Shulou(Shulou.com)06/02 Report--

This article shows you how to authorize access to user information in TNW. The content is concise and easy to understand, which will definitely brighten your eyes. I hope you can get something through the detailed introduction of this article.

Brief introduction

TNW: TypeScript (The) + Node.js (Next) + WeChat Wechat official account development scaffolding, supporting any Node.js server framework (Express, Nest, egg, koa, etc.)

What is the OAuth3.0 Wechat public platform OAuth3.0 authorization detailed steps to configure the domain name of the authorization callback page

Please refer to the previous article Wechat official account development authorization to obtain user information-Java version of this article has 2.4w + readings

Some instructions for authorized user information

A description of the difference between the two scope of web page authorization

1. The web authorization initiated by snsapi_base for scope is used to obtain the openid of the user entering the page, and it is silently authorized and automatically redirected to the callback page. What the user perceives is to go directly to the callback page (often the business page).

2. The web page authorization initiated by snsapi_userinfo for scope is used to obtain the basic information of the user. However, this kind of authorization requires the user to agree manually, and because the user has agreed, the basic information of the user can be obtained without attention after authorization.

3. The interface for obtaining basic user information in the user management interface is that the basic user information can only be obtained according to the user openid after the event is pushed after the user and the official account exchange messages or follow each other. This API, including other Wechat APIs, requires the user (that is, openid) to follow the official account before it can be called successfully.

On Silent Authorization in Special situations

1. As mentioned above, users do not perceive the silent authorization of web pages with snsapi_base as the scope.

2. For users who have followed the official account, if the user enters the authorization page of this official account from the session of the official account or the custom menu, even if the scope is snsapi_userinfo, it is silent authorization and the user has no perception.

Specifically, the web authorization process is divided into four steps:

1. Guide the user to the authorization page to agree to the authorization and obtain the code

2. Exchange for web page authorization access_token through code (different from access_token in basic support)

3. If necessary, developers can refresh the web license access_token to avoid expiration.

4. Obtain basic user information through web authorization access_token and openid (UnionID mechanism is supported)

The user agrees to authorize and obtain the code

Guide followers to open the following authorized page URL:

Https://open.weixin.qq.com/connect/oauth3/authorize?appid=APPID&redirect_uri=REDIRECT_URI&response_type=code&scope=SCOPE&state=STATE#wechat_redirect

If you are prompted that the link is not accessible, check that the parameter is entered incorrectly and that you have authorization scope permissions for the scope parameter.

Pay particular attention to:

Due to the high security level of authorization operation, Wechat will make a regular strong matching check on the authorization link when initiating the authorization request. If the parameters of the link are in the wrong order, the authorization page will not be able to access normally.

To jump to the callback redirect_uri, you should use the https link to ensure the security of the authorized code and must have a domain name on the MP configuration callback page.

After the user agrees to authorize

If the user agrees to the authorization, the page will jump to redirect_uri/?code=CODE&state=STATE.

Special note: code as a ticket in exchange for access_token, the code will be different with each user's license. Code can only be used once, and it will automatically expire if it is not used for 5 minutes.

Exchange code for web page authorization access_token

Refresh access_token (if required)

Pull user information (need scope to be snsapi_userinfo)

Verify that the authorization certificate (access_token) is valid

Encapsulation export class SnsAccessTokenApi {private static authorizeUrl: string = "https://open.weixin.qq.com/connect/oauth3/authorize?appid=%s&redirect_uri=%s&response_type=code&scope=%s"; in TNW Private static accessTokenUrl: string = "https://api.weixin.qq.com/sns/oauth3/access_token?appid=%s&secret=%s&code=%s&grant_type=authorization_code" private static refreshTokenUrl: string =" https://api.weixin.qq.com/sns/oauth3/refresh_token?appid=%s&grant_type=refresh_token&refresh_token=%s" private static userInfoUrl: string = "https://api.weixin.qq.com/sns/userinfo?access_token=%s&openid=%s&lang=%s";" Private static checkTokenUrl: string = "https://api.weixin.qq.com/sns/auth?access_token=%s&openid=%s"; / * * get the authorized link * @ param redirectUri callback address * @ param scope * @ param state * / public static getAuthorizeUrl (redirectUri: string, scope: ScopeEnum, state?: string): string {let url = util.format (this.authorizeUrl, ApiConfigKit.getApiConfig.getAppId, urlencode (redirectUri), scope); if (state) {url = url + "& state=" + state } return url + "# wechat_redirect";} / * in exchange for web authorization access_token * @ param code * / public static async getSnsAccessToken (code: string) {let url = util.format (this.accessTokenUrl, ApiConfigKit.getApiConfig.getAppId, ApiConfigKit.getApiConfig.getAppScrect, code) through code; return HttpKit.getHttpDelegate.httpGet (url) } / * refresh access_token * @ param refreshToken * / public static async refreshAccessToken (refreshToken: string) {let url = util.format (this.refreshTokenUrl, ApiConfigKit.getApiConfig.getAppId, refreshToken); return HttpKit.getHttpDelegate.httpGet (url) } / * verify whether the access_token is valid * @ param accessToken access_token * @ param openId * / public static async checkAccessToken (accessToken: string, openId: string) {let url = util.format (this.checkTokenUrl, accessToken, openId); return HttpKit.getHttpDelegate.httpGet (url) exchanged through code } / * pull user information (scope is snsapi_userinfo) * @ param accessToken * @ param openId * @ param lang * / public static async getUserInfo (accessToken: string, openId: string, lang: Lang) {let url = util.format (this.userInfoUrl, accessToken, openId, lang); return HttpKit.getHttpDelegate.httpGet (url) }} export enum ScopeEnum {SNSAPI_BASE = "snsapi_base", SNSAPI_USERINFO = "snsapi_userinfo"} export enum Lang {ZH_CN = "zh_CN", ZH_TW = "zh_TW", EN = "en"} TNW case

Access: http/https:// domain name / toAuth

Callback: http/https:// domain name / auth

App.get ('/ toAuth', (req, res) = > {let url = SnsAccessTokenApi.getAuthorizeUrl ("http://xxx/auth", ScopeEnum.SNSAPI_USERINFO," IJPay "); console.log (" authorized URL: ", url); res.redirect (url);}); / / authorized callback app.get ('/ auth', (req, res) = > {let code = req.query.code; let state = req.query.state) Console.log ("code:", code, "state:", state); SnsAccessTokenApi.getSnsAccessToken (code) .then (data = > {let temp = JSON.parse (data.toString ()); / / determine whether access_token obtained successful if (temp.errcode) {/ / access_token acquisition failed res.send (temp); return } let access_token = temp.access_token; let openid = temp.openid; let scope = temp.scope; if (scope = = ScopeEnum.SNSAPI_USERINFO) {/ / get user information SnsAccessTokenApi.getUserInfo (access_token, openid, Lang.ZH_CN) .then (data = > {res.send (data);}) } else {res.send (temp);}})); Common errors

1. Please open it in the Wechat client

To authorize access to user information, you must open it in the Wechat client or use the Wechat developer tool provided by Wechat

2. Redirect_url parameter error

Please check whether the authorized domain name set in the public platform corresponding to appId is consistent with the domain name configured in your project.

3. The test number indicates that you do not pay attention to the test number during the test.

Test number test authorization is the test number that must be paid attention to first, and officials do this for the sake of safety. The official environment Wechat authentication service number is to obtain the user's information without paying attention.

The above is how to authorize access to user information in TNW. Have you learned any knowledge or skills? If you want to learn more skills or enrich your knowledge reserve, you are welcome to follow the industry information channel.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.