Detailed explanation of author web page authorization of wechat development

In the development of wechat, there are often such needs: obtaining user avatars, binding wechat signals and sending information to users Then the premise of realizing these is authorization!

1. Configure security callback domain name:

Before the official account is authorized by WeChat public, developers need to first modify the authorized callback domain name in the configuration options of "development interface authority - Web Service - Web page account - Web authorization to obtain basic user information". It is worth noting that this is directly writing the entire domain name, such as www.liliangel. cn。 However, we generally use secondary domain names in developing H5, such as H5 liliangel. Cn is also in the security callback domain name.

2. User level authorization and silent authorization

1. With snsapi_ The web page authorization initiated by base for scope is used to obtain the openid of the user entering the page. It is a silent authorization and automatically jumps to the callback page. What users perceive is that they directly enter the callback page.

2. With snsapi_ The web page authorization initiated by userinfo for scope is used to obtain the basic information of users. However, this authorization requires the user's manual consent, and because the user has agreed, it does not need to pay attention, and the user's basic information can be obtained after authorization.

3. Web page authorization access_ Token and ordinary access_ The difference between tokens

1. Wechat web page authorization is through oauth2 0, after the user authorized the official account, the public number can get a unique access_token access_token interface authorization credential (web page authorization). After the authorization of the webpage, the official account can be authorized to call the interface after obtaining the user's basic information.

2. Other wechat interfaces need to obtain common access through the "obtain access_token" interface in basic support_ Token call.

4. Guide the user to the authorization page, agree to the authorization and obtain the code

After wechat was updated, the authorization page also changed. In fact, I'm used to the classic green page

js：

With scope = snsapi_ Taking userinfo as an example, when the page is loaded, enter the authorization method. First obtain the wxurinfo object from the cache. If it is stated that it has been authorized before, enter the initialization method directly. If not, judge whether the URL contains a code. If a code indicates that it is the page after entering the authorization page callback, you can exchange the code for user information. No code, that is, the user enters the page for the first time and leads to the authorization page, redirect_ Uri is the current page address.

Getwxuserinfo method:

5. Background restful -- / wechat / authorization, exchange user information according to code

There is an authorized access_ Token, remember: authorize access_ Token non global access_ Token needs to use cache. I don't need to talk about the specific configuration of redis here. I'll write a blog post about the configuration later. Of course, ehcache can also be used. The ehcache configuration is described in detail in my first blog.

At that time, I was in a hurry and the code naming was messy. As you can see, I use a synchronous method to get the key from the cache as Weixin_ SQ_ ACCESS_ Token, if the description is not expired, directly call the interface provided by wechat through httpclient to return the string of user information to the front end. If it is not retrieved, it indicates that it is not or has expired, and it is retrieved according to refresh_ Token refresh access_ Token, write the cache again because of access_ The token has a short validity period. In order to be safe, I set the expiration time of the cache here, and the time given by wechat is reduced by another hour. Looking back at the code, I find that there is a small problem with the above logic. Writing in this way will lead to the first access or the first access after cache failure_ The token will be refreshed once, which will not affect the use temporarily. The todo will be optimized and modified later.

6: Save user information

Usually, after authorization, we will save user information in the database table. Openid is the only primary key, and foreign key will associate with our own user table. What's more, there is a relationship between WeChat and the official account, no matter what business to follow or what to do. It is worth noting that the headimgurl we obtained is a URL provided by wechat. When the user modifies the avatar, the original address may become invalid, so it is best to save the picture to the local server and then save the local address URL!

Value returned by wechat:

Reference link:

Official documents of wechat public platform: https://mp.weixin.qq.com/wiki?t=resource/res_main&id=mp1421140842&token=&lang=zh_CN

Online interface debugging tools: http://mp.weixin.qq.com/debug

No official account benefits: Test Account Application http://mp.weixin.qq.com/debug/cgi-bin/sandbox?t=sandbox/login

The above is the whole content of this article. I hope the content of this article can bring some help to your study or work. At the same time, I also hope to support a lot of programming tips!