1:微信公众号开发使用的是网页授权Auth2.0,授权通过后session保存openid,再次登录时检查session是不是存在,如果存在就不在走微信网页授权
2:为了使webapi更安全,也是通过授权Auth2.0 授权码模式(authorization code)与微信网页授权模式一样,拿到access_token,交给前端
下面是我的实现方式,重点看下第1,2两行
第一行:是验证webapi access_token是否有效
第二行:是验证微信公众号是网页授权登录
现在的问题是:
1:一个新用户第一次使用,这两个授权都要走一圈,在效果体验上都不好
2:这两个autho2.0能合并吗
3:有没有更好的处理方式
1 [ApiAuthorize(Policy = JwtBearerDefaults.AuthenticationScheme, AuthenticationSchemes = JwtBearerDefaults.AuthenticationScheme)] 2 [ApiCustomOAuth("AppId", "AuthCallBackUrl")] 3 public class CategoriesController : BaseApiController 4 { 5 private readonly ICategoryApiService _categoryApiService; 6 private readonly ICategoryService _categoryService; 7 private readonly IUrlRecordService _urlRecordService; 8 private readonly IFactory<Category> _factory; 9 private readonly IDTOHelper _dtoHelper; 10 11 public CategoriesController(ICategoryApiService categoryApiService, 12 IJsonFieldsSerializer jsonFieldsSerializer, 13 ICategoryService categoryService, 14 IUrlRecordService urlRecordService, 15 ICustomerActivityService customerActivityService, 16 ILocalizationService localizationService, 17 IPictureService pictureService, 18 IStoreMappingService storeMappingService, 19 IStoreService storeService, 20 IDiscountService discountService, 21 IAclService aclService, 22 ICustomerService customerService, 23 IFactory<Category> factory, 24 IDTOHelper dtoHelper) : base(jsonFieldsSerializer, aclService, customerService, storeMappingService, storeService, discountService, customerActivityService, localizationService,pictureService) 25 { 26 _categoryApiService = categoryApiService; 27 _categoryService = categoryService; 28 _urlRecordService = urlRecordService; 29 _factory = factory; 30 _dtoHelper = dtoHelper; 31 }