IDM 7.2.1

WeChat social identity provider

Social authentication is deprecated and will be removed in a future release of IDM. For more information, see Deprecation.

These procedures assume that you have a WeChat developer account with access to create WeChat web application credentials. To verify access, you’ll need the WeChat app on your mobile device.

Set up WeChat

To set up WeChat as a social identity provider, you’ll need to get the following information for your WeChat app. The name may be different in WeChat.

  • Client ID (WeChat uses appid as of this writing.)

  • Client Secret (WeChat uses secret as of this writing.)

  • Scope

  • Authorization Endpoint URL

  • Token Endpoint URL

  • User Info Endpoint URL

  • Redirect URI, normally something like http://openidm.example.com/

WeChat unique requirements

Before testing WeChat, be prepared for the following special requirements:

  • WeChat works only if you deploy IDM on one of the following ports: 80 or 443.

    For more information on how to configure IDM to use these ports, see Host and port information.

  • For registration and sign-in, WeChat requires the use of a mobile device with a QR code reader.

  • For sign-in, you’ll also need to install the WeChat app on your mobile device.

Configure a WeChat social identity provider

To configure a WeChat social identity provider using the admin UI:

  1. From the navigation bar, click Configure > Social ID Providers.

  2. On the Social Identity Providers page, enable WeChat.

  3. In the WeChat Provider window, enter applicable values in the fields, and click Save. For a complete list of fields, see WeChat Social Identity Provider Configuration Details.

After you save the social identity provider configuration, IDM generates a conf/identityProvider-wechat.json file:

{
    "provider" : "wechat",
    ...
    "clientId" : "<someUUID>",
    "clientSecret" : {
       "$crypto" : {
           "type" : "x-simple-encryption",
              "value" : {
               "cipher" : "AES/CBC/PKCS5Padding",
               "stableId" : "openidm-sym-default",
               "salt" : "<hashValue>",
               "data" : "<encryptedValue>",
               "keySize" : 16,
               "purpose" : "idm.config.encryption",
               "iv" : "<encryptedValue>",
               "mac" : "<hashValue>"
           }
       }
    },
    "authorizationEndpoint" : "https://open.weixin.qq.com/connect/qrconnect",
    "tokenEndpoint" : "https://api.wechat.com/sns/oauth2/access_token",
    "refreshTokenEndpoint" : "https://api.wechat.com/sns/oauth2/refresh_token",
    "userInfoEndpoint" : "https://api.wechat.com/sns/userinfo",
    "redirectUri" : "http://openidm.example.com:8080/",
    "scope" : [
        "snsapi_login"
    ],
...

The file includes schema information, which includes properties for each social identity account, as collected by IDM, as well as the order in which it appears in the admin UI. When you’ve registered a user with a WeChat social identity, you can verify this by selecting Manage > WeChat, and then selecting a user.

Another part of the file includes a propertyMap, which maps user information entries between the source (social identity provider) and the target (IDM).

If you need more information about the properties in this file, refer to the following appendix: WeChat Social Identity Provider Configuration Details.

Configure user registration to link to WeChat

Once you’ve configured the WeChat social identity provider, you can activate it through User Registration. To do so in the admin UI, select Configure > User Registration, and activate that feature. Under the Social tab that appears, enable Social Registration. For more information on IDM user self-service features, see Self-service end user UI.

When you enable Social Registration, you’re allowing users to register on IDM through all active social identity providers.

WeChat social identity provider configuration details

You can set up the WeChat social identity provider through the admin UI or in a conf/identityProvider-wechat.json file. IDM generates the identityProvider-wechat.json file when you configure and enable this social identity provider in the admin UI. Alternatively, you can create the file manually.

The following table includes the information shown in the admin UI WeChat Provider pop-up window, along with associated information in the identityProvider-wechat.json file.

WeChat supports URLs on one of the following ports: 80 or 443. For more information on how to configure IDM to use these ports, see Host and port information.
WeChat social identity provider configuration properties
Property (UI) Property (JSON file) Description

Client ID

clientId

The client identifier for your WeChat App

Client Secret

clientSecret

Used with the Client ID to access the applicable WeChat API

Scope

scope

An array of strings that allows access to user data

Authorization Endpoint

authorizationEndpoint

Typically https://open.weixin.qq.com/connect/qrconnect.

Token Endpoint

tokenEndpoint

Endpoint that receives a one-time authorization code, and returns an access token; typically https://api.wechat.com/sns/oauth2/access_token

Refresh Token Endpoint

refreshTokenEndpoint

Endpoint that receives a one-time authorization code, and returns a refresh token; typically https://api.wechat.com/sns/oauth2/refresh_token

User Info Endpoint

userInfoEndpoint

Endpoint that transmits scope-related fields; typically https://api.wechat.com/user/profile

Not in the admin UI

provider

Name of the social identity provider

Not in the admin UI

configClass

Configuration class for the authentication module

Not in the admin UI

basicAuth

Whether to use basic authentication

Not in the admin UI

propertyMap

Mapping between WeChat and IDM

For information on social identity provider buttons and badges, see Social identity provider button and badge properties.

Copyright © 2010-2022 ForgeRock, all rights reserved.