WeChat JS-SDK-Use Permission Signature Algorithm

WeChat JS-SDK-Use Permission Signature Algorithm

jsapi_ticket

Before generating a signature, you must first understand jsapi_ticket. jsapi_ticket is a temporary ticket used by the official account to call the WeChat JS interface. Under normal circumstances, the validity period of jsapi_ticket is 7200 seconds and is obtained through access_token. Since the number of API calls to obtain jsapi_ticket is very limited, frequent refresh of jsapi_ticket will lead to API call restrictions and affect your own business. Developers must cache jsapi_ticket globally in their own services .

Refer to the following document to obtain access_token ( valid for 7200 seconds, developers must cache access_token globally in their own services ): ../15/54ce45d8d30b6bf6758f68d2e95bc627.html

Use the access_token obtained in the first step to obtain a jsapi_ticket using the http GET method ( valid for 7200 seconds, developers must cache the jsapi_ticket globally in their own services ): https://api.weixin.qq.com/cgi-bin/ticket/getticket?access_token=ACCESS_TOKEN&type=jsapi

The following JSON is returned successfully:

{
"errcode":0,
"errmsg":"ok",
"ticket":"bxLdikRXVbTPdHSM05e5u5sUoXNKd8-41ZO3MhKoyN5OfkWITDGgnr2fwJ0m9E8NYzWKVZvdVtaUgWvsdshFKA",
"expires_in":7200
}

After obtaining the jsapi_ticket, you can generate a signature for JS-SDK permission verification.

Signature Algorithm

The signature generation rules are as follows: The fields involved in the signature include noncestr (random string), valid jsapi_ticket, timestamp (timestamp), url (URL of the current webpage, excluding # and its following part ). After sorting all the parameters to be signed from small to large according to the ASCII code of the field name (lexicographic order), they are concatenated into string string1 using the format of URL key-value pairs (i.e. key1=value1&key2=value2…). It should be noted that all parameter names are lowercase characters. Encrypt string1 with sha1, and both the field name and field value use the original value without URL escaping.


That is, signature = sha1(string1). Example:

noncestr=Wm3WZYTPz0wzccnW

jsapi_ticket=sM4AOVdWfPE4DxkXGEs8VMCPGGVi4C3VM0P37wVUCFvkVAy_90u5h9nbSlYy3-Sl-HhTdfl2fzFy1AOcHKP7qg

timestamp=1414587457

url=http://mp.weixin.qq.com?params=value


Step 1. Sort all parameters to be signed by the ASCII code of the field name from small to large (lexicographical order), and concatenate them into string 1 using the URL key-value pair format (i.e. key1=value1&key2=value2…):

jsapi_ticket=sM4AOVdWfPE4DxkXGEs8VMCPGGVi4C3VM0P37wVUCFvkVAy_90u5h9nbSlYy3-Sl-HhTdfl2fzFy1AOc HKP7qg&noncestr=Wm3WZYTPz0wzccnW&timestamp=1414587457&url=http://mp.weixin.qq.com?params=value


Step 2. Sign string1 with sha1 to get the signature:

0f9de62fce790f9a083d5c99e95740ceb90c27ed

Precautions

The noncestr and timestamp used for the signature must be the same as the noncestr and timestamp in wx.config.

The URL used for signature must be the complete URL of the page that calls the JS interface.

For security reasons, developers must implement signing logic on the server side .

<<:  Unity Awards 2015 is about to start, and good games are coming soon!

>>:  WeChat JS-SDK interface list and problem explanation

Recommend

How does a paid content store increase new users?

Since 2016, the concept of "micro-course&quo...

1/2.4 inch phase focus depth analysis Sony IMX230

Sony's Exmor RS series products are no strang...

To master fission and increase followers, just grasp these 3 points!

Since the fission processes are similar, you can ...

How to get more recommendations on self-media platforms?

This article will talk to you about the article r...

SKYWORTH 55G9200 Geek TV Review: Sound, Picture and Game

1. Evaluation Introduction Skyworth recently laun...

Douyin product selection strategy that novices must read

What is the most profitable thing to sell in Douy...

Tips for planning landing pages for information flow ads!

Landing page planning has always been a headache ...