微信扫码登录实现

Posted

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了微信扫码登录实现相关的知识,希望对你有一定的参考价值。


第三方微信登录功能

  • ​​一、准备工作​​
  • ​​二、微信登录后端开发​​
  • ​​2.1 添加配置​​
  • ​​2.2 创建常量类,创建ConstantPropertiesUtil.java常量类​​
  • ​​2.3 创建controller​​
  • ​​2.4 测试​​
  • ​​三、获取微信扫描人的信息​​
  • ​​3.1 测试回调是否可用​​
  • ​​3.2 添加依赖​​
  • ​​3.3 添加httpclient工具类​​
  • ​​3.4 创建回调controller方法​​
  • ​​3.5 前端显示扫描人信息​​
  • ​​3.6 登录之后的前端显示效果​​

一、准备工作

​https://open.weixin.qq.com​​​ 1、注册
2、邮箱激活
3、完善开发者资料
4、开发者资质认证
准备营业执照,1-2个工作日审批、300元
5、创建网站应用
提交审核,7个工作日审批
6、熟悉微信登录流程
参考文档:​​​https://open.weixin.qq.com/cgi-bin/showdocument?action=dir_list&t=resource/res_list&verify=1&id=open1419316505&token=e547653f995d8f402704d5cb2945177dc8aa4e7e&lang=zh_CN​​​ 获取access_token时序图
微信扫码登录实现_apache

注意:个人开发者是不能申请的,必须要有营业执照,如果实在用不了的话,考虑使用微信公众平台,我下面是用了别人的appid和密钥。

二、微信登录后端开发

2.1 添加配置

application.properties配置文件:

# 微信开放平台 appid
wx.open.app_id=你的appid
# 微信开放平台 appsecret
wx.open.app_secret=你的appsecret
# 微信开放平台 重定向url
wx.open.redirect_url=http://你的服务器名称/api/ucenter/wx/callback

2.2 创建常量类,创建ConstantPropertiesUtil.java常量类

import org.springframework.beans.factory.InitializingBean;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.stereotype.Component;

/**
* 读取微信登录的相关配置
*/
@Component
public class ConstantWxUtils implements InitializingBean
@Value("$wx.open.app_id")
private String appId;

@Value("$wx.open.app_secret")
private String appSecret;

@Value("$wx.open.redirect_url")
private String redirectUrl;

public static String WX_OPEN_APP_ID;
public static String WX_OPEN_APP_SECRET;
public static String WX_OPEN_REDIRECT_URL;

@Override
public void afterPropertiesSet() throws Exception
WX_OPEN_APP_ID = appId;
WX_OPEN_APP_SECRET = appSecret;
WX_OPEN_REDIRECT_URL = redirectUrl;

2.3 创建controller

WxApiController

import com.atguigu.commonutils.JwtUtils;
import com.atguigu.educenter.entity.UcenterMember;
import com.atguigu.educenter.service.UcenterMemberService;
import com.atguigu.educenter.utils.ConstantWxUtils;
import com.atguigu.educenter.utils.HttpClientUtils;
import com.atguigu.servicebase.exceptionhandler.GuliException;
import com.google.gson.Gson;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.CrossOrigin;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RequestMapping;

import java.io.UnsupportedEncodingException;
import java.net.URLEncoder;
import java.util.HashMap;

@Controller //只是请求地址 不需要返回数据 不用RestController
@RequestMapping("/api/ucenter/wx")
@CrossOrigin
public class WxApiController

//1、生成微信扫描的二维码
@GetMapping("login")
public String getWxCode()
//固定地址,后面拼接参数
// 微信开放平台授权baseUrl %s相当于?占位符
String baseUrl = "https://open.weixin.qq.com/connect/qrconnect" +
"?appid=%s" +
"&redirect_uri=%s" +
"&response_type=code" +
"&scope=snsapi_login" +
"&state=%s" +
"#wechat_redirect";
//对redirect_url进行URLEncoder编码
String redirect_url=ConstantWxUtils.WX_OPEN_REDIRECT_URL;
try
redirect_url = URLEncoder.encode(redirect_url, "utf-8");
catch (UnsupportedEncodingException e)
e.printStackTrace();

