User authorization
Product Description
All the reading and writing of user information on the site open platform requires the user’s permission before it can be used,user authorization is based on the international standard OAuth2.0 authorization mechanism. Based on this mechanism, developers can obtain site user information etc.
Terminology
| Terminology | Description | Remark |
|---|---|---|
| scope | Scope of authorization | A scope represents the scope of permissions that developers need to request user authorization. A scope contains at least one openapi interface or JSAPI interface. One authorization can combine multiple scopes for combined authorization. |
| auth_code | Authorization code | Temporary user authorization credentials, after obtaining it, please promptly exchange for the authorization token mentioned below. |
| access_token/auth_token | Authorization token, or access token | Long-term authorization credentials are used to call the site gateway for server-side authorization interface calls. Need to pay attention to the scope and validity of authorization token. |
| refresh_token | Refresh token | Used to refresh and obtain new authorization token after the authorization token expires, the refresh token also has a validity period. |
Related products
Obtain Basic Member Information
Scopes List
| Scopes | Description |
|---|---|
| USER_ID | Authorized to obtain the unique user ID. |
| USER_NICKNAME | Authorized to obtain the user nickname. |
| USER_NAME | Authorized to obtain the user name. |
| USER_LOGIN_ID | Authorized to obtain the user login ID. |
| HASH_LOGIN_ID | Authorized to obtain the hash user login ID. |
| USER_AVATAR | Authorized to obtain the user avatar. |
| USER_GENDER | Authorized to obtain the user gender. |
| USER_BIRTHDAY | Authorized to obtain the user birthday. |
| USER_NATIONALITY | Authorized to obtain the user nationality. |
| USER_CONTACTINFO | Authorized to obtain the user contact info. |
| auth_base | Authorized to obtain the unique user ID. |
| auth_user | Authorized to obtain user information. |
Access Guidelines
Access Process
Obtain user information as an example, the overall access process is as follows (if you need to authorize other information, you only need to use a different scope for the scopes parameter when calling getAuthCode).
App Obtains Authcode
The user authorization is obtained by calling the jsapi my.getAuthCode, and the authcode can be obtained in the success callback. The js code is as follows:
my.getAuthCode({
scopes: ['USER_ID'],
success: (res) => {
my.alert({
content: res.authCode,
});
},
failed: (res) => {
console.log(res.authErrorScopes)
},
});Server Obtains Access Token
Merchant server can call v1/authorizations/applyToken interface in exchange for the access_token,developers can exchange access_token and userId with the obtained auth_code。auth_code as a ticket in exchange for access_token。
Call The Server Business API
After obtaining access_token, developers can continue to use the token to call other authorization interface. Please pay attention to the permission scope and timeliness of the token.
API List
| API | API Description |
|---|---|
| my.getAuthCode | Obtain the authorization code. |
QA
Question: Why should developers must use my.getAuthCode API?
Answer:All the reading and writing of user information on the site open platform requires the user’s permission before it can be used,user authorization is based on the international standard OAuth2.0 authorization mechanism. Based on this mechanism, developers can obtain site user information etc.
Question: Why is it not allowed to use the user authorization API on the first screen of the Mini Program?
Answer:In order to create a better Mini Program user experience, guiding user authorization on the first screen of the Mini Program is not allowed. It is necessary to guide the user authorization after the user fully understands the business content of the Mini Program. It is recommended to put the Mini Program authorization in the business process.
Question: Can the userId be obtained through the user authorization API?
Answer:No, userId needs to be obtained by calling api on the server side.