RFC 6749 - The OAuth 2.0 Authorization Framework https://tools.ietf.org/html/rfc6749
The OAuth 2.0 authorization framework enables a third-party application to obtain limited access to an HTTP service, either on behalf of a resource owner by orchestrating an approval interaction between the resource owner and the HTTP service, or by allowing the third-party application to obtain access on its own behalf. This specification replaces and obsoletes the OAuth 1.0 protocol described in RFC 5849.
+--------+ +---------------+ | |--(A)- Authorization Request ->| Resource | | | | Owner | | |<-(B)-- Authorization Grant ---| | | | +---------------+ | | | | +---------------+ | |--(C)-- Authorization Grant -->| Authorization | | Client | | Server | | |<-(D)----- Access Token -------| | | | +---------------+ | | | | +---------------+ | |--(E)----- Access Token ------>| Resource | | | | Server | | |<-(F)--- Protected Resource ---| | +--------+ +---------------+ Figure 1: Abstract Protocol Flow
准备工作 | 微信开放文档 https://developers.weixin.qq.com/doc/oplatform/Website_App/WeChat_Login/Wechat_Login.html
<a href="javascript:void(0)" onclick="window.location='//qq.jd.com/new/wx/login.action'+window.location.search;return false;" clstag="pageclick|keycount|login_pc_201804112|4" class="pdl"><b class="weixin-icon"></b><span>微信</span></a>
https://open.weixin.qq.com/connect/qrconnect?appid=wx827225356b689e24&state=37885F29ED84E7A32744D04AF8D910EB9DB48506D5A4B18A81F834D1716AB7F9BD1819E2DDA20290D62202F83F3A74E4&redirect_uri=https://qq.jd.com/new/wx/callback.action?view=null&uuid=f838bb53f861486486f7f97934d4b226&response_type=code&scope=snsapi_login#wechat_redirect
https://open.weixin.qq.com/connect/qrconnect?appid=wx827225356b689e24&state=37885F29ED84E7A32744D04AF8D910EB9DB48506D5A4B18A81F834D1716AB7F9BD1819E2DDA20290D62202F83F3A74E4&redirect_uri=https://qq.jd.com/new/wx/callback.action?view=null&uuid=f838bb53f861486486f7f97934d4b226&response_type=code&scope=snsapi_login#wechat_redirect
【JD站,微信登录】
'//qq.jd.com/new/wx/login.action'+window.location.search
1、JD loginPage
1.1
URL :https://passport.jd.com/new/login.aspx?ReturnUrl=https%3A%2F%2Fwww.jd.com%2F
1.2
wxLogin-ICON
<a href="javascript:void(0)" onclick="window.location='//qq.jd.com/new/wx/login.action'+window.location.search;return false;" clstag="pageclick|keycount|login_pc_201804112|4" class="pdl"><b class="weixin-icon"></b><span>微信</span></a>
window.location.search="?ReturnUrl=https%3A%2F%2Fwww.jd.com%2F"
"//qq.jd.com/new/wx/login.action?ReturnUrl=https%3A%2F%2Fwww.jd.com%2F"
clicked
|
|
|【请求用户点击icon后,页面发起请求至JD-HTTP-接口,接口返回数据中 ,告知客户端浏览器 跳转到哪个URL(微信的QrURl)以及伴随业务参数】
2、 WX QrPage
https://open.weixin.qq.com/connect/qrconnect?appid=wx827225356b689e24&state=E925E7045D788ADB8662DBA54E29AABC0468A59508F5B0E77CDA9FF80769CEF566FD04C231469DF8FC6A5CEDAC4250ED&redirect_uri=https%3A%2F%2Fqq.jd.com%2Fnew%2Fwx%2Fcallback.action%3Fview%3Dnull%26uuid%3De26c7d9b20594ff9b32a586018d61f1f&response_type=code&scope=snsapi_login#wechat_redirect
