Public Account Development Series-webpage authorization to obtain basic user information
OAuth2.0 web page authorization is also used most on the public platform. You can use the authorization interface to bind users on your own platform to scan codes and share, sign in, and shop at the mall;
1. Advanced Interface OAuth2.0 webpage authorization settingsA. Go to the Advanced Interface list-OAuth2.0-click Modify to set the authorized domain name. The domain name can be a second-level domain name or a second-level domain name.
B. Enter the authorized domain name. Here I use a second-level domain name.
For details about the body authorization Url rules, see the following section, which is mainly from the public platform development documentation. Click to enter
2. webpage authorization to obtain basic user informationIf a user accesses a third-party webpage with a public account in the middle (excluding the Web), the public account developer can use this interface to obtain the basic information of the current user (including nickname, gender, city, and country ). Using user information, you can achieve user experience optimization, user source statistics, account binding, user identity authentication, and other functions.Note: "The interface for obtaining basic user information is used to obtain basic user information based on the user's OpenID when a message is generated between the user and the public account, and the webpage authorization method is used to obtain basic user information, message interaction is not required, but the user can access the webpage of the public account. The page requesting user authorization is displayed. After user authorization, you can obtain the basic information (this process does not even require users to pay attention to the public account .)"
OAuth2.0 authorized logon allows users to log on to a third-party application or website using their identities. After authorized users log on to a third-party application already connected to OAuth2.0, the third party can obtain the user's interface call credential (access_token ), access_token can be used to call the open platform authorization Link Interface, so as to obtain basic user open information and help users implement basic open functions.
Before requesting authorization from a user's webpage through a public account, the developer needs to configure the authorization callback domain name on the my service page of the public platform website. Please note that do not add http ://
Instructions on configuring the authorization callback Domain Name:
Authorization callback domain name configuration specification for the full domain name, such as the need for web page authorization Domain Name: www.qq.com, after the configuration of this domain name under the page http://www.qq.com/music.html, http://www.qq.com/login.html can be OAuth2.0 authentication. But http://pay.qq.com, http://music.qq.com, http://qq.com cannot perform OAuth2.0 authentication.
Specifically, the webpage authorization process is divided into four steps:
Directory [hide]
|
To ensure that the public account has the permission to authorize the scope (scope parameter) (after the service number obtains the advanced interface, the snsapi_base and snsapi_userinfo in the scope parameter are included by default), the publisher is guided to open the following page:
Https://open.weixin.qq.com/connect/oauth2/authorize? Appid = APPID & redirect_uri = REDIRECT_URI & response_type = code & scope = SCOPE & state = STATE # wechat_redirect, whether the permission of the scope parameter is granted.
Reference Link (please open this link on the client) Scope is snsapi_baseHttps://open.weixin.qq.com/connect/oauth2/authorize? Appid = wx520c15f415810387 & redirect_uri = http % 3A % 2F % 2Fchong.qq.com % 2 Fphp % 2Findex. php % 3Fd % 3D % 26c % 3 DwxAdapter % 26 m % 3 DmobileDeal % 26 showwxpaytitle % 3D1% 26vb2ctag % response & response_type = code & scope = snsapi_base & state = 123 # wechat_redirectScope is snsapi_userinfoHttps://open.weixin.qq.com/connect/oauth2/authorize? Appid = Response & redirect_uri = http % 3A % 2F % 2Fnba.bluewebgame.com % 2Foauth_response.php & response_type = code & scope = snsapi_userinfo & state = STATE # wechat_redirect
Parameter description
| Parameters | Required? | Description |
|---|---|---|
| Appid | Yes | Unique public ID |
| Redirect_uri | Yes | URL of the redirection callback link after authorization. Use urlencode to process the link. |
| Response_type | Yes | Return type. Enter the code |
| Scope | Yes | Application Authorization scope, snsapi_base (the authorization page is not displayed, Jump directly, only the user's openid can be obtained), snsapi_userinfo (the authorization page is displayed, and the nickname, gender, and location can be obtained through openid. And,Even if you do not pay attention to it, you can obtain the user information as long as the user is authorized.) |
| State | No | With the state parameter, the developer can fill in the parameter value of the a-zA-Z0-9 |
| # Wechat_redirect | Yes | This parameter must be included when you open the page directly or perform page 302 redirection. |
Authorization page when scope is equal to snsapi_userinfo:
After the user agrees to authorize
If the user agrees to the authorization, the page will jump to redirect_uri /? Code = CODE & state = STATE. If authorization is disabled, the redirection will not contain the code parameter, but the state parameter redirect_uri? State = STATE
Code Description: the code in exchange for the access_token will be different for each user authorization. The code can only be used once and will automatically expire if it is not used for 5 minutes.Step 2: Exchange code for webpage authorization access_token
First of all, please note that the webpage authorization access_token in exchange for code here is different from the access_token in the basic support. The public account can be used to obtain the webpage authorization access_token through the following interface. If the scope of webpage authorization is snsapi_base, The openid and snsapi_base webpage authorization processes are also obtained when the webpage authorization access_token is obtained in this step.
