快速创建小程序接口优化了小程序注册认证的流程,能帮助第三方平台迅速拓展线下商户,拓展商户的服务范围,占领小程序线下商业先机。采用法人人脸识别方式替代小额打款等认证流程,极大的减轻了小程序主体、类目资质信息收集的人力成本。通过该接口创建小程序默认为“已认证”。为降低接入小程序的成本门槛,通过该接口创建的小程序无需交 300 元认证费。
1、验证票据
验证票据(component_verify_ticket),在第三方平台创建审核通过后,微信服务器会向其 ”授权事件接收URL” 每隔 10 分钟以 POST 的方式推送 component_verify_ticket
接收 POST 请求后,只需直接返回字符串 success。
@RequestMapping(value = "saveTicket")
@ResponseBody
public void saveTicket(HttpServletRequest request, HttpServletResponse response) throws IOException {
String msgSignature = request.getParameter("msg_signature");// 微信加密签名
String timeStamp = request.getParameter("timestamp");// 时间戳
String nonce = request.getParameter("nonce"); // 随机数
BufferedReader br = new BufferedReader(new InputStreamReader(request.getInputStream(),"UTF-8"));
StringBuffer sb = new StringBuffer();
String line = null;
while ((line = br.readLine()) != null) {
sb = sb.append(line);
}
String postData = sb.toString();
try {
AuthorizedUtils.saveComponentVerifyTicket(msgSignature, timeStamp, nonce, postData);
} catch (Exception e) {
logger.error("系统异常", e);
} finally {
// 响应消息
PrintWriter out = response.getWriter();
out.print("success");
}
}
令牌(component_access_token)是第三方平台接口的调用凭据。令牌的获取是有限制的,每个令牌的有效期为 2 小时,请自行做好令牌的管理,在令牌快过期时(比如1小时50分),重新调用接口获取。
public static ComponentToken getComponentToken(String ticket) {
RedisService<ComponentToken> redisService = RedisService.load();
ComponentToken componentToken = redisService.load(ComponentToken.COMPONENTTOKEN_ID, ComponentToken.class);
logger.warn("2、获取第三方平台component_access_token---->开始 ");
if (componentToken == null) {
logger.warn("2、获取第三方平台component_access_token---->从微信获得");
String encryptAppId = ParameterUtil.SE_APPID;
String appId = EnDecryptUtil.d3esDecode(encryptAppId);
String encryptSecret = ParameterUtil.SE_SECRET;
String secret = EnDecryptUtil.d3esDecode(encryptSecret);
String requestUrl = component_access_url;
Map<String, String> map = new HashMap<>();
map.put("component_appid", appId); //第三方平台appid
map.put("component_appsecret", secret); //第三方平台appsecret
map.put("component_verify_ticket", ticket);
String outputStr = JSONObject.toJSONString(map);
logger.warn("请求数据"+outputStr);
JSONObject jsonObject = HttpRequestUtils.httpRequest(requestUrl, "POST", outputStr);
logger.warn("2、获取第三方平台component_access_token---->从微信获得数据" + jsonObject);
if (null != jsonObject) {
long expires = System.currentTimeMillis() + 7200;
try{
expires = System.currentTimeMillis() + jsonObject.getIntValue("expires_in");
}catch (Exception e) {
}
try {
componentToken = new ComponentToken();
componentToken.setComponentAccessToken(jsonObject.getString("component_access_token"));
componentToken.setExpiresIn(expires);
redisService.save(componentToken, ComponentToken.class);
} catch (Exception e) {
componentToken = null;
logger.error("系统异常", e);
}
}
} else {
long sysTime = System.currentTimeMillis();
if (sysTime >= componentToken.getExpiresIn()) {
logger.warn("2、获取第三方平台component_access_token---->从缓存获得的componentToken时间超时");
redisService.delete(ComponentToken.COMPONENTTOKEN_ID, ComponentToken.class);
componentToken = getComponentToken(ticket);
}else{
logger.warn("2、获取第三方平台component_access_token---->成功从缓存获得的componentToken");
}
}
return componentToken;
}
3、创建小程序
第三方平台只需收集法人姓名、法人微信、企业名称、企业代码信息这四个信息,便可以向企业法人下发一条模板消息来采集法人人脸信息,完成全部注册、认证流程。
public static JSONObject fastreGisterWeApp(String componentAccessToken) {
Map<String,Object> map = new HashMap<>();
map.put("name","企业名(需与工商部门登记信息一致)");
map.put("code","企业代码");
map.put("code_type","企业代码类型 1:统一社会信用代码(18 位) 2:组织机构代码(9 位 xxxxxxxx-x) 3:营业执照注册号(15 位)");
map.put("legal_persona_wechat","法人微信号");
map.put("legal_persona_name","法人姓名(绑定银行卡)");
map.put("component_phone","第三方联系电话(方便法人与第三方联系)");
String requestParam = JSON.toJSONString(map);
JSONObject jsonObject = CommonUtil.httpsRequestJson("https://api.weixin.qq.com/cgi-bin/component/fastregisterweapp?action=create&component_access_token="+componentAccessToken, "POST", requestParam);
return jsonObject;
}
