OpenId is an id of a Wechat personal account when it is following a Wechat Service Account. And the OpenIds are different for the same Wechat personal account in different Wechat Service Accounts.
So I want to find out OpenId of single account only and not the list of all the OpenIds which are following that WeChat service account.
Does anyone know how to get it?
I have to use it to send a message in https://api.weixin.qq.com/cgi-bin/message/template/send
You can get the user info via their UnionID first,(https://developers.weixin.qq.com/doc/offiaccount/en/User_Management/Get_users_basic_information_UnionID.html#UinonId) and then use the OpenID relevant to the current Official Account to send the Templated Message.
This way, your applications just need to track the UnionID, and get the user info on the fly, when needed (can be cached to avoid too many API calls etc).
1.Registing your service account with your email.
2.Getting your appid and appsecret.The appsecret must be saved after gained.
3.Setting the white doname in wechat service account managesites.When you are setting the doname, wechat will make you download a file and put it in your remote server where the doname sets.It will ensure the setting is from you and you can Scan code with your wxchat client.
4.Editing the miniprogram code. Use the method "wx.login()".you can get the jscode in the callback of "wx.login()" send it to your remote server.
5.Editing the remote server code.Send "get" request to get openid with your appid ,appsecret,the jscode from client.
https://api.weixin.qq.com/sns/jscode2session?appid=APPID&secret=SECRET&js_code=JSCODE&grant_type=authorization_code
Related
Firebase auth clients can automatically send an email to a user when they try to sign in using password-less signin. For example, all you have to do in the android client is auth.sendSignInLinkToEmail(email, actionCodeSettings) and the firebase servers take care of everything. That means that there's already an email template, SMTP configuration, etc to be able to send that email.
How can one tap into that infrastructure but from a backend? all I find in the admin sdk is how to generate the sign-in link but that would force one to set up a service to send the email, deal with templates and localization and other things that give you extra flexibility but that are not necessary if the existing mechanism works well for you
My end goal is to register my API to receive notifications of leads generated by LinkedIn for my business's Company Page. The docs here say I need to register at https://api.linkedin.com/v2/leadNotificationUrls using the r_ads_ge_automation permission. I'm trying to acquire this type of access token by using a web browser to hit https://www.linkedin.com/oauth/v2/authorization?response_type=code&client_id=client_id_for_my_application&redirect_uri=https://my.company.net/api/oauth/linkedin&state=Testing12345&scope=r_ads_leadgen_automation, then logging in as a user that is an admin for the respective company page, then acquiring authentication code, and finally requesting an access token.
The problem is that when I try to hit https://www.linkedin.com/oauth/v2/authorization (with the query params above), I get an error response stating "r_ads_leadgen is not authorized for your application". I can't find any kind of application configuration that is supposed to give this permission to my application.
Can anyone help? Thank you
Permissions are offered to select Partners only. Have you applied to a Partner Program https://business.linkedin.com/marketing-solutions/marketing-partners/become-a-partner?
I want to be able to access other users Google Calendars through a service account so I am not prompted for authorization. I am doing this in a simple .net c# console app. When I attempt to create my credentials in the Google API Manager, it gives me the following alert when I specify I am using a non UI app and I want to access User Data. Isn't the purpose of using the service account to access other users data without a UI?
"User data cannot be accessed from a platform without a UI because it requires user interaction for sign-in."
You may have misunderstood the meaning of using a service account to impersonate a user. To help you with Authentication, you might want to check this tutorial : Google Calendar API Authentication with C# by Daimto.
Things to take note of :
To be able to access other calendars by service account, users who own the calendar should share it to the service account.
To impersonate a user, you must know the email address.
From the tutorial:
If you are only accessing data that you own there is no reason to ask a user for permission to access it. You can use a Service account. (Privacy)
If you want to be able to access data owned by someone else you will need to be authenticated.
Hope this helps!
I' working on a login page where I want to use WeChat as login option and I have a WeChat official account. In my understanding of the documentation it's supposed that the next link would generate a QR code to scan and after the user authorization redirects somewhere else...:
https://open.weixin.qq.com/connect/qrconnect?appid=wx8bxxx21bxxxx0fxxx&redirect_uri=https://myhostname/oauth2.php&response_type=code&scope=snsapi_login&state=101#wechat_redirect
But the link doesn't work. I don't know if I'm missing something or maybe the site https://myhostname/oauth2.php has to have a previous authorization call to WeChat... ???
Somebody has worked with this WeChat stuff?
Thanks in advance!
I realized later that you must have a WeChat Open Platform Account, where you register your web application, wait for approval, and then give it the login permission to get access to that QR Code functionality
If you are working on how to login web page after scanning qrcode of an offical account on the web page.
There are two ways to approach this.
Scan service official account
You can generate the qrcode injected with parameters. then after you scan, there will be an event triggered in your backend.
Capture the event and extract the parameter, then do the authentication in the way you want.
The basic workflow:
app frontend request your backend for a session.
app backend call wechat api to generate a qrcode, injecte with any parameter you like.
app frontend show the qrcode.
user scan the qrcode of the service account.
if user did not subscribe, then subscribe the official account.
backend receive the scan event, extract the info and authenticate the user.
Scan subscription official account
In subscription get less programing support, but you can still achieve it by design a random code.
The basic workflow:
app frontend request your backend for a session.
app backend generate a random code.
app frontend show the qrcode of the official account with a random code.
user scan the qrcode of the subscription official account.
if user did not subscribe, then subscribe the official account.
user input the random code in the official account message UI.
backend receive the code and authenticate the user.
attach user info in your db with openid if you want.
Use an open platform to do it in the smart way.
If you doing this for one official account, it is ok. Let's say if you want to reuse this for multiple official accounts.
Maybe can use the open platform way, so you can have only 1 backend to handle multiple accounts.
Wechat offer an open platform, here is the get start doc.
Register an open platform need to pay 300RMB for verification, more troublesome part is, you need to register a company to be qualified to pay.
So maybe using a third party open platform will be a better choice. Such as Dagui Qrcode Tool.
Key take aways
Use parameter Qrcode for service official account login
Use account qrcode with random code for subscription official account login
Use open platform for scaling
Authentication is flexible, the key is the event exchange flow.
More secret technology related to wechat development, can refer this article
You need to set the OAuth2.0 web authorization domain to your subdomain in your redirect url, such as: wechat.myredirectdomain.com.
This setting is hidden on the WeChat official account dev setting dashboard, some where in between the API list, make sure you set it properly.
I am writing a small program to retrieve and display Google Analytics information. I keep getting a 403 Forbidden error because of insufficient permissions.
I read on other posts that you have to add the email address associated with the client id you are using to access analytics in User Management.
The client id I am using however is associated with an installed application and doesn't have an email address, it only lists a client id, client secret, and redirect Urls as credentials in the developer's console.
How can I allow access for this client id when there is no associated email address listed in the developer's console to grant permissions to on the User Management page in Google Analytics?
Simply follow Google's OAuth 2.0 guide for installed applications.
Create a URL for authorization like you would for a web app. Only set redirect_uri to urn:ietf:wg:oauth:2.0:oob.
Point your user to this URL and let him authorize your app. Then the user will receive a code.
Prompt the user to enter this code in your app and use it to retrieve a refresh token from Google.
Store the refresh token and use it to get a fresh access token whenever you need one.