Force.com WeChat development series OAuth2.0 webpage authorization

OAuth is an open protocol, allows third-party applications to obtain private resources (such as user personal information, photos, videos, and contacts) stored on a website in a secure and standard manner ), you do not need to provide the user name and password to third-party applications. This article will introduce in detail the OAuth protocol and the specific implementation in. OAuth is an open protocol, allows third-party applications to obtain private resources (such as user personal information, photos, videos, and contacts) stored on a website in a secure and standard manner ), you do not need to provide the user name and password to third-party applications. This article will introduce in detail the OAuth protocol and the specific implementation in.

OAuth2.0 protocol introduction

OAuth2.0 is the next version of the OAuth protocol, but it is not backward compatible with OAuth 1.0. OAuth 2.0 focuses on the simplicity of client developers and provides specialized authentication processes for Web applications, desktop applications, mobile phones, and living room devices. OAuth2.0 allows users to provide a token instead of the user name and password to access the data they store in a specific service provider. Each token authorizes a specific website (for example, a video editing website) at a specific time period (for example, within the next two hours) to access specific resources (for example, only videos in a photo album ). In this way, OAuth allows users to authorize third-party websites to access the information they store on another service provider, without having to share their access permission or all the content of their data.

OAuth2.0 authentication and authorization process:

Three parties involved in Oauth2.0 authentication and authorization include:

1. the service provider uses the service provider to store protected resources, such as photos, videos, and contact lists.

2. users are the owners of Protected Resources stored in the service provider.

3. a client accesses a third-party application of the service provider's resources, usually a website, such as a website that provides the photo printing service. Before the authentication process, the client must apply for a client ID from the service provider.

The process of using OAuth for authentication and authorization is as follows:

1. the user accesses the client's website and wants to operate the resources of the user stored in the service provider;

2. the client requests a temporary token from the service provider;

3. after the service provider authenticates the client, it grants a temporary token;

4. after obtaining the temporary token, the client directs the user to the authorization page of the service provider to request user authorization. In this process, the temporary token and the client callback connection are sent to the service provider;

5. the user enters the user name and password on the webpage of the service provider, and then authorizes the client to access the requested resources;

6. after successful authorization, the service provider directs the user to return to the webpage of the client;

7. the client obtains the access token from the service provider based on the temporary token;

8. the service provider grants the client access token based on the temporary token and user authorization;

9. the client uses the obtained access token to access the protected resources stored on the service provider.

Webpage OAuth2.0 authorization:

If a user accesses a third-party webpage with a public account in the middle (excluding the Web), the public account developer can use this interface to obtain the basic information of the current user (including nickname, gender, city, and country ). Using user information, you can achieve User eXperience Optimization, user source statistics, account binding, user identity authentication, and other functions.

It should be noted that the interface for obtaining basic user information (which will be introduced later in the blog post) is used to obtain basic user information based on the user's OpenID when a message is generated between the user and the public account, the webpage authorization method does not require message interaction to obtain basic user information. Instead, the page for requesting user authorization is displayed when the user enters the public account page, you can obtain the basic information (this process does not even require users to pay attention to the public account .)

The following is an example of the detailed development process.

Configure the authorization callback domain name:

Before requesting authorization from a user's webpage through a public account, the developer needs to configure the authorization callback name on the My Service page of the public platform website. Note that http is not required for the domain name here: // or https ://. In addition, the authorization callback domain name configuration specification for the full domain name, such as the need for web page authorization domain name: www.qq.com, after the configuration of all the pages under the domain name such as http://www.qq.com/music.html, http://www.qq.com/login.htmlcan be in the oauth2.0authentication. But http://pay.qq.com, http://music.qq.com cannot perform OAuth2.0 authentication.

To this end, go to the service page (use the official service number or the authenticated subscription number and find it through my service, if the test account is directly found on the homepage) and find the OAuth2.0 webpage authorization, click the modify link on the right side:

Add the following code to this class:

public class oauth2testcontroller {     public String code {get; set;}     public oauth2testcontroller(){         code = ApexPages.currentPage().getParameters().get('code');         if(String.isBlank(code)){             code = 'No Code';         }     } }

In this code, line 1 defines a public property code. line 2 obtains the code parameter in the URL through the ApexPages object and then checks whether the code value is null, if it is null, No Code is displayed. Next we will see that the code parameter will be added to the URL when the authorization callback is successful.

Next, slightly modify the front-end page to display the code value:

       {!code}  

{! The object name} is the syntax used to display the object value in Force.com Visualforce page. Next we need to configure this page to be accessible through the public network. after logging on to Force.com, go to Setup> Develop> Sites and click the Site Label corresponding to the Site, as shown in:

Enter the URL directly in the address bar of the browser to obtain the returned data. of course, in actual scenarios, more requests are sent through the background code. The JSON data packet returned when the returned result is correct is as follows:

{   "access_token":"ACCESS_TOKEN",   "expires_in":7200,   "refresh_token":"REFRESH_TOKEN",   "openid":"OPENID",   "scope":"SCOPE"}

The parameters are described as follows:

The returned JSON data packet is as follows:

{   "access_token":"ACCESS_TOKEN",   "expires_in":7200,   "refresh_token":"REFRESH_TOKEN",   "openid":"OPENID",   "scope":"SCOPE"}

The data packet is defined as follows:

When an error occurs, the JSON data packet is returned as follows (the sample Code is invalid ):

{& Quot; errcode & quot;: 40029, & quot; errmsg & quot;: & quot; invalid code & quot "}

For more Force.com development series OAuth2.0 web page authorization articles, please follow the PHP Chinese network!