte page from other users?

You can close the entire page, or some part of it, from VKontakte participants in the same way - by going to the settings section, tab " Privacy" and setting the settings properly. (Most often in the meaning " Just me"). Each item is described in detail, so you can figure out what is responsible for what.

The vast majority of sites are freely accessible and free for users. However, there are resources that offer additional information and subscription to paid services that require a procedure such as authorization. What does this give to users?

The user needs to fill out a form to create a domain with a personal login and password. Login is a unique name presented to the user on this site. Typically, there cannot be two identical logins on one site. As for the password, it is a coded secret word or a certain sequence of characters. It confirms the fact that you are the owner of this login. For security purposes, when you enter your password, it is displayed with asterisks. There are sites that offer you to choose your own login and password, while others generate them yourself.

Authorization - what is it?

User authorization is a fundamental function on many websites. A typical Internet user encounters it regularly: on social networks, on forums, on news sites when leaving comments, on banking websites. As previously mentioned, when registering on the site, you can take advantage of the additional functions and capabilities provided. For example, in social networks it is an opportunity to see other profiles, communicate, download information, and in online stores it is possible to select and order any product.

Why is user registration needed?

As you understand, identification helps to identify a site visitor, as well as to impose restrictions on its capabilities and resources for other users.

The question arises: authorization - what is it and why limit access using it? After all, it would be much easier to provide the site's capabilities to all users. Moreover, the registration procedure sometimes takes quite a bit of time. But there is one good reason why owners introduce authorization. The fact is that it helps to limit visitors and the site itself from spam. Another important purpose of authorization is identification.

This information is transmitted voluntarily and is used solely for the purpose of recognition by other visitors.

Naturally, registration has many other tasks and functions, but these two are the most important.

Main advantages of identification

Both site owners and its users have benefits. The advantages for the owner are:

1. Anti-spam protection (screening out spam bots).
2. Restriction of rights to use additional services. For commercial sites, authorization is simply necessary, since they provide their services for money.
3. The ability to get to know the user, which also has its advantages: geographic, demographic and other information about visitors, which allows you to set up the site correctly, select the most effective advertising and keywords.

Benefits for users:

1. Also anti-spam protection.
2. Ability to recognize your interlocutor.
3. Additional features such as filling out a profile, uploading a photo, other files, and so on.

So, we figured out what authorization is. That this is a means of protecting user data. For websites it is of great importance. Based on this, you should take the situation seriously if you are unable to authorize.