WeChat official account development series-webpage authorization for obtaining basic user information and basic public information

Public Account Development Series-webpage authorization for obtaining basic user information and basic public information

OAuth2.0 web page authorization is also used most on the public platform. You can use the authorization interface to bind users on your own platform to scan codes and share, sign in, and shop at the mall;

1. Advanced Interface OAuth2.0 webpage authorization settings

A. Go to the Advanced Interface list-OAuth2.0-click Modify to set the authorized domain name. The domain name can be a second-level domain name or a second-level domain name.

B. Enter the authorized domain name. Here I use a second-level domain name.

For details about the body authorization Url rules, see the following section, which is mainly from the public platform development documentation. Click to enter

2. webpage authorization to obtain basic user information

If a user accesses a third-party webpage with a public account in the middle (excluding the Web), the public account developer can use this interface to obtain the basic information of the current user (including nickname, gender, city, and country ). Using user information, you can achieve user experience optimization, user source statistics, account binding, user identity authentication, and other functions.Note: "The interface for obtaining basic user information is used to obtain basic user information based on the user's OpenID when a message is generated between the user and the public account, and the webpage authorization method is used to obtain basic user information, message interaction is not required, but the user can access the webpage of the public account. The page requesting user authorization is displayed. After user authorization, you can obtain the basic information (this process does not even require users to pay attention to the public account .)"

OAuth2.0 authorized logon allows users to log on to a third-party application or website using their identities. After authorized users log on to a third-party application already connected to OAuth2.0, the third party can obtain the user's interface call credential (access_token ), access_token can be used to call the open platform authorization Link Interface, so as to obtain basic user open information and help users implement basic open functions.

Before requesting authorization from a user's webpage through a public account, the developer needs to configure the authorization callback domain name on the my service page of the public platform website. Please note that do not add http ://

Instructions on configuring the authorization callback Domain Name:

Authorization callback domain name configuration specification for the full domain name, such as the need for web page authorization Domain Name: www.qq.com, after the configuration of this domain name under the page http://www.qq.com/music.html, http://www.qq.com/login.html can be OAuth2.0 authentication. But http://pay.qq.com, http://music.qq.com, http://qq.com cannot perform OAuth2.0 authentication.

Specifically, the webpage authorization process is divided into four steps:

1. Instruct the user to go to the authorization page to agree to the authorization and obtain the code
2. Use code in exchange for webpage authorization access_token (different from access_token in Basic Support)
3. If necessary, developers can refresh the webpage to authorize access_token to avoid expiration.
4. Use the access_token and openid authorized on the webpage to obtain basic user information.

Directory [hide] 1 Step 1: The user agrees to the authorization and obtains the code 2 Step 2: Exchange code for webpage authorization access_token 3 Step 3: refresh access_token (if needed) 4. Step 4: Pull user information (the scope must be snsapi_userinfo) 5 Appendix: Check whether the authorization credential (access_token) is valid

Step 1: The user agrees to the authorization and obtains the code

To ensure that the public account has the permission to authorize the scope (scope parameter) (after the service number obtains the advanced interface, the snsapi_base and snsapi_userinfo in the scope parameter are included by default), the publisher is guided to open the following page:

Https://open.weixin.qq.com/connect/oauth2/authorize? Appid = APPID & redirect_uri = REDIRECT_URI & response_type = code & scope = SCOPE & state = STATE # wechat_redirect, whether the permission of the scope parameter is granted.

Reference Link (please open this link on the client) Scope is snsapi_baseHttps://open.weixin.qq.com/connect/oauth2/authorize? Appid = wx520c15f415810387 & redirect_uri = http % 3A % 2F % 2Fchong.qq.com % 2 Fphp % 2Findex. php % 3Fd % 3D % 26c % 3 DwxAdapter % 26 m % 3 DmobileDeal % 26 showwxpaytitle % 3D1% 26vb2ctag % response & response_type = code & scope = snsapi_base & state = 123 # wechat_redirectScope is snsapi_userinfoHttps://open.weixin.qq.com/connect/oauth2/authorize? Appid = Response & redirect_uri = http % 3A % 2F % 2Fnba.bluewebgame.com % 2Foauth_response.php & response_type = code & scope = snsapi_userinfo & state = STATE # wechat_redirect

Parameter description

Parameters	Required?	Description
Appid	Yes	Unique public ID
Redirect_uri	Yes	URL of the redirection callback link after authorization. Use urlencode to process the link.
Response_type	Yes	Return type. Enter the code
Scope	Yes	Application Authorization scope, snsapi_base (the authorization page is not displayed, Jump directly, only the user's openid can be obtained), snsapi_userinfo (the authorization page is displayed, and the nickname, gender, and location can be obtained through openid. And,Even if you do not pay attention to it, you can obtain the user information as long as the user is authorized.)
State	No	With the state parameter, the developer can fill in the parameter value of the a-zA-Z0-9
# Wechat_redirect	Yes	This parameter must be included when you open the page directly or perform page 302 redirection.

Authorization page when scope is equal to snsapi_userinfo:

After the user agrees to authorize

If the user agrees to the authorization, the page will jump to redirect_uri /? Code = CODE & state = STATE. If authorization is disabled, the redirection will not contain the code parameter, but the state parameter redirect_uri? State = STATE

Code Description: the code in exchange for the access_token will be different for each user authorization. The code can only be used once and will automatically expire if it is not used for 5 minutes.

Step 2: Exchange code for webpage authorization access_token

First of all, please note that the webpage authorization access_token in exchange for code here is different from the access_token in the basic support. The public account can be used to obtain the webpage authorization access_token through the following interface. If the scope of webpage authorization is snsapi_base, The openid and snsapi_base webpage authorization processes are also obtained when the webpage authorization access_token is obtained in this step.

