Commit 4ab4a801529aff75ed085c2ae40582c78d7f1229
1 parent
d70723c0
Exists in
master
添加企业号登录授权API
Showing
3 changed files
with
84 additions
and
0 deletions
Show diff stats
README.md
| @@ -183,6 +183,26 @@ suite_api.get_corp_token(auth_corpid, permanent_code) | @@ -183,6 +183,26 @@ suite_api.get_corp_token(auth_corpid, permanent_code) | ||
| 183 | suite_api.auth_url(code, uri, state="suite") | 183 | suite_api.auth_url(code, uri, state="suite") |
| 184 | ``` | 184 | ``` |
| 185 | 185 | ||
| 186 | +## 企业号登录授权 | ||
| 187 | + | ||
| 188 | +```ruby | ||
| 189 | + # 获取登录授权URL | ||
| 190 | + # state default 'qy_wechat', option | ||
| 191 | + # 此处授权回调时会传递auth_code、expires_in,auth_code用于get_login_info(获取企业号管理员登录信息)接口使用 | ||
| 192 | + group_client.auth_login.auth_login_url("redirect_uri", "state") | ||
| 193 | + | ||
| 194 | + # 获取应用提供商凭证 | ||
| 195 | + # provider_secret:提供商的secret,在提供商管理页面可见 | ||
| 196 | + # 此处会返回:provider_access_token(已通过Rails.cache缓存7100s) | ||
| 197 | + group_client.auth_login.get_provider_token(provider_secret) | ||
| 198 | + | ||
| 199 | + # 通过传递provider_access_token,获取企业号管理员登录信息 | ||
| 200 | + group_client.auth_login.get_login_info(auth_code, provider_access_token) | ||
| 201 | + | ||
| 202 | + # 通过传递provider_secret,获取企业号管理员登录信息 | ||
| 203 | + group_client.auth_login.get_login_info_by_secret(auth_code, provider_secret) | ||
| 204 | +``` | ||
| 205 | + | ||
| 186 | ### 应用套件的回调通知处理 | 206 | ### 应用套件的回调通知处理 |
| 187 | 207 | ||
| 188 | Wiki: http://qydev.weixin.qq.com/wiki/index.php?title=%E7%AC%AC%E4%B8%89%E6%96%B9%E5%9B%9E%E8%B0%83%E5%8D%8F%E8%AE%AE | 208 | Wiki: http://qydev.weixin.qq.com/wiki/index.php?title=%E7%AC%AC%E4%B8%89%E6%96%B9%E5%9B%9E%E8%B0%83%E5%8D%8F%E8%AE%AE |
| @@ -0,0 +1,59 @@ | @@ -0,0 +1,59 @@ | ||
| 1 | +# 登录授权流程说明 | ||
| 2 | +# encoding: utf-8 | ||
| 3 | +module QyWechatApi | ||
| 4 | + module Api | ||
| 5 | + class AuthLogin < Base | ||
| 6 | + | ||
| 7 | + # 服务商引导用户进入登录授权页 服务可以在自己的网站首页中放置“微信企业号登录”的入口,引导用户(指企业号系统管理员者)进入登录授权页。 | ||
| 8 | + # 网址为: https://qy.weixin.qq.com/cgi-bin/loginpage?corp_id=xxxx&redirect_uri=xxxxx&state=xxxx | ||
| 9 | + # 服务商需要提供corp_id,跳转uri和state参数,其中uri需要经过一次urlencode作为参数,state用于服务商自行校验session,防止跨域攻击。 | ||
| 10 | + # 授权回调时会传递: | ||
| 11 | + # auth_code=xxx&expires_in=600,auth_code用于get_login_info(获取企业号管理员登录信息)接口使用 | ||
| 12 | + def auth_login_url(redirect_uri, state="qy_wechat") | ||
| 13 | + require "erb" | ||
| 14 | + redirect_uri = ERB::Util.url_encode(redirect_uri) | ||
| 15 | + "#{QyWechatApi::SUITE_ENDPOINT}/loginpage?corp_id=#{corp_id}&redirect_uri=#{redirect_uri}&state=#{state}" | ||
| 16 | + end | ||
| 17 | + | ||
| 18 | + # 获取应用提供商凭证 | ||
| 19 | + # https://qyapi.weixin.qq.com/cgi-bin/service/get_provider_token | ||
| 20 | + def get_provider_token(provider_secret) | ||
| 21 | + cache_key = "auth_login-#{corp_id}-get_provider_token" | ||
| 22 | + Rails.cache.fetch(cache_key, expires_in: 7100.seconds) do | ||
| 23 | + payload = {corpid: corp_id, provider_secret: provider_secret} | ||
| 24 | + url = base_url("get_provider_token") | ||
| 25 | + res = QyWechatApi.http_post_without_token(url, payload) | ||
| 26 | + token = res.result["provider_access_token"] | ||
| 27 | + if token.blank? | ||
| 28 | + Rails.cache.delete(cache_key) | ||
| 29 | + raise res.errors | ||
| 30 | + else | ||
| 31 | + token | ||
| 32 | + end | ||
| 33 | + end | ||
| 34 | + end | ||
| 35 | + | ||
| 36 | + # 通过传递provider_access_token,获取企业号管理员登录信息 | ||
| 37 | + # https://qyapi.weixin.qq.com/cgi-bin/service/get_login_info?provider_access_token=enLSZ5xxxxxxJRL | ||
| 38 | + def get_login_info(auth_code, provider_access_token) | ||
| 39 | + url = base_url("get_login_info", {provider_access_token: provider_access_token}) | ||
| 40 | + QyWechatApi.http_post_without_token(url, {auth_code: auth_code}) | ||
| 41 | + end | ||
| 42 | + | ||
| 43 | + # 通过传递provider_secret,获取企业号管理员登录信息 | ||
| 44 | + def get_login_info_by_secret(auth_code, provider_secret) | ||
| 45 | + token = get_provider_token(provider_secret) | ||
| 46 | + get_login_info(auth_code, token) | ||
| 47 | + end | ||
| 48 | + | ||
| 49 | + private | ||
| 50 | + | ||
| 51 | + def base_url(api, params={}) | ||
| 52 | + params = params.to_query | ||
| 53 | + params = "?#{params}" if params.present? | ||
| 54 | + "#{QyWechatApi::ENDPOINT_URL}/service/#{api}#{params}" | ||
| 55 | + end | ||
| 56 | + | ||
| 57 | + end | ||
| 58 | + end | ||
| 59 | +end |
lib/qy_wechat_api/client.rb
| @@ -62,6 +62,11 @@ module QyWechatApi | @@ -62,6 +62,11 @@ module QyWechatApi | ||
| 62 | Api::Js.new(get_access_token, corp_id) | 62 | Api::Js.new(get_access_token, corp_id) |
| 63 | end | 63 | end |
| 64 | 64 | ||
| 65 | + # 企业号登录授权 | ||
| 66 | + def auth_login | ||
| 67 | + Api::AuthLogin.new(nil, corp_id) | ||
| 68 | + end | ||
| 69 | + | ||
| 65 | private | 70 | private |
| 66 | 71 | ||
| 67 | def security_redis_key(key) | 72 | def security_redis_key(key) |