Xiaobai's record: Recently, the project has been connected to enterprise WeChat, and the application selection is a third-party application, so I studied it. To do a third-party application development website, it is essential to scan the code to authorize login, so how do you start? I am also Xiaobai. It is the first time I have contacted, so I will record it. If there is a mistake, I hope the great god will not spray me. well, let's get back to business.
First posted about the business of micro-channel API https://work.weixin.qq.com/api/doc/90001/90143/91124 , first of all I am from from a third-party single sign-on began to look at, according to official configure: Log service providers log unauthorized configuration management background , if you do not know how to log site in this enterprise micro letter backstage service providers , log in to find the login authorization , 
conducted login authorization to initiate the domain name , as well as authorize completion callback domain , on both the official explanation API has been explained.
Second: Configure service provider information-basic information-brand name . This configuration is used to display the name above the QR code. Display the name of the application currently authorized to log in (this can also be understood).
All right. The previous things have been configured and can be authorized by QR code. At the beginning I had a question, QR code? Where does this come from? Is it generated by the tool? Or is it generated by the official? . This problem bothered me. Later I tried it and found that this QR code does not need to be generated by ourselves. But the enterprise WeChat has already generated it for us. We just construct a link . Well. How to build it? The official gave step instructions:
1. The user enters the service provider website
2. The service provider website guides the user to the login authorization page
3. The service provider can place an entry of "Enterprise WeChat Login" on the homepage of their website to guide the user to the login authorization page. :
https://open.work.weixin.qq.com/wwopen/sso/3rd_qrConnect?appid=ww100000a5f2191&redirect_uri=http%3A%2F%2Fwww.oa.com&state=web_login@gyoss9&usertype=admin
I believe everyone can understand the first step, and the second step is what we need. QR code. To guide the user to the login authorization page . In fact, the link below is the QR code we need. Enterprise WeChat has been generated for us. We only need to pass the required parameters
Parameter Description
appid: CorpID service providers , service providers CorpID Where can I get it: the service provider backstage get inside
redirect_uri: The destination redirect URL after authorized login, needs to be urlencoded. Where the domain name and authorization required to complete the same callback domain , this configuration is in front of the Registration Authority which is authorized to complete the domain name callback
state: for enterprises or service providers check session itself, to prevent cross-domain attacks
usertype: the type of support login. admin login on behalf of the administrator (use WeChat scan code), member on behalf of the member login (use enterprise WeChat scan code), the default is admin
The link of the final structure is roughly like this:
"Https://open.work.weixin.qq.com/wwopen/sso/3rd_qrConnect?appid=CorpID&redirect_uri="+encodeURIComponent('Domain name of authorization completion callback')+"&state=web_login@gyoss9&usertype=admin"
OK, all parameters have been configured. Want to open this link in a local browser? , Impossible, the
source of the verification request is incorrect . Here is the original can only login authorization to initiate the domain name under. That is to say you can only publish the address above to request evoke. Finally, publish the file to the application server . OK. The display is complete.
Ok, you're done