diff --git a/网页授权.md b/网页授权.md index 19d0b8d..e889172 100644 --- a/网页授权.md +++ b/网页授权.md @@ -10,6 +10,74 @@ - 有 SESSION -> **最终业务界面** - 没有 SESSION -> 用户**最终业务界面** -> **授权页** 完成授权存 SESSION -> 跳转到你的**最终业务界面** +流程图: + +``` + + + + user -> /foo/bar (business page) + + + + + +------------------------+ + | | No + | $_SESSION['openid']? |----------------------+ + | | | + +------------------------+ | + | | + | | + | +--------------WeChat|Middleware------------------------------+ + | | | | + | | +---------------redirect back with code--+----------------+ + | | | | | + | | v | | + | | +---------------------+ | +---------------------+ + | | | | | | | + | | | URL has code? |---No------------------------+---->| WeChat OAuth server | + | | | | redirect to WeChat | | | + | | +---------------------+ | +---------------------+ + | | | | + | | | | + | | Yes | + Yes | | | + | | v | + | | +-----------------------------+ | + | | | | | + | | | get access_token && openid | | + | | | | | + | | +-----------------------------+ +- -- -- -- -- -- -+ | + | | | | | + | | + -optional - - - > get user detail | | + | | | | | | + | | | + -- -- -- -- -- -- | + | | | | | + | | | v | + | | | +- -- -- -- -- -- -+ | + | | | | | + | | v store user to DB.| | + | | +-------------------------------+ | | | + | | | | + -- -- -- -- -- -- | + | | | $_SESSION['openid'] = $openid | | + | | | | | + | | +-------------------------------+ | + | | | | + | +--------------------+----------------------------------------+ + | | + +---------redirect to target page.-+ + | + | + | + v + +------------------------+ + | | + | display /foo/bar | + | | + +------------------------+ +``` + + ## 友情提示 授权逻辑不要写在业务页!!! 不然你分享出去的链接会带你自己的 `code` 出去,这样就会判断不了是否已经授权。