code is temporary data. Since it is passed to you through a link jump, this parameter cannot be data related to the user's identity, so we give you a temporary data, and then you use this temporary data to exchange for a token representing the user's identity.
WeChat authorization requires you to scan the QR code. When you scan the code, WeChat will send information to the server, so that the server knows who has authorized it. The returned code is a unique value generated by the server and is stored on the server together with the user information. Of course WeChat can distinguish it
Thank you for the above answer. I read some source code. Yes, there is indeed a binding relationship. When generating the authorization code, the WeChat authentication server will determine whether to log in. If logged in, a token related to the user (usernamepasswordtoken, this token will be generated) It doesn’t matter what token you change, it’s just used to identify the user), then generate the code, save the relationship between code, client_id, and username, and then return the code. When the client requests the token, it will verify the correctness of the code based on client_id and code. If correct, the WeChat authentication server will obtain the current user, then generate authenticateId based on client_id, username, and scope (if scope is not empty), then generate accessToken, save the relationship between authenticateId and accessToken, and finally removeCode and return accessToken
code is temporary data. Since it is passed to you through a link jump, this parameter cannot be data related to the user's identity, so we give you a temporary data, and then you use this temporary data to exchange for a token representing the user's identity.
Code can be understood as the user's authorization, and token can be understood as the third party authorizing the user to the caller.
WeChat authorization requires you to scan the QR code. When you scan the code, WeChat will send information to the server, so that the server knows who has authorized it.
The returned code is a unique value generated by the server and is stored on the server together with the user information. Of course WeChat can distinguish it
Thank you for the above answer. I read some source code. Yes, there is indeed a binding relationship. When generating the authorization code, the WeChat authentication server will determine whether to log in. If logged in, a token related to the user (usernamepasswordtoken, this token will be generated) It doesn’t matter what token you change, it’s just used to identify the user), then generate the code, save the relationship between code, client_id, and username, and then return the code. When the client requests the token, it will verify the correctness of the code based on client_id and code. If correct, the WeChat authentication server will obtain the current user, then generate authenticateId based on client_id, username, and scope (if scope is not empty), then generate accessToken, save the relationship between authenticateId and accessToken, and finally removeCode and return accessToken