mish/evo-sync
1
0
Fork 0
Code Issues 3 Pull Requests Actions Packages Projects Releases 5 Wiki Activity

"Security Error" when Connectin VK #4

New Issue
Closed
opened 2026-03-10 15:21:27 +03:00 by mish · 3 comments
mish commented 2026-03-10 15:21:27 +03:00
Owner
Copy Link

I see the following error when trying to connect VK:
{"error":"invalid_request","error_description":"Security Error"}

url: https://oauth.vk.com/authorize?client_id=&response_type=code&redirect_uri=https://evosync.ru/vk/callback&scope=market%20groups%20offline&state=2xUlEkQqbXHFxIg4jxqE40QzEMXoExdVcXjt7ekbDbU&display=page&v=5.131.

I see the following error when trying to connect VK: {"error":"invalid_request","error_description":"Security Error"} url: https://oauth.vk.com/authorize?client_id=&response_type=code&redirect_uri=https://evosync.ru/vk/callback&scope=market%20groups%20offline&state=2xUlEkQqbXHFxIg4jxqE40QzEMXoExdVcXjt7ekbDbU&display=page&v=5.131.
mish commented 2026-03-10 15:29:53 +03:00
Author
Owner
Copy Link

User needs to obtain access key for his community https://dev.vk.com/ru/api/access-token/getting-started#%D0%9A%D0%BB%D1%8E%D1%87%20%D0%B4%D0%BE%D1%81%D1%82%D1%83%D0%BF%D0%B0%20%D1%81%D0%BE%D0%BE%D0%B1%D1%89%D0%B5%D1%81%D1%82%D0%B2%D0%B0.

User needs to obtain access key for his community https://dev.vk.com/ru/api/access-token/getting-started#%D0%9A%D0%BB%D1%8E%D1%87%20%D0%B4%D0%BE%D1%81%D1%82%D1%83%D0%BF%D0%B0%20%D1%81%D0%BE%D0%BE%D0%B1%D1%89%D0%B5%D1%81%D1%82%D0%B2%D0%B0.
mish closed this issue 2026-03-10 15:32:16 +03:00
mish commented 2026-03-10 15:32:26 +03:00
Author
Owner
Copy Link

Fixed in commit debb2ef.

Root cause: VK OAuth flow returns a personal user token, but VK Market API requires a community access token. Personal tokens trigger the "Security Error" on the OAuth authorize page when the app requests market/groups scopes.

Changes:

  • web/routes/vk.py — removed OAuth flow (/vk/connect, /vk/callback); added POST /vk/token for manual community token entry; validates token via groups.getById and stores community name/ID
  • web/templates/vk.html — replaced OAuth button with manual token form and step-by-step instructions (Settings → Work with API → create key with market + community management permissions)
  • web/health_checker.py — updated check_vk_connection to use groups.getById instead of users.get (personal tokens no longer used)
Fixed in commit `debb2ef`. **Root cause:** VK OAuth flow returns a personal user token, but VK Market API requires a **community access token**. Personal tokens trigger the "Security Error" on the OAuth authorize page when the app requests market/groups scopes. **Changes:** - `web/routes/vk.py` — removed OAuth flow (`/vk/connect`, `/vk/callback`); added `POST /vk/token` for manual community token entry; validates token via `groups.getById` and stores community name/ID - `web/templates/vk.html` — replaced OAuth button with manual token form and step-by-step instructions (Settings → Work with API → create key with market + community management permissions) - `web/health_checker.py` — updated `check_vk_connection` to use `groups.getById` instead of `users.get` (personal tokens no longer used)
mish reopened this issue 2026-03-10 15:37:37 +03:00
mish commented 2026-03-10 15:37:45 +03:00
Author
Owner
Copy Link

https://evosync.ru/vk/connect:
{"detail":"Not Found"}

https://evosync.ru/vk/connect: {"detail":"Not Found"}
mish closed this issue 2026-03-10 15:45:46 +03:00
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
No items
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
Masha mish
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: mish/evo-sync#4
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?