diff --git a/backend/routes/auth.js b/backend/routes/auth.js
index b102f0f..7aa4aa0 100644
--- a/backend/routes/auth.js
+++ b/backend/routes/auth.js
@@ -3,6 +3,7 @@ const guest = require('./auth/guest');
 const list = require('./auth/list');
 const check = require('./auth/check');
 const vk = require('./auth/social/vk');
+const iframe_vk = require('./auth/iframe/vk');
 
 const router = express.Router();
 
@@ -10,5 +11,6 @@ router.get('/', check);
 router.get('/list', list);
 router.get('/guest', guest);
 router.get('/social/vk', vk);
+router.get('/iframe/vk', iframe_vk);
 
 module.exports = router;
diff --git a/backend/routes/auth/iframe/vk.js b/backend/routes/auth/iframe/vk.js
new file mode 100644
index 0000000..b138a04
--- /dev/null
+++ b/backend/routes/auth/iframe/vk.js
@@ -0,0 +1,18 @@
+const { User } = require('../../../models');
+const { CONFIG } = require('../../../../config/backend');
+const md5 = require('js-md5');
+const { generateRandomUrl } = require('../guest');
+
+module.exports = async (req, res) => {
+  const { query: { viewer_id, auth_key } } = req;
+
+  const checksum = md5(`${CONFIG.SOCIAL.VK_IFRAME.APP_ID}_${viewer_id}_${CONFIG.SOCIAL.VK_IFRAME.SECRET}`);
+
+  if (checksum !== auth_key) return res.send({ success: false, error: 'cant login or no such user' });
+
+  const user = await User.findOne({ _id: `vk:${viewer_id}` }).populate('routes');
+
+  const random_url = await generateRandomUrl();
+  return res.send({ success: true, user: { ...user.toObject(), id: user._id, random_url } });
+};
+
diff --git a/package-lock.json b/package-lock.json
index 98bde73..d35fb70 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -7772,6 +7772,11 @@
       "integrity": "sha512-/812MXr9RBtMObviZ8gQBhHO8MOrGj8HlEE+4ccMTElNA/6I3u39u+bhny55Lk921yn44nSZFy9naNLElL5wgQ==",
       "dev": true
     },
+    "js-md5": {
+      "version": "0.7.3",
+      "resolved": "https://registry.npmjs.org/js-md5/-/js-md5-0.7.3.tgz",
+      "integrity": "sha512-ZC41vPSTLKGwIRjqDh8DfXoCrdQIyBgspJVPXHBGu4nZlAEvG3nf+jO9avM9RmLiGakg7vz974ms99nEV0tmTQ=="
+    },
     "js-stringify": {
       "version": "1.0.2",
       "resolved": "https://registry.npmjs.org/js-stringify/-/js-stringify-1.0.2.tgz",
diff --git a/package.json b/package.json
index dbe9025..ac49e3b 100644
--- a/package.json
+++ b/package.json
@@ -61,6 +61,7 @@
     "file-saver": "^2.0.0",
     "history": "^4.7.2",
     "http-errors": "~1.6.2",
+    "js-md5": "^0.7.3",
     "leaflet": "^1.3.4",
     "leaflet-editable": "^1.1.0",
     "leaflet-geometryutil": "^0.9.0",
diff --git a/src/redux/user/sagas.js b/src/redux/user/sagas.js
index 4b52f42..f4ca7ac 100644
--- a/src/redux/user/sagas.js
+++ b/src/redux/user/sagas.js
@@ -152,10 +152,16 @@ function* mapInitSaga() {
 function* authCheckSaga() {
   const { id, token } = yield select(getUser);
 
-  if (window.location.search) {
-    const { viewer_id, access_token, auth_key } = yield parseQuery(window.location.search);
-    if (viewer_id && access_token && auth_key) {
-      const user = yield call(checkIframeToken, { viewer_id, access_token, auth_key });
+  if (window.location.search || true) {
+    const { viewer_id, auth_key } = yield parseQuery(window.location.search);
+    // https://alpha-map.vault48.org:3000/auth/iframe/vk?viewer_id=360004&access_token=e558a05d5cb1fcb195316703a2d5e5ec9d19b2c608844c986ec56798f8ac642379bb37fbc58270435e077&auth_key=b0ff47f659d21b6b880a1eee60b6e794
+    // const viewer_id = '360004';
+    // const auth_key = 'b0ff47f659d21b6b880a1eee60b6e794';
+
+    // console.log('Already logged in?', viewer_id, auth_key, id !== `vk:${viewer_id}`);
+
+    if (viewer_id && auth_key && id !== `vk:${viewer_id}`) {
+      const user = yield call(checkIframeToken, { viewer_id, auth_key });
 
       if (user) {
         yield put(setUser(user));
diff --git a/src/utils/api.js b/src/utils/api.js
index 46bf417..6a64b7c 100644
--- a/src/utils/api.js
+++ b/src/utils/api.js
@@ -33,6 +33,6 @@ export const postMap = ({
   distance,
 }).then(result => (result && result.data && result.data));
 
-export const checkIframeToken = ({ viewer_id, access_token, auth_key }) => axios.get(API.IFRAME_LOGIN_VK, {
-  params: { viewer_id, access_token, auth_key }
-}).then(result => (result && result.data));
+export const checkIframeToken = ({ viewer_id, auth_key }) => axios.get(API.IFRAME_LOGIN_VK, {
+  params: { viewer_id, auth_key }
+}).then(result => (result && result.data && result.data.success && result.data.user)).catch(() => (false));