User authorization

Product Description

All the reading and writing of user information on the site open platform requires the user’s permission before it can be used,user authorization is based on the international standard OAuth2.0 authorization mechanism. Based on this mechanism, developers can obtain site user information etc.

Terminology

TerminologyDescriptionRemark
scopeScope of authorizationA scope represents the scope of permissions that developers need to request user authorization. A scope contains at least one openapi interface or JSAPI interface. One authorization can combine multiple scopes for combined authorization.
auth_codeAuthorization codeTemporary user authorization credentials, after obtaining it, please promptly exchange for the authorization token mentioned below.
access_token/auth_tokenAuthorization token, or access tokenLong-term authorization credentials are used to call the site gateway for server-side authorization interface calls. Need to pay attention to the scope and validity of authorization token.
refresh_tokenRefresh tokenUsed to refresh and obtain new authorization token after the authorization token expires, the refresh token also has a validity period.

Related products

Obtain Basic Member Information

Scopes List

ScopesDescription
USER_IDAuthorized to obtain the unique user ID.
USER_NICKNAMEAuthorized to obtain the user nickname.
USER_NAMEAuthorized to obtain the user name.
USER_LOGIN_IDAuthorized to obtain the user login ID.
HASH_LOGIN_IDAuthorized to obtain the hash user login ID.
USER_AVATARAuthorized to obtain the user avatar.
USER_GENDERAuthorized to obtain the user gender.
USER_BIRTHDAYAuthorized to obtain the user birthday.
USER_NATIONALITYAuthorized to obtain the user nationality.
USER_CONTACTINFOAuthorized to obtain the user contact info.
auth_baseAuthorized to obtain the unique user ID.
auth_userAuthorized to obtain user information.

Access Guidelines

Access Process

Obtain user information as an example, the overall access process is as follows (if you need to authorize other information, you only need to use a different scope for the scopes parameter when calling getAuthCode).
User authorization

App Obtains Authcode

The user authorization is obtained by calling the jsapi my.getAuthCode, and the authcode can be obtained in the success callback. The js code is as follows:

copy
my.getAuthCode({
  scopes: ['USER_ID'],
  success: (res) => {
    my.alert({
      content: res.authCode,
    });
  },
  failed: (res) => {
      console.log(res.authErrorScopes)
  },
});

Server Obtains Access Token

Merchant server can call v1/authorizations/applyToken interface in exchange for the access_token,developers can exchange access_token and userId with the obtained auth_code。auth_code as a ticket in exchange for access_token。

Call The Server Business API

After obtaining access_token, developers can continue to use the token to call other authorization interface. Please pay attention to the permission scope and timeliness of the token.

API List

APIAPI Description
my.getAuthCodeObtain the authorization code.

QA

Question: Why should developers must use my.getAuthCode API?

Answer:All the reading and writing of user information on the site open platform requires the user’s permission before it can be used,user authorization is based on the international standard OAuth2.0 authorization mechanism. Based on this mechanism, developers can obtain site user information etc.

Question: Why is it not allowed to use the user authorization API on the first screen of the Mini Program?

Answer:In order to create a better Mini Program user experience, guiding user authorization on the first screen of the Mini Program is not allowed. It is necessary to guide the user authorization after the user fully understands the business content of the Mini Program. It is recommended to put the Mini Program authorization in the business process.

Question: Can the userId be obtained through the user authorization API?

Answer:No, userId needs to be obtained by calling api on the server side.