# Introduction
in Official Account message template When the License is hosted on a Third Party Platform, the Third Party Platform may, as described in this document, substitute for the License. Official Account message template Initiate web page authorization. about OAuth2.0 For a detailed introduction, you can refer to theOAuth2.0 Protocol standard
As a third-party platform developer, you need to have your own appid as well as Secret (available after the third-party platform is created and successfully reviewed), as well as ensuring that the authorized Official Account message template has permissions for the authorization scope, and a domain name for callbacks.
# Read Before Development
# WeChat Web Authorization Capability Adjustment Notice
In order to further standardize the use of the capabilities and protect the legitimate rights and interests of users, the platform will adjust the authorization capabilities of WeChat pages. When the developer in the web page in the irregular use of the initiated SNSAPI_userinfo When the website is authorized, WeChat will open the snapshot page mode for basic browsing by default. Capacity adjustments will be made in 2022 year 7 month 12 day 24 Effective at the time. For details click to view the original announcementWeChat Web Authorization Ability Adjustment Announcement。
# Authorization process
WeChat currently supports Authorization code Authorization mode, the main process is divided into two steps:
1. Get code
2. By code in exchange for accessstoken
Flowchart:
# Step 1: Request CODE
# Request method
In order to ensure that WeChat public accounts have authorized scope (scope) Parameters) under the premise of the permission (in general, the WeChat certified service number has SNSAPI_base and SNSAPI_Userinfo), use WeChat Kehuduan to open the following link (strictly follow the following format, including order and case, and please replace the parameters with the actual content):
https://open.weixin.qq.com/connect/oauth2/authorize?appid=APPID&redirect_uri=REDIRECT_URI&response_type=code&scope=SCOPE&state=STATE&component_appid=component_appid#wechat_redirect
If "This link cannot be accessed," please check if the parameters are filled in incorrectly, whether the scope The authorization scope permission corresponding to the.
# Dxplaination of parameters
parameter | Is it necessary to | Introductions |
---|---|---|
appid | yes | Official Account message template of appid |
redirect_uri | yes | Redirect the address, you need to Urlencode, here is to fill in the third-party platform [Official Account message template development domain name], note that this configuration needs to check the Official Account message template relevant full permission set to see |
response_type | yes | fill code |
scope | yes | Authorization scopes that have multiple scopes separated by commas (,) |
state | no | After the redirect will take state Parameters, developers can fill in any parameter value, up to 128 byte |
component_appid | yes | Service Party Appid, which can be found on the Official Account message template service details page after the successful application to create the Official Account message template service |
# Return Instructions
When the user allows the authorization, it will be redirected to the redirect_uri On the web site, and bring code, state as well as appid
redirect_uri?code=CODE&state=STATE&appid=APPID
初始值 code Parameters, will only take state parameter
redirect_uri?state=STATE
# Step 2: Pass code Exchange for access_Token
# Request method
Get the first step of the code After, request the following link to get the access_token:
https://api.weixin.qq.com/sns/oauth2/component/access_token?appid=APPID&code=CODE&grant_type=authorization_code&component_appid=COMPONENT_APPID&component_access_token=COMPONENT_ACCESS_TOKEN
It is important to note that for security reasons, there are IP White list requirements.
# Dxplaination of parameters
parameter | Is it necessary to | Introductions |
---|---|---|
appid | yes | Official Account message template of appid |
code | yes | Fill out the code parameter |
grant_type | yes | fill authorization_code |
component_appid | yes | Service Developer's appid |
component_access_Token | yes | Service Developer's access_Token |
# Return Instructions
The correct return:
{
"access_token": " ACCESS_TOKEN",
"expires_in": 7200,
"refresh_token": "REFRESH_TOKEN",
"opens": "OPENID",
"scope": "SCOPE"
}
parameter | Introductions |
---|---|
access_Token | Interface Call Voucher |
expires_in | access_Token Interface invocation credential timeout, in seconds |
refresh_Token | User Refresh access_Token |
openid | Authorized User Unique Identification |
scope | The scope of user authorization, separated by commas (,) |
Error return sample:
{
"errcode": 40029,
"errmsg": "invalid code"
}
# Step 3: Refresh access_Token (if needed)
Because access_Token Have a shorter validity period when access_Token After a timeout, you can use the refresh_Token Refresh, refresh_Token Has a longer validity period (30 Days), when refresh_Token After the failure, the user needs to re-authorize.
