Development (8) webpage authorization (Oauth) get user information through Oauth, oauth user information
Author: Songyang
This article is from Ashura road and is prohibited for commercial purposes. For more information, see the source.
Link: http://blog.csdn.net/fansongy/article/details/45340951
Webpage authorization
During development, we always want as much information as possible for active users. However, the official website and users do not want to expose this information. As a result, many strange rules and interaction methods have emerged. Webpage authorization is one of them, which provides us with a way to obtain the user's OpenID. You can enter the village quietly, and do not want to shoot.
Process description
This process is not complicated. First the user accesses the https://open.weixin.qq.com/connect/oauth2/authorize connection, the link is followed by appid, The Link name we want to jump to, and a custom variable. When a user accesses the service, the server jumps back to our link and transmits the user's openID back. Official Instructions are as follows:
To ensure that the public account has the permission to authorize the scope (scope parameter) (after the service number obtains the advanced interface, it has the snsapi_base and snsapi_userinfo in the scope parameter by default), the supervisor is guided to open the following page:
https://open.weixin.qq.com/connect/oauth2/authorize?appid=APPID&redirect_uri=REDIRECT_URI&response_type=code&scope=SCOPE&state=STATE#wechat_redirect
If the message "this link cannot be accessed" is displayed, check whether the parameter is entered incorrectly and whether the permission for the scope parameter is authorized. The official link is here
Of course, you can easily pay your user's openID. Real-name authentication is indispensable.
Interface Design
With this, we can use many authorization pages. If you only need the user's openID, there will be no green interface for that disgusting person. If the user does not pay attention to your service number, and you want a nickname or profile picture, the "I am a thief" Green page will appear. The above shows the authorization for nicknames and portraits. Although I also know that there are no future moves, I will not hesitate to turn them off when this page appears.
To avoid many messy Oauth interfaces, we recommend that you use only one interface, and then use the state value to make logical judgment standards and change the page returned by the program.
Implementation
First, let's talk about the interface without real-name authentication.
Then write a unified Oauth interface.
@RequestMapping(value="/authIntf")public void authLogin(HttpServletRequest request,HttpServletResponse response,HttpSession session) throws IOException{ String redirectURL="http://blog.csnd.net/fansongy"; String code = request.getParameter("code"); if(code == null ||code.length() == 0){ logger.error("can't get param code from auth request!"); } String actionType =request.getParameter("state"); if(actionType == null || actionType.length() == 0){ logger.error("can't get param code from auth request!"); } String userOpenId = wxAuthService.getUserOpenID(code); if(userOpenId != null && userOpenId.length()>0) { redirectURL = loginAndJumpBack(userOpenId, actionType); }else { logger.info("Can't find openId in authLogin"); } response.sendRedirect(redirectURL);}public String loginAndJumpBack(String fromUserName, String actionType) { //your logic return "http://www.baidu.com";}
Deployment
Set a valid domain name in the background of the service number. For details, refer to the official documentation:
Before requesting authorization from a user's webpage through a public account, the developer needs to configure the authorization callback domain name on the Developer Center page on the official website of the public platform. Please note that the domain name (a string) is entered here, rather than the URL, so do not add http: // and other protocol headers;
During the final deployment, we recommend that you update the service and test the service in the Link-based mode. After the test is completed, you can click an event in the Add entry, for example, menu.
If you think this article is helpful to you, you can stick to it, not only won't like it, but also let more people see it...