Users only need to avatars and nicknames
can be used <open-data />components:
<open-data type="userAvatarUrl"></open-data>
<open-data type="userNickName"></open-data>
The user needs to acquire basic information (does not include sensitive information)
a, can be used wx.getUserInfo():
Conditions :
1, this method requires user authorization had to return basic user information.
2, to call in case of unauthorized users off the interface, pop authorization will no longer appear, will go directly to fail callback. This interface is invoked in the case of authorized users can be successfully obtain user information.
3, authorization calls the way, look at the document .
Second, following Scheme II will be introduced -
Obtain user sensitive information (openid, unionId, seesion_key etc.)
one can use the wx.getUserInfo()+ encrypted data decryption algorithm .
Conditions : Same as above.
Second, following Scheme II will be introduced -
Option II
1, through the front wx.login ({}) from the micro channel to get jscode server, the server transmits jscode to development. Interface Document
2, the development server jscode / appid / app_secriet condition, the exchange server to the micro-channel user sensitive information (openid / session_key / unionid). Interface documentation
3 to openId / unionId core data, user information into the database to manage.
4, the development server to manage user data, a small program can jscode, various services provided through the development server interface to obtain / upload user data related to it!
Extraneous:
1, the development server to the user's openid algorithm processing returns after a small program userId (for security reasons).
2, access control is also completed within a small program, the development server can return a field to do.
Problem: The development server can get the user sensitive information, how to get basic user information?
Development would applet server provides two interfaces:
1, it says, the applet and the jscode user avatar sent to the development server, as this login interface to facilitate the development of micro-channel server to server access to sensitive information .
2, the development server provides a small program to upload information interface applet to basic user information getUserInfo, after obtaining, and jscodeupload together to develop server. The development server to associate the basic information and sensitive information together into a database to manage.
To summarize:
For the basic user information , nickname / Picture / gender / country / province / city / language, applets after user authorization by getUserInfothemselves can get.
For sensitive data (openid / session_key / unionid), the applet is not directly get the development server acquires two ways:
1, passed directly through the applet over jsCode, plus appid / app_secriet, directly to the micro-channel server .
2, the applet via wx.login({})get and by jscode getUserInfoacquired encryptedData and iv pass development server development server to the micro-channel server via jscode exchange (openid / session_key / unionid). The development server to get encryptedData and iv and session_key , can decrypt the encrypted data algorithm to decrypt get sensitive data.
About micro letter applet Login:
1, we get the development server code passed by wx.login ({}), the development server to obtain openid / unionid / pass code / appid / appsecriet letter to micro server session_key . This is a small program session_key user's login state, it will expire. We can log has expired by wx.checksession () to determine the user.
2, the development server sends the user's openid / username / password / user basic information (except openid is a small program passed over), associate stored in the database.
3, the user enters a small program, will be passed to obtain code development server, development server exchange session_key, by openid to find whether the user is viewing the same before and session_key, inconsistency is expired, returned to the applet has expired messages. If expired, the program jumps to a small login page, not expired jump to account home page.
4, additional development server every interface requires little program you want to pass a token token field as a login state, check the user's identity is correct and whether the login expired.
5, token token how to get? For our safety, it is generally not directly to the session_key directly to a small program, but to get a userId session_key by the algorithm, developed in the login server interface back to the applet, applet storage from userId, each request to bring this userId .
It does not require users to log server?
Since the server does not need to log on, and that there is no need to determine whether the user's identity and login expired. You do not need to log into the system. It does not matter.
Question: Why is the development server has been acquired by jscode to sensitive data, why to decrypt? ? ?
说是,jscode只能获得openid,解密才能获得unionId。但文档说jscode也能获取openid。