Micro-Credit Development Web page authorization to obtain user basic information _ Application skills

Source: Internet
Author: User
Tags json oauth openid

Micro-trust public platform recently introduced a micro-letter certification, authentication can be access to advanced interface permissions, one of which is OAuth2.0 Web licensing, a lot of friends in the use of this time failed or unable to understand its content, I hope that a tutorial on a detailed explanation, and then have this article.

One, what is OAuth2.0

Official website: http://oauth.net/http://oauth.net/2/

Authoritative definition: OAuth is an open protocol to allow secure authorization in a simple and standard the from web, mobile and desktop Applications.

OAuth is an open agreement, allows a user to allow a third party to apply secure and standard access to private resources (such as user personal information, photos, videos, contact lists) stored on a Web site, mobile, or desktop application without having to provide the user name and password to a third party application.

OAuth 2.0 is the next version of the OAuth protocol, but not backwards compatible OAuth 1.0. OAuth 2.0 focuses on the simplicity of client developers, while providing a dedicated certification process for Web applications, desktop applications and mobile phones, and living room devices.

OAuth allows users to provide a token, rather than a username and password, to access data that they store in a particular service provider. Each token authorizes a particular Web site (for example, a video editing site) to access a specific resource (for example, a video from a single album) within a specific period of time (for example, within the next 2 hours). In this way, OAuth allows users to authorize third party websites to access information they store on other service providers without having to share their access licenses or all the content of their data.

Sina Weibo API is also currently using OAuth 2.0.

Original: http://www.cnblogs.com/txw1958/p/weixin71-oauth20.html

Second, micro-trust public platform OAuth2.0 authorization

Micro-trust public platform OAuth2.0 authorization detailed steps are as follows:

1. Users pay attention to micro-credit public accounts.
2. Micro-Credit public account to provide the user Request authorization page URL.
3. The user clicks on the Authorization page URL, will initiate the request to the server
4. The server asks the user if he or she agrees to authorize the micro-credit public account (no such step when scope is snsapi_base)
5. User consent (scope is snsapi_base without this step)
6. The server passes the code through the callback to the micro-credit public account
7. Micro-Credit public account access code
8. Micro-Credit public account request access via code to the server Token
9. Server returns access token and OpenID to micro-credit public account
10. Micro-Credit Public account request user information to the server via access token (no this step when scope is snsapi_base)
11. The server sends the user information back to the micro-credit public account (no such step when scope is snsapi_base)

The AppID and Appsecret used are found in the developer center-developer ID.

1. Configure authorization callback page domain name

Enter the micro-trust public platform after the backstage, in turn into the Developer Center-permission table, to find the Web page authorization to obtain user basic information,

Click on the right side of the modification. Original: http://www.cnblogs.com/txw1958/p/weixin71-oauth20.html

Authorization callback Domain name configuration specification for a full domain name and no HTTP, such as the need for Web page authorization domain name: www.qq.com, after the configuration of this domain Name page http://www.qq.com/music.html, http://www.qq.com/ Login.html can carry out OAuth2.0 authentication. But http://pay.qq.com, http://music.qq.com, http://qq.com cannot carry out OAuth2.0 authentication.

Here we fill in Square times studio of a Baidu application level two domain name for mascot.duapp.com

Original: http://www.cnblogs.com/txw1958/p/weixin71-oauth20.html

If your URL is not blacklisted, it will appear at the top.

Then, the domain name configuration is successful.

2. User authorization and access to code

Under the domain name root directory, create a new file, named Oauth2.php, whose contents are

<?php
if (isset ($_get[' code ')) {
 echo $_get[' code '];
} else{
 echo "NO CODE";
>

Find out how the request authorization page is structured first:

Https://open.weixin.qq.com/connect/oauth2/authorize?appid=APPID&redirect_uri=REDIRECT_URI&response_ Type=code&scope=scope&state=state

Parameter description

Parameters must be Description
AppID Is Unique identification of the public number
Redirect_uri Is Callback link address for redirection after authorization
Response_type Is return type, please fill in the code
Scope Is Application authorization scope, Snsapi_base (not pop-up authorization page, direct jump, can only obtain user OpenID), Snsapi_userinfo (pop-up authorization page, can get nickname, sex, location via OpenID). And, even in the event of not paying attention, can obtain the information as long as the user authorizes.
State Whether After redirection, the state parameter is taken and the developer can fill in any parameter values
#wechat_redirect Whether Open the link directly in the micro-letter, you can not fill out this parameter. When you do page 302 redirection, you must take this parameter

Apply authorization scope: Because Snsapi_base can only get OpenID, it's not very meaningful, so we use Snsapi_userinfo.

