The enterprise wechat provides the authorized login method of OAuth, which can obtain the identity information of the contact from the enterprise wechat or wechat terminal open web page, so as to avoid the login link.
URL links in enterprise applications (including custom menus or links in messages) can obtain the contact’s UserId through the OAuth2.0 authentication interface.
Official screenshots to a wave, more clear
1. The front end constructs the webpage authorization link to obtain the code parameter (used as the parameter later to obtain the contact userId)
Concatenation specification for authorized links:
Open.weixin.qq.com/connect/oau…
Parameter Description:
Contact (Contact between internal staff and customer) After clicking, the page is redirect_URL? Code =CODE&state=STATE. The enterprise can obtain the userId of the contact according to the code parameter.
Page jump address returned:
2. Obtain access_token
Note: for security reasons, developers do not return the access_token to the front end, developers need to save it in the background, all requests to access the enterprise wechat API are initiated by the background!!
Obtaining an Access_token is the first step to invoke the enterprise wechat API interface, which is equivalent to creating a login credential. Other service API interfaces need to rely on the access_token to authenticate the identity of the caller (the issuing source of the Access_Token must be clear and the correct one must be used).
Request method: GET (HTTPS)
Request address: qyapi.weixin.qq.com/cgi-bin/get…
Parameters:
Permission description: Each application has an independent secret, and the access_token obtained can only be used by the application. Therefore, each application should obtain the Access_token separately
Matters needing attention:
Developers need to cache access_tokens for subsequent interface calls (note: don’t call getten too often, otherwise it will be intercepted). When an access_token becomes invalid or expired, it must be obtained again.
The validity period of the access_token is expressed by the returned expires_in. Normally, the validity period is 7200 seconds (2 hours). If the access_token is obtained repeatedly within the validity period, the same result is returned.
Enterprise wechat may invalidate the Access_token in advance for operational needs. Developers should implement the logic of obtaining access_token again when the access_token becomes invalid.
3. Obtain the identity of the visitor (i.e. the data we need)
Note: The external user who got the code must exist in our enterprise wechat contact, otherwise there is no external_userID in the return result (case B)
Request method: GET (HTTPS)
Request address: qyapi.weixin.qq.com/cgi-bin/use…
Return result:
A) The following is an example returned when the user is an enterprise (whether visible to the application or not) :
B) For non-enterprise members, the following example is returned:
Examples of errors:
{
"errcode": 40029,
"errmsg": "invalid code"
}