WeChat Open Platform

Mini Programs Documentation

Login

wx.login(OBJECT)

Calls the interface to get the login credentials (code), then exchanges these for the user login status information, including the user's unique ID (openid) and session key (session_key) for this login. The user data encryption and decryption communication needs to be completed using the session key.

OBJECT parameter descriptions:

Parameter name Type Required Description
success Function No Callback function for successful interface call
fail Function No Callback function for failed interface call
complete Function No Callback function for interface call results (will be executed if call succeeds or fails)

success return parameter descriptions:

Parameter name Type Description
errMsg String Call result
code String After the user is permitted to log in, the callback content will bring the code (five-minute validity period). The developer needs to send the code to the backend of their server and use code in exchange for the session_key api. The code is exchanged for the openid and session_key.

Sample code:

//app.js
App({
  onLaunch: function() {
    wx.login({
      success: function(res) {
        if (res.code) {
          //Initiate network request
          wx.request({
            url: 'https://test.com/onLogin',
            data: {
              code: res.code
            }
          })
        } else {
          console.log('Failed to obtain user login status!' + res.errMsg)
        }
      }
    });
  }
})

Exchange code for session_key

‚Äč This is an HTTPS interface, the developer's server uses the login credentials code to get the session_key and openid. The session_key is the key that encrypts signatures for user data. For application security, the session_key should not be transmitted over the network.

Interface address:

https://api.weixin.qq.com/sns/jscode2session?appid=APPID&secret=SECRET&js_code=JSCODE&grant_type=authorization_code

Request parameters:

Parameter Required Description
appid Yes The Mini Program's unique ID
secret Yes The Mini Program's app secret
js_code Yes The code obtained when logging in
grant_type Yes Entered as the authorization_code

Return parameters:

Parameter Description
openid The user's unique ID
session_key The session key

Return descriptions:

//The JSON packet that is normally returned
{
      "openid": "OPENID",
      "session_key": "SESSIONKEY"
}
//The JSON packet that is returned when there is an error (the example is invalid code)
{
    "errcode": 40029,
    "errmsg": "invalid code"
}

wx.checkSession(OBJECT)

The user login status obtained through the above interface is time sensitive. The longer the user takes to use the Mini Program, the more likely the user login status is to become invalid. On the other hand, if the user has been using the Mini Program all along, then the user login status will remain valid. The specific validity logic is maintained by WeChat and is open to developers. Developers only need to call the wx.checkSession interface to test whether the current user login status is valid. After the login status expires, developers can call wx.login again to get a new user login status.

OBJECT parameter descriptions:

Parameter name Type Required Description
success Function No Callback function for successful interface call, login status has not expired
fail Function No Callback function for failed interface call, login status has expired
complete Function No Callback function for interface call results (will be executed if call succeeds or fails)

Sample code:

wx.checkSession({
  success: function(){
    //session has not expired and will remain valid throughout this lifecycle
  },
  fail: function(){
    //Login status has expired
    wx.login() //Log in again
    ....
  }
})

Maintain login status

After obtaining the user login status through wx.login(), you need to maintain the login status. Developers must note that they should not directly use the session_key or openid fields as user or session IDs. They should also distribute their own session login statuses (please refer to the login time sequence diagram). For sessions that developers have generated themselves, developers should guarantee that they are secure and should not set longer expiry times. After sessions have been distributed to the Mini Program client, they can be stored and used for follow-up communications.

Use wx.checkSession() to test whether a user login status is invalid and determine whether to call wx.login() to get a new login status.

Login time sequence diagram

Bugs & Tips

  1. bug: In iOS/Android WeChat version 6.3.30, an exception will occur when calling wx.login in App.onLaunch.