background

When users visit third-party web pages in the wechat client, the public account can obtain the basic information of users through the wechat web page authorization mechanism, so as to realize the business logic.

configuration

  1. Before the wechat public account requests the user’s webpage authorization, the developer needs to modify the authorization callback domain name in the configuration option of “development – interface permission – Webpage service – Webpage account – Webpage authorization to obtain the user’s basic information” in the official website of the public platform. Please note that this is the domain name (a string), not the URL, so do not include protocol headers such as http://;

  2. The authorization callback domain name is configured as a full domain name. For example, the domain name requiring web page authorization is www.qq.com. After the configuration, the pages www.qq.com/music.html and www.qq.com/login.html under the domain name can be authenticated by OAuth2.0. However, OAuth2.0 authentication cannot be performed on Pay.qq.com, music.qq.com and QQ.com

Two authorization methods

Wechat provides two authorization methods to deal with different usage scenarios. Controlled by the web page authorization scope parameter.

Silent authorization

  1. Silent authorization: After a user accesses the page, the user is automatically authorized and redirected to the page. This authorization is not aware of the user. With this authorization we can only get the user’sopenidOther information about the user cannot be obtained.
  2. Usage scenario: This parameter is applicable to scenarios that only need to identify the user and do not need to collect other information. Such as voting, likes and so on.
  3. scope: snsapi_base

Active authorization

  1. Active authorization: After you enter the page, an authorization window is displayed and you need to manually approve the authorization. The party tries to obtain the basic information of the user
  2. Note:For users who have followed the public account,The user enters the webpage authorization page of the public account from the session or custom menu, even if it isscope: snsapi_userinfoIs also silent authorization, without user awareness.
  3. scope: snsapi_userinfo

The specific process

  1. The user goes to the page and obtainscode
  2. throughcodeExchange for Webpage Authorizationaccess_tokenopenidSilent authorization ends at this point
  3. throughaccess_tokenObtaining User information

Access CODE

Direct the user to jump to the link

https://open.weixin.qq.com/connect/oauth2/authorize?appid=APPID&redirect_uri=REDIRECT_URI&response_type=code&scope=SCOPE &state=STATE

Redirect_url if the user agrees to authorize or silent authorize? Code =CODE&state=STATE with the generated code.

Code can be used only once in exchange for an Access_token. If it is not used within 5 minutes, it will expire automatically.

Parameters that


throughcodeExchange for Webpage Authorizationaccess_token

Note that the access_token here is not the same thing as the basic Access_token required to invoke the public platform API, just the same name.

This step is done on the server side, which requires secret of the public number and access_token cannot be passed to the client side.

Request interface

https://api.weixin.qq.com/sns/oauth2/access_token?appid=APPID&secret=SECRET&code=CODE&grant_type=authorization_code


return

{ 
  "access_token":"ACCESS_TOKEN",
  "expires_in":7200,
  "refresh_token":"REFRESH_TOKEN",
  "openid":"OPENID",
  "scope":"SCOPE" 
}
Copy the code


Pull user information (scope is snsapi_userinfo)

When the web page authorization scope is snSAPi_userinfo, the developer obtains user information through access_token and OpenID.

Request interface

https://api.weixin.qq.com/sns/userinfo?access_token=ACCESS_TOKEN&openid=OPENID&lang=zh_CN


return

{ "openid": "OPENID", "nickname": "NICKNAME", "sex": "1", "province": "PROVINCE" "city": "CITY", "country": "COUNTRY", "headimgurl": "http://thirdwx.qlogo.cn/mmopen/g3MonUZtNHkdmzicIlibx6iaFqAc56vxLSUfpb6n5WKSYVY0ChQKkiaJSgQ1dZuTOgvLLrhJbERQQ4eMsv84eavH iaiceqxibJxCfHe/46", "privilege": [ "PRIVILEGE1" "PRIVILEGE2" ], "unionid": "o6_bmasdasdsad6_2sgVt7hMZOPfL" }Copy the code


The resources

Official document of wechat webpage authorization