//设置%s里面的值
String url = String.format(baseUrl,
ConstantWxUtils.WX_OPEN_APP_ID,
redirect_url,
"atguigu"
);
//重定向到请求微信地址里面
return "redirect:"+url;

授权url参数说明

参数

是否必须

说明

appid


应用唯一标识

redirect_uri


请使用urlEncode对链接进行处理

response_type


填code

scope


应用授权作用域,拥有多个作用域用逗号(,)分隔,网页应用目前仅填写snsapi_login

state


用于保持请求和回调的状态,授权请求后原样带回给第三方。该参数可用于防止csrf攻击(跨站请求伪造攻击),建议第三方带上该参数,可设置为简单的随机数加session进行校验

2.4 测试

访问:​​http://localhost:8160/api/ucenter/wx/login​

微信扫码登录实现_apache_02


手机扫描二维码之后的界面如下

微信扫码登录实现_spring_03


网页上面也会显示

微信扫码登录实现_微信登录_04

三、获取微信扫描人的信息

3.1 测试回调是否可用

回调的url我们在登录的controller中已经制定了,如下图

微信扫码登录实现_微信登录_05


扫描之后,执行本地的callback方法,在callback获取两个值,在跳转的时候传递过来。

state:原样传递

code:类似于手机验证码,随机唯一的值(临时票据)

//2、获取扫描人信息,添加数据
@GetMapping("callback")
public String callback(String code,String state)
//得到授权临时票据code
System.out.println("code = " + code);
System.out.println("state = " + state);

3.2 添加依赖

这里没指定版本是因为我已经在父项目中指定过了,我开发的是微服务项目,你根据自己情况。

<!--httpclient-->
<dependency>
<groupId>org.apache.httpcomponents</groupId>
<artifactId>httpclient</artifactId>
</dependency>
<!--commons-io-->
<dependency>
<groupId>commons-io</groupId>
<artifactId>commons-io</artifactId>
</dependency>
<!--gson-->
<dependency>
<groupId>com.google.code.gson</groupId>
<artifactId>gson</artifactId>
</dependency>

3.3 添加httpclient工具类

httpclient主要是通过java代码的方式也可以实现和浏览器访问一样的效果。我们主要用这个去调用微信官方提供的接口。

import org.apache.commons.io.IOUtils;
import org.apache.commons.lang.StringUtils;
import org.apache.http.Consts;
import org.apache.http.HttpEntity;
import org.apache.http.HttpResponse;
import org.apache.http.NameValuePair;
import org.apache.http.client.HttpClient;
import org.apache.http.client.config.RequestConfig;
import org.apache.http.client.config.RequestConfig.Builder;
import org.apache.http.client.entity.UrlEncodedFormEntity;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.conn.ConnectTimeoutException;
import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
import org.apache.http.conn.ssl.SSLContextBuilder;
import org.apache.http.conn.ssl.TrustStrategy;
import org.apache.http.conn.ssl.X509HostnameVerifier;
import org.apache.http.entity.ContentType;
import org.apache.http.entity.StringEntity;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClients;
import org.apache.http.impl.conn.PoolingHttpClientConnectionManager;
import org.apache.http.message.BasicNameValuePair;

import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocket;
import java.io.IOException;
import java.net.SocketTimeoutException;
import java.security.GeneralSecurityException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.List;
import java.util.Map;
import java.util.Map.Entry;
import java.util.Set;

/**
* 依赖的jar包有:commons-lang-2.6.jar、httpclient-4.3.2.jar、httpcore-4.3.1.jar、commons-io-2.4.jar
* @author zhaoyb
*
*/
public class HttpClientUtils

public static final int connTimeout=10000;
public static final int readTimeout=10000;
public static final String charset="UTF-8";
private static HttpClient client = null;

static
PoolingHttpClientConnectionManager cm = new PoolingHttpClientConnectionManager();
cm.setMaxTotal(128);
cm.setDefaultMaxPerRoute(128);
client = HttpClients.custom().setConnectionManager(cm).build();


public static String postParameters(String url, String parameterStr) throws ConnectTimeoutException, SocketTimeoutException, Exception
return post(url,parameterStr,"application/x-www-form-urlencoded",charset,connTimeout,readTimeout);


public static String postParameters(String url, String parameterStr,String charset, Integer connTimeout, Integer readTimeout) throws ConnectTimeoutException, SocketTimeoutException, Exception
return post(url,parameterStr,"application/x-www-form-urlencoded",charset,connTimeout,readTimeout);


