------- open platform API interface design based OAuth2.0 agreement

Others 2019-07-31 00:00:42 views: null

1. Introduction OAuth

http://www.ruanyifeng.com/blog/2019/04/oauth_design.html  what OAuth is?

http://www.ruanyifeng.com/blog/2019/04/oauth-grant-types.html  OAuth four License

Generally used for joint landing, such as third-party systems can quickly constant micro letter, do not need to input a user name, password, and only one access token, in the absence of authority expired, you will have access to the.

2, https://mp.weixin.qq.com/wiki?t=resource/res_main&id=mp1421140842  micro-channel technology platform for the public documentation are:

Step 1: The user consent, access code

Step 2: The code page in exchange for authorization access_token

Step 3: Refresh access_token (if needed)

4 Fourth step: pulling the user information (as required scope snsapi_userinfo)

5 Attachment: check authorization credentials (access_token) is valid

 

3, simple small example:

package com.zfb.api.controller;

import javax.servlet.http.HttpServletRequest;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.ResponseBody;

import com.alibaba.fastjson.JSONObject;
import com.zfb.base.Response;
import com.zfb.utils.HttpClientUtils;
import com.zfb.utils.WeiXinUtils;

@Controller
public classOauthController the extends the Response { 

    @Autowired 
    Private WeiXinUtils weiXinUtils;
     Private String the errorPage = "the errorPage" ; 

    // generate the authorization link 
    @RequestMapping ( "/ authorizedUrl" )
     public String authorizedUrl () {
         return "the redirect:" + weiXinUtils.getAuthorizedUrl (); 
    } 

    // micro-channel authorization callback address 
    @RequestMapping ( "/ the callback" )
     public String the callback (String code, the HttpServletRequest Request) {
         // 1. use code obtain the access_token 
        String = accessTokenUrlweiXinUtils.getAccessTokenUrl (code); 
        the JSONObject resultAccessToken = HttpClientUtils.httpGet (accessTokenUrl);
         Boolean containsKey = resultAccessToken.containsKey ( "The errcode" ); 

        IF (containsKey) { 
            (request.setAttribute "! System Error" "errorMsg", );
             return the errorPage; 
        } 
        // 2. access_token acquiring user information using 
        String = resultAccessToken.getString accessToken ( "access_token" ); 
        String OpenID = resultAccessToken.getString ( "OpenID" );
         // 3. pulling user information (as required scope snsapi_userinfo)
        String userInfoUrl = weiXinUtils.getUserInfo(accessToken, openid);
        JSONObject userInfoResult = HttpClientUtils.httpGet(userInfoUrl);
        System.out.println("userInfoResult:" + userInfoResult);
        request.setAttribute("nickname", userInfoResult.getString("nickname"));
        request.setAttribute("city", userInfoResult.getString("city"));
        request.setAttribute("headimgurl", userInfoResult.getString("headimgurl"));
        return "info";
    }

}

It encapsulates the link, to provide micro-channel

@Component
public class WeiXinUtils {
    @Value("${appid}")
    private String appId;
    @Value("${secret}")
    private String secret;
    @Value("${redirecturi}")
    private String redirectUri;
    @Value("${authorizedUrl}")
    private String authorizedUrl;
    @Value("${access_token}")
    private String accessToken;
    @Value("${userinfo}")
    private String userinfo;

    generate an authorization link right//
    public String getAuthorizedUrl() {
        return authorizedUrl.replace("APPID", appId).replace("REDIRECT_URI", URLEncoder.encode(redirectUri));
    }
    
    // 生成accessToken
    public String getAccessTokenUrl(String code) {
        return accessToken.replace("APPID", appId).replace("SECRET", secret).replace("CODE", code);
    }

    // 获取用户信息
    public String getUserInfo(String accessToken, String openId) {
        return userinfo.replace("ACCESS_TOKEN", accessToken).replace("OPENID", openId);
    }

}
WeiXinUtils link to read from the configuration file:
AppID: wx5c43fde3c9733d9e 
Secret: b8b217126c33a5fb7074927d5e72a81a 
redirectUri: http://127.0.0.1:8080/callback 
### generates a micro-channel authorization 
authorizedUrl: https://open.weixin.qq.com/connect/oauth2/authorize?appid=APPID & the redirect_uri = REDIRECT_URI & response_type = code & scope = snsapi_userinfo & State = STATE # wechat_redirect 
after ### acquisition code, request the following links for the access_token 
the access_token: https://api.weixin.qq.com/sns/oauth2/access_token?appid=APPID & Secret = SECRET code & = cODE & grant_type = authorization_code  
### pulling the user information (as required scope snsapi_userinfo)
UserInfo: https://api.weixin.qq.com/sns/userinfo?access_token=ACCESS_TOKEN & openid = oPENID&lang=zh_CN

 

 

Guess you like

Origin www.cnblogs.com/pickKnow/p/11271607.html
Recommended
Ranking
SpringBoot-integrate redis
[Sword pointing to offer] Interview question 03: Repeated numbers in an array
Arrangement "Offer Penalty for prove safety" string
Browser prevent the automatic generation of fill and Echo have been saved account solutions
Work hard and never slacken——2022 Yinmai Information Year-End Summary
Install jdk7 on Linux system
App common dependency management tools
EduCoder-Web程序设计基础-html5— 给表单组件添加说明-第1关:label标签相关概念
Machine learning - clustering - density clustering algorithm notes
Ant's large model is exposed, AI+ finance enters the "big model" era
Daily
More
2024-04-30(36)
2024-04-29(5)
2024-04-28(12)
2024-04-27(29)
2024-04-26(22)
2024-04-25(32)
2024-04-24(30)
2024-04-23(30)
2024-04-22(5)
2024-04-21(0)

Code World

© 2018 codetd.com