2. Obtaining the Alipay user ID
Before you begin
You must wait until the H5 page is loaded and then start to obtain the Alipay user ID. Otherwise, the H5 page loading process is to be very slow because the H5 page will be loaded after you get the result of obtaining the Alipay user ID.
Obtaining the Alipay user ID
The buyer’s Alipay ID (buyer_id) is required as one of the request parameters of the alipay.acquire.create interface. Therefore, to complete a payment transaction, firstly you must obtain the buyer’s Alipay user ID by completing the following steps:
- Construct the openauth link and then guide the user to visit this link.
- The authorization will occur silently and redirection page occurs automatically. In this case, users will be automatically redirected to the configured callback page, and the auth_code will be passed. With the auth code, the alipay.system.oauth.token API is called to obtain the Alipay user ID.
Constructing the openauth link
Description of URL parameters
|app_id||Y||Application ID of the app in the Developer Center.|
|scope||Y||Interface permission value, fixed as auth_base in this condition.|
|redirect_uri||Y||Escaped URL of the callback page (the URL must begin with http or https), for example: http%3A%2F%2Fexample.com Before the request, developers must configure the authorization callback URL in the corresponding application at Developer Center.|
|state||N||Self-defined parameter by the merchant. After a user has given permission, the state value will be returned as is to the merchant after redirection. To avoid CSRF attack, it’s suggested to pass the state parameter. This state parameter must be unpredictable while at the same can prove connections exist between the user and the login authentication status of the third-party website.|
About the redirect_uri:
The API verifies whether the redirect_uri configured in the authorization link is consistent with that in the corresponding application at the Developer Center.
If the link configured in the application by the developer is: https://auth.example.com/authCallBack , then the redirect_uri is https%3A%2F%2Fauth.example.com%2FauthCallBack. After configuration, URLs under this domain name （auth.example.com）, such as http://auth.example.com/authCallBack、https://auth.example.com/authRedirect、https://auth.example.com/ can support OAuth 2.0 –based authentication.
However, http://www.example.com/、http://example.com would not be supported for web-based authentication.
Obtaining the auth_code
When the user is redirected to the callback page， Alipay will add request parameters into the callback including auth_code, app_id, scope and so on. An example of the request is as below:
Obtaining the user ID by using auth_code
Interface name: alipay.system.oauth.token
For the information about request and response parameters and error codes, refer to the API doc
The developer can obtain the Alipay user ID by using auth_code. As the token to obtain the Alipay user ID, the auth_code returned is unique in each authorization. Each auth_code can be used only once and will automatically be expired in one day.
The unique ID that is assigned by Alipay to identify an application.
The charset with which the request data are encoded, such as GBK, UTF-8, and GB2312.
Sign type. RSA and RSA2 are supported. RSA2 is recommended to be used.
The time when the merchant server sends the request. The format is yyyy-MM-dd HH:mm:ss.
The signature value.
Refer to the sample request
The API version. The value is fixed as 1.0.
|grant_type||String||Fixed as authorization_code in this situation|
|code||String||The auth_code obtained by the developer in step 2|
Synchronous response sample
Synchronous response parameters
Gateway return code, which indicates whether the request is accepted by Alipay gateway.
Description of the gateway return code.
|Token used to obtain the user's information.|
|user_id||String||The unique Alipay user ID.|
|expires_in||Number||The validity time of the token. Unit: second.|
|re_expires_in||Number||Refresh the validity time of the token. Unit is second.|
|refresh_token||String||By this token you can refresh the access_token token.|
The signature value.
Refer to the sample response
In this condition we only focus on user_id