对于一个从前端转到后端的开发人员来说,这个玩意儿开始的时候是有点郁闷;不过明白原理之后就简单了,
获取jsapi_ticket;必须先获取access_token;
微信开发文档说access_token的有效时间是7200秒(两小时);
但没有说过期后怎么办,这里的access_token容易和网页授权的access_token搞混;
后者有刷新地址,前者没有,那怎么办呢,听好了,过期后重新获取;
一般做网站开发,必须把access_token和jsapi_ticket存到服务器,并且根据过期时间定期更新,这个后期再说;
现在主要实验,获取jsapi_ticket,并生成前端页面需要注入的数据,从而使前端页面使用js-sdk的权限;
这里有一个容易忽视的小tips,微信前面要求设置js安全域名时,填入的是域名而不是utl;
nodejs为前端页面提供jsapi_ticket的代码实现如下;
从第43行开始;
1 var express = require('express'); 2 var cookieParser = require('cookie-parser'); 3 var bodyParser = require('body-parser'); 4 var OAuth = require('wechat-oauth'); 5 var request = require('request'); 6 var sha1 = require('sha1'); 7 var path = require('path'); 8 var app = express(); 9 app.use(bodyParser.json()); 10 app.use(bodyParser.urlencoded({ extended: false })); 11 app.use(cookieParser()); 12 app.use(express.static('public')); 13 var port = 18080; 14 var appid = 'wx75340481908402a8'; 15 var appsecret = '2b6ee0cbeec0114eb539e68ba356329b'; 16 17 //首先拼接url 18 var url = "https://open.weixin.qq.com/connect/oauth2/authorize?appid=wx75340481908402a8&redirect_uri=http%3a%2f%2fwechatapp1.duapp.com%2fcallback&response_type=code&scope=snsapi_userinfo&state=STATE#wechat_redirect" 19 app.get('/test',function(req,res){ 20 res.redirect(url); 21 }); 22 //四步请求打法; 23 //第一步:获得code; 24 app.get('/callback',function(req,res){ 25 var code = req.query.code; 26 var url = 'https://api.weixin.qq.com/sns/oauth2/access_token?appid=' + appid + '&secret=' + appsecret + '&code=' + code + '&grant_type=authorization_code'; 27 //第二步:获得token 28 request.get(url,function(err,response,body) { 29 var json = JSON.parse(body); 30 var refreshUrl = 'https://api.weixin.qq.com/sns/oauth2/refresh_token?appid=' + appid + '&grant_type=refresh_token&refresh_token=' + json.refresh_token; 31 //第三步:获得refreshtoken和openId; 32 request.get(refreshUrl,function (err,response,refresh) { 33 var json = JSON.parse(refresh); 34 var infoUrl = 'https://api.weixin.qq.com/sns/userinfo?access_token=' + json.access_token + '&openid=' + json.openid + '&lang=zh_CN'; 35 //第四步:通过上一步刷新得来的refresh和openId请求用户信息; 36 request.get(infoUrl,function(err,response,info) { 37 var info = JSON.parse(info); 38 res.send(info); 39 }); 40 }); 41 }); 42 }); 43 //1、设置api接口,使前端通过ajax可以获取jsapi-sdk; 44 app.get('/wechat/ticket',function (req, res) { 45 var page = req.query.page; 46 var t = {}; 47 var url = 'https://api.weixin.qq.com/cgi-bin/token?grant_type=client_credential&appid='+appid+'&secret='+appsecret; 48 //2、获取access_token; 49 request.get(url,function(err, response, body) { 50 var token = JSON.parse(body); 51 var ticketUrl = 'https://api.weixin.qq.com/cgi-bin/ticket/getticket?access_token=' + token.access_token + '&type=jsapi'; 52 //3、获取ticket并且生成随机字符串,时间戳,签名 53 request.get(ticketUrl, function(err, response, ticket) { 54 var data = JSON.parse(ticket); 55 var timestamp = parseInt(new Date().getTime() / 1000); 56 t.ticket = data.ticket; 57 t.noncestr = sha1(new Date()); 58 t.timestamp = timestamp; 59 var string = 'jsapi_ticket=' + t.ticket + '&noncestr=' + t.noncestr + '×tamp=' + timestamp + '&url=' + page; 60 t.signature = sha1(string); 61 res.json(t); 62 }); 63 }); 64 }); 65 66 67 68 app.listen(port);