地址:https://developers.weixin.qq.com/minigame/dev/api-backend/midasPay.html
官方给的测试示例:https://developers.weixin.qq.com/minigame/dev/tutorial/open-ability/midas-signature.html
服务端使用的是go
测试结果:
// 测试sig和mp_sig的生成func TestGenerateSigAndMpSig(t *testing.T) { sig, mpSig, e:= GenerateSigAndMpSig(SigParam{ Openid: "odkx20ENSNa2w5y3g_qOkOvBNM1g", Appid:"wx1234567", OfferId: "12345678", Ts:1507530737, ZoneId:"1", Pf:"android", AccessToken: "ACCESSTOKEN", },"zNLgAGgqsEWJOg1nFVaO5r7fAlIQxr1u", "V7Q38/i2KXaqrQyl2Yx9Hg==","/cgi-bin/midas/getbalance") if e!=nil { t.Fail() fmt.Println(e.Error()) } fmt.Println("sig:", sig) fmt.Println("mp_sig", mpSig)} |
sig: 1ad64e8dcb2ec1dc486b7fdf01f4a15159fc623dc3422470e51cf6870734726bmp_sig ff4c5bb39dea1002a8f03be0438724e1a8bcea5ebce8f221f9b9fea3bcf3bf76 |
与官方的签名达成了一致,用同样的方法,成功获取了游戏币余额。
但是 midasPay 无论怎么调,都是mp_sig 错误
已经确认了很多遍,midasPay的环境全是sandbox,参数都是正确,然而mp_sig始终错误。
想问一下,bill_no 和amt 难道也参与mp_sig签名吗?
附上一段请求的示例:
(请求是按照文档说明请求的,该段示例仅仅是打日志的注解,而不是body里的实际样子)
{ "param": { "openid": "oZKx35Nm5ztxziIKxmf6jMTmeOpY", "appid": "wxbec7aebf80022eb2", "offer_id": "1450019844", "ts": 1553764538, "zone_id": "1", "pf": "android", "amt": 1, "bill_no": "20190328171538-33586765-exchange_by_shop-diamond-1", "sig": "2f6c54d1061b8bcbc0b4b9fd06ec246a011105d14cf23bbe3a18ffef1978d3f2", "mp_sig": "00ff4bc5b1ae448a987a5de554fa1257b9e57e4b98f143872f815f388a6cb687" }, "url": "https://api.weixin.qq.com/cgi-bin/midas/sandbox/pay?access_token=20_iGmI6zIL98BFi1Aa7MR6VsxMkfRDvwaULTMUFkFOevD_J-a1y02GJG26aLFNDz44LkOuILV2gG5oU1qqa4OF3D_kEfAuct1RFny8OAEOHdvz8T5rNnotUou9VATkIjXYYrZA5MPy-1k3WqarRNAeAIAFBO"} |
谢指导!!!
下面附上了sig和mp_sig的生成方法
主方法(golang 1.9)
// 获取sig与mp_sig// 使用实例:/* sig, mpSig, e:= GenerateSigAndMpSig(SigParam{ Openid: "odkx20ENSNa2w5y3g_qOkOvBNM1g", Appid:"wx1234567", OfferId: "12345678", Ts:1507530737, ZoneId:"1", Pf:"android", AccessToken: "ACCESSTOKEN", },"zNLgAGgqsEWJOg1nFVaO5r7fAlIQxr1u", "V7Q38/i2KXaqrQyl2Yx9Hg==","/cgi-bin/midas/getbalance") */func GenerateSigAndMpSig(param SigParam, offerSecret string, sessionKey string, orgLoc string) (string, string, error) { if offerSecret == "" { return "", "", errorx.NewFromString("offerSecret is empty") } if sessionKey == "" { return "", "", errorx.NewFromString("sessionKey is empty") } if orgLoc == "" { return "", "", errorx.NewFromString("orgLoc is empty") } if param.AccessToken == "" { return "", "", errorx.NewFromString("param.AccessToken is empty") } if param.ZoneId == "" { return "", "", errorx.NewFromString("param.ZoneId is empty") } if param.OfferId == "" { return "", "", errorx.NewFromString("param.OfferId is empty") } if param.Openid =="" { return "", "", errorx.NewFromString("param.OpenId is empty") } if param.Appid == "" { return "", "", errorx.NewFromString("param.Appid is empty") } if param.Ts == 0 { return "", "", errorx.NewFromString("param.Ts is empty") } if param.Pf == ""{ return "", "", errorx.NewFromString("param.Pf is empty") } stringA := common.ToParam(param, "json", []string{"sig", "access_token", "mp_sig"}...) stringSignTemp := stringA + fmt.Sprintf("&org_loc=%s&method=POST&secret=%s", orgLoc, offerSecret) param.Sig = common.HmacHs256(stringSignTemp, offerSecret) // 获取mp_sig stringB := common.ToParam(param, "json", []string{"mp_sig"}...) stringSignTempB := stringB + fmt.Sprintf("&org_loc=%s&method=POST&session_key=%s", orgLoc, sessionKey) param.MpSig = hmacHs256(stringSignTempB, sessionKey) return param.Sig, param.MpSig, nil}// 获取hmac-hs256 签名func hmacHs256(message string, secret string) string { h := hmac.New(sha256.New, []byte(secret)) io.WriteString(h, message) return fmt.Sprintf("%x", h.Sum(nil))} |
为什么midasGetBalance成功了,midasPay却 mp_sig异常
😔,原来所有参数都要参与签名,而不是像文档里的balance一样,只有这几个参数