1. Introduction
There are many WeChat project developments now. I hope that when logging in, we will automatically log in using WeChat. This article will introduce them.
2. WeChat official website-WeChat website authorization
- Lead the user to enter the authorization page to agree to the authorization and obtain the code
- Exchange code for webpage authorization access_token (different from access_token in basic support)
- If necessary, the developer can refresh the webpage to authorize the access_token to avoid expiration
- Obtain basic user information through web page authorization access_token and openid (support UnionID mechanism)
Three, development ideas
- Get code
- Get webpage authorization access_token through code
- Pull user information
Four, configuration parameter packaging
Encapsulate all Api and WeChat login parameters (the parameters that need to be prepared below) into configuration classes for easy use,
wxopen.appid=wxa3915224f507b2
wxopen.appsecret=82380d12143533d86b0b775123b9
wxopen.redirect_url=http://xxxxx.cn/api/v1/wechat/user/callback
The first step: the user agrees to authorize and obtain the code
https://open.weixin.qq.com/connect/qrconnect?appid=APPID&redirect_uri=REDIRECT_URI&response_type=code&scope=SCOPE&state=STATE#wechat_redirect
parameter | Do you have to | Description |
---|---|---|
appid | Yes | Application unique identification, obtained after review |
redirect_uri | Yes | Callback address. After the user scans the code, WeChat will pass the code as a parameter to this address (note that the callback address needs to be processed by urlEncode) |
response_type | Yes | Fill in code |
scope | Yes | Application authorization scope, with multiple scopes separated by commas (,), web applications currently only fill in snsapi_login |
state | no | Used to maintain the status of the request and callback, and bring it back to the third party as it is after the authorization request. This parameter can be used to prevent csrf attacks (cross-site request forgery attacks). It is recommended that third parties bring this parameter, which can be set to a simple random number plus session for verification |
After the user scans the QR code to access the assembled QR code link and authorizes it, the WeChat platform will call back the callback address we set above and will carry the code
temporary credentials, and then we will use the code to get the access_token
/**
* 拼装微信扫一扫登录Url
* @return
*/
@GetMapping("/login_url")
public JsonData loginUrl(
@RequestParam(value = "access_page", required = true) String accessPage) throws UnsupportedEncodingException {
String redirectUrl = weChatConfig.getOpenRedirectUrl(); //获取开放平台重定向地址
String callbackUrl = URLEncoder.encode(redirectUrl, "GBK"); //进行编码
String qrcodeUrl = String.format(weChatConfig.getOpenQrCodeUrl(), weChatConfig.getOpenAppid(), callbackUrl, accessPage);
return JsonData.buildSuccess(qrcodeUrl);
}
Step 2: Exchange code for access_token
In the first step, after the user scan code authorization is completed, WeChat will call back the callback address ( redirect_uri ) we set and will carry the code value, we can do things after we get the code
https://api.weixin.qq.com/sns/oauth2/access_token?appid=APPID&secret=SECRET&code=CODE&grant_type=authorization_code
parameter |
Do you have to | Description |
---|---|---|
appid | Yes | The unique identification of the application, which is obtained after the application is reviewed and approved on the WeChat open platform |
secret | Yes | App Secret AppSecret, obtained after submitting the application for approval on the WeChat open platform |
code | Yes | Fill in the code parameters obtained in the first step |
grant_type | Yes | 填authorization_code |
Step 3: Obtain user information
https://api.weixin.qq.com/sns/userinfo?access_token=ACCESS_TOKEN&openid=OPENID
parameter | Do you have to | Description |
---|---|---|
access_token | Yes | Call credentials |
openid | Yes | The ID of an ordinary user, unique to the current developer account |
lang | no | Country and region language version, zh_CN simplified, zh_TW traditional, en English, the default is zh-CN |