微信開放平臺:微信掃碼登錄功能
官方檔案:https://developers.weixin.qq.com/doc/oplatform/Website_App/WeChat_Login/Wechat_Login.html
1. 授權流程說明
微信OAuth2.0授權登錄讓微信用戶使用微信身份安全登錄第三方應用或網站,在微信用戶授權登錄已接入微信OAuth2.0的第三方應用后,第三方可以獲取到用戶的介面呼叫憑證(access_token),通過access_token可以進行微信開放平臺授權關系介面呼叫,從而可實作獲取微信用戶基本開放資訊和幫助用戶實作基礎開放功能等,
微信OAuth2.0授權登錄目前支持authorization_code模式,適用于擁有server端的應用授權,該模式整體流程為:
① 第三方發起微信授權登錄請求,微信用戶允許授權第三方應用后,微信會拉起應用或重定向到第三方網站,并且帶上授權臨時票據code引數;
② 通過code引數加上AppID和AppSecret等,通過API換取access_token;
③ 通過access_token進行介面呼叫,獲取用戶基本資料資源或幫助用戶實作基本操作,
第一步:請求CODE
第三方使用網站應用授權登錄前請注意已獲取相應網頁授權作用域(scope=snsapi_login),則可以通過在PC端打開以下鏈接:https://open.weixin.qq.com/connect/qrconnect?appid=APPID&redirect_uri=REDIRECT_URI&response_type=code&scope=SCOPE&state=STATE#wechat_redirect
回傳說明
用戶允許授權后,將會重定向到redirect_uri的網址上,并且帶上code和state引數
redirect_uri?code=CODE&state=STATE
若用戶禁止授權,則重定向后不會帶上code引數,僅會帶上state引數
redirect_uri?state=STATE
例如:登錄一號店網站應用 https://passport.yhd.com/wechat/login.do 打開后,一號店會生成state引數,跳轉到 https://open.weixin.qq.com/connect/qrconnect?appid=wxbdc5610cc59c1631&redirect_uri=https%3A%2F%2Fpassport.yhd.com%2Fwechat%2Fcallback.do&response_type=code&scope=snsapi_login&state=3d6be0a4035d839573b04816624a415e#wechat_redirect 微信用戶使用微信掃描二維碼并且確認登錄后,PC端會跳轉到 https://passport.yhd.com/wechat/callback.do?code=CODE&state=3d6be0a4035d839573b04816624a415e
第二步:通過code獲取access_token
通過code獲取access_token
https://api.weixin.qq.com/sns/oauth2/access_token?appid=APPID&secret=SECRET&code=CODE&grant_type=authorization_code
回傳說明
正確的回傳:
{
"access_token":"ACCESS_TOKEN",
"expires_in":7200,
"refresh_token":"REFRESH_TOKEN",
"openid":"OPENID",
"scope":"SCOPE",
"unionid": "o6_bmasdasdsad6_2sgVt7hMZOPfL"
}
錯誤回傳樣例:
{"errcode":40029,"errmsg":"invalid code"}
- Appsecret 是應用介面使用密鑰,泄漏后將可能導致應用資料泄漏、應用的用戶資料泄漏等高風險后果;存盤在客戶端,極有可能被惡意竊取(如反編譯獲取Appsecret);
- access_token 為用戶授權第三方應用發起介面呼叫的憑證(相當于用戶登錄態),存盤在客戶端,可能出現惡意獲取access_token 后導致的用戶資料泄漏、用戶微信相關介面功能被惡意發起等行為;
- refresh_token 為用戶授權第三方應用的長效憑證,僅用于重繪access_token,但泄漏后相當于access_token 泄漏,風險同上,
建議將secret、用戶資料(如access_token)放在App云端服務器,由云端中轉介面呼叫請求,
第三步:通過access_token呼叫介面
獲取access_token后,進行介面呼叫,有以下前提:
- access_token有效且未超時;
- 微信用戶已授權給第三方應用帳號相應介面作用域(scope),
對于介面作用域(scope),能呼叫的介面有以下:
2. 授權流程代碼
因為微信開放平臺的AppiD和APPSecret和微信公眾平臺的AppiD和AppSecret都是不同的,因此需要配置一下:
# 開放平臺
wechat.open-app-id=wx6ad144e54af67d87
wechat.open-app-secret=91a2ff6d38a2bbccfb7e9f9079108e2e
@Data
@Component
@ConfigurationProperties(prefix = "wechat")
public class WechatAccountConfig {
//公眾號appid
private String mpAppId;
//公眾號appSecret
private String mpAppSecret;
//商戶號
private String mchId;
//商戶秘鑰
private String mchKey;
//商戶證書路徑
private String keyPath;
//微信支付異步通知
private String notifyUrl;
//開放平臺id
private String openAppId;
//開放平臺秘鑰
private String openAppSecret;
}
@Configuration
public class WechatOpenConfig {
@Autowired
private WechatAccountConfig accountConfig;
@Bean
public WxMpService wxOpenService() {
WxMpService wxOpenService = new WxMpServiceImpl();
wxOpenService.setWxMpConfigStorage(wxOpenConfigStorage());
return wxOpenService;
}
@Bean
public WxMpConfigStorage wxOpenConfigStorage() {
WxMpInMemoryConfigStorage wxMpInMemoryConfigStorage = new WxMpInMemoryConfigStorage();
wxMpInMemoryConfigStorage.setAppId(accountConfig.getOpenAppId());
wxMpInMemoryConfigStorage.setSecret(accountConfig.getOpenAppSecret());
return wxMpInMemoryConfigStorage;
