My idea is to click the login button to enter a login transfer page on the front end. The back-end logic of this transfer page passes the code parameter to the API https://api.weixin.qq.com/sns... While obtaining the access_token used to access the user information, the corresponding relationship between the access_token and the WeChat user's openid is saved in the database, and a cookie with the value of the access_token is set to the front end. Then all front-end operations carry this cookie, and the back-end finds the corresponding openid through this cookie, and submits various operations through app_secret, access_token and other parameters on the server script, and then completes the operation.
Is there anything wrong with my idea? I would like to ask how you authorize WeChat login in the front-end and back-end separation project?
![[Web front-end] Node.js quick start](https://img.php.cn/upload/course/000/000/067/662b5d34ba7c0227.png)
If you log in with third-party authorization. . . You have to have your own user system. So the database contains tables of openid, access_token and user_id of your user system.
Unless you need to access the WeChat API for front-end operations, you need to bring access_token. In this case, there are two ways, one is to write the access_token to the page, and the other is for the user to request the api of your server, and then your server starts from The database takes out the access_token and then requests the WeChat API. The latter is usually used, because in addition to the access_token, the general authorized login interface also requires appid and secret_code, and secret_code usually cannot be exposed.
Various user operations can be verified using tokens. This token is a token generated by your user system. This token can be placed in a cookie.