钉钉微应用的免登录（前后端）

最近做了个钉钉企业内部微应用的项目。记录下自己的心得。
首先根据官方文档明白免登流程

但是，最近更新的开发者平台，已经不在提供corpSecret了，所以获取获取access_token就要获取获取appKey和appSecret，官方文档写的很清楚，获取access_token如下图所示：

封装一个AuthHelper 如下：
/**

1.获取accessToken
2.获取jsapi中的ticket
3.生成jsapiz中的鉴权sign
4.根据传入的临时code获取用户的基本信息,入userinfo
5.(ISV版本)根据userid获取详细用户信息
@author lnexin
*/
public class AuthHelper {

// 钉钉api相关
static String TOKEN_URL = “https://oapi.dingtalk.com/gettoken”;
static String TICKET_URL = “https://oapi.dingtalk.com/get_jsapi_ticket”;
static String USER_INFO_URL = “https://oapi.dingtalk.com/user/getuserinfo”;
static String USER_ALL_URL = “https://oapi.dingtalk.com/user/get”;

// 调整到1小时50分钟
public static final long cacheTime = 1000 * 60 * 55 * 2;

private static String ACCESS_TOKEN = null;
private static String JSAPI_TICKET = null;
private static long LAST_TIME = 0;

/**
- @param appKey
- @param appSecret
- @return 与钉钉服务器请求生成的accessToken
  */
  public static String getAccessToken(String appKey, String appSecret) {
  long curTime = System.currentTimeMillis();
  long differ = curTime - LAST_TIME;
  
  if (ACCESS_TOKEN != null && differ < cacheTime)
  return ACCESS_TOKEN;
  
  ACCESS_TOKEN = requestAccessToken(appKey, appSecret);
  LAST_TIME = curTime;
  
  return ACCESS_TOKEN;
  }
/**
- @param accessToken
- @return 一个用于js鉴权的ticket
  */
  public static String getJsapiTicket(String accessToken) {
  long curTime = System.currentTimeMillis();
  long differ = curTime - LAST_TIME;
  
  if (JSAPI_TICKET != null && differ < cacheTime) {
  return JSAPI_TICKET;
  }
  JSAPI_TICKET = requestJsapiTicket(accessToken);
  return JSAPI_TICKET;
  }
/**
- 根据传入的相关参数生成sign
- @param ticket
- @param nonceStr
- @param timeStamp
- @param url
- @return
  */
  public static String sign(String ticket, String nonceStr, long timeStamp, String url) {
  StringBuffer plain = new StringBuffer();
  plain.append(“jsapi_ticket=”).append(ticket);
  plain.append("&noncestr=").append(nonceStr);
  plain.append("×tamp=").append(String.valueOf(timeStamp));
  plain.append("&url=").append(url);
  MessageDigest sha;
  try {
  sha = MessageDigest.getInstance(“SHA-1”);
  sha.reset();
  sha.update(plain.toString().getBytes(“UTF-8”));
  return bytesToHex(sha.digest());
  } catch (NoSuchAlgorithmException e) {
  e.printStackTrace();
  } catch (UnsupportedEncodingException e) {
  e.printStackTrace();
  }
  return null;
  }
private static String requestAccessToken(String appKey, String appSecret) {
StringBuffer url = new StringBuffer(TOKEN_URL);
url.append("?appkey=").append(appKey);
url.append("&appsecret=").append(appSecret);
String result = null;
try {
result = HttpHelper.sendGet(url.toString());
} catch (IOException e) {
result = ReturnUtil.result("-1",
“请求accessTokenc出错!appKey:” + appKey + “,appSecret:” + appSecret + “异常信息:” + e);
}
System.out.println(“appKey:” + appKey + “,appSecret:” + appSecret + “,result:” + result);
return JsonUtil.getJsonNode(result).get(“access_token”).asText();
}

private static String requestJsapiTicket(String accessToken) {
StringBuffer url = new StringBuffer(TICKET_URL);
url.append("?access_token=").append(accessToken);
String result = null;
try {
result = HttpHelper.sendGet(url.toString());
} catch (IOException e) {
result = ReturnUtil.result("-1", “请求JsapiTicket出错!accessToken:” + accessToken + “异常信息:” + e);
}
System.out.println(“accessToken:” + accessToken + “,result:” + result);
return JsonUtil.getJsonNode(result).get(“ticket”).asText();
}

private static String bytesToHex(byte[] hash) {
Formatter formatter = new Formatter();
for (byte b : hash) {
formatter.format("%02x", b);
}
String result = formatter.toString();
formatter.close();
return result;
}

/**
- 获取用户信息
- @param code
- ```
       用户相应的临时code

        
        
          
          
          
          
        
        
          
          
          
          
           
           
           
           1
          
          
          
          
```
- @param token
- ```
       根据相应corpid和corpsecret生成的access_token

        
        
          
          
          
          
        
        
          
          
          
          
           
           
           
           1
          
          
          
          
```
- @return 用户ID等相关信息
  /
  public static String getUserInfo(String code, String accessToken) {
  StringBuffer url = new StringBuffer(USER_INFO_URL);
  url.append("?access_token=").append(accessToken);
  url.append("&code=").append(code);
  String result = null;
  try {
  result = HttpHelper.sendGet(url.toString());
  } catch (IOException e) {
  result = ReturnUtil.result("-1", “请求User信息出错!code:” + code + “异常信息:” + e);
  }
  return result;
  }
  /*
- 获取用户详细信息
- @param userid 在某个corpid下的唯一用户userid
- @param accessToken 据相应corpid和corpsecret生成的access_token
- @return
  */
  public static String getUser(String userid, String accessToken) {
  StringBuffer url = new StringBuffer(USER_ALL_URL);
  url.append("?access_token=").append(accessToken);
  url.append("&userid=").append(userid);
  String result = null;
  try {
  result = HttpHelper.sendGet(url.toString());
  } catch (IOException e) {
  result = ReturnUtil.result("-1", “请求User信息出错!userid:” + userid + “异常信息:” + e);
  }
  return result;
  }

}

前端代码如下：

钉钉微应用免登陆

 
   到这里基本OK了，这两个为主要代码，还有其他的封装页面比较简单，就不贴出来了 
  转自：https://blog.csdn.net/weixin_44685631/article/details/90240216

钉钉微应用的免登录（前后端）

你可能感兴趣的:(钉钉微应用免密登录)