In the mobile application on your phone
Usually this problem occurs when logging into the VK mobile application - for example, on an iPhone. To find out why this error occurs, try logging into VK not through the application (it does not provide enough information about the error), but through the full or mobile version of the VKontakte website - there you will receive a more detailed message.
It may turn out that the password is incorrect or the page is blocked (frozen). In this case, you will have to restore access (reset your password) or, accordingly, unfreeze the page. And this is also better done through the full version. Here are the instructions for each case:
If you have a server error when registering, most likely VK wants to inform you that the phone number is already in use or blocked. You won’t understand what exactly is the reason until you try to register through the full version.
And one more possible reason - if you restored access to the page, they sent you a login and password, you try to log in and a server error appears, then make sure that you carefully read the SMS that was sent to you. Maybe you didn't fulfill one important condition. This instruction will help you:
What to do if the password is correct, but there is still a “Server error”?
In this case, if the application is not updated to the latest version, you need to update it. If it is already updated, completely remove it and install it again. Also check if the time and date on your phone are correct.
Changing Internet settings
Regardless of whether there is no connection in Skype during authorization or in any other social programs, all this is a consequence of the action. If the above recommendations did not give a positive result, then it is worth taking one more step, which will certainly get rid of this problem. It is necessary to change the settings of the Internet connection itself, which will allow you to redirect your router in the right direction for receiving information.
The fact is that in Russia, providers mainly use an automatic connection, which allows them to search for an available access point and receive power from there. The virus is designed in such a way that it is able to change Internet settings at its discretion without the user. To fix this situation, you need to go to the “Network and Sharing Center”, find your connection network, right-click on it and select “Internet Protocol 4” properties. In these settings you can find numbers indicating the IP connection, DNS server and other data. You need to remove everything and check the box next to automatic network search. If your Internet goes out completely, then you should take your contract with your provider and find the necessary settings for setting up the Internet. All these actions will help you get rid of the problem that arose as a result of infection with the virus.
VK Oauth: security error
I'm trying to authorize my standalone application. But after I click "Allow" it always redirects to https://oauth.vk.com/error?err=2 and gives this as the response body:
{"error":"invalid_request", "error_description":"Security Error"}
Here is the request URL (I have the correct client_id ):
https://oauth.vk.com/authorize?client_id=...&scope=messages,offline&redirect_uri=https://oauth.vk.com/blank.html&display=page&v=5.37&response_type=token
It seems I've already tried everything:
- Turn an application on or off
- Passing scope as a bitmask
- URI encoding of some parameters for a correct URL
- and so on
oauth oauth-2.0
Source sigod
September 13, 2015 at 09:51 pm
2 answers
- Oauth Token and Secret Security Pattern I'm working on a web application. Which uses oauth for authentication from different services. Is there any risk of protecting these tokens and secret directly in the database? Or should I encrypt them? What are the general security schemes for storing oauth token and secret
- OAuth security token
As far as I know, the OAuth standard is very weak on how OAuth should actually behave, but... I store OAuth access tokens for various OAuth services in a database. If these tokens were compromised, could they be used by a third party? Ie, is the data linked...
17
After an hour of searching I found this.
So this means that the user has an old session and must re-login to the browser.
sigod
September 13, 2015 at 09:51 pm
0
This causes a space in the state parameter.
The OAuth 2 RFC, sections 4.1.1 on Authorization Request and 4.1.2 on Authorization Response, recommends using the state parameter to maintain state in the authorization code flow, specifically to prevent CSRF.
When I set this field to CSRFTOKEN123 https://my.site/next/url I got this error. Replacing (space) with : to get CSRFTOKEN123:https://my.site/next/url helps.
By the way, I could not find any mention of the state parameter on the VK documentation site, but the VK OAuth 2 authorization system actually supports it. Otherwise it wouldn't be called OAuth 2. So I think it's legal to use the state parameter.
The topic https://vk.com/topic-17680044_30635058, mentioned by the author, is now closed, the current discussion is https://vk.com/topic-1_24428376. There are a number of questions about this. Everything is in Russian.
George Sovetov
January 07, 2021 at 11:09
Instructions for enabling login confirmation on VKontakte
There is nothing complicated about this. And our step-by-step instructions below will help you enable two-factor authentication:
- At the top right, click on your photo, and then go to “Settings“.
- Then open the “Security” tab; there is a function for activating additional protection.
- Here you will see the “Login Confirmation” option. Click “Connect” on it.
- You will see a description of this function and a warning that states that password recovery via phone number will then become unavailable. Therefore, you should indicate in your profile a valid email address to which you have access, as well as upload your real photo and provide reliable information in the application form. You can specify your email in the “General” tab.
- And reliable questionnaire data in VK Connect.
Now in the Login Confirmation option, you will see the login options. There are several options.
Let's look at them:
- SMS to number - login can be done using confirmation via SMS message that will be sent to the phone number specified in your profile.
- Backup codes are secret codes that you can use to log into your profile if you don’t have access to your phone. Each code can only be used once. In total, you can receive 10 codes at a time. If there is a chance that you will find yourself without access to your phone, then backup codes should be saved in a safe place. To see the codes, you need to click on “Show list” next to this option.
- An application for generating codes is a good option for cases when you have access to a phone, but do not have mobile communications or the Internet. Using any two-factor authentication application, you can scan the QR code and log into your VK profile. But first you need to link the application to your profile. To do this, scan the proposed QR code, which can be seen by clicking “Enable” next to this option. After scanning, enter the secret code. As a two-factor authentication application, you can use, for example, Google Authenticator for Android and iOS.
Authorization occurs in the current browser once and until you reset the confirmation or the browser cookies are cleared manually. You can reset confirmation from your profile for the current browser or for all other places where you were previously authorized.
If you wish, you can disable login verification at any time.
You may be interested in this: How to see who a friend added on VKontakte.
