# Required reading for service provider access
# A Guide to Market Authorisation for Small Shop Services
# Non-Servicers Ignore This Section
# A. Authorization to purchase
When a user purchases a package on the service market, he authorizes the Mini Store permission set to Third Party Platform:
- If the Mini Store has not previously authorized the relevant permission set to Third Party Platform, then the third party platform receives The authorization message callbacks and generates component_access_token based on the authorizerAppid, the AuthorizationCode, and the third party platform's own [[TIDS-1]] . authorizer_refresh_token , the third party platform needs to save the authorizer_refresh_token to get the user's authorizer_access_token.
- If the store has previously authorized the relevant permission set to Third Party Platform, then simply use the previously saved authorizer_refresh_token.
- If the authorizer_refresh_token is lost, the authorizer_refresh_token can be retrieved by by pulling all authorized account information .
# B. Small Shop Trigger Login
The Mini Store login process is divided into several steps:
- The user selects one of the clicks to use a service that has been purchased in the Mini Store administration.
- Mini Store management side generate code, and as a parameter splicing to the jump url
- Third Party Platform component_access_token , Login Interface Get user information
- The third party obtains the user information (AppID), checks whether the appid already exists in the third party's own account system, triggers registration if it does not exist, and logs in directly if it exists.
- Invoke the to obtain the validity of the user service interface to obtain the validity of the user's various specifications of the service, and provide the corresponding service.
# C. Direct access to third-party websites
In addition to the management-side login of small stores, a third party's own account system login is also provided for merchants to use.