public static String postParameters(String url, Map<String, String> params) throws ConnectTimeoutException,
SocketTimeoutException, Exception
return postForm(url, params, null, connTimeout, readTimeout);


public static String postParameters(String url, Map<String, String> params, Integer connTimeout,Integer readTimeout) throws ConnectTimeoutException,
SocketTimeoutException, Exception
return postForm(url, params, null, connTimeout, readTimeout);


public static String get(String url) throws Exception
return get(url, charset, null, null);


public static String get(String url, String charset) throws Exception
return get(url, charset, connTimeout, readTimeout);


/**
* 发送一个 Post 请求, 使用指定的字符集编码.
*
* @param url
* @param body RequestBody
* @param mimeType 例如 application/xml "application/x-www-form-urlencoded" a=1&b=2&c=3
* @param charset 编码
* @param connTimeout 建立链接超时时间,毫秒.
* @param readTimeout 响应超时时间,毫秒.
* @return ResponseBody, 使用指定的字符集编码.
* @throws ConnectTimeoutException 建立链接超时异常
* @throws SocketTimeoutException 响应超时
* @throws Exception
*/
public static String post(String url, String body, String mimeType,String charset, Integer connTimeout, Integer readTimeout)
throws ConnectTimeoutException, SocketTimeoutException, Exception
HttpClient client = null;
HttpPost post = new HttpPost(url);
String result = "";
try
if (StringUtils.isNotBlank(body))
HttpEntity entity = new StringEntity(body, ContentType.create(mimeType, charset));
post.setEntity(entity);

// 设置参数
Builder customReqConf = RequestConfig.custom();
if (connTimeout != null)
customReqConf.setConnectTimeout(connTimeout);

if (readTimeout != null)
customReqConf.setSocketTimeout(readTimeout);

post.setConfig(customReqConf.build());

HttpResponse res;
if (url.startsWith("https"))
// 执行 Https 请求.
client = createSSLInsecureClient();
res = client.execute(post);
else
// 执行 Http 请求.
client = HttpClientUtils.client;
res = client.execute(post);

result = IOUtils.toString(res.getEntity().getContent(), charset);
finally
post.releaseConnection();
if (url.startsWith("https") && client != null&& client instanceof CloseableHttpClient)
((CloseableHttpClient) client).close();


return result;



/**
* 提交form表单
*
* @param url
* @param params
* @param connTimeout
* @param readTimeout
* @return
* @throws ConnectTimeoutException
* @throws SocketTimeoutException
* @throws Exception
*/
public static String postForm(String url, Map<String, String> params, Map<String, String> headers, Integer connTimeout,Integer readTimeout) throws ConnectTimeoutException,
SocketTimeoutException, Exception

HttpClient client = null;
HttpPost post = new HttpPost(url);
try
if (params != null && !params.isEmpty())
List<NameValuePair> formParams = new ArrayList<NameValuePair>();
Set<Entry<String, String>> entrySet = params.entrySet();
for (Entry<String, String> entry : entrySet)
formParams.add(new BasicNameValuePair(entry.getKey(), entry.getValue()));

UrlEncodedFormEntity entity = new UrlEncodedFormEntity(formParams, Consts.UTF_8);
post.setEntity(entity);


if (headers != null && !headers.isEmpty())
for (Entry<String, String> entry : headers.entrySet())
post.addHeader(entry.getKey(), entry.getValue());


// 设置参数
Builder customReqConf = RequestConfig.custom();
if (connTimeout != null)
customReqConf.setConnectTimeout(connTimeout);

if (readTimeout != null)
customReqConf.setSocketTimeout(readTimeout);

post.setConfig(customReqConf.build());
HttpResponse res = null;
if (url.startsWith("https"))
// 执行 Https 请求.
client = createSSLInsecureClient();
res = client.execute(post);
else
// 执行 Http 请求.
client = HttpClientUtils.client;
res = client.execute(post);

return IOUtils.toString(res.getEntity().getContent(), "UTF-8");
finally
post.releaseConnection();
if (url.startsWith("https") && client != null
&& client instanceof CloseableHttpClient)
((CloseableHttpClient) client).close();







