Develop official documents based on the WeChat public account:
The steps to obtain user information are as follows:
1 Step 1: User agrees to authorize and obtain code
2 Step 2: Exchange code for web page authorization access_token
3 Step 3: Refresh access_token (if needed)
4 Step 4: Pull user information (scope is required to be snsapi_userinfo)
1 Obtain code
Under the premise of ensuring that the WeChat public account has the authorization scope (scope parameter) (the service account is obtained After the advanced interface, it has snsapi_base and snsapi_userinfo in the scope parameters by default), guiding followers to open the following page:
https://open.weixin.qq.com/connect/oauth2/authorize?appid=APPID&redirect_uri=REDIRECT_URI&response_type=code&scope =SCOPE&state=STATE#wechat_redirect
If it prompts "The link cannot be accessed", please check whether the parameters are filled in incorrectly and whether you have the authorization scope permissions corresponding to the scope parameter.
Special note: Due to the high security level of authorization operations, when initiating an authorization request, WeChat will perform a regular strong matching check on the authorization link. If the parameters of the link are in the wrong order, the authorization page will not be accessible normally
Among them:
AppID - the unique identifier of the official account
REDIRECT_URI - jump url
SCOPE - the value is snsapi_base (the authorization page does not pop up, jumps directly, only the user openid can be obtained) or snsapi_userinfo (the authorization page pops up, which can be obtained through openid) Nickname, gender, location. And, even if the user is not following, the information can be obtained as long as the user authorizes it)
STATE - Developers can customize the parameter values of a-zA-Z0-9
2 through code In exchange for webpage authorization access_token
If the user agrees to the authorization, the page will jump to redirect_uri/?code=CODE&state=STATE.
state is passed as it is from the STATE parameter above.
Implementation code:
<code class="hljs php">$code = I('get.code'); if (empty($code)) { //todo 非微信访问 exit('</code>'); }else{ //授权后操作 }
Here we can get the code for subsequent acquisition of access_token.
After obtaining the code, request the following link to obtain the access_token:
https://api.weixin.qq.com/sns/oauth2/access_token?appid=APPID&secret=SECRET&code=CODE&grant_type=authorization_code
appid - the only one for the official account Identity
secret - Key
code - The code returned above
grant_type - The value is authorization_code
Implementation code:
<code class="hljs bash">$url = 'https://api.weixin.qq.com/cgi-bin/token?grant_type=client_credential&appid=' . C('wechat.AppID') . '&secret=' . C('wechat.AppSecret'); $str = file_get_contents($url); $str = json_decode($str, true); $access_token = $str['access_token'];</code>
The access_token can be cached here to avoid frequent acquisition
Implementation code, take the TP framework as an example:
<code class="hljs php">$access_token = S('access_token'); if (empty($access_token)) { $url = 'https://api.weixin.qq.com/cgi-bin/token?grant_type=client_credential&appid=' . C('wechat.AppID') . '&secret=' . C('wechat.AppSecret'); $str = file_get_contents($url); $str = json_decode($str, true); $access_token = $str['access_token']; S('access_token', $access_token, 3600); }</code>
After obtaining the access_token, it will also return the openid (user's unique identifier). The official WeChat document explains: the user's unique identifier. Please note that when the user does not follow the official account, accessing the official account's webpage will also generate A unique OpenID for a user and official account
openid uniquely identifies a WeChat user. If the user is not logging in for the first time, they can query the database after getting the openid to see if there is a user bound to this openid. There is no need to re-obtain user data afterwards. , directly obtain the database user_id, set the session, log in directly to access
3 Ignore the third step, only re-obtain the access_token at the required time
4 Pull user information (need to have the scope snsapi_userinfo)
There is no such WeChat ID in the database When the user is bound, it is equivalent to the user's first visit and login, and the user information is obtained through the fourth step (in the case of user authorization, the web page authorization scope is snsapi_userinfo, then the developer can pull the user through access_token and openid at this time information), then create a user in the background and bind this WeChat user (via openid)
Request method
http: GET (please use https protocol) https://api.weixin.qq.com/ sns/userinfo?access_token=ACCESS_TOKEN&openid=OPENID&lang=zh_CN
access_token - the access_token obtained above
openid - the unique identifier of the public account
Implementation code:
<code class="hljs php">$access_token = S('access_token'); if (empty($access_token)) { $url = 'https://api.weixin.qq.com/cgi-bin/token?grant_type=client_credential&appid=' . C('wechat.AppID') . '&secret=' . C('wechat.AppSecret'); $str = file_get_contents($url); $str = json_decode($str, true); $access_token = $str['access_token']; S('access_token', $access_token, 3600); }</code>
The above are the specific steps for the WeChat public account to obtain user information.