IDaaS Open Platform
Employee Identity (EIAM)

WeChat Login Interface

Interface

During the call to the WeChat login interface, different results are returned based on configuration. A successful call normally returns the user's session_token; if the account is not bound or secondary authentication is enabled, a state_token is returned; a failure returns error information.

# Request Description

Request URL https://{your_domain}/api/v2/sdk/login/wechat

Request Method POST

Content-Type application/json

# Request Header Parameters

Parameter Chinese Name Required Type Example
X-operating-sys-version Caller OS Version Yes String windows10.1.1
X-device-fingerprint Caller Device Fingerprint Yes String 156aysdna213sc50
X-device-ip Caller IP No String 192.168.1.2
X-agent User-Agent Information Yes String Mozilla/5.0 (iPhone; CPU iPhone OS 13_3 like Mac OS X) AppleWebKit/605.1.15(KHTML, like Gecko)
Mobile/15E148/HuaWei-AnyOffice/2.6.1802.0010/com.huawei.cloudlink.workplace
X-L For Internationalization Language Setting No String zh
X-client-id Application Authorization ID Yes String nTo1eRIub60vPb54WeE6aojPwYwImtl4

# Request Body Example

{
    "code":"ad12sasdsfe3dfdg3sc"
}
1
2
3

# Request Parameters

Parameter Chinese Name Required Type Description
code WeChat Authorization Code Yes String Authorization code [provided by the WeChat app when the app launches the WeChat application]