4、获取预授权码
预授权码(pre_auth_code)是第三方平台方实现授权托管的必备信息,每个预授权码有效期为 10 分钟。需要先获取令牌才能调用
public static String getPreAuthCode(String ticket) {
logger.warn("4、获取预授权码pre_auth_code---->开始");
ComponentToken componentToken = getComponentToken(ticket);
String encryptAppId = ParameterUtil.SE_APPID;
String appId = EnDecryptUtil.d3esDecode(encryptAppId);
String url = pre_auth_code_url + componentToken.getComponentAccessToken();
Map<String, String> map = new HashMap<String, String>();
map.put("component_appid", appId);
JSONObject jsonObject = HttpRequestUtils.httpRequest(url, "POST", JSONObject.toJSONString(map));
logger.warn("4、获取预授权码pre_auth_code---->成功获得" + jsonObject.getString("pre_auth_code"));
return jsonObject.getString("pre_auth_code");
}
5、引导用户进入授权页
第三方服务商构建授权链接放置自己的网站,用户点击后,弹出授权页面。
@RequestMapping(value = "getAuthUrl", method = RequestMethod.POST)
@ResponseBody
public JsonModel getAuthUrl() {
RedisService<ComponentVerifyTicket> redisService = RedisService.load();
ComponentVerifyTicket componentVerifyTicket = redisService.load(ComponentVerifyTicket.COMPONENT_VERIFY_TICKET_ID,
ComponentVerifyTicket.class);
if(componentVerifyTicket == null){
logger.warn("5.1、引入用户进入授权页---->失败,component_verify_ticket为nul");
return JsonModel.toFail(null);
}else{
String preAuthCode = AuthorizedUtils.getPreAuthCode(componentVerifyTicket.getComponentVerifyTicket());
String encryptAppId = ParameterUtil.SE_APPID;
String appId = EnDecryptUtil.d3esDecode(encryptAppId);
String auth_type = ParameterUtil.SE_AUTH_TYPE;
String requestUrl = auth_url;
requestUrl = requestUrl.replace("COMPONENT_APPID", appId).replace("PRE_AUTH_CODE", preAuthCode)
.replace("REDIRECT_URI", ParameterUtil.SE_RE_URI).replace("AUTH_TYPE", auth_type);
logger.warn("5.1、引入用户进入授权页---->成功,url为:" + requestUrl);
return JsonModel.toSuccess(requestUrl);
}
}
@RequestMapping(value = "/authCallback")
@ResponseBody
public String authCallback(HttpServletRequest request, HttpServletResponse response) {
String code = request.getParameter("auth_code");
logger.error("5.2、引入用户进入授权页(方式一:授权注册页面扫码授权) 回调接口,传入的code={}, businessId={}", code, businessId);
if(code == null || "".equals(code)){
logger.error("5.2、引入用户进入授权页(方式一:授权注册页面扫码授权) 回调接口,出错,微信请求的code为null,");
return "success";
}
AuthorizationInfo authorizationInfo = this.initAuthorizationInfo(code);
AuthorizedUtils.getAuthorizerInfo(authorizationInfo);
return "success";
}
public static AuthorizationInfo initAuthorizationInfo(String code) {
logger.warn("5.3、使用授权码换取公众号或小程序的接口调用凭据和授权信息---->开始,code=" + code);
RedisService<ComponentVerifyTicket> redisService = RedisService.load();
ComponentVerifyTicket componentVerifyTicket = redisService.load(ComponentVerifyTicket.COMPONENT_VERIFY_TICKET_ID,
ComponentVerifyTicket.class);
ComponentToken componentToken = getComponentToken(componentVerifyTicket.getComponentVerifyTicket());
String encryptAppId = ParameterUtil.SE_APPID;
String se_appId = EnDecryptUtil.d3esDecode(encryptAppId);
String requestUrl = api_query_auth.replace("COMPONENT_ACCESS_TOKEN", componentToken.getComponentAccessToken());
Map<String, String> map = new HashMap<String, String>();
map.put("component_appid", se_appId);
map.put("authorization_code", code);
String outputStr = JSONObject.toJSONString(map);
JSONObject jsonObject = HttpRequestUtils.httpRequest(requestUrl, "POST", outputStr);
logger.warn("5.3、使用授权码换取公众号或小程序的接口调用凭据和授权信息---->返回对象内容:"+jsonObject);
AuthorizationInfo authorizationInfo = null;
if (jsonObject != null && jsonObject.getJSONObject("authorization_info") != null) {
long sys_time = System.currentTimeMillis();
authorizationInfo = jsonObject.getJSONObject("authorization_info").toJavaObject(AuthorizationInfo.class);
long expires = sys_time + 6600000;
authorizationInfo.setExpires_in(expires);
RedisService<AuthorizationInfo> redisService2 = RedisService.load();
redisService2.save(authorizationInfo, AuthorizationInfo.class);
}
logger.warn("5.3、使用授权码换取公众号或小程序的接口调用凭据和授权信息---->结束");
return authorizationInfo;
}