开发场景:
- 同一开放平台下的公众号、小程序。
- 然后小程序里拉起支付时,当用户未关注公众号时,会报错 “无效的openid”;当关注之后正常拉起,无报错。
此错排查:
- 前后台使用的APPID是否一致
- 调用统一下单接口,传入参数openid是否openid(别传个订单id)
- 最有可能的原因:openid获取方式不正确,具体表现为:使用了登录接口(即下图)返回的openid。
下面介绍获取openid的正确方式,拉起授权获取:
- 小程序端: 调用getUserInfo接口,获取用户授权后,获取到用户数据,包含敏感数据(openid,unionID),传给后台进行解密
- 服务端:对前台传来的敏感数据进行解密,获取openid
实现(本人不会前台,前台略过):
- 前台调用wx.login 接口获得临时登录凭证 code。小程序wx.login 官方文档,点击查看
- 前台调用getUserInfo 获得的敏感数据。小程序getUserInfo官方文档,点击查看
服务端(java):
- 调用auth.code2Session,登录凭证校验。前台调用wx.login 接口获得临时登录凭证 code 后,传到后台调用此接口完成登录。
- 取出上面接口返回的session_key,用以解密数据。
- 对前台调用getUserInfo获得的敏感数据进行解密,获取到授权后正确的openid。
/**
* @Description: 小程序:获取微信授权信息
* @auther: Hanweihu
* @date: 16:13 2019/6/18
* @return: cn.shangze.boot.common.vo.Result<java.lang.Object>
*/
@ApiOperation(value = "小程序:获取微信授权信息")
@RequestMapping(value = "/getAuthInfoForSignUp", method = RequestMethod.GET)
public Result<Object> getAuthInfoForSignUp(String code,
@RequestParam(required = false) String encryptedData,
@RequestParam(required = false)String iv) {
if (StringUtils.isBlank(code)){
return new ResultUtil<Object>().setErrorMsg("code不可为空");
}
Map<String, String> requestUrlParam = new HashMap<>();
WxPayConfig wxPayConfig = wxPayConfigMapper.selectById(wxProId);
requestUrlParam.put("appid", 小程序 appId);
requestUrlParam.put("secret", 小程序 appSecret);
requestUrlParam.put("js_code", code); // 前台获取的 code
requestUrlParam.put("grant_type", "authorization_code"); //授权类型
// 发送post请求,调用微信接口
JSONObject jsonObject = JSONObject.fromObject(HttpClientUtil.doPost("https://api.weixin.qq.com/sns/jscode2session", requestUrlParam));
if (jsonObject.has("errcode")) {
String errcode = jsonObject.getString("errcode");
if (errcode.equals("0") == false) {
// 微信返回失败,返回微信报错信息
return new ResultUtil<Object>().setErrorMsg(jsonObject.getString("errmsg"));
}
}
log.info("小程序:获取用户授权返回:" + jsonObject);
// session_key,用以解密数据
String sessionkey = jsonObject.getString("session_key");
if (StringUtils.isBlank(iv) || StringUtils.isBlank(encryptedData)){
// 这俩参数值为空,说明,已授权不用再次重复授权,此时,上面接口获取openid就是对的。直接返回
return new ResultUtil<Object>().setData(jsonObject,"获取微信授权成功");
}
// 参数不为空,则为第一次授权,需要解密获取。
JSONObject jsonObject2 = getUserInfo(encryptedData , sessionkey, iv);
Map<String, String> res = new HashMap<>();
res.put("openid", jsonObject2.getString("openId"));
res.put("unionid", jsonObject2.getString("unionId"));
res.put("session_key", sessionkey);
log.info("解密结果:"+jsonObject2.toString());
return new ResultUtil<Object>().setData(res,"获取微信授权成功");
}
/**
* 解密用户敏感数据获取用户信息
*
* @param sessionKey 数据进行加密签名的密钥
* @param encryptedData 包括敏感数据在内的完整用户信息的加密数据
* @param iv 加密算法的初始向量
* @return
*/
public JSONObject getUserInfo(String encryptedData, String sessionKey, String iv) {
// 被加密的数据
byte[] dataByte = Base64.decode(encryptedData);
// 加密秘钥
byte[] keyByte = Base64.decode(sessionKey);
// 偏移量
byte[] ivByte = Base64.decode(iv);
try {
// 如果密钥不足16位,那么就补足. 这个if 中的内容很重要
int base = 16;
if (keyByte.length % base != 0) {
int groups = keyByte.length / base + (keyByte.length % base != 0 ? 1 : 0);
byte[] temp = new byte[groups * base];
Arrays.fill(temp, (byte) 0);
System.arraycopy(keyByte, 0, temp, 0, keyByte.length);
keyByte = temp;
}
// 初始化
Security.addProvider(new BouncyCastleProvider());
Cipher cipher = Cipher.getInstance("AES/CBC/PKCS7Padding","BC");
SecretKeySpec spec = new SecretKeySpec(keyByte, "AES");
AlgorithmParameters parameters = AlgorithmParameters.getInstance("AES");
parameters.init(new IvParameterSpec(ivByte));
cipher.init(Cipher.DECRYPT_MODE, spec, parameters);// 初始化
byte[] resultByte = cipher.doFinal(dataByte);
if (null != resultByte && resultByte.length > 0) {
String result = new String(resultByte, "UTF-8");
return JSONObject.fromObject(result);
}
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
