1 Overview
Micro-channel sharing server role is to provide services for users to show a more friendly when the client from the website and page links in the secondary share micro-channel browser. To achieve the second micro-channel sharing feature requires JS-SDK to develop.
Micro letter
JS-SDK
is micro-channel public platform for Web developers to provide web-based development within the micro-channel kits. Micro-channelJS-SDK
many functions.
By using micro letter JS-SDK, Web developers can make use of micro-channel efficient use of the ability to take pictures, pick, voice, location, and other mobile phone systems, and can be used directly micro-channel sharing, sweep the ability of card coupons, payments and other micro-channel-specific , provide a better web experience for users of micro letter.
2. A flowchart
Step 3. The specific functions implemented secondary micro channels share
Step one: binding domain (micro-channel public platform configuration)
Micro-channel public platform to be logged into the "public number is set," the "feature set" in fill "JS interface security domain."
Note: Sign in to see the corresponding interface privileges "Developer Center."
We need to configure white list
Step two: the introduction of JS
file (need to share the page)
The need to call JS
the introduction of the following interfaces page JS
file, (support https
): http://res.wx.qq.com/open/js/jweixin-1.4.0.js
To further enhance the stability of services, when these resources are not accessible, you can change the access: http://res2.wx.qq.com/open/js/jweixin-1.4.0.js (support https
).
<script src="http://res.wx.qq.com/open/js/jweixin-1.4.0.js"></script>
Step Three: The config
authentication configuration interface injection permission (micro-channel sharing server provides the following main parameter generation)
All need to use JS-SDK
the page must first injection configuration information, otherwise it will not call
wx.config({
debug: true, // 开启调试模式,调用的所有api的返回值会在客户端alert出来,若要查看传入的参数,可以在pc端打开,参数信息会通过log打出,仅在pc端时才会打印。
appId: '', // 必填,公众号的唯一标识
timestamp: , // 必填,生成签名的时间戳
nonceStr: '', // 必填,生成签名的随机串
signature: '',// 必填,签名
jsApiList: [] // 必填,需要使用的JS接口列表
});
Signature Algorithm see text at the end of Appendix 1 , all the JS
list of interfaces see the end of this document Appendix 2
Step Four: ready interface process successfully authenticated by (page configuration to be sharing the second page information sharing, such as a title, a thumbnail, description, etc.)
wx.ready(function(){
// config信息验证后会执行ready方法,所有接口调用都必须在config接口获得结果之后,config是一个客户端的异步操作,所以如果需要在页面加载时就调用相关接口,则须把相关接口放在ready函数中调用来确保正确执行。对于用户触发时才调用的接口,则可以直接调用,不需要放在ready函数中。
# 分享到朋友圈按钮点击状态及自定义分享内容
wx.onMenuShareTimeline({
title: '', // 分享标题
link: '', // 分享链接,该链接域名或路径必须与当前页面对应的公众号JS安全域名一致
imgUrl: '', // 分享图标
success: function () {
// 用户点击了分享后执行的回调函数
}
});
# 分享到QQ按钮点击状态及自定义分享内容
wx.onMenuShareQQ({
title: '', // 分享标题
desc: '', // 分享描述
link: '', // 分享链接
imgUrl: '', // 分享图标
success: function () {
// 用户确认分享后执行的回调函数
},
cancel: function () {
// 用户取消分享后执行的回调函数
}
});
# 分享到腾讯微博按钮点击状态及自定义分享内容
wx.onMenuShareWeibo({
title: '', // 分享标题
desc: '', // 分享描述
link: '', // 分享链接
imgUrl: '', // 分享图标
success: function () {
// 用户确认分享后执行的回调函数
},
cancel: function () {
// 用户取消分享后执行的回调函数
}
});
# 分享到QQ空间按钮点击状态及自定义分享内容
wx.onMenuShareQZone({
title: '', // 分享标题
desc: '', // 分享描述
link: '', // 分享链接
imgUrl: '', // 分享图标
success: function () {
// 用户确认分享后执行的回调函数
},
cancel: function () {
// 用户取消分享后执行的回调函数
}
});
});
4. How to verify the configuration for permission (micro-channel sharing server business functions)
I.e., the following parameters
wx.config({
debug: true, // 开启调试模式,调用的所有api的返回值会在客户端alert出来,若要查看传入的参数,可以在pc端打开,参数信息会通过log打出,仅在pc端时才会打印。
appId: '', // 必填,公众号的唯一标识
timestamp: , // 必填,生成签名的时间戳
nonceStr: '', // 必填,生成签名的随机串
signature: '',// 必填,签名
jsApiList: [] // 必填,需要使用的JS接口列表这里我们使用微信分享相关的js接口列表["checkJsApi","onMenuShareTimeline","onMenuShareAppMessage","onMenuShareQQ","onMenuShareWeibo"]
});
It is mainly explained signature
the generation process
Obtain
access_token
Using the acquired
access_token
acquisitionjsapi_ticket
The parameters of the URL of the sorted key format (i.e.
