WeChat applet realizes the logical arrangement of login function

In order to allow everyone to better develop WeChat applet, this article mainly shares with you the logic arrangement of WeChat applet login, hoping to help everyone.

Register/Login

Mini Terminal" style="margin: 0.8em 0px; padding: 0px; box-sizing: border-box; font-weight: 100; line-height: 1.3em; font-size: 2.13em;">Mini program:

Get the corresponding information through the above two APIs wx.login and wx.getUserInfo, and pass the above The interface is passed to its own server.

The information that needs to be transmitted has 7 parameters:

appid  小程序唯一标识
secret  小程序的 app secret
js_code  //wx.login登录时获取的 code,用于后续获取session_key

//下面两个参数用户服务器端签名校验用户信息的
signature 使用 sha1( rawData + sessionkey ) 得到字符串，用于校验用户信息。
rawData  不包括敏感信息的原始数据字符串，用于计算签名。

//下面两个参数是用于解密获取openId和UnionId的
encryptedData  包括敏感数据在内的完整用户信息的加密数据
iv 加密算法的初始向量
当然,可以精简为以下三个参数. 
其余的签名校验的参数可省略,而appid和secret可以直接写在服务器.
js_code //  wx.login登录时获取的 code,用于后续获取session_key
encryptedData  包括敏感数据在内的完整用户信息的加密数据
iv 加密算法的初始向量

Server-side processing logic

Relevant information is transmitted to After the server, server

1. First go to the WeChat server to get the session_key based on js_code
2. (This step can be omitted) Use sha1 (rawData + sessionkey) to get the string and determine whether it is the same as the signature value , if they are the same, the user information is correct and you can proceed to the next step. If they are different, the user information has been tampered with or expired.
3. Then decrypt it yourself according to the decryption algorithm (the input parameters are appId, sessionKey, encryptedData, iv, return a jsonObj), get the information such as openId and unionId, and perform the registration/login operation on the server side.
4. After the registration/login operation logic is completed, return the sessionId (or other token) of our server and the user information to the client .

Among them, the server’s request to obtain session_key is:

(lowercase means fixed, uppercase means to be replaced)
https://api.weixin.qq. com/sns/jscode2session?appid=APPID&secret=SECRET&js_code=JSCODE&grant_type=authorization_code

Return:

  //正常返回的JSON数据包
    {
          "openid": "OPENID",
          "session_key": "SESSIONKEY"
          "expires_in": 2592000
    }
    //错误时返回JSON数据包(示例为Code无效)
    {
        "errcode": 40029,
        "errmsg": "invalid code"
    }

Related decryption algorithm:

https://mp.weixin.qq. com/debug/wxadoc/dev/api/signature.html

Note: The sample code includes node, c++, php, python, but not java.

Information that needs to be returned by the server:

sessionId/token login status identification
userInfo: jsonObject, the user’s information on our platform, its content is the same as that returned by the getPersonalInfo interface.

Finally, the login operation Encapsulate it into a method and call it wherever needed

//最终供外面调用的方法
function login(){
    console.log('logining..........');
    //调用登录接口
    wx.login({
        success: function (e) {
            console.log('wxlogin successd........');
            var code = e.code;
            wx.getUserInfo({
                success: function (res) {
                    console.log('wxgetUserInfo successd........');
                    var encryptedData = encodeURIComponent(res.encryptedData);
                    thirdLogin(code,encryptedData,res.iv);//调用服务器api
                }
            })
        }
    });
}
function  thirdLogin(code,encryptedData,iv){
    var url = "eeee/xxx/login/ttttt";
    var params = new Object();
    params.code = code;
    params.encryptedData = encryptedData;
    params.iv =iv;
    buildRequest(new Object(),url,params,{
        onPre: function(page){},
        onSuccess:function (data){
            console.log('my  login successd........');
            console.log(data);
            getApp().globalData.session_id = data.session_id;
            getApp().globalData.uid = data.uid;
            getApp().globalData.isLogin = true;
        },
        onError : function(msgCanShow,code,hiddenMsg){
        }
    }).send();
}

Related recommendations:

How to obtain user information through the WeChat applet

WeChat applet Summary of problems encountered in program development

A WeChat mini program version of Zhihu example sharing

The above is the detailed content of WeChat applet realizes the logical arrangement of login function. For more information, please follow other related articles on the PHP Chinese website!