# Introduction

in Official Account message template When the License is hosted on a Third Party Platform, the Third Party Platform may, as described in this document, substitute for the License. Official Account message template Initiate web page authorization. about OAuth2.0 For a detailed introduction, you can refer to theOAuth2.0 Protocol standard

As a third-party platform developer, you need to have your own appid as well as Secret (available after the third-party platform is created and successfully reviewed), as well as ensuring that the authorized Official Account message template has permissions for the authorization scope, and a domain name for callbacks.

# Read Before Development

# WeChat Web Authorization Capability Adjustment Notice

In order to further standardize the use of the capabilities and protect the legitimate rights and interests of users, the platform will adjust the authorization capabilities of WeChat pages. When the developer in the web page in the irregular use of the initiated SNSAPI_userinfo When the website is authorized, WeChat will open the snapshot page mode for basic browsing by default. Capacity adjustments will be made in 2022 year 7 month 12 day 24 Effective at the time. For details click to view the original announcementWeChat Web Authorization Ability Adjustment Announcement

# Authorization process

WeChat currently supports Authorization code Authorization mode, the main process is divided into two steps:

1. Get code
2. By code in exchange for accessstoken

Flowchart:

# Step 1: Request CODE

# Request method

In order to ensure that WeChat public accounts have authorized scope (scope) Parameters) under the premise of the permission (in general, the WeChat certified service number has SNSAPI_base and SNSAPI_Userinfo), use WeChat Kehuduan to open the following link (strictly follow the following format, including order and case, and please replace the parameters with the actual content):

https://open.weixin.qq.com/connect/oauth2/authorize?appid=APPID&redirect_uri=REDIRECT_URI&response_type=code&scope=SCOPE&state=STATE&component_appid=component_appid#wechat_redirect

If "This link cannot be accessed," please check if the parameters are filled in incorrectly, whether the scope The authorization scope permission corresponding to the.

# Dxplaination of parameters
parameter Is it necessary to Introductions
appid yes Official Account message template of appid
redirect_uri yes Redirect the address, you need to Urlencode, here is to fill in the third-party platform [Official Account message template development domain name], note that this configuration needs to check the Official Account message template relevant full permission set to see
response_type yes fill code
scope yes Authorization scopes that have multiple scopes separated by commas (,)
state no After the redirect will take state Parameters, developers can fill in any parameter value, up to 128 byte
component_appid yes Service Party Appid, which can be found on the Official Account message template service details page after the successful application to create the Official Account message template service
# Return Instructions

When the user allows the authorization, it will be redirected to the redirect_uri On the web site, and bring code, state as well as appid

redirect_uri?code=CODE&state=STATE&appid=APPID

初始值 code Parameters, will only take state parameter

redirect_uri?state=STATE

# Step 2: Pass code Exchange for access_Token

# Request method

Get the first step of the code After, request the following link to get the access_token:

https://api.weixin.qq.com/sns/oauth2/component/access_token?appid=APPID&code=CODE&grant_type=authorization_code&component_appid=COMPONENT_APPID&component_access_token=COMPONENT_ACCESS_TOKEN

It is important to note that for security reasons, there are IP White list requirements.

# Dxplaination of parameters
parameter Is it necessary to Introductions
appid yes Official Account message template of appid
code yes Fill out the code parameter
grant_type yes fill authorization_code
component_appid yes Service Developer's appid
component_access_Token yes Service Developer's access_Token
# Return Instructions

The correct return:

{
  "access_token": " ACCESS_TOKEN",
  "expires_in": 7200,
  "refresh_token": "REFRESH_TOKEN",
  "opens": "OPENID",
  "scope": "SCOPE"
}
parameter Introductions
access_Token Interface Call Voucher
expires_in access_Token Interface invocation credential timeout, in seconds
refresh_Token User Refresh access_Token
openid Authorized User Unique Identification
scope The scope of user authorization, separated by commas (,)

Error return sample:

{
  "errcode": 40029,
  "errmsg": "invalid code"
}

# Step 3: Refresh access_Token (if needed)

Because access_Token Have a shorter validity period when access_Token After a timeout, you can use the refresh_Token Refresh, refresh_Token Has a longer validity period (30 Days), when refresh_Token After the failure, the user needs to re-authorize.

# Request method

Get the first step of the code After, request the following link to get the access_token:

https://api.weixin.qq.com/sns/oauth2/component/refresh_token?appid=APPID&grant_type=refresh_token&component_appid=COMPONENT_APPID&component_access_token=COMPONENT_ACCESS_TOKEN&refresh_token=REFRESH_TOKEN
# Dxplaination of parameters
parameter Is it necessary to Introductions
appid yes Official Account message template of appid
grant_type yes fill refresh_Token
refresh_Token yes Fill in the form of access_Token Get the refresh_Token parameter
component_appid yes Service Developer's appid
component_access_Token yes Service Developer's access_Token
# Return Instructions

The correct return:

{
  "access_token": " ACCESS_TOKEN",
  "expires_in": 7200,
  "refresh_token": "REFRESH_TOKEN",
  "opens": "OPENID",
  "scope": "SCOPE"
}
初始值 Introductions
access_Token Interface Call Voucher
expires_in access_Token Interface invocation credential timeout, in seconds
refresh_Token User Refresh access_Token
openid Authorized User Unique Identification
scope The scope of user authorization, separated by commas (,)

Error return sample::

{
  "errcode": 40029,
  "errmsg": "invalid code"
}

# Step 4: Authorization via Web Page access_Token 初始值 SNSAPI_userinfo)

If the Web page authorization scope is SNSAPI_Userinfo, then at this point the developer can use the access_Token and openid Pull user information.

Request method


GET https://api.weixin.qq.com/sns/userinfo?access_token=ACCESS_TOKEN&openid=OPENID&lang=zh_CN

Dxplaination of parameters

parameter describe
access_Token Web page authorization interface to invoke credentials, note: this access_Token With the underlying support of the access_Token different
openid Unique identification of the user
Lang Back to country language version, en_CN English,zh_TW Traditional, en English

Return Instructions

Returned when correct. JSON The packets are as follows:

{
  "opens": " OPENID",
  "nickname": "NICKNAME",
  "sex": "1",
  "province": "PROVINCE",
  "city": "CITY",
  "country": "COUNTRY",
  "headimgurl": "http://wx.qlogo.cn/mmopen/g3MonUZtNHkdmzicIlibx6iaFqAc56vxLSUfpb6n5WKSYVY0ChQKkiaJSgQ1dZuTOgvLLrhJbERQQ4eMsv84eavHiaiceqxibJxCfHe/46",
  "privilege": ["PRIVILEGE1", "PRIVILEGE2"],
  "Unions": "O6_bmasdasdsad6_2sgVt7hMZOPfL"
初始值
parameter describe
openid Unique identification of the user
nickname User Nickname
sex The gender of the user, with a value of 1 When it is male, the value is 2 Women are worth it. 0 Time is unknown.
province Province of User Profile
city Cities filled in by ordinary users' personal data
country 初始值 CN
headimgurl User avatar, the last value represents the square avatar size (with 0、46、64、96、132 Value optional, 0 representative 640*640 Square avatar), the item is empty when the user does not have an avatar. If the user changes the avatar, the original avatar URL Will fail.
privilege User privilege information, json Array, such as WeChat Woca user for (chinaunicom)
Unions Only when the user will Official Account message template Bind to WeChat open platform account, the field will appear. See details: Obtaining User Personal Information (UnionID mechanism

WeChat will return in case of error JSON The packet is as follows (the example is openid Invalid):

{
  "errcode": 40003,
  "errmsg": " invalid openid 初始值
}