微信第三方授权流程:获取公众信息

时间:2021-05-10 05:46:36


1:获取component_verify_ticket

2:获取component_access_token

3:获取pre_auth_code

4:获取authorizer_access_token

5:获取公众信息


1:获取component_verify_ticket

很多人不知道怎样去获取component_verify_ticket,我也是,微信开发者资源中说道:微信服务器每隔10分钟会向第三方的消息接收地址推送一次component_verify_ticket,刚开始我不明白推送的意思,代码敲好了就去使劲刷页面,就是不能echo component_verify_ticket,网上各种找,但很多都是出自一篇博客,只是给出来了代码,没说明怎么获取component_verify_ticket,后来注意到了好多博客都有把component_verify_ticket存起来,而且联想到每隔10分钟会向第三方的消息接收地址推送一次component_verify_ticket,我也把component_verify_ticket保存起来,过10多分钟去看,保存文档里真的就有component_verify_ticket了,突然感觉自己好傻,这都想不到。所以component_verify_ticket不是马上就能echo 出来,要存起来。

<span style="font-size:18px;">include_once "wxstore/lib/wxBizMsgCrypt.php"; //这个微信官方有给出代码,把所有代码合并一下
$wxData = include_once "wxstore/lib/wxConfig.php";
// 第三方发送消息给公众平台
$encodingAesKey = $wxData['SecretKey'];
$token = $wxData['Token'];
$appId = $wxData['AppId'];
$appSecret = $wxData['AppSecret'];

$timeStamp = empty ( $_GET ['timestamp'] ) ? '' : trim ( $_GET ['timestamp'] );
$nonce = empty ( $_GET ['nonce'] ) ? '' : trim ( $_GET ['nonce'] );
$msg_sign = empty ( $_GET ['msg_signature'] ) ? "" : trim ( $_GET ['msg_signature'] );
$encryptMsg = file_get_contents ( 'php://input' );

$pc = new WXBizMsgCrypt ( $token, $encodingAesKey, $appId );

include_once "wxstore/lib/wxHelper.php";
$helper = new wxHelper();
// 第三方收到公众号平台发送的消息
$msg = '';
$errCode = $pc->decryptMsg ( $msg_sign, $timeStamp, $nonce, $encryptMsg, $msg );

if ($errCode == 0) {
$data = $helper->xmlToArr ( $msg );
$filedata['component_verify_ticket'] = $data['ComponentVerifyTicket'];
if(!empty($$filedata['component_verify_ticket']))
{
$helper->set_php_file(dirname(__FILE__)."/wxstore/lib/static/component_verify_ticket.php", json_encode($filedata));
}

