I want to write a bash script that will interact with the contact via api.
First you need to program OAuth2.0 authentication. Everything would seem simple, but the problem is that I cannot use the browser, because I want my script to work on a Unix machine without X and without user intervention, that is, me.
Based on the documentation of the VKontakte site, I must first complete a GET request:
https://oauth.vk.com/authorize?client_id=<myapp_id>&redirect_uri=https://oauth.vk.com/blank.html&display=mobile&scope=video,audio&response_type=token&v=5.44&revoke=1 This request is executed normally and I get a page to display to the user with input forms. On this page I am interested only in the following code:
<form method="post" action="https://login.vk.com/?act=login&soft=1&utf8=1"> <input type="hidden" name="_origin" value="https://oauth.vk.com"> <input type="hidden" name="ip_h" value="<some_value>" /> <input type="hidden" name="lg_h" value="<some_value>" /> <input type="hidden" name="to" value="<some_value>"> <dl class="fi_row"> <dt class="fi_label">Phone or email:</dt> <dd> <div class="iwrap"><input type="text" class="textfield" name="email" value="" /></div> </dd> </dl> <dl class="fi_row"> <dt class="fi_label">Password:</dt> <dd> <div class="iwrap"><input type="password" class="textfield" name="pass" /></div> </dd> </dl> <div class="fi_row"> <div class="fi_subrow"> <input class="button" type="submit" value="Log in" /><div class="near_btn"><a href="//oauth.vk.com/blank.html#error=access_denied&error_reason=user_denied&error_description=User denied your request">Cancel</a></div> </div> </div> <div class="fi_row_new"> <div class="fi_header fi_header_light">Not registered yet?</div> </div> <div class="fi_row"> <a class="button wide_button gray_button" href="https://m.vk.com/join?api_hash=a9612b3095c82d30df">Sign up for VK</a> </div> </form> Based on the documentation and this code I conclude that I must implement the following, that is, send a post request:
https://login.vk.com/?act=login&soft=1&utf8=1 and pass the following fields as parameters:
_origin, ip_h, lg_h, to, email, pass But this request does not work for me. It returns an empty string when trying to run through curl and an error page, saying the password is incorrect if you send a request through some REST client. It was thought that the problem could be that I did not use cookies, but with the addition of them, too, nothing has changed, although perhaps I did something wrong.
The script I'm trying to make work:
#!/bin/bash username=$1 password=$2 response=$(curl --cookie-jar vk.txt "https://oauth.vk.com/authorize" --data "client_id=<app_id>&redirect_uri=https://oauth.vk.com/blank.html&display=mobile&scope=video,audio&response_type=token&v=5.44&revoke=1") echo "response is $response" echo "=================================================================" response=$(curl --request POST --cookie vk.txt "https://login.vk.com/?act=login&soft=1&utf8=1" --data-urlencode "_origin=https://oauth.vk.com&ip_h=<some_value>&lg_h=<some_value>&to=<some_value>&email=<my_email>&pass=<my_pass>") echo "response is $response" echo "=================================================================" exit 0 I tried to play with curl parameters, for example, encode, decode the transmitted request data. But as a result I get the same thing. Maybe I should do some additional encryption or encryption before executing the request? If so, why doesn't curl do this by default?
I found an article in the vast, where this problem was solved on a python and everything works for the dude. I used his Python code, remaking it under the third python, but it also does not work. It returns a blank page after entering the login and password, although it must return a page with permissions for the application. It seems to me that the authorization mechanism has undergone some changes, in connection with which the code has stopped working. Here is a link to that article: https://habrahabr.ru/post/143972/
In general, the question is: how to make it work, or what am I doing wrong?