https://open.weixin.qq.com/connect/qrconnect?appid=wx827225356b689e24&state=37885F29ED84E7A32744D04AF8D910EB9DB48506D5A4B18A81F834D1716AB7F9BD1819E2DDA20290D62202F83F3A74E4&redirect_uri=https://qq.jd.com/new/wx/callback.action?view=null&uuid=f838bb53f861486486f7f97934d4b226&response_type=code&scope=snsapi_login#wechat_redirect
轮询微信服务器,用户扫码情况:1、是否扫码成功;2、扫码成功后是否授权浏览器端登录JD;页面再做相应的跳转。
【注意:2中轮询到扫码成功后,会在轮询成功的数据中,包含临时票据,供JD向自己的服务器发起请求,返回扫码者信息 OAuth2.0】
用户手机扫码后,手机端微信收到扫码成功的提示,提醒用户是否确认登录;
准备工作 | 微信开放文档 https://developers.weixin.qq.com/doc/oplatform/Website_App/WeChat_Login/Wechat_Login.html
获取access_token时序图:
第一步:请求CODE
第三方使用网站应用授权登录前请注意已获取相应网页授权作用域(scope=snsapi_login),则可以通过在PC端打开以下链接: https://open.weixin.qq.com/connect/qrconnect?appid=APPID&redirect_uri=REDIRECT_URI&response_type=code&scope=SCOPE&state=STATE#wechat_redirect 若提示“该链接无法访问”,请检查参数是否填写错误,如redirect_uri的域名与审核时填写的授权域名不一致或scope不为snsapi_login。
参数说明
参数 | 是否必须 | 说明 |
---|---|---|
appid | 是 | 应用唯一标识 |
redirect_uri | 是 | 请使用urlEncode对链接进行处理 |
response_type | 是 | 填code |
scope | 是 | 应用授权作用域,拥有多个作用域用逗号(,)分隔,网页应用目前仅填写snsapi_login |
state | 否 | 用于保持请求和回调的状态,授权请求后原样带回给第三方。该参数可用于防止csrf攻击(跨站请求伪造攻击),建议第三方带上该参数,可设置为简单的随机数加session进行校验 |
【注意】
为什么 有 state
返回说明
用户允许授权后,将会重定向到redirect_uri的网址上,并且带上code和state参数
redirect_uri?code=CODE&state=STATE
若用户禁止授权,则重定向后不会带上code参数,仅会带上state参数
redirect_uri?state=STATE
为了满足网站更定制化的需求,我们还提供了第二种获取code的方式,支持网站将微信登录二维码内嵌到自己页面中,用户使用微信扫码授权后通过JS将code返回给网站。 JS微信登录主要用途:网站希望用户在网站内就能完成登录,无需跳转到微信域下登录后再返回,提升微信登录的流畅性与成功率。
【淘宝站,支付宝登录】
<a href="https://auth.alipay.com/login/index.htm?loginScene=7&goto=https%3A%2F%2Fauth.alipay.com%2Flogin%2Ftaobao_trust_login.htm%3Ftarget%3Dhttps%253A%252F%252Flogin.taobao.com%252Fmember%252Falipay_sign_dispatcher.jhtml%253Ftg%253Dhttps%25253A%25252F%25252Fwww.taobao.com%25252F&params=VFBMX3JlZGlyZWN0X3VybD1odHRwcyUzQSUyRiUyRnd3dy50YW9iYW8uY29tJTJG" target="_self" class="alipay-login"><i class="iconfont">�</i>支付宝登录</a>
https://auth.alipay.com/login/index.htm?loginScene=7&goto=https%3A%2F%2Fauth.alipay.com%2Flogin%2Ftaobao_trust_login.htm%3Ftarget%3Dhttps%253A%252F%252Flogin.taobao.com%252Fmember%252Falipay_sign_dispatcher.jhtml%253Ftg%253Dhttps%25253A%25252F%25252Fwww.taobao.com%25252F¶ms=VFBMX3JlZGlyZWN0X3VybD1odHRwcyUzQSUyRiUyRnd3dy50YW9iYW8uY29tJTJG
URL decode
https://auth.alipay.com/login/index.htm?loginScene=7&goto=https://auth.alipay.com/login/taobao_trust_login.htm?target=https://login.taobao.com/member/alipay_sign_dispatcher.jhtml?tg=https%3A%2F%2Fwww.taobao.com%2F¶ms=VFBMX3JlZGlyZWN0X3VybD1odHRwcyUzQSUyRiUyRnd3dy50YW9iYW8uY29tJTJG
网站支付宝登录产品介绍 - 支付宝开放平台 https://opendocs.alipay.com/open/263/105808
快速接入 - 支付宝开放平台 https://opendocs.alipay.com/open/01emu5
准备工作 | 微信开放文档 https://developers.weixin.qq.com/doc/oplatform/Website_App/WeChat_Login/Wechat_Login.html
【注意:
https://qq.jd.com/new/wx/callback.action?view=null&uuid=f838bb53f861486486f7f97934d4b226
出现的场景:
1、JD服务器返回的WxQrUrl中有;
2、1中的页面的html的js中有;
3、OAuth2.0的核心角色code:
var h = "https://qq.jd.com/new/wx/callback.action?view=null&uuid=e26c7d9b20594ff9b32a586018d61f1f";
h = h.replace(/&/g, "&"),
