User authorization

Product Description

All the reading and writing of user information on the site open platform requires the user’s permission before it can be used,user authorization is based on the international standard OAuth2.0 authorization mechanism. Based on this mechanism, developers can obtain site user information etc.

Terminology

Terminology

Description

Remark

scope

Scope of authorization

A scope represents the scope of permissions that developers need to request user authorization. A scope contains at least one openapi interface or JSAPI interface. One authorization can combine multiple scopes for combined authorization.

auth_code

Authorization code

Temporary user authorization credentials, after obtaining it, please promptly exchange for the authorization token mentioned below.

access_token/auth_token

Authorization token, or access token

Long-term authorization credentials are used to call the site gateway for server-side authorization interface calls. Need to pay attention to the scope and validity of authorization token.

refresh_token

Refresh token

Used to refresh and obtain new authorization token after the authorization token expires, the refresh token also has a validity period.

Related products

Obtain Basic Member Information

Scopes List

Scopes

Description

USER_ID

Authorized to obtain the unique user ID.

USER_NICKNAME

Authorized to obtain the user nickname.

USER_NAME

Authorized to obtain the user name.

USER_LOGIN_ID

Authorized to obtain the user login ID.

HASH_LOGIN_ID

Authorized to obtain the hash user login ID.

USER_AVATAR

Authorized to obtain the user avatar.

USER_GENDER

Authorized to obtain the user gender.

USER_BIRTHDAY

Authorized to obtain the user birthday.

USER_NATIONALITY

Authorized to obtain the user nationality.

USER_CONTACTINFO

Authorized to obtain the user contact info.

auth_base

Authorized to obtain the unique user ID.

auth_user

Authorized to obtain user information.

Access Guidelines

Access Process

Obtain user information as an example, the overall access process is as follows (if you need to authorize other information, you only need to use a different scope for the scopes parameter when calling getAuthCode).
image

App Obtains Authcode

The user authorization is obtained by calling the jsapi my.getAuthCode, and the authcode can be obtained in the success callback. The js code is as follows:

my.getAuthCode({

  scopes: ['USER_ID'],

  success: (res) => {

    my.alert({

      content: res.authCode,

    });

  },

  failed: (res) => {

      console.log(res.authErrorScopes)

  },

});

Server Obtains Access Token

Merchant server can call v1/authorizations/applyToken interface in exchange for the access_token,developers can exchange access_token and userId with the obtained auth_code。auth_code as a ticket in exchange for access_token。

Call The Server Business API

After obtaining access_token, developers can continue to use the token to call other authorization interface. Please pay attention to the permission scope and timeliness of the token.

API List

API

API Description

my.getAuthCode

Obtain the authorization code.

QA

Question: Why should developers must use my.getAuthCode API?

Answer:All the reading and writing of user information on the site open platform requires the user’s permission before it can be used,user authorization is based on the international standard OAuth2.0 authorization mechanism. Based on this mechanism, developers can obtain site user information etc.

Question: Why is it not allowed to use the user authorization API on the first screen of the Mini Program?

Answer:In order to create a better Mini Program user experience, guiding user authorization on the first screen of the Mini Program is not allowed. It is necessary to guide the user authorization after the user fully understands the business content of the Mini Program. It is recommended to put the Mini Program authorization in the business process.

Question: Can the userId be obtained through the user authorization API?

Answer:No, userId needs to be obtained by calling api on the server side.