Backend Development
PHP Tutorial
PHP implements WeChat web page login authorization development
PHP implements WeChat web page login authorization development
This article mainly introduces the implementation of WeChat web page login authorization development with PHP. It has certain reference value. Now I share it with everyone. Friends in need can refer to it
WeChat open platform and the public The difference between platforms
1. The public platform is oriented to ordinary users, such as self-media and media, and is used by the company’s official WeChat public account operators. Of course, your team or company has the strength to develop some Content can also call interfaces in the public platform, such as custom menus, automatic replies, and query functions. At present, most WeChat are doing this after passing the certification.
mp.weixin.qq.com
2. The open platform is for developers and third-party independent software developers. I think the biggest openness of the development platform is WeChat login. At that time, Tencent did not make great efforts to implement unified login. As a result, each website now has to develop a login mechanism. Fortunately, they now understand the situation. Developers or software developers, through the platform and interface provided by WeChat, can develop e-commerce websites suitable for enterprises, scan the QR code to enter a game interface, and then purchase goods. Of course, the subsequent open platform will open the payment interface, so software developers such as Pocket Tong can provide services and software such as WeChat stores for large and small and medium-sized enterprises.
open.weixin.qq.com
The public platform is the management and development backend for service account subscription accounts.
To put it simply, the development platform is to realize the one-click sharing of the content of the software installed in the mobile phone to the circle of friends;
The following third-party login relies on the open platform (open.weixin.qq.com ) Function
Preparation work
Website application WeChat login is a WeChat OAuth2.0 authorized login system built based on the OAuth2.0 protocol standard.
Before performing WeChat OAuth2. Before performing WeChat OAuth2.0 authorized login and access, register a developer account on the WeChat open platform, have an approved website application, and obtain the corresponding AppID and AppSecret. After applying for WeChat login and passing the review, you can start the access process.
Authorization process description
WeChat OAuth2.0 authorized login allows WeChat users to use their WeChat identity to securely log in to third-party applications or websites, and the WeChat user authorizes to log in to third parties that have accessed WeChat OAuth2.0 After application, the third party can obtain the user's interface calling credentials (access_token), and use the access_token to call the WeChat open platform authorization relationship interface, thereby obtaining the basic open information of WeChat users and helping users realize basic open functions.
WeChat OAuth2.0 authorized login currently supports authorization_code mode, which is suitable for application authorization with server side. The overall process of this model is:
1. A third party initiates a WeChat authorized login request. After the WeChat user allows authorization of the third-party application, WeChat will launch the application or redirect to the third-party website, and bring the authorization temporary ticket. code parameter;
2. Add AppID and AppSecret through the code parameter, and exchange access_token through API;
3. Make interface calls through access_token to obtain the user's basic data resources or help the user achieve basic operate.
Get access_token sequence diagram:
Step 1: Request CODE
Third party use website application authorization Before logging in, please note that you have obtained the corresponding web page authorization scope (scope=snsapi_login), you can open the following link on the PC:
https://open.weixin.qq.com/connect/qrconnect?appid=APPID&redirect_uri= REDIRECT_URI&response_type=code&scope=SCOPE&state=STATE#wechat_redirect
If it prompts "The link cannot be accessed", please check whether the parameters are filled in incorrectly. For example, the domain name of redirect_uri is inconsistent with the authorized domain name filled in during the review or the scope is not snsapi_login.
##appid isApplication Unique Identifierredirect_uriisRedirect address needs UrlEncoderesponse_type isFill in the codescope is Application authorization scope, multiple scopes are separated by commas (,), web applications currently only need to fill in snsapi_loginstatenoParameters |
##Is it required |
Description |
| ||
Used to maintain the status of requests and callbacks, and bring them back to the third party as they are after authorizing the request. This parameter can be used to prevent CSRF attacks (cross-site request forgery attacks). It is recommended that third parties bring this parameter. It can be set to a simple random number plus session for verification |
Parameter description
Return description
After the user allows authorization, it will be redirected to the redirect_uri URL with the code and state parameters
redirect_uri?code=CODE&state=STATE
If the user prohibits authorization, the code parameter will not be carried after redirection, only the state parameter will be carried
redirect_uri?state =STATE
Request example
Log in to Yihaodian website application
https://passport.yhd.com/wechat/login.do
After opening, Yihaodian will generate the state parameter and jump to
https://open.weixin.qq.com/connect/qrconnect?appid=wxbdc5610cc59c1631&redirect_uri=https://passport.yhd.com/wechat /callback.do&response_type=code&scope=snsapi_login&state=3d6be0a4035d839573b04816624a415e#wechat_redirect
https://open.weixin.qq.com/connect/qrconnect?appid=wxbdc5610cc59c1631&redirect_uri=https:// passport .yhd.com/wechat/callback.do&response_type=code&scope=snsapi_login&state=eb407f95fbc413185209fd85931761c2#wechat_redirect
After WeChat users use WeChat to scan the QR code and confirm login, the PC will jump to
https ://passport.yhd.com/wechat/callback.do?code=CODE&state=3d6be0a4035d839573b04816624a415e
The second way to obtain the code supports the website to log in to WeChat in 2D The code is embedded into the own page, and the user uses WeChat to scan the code for authorization and returns the code to the website through JS.