h += (h.indexOf("?") > -1 ? "&": "?") + "code=" + wx_code + "&state=E925E7045D788ADB8662DBA54E29AABC0468A59508F5B0E77CDA9FF80769CEF566FD04C231469DF8FC6A5CEDAC4250ED";
【注意 code 是返回到浏览器端的,浏览器拿着code 请求 JD服务器,而不是微信服务器去请求】
https://lp.open.weixin.qq.com/connect/l/qrconnect?uuid=021Gbt1B4xzull27&_=1610271592960
window.wx_errcode=408;window.wx_code='';
它返回后,给js中的变量赋值了。
!function(){function a(a){var b=document.location.search||document.location.hash;if(b){if(/?/.test(b)&&(b=b.split("?")[1]),null==a)return decodeURIComponent(b);for(var c=b.split("&"),d=0;d<c.length;d++)if(c[d].substring(0,c[d].indexOf("="))==a)return decodeURIComponent(c[d].substring(c[d].indexOf("=")+1))}return""}function b(a){jQuery.ajax({type:"GET",url:p+"/connect/l/qrconnect?uuid=061J0Tvh1aLnFa1N"+(a?"&last="+a:""),dataType:"script",cache:!1,timeout:6e4,success:function(a,e,f){var g=window.wx_errcode;switch(g){case 405:var h="https://qq.jd.com/new/wx/callback.action?view=null&uuid=e26c7d9b20594ff9b32a586018d61f1f";h=h.replace(/&/g,"&"),h+=(h.indexOf("?")>-1?"&":"?")+"code="+wx_code+"&state=E925E7045D788ADB8662DBA54E29AABC0468A59508F5B0E77CDA9FF80769CEF566FD04C231469DF8FC6A5CEDAC4250ED";var i=c("self_redirect");if(d)if("true"!==i&&"false"!==i)try{document.domain="qq.com";var j=window.top.location.host.toLowerCase();j&&(window.location=h)}catch(k){window.top.location=h}else if("true"===i)try{window.location=h}catch(k){window.top.location=h}else window.top.location=h;else window.location=h;break;case 404:jQuery(".js_status").hide(),jQuery(".js_qr_img").hide(),jQuery(".js_wx_after_scan").show(),setTimeout(b,100,g);break;case 403:jQuery(".js_status").hide(),jQuery(".js_qr_img").hide(),jQuery(".js_wx_after_cancel").show(),setTimeout(b,2e3,g);break;case 402:case 500:window.location.reload();break;case 408:setTimeout(b,2e3)}},error:function(a,c,d){var e=window.wx_errcode;408==e?setTimeout(b,5e3):setTimeout(b,5e3,e)}})}function c(a,b){b||(b=window.location.href),a=a.replace(/[[]]/g,"\$&");var c=new RegExp("[?&]"+a+"(=([^&#]*)|&|#|$)"),d=c.exec(b);return d?d[2]?decodeURIComponent(d[2].replace(/+/g," ")):"":null}var d=window.top!=window;if(!d){document.getElementsByClassName||(document.getElementsByClassName=function(a){for(var b=[],c=new RegExp("(^| )"+a+"( |$)"),d=document.getElementsByTagName("*"),e=0,f=d.length;f>e;e++)c.test(d[e].className)&&b.push(d[e]);return b});for(var e=document.getElementsByClassName("status"),f=0,g=e.length;g>f;++f){var h=e[f];h.className=h.className+" normal"}}var i=parseInt(a("styletype"),10),j=parseInt(a("sizetype"),10),k=a("bgcolor"),l=NaN;if(1!==i&&0!==i&&1===l&&(i=0),1===i)d?document.body.className=document.body.className+" redesign-style_iframe"+(1===j?" redesign-style_iframe-small":""):document.body.className=document.body.className+"redesign-style_page",k&&(document.body.style.backgroundColor=k),jQuery(".new-template").show();else{if(d){var m="";"white"!=m&&(document.body.style.color="#373737")}else document.body.style.backgroundColor="#333333",document.body.style.padding="50px";if(jQuery(".old-template").show(),0!==i){var n="";if(n){var o=document.createElement("link");o.rel="stylesheet",o.href=n.replace(new RegExp("javascript:","gi"),""),document.getElementsByTagName("head")[0].appendChild(o)}}}var p=window.usenewdomain?"https://lp.open.weixin.qq.com":"https://long.open.weixin.qq.com";setTimeout(b,100)}();
