收藏
回答

小游戏midasPay联调不成功mp_sig错误

地址:https://developers.weixin.qq.com/minigame/dev/api-backend/midasPay.html


官方给的测试示例:https://developers.weixin.qq.com/minigame/dev/tutorial/open-ability/midas-signature.html


服务端使用的是go

测试结果:

// 测试sig和mp_sig的生成
func TestGenerateSigAndMpSig(t *testing.T) {
   sig, mpSig, e:= GenerateSigAndMpSig(SigParam{
      Openid: "odkx20ENSNa2w5y3g_qOkOvBNM1g",
      Appid:"wx1234567",
      OfferId: "12345678",
      Ts:1507530737,
      ZoneId:"1",
      Pf:"android",
      AccessToken: "ACCESSTOKEN",
   },"zNLgAGgqsEWJOg1nFVaO5r7fAlIQxr1u", "V7Q38/i2KXaqrQyl2Yx9Hg==","/cgi-bin/midas/getbalance")
 
   if e!=nil {
      t.Fail()
      fmt.Println(e.Error())
   }
   fmt.Println("sig:", sig)
   fmt.Println("mp_sig", mpSig)
}


sig: 1ad64e8dcb2ec1dc486b7fdf01f4a15159fc623dc3422470e51cf6870734726b
 
mp_sig ff4c5bb39dea1002a8f03be0438724e1a8bcea5ebce8f221f9b9fea3bcf3bf76


与官方的签名达成了一致,用同样的方法,成功获取了游戏币余额。

但是 midasPay 无论怎么调,都是mp_sig 错误


已经确认了很多遍,midasPay的环境全是sandbox,参数都是正确,然而mp_sig始终错误。

想问一下,bill_no 和amt 难道也参与mp_sig签名吗?

附上一段请求的示例:

(请求是按照文档说明请求的,该段示例仅仅是打日志的注解,而不是body里的实际样子)

{
    "param": {
      "openid": "oZKx35Nm5ztxziIKxmf6jMTmeOpY",
      "appid": "wxbec7aebf80022eb2",
      "offer_id": "1450019844",
      "ts": 1553764538,
      "zone_id": "1",
      "pf": "android",
      "amt": 1,
      "bill_no": "20190328171538-33586765-exchange_by_shop-diamond-1",
      "sig": "2f6c54d1061b8bcbc0b4b9fd06ec246a011105d14cf23bbe3a18ffef1978d3f2",
      "mp_sig": "00ff4bc5b1ae448a987a5de554fa1257b9e57e4b98f143872f815f388a6cb687"
    },
    "url": "https://api.weixin.qq.com/cgi-bin/midas/sandbox/pay?access_token=20_iGmI6zIL98BFi1Aa7MR6VsxMkfRDvwaULTMUFkFOevD_J-a1y02GJG26aLFNDz44LkOuILV2gG5oU1qqa4OF3D_kEfAuct1RFny8OAEOHdvz8T5rNnotUou9VATkIjXYYrZA5MPy-1k3WqarRNAeAIAFBO"
}


谢指导!!!


下面附上了sig和mp_sig的生成方法

主方法(golang 1.9)

// 获取sig与mp_sig
// 使用实例:
/*
   sig, mpSig, e:= GenerateSigAndMpSig(SigParam{
      Openid: "odkx20ENSNa2w5y3g_qOkOvBNM1g",
      Appid:"wx1234567",
      OfferId: "12345678",
      Ts:1507530737,
      ZoneId:"1",
      Pf:"android",
      AccessToken: "ACCESSTOKEN",
   },"zNLgAGgqsEWJOg1nFVaO5r7fAlIQxr1u", "V7Q38/i2KXaqrQyl2Yx9Hg==","/cgi-bin/midas/getbalance")
 */
func GenerateSigAndMpSig(param SigParam, offerSecret string, sessionKey string, orgLoc string) (string, string, error) {
   if offerSecret == "" {
      return "", "", errorx.NewFromString("offerSecret is empty")
   }
   if sessionKey == "" {
      return "", "", errorx.NewFromString("sessionKey is empty")
 
   }
   if orgLoc == "" {
      return "", "", errorx.NewFromString("orgLoc is empty")
   }
   if param.AccessToken == "" {
      return "", "", errorx.NewFromString("param.AccessToken is empty")
   }
   if param.ZoneId == "" {
      return "", "", errorx.NewFromString("param.ZoneId is empty")
   }
   if param.OfferId == "" {
      return "", "", errorx.NewFromString("param.OfferId is empty")
   }
   if param.Openid =="" {
      return "", "", errorx.NewFromString("param.OpenId is empty")
   }
   if param.Appid == "" {
      return "", "", errorx.NewFromString("param.Appid is empty")
   }
   if param.Ts == 0 {
      return "", "", errorx.NewFromString("param.Ts is empty")
   }
   if param.Pf == ""{
      return "", "", errorx.NewFromString("param.Pf is empty")
   }
 
   stringA := common.ToParam(param, "json", []string{"sig", "access_token", "mp_sig"}...)
   stringSignTemp := stringA + fmt.Sprintf("&org_loc=%s&method=POST&secret=%s", orgLoc, offerSecret)
 
   param.Sig = common.HmacHs256(stringSignTemp, offerSecret)
 
   // 获取mp_sig
   stringB := common.ToParam(param, "json", []string{"mp_sig"}...)
   stringSignTempB := stringB + fmt.Sprintf("&org_loc=%s&method=POST&session_key=%s", orgLoc, sessionKey)
 
   param.MpSig = hmacHs256(stringSignTempB, sessionKey)
   return param.Sig, param.MpSig, nil
}
 
 
 
 
// 获取hmac-hs256 签名
func hmacHs256(message string, secret string) string {
   h := hmac.New(sha256.New, []byte(secret))
   io.WriteString(h, message)
   return fmt.Sprintf("%x", h.Sum(nil))
}


为什么midasGetBalance成功了,midasPay却 mp_sig异常


最后一次编辑于  03-28
回答关注问题邀请回答
收藏

1 个回答

  • 冯弢
    冯弢
    03-29

    😔,原来所有参数都要参与签名,而不是像文档里的balance一样,只有这几个参数

    03-29
    赞同
    回复