OAuth2 - Hippoom/wechat-mp-starter GitHub Wiki

The starter provides a built-in HTTP endpoint which redirects the user agent to finish WeChat OAuth2 protocol.

The URI is /wechat/oauth/authorize. The user agent is allowed to specify the URI to redirect to once the OAuth2 protocol succeeds, this can be done by using the query parameter named origin, the redirect URI should be URL encoded:

   window.location.href = "/wechat/oauth/authorize?origin=" + encodeURIComponent(window.location.href);

Currently, you need to provide the base URI of your MP application in the application{-profile}.properties or application{-profile}.yml, the URI should be registered in your MP admin console(see Web-based Authorization Callback Domain Name section for detail)

wechat:
  mp:
    appBaseUri: https://98867544.ap.ngrok.io

By default, a WeChatMpOAuth2AccessTokenAuthentication is stored in the session once the OAuth2 protocol succeeds, in the meantime, a server side cookie (JSESSIONID) and a client side cookie (XSRF-TOKEN) is sent to the user agent. The user agent can user the XSRF-TOKEN to pass the CSRF protection later on:

import Cookies from 'universal-cookie';

let cookies = new Cookies();
let headers = new Headers();
headers.set("X-XSRF-TOKEN", cookies.get("XSRF-TOKEN"));

fetch('/rel/wechat/user/profile/me', {
    method: 'get',
    credentials: "same-origin",
    headers: headers
}).then((response) => {
    //omitted codes
});