天天看點
傳回

關于APP開發第三方登入access_token與openid背景處理

1.流程:

App端調用第三方進行登入
->
第三方傳回openid(微網誌叫uid)與access_token
->
App端發送openid與access_token到背景
->
背景調用第三方提供的校驗API進行校驗
->
校驗成功傳回本應用的通路令牌token

2.背景資料庫隻需要在使用者表儲存openid即可

3.具體校驗過程:

背景采用Java開發   使用Jfinal架構 HttpKit和StrKit都是jfinal架構的内容   StrKit.isBlank方法是字元串的非空驗證 

微網誌:

url(post) https://api.weibo.com/oauth2/get_token_info
參數 access_token
傳回值

{

    "uid": 6021880,

    "appkey": "9187121",

    "scope": "follow_app_official_microblog",

    "create_at": 15231756,

    "expire_in": 5667

}
做法: 比對傳回的uid與open_id是否一緻

具體代碼如下:

public static boolean checkWeibo(String token, String openId) {
		String url = "https://api.weibo.com/oauth2/get_token_info";
		Map<String, String> paras = new HashMap<String, String>();
		paras.put("access_token", token);
		String responseString = HttpKit.post(url, paras, null);
		if (JFinal.me().getConstants().getDevMode()) {
			System.out.println(responseString);
		}
		if (StrKit.isBlank(responseString)) {
			return false;
		}
		JSONObject object = JSON.parseObject(responseString);
		if (object == null) {
			return false;
		}
		String uid = object.getString("uid");
		if (StrKit.isBlank(uid) || !uid.equals(openId)) {
			return false;
		}
		return true;
	}

微信:

url(get) https://api.weixin.qq.com/sns/auth
參數 access_token,openid
傳回值 {"errcode":0,"errmsg":"ok"}
做法 errcode=0代表成功 

具體代碼如下:

public static boolean checkWechat(String token, String openId) {
		String url = "https://api.weixin.qq.com/sns/auth";
		Map<String, String> paras = new HashMap<String, String>();
		paras.put("access_token", token);
		paras.put("openid", openId);
		String responseString = HttpKit.get(url, paras);
		if (JFinal.me().getConstants().getDevMode()) {
			System.out.println(responseString);
		}
		if (StrKit.isBlank(responseString)) {
			return false;
		}
		JSONObject object = JSON.parseObject(responseString);
		if (object == null) {
			return false;
		}
		int errcode = object.getIntValue("errcode");
		if (errcode != 0) {
			return false;
		}
		return true;
	}

QQ:

url(get) https://graph.qq.com/user/get_user_info
參數 oauth_consumer_key,access_token,openid
傳回值

{

    "ret": 0,

    "msg": "",

    "is_lost":0,

    "nickname": "123",

    "gender": "男",

    "province": "陝西",

    "city": "西安",

    "year": "",

    "is_yellow_vip": "0",

    "vip": "0",

    "yellow_vip_level": "0",

    "level": "0",

    "is_yellow_year_vip": "0"

}
做法 隻需要比對ret是否為0

具體代碼:

public static boolean checkQQ(String token, String openId) {
		String url = "https://graph.qq.com/user/get_user_info";
		Map<String, String> paras = new HashMap<String, String>();
		paras.put("oauth_consumer_key", "1106812746");//App在騰訊開放平台注冊的 appid
		paras.put("access_token", token);
		paras.put("openid", openId);
		String responseString = HttpKit.get(url, paras);
		if (JFinal.me().getConstants().getDevMode()) {
			System.out.println(responseString);
		}
		if (StrKit.isBlank(responseString)) {
			return false;
		}
		JSONObject object = JSON.parseObject(responseString);
		if (object == null) {
			return false;
		}
		int ret = object.getIntValue("ret");
		if (ret != 0) {
			return false;
		}
		return true;
	}

第一次做,各路大神輕噴。

第三方登入 access_token openId oauth token校驗
上一篇: Django架構+檔案上傳+API調用幹貨内容0x0 Django架構介紹1x0 Django工程建立2x0檔案上傳以及API調用代碼實作總結 Go與Python的比較
下一篇: 深入淺出多線程系列之十:Wait 和Pulse

繼續閱讀