Social-Registration with WeChat
This article talks about the customizations and configuration necessary to enable social-registration with WeChat, and further a quick demo of the end-user experience. This is not part of the product yet, and I built it using a clone of the openidm trunk. From a WeChat API instance standpoint, you do need an appid and secret. The only scope needed for this demo is snsapi_login and unlike what the documentation might lead you to believe, snsapi_userinfo is not needed. Moreover, that particular scope needs a higher authorization level.
Add the WeChat configuration to identityProviders.json using the configuration example for Google in the same file.
Next, turn on the WeChat provider in the Social ID Providers menu:
Enable user registration, and any custom Terms and Conditions needed for social registration:
At this point you will have the basic plumbing in place to support users registering their accounts via WeChat. However, since WeChat will not provide a username in the format you prefer, I strongly recommend modifying the Social Registration Properties transform scripts to accommodate or pre-fill any attributes you want. For example, I remove all spaces from the full name returned by WeChat to create a username:
One could also write a transform script to verify the email address for example.
End User Experience
The following is the flow for social-registration with WeChat.
The user clicks on the register link after navigating to http://domain-registered-with-wechat/#login:
The user is then presented with the previously configured (by the admin) Terms & Conditions screen:
After accepting the T&Cs, the user is taken to the Registration page:
Upon clicking the “Register with WeChat” link, the QR Code is presented by WeChat as follows:
I am able to scan it and login from the iPhone WeChat app, and the screen confirms correct login:
After this screen, I accept the login attempt from the iPhone and I am taken immediately to the following page that shows the user data made available by WeChat:
WeChat did not provide me the email address based on my profile settings, so I proceeded to enter it myself and hit Save. Next, I am asked for a KBA response as configured:
Following which, the confirmation appears stating I registered successfully:
This completes the social-registration portion. The next step is to be able to login from WeChat into OpenAM and achieve seamless sign on to OpenIDM as well. I’ll save that for next time!