阿里钉钉开发免登企业内部应用中踩到的那些儿坑丨 RAIN MAN

阿里钉钉开发免登企业内部应用中踩到的那些儿坑

先弄清楚钉钉企业内部应用开发接入需要用哪些参数

CorpId:ding90f4b067a0adfd23456c2f4657eb87wkd //获取地址 https://open-dev.dingtalk.com/#/index

创建微应用 https://open-dev.dingtalk.com/#/appList 获取以下3个参数

AgentId：258218550
AppKey：dingbbikazkr7q2kh8s2
AppSecret：G7L53vvywPA3wQh5WogD3brAwjoZaRs6v128dhGvhj-0hzNjWtugY6NFRRwkjhs_

老版和新版本这里有区别，容易入坑

老版CorpId对应新版AppKey

老版CorpSecret对应AppSecret

<?php
//钉钉参数设置封装
//$access_token[access_token]获取函数
function curl_http_request($href, $method = 0, $post_data = null, $cookie = null) {
if (isset($post_data) && is_string($post_data) && strlen($post_data) > 0) $post_fields = $post_data;
else if (isset($post_data) && is_array($post_data) && count($post_data) > 0) $post_fields = http_build_query($post_data, null, '&', PHP_QUERY_RFC3986);
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $href);
curl_setopt($ch, CURLOPT_TIMEOUT, 10);
curl_setopt($ch, CURLOPT_HEADER, true);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_POST, $method);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
curl_setopt($ch, CURLOPT_MAXREDIRS, 10);
if (isset($post_fields)) curl_setopt($ch, CURLOPT_POSTFIELDS, $post_fields);
if (isset($cookie)) curl_setopt($ch, CURLOPT_COOKIE, $cookie);
$result = curl_exec($ch);
$curl_info = curl_getinfo($ch);
$info = $curl_info['url'] . '|' . $curl_info['http_code'] . '|' . $curl_info['total_time'];
$header_size = $curl_info['header_size'];
$header = substr($result, 0, $header_size);
$body = substr($result, $header_size);
$success = true;
$uri = $_SERVER["REQUEST_URI"];
if ($curl_info['http_code'] == 0 || $curl_info['http_code'] >= 400) {
$success = false;
}
curl_close($ch);
if ($success) {
return $body;
}
return false;
}
//$access_token[access_token]获取函数

$randnum = md5(rand(10000000,99999999));
define("OAPI_HOST", "https://oapi.dingtalk.com");
define("CORPID", "$corpid");
define("APPKEY", "$appkey");
define("SECRET", "$appsecret");
define("AGENTID", "$agentid");//必填，在创建微应用的时候会分配
define("ENCODING_AES_KEY", "$randnum"); //加解密需要用到的token，普通企业可以随机填写,例如:123456
define("TOKEN", "DC9F1B98D6A0737735E81SKJDE726375"); //数据加密密钥。用于回调数据的加密，长度固定为43个字符，从a-z, A-Z, 0-9共62个字符中选取,您可以随机生成

$urltoken = "https://oapi.dingtalk.com/gettoken?appkey=$appkey&appsecret=$appsecret";

//echo curl_http_request($urltoken)."<br>";
$access_token = json_decode(curl_http_request($urltoken), true); //获取 access_token
$access_token = $access_token[access_token]; //获取 access_token

//CURL GET方式传参
function get_curl($url) {
$ch = curl_init($url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
$output=curl_exec($ch);
//print_r($output);
//echo "<br>";
$out_array = json_decode($output,true);
curl_close($ch);
return $out_array;
}
//CURL GET方式传参

//CURL JSON方式传参
function json_curl($url,$post_data) {
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_HTTPHEADER, array('Content-Type: application/json; charset=utf-8'));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_POST, 1);
//$post_data = '{"name": "钉钉事业部","parentid": "1","order": "","createDeptGroup": "true","deptHiding" : "true","deptPerimits" : "","userPerimits" : "","outerDept" : "true","outerPermitDepts" : "","outerPermitUsers" : ""}';
curl_setopt($ch, CURLOPT_POSTFIELDS, $post_data);
$output = curl_exec($ch);
print_r($output);
//echo "<br>";
$out_array = json_decode($output,true);
curl_close($ch);
//echo $output."<br><br>";
return $out_array;
}
//CURL JSON方式传参

//CURL JSON方式传参无输出
function json_curl_noecho($url,$post_data) {
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_HTTPHEADER, array('Content-Type: application/json; charset=utf-8'));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $post_data);
$output = curl_exec($ch);
$out_array = json_decode($output,true);
curl_close($ch);
return $out_array;
}
//CURL JSON方式传参无输出
?>

