网页授权获取用户信息步骤
第一步:用户同意授权,获取code
第二步:通过code换取网页授权access_token
第三步:拉取用户信息(需scope为 snsapi_userinfo)
第一步:用户同意授权,获取code
要填写网页授权回调域名:
1.在网页帐号处点击”修改”按钮
2.填写域名(注意不要http://, 不要后面的路由)
在确保微信公众账号拥有授权作用域(scope参数)的权限的前提下(服务号获得高级接口后,默认拥有scope参数中的snsapi_base和snsapi_userinfo),引导用户打开如下页面:
https://open.weixin.qq.com/connect/oauth2/authorize?appid=APPID&redirect_uri=REDIRECT_URI&response_type=code&scope=SCOPE&state=STATE#wechat_redirect
若提示“该链接无法访问”,请检查参数是否填写错误,是否拥有scope参数对应的授权作用域权限。
参数说明
参数 | 是否必须 | 说明 |
---|
appid | 是 | 公众号的唯一标识 |
redirect_uri | 是 | 授权后重定向的回调链接地址,请使用urlencode对链接进行处理 |
response_type | 是 | 返回类型,请填写code |
scope | 是 | 应用授权作用域,snsapi_base (不弹出授权页面,直接跳转,只能获取用户openid),snsapi_userinfo (弹出授权页面,可通过openid拿到昵称、性别、所在地。并且,即使在未关注的情况下,只要用户授权,也能获取其信息) |
state | 否 | 重定向后会带上state参数,开发者可以填写a-zA-Z0-9的参数值,最多128字节 |
wechat_redirect | 是 | 无论直接打开还是做页面302重定向时候,必须带此参数 |
如果用户点击同意授权,页面将跳转至 redirect_uri/?code=CODE&state=STATE。
若用户禁止授权,则重定向后不会带上code参数,仅会带上state参数redirect_uri?state=STATE
code说明 :
code作为换取access_token的票据,每次用户授权带上的code将不一样,code只能使用一次,5分钟未被使用自动过期。
第二步:通过code换取网页授权access_token
首先请注意,这里通过code换取的是一个特殊的网页授权access_token,与基础支持中的access_token(该access_token用于调用其他接口)不同。
公众号可通过下述接口来获取网页授权access_token。如果网页授权的作用域为snsapi_base,则本步骤中获取到网页授权access_token的同时,也获取到了openid,snsapi_base式的网页授权流程即到此为止。
获取code后,GET请求以下链接获取access_token:
https://api.weixin.qq.com/sns/oauth2/access_token?appid=APPID&secret=SECRET&code=CODE&grant_type=authorization_code
GET参数说明
参数 | 是否必须 | 说明 |
---|
appid | 是 | 公众号的唯一标识 |
secret | 是 | 公众号的appsecret |
code | 是 | 填写第一步获取的code参数 |
grant_type | 是 | 填写为authorization_code |
正确时返回的JSON数据包如下:
{
"access_token":"ACCESS_TOKEN",
"expires_in":7200,
"refresh_token":"REFRESH_TOKEN",
"openid":"OPENID",
"scope":"SCOPE",
"unionid": "o6_bmasdasdsad6_2sgVt7hMZOPfL"
}
参数 | 描述 |
---|
access_token | 网页授权接口调用凭证,注意:此access_token与基础支持的access_token不同 |
expires_in | access_token接口调用凭证超时时间,单位(秒) |
refresh_token | 用户刷新access_token |
openid | 用户唯一标识,请注意,在未关注公众号时,用户访问公众号的网页,也会产生一个用户和公众号唯一的OpenID |
scope | 用户授权的作用域,使用逗号(,)分隔 |
unionid | 只有在用户将公众号绑定到微信开放平台帐号后,才会出现该字段。 |
错误时微信会返回JSON数据包如下(示例为Code无效错误):
{"errcode":40029,"errmsg":"invalid code"}
第三步:拉取用户信息(需scope为 snsapi_userinfo)
如果网页授权作用域为snsapi_userinfo,则此时开发者可以通过access_token和openid拉取用户信息了。
请求方法
http:GET(请使用https协议)
https://api.weixin.qq.com/sns/userinfo?access_token=ACCESS_TOKEN&openid=OPENID&lang=zh_CN
参数说明
参数 | 描述 |
---|
access_token | 网页授权接口调用凭证,注意:此access_token与基础支持的access_token不同 |
openid | 用户的唯一标识 |
lang | 返回国家地区语言版本,zh_CN 简体,zh_TW 繁体,en 英语 |
返回说明
正确时返回的JSON数据包如下:
{
"openid":" OPENID",
" nickname": NICKNAME,
"sex":"1",
"province":"PROVINCE"
"city":"CITY",
"country":"COUNTRY",
"headimgurl": "http://wx.qlogo.cn/mmopen/g3MonUZtNHkdmzicIlibx6iaFqAc56vxLSUfpb6n5WKSYVY0ChQKkiaJSgQ1dZuTOgvLLrhJbERQQ4eMsv84eavHiaiceqxibJxCfHe/46",
"privilege":[
"PRIVILEGE1"
"PRIVILEGE2"
],
"unionid": "o6_bmasdasdsad6_2sgVt7hMZOPfL"
}
参数 | 描述 |
---|
openid | 用户的唯一标识 |
nickname | 用户昵称 |
sex | 用户的性别,值为1时是男性,值为2时是女性,值为0时是未知 |
province | 用户个人资料填写的省份 |
city | 普通用户个人资料填写的城市 |
country | 国家,如中国为CN |
headimgurl | 用户头像,最后一个数值代表正方形头像大小(有0、46、64、96、132数值可选,0代表640*640正方形头像),用户没有头像时该项为空。若用户更换头像,原有头像URL将失效。 |
