Interface documentation: http://mp.weixin.qq.com/wiki/4/9ac2e7b1f1d22e9e57260f6553822520.html
1. The developer needs to go to the developer center page of the official website of the official platform to configure the authorization callback domain name, that is, the server domain name pointed to by the redirect_url in the authorization link.
For example, your REDIRECT_URI is http://www.iteye.com/cgi-bin/wechat.pl, then the callback domain name is www.iteye.com
2. Example: set a menu at the bottom of the official account: login, its link can be as follows:
1. Silent authorization (no need for the user to manually click to agree) SCOPE is snsapi_base , only the user's openid can be obtained
https://open.weixin.qq.com/connect/oauth2/authorize?appid=APPID&redirect_uri=http://www.iteye.com/cgi-bin/wechat.pl&response_type=code&scope=snsapi_base&state=STATE#wechat_redirect
2. SCOPE is snsapi_userinfo , which is used to obtain the basic information of the user. However, the user's manual consent (no need to pay attention) is required to obtain the user's basic information after authorization.
3. If the user agrees to the authorization, the WeChat server will be redirected to redirect_uri, which is http://www.iteye.com/cgi-bin/wechat.pl/?code=CODE&state=STATE , that is, the code returned to the server CGI script, the script can get openid (basic user information)
if ($cgi->param('code')) {
my $code = $cgi->param('code');
my $state = $cgi->param('state');
my $wechat = GetOpenidToken($code, $state);
my $openid = $wechat->{openid};
my $token = $wechat->{access_token};
my $unionid = $wechat->{unionid};
write_log("code=$code, openid=$openid, token=$token, unionid=$unionid\nstate=".$state."\n");
$redirect_url = "http://xxxx/test.html?openid=$openid&state=".$state;
print $cgi->redirect($redirect_url);
}
sub GetOpenidToken {
my $code = $_[0];
my $state = $_[1];
/ / Exchange code for web page authorization access_token
my $url = "https://api.weixin.qq.com/sns/oauth2/access_token?appid=".$APPID."&secret=".$SECRET."&code=".$code."&grant_type=authorization_code";
my $json = JSON->new();
my $ua = LWP::UserAgent->new();
#runging curl,get this json respons
my $req = HTTP::Request->new('POST', $url);
my $response = $ua->request($req);
//If the web page authorization scope is snsapi_userinfo, user information can be pulled through access_token and openid.
my $url2 = "https://api.weixin.qq.com/sns/userinfo?access_token=".$ACCESS_TOKEN."&openid=".$OPENID."&lang=zh_CN";
}
about state
The state parameter will be brought after the redirection, and the developer can fill in the parameter value of a-zA-Z0-9, up to 128 bytes.
After the server obtains the user information, it can jump to different H5 pages according to different state values
About the UnionID mechanism
1. Please note that the authorization of the webpage to obtain basic user information also follows the UnionID mechanism. That is, if the developer needs to unify user accounts in multiple official accounts, or between official accounts (H5 applications) and mobile APP applications, they need to go to the WeChat open platform (open.weixin.qq.com) to bind the official account. , the UnionID mechanism can be used to meet the above requirements.
2. Description of the role of the UnionID mechanism: If the developer has multiple mobile applications, website applications and public accounts, the uniqueness of the user can be distinguished by obtaining the unionid in the user's basic information, because the same user is not affected by the same WeChat open platform. For different applications ( mobile applications, website applications and public accounts ), the unionid is the same.
About mobile APP authorized login
Most mobile apps now support direct login through WeChat without registering an account, so the server generally creates a user account by obtaining the user's WeChat information (unionid, WeChat nickname, avatar, gender, etc.).
The general process is as follows: The front-end of the APP calls the SDK provided by WeChat to authorize the login, obtains the user's access_token, openid, and then passes it to the server. The server pulls the user's information through the access_token and openid, and then creates an account.