Callback Address: Fill in the file address of the oauth2.php after just uploaded,

State parameter: A random number, fill in 1 here

The construction request URL is as follows:

https://open.weixin.qq.com/connect/oauth2/authorize?appid=wx8888888888888888&redirect_uri=http:// Mascot.duapp.com/oauth2.php&response_type=code&scope=snsapi_userinfo&state=1

Send this link to the micro-mail to open in the micro-mail browser, where a link is used to encapsulate the following:

Welcome to the "near treasure", it can make it easier for you to find in your vicinity of your mind of the catering, clothing, department stores, beauty salons shops.
<a href= "Https://open.weixin.qq.com/connect/oauth2/authorize?appid=wx8888888888888888&redirect_uri=http ://mascot.duapp.com/oauth2.php&response_type=code&scope=snsapi_userinfo&state=1 "> Click here to bind </a >
Technical Support Square Times Studio

The following is shown in the micro-letter

When you click Bind, eject the application licensing interface

Select Allow, click

Jump to auth2.php page, execute

echo $_get[' code ']

The interface shows the code, which is the link from the top right button, and the links are as follows:

Http://mascot.duapp.com/oauth2.php?code=00b788e3b42043c8459a57a8d8ab5d9f&state=1

We succeeded in getting the code.

Note: If this interface occurs at the time of binding, the parameter is not correct and you need to go back and check the parameters


3. Use code in exchange for Access_token

In exchange for Web page authorization Access_token The page is structured as follows:

Https://api.weixin.qq.com/sns/oauth2/access_token?appid=APPID&secret=SECRET&code=CODE&grant_type= Authorization_code

Parameter description

Parameters whether you must Description
AppID Is Unique identification of the public number
Secret Is Appsecret of the public number
Code Is Fill in the first step to get the code parameter
Grant_type Is Fill in the Authorization_code

Code: Here to fill in the value obtained in the previous step

The construction request URL is as follows:

https://api.weixin.qq.com/sns/oauth2/access_token?appid=wx8888888888888888&secret= Aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa&code=00b788e3b42043c8459a57a8d8ab5d9f&grant_type=authorization_code

You can execute this statement directly in the browser:

(

The key here is to get the code for the JSON data through the URL above

$ch = Curl_init ();
  curl_setopt ($ch, Curlopt_url, $url);
  curl_setopt ($ch, Curlopt_returntransfer, 1); Requires the result to be a string and output to the screen
  curl_setopt ($ch, Curlopt_header, 0);/do not HTTP HEADER to accelerate efficiency
  curl_setopt ($ch, Curlopt_ UserAgent, ' mozilla/5.0 (compatible; MSIE 5.01; Windows NT 5.0) ');
  curl_setopt ($ch, Curlopt_timeout,);
  curl_setopt ($ch, Curlopt_ssl_verifypeer, FALSE); HTTPS request does not verify certificate and hosts
  curl_setopt ($ch, Curlopt_ssl_verifyhost, FALSE);  
  $output = curl_exec ($ch);
  Curl_close ($ch);
  $jsondecode = Json_decode ($output); Encodes a string in JSON format
  $array = Get_object_vars ($jsondecode); 
//convert array//Red two lines are the focus, for HTTPS, let me tangle the day more

  echo $ Array

)

Get the following JSON data:

{"
 Access_token": "Oezxceiibsksxw0eoylieasr0gmyd1awcffdhgb4fhs_ KKF2COTGJ2CBNUKQQVJ-G0ZWEE5-UBJBZ941EOPQDQY5SS_GCS2Z40DNVU99Y5AI1BW2UQN--2JXOBLIM5D6L9RIMVM8VG8CBAILPWA8VW ",
 "expires_in": 7200,
 "Refresh_token": "Oezxceiibsksxw0eoylieasr0gmyd1awcffdhgb4fhs_ Kkf2cotgj2cbnukqqvj-g0zwee5-ubjbz941eopqdqy5ss_gcs2z40dnvu99y5czpawzksiuz_6x_tfkloxlu7kdkm2232wdxb3msuzq1a ",
 "OpenID": "OLVPPJQS9BHVZWPJ5A-VTYAX3GLC",
 "Scope": "Snsapi_userinfo,"
}

The data format is interpreted as follows:

Parameters Description
Access_token Web page Authorization Interface call voucher, note: This access_token is different from the access_token of the underlying support
Expires_in Access_token interface Call voucher timeout time, in seconds
Refresh_token User Refresh Access_token
Openid User Unique identification, please note that when the public number is not concerned, the user access to the public number of the Web page, will also produce a user and public number only OpenID
Scope User-authorized scope, separated by commas (,)


As a result, we succeeded in exchanging code for Access_token and Refresh_token.

