Overview
The Login via Scan capability is used by developers in a mobile app to fetch a QR code, and users may log in to this mobile app by scanning the QR code via Weixin. This capability is applicable to various scenarios such as multi-device login, intelligent hardware, and TV box.
Getting Code via Scanning and Authorization on iOS
Step 1: Request function
(BOOL)Auth:(NSString *)appId nonceStr:(NSString *)nonceStr timeStamp:(NSString*)timeStamp scope:(NSString *) scope signature:(NSString *)signature schemeData:(NSString *)schemeData;
Parameters
Parameter | Required | Description |
---|---|---|
appid | Yes | App's unique identifier |
scope | Yes | App authorization scope. Multiple scopes are separated by a comma (,). |
nonceStr | Yes | A unique random string used to differ signatures. |
timeStamp | Yes | Timestamp |
signature | Yes | Signature |
schemeData | No | This value is added after scheme when a QR code is scanned. |
Step 2: Listen on QR code callback and display the QR code during the callback
(void)onAuthGotQrcode:(UIImage *)image; // Get a QR code
Step 3: Call back an authCode after the user confirms login
-(void)onAuthFinish:(int)errCode AuthCode:(NSString *)authCode; // Login succeeded
Scanning and Authorization Process on Android
Procedure
The app initiates an authorization request via the IDiffDevOAuth.auth() API. A QR code is returned via the OAuthListener.onAuthGotQrcode() callback API and displayed in the app. Users scan a QR code via Weixin for authorization.
**API**
IDiffDevOAuth
boolean auth(String appId, String scope, String noncestr, String timestamp, String signature, OAuthListener listener)
Parameters
Parameter | Required | Description |
---|---|---|
appId | Yes | App's unique identifier |
scope | Yes | App authorization scope. Multiple scopes are separated by a comma (,). |
noncestr | Yes | A unique random string used to differ each signature. |
timestamp | Yes | Timestamp |
signature | Yes | Signature |
listener | Yes | The callback API of the authorization process |
OAuthListener
/**
* QR code API returned after authorization
*
* @param qrcodeImgPath deleted
* @param imgBuf QR code image data
*/
void onAuthGotQrcode(String qrcodeImgPath, byte[] imgBuf);
/**
* After a user scans a QR code, the callback API is changed.
*/
void onQrcodeScanned();
/**
* After a user clicks Authorize, the callback API is changed.
*/
void onAuthFinish(OAuthErrCode errCode, String authCode);
Algorithm of Signature for Login via Scan in SDK
Getting Ticket
A sdk_ticket must be obtained before a signature is generated.
The sdk_ticket is a temporary ticket used to generate a signature, which is obtained using access_token and valid for 7200s. Due to the limited number of API calls for obtaining the sdk_ticket, frequent refresh of the sdk_ticket will lead to API call restriction, affecting normal functioning of its service. Developers need to store and update the sdk_ticket in their own service.
- Refer to the following document. Use Appid and AppSecret to get access_token:
https://mp.weixin.qq.com/wiki?t=resource/res_main&id=mp1421140183
- Use the access_token obtained in Step 1 to request an sdk_ticket by the HTTP GET method:
https://api.weixin.qq.com/cgi-bin/ticket/getticket?access_token=ACCESS_TOKEN&type=2
The following JSON is returned for a successful request:
{
"errcode":0,
"errmsg":"ok",
"ticket":"-p3A5zVP95IuafPhzA6lRR95_F9nZEBfJ_n4E9t8ZFWKJTDPOwccVQhHCwDBmvLkayF_jh-m9HOExhumOziDWA",
"expires_in":7200
}
After obtaining the sdk_ticket, you can generate a signature for login via scan.
Signature Generation
Signature generation rules:
Fields contained in a signature include third-party appid, noncestr (random string), valid sdk_ticket, and timestamp.
Sort the parameters to be signed according to the ASCII codes of their names in ascending lexicographical order, and join these parameters into string1 in the URL key-value format (i.e., key1=value1 & key2=value2...). Note that all parameter names are lowercase characters. Sign string1 using sha1. Both the field name and field value shall be the original values without URL escape, i.e. signature = sha1 (string1).
Example:
appid=appid
noncestr=noncestr
sdk_ticket=-p3A5zVP95IuafPhzA6lRR95_F9nZEBfJ_n4E9t8ZFWKJTDPOwccVQhHCwDBmvLkayF_jh-m9HOExhumOziDWA
timestamp=1417508194
Sort the parameters to be signed according to the ASCII codes of their names in ascending lexicographical order, and join these parameters into string1 in the URL key-value format (i.e., key1=value1 & key2=value2...): appid=appid&noncestr=noncestr&sdk_ticket=-p3A5zVP95IuafPhzA6lRR95_F9nZEBfJ_n4E9t8ZFWKJTDPOwccVQhHCwDBmvLkayF_jh-m9HOExhumOziDWA×tamp=1417508194
Sign string1 using sha1 to get a signature: 429eaaa13fd71efbc3fd344d0a9a9126835e7303