Perform oauth authorization login in WeChat public account

Add to favorites

Assume that user a subscribes to the "Gossip message" (dbanotes) of the Public Account and receives an article every day. A may sometimes wish to add an article to favorites and read it later or repeat it. Of course, there can be thousands of ways to complete the collection, a Jun is a brain powder, I hope the entire collection process can be completed only in.

The Public Account "My Evernote" of Evernote is developed based on the private API, which transfers messages and articles as notes. The basic steps for using this account are: Follow "My Evernote", which will prompt the user to bind the Evernote account and send the oauth authorized login link, click the link to the Evernote website to log on. After the link is completed, the content sent to "my Evernote" will be saved as a note. Open an article on the built-in web page and click the share button. "My Evernote" is already built in. You can save the article with one click. In general, "My Evernote" is very convenient. If Mr. A is an Evernote user (note that Evernote's international account cannot be used), then Mr. A is blessed. Unfortunately, Mr. A is a Evernote user and is not used to reading articles in Evernote.

A Jun is a loyal fan of pocket. He hangs out on the internet and stores interesting articles in the pocket reading list. This is very simple on PC. A wants to have a public account similar to "my Evernote", bind it to its own pocket account, send a message about the article link to the account, and add the article to the pocket list.

Let's assume that this public account is called mypocket. The following describes how to authorize the user's pocket account oauth to mypocket.

Node

During the entire authorized login process, the following nodes are involved:

Node 1:User. For example, a Jun.

Node 2:Public Account Message Server. The user can see a public account, such as mypocket.

Node 3:Server. The official server completes message transmission between 1 and 2.

Node 4:Pocket authorized login serverThe logging server or page of the pocket application.

Procedure

User Node 1 sends a text message to public Node 2 and receives a response from the public account. The message transmission process is as follows:

(1), user Node 1 sends messages

(2) The message arrives at Node 3 and is encapsulated and pushed to node 2 through http post.

(3) When a message arrives at Node 2, it responds to HTTP after processing, returns it to node 3, and forwards it to node 1.

(4) When the message arrives at Node 1, the user receives the message response.

Note: currently, node 2 cannot send messages to users. It can reply only after receiving the message pushed by node 3.

Oauth authorization logon procedure

Unlike normal oauth authorized login in a browser, the basic steps for logging in to oauth are as follows:

1. User Node 1 sends a specific table recognition message (for example, "auth") to start oauth authorized login

2. After Node 2 receives the message:

(1) Remember the fromusername ID string of Node 1. You need to save (2) to node 4 to get the request token. You need to save (3) send a message to node 1 and reply: the link of the user's authorized login address, which must include the user's table recognition string fromusername and the callback address after authorization.

3. Node 1 opens the login link, and fill in the account in the built-in browser for authorization

4. The callback address redirected from node 4 to node 2

5. Node 2 authorizes the user to log on to callback and obtain the access token based on the request token. After authorization is completed, the access token needs to be saved.

The following describes the process:

(1) The user information contained in the message push is only fromusername, which is an encrypted string, such as ogfs0jrosowjxqntiy9b8wi8seac. Therefore, it is difficult to directly obtain the user's ID or nickname. According to the information found on the Internet, the fromusername is fixed for all messages sent by a user to a specific public account. It can be used to uniquely identify Node 1.

(2) fromusername, request token, and access token in step 5 in step 2 must be saved. Because Node 2 interacts with the browser of Node 3 and node 1 over HTTP, the browser cookie cannot be used. Here, the database is used for saving.

(3) browser support. Because oauth is used to log on to the third-party logon authorization interface, you need a browser and a built-in browser to complete this task perfectly.

Code

This example uses the python flask framework to implement a small example. The main code is as follows. Step 2:

@ App. route ('/Weixin', methods = ['post']) def weixin_msg (): Data = request. data MSG = parse_msg (data) content = MSG ['content'] username = MSG ['fromusername'] If content = 'auth': Pocket = Pocket (pocket_consumer_key, base_url + url_for ('auth _ callback') + '? Username = '+ username) code = Pocket. get_request_token () # code is request token url = Pocket. get_authorize_url (CODE) # Save the code and username user = user (username) user. pocket_code = Code dB. session. add (User) dB. session. commit () rmsg = U' click the link below to log on to the pocket and authorize it to \ n \ n' + rmsg. encode ('utf-8') return response_text_msg (MSG, rmsg) return help_msg ()

The authentication address authorize URL returned in step 2 is sent to node 1 through a message, which is opened by node 1 by clicking the link manually. In this example, session data is saved in the database. Where base_url + url_for ('auth _ callback') + '? Username = '+ username is the redirection address. After node 4 is authorized, the "username" parameter is added to redirect to node 2, which can be understood as session ID.

Step 5 code:

@ App. route ('/auth_callback') def auth_callback (): username = request. args. get ('username') user = user. query. filter_by (username = username ). first () pocket = Pocket (pocket_consumer_key) resp = Pocket. get_access_token (user. pocket_code) user. pocket_token = resp ['Access _ token'] user. pocket_username = resp ['username'] DB. session. commit () return '<HTML> 
After authorization is complete, the user directly sends the article link. Node 2 matches the URL address and is added to the pocket list:
Def add_item_to_pocket (username, content): r = r "(http: // [^] +)" URLs = Re. findall (R, content) rmsg = u''user = user. query. filter_by (username = username ). first () pocket = Pocket (pocket_consumer_key) pocket. set_access_token (user. pocket_token) for URL in URLs: itemjson = Pocket. add (url = URL) item = JSON. dumps (itemjson) rmsg + = U' added "% s" to pocket \ n' % item ['title'] Return rmsg
Usage
Mr. A wants to add the article "send around 08:20" sent by Mr. John to the favorites folder, click push messages in the middle, open the article in a built-in browser, click the share button in the upper right corner, and click "Copy link ", open and paste the mypocket. The sent link is as follows:
http://mp.weixin.qq.com/mp/appmsg/show?__biz=MjM5ODIyMTE0MA==&appmsgid=10000250&itemidx=1#wechat_redirect
In this way, a can enjoy this article in the pocket at around 08:20 on the morning of June 23, March 17. Try again:
Resources
1. Python SDK for pocket APIs.
2. Set up a public account Message Server on SAE.