记录一下自己做网页授权时的完整过程
网页授权有两种方式,关于这两种授权的方式和区别官网介绍 如下
接下来开始开发
一、环境配置
1 .授权回调域名配置(可以使用小米球配置域名)
在配置文件中配置端口
2.启动小米球
关于小米球的下载和使用可以参考https://blog.csdn.net/weixin_44871934/article/details/102775259
3.在微信公众平台中申请测试号可以获取到一个appid和appsecret并且需要关注此测试号之后才可以用手机测试
4.在微信公众平台中配置回调域名
二、编码实现
开发步骤
1.在idea中新建一个springboot工程
2.application.properties文件
server.port=8080
#工程名,可配可不配
server.servlet.context-path=/we-demo
3.pom文件
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
<scope>test</scope>
<exclusions>
<exclusion>
<groupId>org.junit.vintage</groupId>
<artifactId>junit-vintage-engine</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>com.alibaba</groupId>
<artifactId>fastjson</artifactId>
<version>1.2.4</version>
</dependency>
<!-- https://mvnrepository.com/artifact/org.json/json -->
<dependency>
<groupId>org.json</groupId>
<artifactId>json</artifactId>
<version>20160810</version>
</dependency>
<!-- https://mvnrepository.com/artifact/net.databinder/dispatch-http -->
<dependency>
<groupId>net.databinder</groupId>
<artifactId>dispatch-http_2.11</artifactId>
<version>0.8.10</version>
</dependency>
<dependency>
<groupId>com.vaadin.external.google</groupId>
<artifactId>android-json</artifactId>
<version>0.0.20131108.vaadin1</version>
<scope>compile</scope>
</dependency>
</dependencies>
4.WXAuthUtil工具类
public class WXAuthUtil {
public static final String APPID = "";//申请的测试号的appid
public static final String APPSECRET = "";//申请的测试号的appsecret
private static final String TOKEN = "immco";
public static JSONObject doGetJson(String url) throws IOException {
JSONObject jsonObject = null;
DefaultHttpClient client = new DefaultHttpClient();
HttpGet httpGet = new HttpGet(url);
HttpResponse response =client.execute(httpGet);
HttpEntity entity = response.getEntity();
if (entity != null) {
//把返回的结果转换为JSON对象
String result = EntityUtils.toString(entity, "UTF-8");
jsonObject= JSON.parseObject(result);
}
return jsonObject;
}
}
5.controller
@RestController
public class WXLoginController {
@RequestMapping(value = "/wxLogin", method = RequestMethod.GET)
public String wxLogin(HttpServletRequest request, HttpServletResponse response) throws ParseException, IOException {
//这个url的域名必须要进行再公众号中进行注册验证,这个地址是成功后的回调地址
String backUrl = "http://ccf25ec16c08.ngrok.io/we-demo/callBack";
// 第一步:用户同意授权,获取code,引导关注者打开如下界面
//https://open.weixin.qq.com/connect/oauth2/authorize?appid=APPID
// &redirect_uri=REDIRECT_URI&response_type=code&scope=SCOPE&state=STATE#wechat_redirect
String url = "https://open.weixin.qq.com/connect/oauth2/authorize?appid=" + WXAuthUtil.APPID
+ "&redirect_uri=" + URLEncoder.encode(backUrl)
+ "&response_type=code"
+ "&scope=snsapi_userinfo"
+ "&state=STATE#wechat_redirect";
System.out.println("forward重定向地址{" + url + "}");
//response.sendRedirect(url);
return "redirect: " + url;//必须重定向,否则不能成功
}
@RequestMapping(value = "/callBack", method = RequestMethod.GET)
public String callBack(ModelMap modelMap, HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
/**
* start 获取微信用户基本信息
* 获取code
*/
String code = req.getParameter("code");
System.out.println("========"+code);
//第二步:通过code换取网页授权access_token
String url = "https://api.weixin.qq.com/sns/oauth2/access_token?appid=" + WXAuthUtil.APPID
+ "&secret=" + WXAuthUtil.APPSECRET
+ "&code=" + code
+ "&grant_type=authorization_code";
System.out.println("url:" + url);
JSONObject jsonObject = WXAuthUtil.doGetJson(url);
String openid = jsonObject.getString("openid");
String access_token = jsonObject.getString("access_token");
String refresh_token = jsonObject.getString("refresh_token");
//获取接口调用凭证的access_token
String access_tokenUrl="https://api.weixin.qq.com/cgi-bin/token?grant_type=client_credential&appid=" + WXAuthUtil.APPID
+ "&secret=" +WXAuthUtil.APPSECRET;
System.out.println(access_tokenUrl);
//第五步验证access_token是否失效;
String chickUrl = "https://api.weixin.qq.com/sns/auth?access_token=" + access_token + "&openid=" + openid;
JSONObject chickuserInfo = WXAuthUtil.doGetJson(chickUrl);
System.out.println(chickuserInfo.toString());
if (!"0".equals(chickuserInfo.getString("errcode"))) {
// 第三步:刷新access_token(如果需要)-----暂时没有使用,参考文档https://mp.weixin.qq.com/wiki,
String refreshTokenUrl = "https://api.weixin.qq.com/sns/oauth2/refresh_token?appid=" + openid + "&grant_type=refresh_token&refresh_token=" + refresh_token;
JSONObject refreshInfo = WXAuthUtil.doGetJson(chickUrl);
System.out.println(refreshInfo.toString());
access_token = refreshInfo.getString("access_token");
}
// 第四步:拉取用户信息(需scope为 snsapi_userinfo)
String infoUrl = "https://api.weixin.qq.com/sns/userinfo?access_token=" + access_token
+ "&openid=" + openid
+ "&lang=zh_CN";
System.out.println("infoUrl:" + infoUrl);
JSONObject userInfo = WXAuthUtil.doGetJson(infoUrl);
System.out.println("userInfo================================"+userInfo);
System.out.println("JSON-----" + userInfo.toString());
System.out.println("名字-----" + userInfo.getString("nickname"));
System.out.println("头像-----" + userInfo.getString("headimgurl"));
/**
* end 获取微信用户基本信息
*/
return "login";
}
}
6.启动主启动类
测试地址:http://localhost:8080/we-demo/wxLogin
控制台中输出的回调地址,在微信中打开回调地址,可以在控制台中看到打印的用户信息