Alipay applet authorization / obtaining user information

Alipay applet authorization / Get user information

Catalog ：

Get Alipay applet authorization token

​ Prerequisite preparation ：

• Alipay applet sdk And so on .
• Create Alipay applet , And configure it according to the relevant process . Be careful ： Only enterprise Alipay account can obtain user information permission

1、 rely on

<!--  Alipay core sdk -->
        <dependency>
            <groupId>com.alipay.sdk</groupId>
            <artifactId>alipay-sdk-java</artifactId>
            <version>4.22.113.ALL</version>
        </dependency>

        <!--  Add / remove key sdk -->
        <dependency>
            <groupId>org.bouncycastle</groupId>
            <artifactId>bcprov-jdk15on</artifactId>
            <version>1.62</version>
        </dependency>

2、 Related process configuration

https://open.alipay.com/develop/manage

Wechat applet can log in after authorization through wechat , The platform can get the relevant information of wechat users . Similarly, Alipay applet can also .

technological process ：

• Call the interface first / Method Get authorization token
• Re pass Interface / Method Get user information

1、 Get Alipay applet authorization token

This is equivalent to calling alipay.system.oauth.token Interface

	//  Server access access_token、user_id
    private AlipaySystemOauthTokenResponse getAccessToken(String authCode) throws Exception {
    

        String code = JSON.parseObject(authCode).getString("authCode");

        // 1.  fill appid
        String APPID = "2021002147669716";
        // 2.  Fill in the application private key 
        String PRIVATE_KEY = " Application of the private key ";
        // 3.  Fill in the public key of Alipay 
        String ALIPAY_PUBLIC_KEY = " Alipay public key ";
        
        AlipayClient alipayClient = new DefaultAlipayClient("https://openapi.alipay.com/gateway.do",
                APPID,
                PRIVATE_KEY,
                "json",
                "GBK",
                ALIPAY_PUBLIC_KEY,
                "RSA2");
        AlipaySystemOauthTokenRequest request = new AlipaySystemOauthTokenRequest();
        
        // Authorization way ：authorization_code, It means to use the user authorization code in exchange code Exchange authorization token access_token.
        request.setGrantType("authorization_code");
        // 4.  Fill in the authorization code passed in by the front end authCode
        // Authorization code , After the user authorizes the application, he gets . This parameter is in  grant_type  by  authorization_code  Required when 
        request.setCode(code);
        AlipaySystemOauthTokenResponse response = alipayClient.execute(request);

        if(response.isSuccess()){
    
            System.out.println(" Successful call ");
        } else {
    
            System.out.println(" Call failed ");
        }
        return response;
    }

2、 Obtain basic information of authorized users

Let's call the interface alipay.user.info.auth

	//  Get Alipay user information 
    private AlipayUserInfoShareResponse getAliUserInfo (String accessToken) throws Exception {
    

		// 1.  fill appid
        String APPID = "2021002147669716";
        // 2.  Fill in the application private key 
        String PRIVATE_KEY = " Application of the private key ";
        // 3.  Fill in the public key of Alipay 
        String ALIPAY_PUBLIC_KEY = " Alipay public key ";

        AlipayClient alipayClient = new DefaultAlipayClient("https://openapi.alipay.com/gateway.do",
                APPID ,
                PRIVATE_KEY,
                "json",
                "GBK",
                ALIPAY_PUBLIC_KEY,
                "RSA2");
        AlipayUserInfoShareRequest request = new AlipayUserInfoShareRequest();

        AlipayUserInfoShareResponse response = alipayClient.execute(request, accessToken);
        if(response.isSuccess()){
    
            System.out.println(" Get member information  -  Successful call ");
            return response;
        }
        return null;
    }

Problems encountered ：

【 Alipay applet 】-【 Get Alipay user details 】-【 Respond to code：20001】-【 error message ： Invalid access token 】

solve ：

Parse Alipay applet interface to respond to encrypted data

Analyze the interface response encrypted data flow ：

1. Get the parameters required for signature verification and decryption
2. attestation
3. Decrypt

1、 Parsing interface response encrypted data

	/** *  Decrypt data  * @return */
    @ApiOperation(value = " Decrypt data ")
    @PostMapping("/findPhone")
    public String findPhone(@RequestBody String jsonStr) throws Exception {
    

        // Encrypted data submitted by the front end of the applet 
        String response = JSON.parseObject(jsonStr).getString("response");

        //1.  Get the parameters required for signature verification and decryption 
        Map<String, String> openapiResult = JSON.parseObject(response,
                new TypeReference<Map<String, String>>() {
    
                }, Feature.OrderedField);
        String signType = "RSA2";
        String charset = "UTF-8";
        String encryptType = "AES";
        String sign = openapiResult.get("sign");
        String content = openapiResult.get("response");

        // If the ciphertext 
        boolean isDataEncrypted = !content.startsWith("{");
        boolean signCheckPass = false;

        //2.  attestation 
        String signContent = content;
        // The public key of Alipay corresponding to your applet （ For expansion, it is suggested to use appId+signType Do key storage isolation ）
        String signVeriKey = "";
        // The encryption and decryption key corresponding to your applet （ For expansion, it is suggested to use appId+encryptType Do key storage isolation ）
        String decryptKey = "";

        // If it is an encrypted message, you need to add double quotation marks before and after the ciphertext 
        if (isDataEncrypted) {
    
            signContent = "\"" + signContent + "\"";
        }
        try {
    
            signCheckPass = AlipaySignature.rsaCheck(signContent, sign, signVeriKey, charset, signType);
        } catch (AlipayApiException e) {
    
            // Abnormal attestation ,  journal 
        }
        if(!signCheckPass) {
    
            // Signature verification failed （ Exception or message is tampered ）, Terminate the process （ There is no need to decrypt ）
            throw new Exception(" Attestation of failure ");
        }

        //3.  Decrypt 
        String plainData = null;
        if (isDataEncrypted) {
    
            try {
    
                plainData = AlipayEncrypt.decryptContent(content, encryptType, decryptKey, charset);
            } catch (AlipayApiException e) {
    
                // Decryption abnormal ,  Log 
                throw new Exception(" Decryption abnormal ");
            }
        } else {
    
            plainData = content;
        }
        return plainData;
    }