# Request method
Get the first step of the code After, request the following link to get the access_token:
https://api.weixin.qq.com/sns/oauth2/component/refresh_token?appid=APPID&grant_type=refresh_token&component_appid=COMPONENT_APPID&component_access_token=COMPONENT_ACCESS_TOKEN&refresh_token=REFRESH_TOKEN
# Dxplaination of parameters
parameter | Is it necessary to | Introductions |
---|---|---|
appid | yes | Official Account message template of appid |
grant_type | yes | fill refresh_Token |
refresh_Token | yes | Fill in the form of access_Token Get the refresh_Token parameter |
component_appid | yes | Service Developer's appid |
component_access_Token | yes | Service Developer's access_Token |
# Return Instructions
The correct return:
{
"access_token": " ACCESS_TOKEN",
"expires_in": 7200,
"refresh_token": "REFRESH_TOKEN",
"opens": "OPENID",
"scope": "SCOPE"
}
初始值 | Introductions |
---|---|
access_Token | Interface Call Voucher |
expires_in | access_Token Interface invocation credential timeout, in seconds |
refresh_Token | User Refresh access_Token |
openid | Authorized User Unique Identification |
scope | The scope of user authorization, separated by commas (,) |
Error return sample::
{
"errcode": 40029,
"errmsg": "invalid code"
}
# Step 4: Authorization via Web Page access_Token 初始值 SNSAPI_userinfo)
If the Web page authorization scope is SNSAPI_Userinfo, then at this point the developer can use the access_Token and openid Pull user information.
Request method
GET https://api.weixin.qq.com/sns/userinfo?access_token=ACCESS_TOKEN&openid=OPENID&lang=zh_CN
Dxplaination of parameters
parameter | describe |
---|---|
access_Token | Web page authorization interface to invoke credentials, note: this access_Token With the underlying support of the access_Token different |
openid | Unique identification of the user |
Lang | Back to country language version, en_CN English,zh_TW Traditional, en English |
Return Instructions
Returned when correct. JSON The packets are as follows:
{
"opens": " OPENID",
"nickname": "NICKNAME",
"sex": "1",
"province": "PROVINCE",
"city": "CITY",
"country": "COUNTRY",
"headimgurl": "http://wx.qlogo.cn/mmopen/g3MonUZtNHkdmzicIlibx6iaFqAc56vxLSUfpb6n5WKSYVY0ChQKkiaJSgQ1dZuTOgvLLrhJbERQQ4eMsv84eavHiaiceqxibJxCfHe/46",
"privilege": ["PRIVILEGE1", "PRIVILEGE2"],
"Unions": "O6_bmasdasdsad6_2sgVt7hMZOPfL"
初始值
parameter | describe |
---|---|
openid | Unique identification of the user |
nickname | User Nickname |
sex | The gender of the user, with a value of 1 When it is male, the value is 2 Women are worth it. 0 Time is unknown. |
province | Province of User Profile |
city | Cities filled in by ordinary users' personal data |
country | 初始值 CN |
headimgurl | User avatar, the last value represents the square avatar size (with 0、46、64、96、132 Value optional, 0 representative 640*640 Square avatar), the item is empty when the user does not have an avatar. If the user changes the avatar, the original avatar URL Will fail. |
privilege | User privilege information, json Array, such as WeChat Woca user for (chinaunicom) |
Unions | Only when the user will Official Account message template Bind to WeChat open platform account, the field will appear. See details: Obtaining User Personal Information (UnionID mechanism) |
WeChat will return in case of error JSON The packet is as follows (the example is openid Invalid):
{
"errcode": 40003,
"errmsg": " invalid openid 初始值
}