Shulou(Shulou.com)06/03 Report--

This article mainly shows you "what is the use of OAuth2.0 for the development of Wechat public platform", the content is simple and clear, and I hope it can help you solve your doubts, so let the editor lead you to study and learn this article "what is the use of OAuth2.0 for Wechat public platform development".

Understand OAuth3.0

First, let's take a look at how OAuth3.0 works through a picture:

From the figure above, we can see that there are two "handshakes" in the whole process, and finally a series of requests are made using the authorized AccessToken. The related process is described as follows:

A: the client sends an authentication request to the server. These parameters are usually carried in the request

ID identity, such as appId

URL (redirectUrl) that is redirected after verification

Status parameters (optional)

Authorized scope scope (optional)

Response type (optional)

B: the server returns an grant authorization ID (Wechat calls it code by default), similar to an one-time temporary string key. If redirectUrl is provided in A, the server will do a jump, with grant and status parameters, and access the redirectUrl.

C: the redirectUrl of the client corresponds to the page, and the request is initiated again with grant. This request usually carries some sensitive information:

ID identification

Password

Grant string (code)

Grant type (optional, default is code in Wechat)

D: after the server verifies that the ID ID, password and grant are correct, it returns AccessToken (note that the AccessToken here has nothing to do with the AccessToken introduced by the general interface and advanced interface, and cannot be cross-used)

E: the client requests a series of API based on AccessToken, and will no longer carry sensitive information such as appId,Secret,grant in this process.

F: the server returns the request result.

OAuth3.0 use of Wechat

Now that we understand the basic principles of OAuth3.0, let's take a look at how OAuth3.0 is used in Wechat.

Suppose a scenario: the user enters a Wechat public account and then opens a game page in the Wechat embedded browser through the link in the message. The game requires the user to log in and record the user's game score.

In this case, we have two ways to deal with it:

Of course, it's an awkward design to let users register and log in on a web page (and you may have to log in again every time you open the page, because the cookie of Wechat's built-in browser is very short).

Take advantage of OAuth3.0. When the user enters this page, first determine whether the user is logged in, if not, automatically jump to the OAuth3.0 authorization page, this page automatically carries out the above ABCD series of authentication, and then through EF to get the user's OpenId and even more detailed information (including avatars), automatically complete the login (or necessary registration) process, and then the user login status directly into the game.

It can be seen that the use of OAuth3.0 greatly improves the user experience, and can be automatically bound to identify user Wechat OpenId.

It is important to note that the "OAuth3.0 Authorization Page" mentioned above comes in two forms:

When the Scope in request An is snsapi_base, the whole authorization process is completed automatically, and the user's client does not have any intermediate pages to display, but the authorization result can only obtain the user's OpenId (regardless of whether the user has followed the user or not, of course, if the user is following the user, it is possible to use the user information interface in the advanced interface again, and it is possible to use OpenId to obtain the user information, but it only takes a few turns)

When you request that the Scope in An is snsapi_userinfo, you need to provide an authorization page (similar to the authorization that many websites log in with Weibo account and QQ account). Only after the user agrees, you will immediately get the details of the user. The user here can be a follower or an unfollower, and the content returned is consistent.

In other words, snsapi_base 's method can "unknowingly" obtain the user's OpenId, and automatically complete the login registration process, but the amount of information is limited; snsapi_userinfo requires the user to automatically complete the whole process after authorization on the specified interface, and this authorization has a period of time, after which you need to re-ask the user.

Senparc.Weixin.MP OAuth3.0 interface

Source folder: Senparc.Weixin.MP/AdvancedAPIs/OAuth

The relevant methods in the source code are as follows:

Namespace Senparc.Weixin.MP.AdvancedAPIs {/ / official documentation: http://mp.weixin.qq.com/wiki/index.php?title=%E7%BD%91%E9%A1%B5%E6%8E%88%E6%9D%83%E8%8E%B7%E5%8F%96%E7%94%A8%E6%88%B7%E5%9F%BA%E6%9C%AC%E4%BF%A1%E6%81%AF#.E7.AC.AC.E4.B8 .80.E6.AD.A5.EF.BC.9A.E7.94.A8.E6.88.B7.E5.90.8C.E6.84.8F.E6.8E.88.E6.9D.83.EF.BC.8C.E8.8E.B7.E5.8F.96code / Application authorization scope / public enum OAuthScope {/ does not pop up the authorization page If you jump directly, you can only get the user openid / snsapi_base, / pop-up authorization page, and you can get the nickname, gender and location through openid. And, even without attention, as long as the user authorizes You can also get its information / snsapi_userinfo} public static class OAuth {/ get the verification address / public static string GetAuthorizeUrl (string appId, string redirectUrl, string state, OAuthScope scope) String responseType = "code") {var url = string.Format ("https://open.weixin.qq.com/connect/oauth3/authorize?appid={0}&redirect_uri={1}&response_type={2}&scope={3}&state={4}#wechat_redirect", appId, redirectUrl.UrlEncode (), responseType, scope, state) / * after this step is sent, the customer will get the authorization page and return to the redirectUrl page regardless of whether they agree or reject it. * if the user agrees to the authorization, the page will jump to redirect_uri/?code=CODE&state=STATE. The code here is used in exchange for access_token (the access_token of the API is not universal) * if the user forbids authorization, the code parameter will not be taken after redirection, only the state parameter redirect_uri?state=STATE * / return url will be taken. } / obtain AccessToken / code as a ticket in exchange for access_token. The code on each user's license will be different. Code can only be used once, and it will automatically expire if it is not used for 5 minutes. / public static OAuthAccessTokenResult GetAccessToken (string appId, string secret, string code, string grantType = "authorization_code") {var url = string.Format ("https://api.weixin.qq.com/sns/oauth3/access_token?appid={0}&secret={1}&code={2}&grant_type={3}", appId, secret, code, grantType) Return CommonJsonSend.Send (null, url, null, CommonJsonSendType.GET) } / refresh access_token (if required) / fill in the refresh_token parameter / public static OAuthAccessTokenResult RefreshToken obtained through access_token (string appId, string refreshToken) String grantType = "refresh_token") {var url = string.Format ("https://api.weixin.qq.com/sns/oauth3/refresh_token?appid={0}&grant_type={1}&refresh_token={2}", appId, grantType, refreshToken) Return CommonJsonSend.Send (null, url, null, CommonJsonSendType.GET);} public static OAuthUserInfo GetUserInfo (string accessToken,string openId) {var url = string.Format ("https://api.weixin.qq.com/sns/userinfo?access_token={0}&openid={1}",accessToken,openId); return CommonJsonSend.Send (null, url, null, CommonJsonSendType.GET);}

For a specific example method, see Senparc.Weixin.MP.Sample/Controllers/OAuth3Controller.cs and the code for the corresponding view.

Pay attention

You must have an authenticated service number to use the OAuth interface.

The AccessToken used in the interface is not related to the AccessToken used in advanced interfaces (including generic interfaces), even if they are both obtained through the same AppId and Secret.

At present, the official authorization page is not 100% stable, and sometimes it takes a few more times to pass smoothly. If you find such a situation, you need to make some judgments and request repeatedly, at least on the surface, you can prevent users from seeing the error page.

For security reasons, you need to go to * * my Services * * at the backend of Wechat to set the domain name of the callback page before using OAuth3.0:

The above is all the contents of the article "what is the use of OAuth2.0 developed by Wechat Public platform". Thank you for reading! I believe we all have a certain understanding, hope to share the content to help you, if you want to learn more knowledge, welcome to follow the industry information channel!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.