I' working on a login page where I want to use WeChat as login option and I have a WeChat official account. In my understanding of the documentation it's supposed that the next link would generate a QR code to scan and after the user authorization redirects somewhere else...:
https://open.weixin.qq.com/connect/qrconnect?appid=wx8bxxx21bxxxx0fxxx&redirect_uri=https://myhostname/oauth2.php&response_type=code&scope=snsapi_login&state=101#wechat_redirect
But the link doesn't work. I don't know if I'm missing something or maybe the site https://myhostname/oauth2.php has to have a previous authorization call to WeChat... ???
Somebody has worked with this WeChat stuff?
Thanks in advance!
I realized later that you must have a WeChat Open Platform Account, where you register your web application, wait for approval, and then give it the login permission to get access to that QR Code functionality
If you are working on how to login web page after scanning qrcode of an offical account on the web page.
There are two ways to approach this.
Scan service official account
You can generate the qrcode injected with parameters. then after you scan, there will be an event triggered in your backend.
Capture the event and extract the parameter, then do the authentication in the way you want.
The basic workflow:
app frontend request your backend for a session.
app backend call wechat api to generate a qrcode, injecte with any parameter you like.
app frontend show the qrcode.
user scan the qrcode of the service account.
if user did not subscribe, then subscribe the official account.
backend receive the scan event, extract the info and authenticate the user.
Scan subscription official account
In subscription get less programing support, but you can still achieve it by design a random code.
The basic workflow:
app frontend request your backend for a session.
app backend generate a random code.
app frontend show the qrcode of the official account with a random code.
user scan the qrcode of the subscription official account.
if user did not subscribe, then subscribe the official account.
user input the random code in the official account message UI.
backend receive the code and authenticate the user.
attach user info in your db with openid if you want.
Use an open platform to do it in the smart way.
If you doing this for one official account, it is ok. Let's say if you want to reuse this for multiple official accounts.
Maybe can use the open platform way, so you can have only 1 backend to handle multiple accounts.
Wechat offer an open platform, here is the get start doc.
Register an open platform need to pay 300RMB for verification, more troublesome part is, you need to register a company to be qualified to pay.
So maybe using a third party open platform will be a better choice. Such as Dagui Qrcode Tool.
Key take aways
Use parameter Qrcode for service official account login
Use account qrcode with random code for subscription official account login
Use open platform for scaling
Authentication is flexible, the key is the event exchange flow.
More secret technology related to wechat development, can refer this article
You need to set the OAuth2.0 web authorization domain to your subdomain in your redirect url, such as: wechat.myredirectdomain.com.
This setting is hidden on the WeChat official account dev setting dashboard, some where in between the API list, make sure you set it properly.
Related
OpenId is an id of a Wechat personal account when it is following a Wechat Service Account. And the OpenIds are different for the same Wechat personal account in different Wechat Service Accounts.
So I want to find out OpenId of single account only and not the list of all the OpenIds which are following that WeChat service account.
Does anyone know how to get it?
I have to use it to send a message in https://api.weixin.qq.com/cgi-bin/message/template/send
You can get the user info via their UnionID first,(https://developers.weixin.qq.com/doc/offiaccount/en/User_Management/Get_users_basic_information_UnionID.html#UinonId) and then use the OpenID relevant to the current Official Account to send the Templated Message.
This way, your applications just need to track the UnionID, and get the user info on the fly, when needed (can be cached to avoid too many API calls etc).
1.Registing your service account with your email.
2.Getting your appid and appsecret.The appsecret must be saved after gained.
3.Setting the white doname in wechat service account managesites.When you are setting the doname, wechat will make you download a file and put it in your remote server where the doname sets.It will ensure the setting is from you and you can Scan code with your wxchat client.
4.Editing the miniprogram code. Use the method "wx.login()".you can get the jscode in the callback of "wx.login()" send it to your remote server.
5.Editing the remote server code.Send "get" request to get openid with your appid ,appsecret,the jscode from client.
https://api.weixin.qq.com/sns/jscode2session?appid=APPID&secret=SECRET&js_code=JSCODE&grant_type=authorization_code
I am going over to a Wordpress and my WP plugin is asking me about "Authentication Code" And I have no idea where to find it.
Without the plugin name it is hard for me to determine what specific authentication code is needed, so I'll assume that you mean the OAuth Client ID. Please, forgive me if I am mistaken. You can generate a new OAuth Client ID following this steps:
Open Google Cloud Console and select your project.
Go to Navigation menu ⮞ APIs & Services ⮞ Credentials.
Select +Create credentials ⮞ OAuth client ID at the top.
You'll be prompted to select an application type. In case of a Wordpress plugin you need to choose Web application and give it a descriptive name.
Click on +ADD URI and include your webpage URL. This action will whitelist your webpage to authorize this OAuth client.
Tick Create to finish the process and annotate your client ID and secret.
With this procedure you would have created an OAuth client ID and its secret. Now we can take this client/secret pair and use it to request an authorization code over some Calendar API scopes.
After getting an authorization code, you can ask Google to exchange it for a pair of refresh and access tokens that you can use on every call to the Calendar API.
Following these steps you would have created every authentication code possible, you just need to determine which one is the required for that specific plugin. Please, don't hesitate to ask me any additional doubts.
in console firebase, in the menu Authentification -> Templates
There is a sms verification template :
%LOGIN_CODE% is your verification code.
How to change this message template?
firebaser here
Neither the email verification template nor the SMS verification template can be modified. You can select the language from the Firebase console, however this is a per project setting and you can't modify the templates.
