How to implement login and authorization for mini programs

Login:

If we want to implement the login of the mini program, we might as well try to complete the login when opening the mini program. In other words, we can add the mini program login code in the onlaunch method in app.js.

is as follows:

//微信的登录方法wx.login({      success: res => {          //登录成功后会返回一个微信端提供的 code ，用来自定义登录使用
        console.log("code",res.code);          //向自己的后台发送请求
        wx.request({          url: this.globalData.URL+'login/',          data:{            code:res.code
          },          header:{            "content-type": "application/json"
          },          method:"POST",          success:function(e){            console.log(e)              //请求成功后会返回一个自己后端生成的 token 用来做其他操作的校验，把token保存在本地
            wx.setStorageSync("token", e.data.data.token)
          }
        })        // 发送 res.code 到后台换取 openId, sessionKey, unionId
      }
    })

Backend code:

from rest_framework.views import APIViewfrom rest_framework.response import Responsefrom app01.wx import Wx_loginfrom django.core.cache import cachefrom app01 import modelsimport timeimport hashlibclass Login(APIView):
    def post(self,request):
        param = request.data        if param.get("code"):            #Wx_login是微信为我们提供的登录方法，这里的data已经有一个session_key和openid了
            data=Wx_login.login(param.get("code"))            if data:                # 1 session_key+时间戳等到一个key.(md5
                md5=hashlib.md5()
                md5.update(data.get("session_key").encode("utf8"))
                md5.update(str(time.time()).encode("utf8"))
                key=md5.hexdigest()                #2 session_key与openid做绑定等到val
                val=data.get("session_key")+'&'+data.get("openid")                #3key->val存到redis,
                cache.set(key,val)                #4把openid存到数据库
                user_data=models.Wxuser.objects.filter(openid=data.get("openid")).first()                if not user_data:
                    models.Wxuser.objects.create(openid=data.get("openid"))                #5把key返回给小程序
                return Response({"code": 200, "msg": "suc","data":{"token":key}})            else:                return Response({"code": 202, "msg": "code无效"})        else:            return Response({"code":201,"msg":"缺少参数"})

Wx_login

import requests# appid={}&secret={}&js_code={}from app01.wx import settingsdef login(code):
    #code2Session是wx提供的url，填入你的appid和appsecret以及前端发送来的code
        url=settings.code2Session.format(settings.AppId,settings.AppSecret,code)

    reponse=requests.get(url=url)    #得到的data里面有session_key和openid。
    data=reponse.json()
    print(data)    if data.get("session_key"):        return data    else:        return False

settings

#你注册的小程序的 appid 和 appsecret，code2Session是有官方提供的。pay_mchid是商铺号，需要工商证才能办理，所以自己没法搞。
AppId="wx69a0dca5c6b02a43"AppSecret="9d0f80642f4861b53df04a2f7bd65a59"code2Session="https://api.weixin.qq.com/sns/jscode2session?appid={}&secret={}&js_code={}&grant_type=authorization_code"pay_mchid ='1415981402'pay_apikey = 'xi34nu5jn7x2uujd8u4jiijd2u5d6j8e'

The login is completed.

Authorization

html is a button plus a click event, I won’t write it down, it mainly depends on what the click event does

luying: function () {    //这个方法的作用是获取配置，看所有的权限
    wx.getSetting({        //获取成功后进入
      success(res) {        console.log("res", res.authSetting['scope.record'])          //authSetting是这个权限的列表，这一句是看里面有没有录音这个权限
        if (!res.authSetting['scope.record']) {            //没有权限的话就会走这一句，这个方法的作用是获取权限
          wx.authorize({              //固定写法权限就是scope.xxx这样的
            scope: 'scope.record',            success() {              // 用户已经同意小程序使用录音功能，后续调用 wx.startRecord 接口不会弹窗询问
              wx.startRecord()
            },              //在失败前就已经调用了上面的获取权限，如果没有给权限的话，就会走这个方法。
            fail() {              console.log("你没有授权")
            }
          })
        } else {          // wx.startRecord()
        }
      }
    })
  },

(Learning video sharing: php Video tutorial)

Permission to obtain user information

Because user information may contain some sensitive information, such as session_key or openid, etc., if you want to obtain information on the front end, just Permission must be requested.

It should be noted that this method is wrong

<button bind:tap="info">用户信息</button>

It must be written like this, so that when obtaining the request, some key things will be passed into the click event inside.

<button open-type="getUserInfo" bindgetuserinfo="info1">获取用户信</button>

js

info1: function (res) {    console.log(res, "按钮")    // wx.getUserInfo({
    //   success: function (res) {
    //     console.log(res, "用户信息")
    //   }
    // })
    var that = this
    //这个方法是用来看你session_key有没有过期的
    wx.checkSession({      success() {        //session_key 未过期，并且在本生命周期一直有效
        wx.request({          url: app.globalData.URL + "userinfo/",          data: {              //这个东西就是用户信息了，里面包含敏感信息，是按钮点击的时候传进来的
            encryptedData: res.detail.encryptedData,              //同上，也是点击的时候传进来的
            iv: res.detail.iv,              //登录成功后返回的token带上
            token: wx.getStorageSync("token")
          },          header: {            "content-type": "application/json"
          },          method: "POST",          success: function (e) {            console.log(e)

          }
        })
      },      fail() {        // session_key 已经失效，需要重新执行登录流程
        wx.login() //重新登录
      }
    })
  }

Related recommendations: 小program development tutorial

The above is the detailed content of How to implement login and authorization for mini programs. For more information, please follow other related articles on the PHP Chinese website!