1. Configure the authorization callback page domain name
After entering the public platform backstage, go to the Developer Center-permissions table, find the Web page authorization to get the user basic information, click Modify, configure authorization callback page domain name.
Note:
The authorization callback domain name configuration specification is the whole domain name and does not have the HTTP, for example needs the webpage authorizes the domain name to be: www.qq.com, configures after this domain name below the page http://www.qq.com/music.html, http://www.qq.com/ Login.html can conduct OAuth2.0 authentication. But http://pay.qq.com, http://music.qq.com, http://qq.com cannot conduct OAuth2.0 authentication.
Example: Configuring the authorization callback page domain name is: www.365.com
2. The user authorizes and obtains the code
Under the domain name (www365.com) root directory, create a new file named oauth2.php with the following contents:
<?php
if (isset ($_get[' code ')) {
echo $_get[' code ';
}else{
echo "NO CODE";
}
?>
First understand how the request authorization page is constructed:
Http://open.weixin.qq.com/connect/oauth2/authorize? AppID=appid&redirect_uri=redirect_uri&response_type=code&Scope =scope&State =state#wechat_redirect
Parameter description:
AppID must have a unique public ID.
Redirect_uri must have a callback link address for post-authorization redirection
Response_type must have a return type, fill in the code
scope must have an application authorization scope, snsapi_base (do not eject the authorization page, direct jump, can only get user OpenID), Snsapi_userinfo (pop-up authorization page, can get nickname by OpenID , gender, location. And, even in the case of no concern, as long as the user authorizes, but also to obtain their information)
State does not have to be redirected after the state parameter is taken, the developer can fill in any parameter values
#wechat_redirect is not required to have a link directly in the open, you can not fill this parameter. When you do page 302 redirection, you must take this parameter
Note:
Apply authorization scope: Since snsapi_base can only get to OpenID, it doesn't make much sense, so we use Snsapi_userinfo.
Callback Address: Fill in the file address of the oauth2.php that was just uploaded,
State parameter: A random number, fill 1 here
Construct the request URL as follows:
http://open.weixin.qq.com/connect/oauth2/authorize?appid=*****&redirect_uri=http://www.365.com/oauth2.php &response_type=code&scope=snsapi_userinfo&state=1#wechat_redirect
The code can be obtained by this URL, which is displayed in oauth2.php;
3. Use code in exchange for Access_token
In exchange for Web page Authorization Access_token page construction Method:
Https://api.weixin.qq.com/sns/oauth2/access_token? AppID=******&secret=*****&code=*****&grant_type=authorization_ Code
Parameter description:
AppID must have a unique public ID.
Secret must have the appsecret of the public number.
Code must have the code to be filled in
Grant_type must be filled in as Authorization_code
Note:
Code: Fill in the values obtained in the previous step here
After you run this URL, you get the following data:
{
"Access_token": "Oezxceiibsksxw0eoylieasr0gmyd1awcffdhgb4fhs_kkf2cotgj2cbnukqqvj-g0zwee5-ubjbz941eopqdqy5ss_ GCS2Z40DNVU99Y5AI1BW2UQN--2JXOBLIM5D6L9RIMVM8VG8CBAILPWA8VW ",
"Expires_in": 7200,
"Refresh_token": "Oezxceiibsksxw0eoylieasr0gmyd1awcffdhgb4fhs_kkf2cotgj2cbnukqqvj-g0zwee5-ubjbz941eopqdqy5ss_ Gcs2z40dnvu99y5czpawzksiuz_6x_tfkloxlu7kdkm2232wdxb3msuzq1a ",
"OpenID": "OLVPPJQS9BHVZWPJ5A-VTYAX3GLC",
"Scope": "Snsapi_userinfo,"
}
Parameter description:
access_token Page Authorization interface call credentials, note: This access_token differs from the underlying supported Access_token
expires_in Access_token Interface Call voucher time-out, unit (seconds)
refresh_token User Refresh Access_token
OpenID User Unique identification, please note that when the public number is not followed, the user access to the public number of the page will also produce a user and the public number of the only OpenID
Scope user-authorized scopes, separated by commas (,)
As a result, we succeeded in exchanging code for Access_token and Refresh_token.
4. Using Access_token to obtain user information
Https://api.weixin.qq.com/sns/userinfo? access_token=*****&OpenID=******;
Parameter description:
access_token Page Authorization interface call credentials, note: This access_token differs from the underlying supported Access_token
Unique identity of the OpenID user
Run this URL to get the following data:
{
"OpenID": "OLVPPJQS9BHVZWPJ5A-VTYAX3GLC",
"nickname": "...." ",
"Sex": 1,
"Language": "ZH_CN",
"City": "Shenzhen",
"Province": "Guangdong",
"Country": "CN",
"Headimgurl": "http://wx.qlogo.cn/mmopen/ Utpkyf69vabcrdrlbuspsdqn38doibckru6samcsnx558etalvm8pym6jlegzorh67hyzibizpxu4bk1xnwzsxb3cs4qpbbg18/0 ",
"Privilege": []
}
Parameter description:
Parameters |
Description |
Openid |
Unique identity of the user |
Nickname |
User Nickname |
Sex |
The gender of the user, the value of 1 o'clock is male, the value is 2 o'clock is female, the value is 0 o'clock is unknown |
Province |
The province in which the user's personal data is filled |
City |
General user profile fill in the city |
Country |
Countries, such as China for CN |
Headimgurl |
User picture, the last value represents the size of the square head (there are 0, 46, 64, 96, 132 values are optional, 0 represents the 640*640 square head), the user does not have an avatar when the item is empty |
Privilege |
User privileged information, JSON array, such as the user of the Wo Card (chinaunicom) |
OAUTH2.0 Web page Authorization Document summary