Refresh Access_token

The function of refreshing access_token is mentioned in the official document, but this is not necessary, first use can be ignored.

The URL request method is as follows:

https://api.weixin.qq.com/sns/oauth2/refresh_token?appid=APPID&grant_type=refresh_token&refresh_token= Refresh_token

Parameter description

Parameters whether you must Description
AppID Is Unique identification of the public number
Grant_type Is Fill in the Refresh_token
Refresh_token Is Fill in the Refresh_token parameters obtained through Access_token

The structure is as follows:
https://api.weixin.qq.com/sns/oauth2/refresh_token?appid=wx8888888888888888&grant_type=refresh_token& Refresh_token=oezxceiibsksxw0eoylieasr0gmyd1awcffdhgb4fhs_kkf2cotgj2cbnukqqvj-g0zwee5-ubjbz941eopqdqy5ss_ Gcs2z40dnvu99y5czpawzksiuz_6x_tfkloxlu7kdkm2232wdxb3msuzq1a

Execute JSON data in the same format in the browser

4. Use Access_token to get user information

Request Method:

Https://api.weixin.qq.com/sns/userinfo?access_token=ACCESS_TOKEN&openid=OPENID
Parameter description

Parameters Description
Access_token Web page Authorization Interface call voucher, note: This access_token is different from the access_token of the underlying support
Openid Unique identification of the user

The construction URL is as follows:

Https://api.weixin.qq.com/sns/userinfo?access_token=OezXcEiiBSKSxW0eoylIeAsR0GmYd1awCffdHgb4fhS_ Kkf2cotgj2cbnukqqvj-g0zwee5-ubjbz941eopqdqy5ss_gcs2z40dnvu99y5ai1bw2uqn--2jxoblim5d6l9rimvm8vg8cbailpwa8vw &openid=olvppjqs9bhvzwpj5a-vtyax3glc

You can execute this statement directly in the browser:

Get the following JSON data:

{
 "OpenID": "OLVPPJQS9BHVZWPJ5A-VTYAX3GLC", "
 nickname": "Square Times",
 "sex": 1,
 "language": "ZH_CN",
 " City ":" Shenzhen ","
 province ":" Guangdong ",
 " Country ":" CN ",
 " Headimgurl ":" http://wx.qlogo.cn/mmopen/ utpkyf69vabcrdrlbuspsdqn38doibckru6samcsnx558etalvm8pym6jlegzorh67hyzibizpxu4bk1xnwzsxb3cs4qpbbg18/0 ",
 " Privilege ": []
}

Parameter interpretation:


Parameters Description
Openid Unique identification of the user
Nickname User Nickname
Sex The user's sex, the value of 1 o'clock is male, the value of 2 o'clock is female, the value of 0 o'clock is unknown
Province The province in which the user's personal data is filled
City The city where the ordinary user's personal data fills in
Country Countries, such as China for CN
Headimgurl User Avatar, the last value represents the size of the square head (there are 0, 46, 64, 96, 132 value Optional, 0 represents 640*640 square avatar), the user does not have the Avatar when the item is empty
Privilege User privileged information, JSON array, such as micro-SIM user (chinaunicom)

This is consistent with my personal micro-mail message.

At this point, without entering my account and password, the micro-credit public account has obtained my personal information, including nicknames, gender, country, province, city, personal avatar and privileged list.

A complete OAUTH2 certification is complete.

Third, the detailed demonstration

Pay attention to Square times studio (two-dimensional code see below), reply to "authorization", return message, click on the picture

On the confirmation page, click "Allow"

Pop-up get the results (the image has been done anti-theft processing, so can not be directly displayed, download to the local again to show)

The above is about the development of micro-credit, Web pages authorized to obtain information on the user's data collation, follow-up to continue to supplement the relevant information, thank you for your support for this site!

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.