签名信息验证这里注意HTTP协议80端口和HPPTS协议443端口

<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width,minimum-scale=1.0,maximum-scale=1.0,user-scalable=no">
<title>获取钉钉用户信息</title>
<script src="https://g.alicdn.com/dingding/open-develop/1.9.0/dingtalk.js" charset="utf-8"></script>
<link rel="stylesheet" href="css/css-loader.css">
</head>
<body onLoad="dd.ready()">
<div class="loader loader-double is-active"></div>
<div align="center" style="width:100%; margin-top:30px; color:#66CC33; font-size:15px;">用户信息验证中,请稍后...</div>
<?php
function get_current_page_url() { //去除域名中的80和443端口号
$pageURL = 'http';

if (array_key_exists('HTTPS', $_SERVER) && $_SERVER["HTTPS"] == "on") {
$pageURL .= "s";
}
$pageURL .= "://";

if ($_SERVER["SERVER_PORT"] != "80"&&$_SERVER["SERVER_PORT"] != "443") {
$pageURL .= $_SERVER["SERVER_NAME"] . ":" . $_SERVER["SERVER_PORT"] . $_SERVER["REQUEST_URI"];
} else {
$pageURL .= $_SERVER["SERVER_NAME"] . $_SERVER["REQUEST_URI"];
}
return $pageURL;
}
$href = get_current_page_url();

require_once("ding_curl.php"); //封装文件

$corpid = CORPID;
$appsecret = SECRET;

$urlticket = "https://oapi.dingtalk.com/get_jsapi_ticket?access_token=".$access_token;

//echo curl_http_request($urlticket);
$ticket = json_decode(curl_http_request($urlticket), true); //获取 ticket
//print_r($ticket);
$ticket = $ticket[ticket]; //获取 ticket
//echo $ticket;
//if($ticket!=''){echo "JSAPI_TOKEN获取成功<br>";}else{{echo "JSAPI_TOKEN获取失败<br>";}}
$nonceStr = ENCODING_AES_KEY;
$timeStamp = time();
$agentId = AGENTID;

function sign($ticket, $nonceStr, $timeStamp, $href){
$plain = 'jsapi_ticket=' . $ticket .
'&noncestr=' . $nonceStr .
'&timestamp=' . $timeStamp .
'&url=' . $href;
return sha1($plain);
}

$url = urldecode($href);
$corpAccessToken = $access_token;
if (!$corpAccessToken)
{
Log::e("[getConfig] ERR: no corp access token");
}
$ticket = $ticket;
$signature = sign($ticket, $nonceStr, $timeStamp, $url);
?>
<center>
<?php //echo $href; //注意https协议，域名中会被加入:443端口?>
<form action="check.php" id="ddform" method="post">
<input type="hidden" value="" id="dcode" name="dcode">
<input type="hidden" value="<?php echo $_GET[jumpurl];?>" id="jumpurl" name="jumpurl">
<input type="hidden" value="<?php echo $_GET[parameter];?>" id="parameter" name="parameter">
<input type="hidden" value="<?php echo $access_token;?>" id="acctoken" name="acctoken">
</form>
</center>
<script>
dd.config({
agentId: '<?php echo $agentId;?>',
corpId: '<?php echo $corpid;?>',
timeStamp: '<?php echo $timeStamp;?>',
nonceStr: '<?php echo $nonceStr;?>',
signature: '<?php echo $signature;?>',
jsApiList: [
'runtime.info'
]
});
//alert(location.href); //输出地址
dd.ready(function() {
dd.runtime.permission.requestAuthCode({
corpId: "corpid",
onSuccess: function(result) {
document.getElementById("dcode").value=result.code;
document.getElementById("ddform").submit();
},
onFail : function(err) {
document.write('<center><div style=\"margin-top:20px; color:#FF0000;\">验证失败!</div></center>');
}

});
});
dd.error(function(err) {
alert('dd error: ' + JSON.stringify(err));
// 可以在报错的时候进行提示或其他操作
});
</script>
</body>
</html>

1、官方开发文档
https://open-doc.dingtalk.com/microapp/serverapi2

2、官方服务端API调试
https://debug.dingtalk.com

3、常见问题查询
https://open-doc.dingtalk.com/microapp/faquestions/cvbtph

转载请注明：RAIN MAN » 阿里钉钉开发免登企业内部应用中踩到的那些儿坑

喜欢 2

标签: 钉钉免登, 钉钉微应用