How Springboot implements third-party login to the website

Step 1: Create an interface that inherits AuthService, WeChatAuthService, as follows

public interface WeChatAuthService extends AuthService {
  public JSONObject getUserInfo(String accessToken, String openId);
}

Step 2: The specific implementation of WeChatService is as follows

@Service
public class WeChatAuthServiceImpl extends DefaultAuthServiceImpl implements WeChatAuthService {

  private Logger logger = LoggerFactory.getLogger(WeChatAuthServiceImpl.class);

//请求此地址即跳转到二维码登录界面
  private static final String AUTHORIZATION_URL =
      "https://open.weixin.qq.com/connect/qrconnect?appid=%s&redirect_uri=%s&response_type=code&scope=%s&state=%s#wechat_redirect";

  // 获取用户 openid 和access——toke 的 URL
  private static final String ACCESSTOKE_OPENID_URL =
      "https://api.weixin.qq.com/sns/oauth3/access_token?appid=%s&secret=%s&code=%s&grant_type=authorization_code";

  private static final String REFRESH_TOKEN_URL =
      "https://api.weixin.qq.com/sns/oauth3/refresh_token?appid=%s&grant_type=refresh_token&refresh_token=%s";

  private static final String USER_INFO_URL =
      "https://api.weixin.qq.com/sns/userinfo?access_token=%s&openid=%s&lang=zh_CN";

  private static final String APP_ID="xxxxxx";
  private static final String APP_SECRET="xxxxxx";
  private static final String SCOPE = "snsapi_login";

  private String callbackUrl = "https://www.xxx.cn/auth/wechat"; //回调域名

  @Override
  public String getAuthorizationUrl() throws UnsupportedEncodingException {
    callbackUrl = URLEncoder.encode(callbackUrl,"utf-8");
    String url = String.format(AUTHORIZATION_URL,APP_ID,callbackUrl,SCOPE,System.currentTimeMillis());
    return url;
  }


  @Override
  public String getAccessToken(String code) {
    String url = String.format(ACCESSTOKE_OPENID_URL,APP_ID,APP_SECRET,code);

    UriComponentsBuilder builder = UriComponentsBuilder.fromHttpUrl(url);
    URI uri = builder.build().encode().toUri();

    String resp = getRestTemplate().getForObject(uri, String.class);
    logger.error("getAccessToken resp = "+resp);
    if(resp.contains("openid")){
      JSONObject jsonObject = JSONObject.parseObject(resp);
      String access_token = jsonObject.getString("access_token");
      String openId = jsonObject.getString("openid");;

      JSONObject res = new JSONObject();
      res.put("access_token",access_token);
      res.put("openId",openId);
      res.put("refresh_token",jsonObject.getString("refresh_token"));

      return res.toJSONString();
    }else{
      throw new ServiceException("获取token失败，msg = "+resp);
    }
  }

  //微信接口中，token和openId是一起返回，故此方法不需实现
  @Override
  public String getOpenId(String accessToken) {
    return null;
  }

  @Override
  public JSONObject getUserInfo(String accessToken, String openId){
    String url = String.format(USER_INFO_URL, accessToken, openId);
    UriComponentsBuilder builder = UriComponentsBuilder.fromHttpUrl(url);
    URI uri = builder.build().encode().toUri();

    String resp = getRestTemplate().getForObject(uri, String.class);
    logger.error("getUserInfo resp = "+resp);
    if(resp.contains("errcode")){
      throw new ServiceException("获取用户信息错误，msg = "+resp);
    }else{
      JSONObject data =JSONObject.parseObject(resp);

      JSONObject result = new JSONObject();
      result.put("id",data.getString("unionid"));
      result.put("nickName",data.getString("nickname"));
      result.put("avatar",data.getString("headimgurl"));

      return result;
    }
  }

  //微信的token只有2小时的有效期，过时需要重新获取，所以官方提供了
  //根据refresh_token 刷新获取token的方法，本项目仅仅是获取用户
  //信息，并将信息存入库，所以两个小时也已经足够了
  @Override
  public String refreshToken(String refresh_token) {

    String url = String.format(REFRESH_TOKEN_URL,APP_ID,refresh_token);

    UriComponentsBuilder builder = UriComponentsBuilder.fromHttpUrl(url);
    URI uri = builder.build().encode().toUri();

    ResponseEntity resp = getRestTemplate().getForEntity(uri,JSONObject.class);
    JSONObject jsonObject = resp.getBody();

    String access_token = jsonObject.getString("access_token");
    return access_token;
  }
}

Step 3:

Called in Controller, the code is as follows:

@RequestMapping(value = "/wxLoginPage",method = RequestMethod.GET)
  public JSONObject wxLoginPage() throws Exception {
    String uri = weChatAuthService.getAuthorizationUrl();
    return loginPage(uri);
  }

  @RequestMapping(value = "/wechat")
  public void callback(String code,HttpServletRequest request,HttpServletResponse response) throws Exception {
    String result = weChatAuthService.getAccessToken(code);
    JSONObject jsonObject = JSONObject.parseObject(result);

    String access_token = jsonObject.getString("access_token");
    String openId = jsonObject.getString("openId");
//    String refresh_token = jsonObject.getString("refresh_token");

    // 保存 access_token 到 cookie，两小时过期
    Cookie accessTokencookie = new Cookie("accessToken", access_token);
    accessTokencookie.setMaxAge(60 *2);
    response.addCookie(accessTokencookie);

    Cookie openIdCookie = new Cookie("openId", openId);
    openIdCookie.setMaxAge(60 *2);
    response.addCookie(openIdCookie);

    //根据openId判断用户是否已经登陆过
    KmsUser user = userService.getUserByCondition(openId);

    if (user == null) {
      response.sendRedirect(request.getContextPath() + "/student/html/index.min.html#/bind?type="+Constants.LOGIN_TYPE_WECHAT);
    } else {
      //如果用户已存在，则直接登录
      response.sendRedirect(request.getContextPath() + "/student/html/index.min.html#/app/home?open_id=" + openId);
    }
  }

Step 4:

Front-end js , first request auth/wxLoginPage to obtain the authorization address. After the user authorizes it, /auth/wechat will be called back. Just perform logical processing in this method.

Pitfalls encountered:

1. When configuring the callback domain name on the WeChat official website, there is no need for some http or https protocol, you only need to write the domain, for example http://baidu.com, you only need to fill in baidu.com. If you want to jump to a method of a Controller under the project, such as baidu.com/auth/wechat, just configure it. You need to configure baidu.com, and you don’t need to specify the subsequent auth/wechat. You can just write the subsequent address when configuring the callback address in the code. The code should be configured as https://baidu.com/auth/wechat
2. When jumping to the authorization QR code interface, you will sometimes encounter a situation where the QR code cannot be displayed. This is because of the callback address in the code. According to the configuration in the above code, it should be No problem

The above is the detailed content of How Springboot implements third-party login to the website. For more information, please follow other related articles on the PHP Chinese website!