OAuth 2.1 authentication plugin with VK ID, OK.ru, and Mail.ru support
Features β’ Installation β’ Configuration β’ Migration β’ Documentation
Complete rewrite for VK ID (id.vk.ru):
| Feature | Status |
|---|---|
| π OAuth 2.1 with mandatory PKCE | β |
π VK ID endpoints (id.vk.ru) |
β |
| π¨ OneTap widget (VK ID SDK) | β |
| π Automatic user migration | β |
| π Multi-provider (VK/OK/Mail.ru) | β |
| π± Mobile responsive | β |
| π Dark theme support | β |
| π§ͺ Test coverage (~150 tests) | β |
| π Bilingual docs (EN/RU) | β |
|
|
|
|
| Component | Version |
|---|---|
 |
2.7.0 or higher |
 |
2.7+ |
 |
Application registered at id.vk.ru |
 |
VK ID demo at id.vk.ru |
Follow the Install a Plugin guide using:
cd /var/discourse
nano containers/app.ymlAdd to hooks.after_code:
- git clone https://github.com/kaktaknet/discourse-vkid-oauth.gitgit@github.com:kaktaknet/discourse-vkid-oauth.gitcd /var/discourse
./launcher rebuild app- Go to VK ID Console
- Click "Create Application"
- Choose "Website" platform
Redirect URI:
https://your-discourse-site.com/auth/vkid/callback
Scopes:
- β
vkid.personal_info(required) - β
email(recommended) - β
phone(optional)
PKCE: β Must be enabled
Navigate to: Admin β Settings β Login
| Setting | Value | Description |
|---|---|---|
vkid_enabled |
β | Enable VK ID authentication |
vkid_client_id |
123456 |
App ID from VK ID console |
vkid_client_secret |
β’β’β’β’β’β’ |
Secret key from VK ID |
vkid_scope |
vkid.personal_info email phone |
OAuth scopes |
vkid_widget_enabled |
β | Enable OneTap widget |
vkid_widget_providers |
vkid,ok_ru,mail_ru |
Widget providers |
| Provider | Color | Icon |
|---|---|---|
| VK ID | #0077ff |
π΅ |
| OK.ru | #ee8208 |
π |
| Mail.ru | #005ff9 |
π΅ |
Features:
- β‘ Loads asynchronously (~50KB gzipped)
- π± Mobile responsive design
- π Dark theme support
- π― One-click authentication
- π Seamless backend integration
Users are automatically migrated on first login:
User logs in with VK ID
β
Plugin detects old 'vkontakte' account
β
Updates to 'vkid' provider
β
User logged in seamlessly β
No manual intervention required!
Migrate all users at once:
cd /var/discourse
./launcher enter app
rake vkid:migrate_usersSee: MIGRATION_GUIDE.md for detailed instructions
graph LR
A[User] -->|Click Login| B[VK ID Widget]
B -->|Generate PKCE| C[VK ID Server]
C -->|Authorization Code| D[Discourse Callback]
D -->|Exchange + Verify PKCE| E[Access Token]
E -->|Fetch User Info| F[Create/Update User]
F -->|Session| A
| Layer | Technology | Purpose |
|---|---|---|
| Frontend |  VK ID SDK |
Widget UI |
| Backend |  Custom Strategy |
OAuth 2.1 + PKCE |
| Auth |  |
Secure flow |
| Data |  |
User storage |
discourse-vk-auth/
βββ π plugin.rb # Entry point
βββ π lib/
β βββ π vkid_authenticator.rb # Main authenticator
β βββ π omniauth/strategies/vkid.rb # OAuth 2.1 + PKCE
β βββ π οΈ tasks/vkid_migration.rake # Migration utilities
βββ π assets/
β βββ π¨ javascripts/ # VK ID widget
β βββ π
stylesheets/ # Widget styles
βββ π config/
β βββ βοΈ settings.yml # Plugin settings
β βββ π locales/ # i18n (en, ru)
βββ π§ͺ spec/ # Test suite (~150 tests)
βββ π README.md # This file
βββ π README_RU.md # Russian docs
βββ π MIGRATION_GUIDE.md # Migration guide
βββ π MIGRATION_GUIDE_RU.md # Russian migration
Run the test suite:
bundle exec rspecCoverage:
- β PKCE generation and validation
- β User migration scenarios
- β Username uniqueness
- β Error handling
- β ID Token parsing
- β OAuth flow integration
Total: ~150 test cases
β "invalid_request: code_verifier is missing"
Cause: PKCE not properly implemented or disabled.
Solution: Ensure you're using plugin v2.0+. PKCE is handled automatically by the custom strategy.
β "No email returned from VK ID"
Cause: Email scope not granted or user hasn't provided email.
Solution:
- Check
vkid_scopeincludesemail - Verify VK ID app has email permission enabled
- User must have email in their VK account
β "redirect_uri_mismatch"
Cause: Redirect URI doesn't match VK app settings.
Solution: Verify redirect URI in VK ID console:
https://your-site.com/auth/vkid/callback
β Widget not showing
Checks:
vkid_enabledis truevkid_widget_enabledis truevkid_client_idis configured- Browser console for errors
Debug:
console.log(window.VKIDSDK); // Should show SDK
console.log(Discourse.SiteSettings.vkid_enabled); // trueSee: Full troubleshooting guide in README.md
| Document | Description |
|---|---|
| π README.md | Main documentation (English) |
| π README_RU.md | ΠΠΎΠΊΡΠΌΠ΅Π½ΡΠ°ΡΠΈΡ (Π ΡΡΡΠΊΠΈΠΉ) |
| π MIGRATION_GUIDE.md | Migration from v1.x |
| π MIGRATION_GUIDE_RU.md | Π ΡΠΊΠΎΠ²ΠΎΠ΄ΡΡΠ²ΠΎ ΠΏΠΎ ΠΌΠΈΠ³ΡΠ°ΡΠΈΠΈ |
| Endpoint | Purpose |
|---|---|
https://id.vk.ru/authorize |
OAuth authorization |
https://id.vk.ru/oauth2/auth |
Token exchange |
https://id.vk.ru/oauth2/user_info |
User information |
- Forum: Discourse Meta
- Issues: GitHub Issues
- VK ID Docs: Official Documentation
- VK ID DEMO: Official DEMO
MIT License - see LICENSE file for details
- β OAuth 2.1 with mandatory PKCE
- β Custom OmniAuth strategy
- β VK ID SDK widget integration
- β Multi-provider support (VK/OK/Mail.ru)
- β Automatic user migration
- β Bilingual documentation
- β
New endpoints (
id.vk.ru) - β PKCE implementation (RFC 7636)
- β ID Token parsing
- β Enhanced security
- β Comprehensive tests
- β Complete rewrite
- β Migration guides
- β Widget documentation
- β Troubleshooting
β οΈ Old VK OAuth 2.0 (oauth.vk.com)β οΈ No PKCE supportβ οΈ No longer compatible
**Made with β€οΈ for Discourse community**