Wechat official account access openid process

1. Preparation:

Apply for wechat official account and prepare wechat developer tools and back-end development tools.

2. wechat official account test number configuration process:

The interface is configured as an address that can be accessed by the public network to receive the authentication request of wechat server. The request content is:

The developer verifies the request by verifying the signature (the verification method is shown below). If you confirm that the GET request comes from the wechat server, please return the content of the echostr parameter as it is. Then the access will take effect and become a developer. Otherwise, the access will fail. The encryption / verification process is as follows:

1) Sort the three parameters token, timestamp and nonce in dictionary order 2) splice the three parameter strings into one string for sha1 encryption 3) the encrypted string obtained by the developer can be compared with signature to identify that the request comes from wechat.

Address: link


The back-end verification of wechat official account finally returns true or false. The approximate logic is (take jfinal framework as an example):

public void validate() {
        //take token,timestamp,nonce
        String token = "***";
        String timestamp = getPara("timestamp");
        String nonce = getPara("nonce");
        String signature = getPara("signature");
        String fullStr = token + timestamp + nonce;
        String result = "";
        try {
            result = this.shaEncode(fullStr);
        } catch (Exception ex) {
        boolean result1 = result.equals(signature);
        String echostr = getPara("echostr");
        renderText(result1 == true ? echostr : "false");

The contents of token and wechat page are consistent.

After configuration, configure the content: JS interface security domain name, that is, write the configuration website directly. For example: http: / / **************************************************** com

There is one thing to pay special attention to: experience interface permission table -- > Web page authorization to obtain basic user information (authorized callback page domain name), you can only fill in the website, not http or https!

 3. Development process:

Pay attention to the official account to be developed, then open the [official account web page project] with the wechat developer tool, and enter the official account address in the address bar to open the page for debugging. This has the same effect as opening a official account on wechat, but with more debugging environments, you can easily view the effects and debugging information.

This official account can only be viewed by binding to wechat, so its process is as follows:

Enter the home page, and then jump to the home page according to the login situation. If you have logged in, the content of the home page will be displayed directly. If you have not logged in, jump to the login page. The login page directly sends a request to the wechat server to obtain its code according to the current wechat user. There are two ways:

Mode 1:

Customize a wechat authorization page and send a request to the wechat server at the page end. The login page requests first and will redirect_uri is set as the new page address, and the request content is as follows:

  var wx_link = 'https://open.weixin.qq.com/connect/oauth2/authorize?appid=' + appId + '&redirect_uri=' +
                redirect_uri + '&response_type=code&scope=snsapi_base#wechat_redirect';
            window.location.href = wx_link;
            var code =GetQueryString('code');

Then set a confirm login button on the new page, click the button to send a request to the official account server, and then the server sends a request to the wechat server to obtain the openid (involving the official account configuration information, which can only be carried out on the server side). This method involves the jump between the login page and the confirmation wechat login page. It is cumbersome and the effect is not very good. It is suitable for powerful large companies. Generally, it is not recommended.

Mode 2 (recommended):

Directly use the official authorized login page of wechat. The process is as follows:

On the official account login page, judge whether there is a code parameter in the ready event. If yes, send it back to the server to obtain the openid. If not, directly jump to the wechat authorization page. The code is as follows:

function getCode(obj) {
            var url = 'https://open.weixin.qq.com/connect/oauth2/authorize?appid=*********&redirect_uri=http://***************/login&response_type=code&scope=snsapi_userinfo&state=123#wechat_redirect';
            window.location.href = url;

In this way, after clicking confirm login on the wechat authorization page, you will return to the current page and carry the code parameter. At this time, a request for openid is sent to the back end according to the code. The back-end method to obtain openid is roughly as follows:

public void openId()
        String code = getPara("code");
        String AppId = "";
        String AppSecret = "";
        String openidUrl = "https://api.weixin.qq.com/sns/oauth2/access_token?appid=" + AppId
                + "&secret=" + AppSecret
                + "&code="+code
                + "&grant_type=authorization_code";
        String result = HttpKit.get(openidUrl);
        Object jsonObject = JSON.parse(result);

In this way, after the front end obtains the openid, it can bind with the current login user and write the binding relationship to the database.

Posted by RoundPorch on Thu, 05 May 2022 07:09:24 +0300