WeChat Open Platform Development Document

Others 2020-04-18 08:48:14 views: null

https://developers.weixin.qq.com/doc/offiaccount/OA_Web_Apps/Wechat_webpage_authorization.html#2

table of Contents

1 Step 1: The user agrees to authorize and obtain the code

2 Second step: exchange code for access_token for web page authorization

3 Step 3: Refresh access_token (if needed)

4 Step 4: Pull user information (requires snsapi_userinfo scope)

5 Attachment: Check whether the authorization certificate (access_token) is valid

Step 1: The user agrees to authorize and obtain the code

On the premise of ensuring that the WeChat public account has the authority to authorize the scope (scope parameter) (after the service number has obtained the advanced interface, it has snsapi_base and snsapi_userinfo in the scope parameter by default), and guide followers to open the following page:

https://open.weixin.qq.com/connect/oauth2/authorize?appid=APPID&redirect_uri=REDIRECT_URI&response_type=code&scope=SCOPE&state=STATE#wechat_redirect If prompted "The link cannot be accessed", please check whether the parameters are filled in incorrectly and whether you have scope The authorization scope authority corresponding to the parameter.

Special attention: due to the high security level of authorization operation, when initiating an authorization request, WeChat will perform regular strong match check on the authorization link. If the parameter order of the link is not correct, the authorization page will not be accessed properly

Reference link (please open this link experience in WeChat client):

scope is snsapi_base

https://open.weixin.qq.com/connect/oauth2/authorize?appid=wx520c15f417810387&redirect_uri=https%3A%2F%2Fchong.qq.com%2Fphp%2Findex.php%3Fd%3D%26c%3DwxAdapter%26m%3DmobileDeal%26showwxpaytitle%3D1%26vb2ctag%3D4_2030_5_1194_60&response_type=code&scope=snsapi_base&state=123#wechat_redirect

scope为snsapi_userinfo

https://open.weixin.qq.com/connect/oauth2/authorize?appid=wxf0e81c3bee622d60&redirect_uri=http%3A%2F%2Fnba.bluewebgame.com%2Foauth_response.php&response_type=code&scope=snsapi_userinfo&state=STATE#wechat_redirect

Special attention: redirect callback callback_uri, https link should be used to ensure the security of authorization code.

Parameter Description

Whether the parameter must be stated

appid is the unique identifier of the public account redirect_uri is the callback link address redirected after authorization, please use urlEncode to process the link
response_type is the return type, please fill in the code scope is the scope of the application authorization, snsapi_base
(no authorization page pops up, jump directly , Can only get the user openid), snsapi_userinfo
(a pop-up authorization page, you can get the nickname, gender, location through the openid. And, even in the case of not paying attention, as long as the user authorizes, you can also get its information)
state after redirection It will bring the state parameter. Developers can fill in the parameter value of a-zA-Z0-9, up to 128 bytes.
#Wechat_redirect This parameter must be brought whether it is directly opened or page 302 redirected.

The following figure shows the authorization page when the scope is equal to snsapi_userinfo:

After the user agrees to the authorization

If the user agrees to the authorization, the page will jump to redirect_uri /? Code = CODE & state = STATE.

Code description: The code is used as a ticket for access_token. Each time the user authorizes the code, it will be different. The code can only be used once, and it will expire automatically if it is not used for 5 minutes.

The error return codes are explained as follows:

Return code description 10003 redirect_uri domain name is inconsistent with the background configuration
10004 This public account is blocked
10005 This public account does not have permission for these scopes
10006 Must pay attention to this test number
10009 The operation is too frequent, please try again later
10010 scope cannot be empty
10011 redirect_uri Can't be empty
10012 appid can't be empty
10013 state can't be empty
10015 Public account is not authorized third-party platform, please check the authorization status
10016 Appid that does not support WeChat open platform, please use the public account Appid

The second step: exchange code for access_token through code

First of all, please note that here is a special webpage authorization access_token in exchange for code, which is different from the access_token in the basic support (the access_token is used to call other interfaces). The public account can obtain the webpage authorization access_token through the following interface. If the scope of the webpage authorization is snsapi_base, the openid is also obtained at the same time as the webpage authorization access_token is obtained in this step, and the snsapi_base-style webpage authorization process ends here.

Special attention: because the secret of the public account and the security level of the access_token obtained are very high, it must be stored only on the server and not allowed to be passed to the client. Subsequent steps such as refreshing access_token and obtaining user information through access_token must also be initiated from the server.

Request method

After obtaining the code, request the following link to obtain access_token: https://api.weixin.qq.com/sns/oauth2/access_token?appid=APPID&secret=SECRET&code=CODE&grant_type=authorization_code

Parameter Description

Whether the parameter must be stated

appid is the unique identifier
of the public account secret is the appsecret
code of the public account is the code parameter obtained in the first step and
grant_type is the authorization_code

Back to description

The JSON packet returned when correct is as follows:

{
  "access_token":"ACCESS_TOKEN",
  "expires_in":7200,
  "refresh_token":"REFRESH_TOKEN",
  "openid":"OPENID",
  "scope":"SCOPE" 
}

Parameter Description

access_token web page authorization interface call credential, note: this access_token is different from the basic supported access_token
expires_in access_token interface call credential timeout time, unit (seconds)
refresh_token user refresh access_token
openid user unique identifier, please note that when not paying attention to the public account, user access The webpage of the public account will also generate a
scope for the authorization of the user and the unique OpenID scope user of the public account, separated by a comma (,)

When an error occurs, WeChat will return the JSON data packet as follows (example is Code invalid error):

{“errcode”:40029,“errmsg”:“invalid code”}

Step 3: Refresh access_token (if needed)

Since access_token has a short validity period, refresh_token can be used to refresh after access_token expires. Refresh_token is valid for 30 days. When refresh_token expires, user authorization is required.

