Setting Up WeChat as an IDM Social Identity Provider

As suggested in the introduction to this chapter, you'll need to take the following basic steps to configure WeChat as a social identity provider for IDM:

These requirements assume that you have a WeChat developer account where you can get access to create WeChat web application credentials. To verify access, you'll need the WeChat app on your mobile phone.

Setting Up WeChat

To set up WeChat as a social identity provider, you'll need to get the following information for your WeChat app. The name may be different in WeChat.

  • Client ID (WeChat uses appid as of this writing.)

  • Client Secret (WeChat uses secret as of this writing.)

  • Scope

  • Authorization Endpoint URL

  • Token Endpoint URL

  • User Info Endpoint URL

  • Redirect URI, normally something like http://openidm.example.com/

WeChat Unique Requirements

Before testing WeChat, be prepared for the following special requirements:

  • WeChat works only if you deploy IDM on one of the following ports: 80 or 443.

    For more information on how to configure IDM to use these ports, see Host and Port Information.

  • For registration and sign-in, WeChat requires the use of a mobile device with a Quick Response (QR) code reader.

  • For sign-in, you'll also need to install the WeChat app on your mobile device.

Configuring a WeChat Social Identity Provider

  1. To configure a WeChat social identity provider, log in to the Admin UI and navigate to Configure > Social ID Providers.

  2. Enable the WeChat social identity provider.

    In the WeChat Provider pop-up that appears, the values for Redirect URI should match the values that you've entered for Allowed Return URLs in "Setting Up WeChat".

  3. Include the values that WeChat created for Client ID and Client Secret, as described in "Setting Up WeChat".

  4. Under regular and Advanced Options, include the options shown in the following appendix: "WeChat Social Identity Provider Configuration Details".

When you enable a WeChat social identity provider in the Admin UI, IDM generates the identityProvider-wechat.json file in your project's conf/ subdirectory.

When you review that file, you should see information from what you configured in the Admin UI, and beyond. The first part of the file includes the name of the provider, endpoints, scopes, as well as the values for clientId and clientSecret. 

{
    "provider" : "wechat",
    ...
    "clientId" : "<someUUID>",
    "clientSecret" : {
       "$crypto" : {
           "type" : "x-simple-encryption",
              "value" : {
               "cipher" : "AES/CBC/PKCS5Padding",
               "stableId" : "openidm-sym-default",
               "salt" : "<hashValue>",
               "data" : "<encryptedValue>",
               "keySize" : 16,
               "purpose" : "idm.config.encryption",
               "iv" : "<encryptedValue>",
               "mac" : "<hashValue>"
           }
       }
    },
    "authorizationEndpoint" : "https://open.weixin.qq.com/connect/qrconnect",
    "tokenEndpoint" : "https://api.wechat.com/sns/oauth2/access_token",
    "refreshTokenEndpoint" : "https://api.wechat.com/sns/oauth2/refresh_token",
    "userInfoEndpoint" : "https://api.wechat.com/sns/userinfo",
    "redirectUri" : "http://openidm.example.com:8080/",
    "scope" : [
        "snsapi_login"
    ],
...

You should also see UI settings related to the social identity provider icon (badge) and the sign-in button, described in "Social Identity Provider Button and Badge Properties".

You'll see links related to the authenticationIdKey, redirectUri, and configClass; the location may vary.

The file includes schema information, which includes properties for each social identity account, as collected by IDM, as well as the order in which it appears in the Admin UI. When you've registered a user with a WeChat social identity, you can verify this by selecting Manage > WeChat, and then selecting a user.

Another part of the file includes a propertyMap, which maps user information entries between the source (social identity provider) and the target (IDM).

If you need more information about the properties in this file, refer to the following appendix: "WeChat Social Identity Provider Configuration Details".

Configuring User Registration to Link to WeChat

Once you've configured the WeChat social identity provider, you can activate it through User Registration. To do so in the Admin UI, select Configure > User Registration, and activate that feature. Under the Social tab that appears, enable Social Registration. For more information on IDM user self-service features, see "Self-Service End User UI".

When you enable Social Registration, you're allowing users to register on IDM through all active social identity providers.

Read a different version of :