/**
* 发送一个 GET 请求
*
* @param url
* @param charset
* @param connTimeout 建立链接超时时间,毫秒.
* @param readTimeout 响应超时时间,毫秒.
* @return
* @throws ConnectTimeoutException 建立链接超时
* @throws SocketTimeoutException 响应超时
* @throws Exception
*/
public static String get(String url, String charset, Integer connTimeout,Integer readTimeout)
throws ConnectTimeoutException,SocketTimeoutException, Exception

HttpClient client = null;
HttpGet get = new HttpGet(url);
String result = "";
try
// 设置参数
Builder customReqConf = RequestConfig.custom();
if (connTimeout != null)
customReqConf.setConnectTimeout(connTimeout);

if (readTimeout != null)
customReqConf.setSocketTimeout(readTimeout);

get.setConfig(customReqConf.build());

HttpResponse res = null;

if (url.startsWith("https"))
// 执行 Https 请求.
client = createSSLInsecureClient();
res = client.execute(get);
else
// 执行 Http 请求.
client = HttpClientUtils.client;
res = client.execute(get);


result = IOUtils.toString(res.getEntity().getContent(), charset);
finally
get.releaseConnection();
if (url.startsWith("https") && client != null && client instanceof CloseableHttpClient)
((CloseableHttpClient) client).close();


return result;



/**
* 从 response 里获取 charset
*
* @param ressponse
* @return
*/
@SuppressWarnings("unused")
private static String getCharsetFromResponse(HttpResponse ressponse)
// Content-Type:text/html; charset=GBK
if (ressponse.getEntity() != null && ressponse.getEntity().getContentType() != null && ressponse.getEntity().getContentType().getValue() != null)
String contentType = ressponse.getEntity().getContentType().getValue();
if (contentType.contains("charset="))
return contentType.substring(contentType.indexOf("charset=") + 8);


return null;




/**
* 创建 SSL连接
* @return
* @throws GeneralSecurityException
*/
private static CloseableHttpClient createSSLInsecureClient() throws GeneralSecurityException
try
SSLContext sslContext = new SSLContextBuilder().loadTrustMaterial(null, new TrustStrategy()
public boolean isTrusted(X509Certificate[] chain,String authType) throws CertificateException
return true;

).build();

SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory(sslContext, new X509HostnameVerifier()

@Override
public boolean verify(String arg0, SSLSession arg1)
return true;


@Override
public void verify(String host, SSLSocket ssl)
throws IOException


@Override
public void verify(String host, X509Certificate cert)
throws SSLException


@Override
public void verify(String host, String[] cns,
String[] subjectAlts) throws SSLException


);

return HttpClients.custom().setSSLSocketFactory(sslsf).build();

catch (GeneralSecurityException e)
throw e;



public static void main(String[] args)
try
String str= post("https://localhost:443/ssl/test.shtml","name=12&page=34","application/x-www-form-urlencoded", "UTF-8", 10000, 10000);
//String str= get("https://localhost:443/ssl/test.shtml?name=12&page=34","GBK");
/*Map<String,String> map = new HashMap<String,String>();
map.put("name", "111");
map.put("page", "222");
String str= postForm("https://localhost:443/ssl/test.shtml",map,null, 10000, 10000);*/
System.out.println(str);
catch (ConnectTimeoutException e)
// TODO Auto-generated catch block
e.printStackTrace();
catch (SocketTimeoutException e)
// TODO Auto-generated catch block
e.printStackTrace();
catch (Exception e)
// TODO Auto-generated catch block
e.printStackTrace();



3.4 创建回调controller方法

1、回调的时候大致的想法就是拿着上面扫描登录获取到的code值,请求微信提供的地址​​https://api.weixin.qq.com/sns/oauth2/access_token?appid=APPID&secret=SECRET&code=CODE&grant_type=authorization_code​​​获取到两个值​​access_token​​​和​​openid​​​ 这块参考微信官网文档​​https://developers.weixin.qq.com/doc/oplatform/Website_App/WeChat_Login/Wechat_Login.html​​ 2、然后拿着上面获取到的​​access_token​​和​​openid​​,再去请求微信提供的地址​​https://api.weixin.qq.com/sns/userinfo?access_token=%s&openid=%s​​,%s是我的占位符,你根据自己情况修改,到这里就可以获取到微信扫描人的信息了,比如微信昵称、微信头像、openid等等。
在WxApiController.java中添加如下方法

