WeChat social identity provider
Social authentication is deprecated and will be removed in a future release of IDM. For more information, refer to Deprecation. |
These procedures assume that you have a WeChat developer account with access to create WeChat web application credentials. To verify access, you’ll need the WeChat app on your mobile device.
Set up WeChat
To set up WeChat as a social identity provider, you’ll need to get the following information for your WeChat app. The name may be different in WeChat.
-
Client ID (WeChat uses
appid
as of this writing.) -
Client Secret (WeChat uses
secret
as of this writing.) -
Scope
-
Authorization Endpoint URL
-
Token Endpoint URL
-
User Info Endpoint URL
-
Redirect URI, normally something like
http://openidm.example.com/
WeChat unique requirements
Before testing WeChat, be prepared for the following special requirements:
-
WeChat works only if you deploy IDM on one of the following ports: 80 or 443.
For more information on how to configure IDM to use these ports, refer to Host and port information.
-
For registration and sign-in, WeChat requires the use of a mobile device with a QR code reader.
-
For sign-in, you’ll also need to install the WeChat app on your mobile device.
Configure a WeChat social identity provider
To configure a WeChat social identity provider using the admin UI:
-
From the navigation bar, click Configure > Social ID Providers.
-
On the Social Identity Providers page, enable WeChat.
-
In the WeChat Provider window, enter applicable values in the fields, and click Save. For a complete list of fields, refer to WeChat Social Identity Provider Configuration Details.
After you save the social identity provider configuration, IDM generates a conf/identityProvider-wechat.json
file:
{
"provider" : "wechat",
...
"clientId" : "<someUUID>",
"clientSecret" : {
"$crypto" : {
"type" : "x-simple-encryption",
"value" : {
"cipher" : "AES/CBC/PKCS5Padding",
"stableId" : "openidm-sym-default",
"salt" : "<hashValue>",
"data" : "<encryptedValue>",
"keySize" : 16,
"purpose" : "idm.config.encryption",
"iv" : "<encryptedValue>",
"mac" : "<hashValue>"
}
}
},
"authorizationEndpoint" : "https://open.weixin.qq.com/connect/qrconnect",
"tokenEndpoint" : "https://api.wechat.com/sns/oauth2/access_token",
"refreshTokenEndpoint" : "https://api.wechat.com/sns/oauth2/refresh_token",
"userInfoEndpoint" : "https://api.wechat.com/sns/userinfo",
"redirectUri" : "http://openidm.example.com:8080/",
"scope" : [
"snsapi_login"
],
...
The file includes schema
information, which includes properties for each social identity account, as collected by IDM, as well as the order in which it appears in the admin UI. When you’ve registered a user with a WeChat social identity, you can verify this by selecting Manage > WeChat, and then selecting a user.
Another part of the file includes a propertyMap
, which maps user information entries between the source
(social identity provider) and the target
(IDM).
If you need more information about the properties in this file, refer to the following appendix: WeChat Social Identity Provider Configuration Details.
Configure user registration to link to WeChat
Once you’ve configured the WeChat social identity provider, you can activate it through User Registration. To do so in the admin UI, select Configure > User Registration, and activate that feature. Under the Social tab that appears, enable Social Registration. For more information on IDM user self-service features, refer to Self-service end user UI.
When you enable Social Registration, you’re allowing users to register on IDM through all active social identity providers.
WeChat social identity provider configuration details
You can set up the WeChat social identity provider through the admin UI or in a conf/identityProvider-wechat.json
file. IDM generates the identityProvider-wechat.json
file when you configure and enable this social identity provider in the admin UI. Alternatively, you can create the file manually.
The following table includes the information shown in the admin UI WeChat Provider pop-up window, along with associated information in the identityProvider-wechat.json
file.
WeChat supports URLs on one of the following ports: 80 or 443. For more information on how to configure IDM to use these ports, refer to Host and port information. |
Property (UI) | Property (JSON file) | Description |
---|---|---|
Client ID |
|
The client identifier for your WeChat App |
Client Secret |
|
Used with the Client ID to access the applicable WeChat API |
Scope |
|
An array of strings that allows access to user data |
Authorization Endpoint |
|
Typically |
Token Endpoint |
|
Endpoint that receives a one-time authorization code, and returns an access token; typically |
Refresh Token Endpoint |
|
Endpoint that receives a one-time authorization code, and returns a refresh token; typically |
User Info Endpoint |
|
Endpoint that transmits scope-related fields; typically |
Not in the admin UI |
|
Name of the social identity provider |
Not in the admin UI |
|
Configuration class for the authentication module |
Not in the admin UI |
|
Whether to use basic authentication |
Not in the admin UI |
|
Mapping between WeChat and IDM |
For information on social identity provider buttons and badges, refer to Social identity provider button and badge properties.