Create IdP for Wechat Miniapp
Unlike the IdP used for single page web application, for Wechat miniapp, it will associate the Identity application(directory) with a client called "Wechat mini-app federated client", after the federated client is associated, it means the IdP will trust its authentication done then an "authentication federation" can be achieved.
TIP
"authentication federation" means after the miniapp user is authenticated by Wechat authentication/authorization server, customer SiX IDaaS & IAM tenancy will trust the authentication directly other than duplicately authenticate the same miniapp user via its authentication/authorization server.
A shadow user will be created in Identity application(directory) for the same miniapp user(based on his/her smartphone).
This bring in a concept called "unified digital identity", assuming the same IdP will be used in other applications e.g. SPA, Native apps, the same user will share the same ID Token in different apps.
Interaction flows
Below is the typical flow that one or more Wechat miniapp leveraging SiX IDaaS & IAM to achieve authentication federation.
Steps to create IdP for Wechat miniapp
1. Create an Identity application
Login the SiX IDaaS & IAM console.
Navigating to menu: "Authentication->Create Identity Application(IdP)" to create the Identity application for the Wechat miniapp.
2. Create one Wechat miniapp "Third Party Authz Client" and associate it with Identity application
Login the SiX IDaaS & IAM console.
Navigating to menu: "Authorization->Create Third Party Authz Client" to create the Wechat miniapp "Third Party Authz Client" and bind this client to the "Identity Application"
3. Federate with Wechat miniapp authentication
After the miniapp user authenticated with Wechat authentication/authorization server, it will generate a "Authorization Code" only recognized by Wechat.
Your miniapp logic can use this "Authorization Code" to exchange an ID token and access token generated by customer SiX IDaaS & IAM tenancy(IdP) authentication/authorization server in case this miniapp user was registered previously in IdP.
TIP
Use the API "/federation/wechat/miniapp/profile" endpoint in API doc to exchange the tokens.
In case the miniapp user wasn't regiestered, your miniapp logic can initiate the user "registration/bind" operation.
TIP
Use the API "/federation/wechat/miniapp/bindUser" endpoint in API doc to register/bind miniapp user.
Samples
Wechat miniapp IdP sample code repo
TIP
If you can't access the repo, please contact us via the contact info on Contact Us