1. We implement authorized login through uni.login. A successful callback obtains the WeChat login code authorization code.
2. After successful callback, call uni.getuserInfo() to obtain user information and oppenID
3. Call your own request interface uni.request() to initiate a request
Method 1: User information authorized login
Through the click event of the button button, call wx.getUserProfile() to pop up the authorization box. After obtaining the user's encrypted data, exchange the token for the backend .
illustrate:
1. Obtain user information through wx.getUserProfile(). This method needs to be triggered by the click event of the button button
2. Call wx.login() to obtain the temporary login credential code< /span> 9. After successful verification, return the business data to the client 8. The server queries the corresponding openid and session_key through the login status token 7. The client When wx.request() initiates a request, it carries the login status token (it is recommended to use wx.getStorageSync('key') to obtain it synchronously) 6. The client stores the login status token in the cache storage (it is recommended to use wx.setStorageSync('key', 'value') for synchronous storage) 5. The server customizes the login status token (associated with openid and session_key) and returns it to the client, and at the same time returns user information 4. The server uses code + appid + appsecret to exchange with WeChat ( Call the auth.code2Session interface) The user's unique identifier openid and session key session_key
3. Pass the encrypted data (encryptedData, iv) and temporary login credential code to the server
Notice:
Calling wx.login in the callback to log in may refresh the login status. At this time, the sessionKey used by the server in exchange for code is not the sessionKey used for encryption, causing decryption to fail. It is recommended that developers log in in advance; or use checkSession in the callback to check the login status first to avoid login refreshing the login status.
Method 2: Mobile phone number authorization login
Through the bindgetphonenumber event of the button button, the mobile phone number authorization pops up. After obtaining the encrypted data, exchange the token for the backend.
illustrate:
1. Obtain the encrypted data of the mobile phone number through the bindgetphonenumber event of the button button. The button needs to set open-type="getPhoneNumber"
2. Call wx.login() to obtain temporary login credentials code
3. Pass the encrypted data (encryptedData, iv, signature, rawData) and temporary login credential code to the server
4. The server uses code + appid + appsecret exchanges (calling auth.code2Session interface) the user's unique identifier openid and session key session_key to WeChat
5. The server decrypts the mobile phone number according to session_key, appid, encryptedData, iv< a i=5> 6. The server customizes the login status token (associated with openid, session_key) and returns it to the client 7. The client stores the login status token into the cache storage (wx.setStorageSync is recommended) ('key', 'value') Synchronous storage) 8. When the client wx.request() initiates a request, it carries the login status token (it is recommended to use wx.getStorageSync('key') for synchronization Obtain) 9. The server queries the corresponding openid and session_key through the login status token 10. After successful verification, the business data is returned to the client
Notice:
Calling wx.login in the callback to log in may refresh the login status. At this time, the sessionKey used by the server in exchange for code is not the sessionKey used for encryption, causing decryption to fail. It is recommended that developers log in in advance; or use checkSession in the callback to check the login status first to avoid login refreshing the login status.
That is to say, before the getPhoneNumber method is triggered (the user clicks the button), the latest code needs to be obtained.
Method 1: Mini program authorized login
Obtain the temporary login credential code through wx.login and exchange it for the token to the backend. You can log in without any sense.
Timing diagram:
illustrate:
1. The client calls wx.login() to obtain the temporary login credential code, initiates a network request through wx.request(), and passes the code to the server
2. Server Use code + appid + appsecret to exchange (call auth.code2Session interface) the user's unique identifier openid and session key session_key
to WeChat 3. Server-side custom login status token (associated with openid, session_key) Return to the client
4. The client stores the login status token in the cache storage (it is recommended to use wx.setStorageSync('key', 'value') for synchronous storage)
5. When the client initiates a request with wx.request(), it carries the login status token (it is recommended to use wx.getStorageSync('key') to obtain it synchronously)
6. The server queries through the login status token to the corresponding openid and session_key
7. After successful verification, return the business data to the client
Notice:
1. The session key session_key is the key used to encrypt and sign user data. For the purpose of application's own data security, the developer server should not deliver the session key to the applet, nor should it provide this key to the outside world.
2. The temporary login credential code can only be used once