key1=value1&key2=value
) spliced to a string,sha1
a signature, to givesignature
4.1 Gettingaccess_token
access_token
Is a globally unique interface call number of public credentials are required to use public call number for each interfaceaccess_token
. Developers need to be properly preserved.access_token
To preserve the memory of at least 512 characters of space.access_token
The validity period is currently two hours, to be regularly updated, repeat the acquisition will lead to the last acquisition ofaccess_token
failure.
Interface call requesting explanation
## https请求方式: GET
https://api.weixin.qq.com/cgi-bin/token?grant_type=client_credential&appid=APPID&secret=APPSECRET
Parameter Description
parameter | Do you have to | Explanation |
---|---|---|
grant_type |
Yes | Get access_token to fill inclient_credential |
appid |
Yes | Third-party users only certificate |
secret |
Yes | The only third-party user credential key thatappsecret |
Returning to the description
Under normal circumstances, the following micro-channel return JSON
data packet to the public number:
{
"access_token":"ACCESS_TOKEN",
"expires_in":7200
}
Parameter Description
parameter | Explanation |
---|---|
access_token |
To obtain credentials |
expires_in |
Certificate valid time, unit: seconds |
4.2 Getsjsapi_ticket
jsapi_ticket
It is calling for public micro-channel numberJS
interim bills interface. Under normal circumstances,jsapi_ticket
valid for 7200 seconds throughaccess_token
to get. Since the acquisitionjsapi_ticket
ofapi
the number of calls is very limited, frequently refreshedjsapi_ticket
lead toapi
calling restricted, affecting their business, the developer must in their service global cachejsapi_ticket
.
- Refer to the following documentation for
access_token
(valid for 7200 seconds, the developer must own service in the global cacheaccess_token
): https://developers.weixin.qq.com/doc/offiaccount/Basic_Information/Get_access_token.html - The first step is to get with
access_token
the use ofhttp
GET
ways to requestjsapi_ticket
(valid for 7200 seconds, the developer must own service in the global cachejsapi_ticket
): https://api.weixin.qq.com/cgi-bin/ticket/getticket?access_token=ACCESS_TOKEN&type = jsapi
Success returns the following JSON
:
{
"errcode":0,
"errmsg":"ok",
"ticket":"bxLdikRXVbTPdHSM05e5u5sUoXNKd8-41ZO3MhKoyN5OfkWITDGgnr2fwJ0m9E8NYzWKVZvdVtaUgWvsdshFKA",
"expires_in":7200
}
Get jsapi_ticket
after, you can generate JS-SDK
a signature verification of the authority.
4.3 generates a signature
The signature generation rules are as follows: Field participating signatures comprises noncestr
(random string), valid jsapi_ticket
, timestamp
(timestamp), url
(the URL of the current page to be shared, and does not include # later). After all of the parameters to be signed in ascending order (lexicographical) the ASCII code field name, value pairs using the format of the URL (i.e. key1=value1&key2=value2…
) spliced into the string string1
. It should be noted that all parameter names are lowercase characters. To string1
make sha1
encryption, field names and field values have adopted the original value, not URL
escaped.
Ie signature=sha1(string1)
. Example:
noncestr=Wm3WZYTPz0wzccnW
jsapi_ticket=sM4AOVdWfPE4DxkXGEs8VMCPGGVi4C3VM0P37wVUCFvkVAy_90u5h9nbSlYy3-Sl-HhTdfl2fzFy1AOcHKP7qg
timestamp=1414587457
url=当前待分享网页URL
Step 1. for all parameters to be signed in accordance with the field name ASCII
format code in ascending order (lexicographic), the key-value pairs using the URL (i.e. key1=value1&key2=value2…
) spliced to a string string1
:
jsapi_ticket=sM4AOVdWfPE4DxkXGEs8VMCPGGVi4C3VM0P37wVUCFvkVAy_90u5h9nbSlYy3-Sl-HhTdfl2fzFy1AOcHKP7qg&noncestr=Wm3WZYTPz0wzccnW×tamp=1414587457&url=http://mp.weixin.qq.com?params=value
Step 2. to string1
be sha1
signed to obtain signature
:
0f9de62fce790f9a083d5c99e95740ceb90c27ed
Precautions
- The signature
noncestr
andtimestamp
must bewx.config
innonceStr
andtimestamp
the same. - The signature
url
must be a call toJS
the interface of a full pageURL
. - For security reasons, developers must implement logic signature on the server side.