Skip to content

Overview

WeChat Mini Program is a new way to connect users and services. It can be easily accessed and shared within WeChat and delivers an excellent user experience.

Does your enterprise currently own or plan to apply for an enterprise WeChat Mini Program?

BambooCloud IDaaS provides corresponding openAPIs. You can call various APIs to implement features such as registering and logging in to enterprise application systems through the Mini Program.

Prerequisites

Before formally calling the APIs, ensure that the enterprise administrator has completed the following operations:

  1. Registered the Mini Program on the WeChat public platform and obtained the AppID and AppSecret parameters. For details, please refer to the Mini Program registration section in Configuring WeChat Authentication Source.
  2. Created a self-built enterprise application in the IDaaS enterprise center platform, and configured a WeChat authentication source with the login scenario set to Mini Program authorized login for this application. For details, please refer to the authentication source configuration section in Configuring WeChat Authentication Source.
  3. Configured the WeChat Mini Program authorized login authentication method for the self-built enterprise application in the IDaaS enterprise center platform. For details, please refer to Configuring WeChat Mini Program Authorized Login.

Login Scenarios

Mini Program Login

  1. When the user opens the Mini Program, it displays a login button. After the user clicks the login button, the Mini Program sends a login request to the WeChat server (wx.login()). After receiving the request, the WeChat server verifies the identity and validity of the Mini Program. If verification passes, the WeChat server generates a temporary login credential (code).

TIP

The code is valid for only 5 minutes. If the Mini Program backend does not use this temporary credential to exchange for the WeChat user ID at the WeChat backend server within 5 minutes, the credential becomes invalid and wx.login must be called again to generate a new login credential.

  1. In the wx.login success callback, the WeChat login credential is obtained. Then wx.request is used to pass the code to IDaaS and call the WeChat Mini Program Login API, so as to exchange for the WeChat user identity ID later.

  2. IDaaS uses the temporary login credential (code) to send a request to the WeChat server to obtain the user's unique identifier (openid) and session key (session_key).

  3. IDaaS then queries the IDaaS user database using the WeChat-side user identity openid obtained from the WeChat server through the code.

  4. If a user in the IDaaS user database corresponds to the WeChat-side user identity openid, IDaaS generates the business login credentials id_token and session_token.

  5. If no user in the IDaaS user database corresponds to the WeChat-side user identity openid, IDaaS returns the status code status, prompting the Mini Program that user binding is required.

TIP

With this binding information, the next time the Mini Program needs the user to log in, it can obtain the WeChat identity openid through wx.login(), and query the IDaaS-side user ID through the binding information. This silent authorization login method is very convenient.

  1. Based on whether the status is SOCIAL_BIND (bind an existing user on the IDaaS side) or USER_REGISTER (bind an existing user on the IDaaS side or a non-existing user), call the binding user API.

TIP

When the status is SOCIAL_BIND: binding flow. Choose one of the following binding methods:
WeChat Authorized Mobile Binding User;
Mobile or Email Binding User;
Username and Password Binding User
When the status is USER_REGISTER: binding or registration flow. Choose one of the following binding methods:
WeChat Authorized Mobile Binding or Registering User;
Mobile or Email Binding or Registering User

  1. After binding succeeds, IDaaS generates the business login credentials id_token and session_token.

  2. After IDaaS generates the business login credential id_token, the Mini Program parses the id_token through Get User Info from id_token to obtain user information.

TIP

The Mini Program should keep the user identity information corresponding to the id_token, and use the refresh session_token API to refresh the validity period of id_token to maintain login, so that we do not need to obtain the code again every time, saving a lot of communication overhead.

Mini Program Mobile Number Login

  1. When the user opens the Mini Program, it displays a mobile number login button. After the user clicks the mobile number login button, the Mini Program sends a mobile number quick verification (wx.getPhoneNumber()) or real-time mobile number verification (wx.getRealtimePhoneNumber()) request to the WeChat server. After receiving the request, the WeChat server verifies the identity and validity of the Mini Program. If verification passes, the WeChat server generates a temporary credential (code).

TIP

The code is valid for only 5 minutes. If the Mini Program backend does not use this temporary credential to exchange for the WeChat mobile number at the WeChat backend server within 5 minutes, the credential becomes invalid and a new login credential must be generated. The difference between the Mobile Number Quick Verification Component and the Mobile Number Real-time Verification Component is: The mobile number real-time verification component verifies the mobile number selected by the user in real time on each request; The mobile number quick verification component also verifies the number, but does not guarantee real-time verification.

  1. Obtain the temporary credential code from the WeChat Mini Program, then use wx.request to pass the code to IDaaS and call the WeChat Mini Program Mobile Number Login API, so as to exchange for the WeChat user identity ID later.

  2. IDaaS uses the temporary credential (code) to send a request to the WeChat server to obtain the user's mobile number.

  3. IDaaS then queries the IDaaS user database using the WeChat-side user mobile number obtained from the WeChat server through the code.

  4. If a user mobile number in the IDaaS user database matches the WeChat-side user mobile number, IDaaS generates the business login credentials id_token and session_token.

  5. After IDaaS generates the business login credential id_token, the Mini Program parses the id_token through Get User Info from id_token to obtain user information.

TIP

The Mini Program should keep the user identity information corresponding to the id_token, and use the refresh session_token API to refresh the validity period of id_token to maintain login, so that we do not need to obtain the code again every time, saving a lot of communication overhead.

BambooCloud IDaaS Open Platform