Some time ago, due to work needs, I studied the Java server development of WeChat applet. Today, I will briefly sort out the relevant steps.
1. Get code, encryptedData, iv:
The code needs to be obtained from the front end by calling WeChat api --> wx.login(OBJECT).
encryptedData and iv need to be obtained by the front-end by calling WeChat api --> wx.getUserInfo(OBJECT).
The encryptedData is encrypted data containing user information, which needs to be decrypted by the server.
2. The server obtains sessionkey and openid:
First, after the server gets the code, it first calls the WeChat API interface:
https://api.weixin.qq.com/sns/jscode2session?appid=APPID&secret=SECRET&js_code=JSCODE&grant_type=authorization_code
to exchange for sessionkey.
Among them, appid and secret are constants that have been allocated by WeChat when applying for the applet. js_code is obtained from the front end in the above steps.
After calling the interface, sessionkey and openid will be returned.
3. Decrypt user information:
According to the official documentation, the algorithm for decrypting data is as follows:
The algorithm used for symmetric decryption is AES-128-CBC, and the data is padded with PKCS#7. The target ciphertext of symmetric decryption is Base64_Decode(encryptedData). Symmetric decryption key aeskey = Base64_Decode(session_key), aeskey is 16 bytes. The initial vector of the symmetric decryption algorithm is Base64_Decode(iv), where iv is returned by the data interface.
I found some information on the Internet. Since jdk itself does not support the aes-128-cbc pksc#7 algorithm, if you use the java language for decryption, you need to download the algorithm toolkit. The official website address is as follows http://www.bouncycastle.org/latest_releases.html .
Finally, according to the above decryption algorithm steps, the Java version implementation code is as follows:
byte[] encryptedDataBytes = new BASE64Decoder().decodeBuffer(encryptedData);
byte[] keyBytes = new BASE64Decoder().decodeBuffer(sessionKey);
byte[] ivBytes = new BASE64Decoder().decodeBuffer(iv);
AlgorithmParameters params = AlgorithmParameters.getInstance("AES");
params.init(new IvParameterSpec(ivBytes));
Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider());
Key secretKey = new SecretKeySpec(keyBytes,"AES");
Cipher cipher = Cipher.getInstance("AES/CBC/PKCS7Padding");
cipher.init(Cipher.DECRYPT_MODE,secretKey,params);
byte[] data = cipher.doFinal(encryptedDataBytes);
String decryptedData = new String(data,"UTF-8");
The decrypted decryptedData is a json,
{
"openId": "OPENID",
"nickName": "NICKNAME",
"gender": GENDER,
"city": "CITY",
"province": "PROVINCE",
"country": "COUNTRY",
"avatarUrl": "AVATARURL",
"unionId": "UNIONID",
"watermark":
{
"appid":"APPID",
"timestamp":TIMESTAMP
}
}
The unionId among them can uniquely identify the current user.
You can then use the unionId in exchange for the userId of your own system to complete the login.
Remark:
The above has organized a simple process of the WeChat applet server, but according to the official api document, there are some steps such as signature verification, watermark verification, checkSession, etc. The official document is written very clearly, so I won't write it here, just read the document directly It (open interface part of the official documentation of the applet): https://mp.weixin.qq.com/debug/wxadoc/dev/api/api-login.html