!function () { function a(a) { var b = document.location.search || document.location.hash; if (b) { if (/?/.test(b) && (b = b.split("?")[1]), null == a) return decodeURIComponent(b); for (var c = b.split("&"), d = 0; d < c.length; d++) if (c[d].substring(0, c[d].indexOf("=")) == a) return decodeURIComponent(c[d].substring(c[d].indexOf("=") + 1)) } return "" } function b(a) { jQuery.ajax({ type: "GET", url: p + "/connect/l/qrconnect?uuid=061J0Tvh1aLnFa1N" + (a ? "&last=" + a : ""), dataType: "script", cache: !1, timeout: 6e4, success: function (a, e, f) { var g = window.wx_errcode; switch (g) { case 405: var h = "https://qq.jd.com/new/wx/callback.action?view=null&uuid=e26c7d9b20594ff9b32a586018d61f1f"; h = h.replace(/&/g, "&"), h += (h.indexOf("?") > -1 ? "&" : "?") + "code=" + wx_code + "&state=E925E7045D788ADB8662DBA54E29AABC0468A59508F5B0E77CDA9FF80769CEF566FD04C231469DF8FC6A5CEDAC4250ED"; var i = c("self_redirect"); if (d) if ("true" !== i && "false" !== i) try { document.domain = "qq.com"; var j = window.top.location.host.toLowerCase(); j && (window.location = h) } catch (k) { window.top.location = h } else if ("true" === i) try { window.location = h } catch (k) { window.top.location = h } else window.top.location = h; else window.location = h; break; case 404: jQuery(".js_status").hide(), jQuery(".js_qr_img").hide(), jQuery(".js_wx_after_scan").show(), setTimeout(b, 100, g); break; case 403: jQuery(".js_status").hide(), jQuery(".js_qr_img").hide(), jQuery(".js_wx_after_cancel").show(), setTimeout(b, 2e3, g); break; case 402: case 500: window.location.reload(); break; case 408: setTimeout(b, 2e3) } }, error: function (a, c, d) { var e = window.wx_errcode; 408 == e ? setTimeout(b, 5e3) : setTimeout(b, 5e3, e) } }) } function c(a, b) { b || (b = window.location.href), a = a.replace(/[[]]/g, "\$&"); var c = new RegExp("[?&]" + a + "(=([^&#]*)|&|#|$)"), d = c.exec(b); return d ? d[2] ? decodeURIComponent(d[2].replace(/+/g, " ")) : "" : null } var d = window.top != window; if (!d) { document.getElementsByClassName || (document.getElementsByClassName = function (a) { for (var b = [], c = new RegExp("(^| )" + a + "( |$)"), d = document.getElementsByTagName("*"), e = 0, f = d.length; f > e; e++) c.test(d[e].className) && b.push(d[e]); return b }); for (var e = document.getElementsByClassName("status"), f = 0, g = e.length; g > f; ++f) { var h = e[f]; h.className = h.className + " normal" } } var i = parseInt(a("styletype"), 10), j = parseInt(a("sizetype"), 10), k = a("bgcolor"), l = NaN; if (1 !== i && 0 !