Request Method
After getting code, request the following link to get access_token: https://api.weixin.qq.com/sns/oauth2/access_token? Appid = APPID & secret = SECRET & code = CODE & grant_type = authorization_code
Parameter description
| Parameters | Required? | Description |
|---|---|---|
| Appid | Yes | Unique public ID |
| Secret | Yes | Appsecret of Public Account |
| Code | Yes | Enter the code parameter obtained in step 1. |
| Grant_type | Yes | Enter authorization_code |
Return description
The returned JSON data packet is as follows:
{ access_token:ACCESS_TOKEN, expires_in:7200, refresh_token:REFRESH_TOKEN, openid:OPENID, scope:SCOPE}
| Parameters | Description |
|---|---|
| Access_token | Webpage authorization interface call credential. Note: This access_token is different from the access_token supported by the Basic. |
| Expires_in | Access_token interface call credential timeout time, in seconds) |
| Refresh_token | User refresh access_token |
| Openid | Unique User ID. Note that when you do not pay attention to the public account, a unique OpenID is generated when you access the webpage of the public account. |
| Scope | User-authorized scopes, separated by commas (,) |
When an error occurs, the JSON data packet is returned as follows (the sample Code is invalid ):
{errcode:40029,errmsg:invalid code}Global return code Description
Step 3: refresh access_token (if needed)Because access_token has a short validity period, you can use refresh_token to refresh when the access_token times out. refresh_token has a long validity period (7 days, 30 days, 60 days, and 90 days ), if the refresh_token is invalid, you must re-authorize it.
Request Method
After obtaining the refresh_token in step 2, request the following link to get access_token: https://api.weixin.qq.com/sns/oauth2/refresh_token? Appid = APPID & grant_type = refresh_token & refresh_token = REFRESH_TOKEN
| Parameters | Required? | Description |
|---|---|---|
| Appid | Yes | Unique public ID |
| Grant_type | Yes | Enter refresh_token |
| Refresh_token | Yes | Enter the refresh_token parameter obtained through access_token. |
Return description
The returned JSON data packet is as follows:
{ access_token:ACCESS_TOKEN, expires_in:7200, refresh_token:REFRESH_TOKEN, openid:OPENID, scope:SCOPE}
| Parameters | Description |
|---|---|
| Access_token | Webpage authorization interface call credential. Note: This access_token is different from the access_token supported by the Basic. |
| Expires_in | Access_token interface call credential timeout time, in seconds) |
| Refresh_token | User refresh access_token |
| Openid | Unique User ID |
| Scope | User-authorized scopes, separated by commas (,) |
When an error occurs, the JSON data packet is returned as follows (the sample Code is invalid ):
{errcode:40029,errmsg:invalid code}Global return code Description
Step 4: Pull user information (scope must be snsapi_userinfo)If the webpage Authorization scope is snsapi_userinfo, the developer can pull user information through access_token and openid.
Request Method
Http: GET (Please use https protocol) https://api.weixin.qq.com/sns/userinfo? Access_token = ACCESS_TOKEN & openid = OPENID & lang = zh_CN
Parameter description
| Parameters | Description |
|---|---|
| Access_token | Webpage authorization interface call credential. Note: This access_token is different from the access_token supported by the Basic. |
| Openid | Unique User ID |
| Lang | Return to the Chinese language version, zh_CN simplified, zh_TW traditional, en english |
Return description
The returned JSON data packet is as follows:
{ openid: OPENID, nickname: NICKNAME, sex:1, province:PROVINCE city:CITY, country:COUNTRY, headimgurl: http://wx.qlogo.cn/mmopen/g3MonUZtNHkdmzicIlibx6iaFqAc56vxLSUfpb6n5WKSYVY0ChQKkiaJSgQ1dZuTOgvLLrhJbERQQ4eMsv84eavHiaiceqxibJxCfHe/46, privilege:[PRIVILEGE1PRIVILEGE2 ]}
| Parameters | Description |
|---|---|
| Openid | Unique User ID |
| Nickname | User nickname |
| Sex | Gender of the user. If the value is 1, the user is male. If the value is 2, the user is female. If the value is 0, the user is unknown. |
| Province | Province of the user's personal data |
| City | City for normal user Personal Data |
| Country | Country, such as CN |
| Headimgurl | User profile picture. The last value indicates the size of the square profile picture (optional values include 0, 46, 64, 96, and 132, and 0 indicates the size of the 640*640 square profile picture). This parameter is blank when the user does not have the profile picture. |
| Privilege | User Privilege information, which is a json array. For example, the Waka user is (chinaunicom) |
If an error occurs, a JSON packet is returned as follows (the openid is invalid in this example ):
{errcode:40003,errmsg: invalid openid }Global return code Description
Appendix: Check whether the authorization credential (access_token) is validRequest Method
Http: GET (Please use https protocol) https://api.weixin.qq.com/sns/auth? Access_token = ACCESS_TOKEN & openid = OPENID
Parameter description
| Parameters | Description |
|---|---|
| Access_token | Webpage authorization interface call credential. Note: This access_token is different from the access_token supported by the Basic. |
| Openid | Unique User ID |
Return description
Correct Json return results:
{ errcode:0,errmsg:ok}Json return example in case of an error:
{ errcode:40003,errmsg:invalid openid}
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
