目录
确保有 调起微信扫一扫接口权限,测试号可能不行;
一、简介(JS-SDK使用权限签名算法)
1、jsapi_ticket
生成签名之前必须先了解一下jsapi_ticket,jsapi_ticket是公众号用于调用微信JS接口的临时票据。正常情况下,jsapi_ticket的有效期为7200秒,通过access_token来获取。由于获取jsapi_ticket的api调用次数非常有限,频繁刷新jsapi_ticket会导致api调用受限,影响自身业务,开发者必须在自己的服务全局缓存jsapi_ticket 。
1、参考以下文档获取access_token(有效期7200秒,开发者必须在自己的服务全局缓存access_token):https://developers.weixin.qq.com/doc/offiaccount/Basic_Information/Get_access_token.html
2、用第一步拿到的access_token 采用http GET方式请求获得jsapi_ticket(有效期7200秒,开发者必须在自己的服务全局缓存jsapi_ticket):https://api.weixin.qq.com/cgi-bin/ticket/getticket?access_token=ACCESS_TOKEN&type=jsapi
成功返回如下JSON:
{
"errcode":0,
"errmsg":"ok",
"ticket":"bxLdikRXVbTPdHSM05e5u5sUoXNKd8-41ZO3MhKoyN5OfkWITDGgnr2fwJ0m9E8NYzWKVZvdVtaUgWvsdshFKA",
"expires_in":7200
}
获得jsapi_ticket之后,就可以生成JS-SDK权限验证的签名了。
2、签名算法
签名生成规则如下:参与签名的字段包括noncestr(随机字符串), 有效的jsapi_ticket, timestamp(时间戳), url(当前网页的URL,不包含#及其后面部分) 。对所有待签名参数按照字段名的ASCII 码从小到大排序(字典序)后,使用URL键值对的格式(即key1=value1&key2=value2…)拼接成字符串string1。这里需要注意的是所有参数名均为小写字符。对string1作sha1加密,字段名和字段值都采用原始值,不进行URL 转义。
即signature=sha1(string1)。 示例:
noncestr=Wm3WZYTPz0wzccnW
jsapi_ticket=sM4AOVdWfPE4DxkXGEs8VMCPGGVi4C3VM0P37wVUCFvkVAy_90u5h9nbSlYy3-Sl-HhTdfl2fzFy1AOcHKP7qg
timestamp=1414587457
url=http://mp.weixin.qq.com?params=value
步骤1. 对所有待签名参数按照字段名的ASCII 码从小到大排序(字典序)后,使用URL键值对的格式(即key1=value1&key2=value2…)拼接成字符串string1:
jsapi_ticket=sM4AOVdWfPE4DxkXGEs8VMCPGGVi4C3VM0P37wVUCFvkVAy_90u5h9nbSlYy3-Sl-HhTdfl2fzFy1AOcHKP7qg&noncestr=Wm3WZYTPz0wzccnW×tamp=1414587457&url=http://mp.weixin.qq.com?params=value
步骤2. 对string1进行sha1签名,得到signature:
0f9de62fce790f9a083d5c99e95740ceb90c27ed
参考文档:https://developers.weixin.qq.com/doc/offiaccount/OA_Web_Apps/JS-SDK.html#62
二、js
1、导入相关JS
<script type="text/javascript" http://test.com/zepto_touch.js"></script>
<script type="text/javascript" src="http://res.wx.qq.com/open/js/jweixin-1.0.0.js"></script>
2、页面触发扫码元素
<img src="../../../images/right.jpg" onclick="scanCode()" class="img">
3、相关JS代码(参数以自己的为标准,如下只是举例)
<script type="text/javascript">
var _appId = "wxz88dbd30e5580e59";
var _data = {
appId : _appId,
url : location.href,
t : Math.random()
};
var _getWechatSignUrl = 'http://test.com/getWxSign.do';
// 获取微信签名
$.ajax({
url : _getWechatSignUrl,
data : _data,
success : function(o) {
console.log(o);
if (o.returnCode == "00") {
wxConfig(o.detail[0].timestamp, o.detail[0].nonceStr, o.detail[0].signature);
}
}
});
function wxConfig(_timestamp, _nonceStr, _signature) {
//alert('获取数据:'+_timestamp+'\n'+_nonceStr+'\n'+_signature);
console.log('获取数据:' + _timestamp + '\n' + _nonceStr + '\n' + _signature);
wx.config({
debug : true, // 开启调试模式,调用的所有api的返回值会在客户端alert出来,若要查看传入的参数,可以在pc端打开,参数信息会通过log打出,仅在pc端时才会打印。
appId : _appId, // 必填,公众号的唯一标识
timestamp : _timestamp, // 必填,生成签名的时间戳
nonceStr : _nonceStr, // 必填,生成签名的随机串
signature : _signature,// 必填,签名,见附录1
jsApiList : [ 'onMenuShareTimeline', 'onMenuShareAppMessage',
'onMenuShareQQ', 'onMenuShareWeibo', 'scanQRCode' ]
// 必填,需要使用的JS接口列表,所有JS接口列表见附录2
});
}
function scanCode() {
wx.scanQRCode({
needResult : 1,
scanType : [ "qrCode", "barCode" ],
success : function(res) {
console.log(res)
alert(JSON.stringify(res));
var result = res.resultStr;
},
fail : function(res) {
console.log(res)
alert(JSON.stringify(res));
}
});
}
</script>
三、后端接口(根据所需选一中即可)
1、.jsp文件写法
<%
public String sendGet(String url, String charset, int timeout)
{
String result = "";
try
{
URL u = new URL(url);
try
{
URLConnection conn = u.openConnection();
conn.connect();
conn.setConnectTimeout(timeout);
BufferedReader in = new BufferedReader(new InputStreamReader(conn.getInputStream(), charset));
String line="";
while ((line = in.readLine()) != null)
{
result = result + line;
