I am looking to integrate WeChat in my application as sing up option, but first I wanted to confirm whether WeChat shares email/phoneid of the logged-in user.
Thanks,
No email/phoneid.
Wechat will give you the openid which helps you confirm users.
So you can save the openid to continue your bussines.
If you have more than one apps in wechat system.You can sign up the wechat development platform to get unionid which confirm users in different apps includes websites, apps, miniprograms, wechat official accounts or wechat Third platforms.
If your company is in China and has authentication in China,you can get the phonenumber.
Related
I developed a ionic 5 angular based mobile app that uses firebase authentication. I currently use email based login and now i want to switch to phone number based one. Is there any option to verify all the already registered users's phone number using firebase or any other service?
There is no way to change the authentication type of an existing account. But what you can do is also allow the user to sign in with their phone number, and then link the phone number credentials to their existing account.
For full details on how to do this, see the Firebase documentation on linking multiple auth providers to an account.
OpenId is an id of a Wechat personal account when it is following a Wechat Service Account. And the OpenIds are different for the same Wechat personal account in different Wechat Service Accounts.
So I want to find out OpenId of single account only and not the list of all the OpenIds which are following that WeChat service account.
Does anyone know how to get it?
I have to use it to send a message in https://api.weixin.qq.com/cgi-bin/message/template/send
You can get the user info via their UnionID first,(https://developers.weixin.qq.com/doc/offiaccount/en/User_Management/Get_users_basic_information_UnionID.html#UinonId) and then use the OpenID relevant to the current Official Account to send the Templated Message.
This way, your applications just need to track the UnionID, and get the user info on the fly, when needed (can be cached to avoid too many API calls etc).
1.Registing your service account with your email.
2.Getting your appid and appsecret.The appsecret must be saved after gained.
3.Setting the white doname in wechat service account managesites.When you are setting the doname, wechat will make you download a file and put it in your remote server where the doname sets.It will ensure the setting is from you and you can Scan code with your wxchat client.
4.Editing the miniprogram code. Use the method "wx.login()".you can get the jscode in the callback of "wx.login()" send it to your remote server.
5.Editing the remote server code.Send "get" request to get openid with your appid ,appsecret,the jscode from client.
https://api.weixin.qq.com/sns/jscode2session?appid=APPID&secret=SECRET&js_code=JSCODE&grant_type=authorization_code
("Superpoints" and "Megashop" used below are fake business names)
I am using Firebase Auth to authenticate users in my (Android) app ("Superpoints"). My users can earn points for using my app, they can later spend when paying for something.
I want to integrate with a partner ("Megashop") in the following way:
Alice opens the Superpoints app on her Android phone.
In the app she clicks on "Megashop campaigns".
A web browser or a web view (whichever is fine for me) for superpoints.megashop.com opens. The opened page has a button like "Login with Superpoints account".
Alice clicks on "Login with Superpoints account" and provides her credentials (this can be email+password, log in with phone number, log in with Google Account).
The system checks if Alice's accounts exists in my user database and sends back the response to Megashop with Alice's Superpoints membership ID and her balance (for example: "{ memberId: 100500, points: 42 }").
After Alice purchases something in Megashop, their checkout hook sends a request to HTTPS endpoint for a cloud function that adds an amount of points (for example, 250 points) to Alice's balance (something like https://app.superpoints.com/accrual?partner=megashop&memberId=100500&points=250).
On my app's website, I do the authentication using FirebaseUI Auth, in the app I'm also using FirebaseUI (library for Android).
Now finally the questions: How to authenticate my users on a third party's site? What are the best practices? Should I build some kind of a gateway for the third party, or is there an easier way for doing that?
This is a classic case of OAuth.
Firebase Auth, as far as I know, does not support acting as a OAuth provider.
I have built a chat bot for WeChat and connected it to a WeChat official page on https://admin.wechat.com
However, I can no longer login to the admin website. It gives invalid user/password, but I know they are correct. When I use the same user/password to check the account status it says the account is active.
Also if I try to reset the password it gives me the error "Server Busy", the same all week. It was working a few weeks ago.
I also tried login on https://mp.weixin.qq.com but I think you need a China account to connect to it?
Can anyone with an official WeChat account check if they can sign in?
This is a login page which works for me right now: https://mp.weixin.qq.com/debug/cgi-bin/sandbox?t=sandbox/login
It is for sandbox mode only, if you have official WeChat account, and wish to run your bot in production with full capabiities ensbled, you need to login differently.
You don't need a Chinese account to login to weixin sandbox.
I' working on a login page where I want to use WeChat as login option and I have a WeChat official account. In my understanding of the documentation it's supposed that the next link would generate a QR code to scan and after the user authorization redirects somewhere else...:
https://open.weixin.qq.com/connect/qrconnect?appid=wx8bxxx21bxxxx0fxxx&redirect_uri=https://myhostname/oauth2.php&response_type=code&scope=snsapi_login&state=101#wechat_redirect
But the link doesn't work. I don't know if I'm missing something or maybe the site https://myhostname/oauth2.php has to have a previous authorization call to WeChat... ???
Somebody has worked with this WeChat stuff?
Thanks in advance!
I realized later that you must have a WeChat Open Platform Account, where you register your web application, wait for approval, and then give it the login permission to get access to that QR Code functionality
If you are working on how to login web page after scanning qrcode of an offical account on the web page.
There are two ways to approach this.
Scan service official account
You can generate the qrcode injected with parameters. then after you scan, there will be an event triggered in your backend.
Capture the event and extract the parameter, then do the authentication in the way you want.
The basic workflow:
app frontend request your backend for a session.
app backend call wechat api to generate a qrcode, injecte with any parameter you like.
app frontend show the qrcode.
user scan the qrcode of the service account.
if user did not subscribe, then subscribe the official account.
backend receive the scan event, extract the info and authenticate the user.
Scan subscription official account
In subscription get less programing support, but you can still achieve it by design a random code.
The basic workflow:
app frontend request your backend for a session.
app backend generate a random code.
app frontend show the qrcode of the official account with a random code.
user scan the qrcode of the subscription official account.
if user did not subscribe, then subscribe the official account.
user input the random code in the official account message UI.
backend receive the code and authenticate the user.
attach user info in your db with openid if you want.
Use an open platform to do it in the smart way.
If you doing this for one official account, it is ok. Let's say if you want to reuse this for multiple official accounts.
Maybe can use the open platform way, so you can have only 1 backend to handle multiple accounts.
Wechat offer an open platform, here is the get start doc.
Register an open platform need to pay 300RMB for verification, more troublesome part is, you need to register a company to be qualified to pay.
So maybe using a third party open platform will be a better choice. Such as Dagui Qrcode Tool.
Key take aways
Use parameter Qrcode for service official account login
Use account qrcode with random code for subscription official account login
Use open platform for scaling
Authentication is flexible, the key is the event exchange flow.
More secret technology related to wechat development, can refer this article
You need to set the OAuth2.0 web authorization domain to your subdomain in your redirect url, such as: wechat.myredirectdomain.com.
This setting is hidden on the WeChat official account dev setting dashboard, some where in between the API list, make sure you set it properly.