WeChat js gets signature signature_html/css_WEB-ITnose

Server side:

1 Obtain WeChat js accessToken

Note: access_token is the globally unique ticket of the official account, and the official account needs to use access_token when calling each interface.
Developers need to save it properly. At least 512 characters of space must be reserved for access_token storage.
The validity period of access_token is currently 2 hours and needs to be refreshed regularly.
Repeated acquisition will cause the last access_token to become invalid.

The current validity period of access_token is conveyed by the returned expire_in, which is currently a value within 7200 seconds.
The central control server needs to refresh the new access_token in advance according to this valid time.

Obtaining method:
1). Official accounts can use AppID and AppSecret to call this interface to obtain access_token.
AppID and AppSecret can be obtained from the official website of WeChat public platform - Developer Center page
(You need to have become a developer, and the account has no abnormal status)

2) .http request method:
GET: https://api.weixin.qq.com/cgi-bin/token?grant_type=client_credential&appid=APPID&secret=APPSECRET

3) .Return instructions: Under normal circumstances, WeChat will return the following JSON Data package to the public account:
{"access_token":"ACCESS_TOKEN","expires_in":7200}

4) Put the obtained accessToken value into the cache, and the storage time is less than 7200 seconds

2 Get jsapi_ticket

Note: jsapi_ticket is a temporary ticket used by public accounts to call the WeChat JS interface.
Under normal circumstances, the validity period of jsapi_ticket is 7200 seconds, which is obtained through access_token.

Obtaining method:
1) Use http GET method to request jsapi_ticket (valid for 7200 seconds, developers must cache jsapi_ticket globally in their own services:
2) http request method:
GET : https://api.weixin.qq.com/cgi-bin/ticket/getticket?access_token=ACCESS_TOKEN&type=jsapi

3) Return instructions: Successfully return the following JSON:
{
" errcode":0,
"errmsg":"ok",
"ticket":"bxLdikRXVbTPdHSM05e5u5sUoXNKd8-41ZO3MhKoyN5OfkWITDGgnr2fwJ0m9E8NYzWKVZvdVtaUgWvsdshFKA",
"expires_in" :7200
}
4) Get the The jsapi_ticket value is placed in the cache, and the storage time is less than 7200 seconds

3 Generate signature

Note: The signature generation rules are as follows:
The fields involved in the signature include noncestr (random string),
Valid jsapi_ticket,
timestamp (timestamp),
url (URL of the current web page, excluding # and its following parts).
After sorting all the parameters to be signed according to the ASCII code of the field name from small to large (lexicographic order),
uses the URL key-value pair format (i.e. key1=value1&key2=value2...) to concatenate it into a string string1.
It should be noted here that all parameter names are lowercase characters.
Perform sha1 encryption on string1, use original values ​​for field names and field values, and do not perform URL escaping.
Obtaining method:
1). After sorting all the parameters to be signed according to the ASCII code of the field name from small to large (lexicographic order), use the URL key-value pair format
(i.e. key1=value1&key2=value2 ...) spliced ​​into string string1:

jsapi_ticket=sM4AOVdWfPE4DxkXGEs8VMCPGGVi4C3VM0P37wVUCFvkVAy_90u5h9nbSlYy3-Sl-HhTdfl2fzFy1AOcHKP7qg&noncestr=Wm3WZYTPz0wzccnW& timestamp=1414587457&url=http://mp.weixin.qq.com

2). Yes String1 is signed with sha1, and the signature is obtained: f4d90daf4b3bca3078ab155816175ba34c443a7b
Use Apache's commons-codec tool package. The DigestUtils class has a SHA encryption method that can be called directly..

3). Change the wx.config interface required The parameter values ​​are all put into the cache (i.e. signature, noncestr, timestamp), and the time is less than 7200 seconds.

Notes:

1) The noncestr and timestamp used for signature must be the same as the nonceStr and timestamp in wx.config.
2) The URL used for signature must be the complete URL of the page calling the JS interface.
3) For security reasons, developers must implement signature logic on the server side.