Token giver for Users logged in to WeChat Mini-program. Based on top of redis for fast token checking/access, and sqlite3 for flexible user db storage.
Token giver for Users logged in to WeChat Mini-program. Based on top of redis for fast token checking/access, and sqlite3 for flexible user db storage.
sku) supporting multiple devicesauthorize(code, encryptedData, iv) functionrefreshToken() functionInstall mpauthx by executing the following
npm install --save mpauthx
Then in code, you do this
let sqlite3DBInstance = ...; // create sqlite3 db instance here
const mpauthx = require('mpauthx')(
'<your app-id here>', // app-id
'<your app-secret here>', // app-secret
'<your sku here>', // sku
sqlite3DBInstance, // your instance of sqlite3
null, // redis pass (if any), if none pass null
259200 // TTL for token, in seconds
);
See Sqlite3 User Table Schema to have a proper sqlite3 table to work with this module.
Call mpauthx.authorize(code, encryptedData, iv) whenever your end-point needs to authorize WeChat user and give user a token so user can save such token for subsequent API calls later in the future.
Call mpauthx.refreshToken(userId) whenever you want to refresh token. If previously assigned token to such user exists, then it will be invalidated before generating and assigning new one. Client side should persist such token value and make use of it first to see if it is still not expired.
as well
Call mpauthx.isTokenValid(token) whenever you need to check whether such specified token is valid (thus exist in redis db) or not.
Call mpauthx.close() to properly close redis client connection when you're done with your code.
Your sqlite3 database needs to have user table with following schema
CREATE TABLE user(
openId text primary key not null,
city text,
country text,
gender integer,
language text,
nickName text,
province text
);
Primarily focus on openId as a requirement to have.
Also openId is umbrella word to represent either openid or unionid. If your app has been setup to work with unionid, then mpauthx will automatically use that instead of openid. This will allow you to peek database for users related to all apps across your company's WeChat Official Account.
isTokenValid(token) - check whether token is valid
Return Promise object.
token is string for specified token to check whether such token is valid or not. This means it's valid when it still exists and has exact match.
authorize(code, encryptedData, iv) - authorize WeChat user after logged in mini-program
Return Promise object. Success will contain success object in the following structure
{
status_code: <number>, // see core/constants.js or mpauthx.constants for all statuses
status_message: <string>,
response: <string> // returned generated token for such user
}
Otherwise failure will contains Error object with code as additional property. See core/constants.js or mpauthx.constants for all status code.
code can be acquired via wx.login API.
encryptedData and iv can be acquired via wx.getUserInfo API.
refreshToken(userId) - request to refresh token for input user id (which represents either openid or unionid)
Return Promise object. Success will contain a new generated and assigned access token for such user.
{
status_code: <number>,
status_message: <sring>,
response: <string> // your new access token
}
Otherwise failure will contains Error object.
userId as input should be known from client side as they should persist such value and always try to use such access token in API request before automatically detected by API if it needs to be re-generated.
extractOpenId(token) - extract openId part of specified token
Return openId part of specified token. Note that openId is umbrella word to represent either openId or unionId. See OpenId & UnionId.
extractSku(token) - extract sku part of specified token
Return sku part of specified token.
close() - close redis connection
constants - expose constants mainly used for status code returned from API especially authorize.FAQs
Token giver for Users logged in to WeChat Mini-program. Based on top of redis for fast token checking/access, and sqlite3 for flexible user db storage.
We found that mpauthx demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.