OAUTH2.0 Web page Authorization Document summary

Source: Internet
Author: User
Tags openid

1. Configure the authorization callback page domain name

After entering the public platform backstage, go to the Developer Center-permissions table, find the Web page authorization to get the user basic information, click Modify, configure authorization callback page domain name.

Note:

The authorization callback domain name configuration specification is the whole domain name and does not have the HTTP, for example needs the webpage authorizes the domain name to be: www.qq.com, configures after this domain name below the page http://www.qq.com/music.html, http://www.qq.com/ Login.html can conduct OAuth2.0 authentication. But http://pay.qq.com, http://music.qq.com, http://qq.com cannot conduct OAuth2.0 authentication.

Example: Configuring the authorization callback page domain name is: www.365.com

2. The user authorizes and obtains the code

Under the domain name (www365.com) root directory, create a new file named oauth2.php with the following contents:

<?php
if (isset ($_get[' code ')) {
echo $_get[' code ';
}else{
echo "NO CODE";
}
?>

First understand how the request authorization page is constructed:

Http://open.weixin.qq.com/connect/oauth2/authorize? AppID=appid&redirect_uri=redirect_uri&response_type=code&Scope =scope&State =state#wechat_redirect

Parameter description:

AppID must have a unique public ID.

Redirect_uri must have a callback link address for post-authorization redirection

Response_type must have a return type, fill in the code

scope must have an application authorization scope, snsapi_base (do not eject the authorization page, direct jump, can only get user OpenID), Snsapi_userinfo (pop-up authorization page, can get nickname by OpenID , gender, location. And, even in the case of no concern, as long as the user authorizes, but also to obtain their information)

State does not have to be redirected after the state parameter is taken, the developer can fill in any parameter values

#wechat_redirect is not required to have a link directly in the open, you can not fill this parameter. When you do page 302 redirection, you must take this parameter

Note:

Apply authorization scope: Since snsapi_base can only get to OpenID, it doesn't make much sense, so we use Snsapi_userinfo.
Callback Address: Fill in the file address of the oauth2.php that was just uploaded,
State parameter: A random number, fill 1 here

Construct the request URL as follows:

http://open.weixin.qq.com/connect/oauth2/authorize?appid=*****&redirect_uri=http://www.365.com/oauth2.php &response_type=code&scope=snsapi_userinfo&state=1#wechat_redirect

The code can be obtained by this URL, which is displayed in oauth2.php;

3. Use code in exchange for Access_token

In exchange for Web page Authorization Access_token page construction Method:

Https://api.weixin.qq.com/sns/oauth2/access_token? AppID=******&secret=*****&code=*****&grant_type=authorization_ Code

Parameter description:

AppID must have a unique public ID.

Secret must have the appsecret of the public number.

Code must have the code to be filled in

Grant_type must be filled in as Authorization_code

Note:

Code: Fill in the values obtained in the previous step here

After you run this URL, you get the following data:

{
"Access_token": "Oezxceiibsksxw0eoylieasr0gmyd1awcffdhgb4fhs_kkf2cotgj2cbnukqqvj-g0zwee5-ubjbz941eopqdqy5ss_ GCS2Z40DNVU99Y5AI1BW2UQN--2JXOBLIM5D6L9RIMVM8VG8CBAILPWA8VW ",
"Expires_in": 7200,
"Refresh_token": "Oezxceiibsksxw0eoylieasr0gmyd1awcffdhgb4fhs_kkf2cotgj2cbnukqqvj-g0zwee5-ubjbz941eopqdqy5ss_ Gcs2z40dnvu99y5czpawzksiuz_6x_tfkloxlu7kdkm2232wdxb3msuzq1a ",
"OpenID": "OLVPPJQS9BHVZWPJ5A-VTYAX3GLC",
"Scope": "Snsapi_userinfo,"
}

Parameter description:

access_token Page Authorization interface call credentials, note: This access_token differs from the underlying supported Access_token

expires_in Access_token Interface Call voucher time-out, unit (seconds)

refresh_token User Refresh Access_token

OpenID User Unique identification, please note that when the public number is not followed, the user access to the public number of the page will also produce a user and the public number of the only OpenID

Scope user-authorized scopes, separated by commas (,)

As a result, we succeeded in exchanging code for Access_token and Refresh_token.

4. Using Access_token to obtain user information

Https://api.weixin.qq.com/sns/userinfo? access_token=*****&OpenID=******;

Parameter description:

access_token Page Authorization interface call credentials, note: This access_token differs from the underlying supported Access_token

Unique identity of the OpenID user

Run this URL to get the following data:

{
"OpenID": "OLVPPJQS9BHVZWPJ5A-VTYAX3GLC",
"nickname": "...." ",
"Sex": 1,
"Language": "ZH_CN",
"City": "Shenzhen",
"Province": "Guangdong",
"Country": "CN",
"Headimgurl": "http://wx.qlogo.cn/mmopen/ Utpkyf69vabcrdrlbuspsdqn38doibckru6samcsnx558etalvm8pym6jlegzorh67hyzibizpxu4bk1xnwzsxb3cs4qpbbg18/0 ",
"Privilege": []
}

Parameter description:

Parameters Description
Openid Unique identity of the user
Nickname User Nickname
Sex The gender of the user, the value of 1 o'clock is male, the value is 2 o'clock is female, the value is 0 o'clock is unknown
Province The province in which the user's personal data is filled
City General user profile fill in the city
Country Countries, such as China for CN
Headimgurl User picture, the last value represents the size of the square head (there are 0, 46, 64, 96, 132 values are optional, 0 represents the 640*640 square head), the user does not have an avatar when the item is empty
Privilege User privileged information, JSON array, such as the user of the Wo Card (chinaunicom)

OAUTH2.0 Web page Authorization Document summary

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.