@Autowired
private UcenterMemberService memberService;

//2、获取扫描人信息,添加数据
@GetMapping("callback")
public String callback(String code,String state)
try
//1、获取到code值,临时票据,类似于验证码
//2、拿着code去请求微信固定的地址,得到两个值 access_token和openid
String baseAccessTokenUrl = "https://api.weixin.qq.com/sns/oauth2/access_token" +
"?appid=%s" +
"&secret=%s" +
"&code=%s" +
"&grant_type=authorization_code";
//拼接三个参数:id 密钥和code值
String accessTokenUrl = String.format(baseAccessTokenUrl,
ConstantWxUtils.WX_OPEN_APP_ID,
ConstantWxUtils.WX_OPEN_APP_SECRET,
code
);
//请求这个拼接好的地址,得到两个值 access_token和openid
//使用httpclient发送请求,得到返回结果
String accessTokenInfo = HttpClientUtils.get(accessTokenUrl);
// System.out.println("accessTokenInfo:"+accessTokenInfo);
//从accessTokenInfo字符串里面获取access_token和openid两个值
//把accessTokenInfo字符串转换成map集合,根据Map里面的key获取对应值
//使用json转换工具 Gson
Gson gson=new Gson();
HashMap mapAccessToken = gson.fromJson(accessTokenInfo, HashMap.class);
String access_token = (String) mapAccessToken.get("access_token");
String openid = (String) mapAccessToken.get("openid");

//把扫码人信息添加到数据库里面
//判断数据库里面是否存在相同的微信信息,根据openid判断
UcenterMember member = memberService.getOpenIdMember(openid);
if(member ==null) //member是空,表示表里面没有相同的微信数据,进行添加

//3、拿着得到的access_token和openid,再去请求微信提供的固定地址,获取扫码人的信息
//访问微信的资源服务器,获取用户信息
String baseUserInfoUrl = "https://api.weixin.qq.com/sns/userinfo" +
"?access_token=%s" +
"&openid=%s";
String userInfoUrl= String.format(
baseUserInfoUrl,
access_token,
openid
);
//发送请求
String userInfo = HttpClientUtils.get(userInfoUrl);
// System.out.println("userInfo:"+userInfo);
//获取返回userInfo中的用户信息(扫码人信息)
HashMap userInfoMap = gson.fromJson(userInfo, HashMap.class);
String nickname = (String) userInfoMap.get("nickname"); //昵称
String headimgurl = (String) userInfoMap.get("headimgurl"); //头像

member=new UcenterMember();
member.setOpenid(openid);
member.setNickname(nickname);
member.setAvatar(headimgurl);
memberService.save(member); //添加

//使用jwt根据member对象生成token字符串
String jwtToken = JwtUtils.getJwtToken(member.getId(), member.getNickname());
//最后 返回首页面,通过路径传递token字符串
return "redirect:http://localhost:3000?token="+jwtToken;
catch (Exception e)
throw new GuliException(20001,"登录失败");

  上面还做了个判断,如果是第一次登录,则将信息添加到数据库中。

3.5 前端显示扫描人信息

  这里其实后端开发人员的工作已经基本做完了,但是如果想在前端显示的话,我们最好还是根据微信信息使用​​jwt​​​,生成token字符串,把token字符串通过路径传递到首页面。
上一步的代码已经包含了这一步。

//使用jwt根据member对象生成token字符串
String jwtToken = JwtUtils.getJwtToken(member.getId(), member.getNickname());
//最后 返回首页面,通过路径传递token字符串
return "redirect:http://localhost:3000?token="+jwtToken;

3.6 登录之后的前端显示效果

  前端代码我就不放出来了,你根据自己需要实现自己想要的效果就行,我登录之后通过回调最后登录到了首页面,并在右上方显示信息(头像、昵称等等)。

微信扫码登录实现_springcloud_06


以上是关于微信扫码登录实现的主要内容,如果未能解决你的问题,请参考以下文章

用企业微信的扫码功能,识别用户,登录自己的网站么

微信扫码登录的技术实现思考

微信扫码登录实现

(转)微信扫码登录网页实现原理

java实现微信扫码登录功能 精讲

Web应用多账号系统设计及微信扫码登录实现