== i && 1 === l && (i = 0), 1 === i) d ? document.body.className = document.body.className + " redesign-style_iframe" + (1 === j ? " redesign-style_iframe-small" : "") : document.body.className = document.body.className + "redesign-style_page", k && (document.body.style.backgroundColor = k), jQuery(".new-template").show(); else { if (d) { var m = ""; "white" != m && (document.body.style.color = "#373737") } else document.body.style.backgroundColor = "#333333", document.body.style.padding = "50px"; if (jQuery(".old-template").show(), 0 !== i) { var n = ""; if (n) { var o = document.createElement("link"); o.rel = "stylesheet", o.href = n.replace(new RegExp("javascript:", "gi"), ""), document.getElementsByTagName("head")[0].appendChild(o) } } } var p = window.usenewdomain ? "https://lp.open.weixin.qq.com" : "https://long.open.weixin.qq.com"; setTimeout(b, 100) }();
<!DOCTYPE html> <html> <head> <title>微信登录</title> <meta charset="utf-8"> <link rel="stylesheet" href="https://res.wx.qq.com/connect/zh_CN/htmledition/style/impowerApp45a337.css"> <link href="https://res.wx.qq.com/connect/zh_CN/htmledition/images/favicon3696b4.ico" rel="Shortcut Icon"> <script src="https://res.wx.qq.com/connect/zh_CN/htmledition/js/jquery.min3696b4.js"></script> </head> <body> <div class="old-template" style="display: none;"> <div class="main impowerBox"> <div class="loginPanel normalPanel"> <div class="title">微信登录</div> <div class="waiting panelContent"> <div class="wrp_code"><img class="qrcode lightBorder" src="/connect/qrcode/061eTl3r2M8z000N" /></div> <div class="info"> <div class="status status_browser js_status js_wx_default_tip" id="wx_default_tip"> <p>请使用微信扫描二维码登录</p> <p>“极客邦科技”</p> </div> <div class="status status_succ js_status js_wx_after_scan" style="display:none" id="wx_after_scan"> <i class="status_icon icon38_msg succ"></i> <div class="status_txt"> <h4>扫描成功</h4> <p>请在微信中点击确认即可登录</p> </div> </div> <div class="status status_fail js_status js_wx_after_cancel" style="display:none" id="wx_after_cancel"> <i class="status_icon icon38_msg warn"></i> <div class="status_txt"> <h4>您已取消此次登录</h4> <p>您可再次扫描登录,或关闭窗口</p> </div> </div> </div> </div> </div> </div> </div> <div class="new-template" style="display: none;"> <div class="wechat-bg"></div> <div class="wechat-logo"></div> <div class="redesign-login__area"> <div class="redesign-login__wrp"> <div class="redesign-login__title">微信登录“极客邦科技”</div> <div class="redesign-login__card"> <div class="redesign-login__qrcheck"> <img class="qrcode-image js_qr_img" src="/connect/qrcode/061eTl3r2M8z000N" /> <div class="redesign-msg_text js_status js_wx_default_tip" id="wx_default_tip"> <h4>请使用微信扫描二维码登录</h4> </div> </div> <div class="redesign-msg redesign-msg_success js_status js_wx_after_scan" style="display:none" id="wx_after_scan"> <i class="redesign-msg__icon redesign-msg__icon_success"></i> <div class="redesign-msg_text"> <h4>扫描成功</h4> <p>请在微信中点击确认即可登录</p> </div> </div> <div class="redesign-msg redesign-msg_warn js_status js_wx_after_cancel" style="display:none" id="wx_after_cancel"> <i class="redesign-msg__icon redesign-msg__icon_warn"></i> <div class="redesign-msg_text"> <h4>您已取消此次登录</h4> <p>您可再次扫描登录,或关闭窗口</p> </div> </div> </div> </div> </div> </div> <script> // @cunjin 