Shulou(Shulou.com)06/03 Report--

What this article shares with you is about how to solve the problem that only one domain name can be set on the Wechat authorization callback page. The editor thinks it is very practical, so I share it with you for study. I hope you can get something after reading this article. Without saying much, let's take a look at it with the editor.

User authorization is required when doing a project to integrate Wechat login and WeChat Pay. The authorization process can be described simply as:

1. Users trigger actions that require authorization from our application, such as clicking Wechat to log in.

two。 After receiving such a user request, the application redirects the user to an authorization page provided by Wechat:

Or

3. Users scan the code on Wechat (authorization on PC, left above) or click the confirm button (authorization on mobile, right above) to inform Wechat that the app is authorized to access their Wechat account information.

4. After Wechat receives the authorization from the user, it generates the authorization code and calls it back as a parameter to a page of the application.

5. After receiving the callback request from Wechat, the callback page of the application gets the authorization code and obtains the access token through the access token api API provided by Wechat

6. Finally, users' Wechat account information can be obtained through access token and another userinfo api interface provided by Wechat officials.

To implement this process, you must first apply for a Wechat official account for the application, and set the domain name of the final deployment of the application to the domain name option of the authorization callback page in the Wechat official account setting. Wechat's official description of this option is as follows:

Instructions on the domain name of web page authorization callback

1. Before the official Wechat account requests a user's web page authorization, the developer needs to go to the configuration option of "Development-Interface permission-Web Service-Web account-Web license to obtain basic user information" on the official website of the public platform. Modify the authorization callback domain name. Please note that the domain name (a string) is filled in here, not URL, so do not add protocol headers such as http://.

2. The configuration specification of the domain name for authorization callback is the full domain name. For example, the domain name that needs to be authorized by the web page is www.qq.com. After configuration, both http://www.qq.com/music.html and http://www.qq.com/login.html under this domain name can be authenticated by OAuth3.0. However, http://pay.qq.com, http://music.qq.com and http://qq.com cannot authenticate OAuth3.0.

3. If the official account login authorization is given to a third-party developer to manage it, there is no need to make any settings. The third party can realize the web page authorization instead of the official account.

Thus it can be seen that this rule is extremely strict. If we say that there is only one domain name when our application is finally deployed, then there will be no problem with this rule, but considering the complexity of future applications, we may split the application at the beginning of the application design. then different businesses use different second-level domain names to deploy. For example, in an application with transactions, you might separate login registration, transaction management, and regular business, and deploy them in the following ways:

Www.your.com deploys regular business

Trade.your.com deploys transaction management services

Passport.your.com deploys the business of login registration

In this mode, if Wechat login and WeChat Pay are integrated, the aforementioned rules for the domain name of the authorization callback page will bring problems to the application. Here: you can at least confirm that both trade.your.com and passport.your.com need the user Wechat authorization described above, but they are two different subdomains, and we only have one official account According to the domain name policy of authorization callback page, it can only use one domain name, and only if the domain name of the callback address is exactly the same as this setting can Wechat authorization be successfully initiated, otherwise it will prompt you with incorrect rediret_uri parameters or cause a problem that cannot be called back.

So how to deal with this situation?

The current solution is to introduce a new, very simple application as an authorized proxy service for Wechat. You can do this:

1. Set the web authorization interface domain name of the official account to another subdomain name, such as proxy.your.com

two。 Then deploy the index.php in php_weixin_proxy to proxy.your.com

Index.php under php_weixin_proxy is a very simple php file, you can directly look at the source code to understand its implementation. Because of the current project environment, I use php to complete this proxy service implementation, in fact, you can use any platform language to achieve similar functions.

When other businesses need to initiate Wechat authorization, send the authorization request to proxy.your.com first, and then proxy.your.com will forward the request to Wechat.

When the user agrees to the authorization, proxy.your.com will receive the authorization callback from Wechat and return the callback result (code, state parameters) intact to the business that initiated the authorization.

The only difference is that when you don't use proxy.your.com, your link to initiate Wechat authorization from the app should look like this:

Https://open.weixin.qq.com/connect/qrconnect?appid=xxxxx&redirect_uri=http%3A%2F%2Fpassport.your.com%2F&response_type=code&scope=snsapi_login&state=584bc87e11ff37492#wechat_redirect

After using proxy.your.com, the authorization link should look like this:

Http://proxy.your.com/?appid=xxxxx&redirect_uri=http%3A%2F%2Fpassport.your.com%2Flogin%2Fnotify&response_type=code&scope=snsapi_base&state=584bc87e11ff37492&device=pc

The latter link is compared to the one above:

1. The host in the following link becomes proxy.your.com, that is, the authorized callback domain name of the agent

two。 After that, there is an extra device parameter, which is necessary. Because the authorization address of Wechat PC is different from that of mobile, and the following link sends a proxy.your.com, you need to add an additional parameter to tell it whether to use the authorization address of PC or mobile when forwarding the authorization application to Wechat.

The overall plan is as follows:

The above is how to solve the problem that only one domain name can be set on the Wechat authorization callback page. The editor believes that there are some knowledge points that we may see or use in our daily work. I hope you can learn more from this article. For more details, please follow the industry information channel.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.