错误时微信会返回JSON数据包如下(示例为openid无效):
{"errcode":40003,"errmsg":" invalid openid "}
终于上代码了:
HttpsUtil.java
package com.jeiker.demo.util;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import java.io.*;
import java.net.URL;
public class HttpsUtil {
/**
* 以https方式发送请求并将请求响应内容以String方式返回
*
* @param path 请求路径
* @param method 请求方法
* @param body 请求数据体
* @return 请求响应内容转换成字符串信息
*/
public static String httpsRequestToString(String path, String method, String body) {
if (path == null || method == null) {
return null;
}
String response = null;
InputStream inputStream = null;
InputStreamReader inputStreamReader = null;
BufferedReader bufferedReader = null;
HttpsURLConnection conn = null;
try {
TrustManager[] tm = {new JEEWeiXinX509TrustManager()};
SSLContext sslContext = SSLContext.getInstance("SSL", "SunJSSE");
sslContext.init(null, tm, new java.security.SecureRandom());
SSLSocketFactory ssf = sslContext.getSocketFactory();
System.out.println(path);
URL url = new URL(path);
conn = (HttpsURLConnection) url.openConnection();
conn.setSSLSocketFactory(ssf);
conn.setDoOutput(true);
conn.setDoInput(true);
conn.setUseCaches(false);
conn.setRequestMethod(method);
if (null != body) {
OutputStream outputStream = conn.getOutputStream();
outputStream.write(body.getBytes("UTF-8"));
outputStream.close();
}
inputStream = conn.getInputStream();
inputStreamReader = new InputStreamReader(inputStream, "UTF-8");
bufferedReader = new BufferedReader(inputStreamReader);
String str = null;
StringBuffer buffer = new StringBuffer();
while ((str = bufferedReader.readLine()) != null) {
buffer.append(str);
}
response = buffer.toString();
} catch (Exception e) {
} finally {
if (conn != null) {
conn.disconnect();
}
try {
bufferedReader.close();
inputStreamReader.close();
inputStream.close();
} catch (IOException execption) {
}
}
return response;
}
}
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
- 34
- 35
- 36
- 37
- 38
- 39
- 40
- 41
- 42
- 43
- 44
- 45
- 46
- 47
- 48
- 49
- 50
- 51
- 52
- 53
- 54
- 55
- 56
- 57
- 58
- 59
- 60
- 61
- 62
- 63
- 64
- 65
- 66
- 67
- 68
- 69
- 70
- 71
- 72
- 73
- 74
- 75
- 76
- 77
- 78
- 79
- 80
- 81
- 82
- 83
- 84
- 85
- 86
- 87
JEEWeiXinX509TrustManager.java
package com.jeiker.demo.util;
import javax.net.ssl.X509TrustManager;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
class JEEWeiXinX509TrustManager implements X509TrustManager {
public void checkClientTrusted(X509Certificate[] chain, String authType)
throws CertificateException {
}
public void checkServerTrusted(X509Certificate[] chain, String authType)
throws CertificateException {
}
public X509Certificate[] getAcceptedIssuers() {
return null;
}
}
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
UserInfoUtil.java
package com.jeiker.demo.util;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
public class UserInfoUtil {
private Logger logger = LoggerFactory.getLogger(getClass());
public static String Get_Code = "https://open.weixin.qq.com/connect/oauth2/authorize?appid=%s&redirect_uri=%s&response_type=code&scope=%s&state=STAT#wechat_redirect";
public static String getCode(String APPID, String REDIRECT_URI,String SCOPE) {
