The basic flow

  1. Obtaining authorization Codecode
  2. Access token is obtained through authorization codeaccess_token
  3. Access token to obtain user information (used to register a new user if the user does not exist)

WeChat

User login authorization of wechat platform uses OAuth2.0 authorization code mode (authorization_code)

  • Open platform for mobile application login developers.weixin.qq.com/doc/oplatfo…
  • Open platform website login application developers.weixin.qq.com/doc/oplatfo…
  • The web public authorises developers.weixin.qq.com/doc/offiacc…

Obtaining authorization Code

The main difference between each process is the way to obtain code

  • Log in to the mobile application and obtain the code through the client SDK
  • Login site application, through authorized link callback access code (open.weixin.qq.com/connect/qrc…).
  • The website uses JS login, and the wechat login QR code is embedded in its own page. After the user uses wechat to scan the code for authorization, the code is returned to the website through JS
  • Web public authorises, through authorized link callback access code (open.weixin.qq.com/connect/oau…).

interface

// The website application obtains the authorization code https://open.weixin.qq.com/connect/qrconnect?appid=[x]&redirect_uri=[x]&scope=[x]&state=[x]&response_type=code#wechat_re Direct // Official account web page to obtain authorization code - this interface can only be invoked in the wechat client https://open.weixin.qq.com/connect/oauth2/authorize?appid=[x]&redirect_uri=[x]&scope=[x]&state=[x]&response_type=code#we Chat_redirect // Get the access token https://api.weixin.qq.com/sns/oauth2/access_token?appid= [x] & secret = [x] & code = [x] & grant_type = authorization_code / / get the user information https://api.weixin.qq.com/sns/userinfo?access_token=[x]&openid=[x]&lang=zh_CNCopy the code

Authorization process of official account web page

  1. Through silent authorization (scope=snsapi_base)codeAnd then getaccess_token/union_id/open_id
  2. Try to throughunion_id/open_idGets the user and, if the user exists, redirects to the target page
  3. If the user does not exist, non-silent authorization (scope=snsapi_userinfo)codeAnd get the user information
  4. Register a new user with the user information, then redirect to the target page

Page redirection process

  • Start = > weixin.domain.com/invite?invi…

  • Silent authorized = > oauth.weixin.com/authorize?a…

  • Code -> token -> Check whether the user exists => weixin.domain.com/invite?invi…

    • The user does not exist, authorized user information = > oauth.weixin.com/authorize?a…
    • Code -> token -> userInfo -> Register new user => weixin.domain.com/invite?invi…

  • End = > h5.domain.com/invite?invi…

The website uses JS login

Embed the qR code of wechat login into your own page, and the user will return the code to the website through JS after scanning the code with wechat.

  1. Import JS fileshttps://res.wx.qq.com/connect/zh_CN/htmledition/js/wxLogin.js
  2. Access code
var obj = new WxLogin({
  self_redirect:true.id:"login_container".appid: "".scope: "".redirect_uri: "".state: "".style: "".href: ""
});
Copy the code

The scope values

  • Scope =snsapi_base, silent authorization, do not get user information, user perception is directly into the callback page (business page)
  • Scope =snsapi_userinfo, which requires user manual consent to obtain user information
  • Scope =snsapi_login Used for website application login

authorizationaccess_tokenAnd the generalaccess_token

  • authorizationaccess_tokenUsing OAuth2.0 authorization code mode (grant_type=authorization_code), which can be used to obtain the user’s basic information
  • ordinaryaccess_tokenThrough OAuth2.0 client credential mode (grant_type=client_credential) to apply the direct access interface

Get access_token developers.weixin.qq.com/doc/offiacc…

With openid unionid

If an application is not associated with an open platform, only openID is available. Unionid is available after an open platform is associated with the application

  • Unionid The unionID of a user on the same open platform account is unique
  • Openid The OpenID of a user varies from application to application

QQ

The login authorization mode of QQ platform is OAuth2.0 authorization code (authorization_code). The unionID and OpenID of QQ platform are the same as the mechanism of wechat

  • QQ Mobile ApplicationThe code is obtained through the loginServerSide method of the client SDK, and the value of code is saved inaccess_tokenfield
    • Wiki.connect.qq.com/server-side…
  • QQ Website applicationCallback by opening the authorization linkcode
    • Use wiki.connect.qq.com/ Authoriza…

interface

/ / QQ web application access authorization code https://graph.qq.com/oauth2.0/authorize?client_id= [x] & redirect_uri = [x] & scope = [x] & the payload = code / / Gets the access token https://graph.qq.com/oauth2.0/token?client_id= [x] & client_secret = [x] & code = [x] & redirect_uri = [x] & grant_type = authorization_c Ode&fmt = json / / for openid/unionid https://graph.qq.com/oauth2.0/me?access_token= [x] & FMT = json / / get the user information https://graph.qq.com/user/get_user_info?access_token=[x]&oauth_consumer_key=[x]&openid=[x]&fmt=jsonCopy the code

For scope, just pass get_user_info. There is no silent authorization

Alipay

OAuth2.0 authorization_code mode is used for the login authorization of alipay users on each platform. Alipay returns the global Alipay user ID (user_ID) without unionID/OpenID mechanism

  • App Alipay loginObtained from the client SDKauth_code
    • docs.open.alipay.com/218/sxc60m/
  • Life Number AuthorizationObtained through the authorization link callbackauth_code
    • Support for silent authorization, scope parameter passingauth_userauth_base
    • Docs.alipay.com/fw/api/1059…
  • Website alipay loginObtained through the authorization link callbackauth_code
    • Scope parameter passingauth_user
    • docs.open.alipay.com/263/105809/

interface

// Website application/life to obtain the authorization code https://openauth.alipay.com/oauth2/publicAppAuthorize.htm?app_id= [x] & scope = [x] & redirect_uri = [x] & state = init / / get the access token ` alipay. System. Request the token ` / / get the user information ` alipay. The user. The info. Share `Copy the code

The scope values

  • Scope =auth_base, silent authorization, no fetching user information, user perception is directly into the callback page (business page)
  • Scope =auth_user, which requires user manual consent to obtain user information

Tiktok/Tiaotiao

User login authorization of Douyin/Toutiao platform also uses OAuth2.0 authorization code mode (authorization_code) UnionID and OpenID of Douyin/Toutiao platform, and the mechanism is consistent with wechat

  • Trill open.douyin.com/platform/do… All apis start with open.douyin.com
  • The headline open.douyin.com/platform/do… All apis start with open.snssdk.com/

interface

/ application/website to obtain authorization code/https://open.douyin.com/platform/oauth/connect/ / silent authorized access authorization code - must be within the trill side to open the h5 page calls HTTP: / / https://aweme.snssdk.com/oauth/authorize/v2/ / / https://open.douyin.com/oauth/access_token / / get the user get access token information https://open.douyin.com/platform/oauth/userinfoCopy the code

The scope values

  • Scope =login_id, silent authorization, does not obtain user information, the requested interface is
  • Scope =user_info, which requires the user’s manual consent to obtain user information