Overview

The Login via Scan capability is used by developers in a mobile app to fetch a QR code, and users may log in to this mobile app by scanning the QR code via Weixin. This capability is applicable to various scenarios such as multi-device login, intelligent hardware, and TV box.

Getting Code via Scanning and Authorization on iOS

Step 1: Request function

(BOOL)Auth:(NSString *)appId nonceStr:(NSString *)nonceStr timeStamp:(NSString*)timeStamp scope:(NSString *) scope signature:(NSString *)signature schemeData:(NSString *)schemeData;

Parameters

Step 2: Listen on QR code callback and display the QR code during the callback

 (void)onAuthGotQrcode:(UIImage *)image;  // Get a QR code

Step 3: Call back an authCode after the user confirms login

-(void)onAuthFinish:(int)errCode AuthCode:(NSString *)authCode;    // Login succeeded

Scanning and Authorization Process on Android

Procedure

The app initiates an authorization request via the IDiffDevOAuth.auth() API. A QR code is returned via the OAuthListener.onAuthGotQrcode() callback API and displayed in the app. Users scan a QR code via Weixin for authorization.

IDiffDevOAuth

boolean auth(String appId, String scope, String noncestr, String timestamp, String signature, OAuthListener listener)

Parameters

/**
 * QR code API returned after authorization
 *
 * @param qrcodeImgPath deleted
 * @param imgBuf QR code image data
 */
void onAuthGotQrcode(String qrcodeImgPath, byte[] imgBuf);

/**
 * After a user scans a QR code, the callback API is changed.
 */
void onQrcodeScanned();

/**
 * After a user clicks Authorize, the callback API is changed.
 */
void onAuthFinish(OAuthErrCode errCode, String authCode);

Algorithm of Signature for Login via Scan in SDK

Getting Ticket

A sdk_ticket must be obtained before a signature is generated.

The sdk_ticket is a temporary ticket used to generate a signature, which is obtained using access_token and valid for 7200s. Due to the limited number of API calls for obtaining the sdk_ticket, frequent refresh of the sdk_ticket will lead to API call restriction, affecting normal functioning of its service. Developers need to store and update the sdk_ticket in their own service.

1. Refer to the following document. Use Appid and AppSecret to get access_token:

https://mp.weixin.qq.com/wiki?t=resource/res_main&id=mp1421140183

2. Use the access_token obtained in Step 1 to request an sdk_ticket by the HTTP GET method:

https://api.weixin.qq.com/cgi-bin/ticket/getticket?access_token=ACCESS_TOKEN&type=2

The following JSON is returned for a successful request:

{
	"errcode":0,

	"errmsg":"ok",

	"ticket":"-p3A5zVP95IuafPhzA6lRR95_F9nZEBfJ_n4E9t8ZFWKJTDPOwccVQhHCwDBmvLkayF_jh-m9HOExhumOziDWA",

	"expires_in":7200

}

After obtaining the sdk_ticket, you can generate a signature for login via scan.

Signature Generation

Signature generation rules:

Fields contained in a signature include third-party appid, noncestr (random string), valid sdk_ticket, and timestamp.

Sort the parameters to be signed according to the ASCII codes of their names in ascending lexicographical order, and join these parameters into string1 in the URL key-value format (i.e., key1=value1 & key2=value2...). Note that all parameter names are lowercase characters. Sign string1 using sha1. Both the field name and field value shall be the original values without URL escape, i.e. signature = sha1 (string1).

appid=appid

noncestr=noncestr

sdk_ticket=-p3A5zVP95IuafPhzA6lRR95_F9nZEBfJ_n4E9t8ZFWKJTDPOwccVQhHCwDBmvLkayF_jh-m9HOExhumOziDWA

timestamp=1417508194

1. Sort the parameters to be signed according to the ASCII codes of their names in ascending lexicographical order, and join these parameters into string1 in the URL key-value format (i.e., key1=value1 & key2=value2...): appid=appid&noncestr=noncestr&sdk_ticket=-p3A5zVP95IuafPhzA6lRR95_F9nZEBfJ_n4E9t8ZFWKJTDPOwccVQhHCwDBmvLkayF_jh-m9HOExhumOziDWA&timestamp=1417508194

2. Sign string1 using sha1 to get a signature: 429eaaa13fd71efbc3fd344d0a9a9126835e7303