下面的变量是给开发者工具用的,inline到html里面,一定不能删掉 var fordevtool = "https://long.open.weixin.qq.com/connect/l/qrconnect?uuid=061eTl3r2M8z000N" console.log('devtool use', fordevtool) </script> <script> var usenewdomain = '1' * 1 || 0 </script> <script> function AQ_SECAPI_ESCAPE(a,b){for(var c=new Array,d=0;d<a.length;d++)if("&"==a.charAt(d)){var e=[3,4,5,9],f=0;for(var g in e){var h=e[g];if(d+h<=a.length){var i=a.substr(d,h).toLowerCase();if(b[i]){c.push(b[i]),d=d+h-1,f=1;break}}}0==f&&c.push(a.charAt(d))}else c.push(a.charAt(d));return c.join("")}function AQ_SECAPI_CheckXss(){for(var a=new Object,b="'"<>`script:daex/hml;bs64,",c=0;c<b.length;c++){for(var d=b.charAt(c),e=d.charCodeAt(),f=e,g=e.toString(16),h=0;h<7-e.toString().length;h++)f="0"+f;a["&#"+e+";"]=d,a["&#"+f]=d,a["&#x"+g]=d}a["<"]="<",a[">"]=">",a["""]='"';var i=location.href,j=document.referrer;i=decodeURIComponent(AQ_SECAPI_ESCAPE(i,a)),j=decodeURIComponent(AQ_SECAPI_ESCAPE(j,a));var k=new RegExp("['"<>`]|script:|data:text/html;base64,");if(k.test(i)||k.test(j)){var l="1.3",m="http://zyjc.sec.qq.com/dom",n=new Image;n.src=m+"?v="+l+"&u="+encodeURIComponent(i)+"&r="+encodeURIComponent(j),i=i.replace(/['"<>`]|script:/gi,""),i=i.replace(/data:text/html;base64,/gi,"data:text/plain;base64,"),location.href=i}}AQ_SECAPI_CheckXss(); </script> <script> !function(){function a(a){var b=document.location.search||document.location.hash;if(b){if(/?/.test(b)&&(b=b.split("?")[1]),null==a)return decodeURIComponent(b);for(var c=b.split("&"),d=0;d<c.length;d++)if(c[d].substring(0,c[d].indexOf("="))==a)return decodeURIComponent(c[d].substring(c[d].indexOf("=")+1))}return""}function b(a){jQuery.ajax({type:"GET",url:p+"/connect/l/qrconnect?uuid=061eTl3r2M8z000N"+(a?"&last="+a:""),dataType:"script",cache:!1,timeout:6e4,success:function(a,e,f){var g=window.wx_errcode;switch(g){case 405:var h="https://account.geekbang.org/account/oauth/callback?type=wechat&ident=22ee36&login=0&cip=0&redirect=https%3A%2F%2Faccount.geekbang.org%2Fthirdlogin%3Fremember%3D1%26type%3Dwechat%26is_bind%3D0%26platform%3Dtime%26failedurl%3Dhttps%3A%2F%2Faccount.geekbang.org%2Fsignin";h=h.replace(/&/g,"&"),h+=(h.indexOf("?")>-1?"&":"?")+"code="+wx_code+"&state=b82914f3cf5f5f22d06c1565a898b047";var i=c("self_redirect");if(d)if("true"!==i&&"false"!==i)try{document.domain="qq.com";var j=window.top.location.host.toLowerCase();j&&(window.location=h)}catch(k){window.top.location=h}else if("true"===i)try{window.location=h}catch(k){window.top.location=h}else window.top.location=h;else window.location=h;break;case 404:jQuery(".js_status").hide(),jQuery(".js_qr_img").hide(),jQuery(".js_wx_after_scan").show(),setTimeout(b,100,g);break;case 403:jQuery(".js_status").hide(),jQuery(".js_qr_img").hide(),jQuery(".js_wx_after_cancel").show(),setTimeout(b,2e3,g);break;case 402:case 500:window.location.reload();break;case 408:setTimeout(b,2e3)}},error:function(a,c,d){var e=window.wx_errcode;408==e?setTimeout(b,5e3):setTimeout(b,5e3,e)}})}function c(a,b){b||(b=window.location.href),a=a.replace(/[[]]/g,"\$&");var c=new RegExp("[?