# Return Examples

Success Example 1 (Successfully matched user returns session_token):
HTTP/1.1 200 OK
Content-Type: application/json
{
    "session_token": "btsiBjx85prcZu6I6Ki057Tmw3nSF2VO",
    "expire": 604800,
    "status": "SUCCESS",
    "id_token": "eyJraWQiOiJrMSIsImFsZyI6IlJTMjU2In0.eyJpc3MiOiJJc3N1ZXIiLCJhdWQiOiJBdWRpZW5jZSIsImV4cCI6MTY1MzQ4NDQxMiwianRpIjoieUxSVGZXY1VkYk9PeUFpbHdZU0ZqZyIsImlhdCI6MTY1MzQ2NjQxMiwibmJmIjoxNjUzNDY2MjkyLCJzdWIiOiJzdWJqZWN0IiwiYXBpIjoie1wibmFtZVwiOlwiXCIsXCJtb2JpbGVcIjpcIis4Ni0xNTkwNzEzMjg1MlwiLFwiaWRcIjpcIjIwMjIwNDI1MTQwMTM4NTE5LUJGMUItNTI4QjA1NTFCXCIsXCJ1c2VyTmFtZVwiOlwibG91eGlcIixcImVtYWlsXCI6XCIxMUBxcS5jb21cIn0ifQ.al79knH1fKa4aT4AFr_FMjqBKu2pV_g-lKzzgHzmor5X-dHwSBUtjH38KOzjIqHvkcRMjXQuBnWmjRI7-0Djn2LuWVueaf3wRXLscCWiSDC7chjUyTRXMatYINxdvW-oSWFYGFqqbdsavLqOnvehd7ahEaTuiL9yZolvslZIkIxjxBJJu7A9Ln2sk3wf9pxXU83jIJ8ubPQBoVS-ilerTTJOKDZ9XsL2ftJsaqdTJK_mYbvKaVpLIVyHHJ2NcF6f-Al4N4kc8cgxtSgSKFDcR7Bz7dYlOcfUXCPAzJ3NZInm8UaksiWU02tvlvTRvRdoxZNnvD5vamZ5hjFc-cW5jA"
}
Success Example 2 (Returns auto-register and bind process):
HTTP/1.1 200 OK
Content-Type: application/json
{
    "state_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJ7XCJzb2NpYWxVaWRcIjpcIm8zRHVFNVNySXVodTlIZHFucHd0c3Y5a2dkSFFcIixcInN0YXR1c1wiOlwiVVNFUl9SRUdJU1RFUlwifSIsImV4cCI6MTY0NjcwNTcwNCwiaWF0IjoxNjQ2NzAzOTA0LCJqdGkiOiIxNjQ2NzAzOTA0NTEwMCJ9.tLEpS-9jrXwiJI3GlZw4RGg_z0zMDzKMMZtPBv2VPS8",
    "data": "{\"socialBindOrRegisterFlow\":[\"VERIFY_PHONE\",\"VERIFY_EMAIL\"]}",
    "status": "USER_REGISTER"
}
Success Example 3 (Returns bind process):
HTTP/1.1 200 OK
Content-Type: application/json
{
    "state_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJ7XCJzb2NpYWxVaWRcIjpcIm8zRHVFNVNySXVodTlIZHFucHd0c3Y5a2dkSFFcIixcInN0YXR1c1wiOlwiVVNFUl9SRUdJU1RFUlwifSIsImV4cCI6MTY0NjcwNTcwNCwiaWF0IjoxNjQ2NzAzOTA0LCJqdGkiOiIxNjQ2NzAzOTA0NTEwMCJ9.tLEpS-9jrXwiJI3GlZw4RGg_z0zMDzKMMZtPBv2VPS8",
    "data": "{\"socialBindOrRegisterFlow\":[\"VERIFY_PHONE\",\"VERIFY_EMAIL\"]}",
    "status": " SOCIAL_BIND"
}
Success Example 4 (Returns secondary authentication process):
HTTP 200 OK
{
    "status": "MFA_AUTH",
    "state_token":"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJ7XCJ1c2VySWRcIjpcIjIwMjIwMTIwMDk0MzEwNDM0LTg0N0MtQTFEOUJGOUIwXCIsXCJzdGF0dXNcIjpcIk1GQV9BVVRIXCJ9IiwiZXhwIjoxNjQ0MzkyNTEyLCJpYXQiOjE2NDQzOTA3MTIsImp0aSI6IjE2NDQzOTA3MTI2MDEwIn0.PcwlKPlPgIwnPZUE_s56_x5zB8YKaivfkpT0Fm5D2vU",
    "data": "[\"SMS\",\"EMAIL\"]"
}
Success Example 5 (Returns login rejection process):
HTTP 200 OK
{
    "status": "ACCESS_DENIED",
    "state_token":"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJ7XCJ1c2VySWRcIjpcIjIwMjIwMTIwMDk0MzEwNDM0LTg0N0MtQTFEOUJGOUIwXCIsXCJzdGF0dXNcIjpcIk1GQV9BVVRIXCJ9IiwiZXhwIjoxNjQ0MzkyNTEyLCJpYXQiOjE2NDQzOTA3MTIsImp0aSI6IjE2NDQzOTA3MTI2MDEwIn0.PcwlKPlPgIwnPZUE_s56_x5zB8YKaivfkpT0Fm5D2vU",
    "data": "Access Denied"
}
Error Example:
HTTP/1.1 400 Bad Request
{
    "error_code": "SDK.COMMON.1001",
    "error_msg": "Parameter X-client-id cannot be left blank."
}
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45

# Return Parameters

Parameter Name Chinese Name Type Description
status Login Process Status Identifier String Possible return values for this field are:
  • SUCCESS = Login Successful
  • SOCIAL_BIND = Binding Process
  • USER_REGISTER = Registration Binding Process
  • MFA_AUTH = Secondary Authentication
  • ACCESS_DENIED = Access Denied
    • expire session_token Validity Period Number session_token validity period. Within this period, session_token can be used to obtain a ticket.
    session_token User session_token String User session_token. This token can be used to call IDaas interfaces to obtain a ticket, which can then be exchanged for user information.
    state_token User State Token String User state token
    data Return Description String Return Description:
  • status = SOCIAL_BIND/USER_REGISTER, returns the supported verification methods socialBindOrRegisterFlow
  • status = MFA_AUTH, returns the secondary authentication method
  • status = ACCESS_DENIED, returns access denied
    • id_token Short-term valid, interface call credential String This field is a JWT, containing user information and application scope information. It needs to be verified and decoded to obtain. It is valid for 2 hours by default and is configurable.

    I am ready. Please provide the Markdown content you would like me to translate.

    Alipay Login