return String.format(Get_Code,APPID,REDIRECT_URI,SCOPE);
}
public static String Web_access_tokenhttps = "https://api.weixin.qq.com/sns/oauth2/access_token?appid=%s&secret=%s&code=%s&grant_type=authorization_code";
public static String getWebAccess(String APPID, String SECRET,String CODE) {
return String.format(Web_access_tokenhttps, APPID, SECRET,CODE);
}
public static String User_Message = "https://api.weixin.qq.com/sns/userinfo?access_token=%s&openid=%s&lang=zh_CN";
public static String getUserMessage(String access_token, String openid) {
return String.format(User_Message, access_token,openid);
}
public static void main(String[] args) {
String REDIRECT_URI = "http://wechat.tmqyt.com/url";
String SCOPE = "snsapi_login";
String appId = "wx222e322a20897ea3";
String getCodeUrl = getCode(appId, REDIRECT_URI, SCOPE);
System.out.println("getCodeUrl:"+getCodeUrl);
}
}
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
- 34
- 35
- 36
- 37
- 38
- 39
- 40
- 41
- 42
- 43
RedirectController.java
package com.jeiker.demo.controller
import com.alibaba.fastjson.JSON
import com.alibaba.fastjson.JSONException
import com.alibaba.fastjson.JSONObject
import com.jeiker.demo.util.HttpsUtil
import com.jeiker.demo.util.UserInfoUtil
import org.slf4j.Logger
import org.slf4j.LoggerFactory
import org.springframework.web.bind.annotation.GetMapping
import org.springframework.web.bind.annotation.RequestParam
import org.springframework.web.bind.annotation.RestController
@RestController
public class RedirectController {
private Logger logger = LoggerFactory.getLogger(getClass())
public static final String WX_APPID = "wx222e322a20897ea3"
public static final String WX_APPSECRET = "c9d547819234dd0059bf4b23422409e1"
@GetMapping("/url")
public String wecahtLogin(@RequestParam(name = "code", required = false) String code,
@RequestParam(name = "state") String state) {
// 1. 用户同意授权,获取code
logger.info("收到微信重定向跳转.")
logger.info("用户同意授权,获取code:{} , state:{}", code, state)
// 2. 通过code换取网页授权access_token
if (code != null || !(code.equals(""))) {
String APPID = WX_APPID
String SECRET = WX_APPSECRET
String CODE = code
String WebAccessToken = ""
String openId = ""
String nickName,sex,openid = ""
String REDIRECT_URI = "http://www.xxx.com/url"
String SCOPE = "snsapi_userinfo"
String getCodeUrl = UserInfoUtil.getCode(APPID, REDIRECT_URI, SCOPE)
logger.info("第一步:用户授权, get Code URL:{}", getCodeUrl)
// 替换字符串,获得请求access token URL
String tokenUrl = UserInfoUtil.getWebAccess(APPID, SECRET, CODE)
logger.info("第二步:get Access Token URL:{}", tokenUrl)
// 通过https方式请求获得web_access_token
String response = HttpsUtil.httpsRequestToString(tokenUrl, "GET", null)
JSONObject jsonObject = JSON.parseObject(response)
logger.info("请求到的Access Token:{}", jsonObject.toJSONString())
// {
// "access_token":"ACCESS_TOKEN",
// "expires_in":7200,
// "refresh_token":"REFRESH_TOKEN",
// "openid":"OPENID",
// "scope":"SCOPE",
// "unionid": "o6_bmasdasdsad6_2sgVt7hMZOPfL"
// }
if (null != jsonObject) {
try {
WebAccessToken = jsonObject.getString("access_token")
openId = jsonObject.getString("openid")
logger.info("获取access_token成功!")
