1.流程:
App端調用第三方進行登入 |
-> |
第三方傳回openid(微網誌叫uid)與access_token |
-> |
App端發送openid與access_token到背景 |
-> |
背景調用第三方提供的校驗API進行校驗 |
-> |
校驗成功傳回本應用的通路令牌token |
2.背景資料庫隻需要在使用者表儲存openid即可
3.具體校驗過程:
背景采用Java開發 使用Jfinal架構 HttpKit和StrKit都是jfinal架構的内容 StrKit.isBlank方法是字元串的非空驗證
微網誌:
url(post) | https://api.weibo.com/oauth2/get_token_info |
參數 | access_token |
傳回值 | { "uid": 6021880, "appkey": "9187121", "scope": "follow_app_official_microblog", "create_at": 15231756, "expire_in": 5667 } |
做法: | 比對傳回的uid與open_id是否一緻 |
具體代碼如下:
public static boolean checkWeibo(String token, String openId) {
String url = "https://api.weibo.com/oauth2/get_token_info";
Map<String, String> paras = new HashMap<String, String>();
paras.put("access_token", token);
String responseString = HttpKit.post(url, paras, null);
if (JFinal.me().getConstants().getDevMode()) {
System.out.println(responseString);
}
if (StrKit.isBlank(responseString)) {
return false;
}
JSONObject object = JSON.parseObject(responseString);
if (object == null) {
return false;
}
String uid = object.getString("uid");
if (StrKit.isBlank(uid) || !uid.equals(openId)) {
return false;
}
return true;
}
微信:
url(get) | https://api.weixin.qq.com/sns/auth |
參數 | access_token,openid |
傳回值 | {"errcode":0,"errmsg":"ok"} |
做法 | errcode=0代表成功 |
具體代碼如下:
public static boolean checkWechat(String token, String openId) {
String url = "https://api.weixin.qq.com/sns/auth";
Map<String, String> paras = new HashMap<String, String>();
paras.put("access_token", token);
paras.put("openid", openId);
String responseString = HttpKit.get(url, paras);
if (JFinal.me().getConstants().getDevMode()) {
System.out.println(responseString);
}
if (StrKit.isBlank(responseString)) {
return false;
}
JSONObject object = JSON.parseObject(responseString);
if (object == null) {
return false;
}
int errcode = object.getIntValue("errcode");
if (errcode != 0) {
return false;
}
return true;
}
QQ:
url(get) | https://graph.qq.com/user/get_user_info |
參數 | oauth_consumer_key,access_token,openid |
傳回值 | { "ret": 0, "msg": "", "is_lost":0, "nickname": "123", "gender": "男", "province": "陝西", "city": "西安", "year": "", "is_yellow_vip": "0", "vip": "0", "yellow_vip_level": "0", "level": "0", "is_yellow_year_vip": "0" } |
做法 | 隻需要比對ret是否為0 |
具體代碼:
public static boolean checkQQ(String token, String openId) {
String url = "https://graph.qq.com/user/get_user_info";
Map<String, String> paras = new HashMap<String, String>();
paras.put("oauth_consumer_key", "1106812746");//App在騰訊開放平台注冊的 appid
paras.put("access_token", token);
paras.put("openid", openId);
String responseString = HttpKit.get(url, paras);
if (JFinal.me().getConstants().getDevMode()) {
System.out.println(responseString);
}
if (StrKit.isBlank(responseString)) {
return false;
}
JSONObject object = JSON.parseObject(responseString);
if (object == null) {
return false;
}
int ret = object.getIntValue("ret");
if (ret != 0) {
return false;
}
return true;
}
第一次做,各路大神輕噴。