Recently, due to business needs, many of the customers who cooperate with us have their own official accounts or want to control users in their own hands (apply for their own official accounts). They have no development ability and want to use our platform to realize their own business. I researched the WeChat open platform and found that this is a good choice. Next, I will explain the development process of the open platform from the scenario of realizing business on behalf of the public account:
I. Overview
The third-party platform of the public platform is to allow public account or small program operators, when facing the needs of vertical industries, to authorize the third-party platform with one click (and can be authorized to multiple third parties at the same time), and complete the business through the third-party platform , which is open to all developers who have passed the developer qualification certification.
2. Preparation before development
1. First, you must apply for an account on the https://open.weixin.qq.com/ open platform;
2. After the application, create a third-party platform in "Management Center" - "Third-Party Platform"
3. Fill in the corresponding parameters according to the instructions
Domain name for the initiation of login authorization: This domain name is used to authorize the authorizer to the third-party platform. Fill in the domain name corresponding to the authorization page.
List of Authorized Test Official Accounts: The original ID of the authorized official account used for testing before the whole network is released, which can be viewed in the "Registration Information" column under "Official Account Settings" on the WeChat Official Account Platform.
Authorization event receiving URL: This is the key, used to receive the component_verify_ticket pushed by WeChat, as well as subsequent authorization-related notifications (including authorization success, cancellation of authorization, authorization update, etc.)
The following token and key are the parameters of the open platform, which will be mentioned in the following places.
Message and event receiving URL: handle messages and event entries on behalf of the official account. For example, users will call this address when they send a message on the official account or follow the official account.
Note: The above domain names and addresses are all the same, which can be understood as the domain names corresponding to the deployment of open platform applications.
Another key parameter below is the IP whitelist.
Remember, only your ip in this whitelist can send and receive messages normally.
3. Technical description of authorization process
There are two ways to authorize, one is to search the open platform for binding on the public platform "Development" -> Basic Configuration -> Open Platform Account; the other is to scan the WeChat code on the authorization page provided by the third-party open platform bind. Most of them are bound in the second way. Here is how to implement the second way.
First, prepare an authorization page. The authorization page provides a url link for the authorizer to click, similar to this:
<a href="https://mp.weixin.qq.com/cgi-bin/componentloginpage?component_appid=${componentAppid}&pre_auth_code=${preAuthCode}&redirect_uri=${redirectUri}&auth_type=1">登录授权</a>
The effect is shown on the right: 
, the authorizer clicks the login authorization button, and a scan code authorization page will appear.
Scanning the code on WeChat will automatically read your official account bound to WeChat, and click Authorize to complete the authorization operation. Here are a few things to note:
1. In the development stage of the development platform (before the whole network is released), it is necessary to fill in the original id of the authorized official account to be tested in the " List of Authorized Test Official Accounts" in advance, which is similar to the string starting with gh_.
2. When authorizing, you need to provide a callback address. The redirect_uri provided above. After the authorizer agrees to the authorization, WeChat will call back this address and return the auth_code to you. After obtaining the authorization code, the third-party platform can use the authorization code in exchange for Authorizer_access_token (also referred to as token) for the API call of the official account or applet, and then call the credentials through this interface, and call the official account or applet-related API according to the instructions of the official account developer document or applet development document . The authorizer_access_token here is equivalent to the access_token used in the development of your WeChat official account.
3. How to get pre_auth_code? The third-party platform obtains the pre-authorization code (pre_auth_code) for the preparation of the authorization process through its own interface calling credentials (component_access_token) ; then how to get the component_access_token? The third-party platform obtains its own API call credentials through its own component_appid and component_appsecret (that is, the AppID and AppSecret in the third-party platform details page of the WeChat Open Platform Management Center), and component_verify_ticket (a security ticket that is pushed every 10 minutes). component_access_token); how to get component_verify_ticket? This ticket will be automatically pushed by WeChat to the event receiving URL you filled in on the open platform after your open platform has passed the review. Isn’t it very clear to push back?
4. The component_access_token is to be cached. The third-party platform component_access_token is the calling credentials of the third-party platform's interface below, also called the token (component_access_token). Each token has a validity period (2 hours), and the call of the token is not unlimited. Please manage the token well on the third-party platform and refresh it when the token is about to expire (for example, 1 hour and 50 minutes). . There is no need to refresh, because WeChat will push a security ticket every 10 minutes. You can get component_access_token according to the ticket, so that you can refresh component_access_token regularly.
5. The authorizer_access_token also needs to be cached. The authorizer interface calls the credentials (only when the authorized official account or applet has API permissions, this return value), also referred to as the token , this is also invalid in 2 hours, after getting this At the same time, you will also get an authorizer_refresh_token , you can use it to call the interface to get a new authorizer_access_token , so as to ensure that the authorizer_access_token does not expire.
After the authorization process is completed, we can proceed to the next step to realize the business on behalf of the official account.
To be continued. . .