logger.info("WebAccessToken:{} , openId:{}", WebAccessToken, openId)
// 3. 使用获取到的 Access_token 和 openid 拉取用户信息
String userMessageUrl = UserInfoUtil.getUserMessage(WebAccessToken, openId)
logger.info("第三步:获取用户信息的URL:{}", userMessageUrl)
// 通过https方式请求获得用户信息响应
String userMessageResponse = HttpsUtil.httpsRequestToString(userMessageUrl, "GET", null)
JSONObject userMessageJsonObject = JSON.parseObject(userMessageResponse)
logger.info("用户信息:{}", userMessageJsonObject.toJSONString())
// {
// "openid":" OPENID",
// "nickname": NICKNAME,
// "sex":"1",
// "province":"PROVINCE"
// "city":"CITY",
// "country":"COUNTRY",
// "headimgurl": "http://wx.qlogo.cn/mmopen/g3MoCfHe/46",
// "privilege":[
// "PRIVILEGE1"
// "PRIVILEGE2"
// ],
// "unionid": "o6_bmasdasdsad6_2sgVt7hMZOPfL"
// }
if (userMessageJsonObject != null) {
try {
//用户昵称
nickName = userMessageJsonObject.getString("nickname")
//用户性别
sex = userMessageJsonObject.getString("sex")
sex = (sex.equals("1")) ? "男" : "女"
//用户唯一标识
openid = userMessageJsonObject.getString("openid")
logger.info("用户昵称:{}", nickName)
logger.info("用户性别:{}", sex)
logger.info("OpenId:{}", openid)
} catch (JSONException e) {
logger.error("获取用户信息失败")
}
}
} catch (JSONException e) {
logger.error("获取Web Access Token失败")
}
}
}
return "登录成功"
}
}
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
- 34
- 35
- 36
- 37
- 38
- 39
- 40
- 41
- 42
- 43
- 44
- 45
- 46
- 47
- 48
- 49
- 50
- 51
- 52
- 53
- 54
- 55
- 56
- 57
- 58
- 59
- 60
- 61
- 62
- 63
- 64
- 65
- 66
- 67
- 68
- 69
- 70
- 71
- 72
- 73
- 74
- 75
- 76
- 77
- 78
- 79
- 80
- 81
- 82
- 83
- 84
- 85
- 86
- 87
- 88
- 89
- 90
- 91
- 92
- 93
- 94
- 95
- 96
- 97
- 98
- 99
- 100
- 101
- 102
- 103
- 104
- 105
- 106
- 107
- 108
- 109
- 110
- 111
- 112
- 113
- 114
- 115
- 116
- 117
- 118
- 119
- 120
- 121
- 122
- 123
- 124
- 125
- 126
- 127
- 128
- 129
- 130
- 131
- 132
- 133
服务器日志:
: 收到微信重定向跳转.