}
}
@Controller
@RequestMapping("/wechat")
@Slf4j
public class WeChatController {
@Autowired
private WxMpService wxMpService;
@Autowired
private WxMpService wxOpenService;
@GetMapping("/qrAuthorize")
public String qrAuthorize() {
//returnUrl就是用戶授權同意后回呼的地址
String returnUrl = "http://heng.nat300.top/sell/wechat/qrUserInfo";
//引導用戶訪問這個鏈接,進行授權
String url = wxOpenService.buildQrConnectUrl(returnUrl, WxConsts.QRCONNECT_SCOPE_SNSAPI_LOGIN, URLEncoder.encode(returnUrl));
return "redirect:" + url;
}
//用戶授權同意后回調的地址,從請求引數中獲取code
@GetMapping("/qrUserInfo")
public String qrUserInfo(@RequestParam("code") String code) {
WxMpOAuth2AccessToken wxMpOAuth2AccessToken = new WxMpOAuth2AccessToken();
try {
//通過code獲取access_token
wxMpOAuth2AccessToken = wxOpenService.oauth2getAccessToken(code);
} catch (WxErrorException e) {
log.error("【微信網頁授權】{}", e);
throw new SellException(ResultEnum.WECHAT_MP_ERROR.getCode(), e.getError().getErrorMsg());
}
//從token中獲取openid
String openId = wxMpOAuth2AccessToken.getOpenId();
//這個地址可有可無,反正只是為了拿到openid,但是如果沒有會報404錯誤,為了好看隨便回傳一個百度的地址
String returnUrl = "http://www.baidu.com";
log.info("openid={}", openId);
return "redirect:" + returnUrl + "?openid="+openId;
}
}
請求路徑:在瀏覽器打開
https://open.weixin.qq.com/connect/qrconnect?appid=wx6ad144e54af67d87&redirect_uri=http%3A%2F%2Fsell.springboot.cn%2Fsell%2Fqr%2FoTgZpwenC6lwO2eTDDf_-UYyFtqI&response_type=code&scope=snsapi_login&state=http%3A%2F%2Fheng.nat300.top%2Fsell%2Fwechat%2FqrUserInfo
獲取了openid:openid=o9AREv7Xr22ZUk6BtVqw82bb6AFk
3. 用戶登錄和登出
@Controller
@RequestMapping("/seller")
public class SellerUserController {
@Autowired
private SellerService sellerService;
@Autowired
private StringRedisTemplate redisTemplate;
@Autowired
private ProjectUrlConfig projectUrlConfig;
@GetMapping("/login")
public ModelAndView login(@RequestParam("openid") String openid, HttpServletResponse response, Map<String, Object> map) {
//1. openid去和資料庫里的資料匹配
SellerInfo sellerInfo = sellerService.findSellerInfoByOpenid(openid);
if (sellerInfo == null) {
map.put("msg", ResultEnum.LOGIN_FAIL.getMessage());
map.put("url", "/sell/seller/order/list");
return new ModelAndView("common/error");
}
//2. 設定token至redis
String token = UUID.randomUUID().toString();
//設定token的過期時間
Integer expire = RedisConstant.EXPIRE;
redisTemplate.opsForValue().set(String.format(RedisConstant.TOKEN_PREFIX, token), openid, expire, TimeUnit.SECONDS);
//3. 設定token至cookie
CookieUtil.set(response, CookieConstant.TOKEN, token, expire);
return new ModelAndView("redirect:" + "http://heng.nat300.top/sell/seller/order/list");
}
@GetMapping("/logout")
public ModelAndView logout(HttpServletRequest request, HttpServletResponse response, Map<String, Object> map) {
//1. 從cookie里查詢
Cookie cookie = CookieUtil.get(request, CookieConstant.TOKEN);
if (cookie != null) {
//2. 清除redis
redisTemplate.opsForValue().getOperations().delete(String.format(RedisConstant.TOKEN_PREFIX, cookie.getValue()));
//3. 清除cookie
CookieUtil.set(response, CookieConstant.TOKEN, null, 0);
}
map.put("msg", ResultEnum.LOGOUT_SUCCESS.getMessage());
map.put("url", "/sell/seller/order/list");
return new ModelAndView("common/success", map);
}
}
① 將上一步獲取到的openid存入資料庫
② 將授權后跳轉的地址改為登錄地址
//用戶授權同意后回呼的地址,從請求引數中獲取code
@GetMapping("/qrUserInfo")