} catch (NoSuchPaddingException e) {
e.printStackTrace();
} catch (InvalidParameterSpecException e) {
e.printStackTrace();
} catch (IllegalBlockSizeException e) {
e.printStackTrace();
} catch (BadPaddingException e) {
e.printStackTrace();
} catch (UnsupportedEncodingException e) {
e.printStackTrace();
} catch (InvalidKeyException e) {
e.printStackTrace();
} catch (InvalidAlgorithmParameterException e) {
e.printStackTrace();
} catch (NoSuchProviderException e) {
e.printStackTrace();
}
return null;
}
解密方法中,maven依赖:
<dependency>
<groupId>org.bouncycastle</groupId>
<artifactId>bcprov-jdk15on</artifactId>
<version>1.56</version>
</dependency>
HttpClientUtil
import org.apache.http.NameValuePair;
import org.apache.http.client.entity.UrlEncodedFormEntity;
import org.apache.http.client.methods.CloseableHttpResponse;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.client.utils.URIBuilder;
import org.apache.http.entity.ContentType;
import org.apache.http.entity.StringEntity;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClients;
import org.apache.http.message.BasicNameValuePair;
import org.apache.http.util.EntityUtils;
import java.io.IOException;
import java.net.URI;
import java.util.ArrayList;
import java.util.List;
import java.util.Map;
public class HttpClientUtil {
public static String doGet(String url, Map<String, String> param) {
// 创建Httpclient对象
CloseableHttpClient httpclient = HttpClients.createDefault();
String resultString = "";
CloseableHttpResponse response = null;
try {
// 创建uri
URIBuilder builder = new URIBuilder(url);
if (param != null) {
for (String key : param.keySet()) {
builder.addParameter(key, param.get(key));
}
}
URI uri = builder.build();
// 创建http GET请求
HttpGet httpGet = new HttpGet(uri);
// 执行请求
response = httpclient.execute(httpGet);
// 判断返回状态是否为200
if (response.getStatusLine().getStatusCode() == 200) {
resultString = EntityUtils.toString(response.getEntity(), "UTF-8");
}
} catch (Exception e) {
e.printStackTrace();
} finally {
try {
if (response != null) {
response.close();
}
httpclient.close();
} catch (IOException e) {
e.printStackTrace();
}
}
return resultString;
}
public static String doGet(String url) {
return doGet(url, null);
}
public static String doPost(String url, Map<String, String> param) {
// 创建Httpclient对象
CloseableHttpClient httpClient = HttpClients.createDefault();
CloseableHttpResponse response = null;
String resultString = "";
try {
// 创建Http Post请求
HttpPost httpPost = new HttpPost(url);
// 创建参数列表
if (param != null) {
List<NameValuePair> paramList = new ArrayList<>();
for (String key : param.keySet()) {
paramList.add(new BasicNameValuePair(key, param.get(key)));
}
// 模拟表单
UrlEncodedFormEntity entity = new UrlEncodedFormEntity(paramList);
httpPost.setEntity(entity);
}
// 执行http请求
response = httpClient.execute(httpPost);
resultString = EntityUtils.toString(response.getEntity(), "utf-8");
} catch (Exception e) {
e.printStackTrace();
} finally {
try {
response.close();
} catch (IOException e) {
e.printStackTrace();
}
}
return resultString;
}
public static String doPost(String url) {
return doPost(url, null);
}
public static String doPostJson(String url, String json) {
// 创建Httpclient对象
CloseableHttpClient httpClient = HttpClients.createDefault();
CloseableHttpResponse response = null;
String resultString = "";
try {
// 创建Http Post请求
HttpPost httpPost = new HttpPost(url);
// 创建请求内容
StringEntity entity = new StringEntity(json, ContentType.APPLICATION_JSON);
httpPost.setEntity(entity);
// 执行http请求
response = httpClient.execute(httpPost);
resultString = EntityUtils.toString(response.getEntity(), "utf-8");
} catch (Exception e) {
e.printStackTrace();
} finally {
try {
response.close();
} catch (IOException e) {
e.printStackTrace();
}
}
return resultString;
}
}