&]"+a+"(=([^&#]*)|&|#|$)"),d=c.exec(b);return d?d[2]?decodeURIComponent(d[2].replace(/+/g," ")):"":null}var d=window.top!=window;if(!d){document.getElementsByClassName||(document.getElementsByClassName=function(a){for(var b=[],c=new RegExp("(^| )"+a+"( |$)"),d=document.getElementsByTagName("*"),e=0,f=d.length;f>e;e++)c.test(d[e].className)&&b.push(d[e]);return b});for(var e=document.getElementsByClassName("status"),f=0,g=e.length;g>f;++f){var h=e[f];h.className=h.className+" normal"}}var i=parseInt(a("styletype"),10),j=parseInt(a("sizetype"),10),k=a("bgcolor"),l=NaN;if(1!==i&&0!==i&&1===l&&(i=0),1===i)d?document.body.className=document.body.className+" redesign-style_iframe"+(1===j?" redesign-style_iframe-small":""):document.body.className=document.body.className+"redesign-style_page",k&&(document.body.style.backgroundColor=k),jQuery(".new-template").show();else{if(d){var m="";"white"!=m&&(document.body.style.color="#373737")}else document.body.style.backgroundColor="#333333",document.body.style.padding="50px";if(jQuery(".old-template").show(),0!==i){var n="";if(n){var o=document.createElement("link");o.rel="stylesheet",o.href=n.replace(new RegExp("javascript:","gi"),""),document.getElementsByTagName("head")[0].appendChild(o)}}}var p=window.usenewdomain?"https://lp.open.weixin.qq.com":"https://long.open.weixin.qq.com";setTimeout(b,100)}(); </script> </body> </html> https://account.geekbang.org/account/oauth/callback?type=wechat&ident=6c73da&login=0&cip=0&redirect=https%3A%2F%2Faccount.geekbang.org%2Fthirdlogin%3Fremember%3D1%26type%3Dwechat%26is_bind%3D0%26gk_notautolg%3D1%26platform%3Dtime%26failedurl%3Dhttps%3A%2F%2Faccount.geekbang.org%2Fsignin%3Fgk_notautolg%3D1&code=0611GWZv335yDV2Z243w3N6TEJ31GWZ9&state=8a2842918585373351e99e5e1cd41e8d type: wechat ident: 6c73da login: 0 cip: 0 redirect: https://account.geekbang.org/thirdlogin?remember=1&type=wechat&is_bind=0&gk_notautolg=1&platform=time&failedurl=https://account.geekbang.org/signin?gk_notautolg=1 code: 0611GWZv335yDV2Z243w3N6TEJ31GWZ9 state: 8a2842918585373351e99e5e1cd41e8d https://account.geekbang.org/thirdlogin?remember=1&type=wechat&is_bind=0&gk_notautolg=1&platform=time& remember: 1 type: wechat is_bind: 0 gk_notautolg: 1 platform: time
第一步:请求CODE
第三方使用网站应用授权登录前请注意已获取相应网页授权作用域(scope=snsapi_login),则可以通过在PC端打开以下链接: https://open.weixin.qq.com/connect/qrconnect?appid=APPID&redirect_uri=REDIRECT_URI&response_type=code&scope=SCOPE&state=STATE#wechat_redirect 若提示“该链接无法访问”,请检查参数是否填写错误,如redirect_uri的域名与审核时填写的授权域名不一致或scope不为snsapi_login。
参数说明
参数 | 是否必须 | 说明 |
---|---|---|
appid | 是 | 应用唯一标识 |
redirect_uri | 是 | 请使用urlEncode对链接进行处理 |
response_type | 是 | 填code |
scope | 是 | 应用授权作用域,拥有多个作用域用逗号(,)分隔,网页应用目前仅填写snsapi_login |
state | 否 | 用于保持请求和回调的状态,授权请求后原样带回给第三方。该参数可用于防止csrf攻击(跨站请求伪造攻击),建议第三方带上该参数,可设置为简单的随机数加session进行校验 |
返回说明
用户允许授权后,将会重定向到redirect_uri的网址上,并且带上code和state参数
redirect_uri?code=CODE&state=STATE
若用户禁止授权,则重定向后不会带上code参数,仅会带上state参数
redirect_uri?state=STATE