public String qrUserInfo(@RequestParam("code") String code) {
WxMpOAuth2AccessToken wxMpOAuth2AccessToken = new WxMpOAuth2AccessToken();
try {
//通過code獲取access_token
wxMpOAuth2AccessToken = wxOpenService.oauth2getAccessToken(code);
} catch (WxErrorException e) {
log.error("【微信網頁授權】{}", e);
throw new SellException(ResultEnum.WECHAT_MP_ERROR.getCode(), e.getError().getErrorMsg());
}
//從token中獲取openid
String openId = wxMpOAuth2AccessToken.getOpenId();
//授權成功后跳轉到賣家系統的登錄地址
String returnUrl = "http://heng.nat300.top/sell/seller/login";
log.info("openid={}", openId);
return "redirect:" + returnUrl + "?openid="+openId;
}
③ 在瀏覽器請求這個鏈接:https://open.weixin.qq.com/connect/qrconnect?appid=wx6ad144e54af67d87&redirect_uri=http%3A%2F%2Fsell.springboot.cn%2Fsell%2Fqr%2FoTgZpwenC6lwO2eTDDf_-UYyFtqI&response_type=code&scope=snsapi_login&state=http%3a%2f%2fheng.nat300.top%2fsell%2fwechat%2fqrUserInfo
第三應用請求使用微信掃碼登錄,而不是使用本網站的密碼:
用戶同意授權后登入第三方應用的后臺管理系統:
4. Spring AOP校驗用戶有沒有登錄
@Aspect
@Component
@Slf4j
public class SellerAuthorizeAspect {
@Autowired
private StringRedisTemplate redisTemplate;
@Pointcut("execution(public * com.hh.controller.Seller*.*(..))" +
"&& !execution(public * com.hh.controller.SellerUserController.*(..))")
public void verify() {}
@Before("verify()")
public void doVerify() {
ServletRequestAttributes attributes = (ServletRequestAttributes) RequestContextHolder.getRequestAttributes();
HttpServletRequest request = attributes.getRequest();
//查詢cookie
Cookie cookie = CookieUtil.get(request, CookieConstant.TOKEN);
//如果cookie中沒有token說明已經登出或者根本沒有登錄
if (cookie == null) {
log.warn("【登錄校驗】Cookie中查不到token");
//校驗不通過,拋出例外
throw new SellerAuthorizeException();
}
//去redis里查詢
String tokenValue = https://www.cnblogs.com/javastack/p/redisTemplate.opsForValue().get(String.format(RedisConstant.TOKEN_PREFIX, cookie.getValue()));
//如果redis中沒有對應的openid,同樣表示登出或者根本沒有登錄
if (StringUtils.isEmpty(tokenValue)) {
log.warn("【登錄校驗】Redis中查不到token");
throw new SellerAuthorizeException();
}
}
}
5. 攔截登錄校驗不通過拋出的例外
攔截及登錄校驗不通過的例外,讓其跳轉到登錄頁面,掃碼登錄
@ControllerAdvice
public class SellExceptionHandler {
//攔截登錄例外
@ExceptionHandler(value = https://www.cnblogs.com/javastack/p/SellerAuthorizeException.class) public ModelAndView handlerAuthorizeException() {
//攔截例外后,跳轉到登錄界面
return new ModelAndView("redirect:".concat("https://open.weixin.qq.com/connect/qrconnect?" +
"appid=wx6ad144e54af67d87" +
"&redirect_uri=http%3A%2F%2Fsell.springboot.cn%2Fsell%2Fqr%2F" +
"oTgZpwenC6lwO2eTDDf_-UYyFtqI" +
"&response_type=code&scope=snsapi_login" +
"&state=http%3a%2f%2fheng.nat300.top%2fsell%2fwechat%2fqrUserInfo"));
}
@ExceptionHandler(value = https://www.cnblogs.com/javastack/p/SellException.class) @ResponseBody public ResultVO handlerSellerException(SellException e) {
return ResultVOUtil.error(e.getCode(), e.getMessage());
}
@ExceptionHandler(value = ResponseBankException.class) @ResponseStatus(HttpStatus.FORBIDDEN) public void handleResponseBankException() {
}
}
原文鏈接:
https://blog.csdn.net/qq_42764468/article/details/107823201
著作權宣告:本文為CSDN博主「小小茶花女」的原創文章,遵循CC 4.0 BY-SA著作權協議,轉載請附上原文出處鏈接及本宣告,
近期熱文推薦:
1.1,000+ 道 Java面試題及答案整理(2022最新版)
2.勁爆!Java 協程要來了,,,
3.Spring Boot 2.x 教程,太全了!
4.別再寫滿屏的爆爆爆炸類了,試試裝飾器模式,這才是優雅的方式!!
5.《Java開發手冊(嵩山版)》最新發布,速速下載!
覺得不錯,別忘了隨手點贊+轉發哦!
轉載請註明出處,本文鏈接:https://www.uj5u.com/houduan/461821.html
標籤:Java
上一篇:資料庫操作