Request method

After obtaining the refresh_token in the second step, request the following link to obtain the access_token:

https://api.weixin.qq.com/sns/oauth2/refresh_token?appid=APPID&grant_type=refresh_token&refresh_token=REFRESH_TOKEN

Whether the parameter must be stated

appid is the unique identifier of the public
account grant_type is filled in as refresh_token
refresh_token is filled in the refresh_token parameter obtained through access_token

Back to description

The JSON packet returned when correct is as follows:

{ 
  "access_token":"ACCESS_TOKEN",
  "expires_in":7200,
  "refresh_token":"REFRESH_TOKEN",
  "openid":"OPENID",
  "scope":"SCOPE" 
}

Parameter Description

access_token web page authorization interface call credential, note: this access_token is different from the basic supported access_token
expires_in access_token interface call credential timeout time, unit (seconds)
refresh_token user refresh access_token
openid user uniquely identifies scope user authorization scope, separated by comma (,)

When an error occurs, WeChat will return a JSON packet as follows (example is code invalid error):

{“errcode”:40029,“errmsg”:“invalid code”}

Step 4: Pull user information (requires snsapi_userinfo scope)

If the scope of web page authorization is snsapi_userinfo, then the developer can pull user information through access_token and openid.

Request method

http: GET (Please use https protocol)
https://api.weixin.qq.com/sns/userinfo?access_token=ACCESS_TOKEN&openid=OPENID&lang=zh_CN

Parameter Description

Parameter Description

access_token web page authorization interface call credentials, note: this access_token is different from the basic supported access_token
openid user's unique identifier
lang return to the national language version, zh_CN simplified, zh_TW traditional, en English

Back to description

The JSON packet returned when correct is as follows:

{   
  "openid":" OPENID",
  "nickname": NICKNAME,
  "sex":"1",
  "province":"PROVINCE",
  "city":"CITY",
  "country":"COUNTRY",
  "headimgurl":       "http://thirdwx.qlogo.cn/mmopen/g3MonUZtNHkdmzicIlibx6iaFqAc56vxLSUfpb6n5WKSYVY0ChQKkiaJSgQ1dZuTOgvLLrhJbERQQ4eMsv84eavHiaiceqxibJxCfHe/46",
  "privilege":[ "PRIVILEGE1" "PRIVILEGE2"     ],
  "unionid": "o6_bmasdasdsad6_2sgVt7hMZOPfL"
}

Parameter Description

openid User's unique identifier
nickname User's nickname
sex User's gender, the value is 1 is male, the value is 2 is female, the value is 0 is the
province of the unknown province user profile is filled in the
city ​​The general user profile is filled in the
country country For example, if China is a CN
headimgurl user avatar, the last value represents the size of the square avatar (0, 46, 64, 96, 132 values ​​are optional, and 0 represents 640 * 640 square avatar). This item is empty when the user has no avatar. If the user changes the avatar, the original avatar URL will be invalid.
privilege User privilege information, json array, such as
WeChat Woka user (chinaunicom) unionid This field will appear only after the user binds the public account to the WeChat open platform account.

When an error occurs, WeChat will return the JSON packet as follows (the example is openid is invalid):

{“errcode”:40003,“errmsg”:" invalid openid "}

Attachment: verify whether the authorization certificate (access_token) is valid

Request method

http: GET (Please use https protocol)
https://api.weixin.qq.com/sns/auth?access_token=ACCESS_TOKEN&openid=OPENID

Parameter Description

Parameter Description

access_token webpage authorization interface call credential, note: this access_token is different from the basic access_token supported by
the unique identifier of the openid user

Return the correct JSON return result:

{ “errcode”:0,“errmsg”:“ok”}

Example of JSON return on error:

{ “errcode”:40003,“errmsg”:“invalid openid”

Chai Shen Blog Expert
Published 150 original articles · praised 149 · 810,000 views
His message board concerns

Guess you like

Origin blog.csdn.net/chaishen10000/article/details/105538051
Recommended
Ranking
How to make the url of the picture have the download attribute and force the download. Jump browser to download automatically.
Lr CC 8.3 Installation Guide
MD5Utils (MD5 encryption tools! Unsalted)
Econ 325 (004)
Photo studio photography appointment app based on java SpringBoot and Vue uniapp
What is b
2017 Second Guangdong strong network Cup online game --Nonstandard
myeclipse8.5 add tomact7
mpeg1, mpeg2 and mpeg4 standard comparative analysis and summary
Tencent sub-sub-group 6-color program
Daily
More
2024-04-25(32)
2024-04-24(30)
2024-04-23(30)
2024-04-22(5)
2024-04-21(0)
2024-04-20(6)
2024-04-19(5)
2024-04-18(0)
2024-04-17(31)
2024-04-16(23)

Code World

© 2018 codetd.com