echo 'success';
} else {
echo $errCode;
}</span>

<span style="font-size:18px;">wxBizMsgCrypt.php</span>
<span style="font-size:18px;">/** * error code 说明. * <ul> *    <li>-40001: 签名验证错误</li> *    <li>-40002: xml解析失败</li> *    <li>-40003: sha加密生成签名失败</li> *    <li>-40004: encodingAesKey 非法</li> *    <li>-40005: appid 校验错误</li> *    <li>-40006: aes 加密失败</li> *    <li>-40007: aes 解密失败</li> *    <li>-40008: 解密后得到的buffer非法</li> *    <li>-40009: base64加密失败</li> *    <li>-40010: base64解密失败</li> *    <li>-40011: 生成xml失败</li> * </ul> */class ErrorCode{public static $OK = 0;public static $ValidateSignatureError = -40001;public static $ParseXmlError = -40002;public static $ComputeSignatureError = -40003;public static $IllegalAesKey = -40004;public static $ValidateAppidError = -40005;public static $EncryptAESError = -40006;public static $DecryptAESError = -40007;public static $IllegalBuffer = -40008;public static $EncodeBase64Error = -40009;public static $DecodeBase64Error = -40010;public static $GenReturnXmlError = -40011;}/** * XMLParse class * * 提供提取消息格式中的密文及生成回复消息格式的接口. */class XMLParse{/** * 提取出xml数据包中的加密消息 * @param string $xmltext 待提取的xml字符串 * @return string 提取出的加密消息字符串 */public function extract($xmltext){try {$xml = new DOMDocument();$xml->loadXML($xmltext);$array_e = $xml->getElementsByTagName('Encrypt');$array_a = $xml->getElementsByTagName('ToUserName');$encrypt = $array_e->item(0)->nodeValue;$tousername = $array_a->item(0)->nodeValue;return array(0, $encrypt, $tousername);} catch (Exception $e) {//print $e . "\n";return array(ErrorCode::$ParseXmlError, null, null);}}/** * 生成xml消息 * @param string $encrypt 加密后的消息密文 * @param string $signature 安全签名 * @param string $timestamp 时间戳 * @param string $nonce 随机字符串 */public function generate($encrypt, $signature, $timestamp, $nonce){$format = "<xml><Encrypt><![CDATA[%s]]></Encrypt><MsgSignature><![CDATA[%s]]></MsgSignature><TimeStamp>%s</TimeStamp><Nonce><![CDATA[%s]]></Nonce></xml>";return sprintf($format, $encrypt, $signature, $timestamp, $nonce);}}/** * SHA1 class * * 计算公众平台的消息签名接口. */class SHA1{/** * 用SHA1算法生成安全签名 * @param string $token 票据 * @param string $timestamp 时间戳 * @param string $nonce 随机字符串 * @param string $encrypt 密文消息 */public function getSHA1($token, $timestamp, $nonce, $encrypt_msg){//排序try {$array = array($encrypt_msg, $token, $timestamp, $nonce);sort($array, SORT_STRING);$str = implode($array);return array(ErrorCode::$OK, sha1($str));} catch (Exception $e) {//print $e . "\n";return array(ErrorCode::$ComputeSignatureError, null);}}}/** * PKCS7Encoder class * * 提供基于PKCS7算法的加解密接口. */class PKCS7Encoder{public static $block_size = 32;/** * 对需要加密的明文进行填充补位 * @param $text 需要进行填充补位操作的明文 * @return 补齐明文字符串 */function encode($text){$block_size = PKCS7Encoder::$block_size;$text_length = strlen($text);//计算需要填充的位数$amount_to_pad = PKCS7Encoder::$block_size - ($text_length % PKCS7Encoder::$block_size);if ($amount_to_pad == 0) {$amount_to_pad = PKCS7Encoder::block_size;}//获得补位所用的字符$pad_chr = chr($amount_to_pad);$tmp = "";for ($index = 0; $index < $amount_to_pad; $index++) {$tmp .= $pad_chr;}return $text . $tmp;}/** * 对解密后的明文进行补位删除 * @param decrypted 解密后的明文 * @return 删除填充补位后的明文 */function decode($text){$pad = ord(substr($text, -1));if ($pad < 1 || $pad > 32) {$pad = 0;}return substr($text, 0, (strlen($text) - $pad));}}/** * Prpcrypt class * * 提供接收和推送给公众平台消息的加解密接口. */class Prpcrypt{public $key;function Prpcrypt($k){$this->key = base64_decode($k . "=");}/** * 对明文进行加密 * @param string $text 需要加密的明文 * @return string 加密后的密文 */public function encrypt($text, $appid){try {//获得16位随机字符串,填充到明文之前$random = $this->getRandomStr();$text = $random . pack("N", strlen($text)) . $text . $appid;// 网络字节序$size = mcrypt_get_block_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_CBC);$module = mcrypt_module_open(MCRYPT_RIJNDAEL_128, '', MCRYPT_MODE_CBC, '');$iv = substr($this->key, 0, 16);//使用自定义的填充方式对明文进行补位填充$pkc_encoder = new PKCS7Encoder;$text = $pkc_encoder->encode($text);mcrypt_generic_init($module, $this->key, $iv);//加密$encrypted = mcrypt_generic($module, $text);mcrypt_generic_deinit($module);mcrypt_module_close($module);//print(base64_encode($encrypted));//使用BASE64对加密后的字符串进行编码return