获取token时序图
引入依赖
<dependencies> <!--httpclient--> <dependency> <groupId>org.apache.httpcomponents</groupId> <artifactId>httpclient</artifactId> </dependency> <!--commons-io--> <dependency> <groupId>commons-io</groupId> <artifactId>commons-io</artifactId> </dependency> <!--gson--> <dependency> <groupId>com.google.code.gson</groupId> <artifactId>gson</artifactId> </dependency> </dependencies> application.properties # 微信开放平台 appid wx.open.app_id=wxed9954c01bb89b47 # 微信开放平台 appsecret wx.open.app_secret=a7482517235173ddb4083788de60b90e # 微信开放平台 重定向url wx.open.redirect_url=http://localhost:8160/ucenterservice/api/ucenter/wx/callback controller(请求用户确认) @GetMapping("login") public String genQrConnect(HttpSession session) { // 微信开放平台授权baseUrl String baseUrl = "https://open.weixin.qq.com/connect/qrconnect" + "?appid=%s" + "&redirect_uri=%s" + "&response_type=code" + "&scope=snsapi_login" + "&state=%s" + "#wechat_redirect"; // 回调地址 String redirectUrl = ConstantPropertiesUtil.WX_OPEN_REDIRECT_URL; //获取业务服务器重定向地址 try { redirectUrl = URLEncoder.encode(redirectUrl, "UTF-8"); //url编码 } catch (UnsupportedEncodingException e) { throw new GuliException(20001, e.getMessage()); } // 防止csrf攻击(跨站请求伪造攻击) //String state = UUID.randomUUID().toString().replaceAll("-", "");//一般情况下会使用一个随机数 String state = "atguigu";//为了让大家能够使用我搭建的外网的微信回调跳转服务器,这里填写你在ngrok的前置域名 System.out.println("state = " + state); // 采用redis等进行缓存state 使用sessionId为key 30分钟后过期,可配置 //键:"wechar-open-state-" + httpServletRequest.getSession().getId() //值:satte //过期时间:30分钟 //生成qrcodeUrl String qrcodeUrl = String.format( baseUrl, ConstantPropertiesUtil.WX_OPEN_APP_ID, redirectUrl, state); return "redirect:" + qrcodeUrl; }
效果