}
in.close();
} catch (IOException e) {
return result;
}
}
catch (Exception e)
{
return result;
}
return result;
}
%>
String nonceStr = WXPayUtil.generateNonceStr();
Long s = System.currentTimeMillis() / 1000;//获取时间戳除以千变字符串
String timeStamp = String.valueOf(s);
json=new JsonUtil();
json.addJsons();
//获取acess_token
String url ="https://api.weixin.qq.com/cgi-bin/token?grant_type=client_credential&appid="+appId+"&secret="+secret+"";
String backData=sendGet(url, "utf-8", 10000);
String accessToken = (String) JSONObject.fromObject(backData).get("access_token");
//获取jsapiTicket
String urlStr = "https://api.weixin.qq.com/cgi-bin/ticket/getticket?access_token="+accessToken+"&type=jsapi";
String backData2=sendGet(urlStr, "utf-8", 10000);
String ticket = (String) JSONObject.fromObject(backData2).get("ticket");
System.out.println("ticket:"+ticket);
System.out.println("noncestr:"+nonceStr);
String url2="http://ww.com/index.html";//填写自己所需的地址即可
try {
String shaStr = "jsapi_ticket=" + ticket + "&noncestr=" + nonceStr + "×tamp=" + timeStamp + "&url=" + url2;
MessageDigest mDigest = MessageDigest.getInstance("SHA1");
byte[] result = mDigest.digest(shaStr.getBytes());
StringBuffer signature = new StringBuffer();
for (int i = 0; i < result.length; i++) {
signature.append(Integer.toString((result[i] & 0xff) + 0x100, 16).substring(1));
}
json.addJsonData("nonceStr",nonceStr);
json.addJsonData("timestamp",timeStamp);
json.addJsonData("signature",signature.toString());
}catch (Exception e) {
e.printStackTrace();
json.addJsonData("success","1");
}
2、.java文件写法
public String sendGet(String url, String charset, int timeout)
{
String result = "";
try
{
URL u = new URL(url);
try
{
URLConnection conn = u.openConnection();
conn.connect();
conn.setConnectTimeout(timeout);
BufferedReader in = new BufferedReader(new InputStreamReader(conn.getInputStream(), charset));
String line="";
while ((line = in.readLine()) != null)
{
result = result + line;
}
in.close();
} catch (IOException e) {
return result;
}
}
catch (Exception e)
{
return result;
}
return result;
}
public Map jssdk(String url, String charset, int timeout){
Map<String, String> map=new HashMap<String, String>();
String nonceStr = WXPayUtil.generateNonceStr();//随机生产16位字符串,例如:Wm3WZYTPz0wzccnW
Long s = System.currentTimeMillis() / 1000;//获取时间戳除以千变字符串
String timeStamp = String.valueOf(s);
//获取acess_token
String url3 ="https://api.weixin.qq.com/cgi-bin/token?grant_type=client_credential&appid="+appId+"&secret="+secret+"";
String backData=sendGet(url3, "utf-8", 10000);
String accessToken = (String) JSONObject.fromObject(backData).get("access_token");
//获取jsapiTicket
String urlStr = "https://api.weixin.qq.com/cgi-bin/ticket/getticket?access_token="+accessToken+"&type=jsapi";
String backData2=sendGet(urlStr, "utf-8", 10000);
String ticket = (String) JSONObject.fromObject(backData2).get("ticket");
String url2="http://www.com/index.html";
try {
String shaStr = "jsapi_ticket=" + ticket + "&noncestr=" + nonceStr + "×tamp=" + timeStamp + "&url=" + url2;
MessageDigest mDigest = MessageDigest.getInstance("SHA1");
byte[] result = mDigest.digest(shaStr.getBytes());
StringBuffer signature = new StringBuffer();
for (int i = 0; i < result.length; i++) {
signature.append(Integer.toString((result[i] & 0xff) + 0x100, 16).substring(1));
}
map.put("nonceStr",nonceStr);
map.put("timestamp",timeStamp);
map.put("signature",signature.toString());
}catch (Exception e) {
e.printStackTrace();
}
return map;
}
3、注意事项
①、url2为当前网页的URL,不包含#及其后面部分
如下图所示:
②签名用的noncestr和timestamp必须与wx.config中的nonceStr和timestamp相同。
③签名用的url必须是调用JS接口页面的完整URL。
④出于安全考虑,开发者必须在服务器端实现签名的逻辑。
如出现invalid signature 等错误详见微信开发文档附录5常见错误及解决办法。