Skip to content

Latest commit



128 lines (94 loc) · 3.46 KB

File metadata and controls

128 lines (94 loc) · 3.46 KB


A Rust library that provides WeChat mini-program login and authentication functionalities in the form of middleware of popular web-frameworks, making it convenient to use.



use axum::{routing::get, Router};
use wx_login_middleware::preclude::*;

let app = Router::new()
    // `GET /auth` goes to `auth` which require login authendication
    .route("/auth", get(auth))
    // add the layer of wx_login_middleware for login and authentication
    // by default the login API is `GET|POST /login`
    // here we use default config of app-info from environment variables
    // (e.g. WX_APP_"TheAppID"="TheAppSecret")

let listener = tokio::net::TcpListener::bind("").await.unwrap();
axum::serve(listener, app).await.unwrap();

// use WxLoginInfo extractor to check authentication result
async fn auth(login_info: wx_login::WxLoginInfo) -> String {
   format!("Hello, {}!", login_info.openid)


use actix_web::{get, App, Responder, HttpServer, HttpResponse};
use wx_login_middleware::preclude::*;

async fn main() -> std::io::Result<()> {
   HttpServer::new(|| {
           // add the middleware for login and authentication
           // by default the login API is `GET|POST /login`
           // here we use config of app-info from environment variables
           // (e.g. WX_APP_"TheAppID"="TheAppSecret")
           // `GET /auth` require login authendication
   }).bind(("", 8080))?.run().await

// use WxLoginInfo extractor to check authentication result
async fn auth(login_info: wx_login::WxLoginInfo) -> impl Responder {
    HttpResponse::Ok().body(format!("Hello, {}!", login_info.openid))



Use GET or POST /login (which is the default path and can be customized with wx_login::Config).

Request (GET)

curl --url "https://<host>/login?appid=<your_app_id>&code=<code_from_wxlogin>"

Request (POST)

curl --request POST --url "https://<host>/login" --data '{"appid": "<your_app_id>", "code": "<code_from_wxlogin>"}'


Success (StatusCode 200):

  "openid": "<the_login_open_id>",
  "stoken": "<session_token_for_subsequent_request>",
  "skey": "<session_key_for_making_signature>",

Fail (StatusCode 400|401|500):

  "status": <status_code>,
  "code": "<short_error_code>",
  "message": "<error_message_for_user>",
  "detail": "<debug_message_for_developer>",


After login client can attach header WX-LOGIN-STOKEN and WX-LOGIN-SIG with subsequent request for authentication.

  • WX-LOGIN-STOKEN: the session-token from login response

  • WX-LOGIN-SIG: the signature of request uri (path+params), calculated as SG1:ts:nonce:sha1(uri:ts:nonce:skey)

curl --header "WX-LOGIN-STOKEN=<stoken>" --header "WX-LOGIN-SIG=<sig>" --url "https://<host>/someapi"

If the api server requires authentication (usually by using WxLoginInfo extractor) and the authentication failed, the error response (StatusCode 401|500) will be returned:

  "status": <status_code>,
  "code": "<short_error_code>",
  "message": "<error_message_for_user>",
  "detail": "<debug_message_for_developer>",


One can find frontend javascript sample code in repo frontend directory for reference.

License: MIT