Request Method

After getting code, request the following link to get access_token: https://api.weixin.qq.com/sns/oauth2/access_token? Appid = APPID & secret = SECRET & code = CODE & grant_type = authorization_code

Parameter description

Parameters	Required?	Description
Appid	Yes	Unique public ID
Secret	Yes	Appsecret of Public Account
Code	Yes	Enter the code parameter obtained in step 1.
Grant_type	Yes	Enter authorization_code

Return description

The returned JSON data packet is as follows:

{   "access_token":"ACCESS_TOKEN",   "expires_in":7200,   "refresh_token":"REFRESH_TOKEN",   "openid":"OPENID",   "scope":"SCOPE"}

Parameters	Description
Access_token	Webpage authorization interface call credential. Note: This access_token is different from the access_token supported by the Basic.
Expires_in	Access_token interface call credential timeout time, in seconds)
Refresh_token	User refresh access_token
Openid	Unique User ID. Note that when you do not pay attention to the public account, a unique OpenID is generated when you access the webpage of the public account.
Scope	User-authorized scopes, separated by commas (,)

When an error occurs, the JSON data packet is returned as follows (the sample Code is invalid ):

{"errcode":40029,"errmsg":"invalid code"}

Global return code Description

Step 3: refresh access_token (if needed)

Because access_token has a short validity period, you can use refresh_token to refresh when the access_token times out. refresh_token has a long validity period (7 days, 30 days, 60 days, and 90 days ), if the refresh_token is invalid, you must re-authorize it.

Request Method

After obtaining the refresh_token in step 2, request the following link to get access_token: https://api.weixin.qq.com/sns/oauth2/refresh_token? Appid = APPID & grant_type = refresh_token & refresh_token = REFRESH_TOKEN

Parameters	Required?	Description
Appid	Yes	Unique public ID
Grant_type	Yes	Enter refresh_token
Refresh_token	Yes	Enter the refresh_token parameter obtained through access_token.

Return description

The returned JSON data packet is as follows:

{   "access_token":"ACCESS_TOKEN",   "expires_in":7200,   "refresh_token":"REFRESH_TOKEN",   "openid":"OPENID",   "scope":"SCOPE"}

Parameters	Description
Access_token	Webpage authorization interface call credential. Note: This access_token is different from the access_token supported by the Basic.
Expires_in	Access_token interface call credential timeout time, in seconds)
Refresh_token	User refresh access_token
Openid	Unique User ID
Scope	User-authorized scopes, separated by commas (,)

When an error occurs, the JSON data packet is returned as follows (the sample Code is invalid ):

{"errcode":40029,"errmsg":"invalid code"}

Global return code Description

Step 4: Pull user information (scope must be snsapi_userinfo)

If the webpage Authorization scope is snsapi_userinfo, the developer can pull user information through access_token and openid.

Request Method

Http: GET (Please use https protocol) https://api.weixin.qq.com/sns/userinfo? Access_token = ACCESS_TOKEN & openid = OPENID & lang = zh_CN

Parameter description

Parameters	Description
Access_token	Webpage authorization interface call credential. Note: This access_token is different from the access_token supported by the Basic.
Openid	Unique User ID
Lang	Return to the Chinese language version, zh_CN simplified, zh_TW traditional, en english

Return description

The returned JSON data packet is as follows:

{   "openid":" OPENID",   " nickname": NICKNAME,   "sex":"1",   "province":"PROVINCE"   "city":"CITY",   "country":"COUNTRY",    "headimgurl":    "http://wx.qlogo.cn/mmopen/g3MonUZtNHkdmzicIlibx6iaFqAc56vxLSUfpb6n5WKSYVY0ChQKkiaJSgQ1dZuTOgvLLrhJbERQQ4eMsv84eavHiaiceqxibJxCfHe/46", "privilege":["PRIVILEGE1""PRIVILEGE2"    ]}

Parameters	Description
Openid	Unique User ID
Nickname	User nickname
Sex	Gender of the user. If the value is 1, the user is male. If the value is 2, the user is female. If the value is 0, the user is unknown.
Province	Province of the user's personal data
City	City for normal user Personal Data
Country	Country, such as CN
Headimgurl	User profile picture. The last value indicates the size of the square profile picture (optional values include 0, 46, 64, 96, and 132, and 0 indicates the size of the 640*640 square profile picture). This parameter is blank when the user does not have the profile picture.
Privilege	User Privilege information, which is a json array. For example, the Waka user is (chinaunicom)

If an error occurs, a JSON packet is returned as follows (the openid is invalid in this example ):

{"errcode":40003,"errmsg":" invalid openid "}

Global return code Description

Appendix: Check whether the authorization credential (access_token) is valid

Request Method

Http: GET (Please use https protocol) https://api.weixin.qq.com/sns/auth? Access_token = ACCESS_TOKEN & openid = OPENID

Parameter description

Parameters	Description
Access_token	Webpage authorization interface call credential. Note: This access_token is different from the access_token supported by the Basic.
Openid	Unique User ID

Return description

Correct Json return results:

{ "errcode":0,"errmsg":"ok"}

Json return example in case of an error:

{ "errcode":40003,"errmsg":"invalid openid"}

My Sina Weibo: http://weibo.com/ I /1741159542

How to obtain user details through the public platform Interface

External Interfaces cannot obtain user details. They can only be viewed on the public platform.

Public Account actively obtains user location information

After [authentication], you can use the [get user location] advanced interface to develop the service number. After development, a dialog box will pop up when the user pays attention to it for the first time, ask whether the user agrees to obtain the geographic location information of the public account. If the user chooses to agree, the user can directly click the menu to jump to the page, and the system will get the geographical location of the user. This weakness is that few users click to agree to the public account to obtain its location.