Configure WeChat Authentication Source
WeChat authentication login allows users to securely log in to third-party applications or websites using WeChat as the authentication source. To facilitate enterprise user authentication login, the IDaaS platform supports configuring WeChat as an authentication source. Users can authenticate and log in to various application systems through WeChat, achieving single sign-on effects between application systems, bringing enterprise users a simpler and more convenient login method and better user experience.
This guide explains the related operations for configuring a WeChat authentication source.
Prerequisites
- Administrator permissions for the WeChat Open Platform.
- Administrator permissions for the WeChat Public Platform.
- Administrator permissions for the IDaaS Enterprise Center.
Procedure
Create Application and Obtain Parameters on WeChat Open Platform or Public Platform
- Select and create the corresponding application according to the actual WeChat authentication method required:
Configure WeChat Scan Code Login: Log in to the WeChat Open Platform, create a website application according to the interface prompts, and obtain the
AppIDandAppSecretparameters.TIP
Fill in the authorized callback domain with the IDaaS tenant domain, obtained in the IDaaS Enterprise Center under Settings > Enterprise Info.

Configure WeChat Mobile APP Authorization Login: Log in to the WeChat Open Platform, create a mobile application according to the interface prompts, and obtain the
AppIDandAppSecretparameters.
Configure WeChat Official Account Authorization Login or Unified Scan Code (WeChat Scan Code): Log in to the WeChat Public Platform, refer to the official account documentation to register an official account, usually a service account, and obtain the
AppIDandAppSecretparameters.
Configure WeChat Mini Program Authorization Login: Log in to the WeChat Public Platform, refer to the official account documentation to register a mini program, and obtain the
AppIDandAppSecretparameters.
TIP
When registering a mini program, you need to fill in the subject information, because you need to use the ability to obtain the mini program user's mobile number, which is not open to individual developers. Therefore, please do not use individual subject information. For details, refer to the WeChat official documentation: https://developers.weixin.qq.com/miniprogram/dev/framework/open-ability/getPhoneNumber.html.
Configure WeChat Authentication Source in IDaaS
Log in to the IDaaS Enterprise Center, choose Authentication > Authentication Source Management from the top navigation bar, enter the WeChat authentication source page, and click Add Authentication Source.

Configure the WeChat authentication source parameters as prompted. Key parameters are described below.

TIP
- Login Scenario: Select the login scenario according to the WeChat authentication type, including PC Browser Scan Code Login, Mobile APP Authorization Login, Official Account Authorization Login, and Mini Program Authorization Login, corresponding to WeChat scan code login, WeChat mobile APP authorization login, official account authorization login, and mini program authorization login methods respectively.
- When Configuring Unified Scan Code Authentication, if WeChat scan code needs to be configured, an authentication source with the Official Account Authorization Login scenario needs to be configured here.
- Follow Login: This option appears after selecting Official Account Authorization Login as the login scenario. It refers to the process where a WeChat Official Account QR code is generated on a PC website, users use the WeChat APP to scan the code, and after following the official account, they are automatically logged in. Enabling follow login requires configuring the WeChat event callback token and message encryption key.
- When User Not Associated: When the authentication source attributes of the user information returned by the WeChat platform do not match the associated user attributes in IDaaS, and no system user is associated, the optional configurations are as follows.
- Bind: Set to Bind. When no user is associated, the page redirects to the mobile number or email verification page. Enter an existing IDaaS mobile number or email, and after successful verification, the user passes authentication.
- Bind or Register: Set to Bind or Register. When no user is associated, the page redirects to the mobile number or email verification page. Enter an existing IDaaS mobile number or email, and after successful verification, the user passes authentication. If the mobile number or email does not exist in IDaaS, an IDaaS user is created based on the mobile number or email and passes authentication.
- Auto Create User: Only when the login scenario is Official Account Authorization Login, it can be set to Auto Create User. When IDaaS checks that the WeChat
openIddoes not exist in the system, it automatically creates the user. This feature is currently only supported in 2C scenarios.