We understand that changing the template would allow you to tweak the user-experience of your app, but we don't allow this to prevent abuse of the service.
Update 1 year later, still a no go, but I received this back from support
The Firebase SMS Authentication message content will depend on the
platform you are requesting that message from. Here is a list of the
possible variations you may get:
iOS and Android - The SMS messages draw the app's name from the App Store / Play Store. One an app is published, the correct name
should start appearing. There may be a small delay (a week or two at
most).
Web - It will always use the domain that the SMS is requested from. To modify it, you can setup a custom domain.
iOS (using Recaptcha) - Phone authentication on iOS will show the project's url instead of the app's name in the verification
SMS when using the reCAPTCHA flow. This is expected behavior. The
reCAPTCHA flow was added for cases where an APNS token is not
available (including on real devices). If APNS is not correctly
configured, a real device will default to the reCAPTCHA flow.
Unfortunately, neither the email verification template nor the SMS
verification template can be modified. You can select the language
from the Firebase Console, however this is a per project setting and
you can't modify the templates.
We understand that changing the template would allow you to tweak the
user-experience of your app, but we don't allow this to prevent abuse
of the service. I hope this clears your consults about this topic. If
you happen to have any more questions, please, do not hesitate to
write back!
Meanwhile you cannot change the content of the message, you can change the app's URL mentioned in the SMS.
Go to Authentication > Sign-in Method > Authorized domains and add your own domain website.tld
Now edit the Firebase config object (in your source code) and update the authDomain key to the domain you linked earlier.
Send a new test message, you're good to go.
As per Firebase Support the %APP_NAME% should be shown in your firebase settings wherein the %APP_NAME% is called after Public-facing name in public settings.
EDIT:
I checked first where is the location of "localhost" and wherein i found on "Authentication>Sign-in method" then under 'authorized domain' you will find "localhost" in order to change the localhost you need to add a new domain.
Note:
be careful on deleting localhost to your authorized domain. It will take time to function OTP request.
This one helps;
Go to Authentication > Sign-in Method > Authorized domains and add your own domain website.tld
Now edit the Firebase config object (in your source code) and update the authDomain key to the domain you linked earlier.
in console firebase, in the menu Authentification -> Templates
There is a sms verification template :
%LOGIN_CODE% is your verification code.
How to change this message template?
firebaser here
Neither the email verification template nor the SMS verification template can be modified. You can select the language from the Firebase console, however this is a per project setting and you can't modify the templates.
We understand that changing the template would allow you to tweak the user-experience of your app, but we don't allow this to prevent abuse of the service.
Update 1 year later, still a no go, but I received this back from support
The Firebase SMS Authentication message content will depend on the
platform you are requesting that message from. Here is a list of the
possible variations you may get:
iOS and Android - The SMS messages draw the app's name from the App Store / Play Store. One an app is published, the correct name
should start appearing. There may be a small delay (a week or two at
most).
Web - It will always use the domain that the SMS is requested from. To modify it, you can setup a custom domain.
iOS (using Recaptcha) - Phone authentication on iOS will show the project's url instead of the app's name in the verification
SMS when using the reCAPTCHA flow. This is expected behavior. The
reCAPTCHA flow was added for cases where an APNS token is not
available (including on real devices). If APNS is not correctly
configured, a real device will default to the reCAPTCHA flow.
Unfortunately, neither the email verification template nor the SMS
verification template can be modified. You can select the language
from the Firebase Console, however this is a per project setting and
you can't modify the templates.
We understand that changing the template would allow you to tweak the
user-experience of your app, but we don't allow this to prevent abuse
of the service. I hope this clears your consults about this topic. If
you happen to have any more questions, please, do not hesitate to
write back!
Meanwhile you cannot change the content of the message, you can change the app's URL mentioned in the SMS.
Go to Authentication > Sign-in Method > Authorized domains and add your own domain website.tld
Now edit the Firebase config object (in your source code) and update the authDomain key to the domain you linked earlier.
Send a new test message, you're good to go.
As per Firebase Support the %APP_NAME% should be shown in your firebase settings wherein the %APP_NAME% is called after Public-facing name in public settings.
EDIT:
I checked first where is the location of "localhost" and wherein i found on "Authentication>Sign-in method" then under 'authorized domain' you will find "localhost" in order to change the localhost you need to add a new domain.
Note:
be careful on deleting localhost to your authorized domain. It will take time to function OTP request.
This one helps;
Go to Authentication > Sign-in Method > Authorized domains and add your own domain website.tld
Now edit the Firebase config object (in your source code) and update the authDomain key to the domain you linked earlier.
I'm using .NET backend on Azure Mobile Service. It's easy to set up authentication with social identity provider, so that the client can use e.g. Facebook iOS SDK to login, as illustrated in the official tutorial
In custom authentication, as I need to maintain my own Account table according to the official tutorial, I have full control over the registration & login.
I'd like to have a centralized User table to store information about all users, no matter which channel they used to authenticate.
My question is, is there a way for the .NET backend to be notified when a user register or login with a Facebook token? So that a new row can be added to the centralized User table even when the user is using Facebook to authenticate?
Thank you!
Yes - the User.GetIdentities() method contains the token and mechanism that was used to authenticate the user. You can use this to update your table. For an overview of how to use this token, see this blog post by the team: https://azure.microsoft.com/en-us/blog/custom-login-scopes-single-sign-on-new-asp-net-web-api-updates-to-the-azure-mobile-services-net-backend/