Foreword:
With the rapid development of the Internet, we have registered all kinds of members. Many times we don't remember whether to register as a member of this website, or forget the user name or password, and we don't want to fill in the registration form. I believe. Most users are as lazy as I am. At this time, the solution to this problem appeared, that is, third-party login
table of Contents:
- Apply for platform access
- OAuth2.0 protocol
- Development Weibo Login
1. Apply for access to the platform
Let's take Weibo as an example. I want my Jingxi Mall to be able to log in with Weibo. At this time, I must go to Weibo's open platform to apply for access.
Weibo's open platform
image.png
image.png
image.png
After logging in to Weibo, create a new application, and after filling in a series of information, you can get an app key and app secret. Of course, don't forget to fill in the callback address of Weibo. I won't expand on this part of applying for access in detail.
image.png
Let me talk about the access requirements. First of all, there must be a url that can be accessed from the external network, which can be your own domain name or someone else’s second-level domain name. There is also a server that has not been filed and cannot complete the online review, but It's just for learning words, it doesn't matter
2. OAuth protocol
When we need to develop a third-party login, we must understand its principle. His principle is the OAuth2.0 protocol
image.png
(A) After the user opens the client, the client asks the user for authorization.
(B) The user agrees to authorize the client.
(C) The client uses the authorization obtained in the previous step to apply for a token from the authentication server.
(D) After the authentication server authenticates the client, it confirms that it is correct and agrees to issue the token.
(E) The client uses the token to apply to the resource server for resources.
(F) The resource server confirms that the token is correct and agrees to open the resource to the client.
The content of the agreement is roughly like this, the key is that user B agrees to authorize the client, that is, we enter the correct account password to agree to authorize this website
Here we use Weibo as an analogy
Protocol flow chart
Before starting the development of Weibo login, we need to download the official SDK: After PHP Weibo SDK is
downloaded, we don't care about the others, we directly put the most core files into our project's plugin directory
[External link image transfer failed. The source site may have an anti-leech link mechanism. It is recommended to save the image and upload it directly (img-aFBkZYgh-1599989171666)(https:upload-images.jianshu.io/upload_images/6016628-b4927ac31eba3e05.png?imageMogr2 /auto-orient/strip|imageView2/2/w/811/format/webp)]
image.png
3. Use the official SDK to develop Weibo login
I divide Weibo login into three steps:
1. When the user clicks on Weibo to log in
2. The user enters the account password
3. Return to Jingxi Mall and complete the login
Then we split the steps of Weibo login and see how we as developers should do it:
When a user clicks on Weibo to log in, we should get a Weibo login URL
One: When the user clicks on Weibo to log in:
- We introduce the sdk that we put before
//引入微博sdk
include_once __DIR__ . '/../../common/vendors/saetv2.ex.class.php';
- Instantiate the authorization object in the SDK and call the url method on it to get the landing page
2.1 When instantiating the object, you need to fill in ak and sk. I saved it in the params file of Yii in advance, so it is convenient to call
2.2 Call the getAuthorizeUrl() method When you need to pass in the previously set callback address, user review
$wbObj = new \SaeTOAuthV2(Yii::$app->params['weibo']['ak'], Yii::$app->params['weibo']['sk']);
//调用sdk中的获取登陆页面的url
$wbUrl = $wbObj->getAuthorizeURL(Url::to(['user/weibocallback'], true));
- After getting the url of Weibo login, we only need to redirect to this url.
//跳转到微博的登录页
$this->redirect($wbUrl);
The effect at this time is
image.png
image.png
Two: When the user enters the correct username and password
When the user clicks to log in and the account password is correct, at this time, it means that the user has authorized our website, and we can do something as the user within a certain range.
- After the user is authorized, the Weibo server will be redirected to the callback address we filled in before, and a parameter named code will be added.
image.png
This code is an encrypted string for verification. It has a short life cycle and can only be used once, in order to prevent hackers from capturing packets and changing packets.
- Get the code passed by the Weibo server, and use this code in exchange for access_token
2.1 In exchange for access_token We have to use the getAccessToken() method on the authorization object in the SDK. This method needs to pass in two parameters. The first is to include the code and the callback The array of addresses, the second parameter has type, and the default is code in the method. That is, we don't need to write
//首先接收get传递的code
$code = Yii::$app->request->get('code');
//通过code换取accesstoken
$wbObj = new \SaeTOAuthV2(Yii::$app->params['weibo']['ak'], Yii::$app->params['weibo']['sk']);
//将code写入数组
$keys['code'] = $code;
//将回调地址写入数组
$keys['redirect_uri'] = Yii::$app->params['weibo']['callback'];
//捕获获取accessToken失败的异常
try{
$result = $wbObj->getAccessToken($keys);
}catch (\OAuthException $exception){
echo $exception->getMessage();die();
}
Print the returned data
result
The parameters are
1. access_token,
2. Reminder expiration timestamp,
3. Expiration timestamp,
4. Weibo user id
- Set the expiration time of the cache by storing the access_token in the redis cache and setting the expiration time of that token
//将access_token存入redis
Yii::$app->cache->set($result['uid'] . 'access_token', $result['access_token'], $result['remind_in']);
- After obtaining the access_token, you can officially call the third-party open interface, such as obtaining the information of Weibo users, etc.
$access_token = Yii::$app->cache->get($uid . 'access_token');
//实例化sdk中调用微博操作类,构造函数需要传入ak,sk,access_token
$czObj = new \SaeTClientV2
(
Yii::$app->params['weibo']['ak'],
Yii::$app->params['weibo']['sk'],
$access_token
);
//调用sdk中的获取用户信息方法
$userInfo = $czObj->show_user_by_id($uid);
The returned result is data in the form of an array. The data in it is very rich. You can develop it according to your own business needs.
image.png
There are still many encapsulated methods in the SDK package that can be called. Friends who are interested can check it out
by themselves. Friends who are familiar with http protocol and CURL can also refer to the official documentation to encapsulate some interesting methods.
Today’s third-party login, the first part is introduced here. When I am free, I will supplement and improve the remaining content. If there are any incorrect points in the article, please correct me. Thank you
the above