Shulou(Shulou.com)06/03 Report--

This article is to share with you the content of sample analysis of URL and Tocken developed by Wechat public account. The editor thinks it is very practical, so share it with you as a reference and follow the editor to have a look.

I. brief introduction of URL and Tocken

1. To become a developer, you must have a public network address (URL), which must be accessible to the Wechat public platform. There are many ways to obtain the network address: you can use other platforms or rent your own server (it is recommended that you rent a server, because we need to deploy applications); in short, you need to provide a URL on the public network.

2. Tocken (tag): Tocken can fill in any string and use it during authentication.

3. Authentication process: developers are required to program, so deploy an application on the developer server (provide URL) When the URL on the public network is accessed by Wechat, Wechat will send some data. Your application needs to encrypt the data sent by Wechat, and then compare it with signature with ciphertext. If the same, return echostr to Wechat public platform, and Wechat public platform for verification. If correct, congratulations, your public account has become a developer account.

Second, verification flow chart

You have provided URL (developer server address) and Tocken to Wechat public platform. The following figure shows the verification process of Wechat public platform.

As can be seen from the image above, the main verification function is on the developer server. When tocken,timestamp,nonce encryption authentication (sha1 encryption) is performed on the developer server, tocken is provided to the Wechat public platform by the developers. If the encryption result is the same as the signature provided by the Wechat public platform, then we return the echostr to the Wechat public platform. Wechat public platform carries out echostr authentication. If passed, the public account will become a developer.

Third, code description

I developed using python language, if you use other languages, the logical structure is similar, but the implementation is different.

@ csrf_exemptdef wx_valid (request): # url provided to Wechat public platform. This method is executed when Wechat public platform requests url. This method is verified by Wechat developers. It is a GET request. GET and POST distinguish between authenticating or sending a message (POST when sending the message)''if (request.method = = 'GET'): the tocken provided by tocken='zainanjing6tocken'# to the Wechat public platform can be kept in a database, file, or hard-coded directly into code If tocken: timestamp = request.GET ['timestamp'] nonce = request.GET [' nonce'] signature = request.GET ['signature'] echostr = request.GET [' echostr'] arr = [tocken,timestamp Nonce] arr.sort () data =''for s in arr: data + = s sha1 = hashlib.sha1 () # or hashlib.md5 () sha1.update (data) _ signature = sha1.hexdigest () # generates a 40-bit (sha1) or 32-bit (md5) hexadecimal string If _ signature = = signature: return HttpResponse (echostr) # returns echostr return HttpResponse ('error') # returns error

The above is for developers to verify the logical flow and source code of URL and Tocken. Let's talk about the overall operation flow.

IV. Operation process

1. First, deploy the application on the developer server and provide URL and Tocken. (this URL requires Wechat public platform to access it.)

2. After URL and Tocken are added to the Wechat public platform developer mode, the Wechat public platform automatically requests URL, and the developer server performs data verification (signature verification). If the verification is passed, return the echostr to the Wechat public platform.

3. If you successfully become a developer account, and the mode of the public account is adjusted to the developer mode, then the messages sent by the user to the public account will not be replied by the Wechat public platform. Wechat public platform will forward the message to the developer server, and the developer server will reply to the message.

At this point, the authentication of URL and Tocken is over. If the authentication is passed, congratulations, your account is already a developer account. The next step is to develop the function to reply to user messages, otherwise users will not receive any messages.

Thank you for reading! This is the end of the article on "sample Analysis of URL and Tocken developed by Wechat Public accounts". I hope the above content can be of some help to you, so that you can learn more knowledge. if you think the article is good, you can share it for more people to see!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.