Recently, I helped someone else create a WeChat official account. I will divide the process into several articles and post them all, mainly including the problems encountered in it, and how to solve them.
Let's take a look at the first point we encountered: how to obtain the openid in the WeChat official account, which is explained in the official WeChat documentation.
Proceed as follows:
1. Instructions on the web page authorization callback domain name
1. Before the WeChat official account requests user web page authorization, the developer needs to modify the authorization callback domain name in the configuration options of "Settings and Development" - "Function Settings" - "Webpage Authorized Domain Name" on the official website of the official platform . Please note that the domain name (a string) is filled in here, not the URL, so please do not add protocol headers such as http://; 2. The domain name configuration specification for the authorization callback is a full domain name. For example, the domain name that requires web page authorization is: www.qq.com, after configuration, the pages http://www.qq.com/music.html and http://www.qq.com/login.html under this domain name can perform OAuth2.0 authentication. But http://pay.qq.com, http://music.qq.com, http://qq.com cannot perform OAuth2.0 authentication. 3. If the official account login is authorized to a third-party developer for management, there is no need to make any settings, and the third party can replace the official account to realize the web page authorization.
2. Explanation on the difference between the two scopes of web page authorization
1. The webpage authorization initiated with snsapi_base as the scope is used to obtain the openid of the user entering the page , and it is silently authorized and automatically jumps to the callback page. What the user perceives is to directly enter the callback page (often a business page).
2. The web page authorization initiated with snsapi_userinfo as the scope is used to obtain the basic information of the user . However, this kind of authorization requires the user's manual consent, and since the user has agreed, the basic information of the user can be obtained after authorization without paying attention.
3. The "obtain user basic information interface" in the user management interface is to obtain the user's basic information according to the user's OpenID after the user and the official account have message interaction or follow the event push. This interface, including other WeChat interfaces, requires the user (that is, openid) to follow the official account before calling it successfully.
3. Development Guide
The webpage authorization process is divided into four steps:
1. Guide the user to enter the authorization page to agree to the authorization and obtain the code ;
2. Exchange the code for the webpage authorization access_token (different from the access_token in the basic support);
3. If necessary, the developer can refresh the webpage authorization access_token to avoid expiration;
4. Pass The web page authorizes access_token and openid to obtain basic user information (supports UnionID mechanism);
Step 1: The user agrees to authorize and obtain the code
On the premise of ensuring that the WeChat public account has the authorization scope (scope parameter) (the authenticated service account has the snsapi_base and snsapi_userinfo permissions in the scope parameter by default), guide followers to open the following page:
https://open.weixin.qq.com/connect/oauth2/authorize?appid=APPID&redirect_uri=REDIRECT_URI&response_type=code&scope=SCOPE&state=STATE#wechat_redirect
toAuthorize() {
window.location.href = 'https://open.weixin.qq.com/connect/oauth2/authorize?appid=wx7f02bc77e643ad90&redirect_uri=https://www.yihaohealth.cn/test4.html&response_type=code&scope=snsapi_base&state=123#wechat_redirect'
},
Parameter description :
| parameter | Is it necessary | illustrate |
|---|---|---|
| appid | yes | The unique identifier of the official account |
| redirect_uri | yes | The URL of the callback link redirected after authorization, please use urlEncode to process the link |
| response_type | yes | Return type, please fill in code |
| scope | yes | Application authorization scope, snsapi_base (does not pop up the authorization page, jumps directly, and can only get the user openid), snsapi_userinfo (pops up the authorization page, and can get the nickname, gender, and location through the openid. And, even if you are not paying attention, As long as the user authorizes, the information can also be obtained) |
| state | no | The state parameter will be added after redirection, and the developer can fill in the parameter value of a-zA-Z0-9, up to 128 bytes |
| #wechat_redirect | yes | Whether it is opened directly or when doing page 302 redirection, this parameter must be included |
| forcePopup | no | Mandatory this authorization requires user pop-up confirmation; the default is false; it should be noted that if the user hits the silent authorization logic in a special scenario, this parameter will not take effect |
After the user agrees to the authorization,
if the user agrees to the authorization, the page will jump to redirect_uri/?code=CODE&state=STATE .
Code description:
The code is used as a ticket in exchange for access_token. The code will be different each time the user authorizes. The code can only be used once, and it will automatically expire after 5 minutes if it is not used.
Step 2: Exchange the code for the web page authorization access_token
First of all, please note that what is exchanged through the code here is a special web page authorization access_token, which is different from the access_token in the basic support (the access_token is used to call other interfaces). The official account can obtain the web page authorization access_token through the following interface. If the scope of the webpage authorization is snsapi_base, the webpage authorization access_token is obtained in this step, and the openid is also obtained, and the snsapi_base-style webpage authorization process ends here .
Pay special attention: Since the official account's secret and the obtained access_token have a very high security level, they must only be stored on the server and are not allowed to be passed to the client. Subsequent steps such as refreshing access_token and obtaining user information through access_token must also be initiated from the server.
request method
After obtaining the code, request the following link to obtain the access_token:
https://api.weixin.qq.com/sns/oauth2/access_token?appid=APPID&secret=SECRET&code=CODE&grant_type=authorization_code
Parameter description :
| parameter | Is it necessary | illustrate |
|---|---|---|
| appid | yes | The unique identifier of the official account |
| secret | yes | The appsecret of the official account |
| code | yes | Fill in the code parameter obtained in the first step |
| grant_type | yes | Fill in as authorization_code |
return instructions
The JSON data packet returned when correct is as follows:
{
"access_token":"ACCESS_TOKEN",
"expires_in":7200,
"refresh_token":"REFRESH_TOKEN",
"openid":"OPENID",
"scope":"SCOPE",
"is_snapshotuser": 1,
"unionid": "UNIONID"
}
In this way, you can get the openid, and after you get the openid, you can do some follow-up operations, such as: WeChat payment, etc.