It is necessary so that VKSdk (scope) is not requested every time the application is started, but only when it is not validated from the tokenFromSharedPreferences pulled out of the application.

I try using the https://vk.com/dev/secure.checkToken method

Together with the token, I pass the protected application key, the request format is as a result:

https://api.vk.com/method/secure.checkToken?client_seсret=<MyClientSecret>&access_token=<MyToken>

What I get the answer:

"error_code": 5, "error_msg": "User authorization failed: server method is unavailable with user token.

Is there any way to call the server method from the application?

    2 answers 2

    You can make requests to the secure.* Methods only with a special token (access key), which will be tied not to the user account, but to the application.

    You can get it by making a request to this address:

     https://oauth.vk.com/access_token?client_id=CLIENT_ID&client_secret=CLIENT_SECRET&v=5.60&grant_type=client_credentials

    CLIENT_ID and CLIENT_SECRET - ID and the secret key of your application, which can be found in its settings. access_token received token as usual in the access_token parameter when accessing the secure.* Methods.

    Please note that the usual token, as stated in the error you specified, is not suitable for working with these methods.

    • So it turns out that "special token" and "user token" are different tokens? And then even if I get a special token, I can only check it with the secure.checkToken method. It (and only it) is passed in the secure.checkToken method. The point is then to check it, you need to check the user token ... - Arvalon
    • @Arvalon, right. There is also a third type of token, community access key. - neluzhin
    • @Arvalon, the fact is that a service token, unlike a user, does not have an expiration date and cannot suddenly become unusable unless you, the owner of the application, change it (or the private key if you generate service tokens dynamically). Therefore, it makes no sense to check the service token. The meaning of this method is to check that the user token belongs to your application, and also to find out if it is valid. That is, this method accepts any custom tokens created through your application. - neluzhin
    • Confused again. Is the service token and special token the same? api.vk.com/method/secure.checkToken checks what? Service or user token? If the user - then everything is again in a circle with the error "server method is unavailable with user token". If the service is the question is removed, I have a standalone-application authorized by VK Android SDK, they don’t have a service token at all and they don’t need it there. - Arvalon
    • @Arvalon, yes, the special token and the service token are one and the same. The secure.checkToken method checks user tokens and community tokens to be passed in the token parameter. And in the access_token parameter access_token transfer your service token. - neluzhin
     VKAccessTokenTracker vkAccessTokenTracker = new VKAccessTokenTracker() { @Override public void onVKAccessTokenChanged(VKAccessToken oldToken, VKAccessToken newToken) { if (newToken == null) { Intent intent = new Intent(Application.this, LoginActivity.class); startActivity(intent); } } };

    You can just do a check.

     VKSdk.wakeUpSession(this, new VKCallback<VKSdk.LoginState>() { @Override public void onResult(VKSdk.LoginState res) { switch (res) { case LoggedIn: startActivity(); break; case LoggedOut: login(); break; } } @Override public void onError(VKError error) { } });