Process analysis of developing enterprise WeChat applet

Introduction:

Develop a small program that can only be accessed in Enterprise WeChat, and only authorized users in Enterprise WeChat can use it.

(Learning video sharing: Programming video)

Problem analysis:

First of all, there are several problems that need to be solved:

1. Only used in corporate WeChat and cannot be used in ordinary mini programs

Judge the current operating environment

2. Only authorized users can use this mini program

Permissions Verification

1: Ordinary WeChat, use account and password to log in, only for review, account permissions can be restricted

2: Enterprise WeChat, verify company ID, verify user ID, only those with permissions Allow use

3. Control search

Set "Not allowed to be searched" in the mini program management background

4. Control sharing

Close in the mini program Share

OK, after achieving the above points, only authorized users in Enterprise WeChat can see the mini program on the Workbench of Enterprise WeChat.

Processing Process

Okay, now that the problem has been clarified, let’s get started.

1. Develop the basic functions of the mini program and submit it for review

Yes, you read that right, submit it for review first, because only mini programs that pass the review can be bound to Enterprise WeChat. Therefore, first make the basic functions of the mini program, and you can limit some functions. In short, let this mini program be put on the shelves first. At the same time, set "not allowed to be searched" in the mini program's management background to avoid unnecessary trouble.

2. Associate the Mini Program with Enterprise WeChat

Enter the Enterprise WeChat backend-> Application Management-> Mini Program-> Associate the Mini Program, and then use the WeChat QR code of the Mini Program administrator to scan the code , just follow the instructions.

3. Get the Secret of the associated applet and set the visible range

The applet you just associated will appear on the applet page in the previous step. Click to enter, and then you will see the secret and visible range.

This secret is equivalent to the token used by the applet to access the company's WeChat data. Please keep it properly.

The visibility range is authorization. Which users can see this mini program. Those who are set to be visible will see the mini program on their corporate WeChat workbench.

4. Modify the mini program

Okay, it’s time for the main event.

4.1. Determine the operating environment

The mini program needs to determine the current operating environment (normal WeChat or enterprise WeChat) and whether the user using the current mini program has permission to use it.

var isWxWork = false;
wx.getSystemInfo({
  success(res) {
    console.log(res.environment);

    isWxWork = res.environment == 'wxwork';
    if (!isWxWork) {
        // 当前环境不是企业微信，怎么处理你随便
        return;
    }
    
    // 当前环境是企业微信，执行登陆，获取用户 code，用于后面的权限校验
    wx.qy.login({
      success: function (res) {
        if (res.code) {
            console.log(res.code);
            
            // 这里可以将 res.code 通过请求发送给后台，让后台做权限校验
        } else {
            console.log('登录失败！' + res.errMsg);
        }
      }
    });
  }
})

4.2. Permission verification

The background needs to call the following interfaces to perform permission verification.

1. Obtain access_token

https://qyapi.weixin.qq.com/cgi-bin/gettoken?corpid=xxxx&corpsecret=xxxx

请求方式：GET

This interface is similar to the method of obtaining token in ordinary WeChat.

Among them, corpid is in the enterprise WeChat management background->My Company->Corporate Information->Corporate ID; corpsecret is the secret obtained after we associated the mini program in the previous step.

The returned content is as follows:

{
    "errcode": 0,
    "errmsg": "ok",
    "access_token": "xxxxxx",
    "expires_in": 7200
}

2. Get userid

https://qyapi.weixin.qq.com/cgi-bin/miniprogram/jscode2session?access_token=xxx&js_code=xxx&grant_type=authorization_code

请求方式：GET

Among them, access_token is obtained by gettoken in the previous step; js_code is obtained when judging the running environment. res.code; grant_type fixed transmission authorization_code

The returned content is as follows:

{
    "userid": "bottle",
    "session_key": "xxxxx",
    "corpid": "xxxxxx",
    "deviceid": "xxxxxx",
    "errcode": 0,
    "errmsg": "ok"
}

The corpid here can be used to initially verify whether the current user has permissions, because no matter which company the person is from, as long as he uses Enterprise WeChat, using this applet, will return such a result. You need to verify whether the corpid is the ID of the company you authorize. If not, just return no permission without proceeding to the next step.

Of course corpid can also be used to handle situations where a small program is associated with multiple companies, but this is another issue. Let me briefly mention here, because it is a small program developed for other companies, our small program is also associated with two companies, one is our company and the other is the other company. This also facilitates our testing and only requires our own testers. Authorization allows them to use the exact same environment for testing.

3. Obtain user information (determine permissions)

https://qyapi.weixin.qq.com/cgi-bin/user/get?access_token=xxx&userid=xxx

请求方式：GET

Among them, access_token is the one we obtained by gettoken in the previous step; userid is the userid we obtained in the previous step.

The returned content is as follows:

With permission

{
    "errcode": 0,
    "errmsg": "ok",
    "userid": "xxx",
    "name": "xxx",
    "department": [],
    "position": "",
    "mobile": "xxx",
    "gender": "2",
    "email": "",
    "avatar": "http://p.qlogo.cn/bizmail/xxx/0",
    "status": 1,
    "isleader": 0,
    "extattr": {
        "attrs": []
    },
    "telephone": "",
    "enable": 1,
    "hide_mobile": 0,
    "order": [],
    "qr_code": "https://open.work.weixin.qq.com/wwopen/userQRCode?vcode=xxx",
    "alias": "",
    "is_leader_in_dept": []
}

Without permission:

{
    "errcode": 60011,
    "errmsg": "no privilege to access/modify contact/party/agent , hint: [1564556097_7_8d45297bd21be3702ff430560e1f0652], from ip: 118.113.1.217, more info at https://open.work.weixin.qq.com/devtool/query?e=60011",
    "department": [],
    "order": [],
    "is_leader_in_dept": []
}

OK, the execution will be different depending on whether you have permission or not. The operation is enough, and I won’t go into details here.

Reference materials

Enterprise WeChat API (mini program): https://work.weixin.qq.com/api/doc#90000/90136/90289

Enterprise WeChat interface debugging tool: https://work.weixin.qq.com/api/devtools/devtool.php

Error code query tool: https://open.work.weixin.qq.com/devtool /query

Related recommendations: 小program development

The above is the detailed content of Process analysis of developing enterprise WeChat applet. For more information, please follow other related articles on the PHP Chinese website!