array(ErrorCode::$OK, base64_encode($encrypted));} catch (Exception $e) {//print $e;return array(ErrorCode::$EncryptAESError, null);}}/** * 对密文进行解密 * @param string $encrypted 需要解密的密文 * @return string 解密得到的明文 */public function decrypt($encrypted, $appid){try {//使用BASE64对需要解密的字符串进行解码$ciphertext_dec = base64_decode($encrypted);$module = mcrypt_module_open(MCRYPT_RIJNDAEL_128, '', MCRYPT_MODE_CBC, '');$iv = substr($this->key, 0, 16);mcrypt_generic_init($module, $this->key, $iv);//解密$decrypted = mdecrypt_generic($module, $ciphertext_dec);mcrypt_generic_deinit($module);mcrypt_module_close($module);} catch (Exception $e) {return array(ErrorCode::$DecryptAESError, null);}try {//去除补位字符$pkc_encoder = new PKCS7Encoder;$result = $pkc_encoder->decode($decrypted);//去除16位随机字符串,网络字节序和AppIdif (strlen($result) < 16)return "";$content = substr($result, 16, strlen($result));$len_list = unpack("N", substr($content, 0, 4));$xml_len = $len_list[1];$xml_content = substr($content, 4, $xml_len);$from_appid = substr($content, $xml_len + 4);} catch (Exception $e) {//print $e;return array(ErrorCode::$IllegalBuffer, null);}if ($from_appid != $appid)return array(ErrorCode::$ValidateAppidError, null);return array(0, $xml_content);}/** * 随机生成16位字符串 * @return string 生成的字符串 */function getRandomStr(){$str = "";$str_pol = "ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789abcdefghijklmnopqrstuvwxyz";$max = strlen($str_pol) - 1;for ($i = 0; $i < 16; $i++) {$str .= $str_pol[mt_rand(0, $max)];}return $str;}}/** * 对公众平台发送给公众账号的消息加解密示例代码. * * @copyright Copyright (c) 1998-2014 Tencent Inc. *//** * 1.第三方回复加密消息给公众平台; * 2.第三方收到公众平台发送的消息,验证消息的安全性,并对消息进行解密。 */class WXBizMsgCrypt{private $token;private $encodingAesKey;private $appId;/** * 构造函数 * @param $token string 公众平台上,开发者设置的token * @param $encodingAesKey string 公众平台上,开发者设置的EncodingAESKey * @param $appId string 公众平台的appId */public function WXBizMsgCrypt($token, $encodingAesKey, $appId){$this->token = $token;$this->encodingAesKey = $encodingAesKey;$this->appId = $appId;}/** * 将公众平台回复用户的消息加密打包. * <ol> *    <li>对要发送的消息进行AES-CBC加密</li> *    <li>生成安全签名</li> *    <li>将消息密文和安全签名打包成xml格式</li> * </ol> * * @param $replyMsg string 公众平台待回复用户的消息,xml格式的字符串 * @param $timeStamp string 时间戳,可以自己生成,也可以用URL参数的timestamp * @param $nonce string 随机串,可以自己生成,也可以用URL参数的nonce * @param &$encryptMsg string 加密后的可以直接回复用户的密文,包括msg_signature, timestamp, nonce, encrypt的xml格式的字符串, *                      当return返回0时有效 * * @return int 成功0,失败返回对应的错误码 */public function encryptMsg($replyMsg, $timeStamp, $nonce, &$encryptMsg){$pc = new Prpcrypt($this->encodingAesKey);//加密$array = $pc->encrypt($replyMsg, $this->appId);$ret = $array[0];if ($ret != 0) {return $ret;}if ($timeStamp == null) {$timeStamp = time();}$encrypt = $array[1];//生成安全签名$sha1 = new SHA1;$array = $sha1->getSHA1($this->token, $timeStamp, $nonce, $encrypt);$ret = $array[0];if ($ret != 0) {return $ret;}$signature = $array[1];//生成发送的xml$xmlparse = new XMLParse;$encryptMsg = $xmlparse->generate($encrypt, $signature, $timeStamp, $nonce);return ErrorCode::$OK;}/** * 检验消息的真实性,并且获取解密后的明文. * <ol> *    <li>利用收到的密文生成安全签名,进行签名验证</li> *    <li>若验证通过,则提取xml中的加密消息</li> *    <li>对消息进行解密</li> * </ol> * * @param $msgSignature string 签名串,对应URL参数的msg_signature * @param $timestamp string 时间戳 对应URL参数的timestamp * @param $nonce string 随机串,对应URL参数的nonce * @param $postData string 密文,对应POST请求的数据 * @param &$msg string 解密后的原文,当return返回0时有效 * * @return int 成功0,失败返回对应的错误码 */public function decryptMsg($msgSignature, $timestamp = null, $nonce, $postData, &$msg){if (strlen($this->encodingAesKey) != 43) {return ErrorCode::$IllegalAesKey;}$pc = new Prpcrypt($this->encodingAesKey);//提取密文$xmlparse = new XMLParse;$array = $xmlparse->extract($postData);$ret = $array[0];if ($ret != 0) {return $ret;}if ($timestamp == null) {$timestamp = time();}$encrypt = $array[1];$touser_name = $array[2];//验证安全签名$sha1 = new SHA1;$array = $sha1->getSHA1($this->token, $timestamp, $nonce, $encrypt);$ret = $array[0];if ($ret != 0) {return $ret;}$signature = $array[1];if ($signature != $msgSignature) {return ErrorCode::$ValidateSignatureError;}$result = $pc->decrypt($encrypt, $this->appId);if ($result[0] != 0) {return $result[0];}$msg = $result[1];return ErrorCode::$OK;}}</span>

