1. Introduction OAuth
http://www.ruanyifeng.com/blog/2019/04/oauth_design.html what OAuth is?
http://www.ruanyifeng.com/blog/2019/04/oauth-grant-types.html OAuth four License
Generally used for joint landing, such as third-party systems can quickly constant micro letter, do not need to input a user name, password, and only one access token, in the absence of authority expired, you will have access to the.
2, https://mp.weixin.qq.com/wiki?t=resource/res_main&id=mp1421140842 micro-channel technology platform for the public documentation are:
Step 1: The user consent, access code
Step 2: The code page in exchange for authorization access_token
Step 3: Refresh access_token (if needed)
4 Fourth step: pulling the user information (as required scope snsapi_userinfo)
5 Attachment: check authorization credentials (access_token) is valid
3, simple small example:
package com.zfb.api.controller; import javax.servlet.http.HttpServletRequest; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Value; import org.springframework.stereotype.Controller; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.ResponseBody; import com.alibaba.fastjson.JSONObject; import com.zfb.base.Response; import com.zfb.utils.HttpClientUtils; import com.zfb.utils.WeiXinUtils; @Controller public classOauthController the extends the Response { @Autowired Private WeiXinUtils weiXinUtils; Private String the errorPage = "the errorPage" ; // generate the authorization link @RequestMapping ( "/ authorizedUrl" ) public String authorizedUrl () { return "the redirect:" + weiXinUtils.getAuthorizedUrl (); } // micro-channel authorization callback address @RequestMapping ( "/ the callback" ) public String the callback (String code, the HttpServletRequest Request) { // 1. use code obtain the access_token String = accessTokenUrlweiXinUtils.getAccessTokenUrl (code); the JSONObject resultAccessToken = HttpClientUtils.httpGet (accessTokenUrl); Boolean containsKey = resultAccessToken.containsKey ( "The errcode" ); IF (containsKey) { (request.setAttribute "! System Error" "errorMsg", ); return the errorPage; } // 2. access_token acquiring user information using String = resultAccessToken.getString accessToken ( "access_token" ); String OpenID = resultAccessToken.getString ( "OpenID" ); // 3. pulling user information (as required scope snsapi_userinfo) String userInfoUrl = weiXinUtils.getUserInfo(accessToken, openid); JSONObject userInfoResult = HttpClientUtils.httpGet(userInfoUrl); System.out.println("userInfoResult:" + userInfoResult); request.setAttribute("nickname", userInfoResult.getString("nickname")); request.setAttribute("city", userInfoResult.getString("city")); request.setAttribute("headimgurl", userInfoResult.getString("headimgurl")); return "info"; } }
It encapsulates the link, to provide micro-channel
@Component public class WeiXinUtils { @Value("${appid}") private String appId; @Value("${secret}") private String secret; @Value("${redirecturi}") private String redirectUri; @Value("${authorizedUrl}") private String authorizedUrl; @Value("${access_token}") private String accessToken; @Value("${userinfo}") private String userinfo; generate an authorization link right// public String getAuthorizedUrl() { return authorizedUrl.replace("APPID", appId).replace("REDIRECT_URI", URLEncoder.encode(redirectUri)); } // 生成accessToken public String getAccessTokenUrl(String code) { return accessToken.replace("APPID", appId).replace("SECRET", secret).replace("CODE", code); } // 获取用户信息 public String getUserInfo(String accessToken, String openId) { return userinfo.replace("ACCESS_TOKEN", accessToken).replace("OPENID", openId); } }
WeiXinUtils link to read from the configuration file:
AppID: wx5c43fde3c9733d9e Secret: b8b217126c33a5fb7074927d5e72a81a redirectUri: http://127.0.0.1:8080/callback ### generates a micro-channel authorization authorizedUrl: https://open.weixin.qq.com/connect/oauth2/authorize?appid=APPID & the redirect_uri = REDIRECT_URI & response_type = code & scope = snsapi_userinfo & State = STATE # wechat_redirect after ### acquisition code, request the following links for the access_token the access_token: https://api.weixin.qq.com/sns/oauth2/access_token?appid=APPID & Secret = SECRET code & = cODE & grant_type = authorization_code ### pulling the user information (as required scope snsapi_userinfo) UserInfo: https://api.weixin.qq.com/sns/userinfo?access_token=ACCESS_TOKEN & openid = oPENID&lang=zh_CN