WeChat small program API login
May 19, 2021 WeChat Mini Program Development Document
Table of contents
wx.login(OBJECT)
Call the interface to obtain the login credentials (code) in exchange for the user's login status information, including the user's unique identity (openid) and the session key (session_key). Decrypting the communication of user data relies on the session key to complete.
OBJECT parameter description:
| The name of the argument | Type | Required | Description |
|---|---|---|---|
| success | Function | Whether | The interface calls a successful callback function |
| fail | Function | Whether | The interface calls the failed callback function |
| complete | Function | Whether | Callback function at end of interface call (call succeeds, fails are executed) |
Success returns a description of the parameters:
| The name of the argument | Type | Description |
|---|---|---|
| errMsg | String | The result of the call |
| code | String |
Once the user is allowed to log in, the callback content is brought with the code (valid for five minutes), and the developer needs to send the code to the developer server
code 换取 session_key
api, and replace the code with openid and session_key
|
Example code:
//app.js
App({
onLaunch: function() {
wx.login({
success: function(res) {
if (res.code) {
//发起网络请求
wx.request({
url: 'https://test.com/onLogin',
data: {
code: res.code
}
})
} else {
console.log('获取用户登录态失败!' + res.errMsg)
}
}
});
}
})
code in exchange session_key
This is an HTTPS interface where the developer server uses login credential code to get session_key and openid. T he session_key is the key to the encrypted signature of the user's data. For the security of your own applications, session_key should not be transmitted over the network.
Interface address:
https://api.weixin.qq.com/sns/jscode2session?appid=APPID&secret=SECRET&js_code=JSCODE&grant_type=authorization_code
Request parameters:
| Parameters | Required | Description |
|---|---|---|
| appid | Is | The small program is uniquely identified |
| secret | Is | The app secret of the small program |
| js_code | Is | The code you get when you sign in |
| grant_type | Is | Fill in the authorization_code |
Return parameters:
| Parameters | Description |
|---|---|
| Openid | The user's unique identity |
| session_key | The session key |
| unionid | The user's unique identifier on the open platform. T his field is returned only if certain conditions are met. See the UnionID mechanism description for details |
Return to the instructions:
//正常返回的JSON数据包
{
"openid": "OPENID",
"session_key": "SESSIONKEY"
"unionid": "UNIONID"
}
//错误时返回JSON数据包(示例为Code无效)
{
"errcode": 40029,
"errmsg": "invalid code"
}
wx.checkSession(OBJECT)
The user login state obtained through the above interface has a certain time-thy-time. T
he longer a user does not use a small program, the more likely the user login state is to fail. C
onversely, if the user has been using a small program, the user login state remains valid. T
he time-specific logic is maintained by WeChat and transparent to developers. D
evelopers only need to call the wx.checkSession interface
to detect if the current user login status is valid.
A
fter the login state expires, the developer can call wx.login to get the new user login state.
OBJECT parameter description:
| The name of the argument | Type | Required | Description |
|---|---|---|---|
| success | Function | Whether | The interface calls a successful callback function, and the landing state has not expired |
| fail | Function | Whether | The interface calls the failed callback function, and the landing state has expired |
| complete | Function | Whether | Callback function at end of interface call (call succeeds, fails are executed) |
Example code:
wx.checkSession({
success: function(){
//session 未过期,并且在本生命周期一直有效
},
fail: function(){
//登录态过期
wx.login() //重新登录 ....
}
})
Login state maintenance
Once
wx.login()
the login state needs to be maintained. D
evelopers
should be aware that fields such as session_key, openid, etc.
should not be used directly as the user's identity or session's identity, but should send a session login status themselves (see login time series diagram). F
or sessions generated by developers themselves, they should be secure and should not be set a longer expiration time.
After session is assigned to the small program client, it can be stored in storage for subsequent communication use.
Detect if
wx.checkSession()
and decide whether to call wx.login() to get the login state again
Sign in to the time series chart
Bug & Tip
-
bug:iOS/Android6.3.30an exception occurs when app.onLaunch calls wx.login;