1. Web Authorized Callback Domain Name
Before Wechat Public Number requests user's web page authorization, it is necessary to go to the public platform official website and modify the authorized callback domain name. Please note that the domain name (a string) is filled in here, not the URL, so please do not add it. http:// Equivalent header
2. The Difference between Two Scopes of Web Page Authorization
1) Web authorization initiated by snsapi_base for scope is used to obtain the openid of the user entering the page, and it is silently authorized and automatically jumps to the callback page. What users perceive is that they go directly to callback pages (often business pages).
2) Web authorization initiated by snsapi_userinfo for scope is used to obtain the basic information of users. However, this kind of authorization requires the user's manual consent, and because the user has agreed to it, the basic information of the user can be obtained after authorization without any concern.
3. Web authorization process is divided into four steps
1) Guide the user to the authorization page to agree to authorization and get the code
//Front-end request created() { this.axios.get('/wx/get_code?url=' + this.shareUrl).then((res) => { if (res.code == 0) { window.location.href = res.data; } }).catch((error) => { console.log(error) }); } /** * 1.User agrees to authorize and get code */ @RequestMapping(value = "/get_code", method = RequestMethod.GET) public String getWxCode() throws UnsupportedEncodingException { return "https://open.weixin.qq.com/connect/oauth2/authorize?appid=" + Constants.APPID + "&redirect_uri=" + URLEncoder.encode("http://192.168.0.152:8080/get_auth_access_token", "UTF-8") + "&response_type=code&scope=" + Constants.GRANTSCOPE + "&state=STATE#wechat_redirect"; }
Authorization page when scope equals snsapi_userinfo
2) Exchange code for access_token (unlike access_token in basic support)
/** * 2.Exchange code for web authorization access_token */ @RequestMapping(value = "/get_auth_access_token", method = RequestMethod.GET) public void getAuthAccessToken(HttpServletRequest request, HttpServletResponse response, String code) throws IOException { String urlToken = "https://api.weixin.qq.com/sns/oauth2/access_token"; String accessTokenObj = HttpClientUtil.sendGet(urlToken, "appid=" + Constants.APPID + "&secret=" + Constants.APPSECRET + "&code=" + code + "&grant_type=authorization_code"); JSONObject jsonToken = JSONObject.fromObject(accessTokenObj); String openId = null; String accessToken = null; if (StringUtils.isNotBlank(String.valueOf(jsonToken))) { openId = jsonToken.getString("openid"); accessToken = jsonToken.getString("access_token"); } logger.info("openid={},access_token={}", openId, accessToken); } }
3) If necessary, developers can refresh the page authorization access_token to avoid expiration.
Because access_token has a short expiry date, refresh_token can be used to refresh when access_token expires, and refresh_token is valid for 30 days. When refresh_token expires, users need to re-authorize it.
4) access_token and openid are authorized to obtain basic user information (support UnionID mechanism)
/** * 2.Exchange code for web authorization access_token */ @RequestMapping(value = "/get_auth_access_token", method = RequestMethod.GET) public void getAuthAccessToken(HttpServletRequest request, HttpServletResponse response, String code) throws IOException { String urlToken = "https://api.weixin.qq.com/sns/oauth2/access_token"; String accessTokenObj = HttpClientUtil.sendGet(urlToken, "appid=" + Constants.APPID + "&secret=" + Constants.APPSECRET + "&code=" + code + "&grant_type=authorization_code"); JSONObject jsonToken = JSONObject.fromObject(accessTokenObj); String openId = null; String accessToken = null; if (StringUtils.isNotBlank(String.valueOf(jsonToken))) { openId = jsonToken.getString("openid"); accessToken = jsonToken.getString("access_token"); } logger.info("openid={},access_token={}", openId, accessToken); //3. Pull user information (need scope for snsapi_userinfo) String urlInfo = "https://api.weixin.qq.com/sns/userinfo"; String infoObj = HttpClientUtil.sendGet(urlInfo, "access_token=" + accessToken + "&openid=" + openId + "&lang=zh_CN"); JSONObject jsonUserInfo = JSONObject.fromObject(infoObj); if (StringUtils.isNotBlank(String.valueOf(jsonUserInfo))) { String nickName = jsonUserInfo.getString("nickname"); String headImgUrl = jsonUserInfo.getString("headimgurl"); String sex = jsonUserInfo.getString("sex"); response.sendRedirect("http://lyx1314520ll.w3.luyouxia.net/auth?nickName=" + nickName + "&headImgUrl=" + headImgUrl + "&sex=" + sex); } }
unionid will only appear if the user binds the public number to the Wechat Open Platform account.
After the public number passes the authorization mechanism of Wechat Web page, redirect the page
4. Problems in Web Authorization
1) redirect_uri parameter error
Testing Wechat Public Number Callback Address supports domain name and ip, official Public Number Callback Address only supports domain name, do not add https://,http ://These prefixes, such as www.baidu.com.
edirect_uri can be any page on your website (not limited to the domain name of the authorized callback domain configuration), but be sure to add it in fronthttp:// And encoding using urlencode.
2) The link is not accessible, code:-1
As a ticket for access_token, the code on each user's authorization will be different. The code can only be used once, and it will not be automatically expired for 5 minutes. Just retrieve it again.
For more information, you can read the Wechat Developer Document, which explains these details in detail. https://mp.weixin.qq.com/wiki...