2:获取component_access_token


http请求方式: POST(请使用https协议) 
https://api.weixin.qq.com/cgi-bin/component/api_component_token

POST数据示例:

{
"component_appid":"appid_value" ,
"component_appsecret": "appsecret_value", 
"component_verify_ticket": "ticket_value" 
}
getComponentAccessToken()

$url = "https://api.weixin.qq.com/cgi-bin/component/api_component_token";
$curlPost['component_appid'] = $this->appId;
$curlPost['component_appsecret'] = $this->appSecret;
//获取ticket
$dataTicket = json_decode($this->helper->get_php_file(dirname(__FILE__)."/static/component_verify_ticket.php"),true);
$curlPost['component_verify_ticket'] = $dataTicket['component_verify_ticket'];
$curlPost = json_encode($curlPost);
 $res = json_decode($this->helper->httpPost($curlPost, $url), true);
$component_access_token = $res['component_access_token'];
if ($component_access_token) {
$filedata['expire_time'] = time() + 7000;
$filedata['component_access_token'] = $component_access_token;
$this->helper->set_php_file(dirname(__FILE__)."/static/component_access_token.php", json_encode($filedata));
}


3:获取pre_auth_code

http请求方式: POST(请使用https协议)

https://api.weixin.qq.com/cgi-bin/component/api_create_preauthcode?component_access_token=xxx

POST数据示例:

{
"component_appid":"appid_value" 
}


getPreAuthCode()

$component_access_token = $this->getComponentAccessToken();
$url = "https://api.weixin.qq.com/cgi-bin/component/api_create_preauthcode?component_access_token=".$component_access_token;
$curlPost['component_appid'] = $this->appId;
$curlPost = json_encode($curlPost);
$res = json_decode($this->helper->httpPost($curlPost, $url), true);
$pre_auth_code = $res['pre_auth_code'];
if ($pre_auth_code) {
$filedata['expire_time'] = time() + 500;
$filedata['pre_auth_code'] = $pre_auth_code;
$this->helper->set_php_file(dirname(__FILE__)."/static/pre_auth_code.php", json_encode($filedata));
}
4:获取authorizer_access_token

https://api.weixin.qq.com/cgi-bin/component/api_query_auth?component_access_token=xxxx

POST数据示例:

{
"component_appid":"appid_value" ,
"authorization_code": "auth_code_value"
}

auth_code_value需要你在引导用户授权是填写的回调url中获取https://mp.weixin.qq.com/cgi-bin/componentloginpage?component_appid=xxxx&pre_auth_code=xxxxx&redirect_uri=xxxx

getAuthorizationAppid($authorization_code)

$component_access_token = $this->getComponentAccessToken();
$url = "https://api.weixin.qq.com/cgi-bin/component/api_query_auth?component_access_token=".$component_access_token;
$curlPost['component_appid'] = $this->appId;
$curlPost['authorization_code'] = $authorization_code;
$curlPost = json_encode($curlPost);
$res = json_decode($this->helper->httpPost($curlPost, $url), true);
$authorizer_appid = $res ['authorization_info'] ['authorizer_appid'];
if ($authorizer_appid) {
$filedata['expire_time'] = time() + 7000;
$filedata['authorizer_appid'] = $authorizer_appid;
$filedata['authorizer_access_token'] = $res ['authorization_info'] ['authorizer_access_token'];
$filedata['authorizer_refresh_token'] = $res ['authorization_info'] ['authorizer_refresh_token'];
 $filedata['func_info'] = $res ['authorization_info'] ['func_info'];
$this->helper->set_php_file(dirname(__FILE__)."/static/authorization_code.php", json_encode($filedata));
}

5:获取公众信息

http请求方式: POST(请使用https协议)
https://api.weixin.qq.com/cgi-bin/component/api_get_authorizer_info?component_access_token=xxxx

POST数据示例:

{
"component_appid":"appid_value" ,
"authorizer_appid": "auth_appid_value" 
}
getAuthorizationInfo($authorizer_appid)

$component_access_token = $this->getComponentAccessToken();
$url = "https://api.weixin.qq.com/cgi-bin/component/api_get_authorizer_info?       component_access_token=".$component_access_token;
$curlPost['component_appid'] = $this->appId;
$curlPost['authorizer_appid'] = $authorizer_appid;
$curlPost = json_encode($curlPost);
 $res = json_decode($this->helper->httpPost($curlPost, $url), true);

最后把获取到的信息存入数据库下载代码