Detailed explanation of WeChat mini program authorization mechanism

Actually, what we are talking about here is not the authorization mechanism of the mini program, but the login state mechanism. The authorization in the mini program is the authorization for a specific interface. WeChat has officially encapsulated many API interfaces for mini programs.

When calling wx.login(), you can initiate a request to the server and get the code.

In the public account, the developer needs to set up the link on the server.

The client needs to send the code to the server when it gets it. WeChat does not recommend that the client send the code directly to WeChat.

After the server receives the code, it carries the appid and secret to access the WeChat server. The WeChat server will return the openid and session_key.
Among them:

openid是用户标识。
session_key是解密用的。因为有的接口返回来的数据是加密的，比如当我们想获取unionid时。

When the developer server gets the openid and session_key returned by WeChat, it will generate a 3rd_session (preferably associated with openid), which can also be called a token. Then return this 3rd_session to the client, and store the data with 3rd_session as the key and openid+session_key as the value in the server's session.

After the client receives this 3rd_session, it is also written into the storage.
In this way, after the user re-enters the mini program, the login status can be detected by calling wx.checksession().

In addition, writing this 3rd_session into the client also makes our interface more reasonable.
Because some interfaces are public interfaces, and some interfaces require permission control. And this 3rd_session is the user's unique identifier.

Related recommendations:

Instance of WeChat applet authorization to obtain user details

The above is the detailed content of Detailed explanation of WeChat mini program authorization mechanism. For more information, please follow other related articles on the PHP Chinese website!