I understand: the question is not new, I found several very similar implementations, but not one of them does not work for me ((.. The first problem arises here:

HttpClient client=HttpClientBuilder.create().build(); StringBuilder request =new StringBuilder(); request.append("https://oauth.vk.com/authorize?client_id=").append(APP_ID). append("&display=page&redirect_uri=").append(REDIR_URI).append("&scope="). append(SCOPE).append("&response_type=token&v=5.45"); HttpGet get=new HttpGet(request.toString()); HttpResponse resp=client.execute(get); System.out.println(resp.getFirstHeader("Location").getValue());

firstly there is no such title, and secondly a warning is transmitted:

ber. 07, 2016 9:13:13 PM org.apache.http.client.protocol.ResponseProcessCookies processCookies WARNING: Invalid cookie header: "Set-Cookie: remixlang = 1; expires = Fri, 03 Mar 2017 14:08:26 GMT; path = /; domain = .vk.com ". Invalid 'expires' attribute: Fri, 03 Mar 2017 14:08:26 GMT

ber. 07, 2016 9:13:13 PM org. path = /; domain = .vk.com ". Invalid 'expires' attribute: Thu, 16 Mar 2017 11:05:21 GMT

The server returns the code 200

From the server, I get these Headers:

Server: Apache Date: Mon, 07 Mar 2016 21:28:09 GMT Content-Type: text / html; charset = utf-8 Connection: keep-alive X-Powered-By: PHP / 3.21901 Set-Cookie: remixlang = 1; expires = Sat, 04 Mar 2017 18:01:50 GMT; path = /; domain = .vk.com Set-Cookie: remixlhk = 0e65abac9fd62d58fc; expires = Tue, 28 Feb 2017 17:46:12 GMT; path = /; domain = .vk.com Pragma: no-cache Cache-control: no-store
X-Frame-Options: SAMEORIGIN

Already hands are falling .. Tell me how is the authorization done (vkontakte or any other site with a form)? Because I’m trying to get a "location" header on another site - it’s not in the answer. Tell me the algorithm or where and what to read for the practical part?

  • what response is returned from the server? need to add to the question. - AdamSkywalker
  • server returns OK. Or what do you mean? - Michael En
  • full answer, http headers and http body, if there is one - AdamSkywalker
  • Read in Google what 200 OK is and when the location - andreymal header may be present
  • @andreymal thanks, I read of course, but the problem is not quite that .. The fact is that for authorization this title should be present anyway .. - Michael En

2 answers 2

The best choice of the spring module that works with social networks (not only authorization) is Spring Social . It is fully integrated with Spring Security. There are a lot of different examples on the network how to connect authorization through a social network (using ss), using the same OAuth, OAuth2 or Spring Boot protocols, which is even easier. In addition, there is not only FB, Twitter and Google. In the examples you can find VK and many even the most unpopular sites.

    If you use spring security, I can recommend authorization through ulogin.ru and the use and integration of ulogin and spring_security: https://github.com/dmrzh/ulogin_spring_security