appid + secret > access_token access_token > ticket > jssdk appid > oauth2 > code (+ appid + secret) > openid