: 用户同意授权,获取code:021qx2lsdf1FuDi90DX2l90qx2le , state:STAT
: getCodeUrl:https://open.weixin.qq.com/connect/oauth2/authorize?appid=wx222e333a20897ea3&redirect_uri=http://www.xxx.com/url&response_type=code&scope=snsapi_userinfo&state=STAT#wechat_redirect
: get Access Token URL:https://api.weixin.qq.com/sns/oauth2/access_token?appid= wx222e333a20897ea3&secret=c9d547819089dd0059bf4b234234209e1&code=021qx2l90VHASD23SADDi90DX2l90qx2le&grant_type=authorization_code
https://api.weixin.qq.com/sns/oauth2/access_token?appid= wx222e333a20897ea3&secret=c9d5478190ASDFAQWEb39691409e1&code=021qx2l90VHWPt1FuDi9WEQQWE0qx2le&grant_type=authorization_code
: 请求到的Access Token:{"access_token":"64CDRyZVwASDADSADSF2WCtel0VSUzrD4fswL2cqy0yNcNXAc1NXBi-KgGD6RLARf3SSnzZyXl-dAe2-xIfRnCY3m23uRWLxj-uGWkxZI","refresh_token":"iaTZN1ASDFASDFApCAINItDYMYDKwjwZo9XwYfNyIUZadAasXyJCHsvAUc1A8KakXPiASDFSADFmebcAuqP6Zn4G5N7Vjls0Nssd2R_XqE","openid":"ojUgjt6tkI08QASDFASZLKgsVR24","scope":"snsapi_userinfo","expires_in":7200}
: 获取access_token成功!
: WebAccessToken:64CDRyZVwASDFASDFACtel0VSUzrD4fswL2cqy0yNcNXAc1NXBi-KgGD6RLARf3SSnzZyXl-dAe2-xIfRnCY3m23uRWLxj-uGWkxZI , openId:ojUgjt6tkI08QzSfqgzZLKgsVR24
: 获取用户信息的URL:https://api.weixin.qq.com/sns/userinfo?access_token=64CDRyZVwc7fwASDFASDFASDFASDFASDFASDcqy0yNcNXAc1NXBi-KgGD6RLARf3SSnzZyXl-dAe2-xIfRnCY3m23uRWLxj-uGWkxZI&openid=ojUgjt6tASDFASDFASDFSADFzZLKgsVR24&lang=zh_CN
https://api.weixin.qq.com/sns/userinfo?access_token=64CDRyZVwc7fwyLclOASDFASDFASDFSADFcqy0yNcNXAc1NXBi-KgGD6RLARf3SSnzZyXl-dAe2-xIfRnCY3m23uRWLxj-uGWkxZI&openid=ojUgjt6tkI08QzSfqgzZLKgsVR24&lang=zh_CN
: 用户信息:{"country":"中国","province":"广东","city":"深圳","openid":"ojUgjt6ASDFASDFASDgzZLKgsVR24","sex":1,"nickname":"xiao","headimgurl":"http://wx.qlogo.cn/mmopen/llaPdPm9YKCcASDFASDFASDFWt5vVYbWWIwnhW2BJOJV8QEsem9OhP3gCLJWYUrGOPK232JEMof3THVVlH/0","language":"zh_CN","privilege":[]}
: 用户昵称:xiao
: 用户性别:男
: OpenId:ojUgjt6tkI08QzSfASDFgasdagsVR24
刷新access_token(如果需要)
由于access_token拥有较短的有效期,当access_token超时后,可以使用refresh_token进行刷新,refresh_token拥有较长的有效期(7天、30天、60天、90天),当refresh_token失效的后,需要用户重新授权。
请求方法
获取第二步的refresh_token后,请求以下链接获取access_token:
https://api.weixin.qq.com/sns/oauth2/refresh_token?appid=APPID&grant_type=refresh_token&refresh_token=REFRESH_TOKEN
参数 | 是否必须 | 说明 |
---|
appid | 是 | 公众号的唯一标识 |
grant_type | 是 | 填写为refresh_token |
refresh_token | 是 | 填写通过access_token获取到的refresh_token参数 |
正确时返回的JSON数据包如下:
{
"access_token":"ACCESS_TOKEN",
"expires_in":7200,
"refresh_token":"REFRESH_TOKEN",
"openid":"OPENID",
"scope":"SCOPE"
}
参数 | 描述 |
---|
access_token | 网页授权接口调用凭证,注意:此access_token与基础支持的access_token不同 |
expires_in | access_token接口调用凭证超时时间,单位(秒) |
refresh_token | 用户刷新access_token |
openid | 用户唯一标识 |
scope | 用户授权的作用域,使用逗号(,)分隔 |
错误时微信会返回JSON数据包如下(示例为Code无效错误):
{"errcode":40029,"errmsg":"invalid code"}