passport-wechat-enterprise

Passport strategy for authenticating with Wechat Enterprise Accounts using the OAuth 2.0 API.

Passport的微信企业号OAuth2.0用户验证模块， 支持Express，Strongloop|Loopback.

微信企业号开发文档

微信公众号，转至 passport-wechat-public

Install

$ npm install passport-wechat-enterprise

Usage

Configure Strategy

• 在Passport注册WechatEnterpriseStrategy, Passport.use()的第一个参数是name，可以忽略使用默认的名字’wechat-enterprise'。WechatEnterpriseStrategy的构造函数的参数是options,verify 以及getAccessToken和saveAccessToken。

  options的corpId，corpSecret和callbackURL是必需的，其他为可选。verify函数是验证或创建用户传给done函数, getAccessToken和saveAccessToken用已获得AccessToken和保存新的AccessToken，当getAccessToken返回的AccessToken无效时，会通过调用微信的/gettoken接口获取新的AccessToken，并用saveAccessToken进行保存。getAccessToken and saveAccessToken 都是必需的。

passport.use("wechat",new WechatPublicStrategy({
    corpId: CORP_ID,
    corpSecret: CORP_SECRET,
    callbackURL: "http://localhost:3000/auth/wechat/callback",
    state: "state",
    scope: "snsapi_base"
  },
  function(profile, done) {
    User.findOrCreate({ userId: profile.UserId }, function (err, user) {
      return done(err, user);
    });
  },
  function getAccessToken(cb) { ... },
  function saveAccessToken(accessToken,cb){ ... }
))

Authenticate Requests

用passport.authenticate()在对应的route下，注意strategy名字和passport.use()时一致。

For example

app.get('/auth/wechat',
  passport.authenticate('wechat'));

app.get('/auth/wechat/callback',
  passport.authenticate('wechat', { failureRedirect: '/login' }),
  function(req, res) {
    // Successful authentication, redirect home.
    res.redirect('/');
  });

Loopback-Component-Passport

Loopback-Component-Passport 官方文档.

在providers.json加入wechat provider即可，profile的id就是UserId

{
  "wechat": {
    "provider": "wechat",
    "module": "passport-wechat-enterprise",
    "callbackURL": "/auth/wechat/callback",
    "successRedirect": "/auth/wechat/account",
    "failureRedirect": "/auth/wechat/failure",
    "scope": "snsapi_base",
    "corpId": "wxabe757c89bb6d74b",
    "corpSecret": "9a62bc24a31d5c7c2b1d053515d276f8",
    "authScheme": "OAuth 2.0"/*required*/
  }
}

• 在loopback-component-passport中，strategy的初始化之会传入options和verify，所以这里需要把getAccessToken 和 saveAccessToken 放到options里。

function getAccessToken(cb) {...};
function saveAccessToken(accessToken, cb){...};
for (var s in config) {
    var c = config[s];
    c.session = c.session !== false;
    if(s === 'wechat') {
    	c.getAccessToken = getAccessToken;
    	c.saveAccessToken = saveAccessToken;
    }
    passportConfigurator.configureProvider(s, c);
  }

Additional

• 微信的企业用户验证只获得了用户基本信息，实际只获得了id，需要详细的用户信息仍需要调用微信的Users API.

已关注:

{
   "UserId":"USERID",
   "DeviceId":"DEVICEID"
}

未关注:

{
   "OpenId":"OPENID",
   "DeviceId":"DEVICEID"
}