The main purpose of JS WeChat login: The website hopes that users can complete the login within the website without jumping to the WeChat domain to log in and then return, to improve the fluency and success rate of WeChat login. How to implement JS for WeChat login with QR code embedded in the website:
Step 1: First introduce the following JS file into the page (https is supported):
Step 2: Instance the following JS object where WeChat login is required:
1 2 3 4 5 6 7 8 9 |
|
##Parameter | ##Is it required | Description | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| is | The unique identification of the application will be obtained after submitting the application for review on the WeChat open platform. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| is the | application authorization scope. Multiple scopes are separated by commas (,). For web applications, currently you only need to fill in snsapi_login | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| is the | redirection address and needs to be UrlEncode | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| No | is used to maintain the status of the request and callback, after authorizing the request Bring it back to the third party as is. This parameter can be used to prevent CSRF attacks (cross-site request forgery attacks). It is recommended that third parties bring this parameter. It can be set to a simple random number plus session for verification | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| No | Provide "black" and "white" options, and the default is black text description. For details, see FAQ | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
##No | ##Since Define style links, and third parties can override the default style according to actual needs. For details, see FAQ | # at the bottom of the document Parameter DescriptionStep 2: Get access_token through codeGet access_token through code https://api.weixin.qq.com/sns/oauth2/access_token?appid=APPID&secret=SECRET&code=CODE&grant_type=authorization_code Parameter Description##Return description
Correct return:{"access_token":"ACCESS_TOKEN",
Return instructionsCorrect return:
1. Appsecret is the key used by the application interface. If leaked, it may lead to application data leakage, application High-risk consequences such as user data leakage; stored on the client, it is very likely to be maliciously stolen (such as decompiling to obtain the Appsecret);2. Access_token is the credential for users to authorize third-party applications to initiate interface calls (equivalent to (in user login state), stored on the client, user data may be leaked after maliciously obtaining access_token, user WeChat related interface functions may be maliciously initiated, etc.; 3. refresh_token is used to authorize third-party applications for users. Long-term credentials are only used to refresh access_token, but if leaked, it will be equivalent to access_token leakage, and the risk is the same as above. It is recommended to put the secret and user data (such as access_token) on the App cloud server, and the cloud transfer interface calls the request. Step 3: Call the interface through access_token After obtaining the access_token, make the interface call with the following prerequisites:1. The access_token is valid and has not expired; 2. The WeChat user has authorized the corresponding interface scope (scope) of the third-party application account. For interface scope (scope), the interfaces that can be called are as follows: snsapi_base/sns/oauth2/access_tokenExchange code for access_token, refresh_token and authorized scope/sns/oauth2/refresh_tokenRefresh or renew access_token use/sns/authCheck access_token validity##snsapi_userinfoAmong them, snsapi_base belongs to the basic interface. If the application already has other scope permissions, it will have the permissions of snsapi_base by default. Using snsapi_base can allow mobile web page authorization to bypass the action of jumping to the authorization login page to request user authorization, and directly jump to the third-party web page with the authorization temporary ticket (code), but this will make the user's authorized scope (scope) only snsapi_base , resulting in the inability to obtain data and basic functions that require user authorization. F.A.Q1. What is an authorization temporary ticket (code)?Answer: A third party needs to use the code to obtain the access_token. The timeout of the code is 10 minutes. A code can only be successfully exchanged for the access_token once and then it will become invalid. The temporary and one-time nature of the code ensures the security of WeChat authorized login. Third parties can further enhance the security of their own authorized logins by using https and state parameters. 2. What is authorization scope? Answer: Authorization scope (scope) represents the interface permissions authorized by users to third parties. Third-party applications need to apply to the WeChat open platform for permission to use the corresponding scope, and then use the method described in the document to allow users to authorize. After user authorization, the interface can be called only after obtaining the corresponding access_token. 3. What is the role of the style field in the WeChat login JS code embedded in the website?Answer: The color style of the third-party page may be light or dark. If the third-party page has a light background, the style field should provide a "black" value (or not, black is the default value), then The corresponding WeChat login text style is black. The related effects are as follows: If the "white" value is provided, the corresponding text description will be displayed in white, suitable for dark backgrounds. The relevant effects are as follows:
4. What is the role of the href field in the WeChat login JS code with a QR code embedded in the website?Answer: If a third party feels that the default style provided by the WeChat team does not match its own page style, it can provide its own style file to override the default style. For example, if a third party feels that the default QR code is too large, it can provide relevant css style files and fill in the link address into the href field
The relevant effects are as follows:
Get user personal information (UnionID mechanism)Interface DescriptionThis interface is used to obtain user personal information. Developers can obtain basic user information through OpenID. It is particularly important to note that if a developer has multiple mobile applications, website applications and public accounts, the user can be uniquely distinguished by obtaining the unionid in the user’s basic information, because as long as they are mobile applications under the same WeChat open platform account , website applications and public accounts, the user's unionid is unique. In other words, for the same user, the unionid is the same for different applications under the same WeChat open platform. Request descriptionhttp request method: GET https://api.weixin.qq.com/sns/userinfo?access_token=ACCESS_TOKEN&openid=OPENID Parameter Description
Return instructionsCorrect Json return result:
"errcode":40003,"errmsg":"invalid openid "
|
