Claude Code Plugins

Community-maintained marketplace

Feedback

auth-wechat-miniprogram

@TencentCloudBase/awesome-cloudbase-examples
308
0

Complete guide for WeChat Mini Program authentication with CloudBase - native login, user identity, and cloud function integration.

Install Skill

1Download skill
2Enable skills in Claude

Open claude.ai/settings/capabilities and find the "Skills" section

3Upload to Claude

Click "Upload skill" and select the downloaded ZIP file

Note: Please verify skill by going through its instructions before using it.

SKILL.md

name auth-wechat-miniprogram
description Complete guide for WeChat Mini Program authentication with CloudBase - native login, user identity, and cloud function integration.
alwaysApply false

When to use this skill

Use this skill for WeChat Mini Program (小程序) authentication in a CloudBase project.

Use it when you need to:

  • Implement WeChat Mini Program login with CloudBase
  • Access user identity (openid, unionid) in cloud functions
  • Understand how WeChat authentication integrates with CloudBase
  • Build Mini Program features that require user identification

Key advantage: WeChat Mini Program authentication with CloudBase is seamless and automatic - no complex OAuth flows needed. When a Mini Program calls a cloud function, the user's openid is automatically injected and verified by WeChat.

Do NOT use for:

  • Web-based WeChat login (use the CloudBase Web Auth skill at skills/auth-web-skill)
  • Server-side auth with Node SDK (use the CloudBase Node Auth skill at skills/auth-nodejs-skill)
  • Non-WeChat authentication methods (use appropriate auth skills)

How to use this skill (for a coding agent)

  1. Confirm CloudBase environment

    • Ask the user for:
      • env – CloudBase environment ID
      • Confirm the Mini Program is linked to the CloudBase environment

  2. Understand the authentication flow

    • WeChat Mini Program authentication is native and automatic
    • No explicit login API calls needed in most cases
    • User identity is automatically available in cloud functions
    • CloudBase handles all authentication verification

  3. Pick a scenario from this file

    • For basic user identity in cloud functions, use Scenario 2
    • For Mini Program initialization, use Scenario 1
    • For calling a cloud function from the Mini Program and receiving user identity, use Scenario 3
    • For testing authentication, use Scenario 4

  4. Follow CloudBase API shapes exactly

    • Use wx-server-sdk in cloud functions
    • Use wx.cloud in Mini Program client code
    • Treat method names and parameter shapes in this file as canonical

  5. If you're unsure about an API

    • Consult the official CloudBase Mini Program documentation
    • Only use methods that appear in official documentation

Core concepts

How WeChat Mini Program authentication works with CloudBase

  1. Automatic authentication:

    • When a Mini Program user calls a cloud function, WeChat automatically injects the user's identity
    • No need for complex OAuth flows or token management
    • CloudBase verifies the authenticity of the identity

  2. User identifiers:

    • OPENID – Unique identifier for the user in this specific Mini Program
    • APPID – The Mini Program's App ID
    • UNIONID – (Optional) Unique identifier across all apps under the same WeChat Open Platform account
      • Only available when the Mini Program is bound to a WeChat Open Platform account
      • Useful for identifying the same user across multiple Mini Programs or Official Accounts

  3. Security:

    • The openid, appid, and unionid are verified and trustworthy
    • WeChat has already completed authentication
    • Developers can directly use these identifiers without additional verification

  4. No explicit login required:

    • Users are automatically authenticated when they use the Mini Program
    • No need to call login APIs in most cases
    • Identity is available immediately in cloud functions

Scenarios – WeChat Mini Program auth patterns

Scenario 1: Initialize CloudBase in Mini Program

Use this in your Mini Program's app.js or entry point:

// app.js
App({
  onLaunch: function () {
    // Initialize CloudBase
    wx.cloud.init({
      env: 'your-env-id',  // Your CloudBase environment ID
      traceUser: true      // Optional: track user access in console
    })
  }
})

Key points:

  • Call wx.cloud.init() once when the Mini Program launches
  • Set env to your CloudBase environment ID
  • traceUser: true enables user access tracking in CloudBase console (optional but recommended)

Scenario 2: Get user identity in a cloud function

Use this when you need to know who is calling your cloud function:

// Cloud function: cloudfunctions/getUserInfo/index.js
const cloud = require('wx-server-sdk')

// Initialize cloud with dynamic environment
cloud.init({
  env: cloud.DYNAMIC_CURRENT_ENV
})

exports.main = async (event, context) => {
  // Get user identity - this is automatically injected by WeChat
  const { OPENID, APPID, UNIONID } = cloud.getWXContext()

  console.log('User identity:', { OPENID, APPID, UNIONID })

  // Use OPENID for user-specific operations
  // For example: query user data, check permissions, etc.

  return {
    openid: OPENID,
    appid: APPID,
    unionid: UNIONID  // May be undefined if not available
  }
}

Key points:

  • Use cloud.getWXContext() to get user identity
  • OPENID is always available and uniquely identifies the user
  • APPID identifies the Mini Program
  • UNIONID is only available when:
    • The Mini Program is bound to a WeChat Open Platform account
    • The user has authorized the Mini Program
  • These values are verified and trustworthy - no need to validate them
  • Use cloud.DYNAMIC_CURRENT_ENV to automatically use the current environment

Best practices:

  • Store OPENID in your database to associate data with users
  • Use OPENID for authorization and access control
  • Use UNIONID when you need to identify users across multiple Mini Programs or Official Accounts
  • Never expose OPENID to other users (it's a private identifier)

Scenario 3: Call cloud function from Mini Program

Use this in your Mini Program to call a cloud function and get user identity:

// In Mini Program page
Page({
  onLoad: function() {
    this.getUserInfo()
  },

  getUserInfo: function() {
    wx.cloud.callFunction({
      name: 'getUserInfo',  // Cloud function name
      data: {},             // Optional parameters
      success: res => {
        console.log('User info from cloud function:', res.result)
        // res.result contains { openid, appid, unionid }

        // Use the user info
        this.setData({
          openid: res.result.openid
        })
      },
      fail: err => {
        console.error('Failed to get user info:', err)
      }
    })
  }
})

Key points:

  • Use wx.cloud.callFunction() to call cloud functions
  • User identity is automatically passed to the cloud function
  • No need to manually send user credentials
  • Handle both success and error cases

Scenario 4: Test authentication - Simple test function

Cloud function (cloudfunctions/test/index.js):

const cloud = require('wx-server-sdk')

cloud.init({
  env: cloud.DYNAMIC_CURRENT_ENV
})

exports.main = async (event, context) => {
  // Get verified user identity - automatically injected by WeChat
  const { OPENID, APPID, UNIONID } = cloud.getWXContext()

  console.log('User identity:', { OPENID, APPID, UNIONID })

  return {
    success: true,
    message: 'Authentication successful',
    identity: {
      openid: OPENID,
      appid: APPID,
      unionid: UNIONID || 'Not available'
    },
    timestamp: new Date().toISOString()
  }
}

Mini Program code:

// pages/index/index.js
Page({
  data: {
    userIdentity: null
  },

  onLoad: function() {
    this.testAuth()
  },

  testAuth: function() {
    console.log('Testing authentication...')

    wx.cloud.callFunction({
      name: 'test',
      success: res => {
        console.log('Authentication test result:', res.result)

        this.setData({
          userIdentity: res.result.identity
        })

        wx.showToast({
          title: 'Auth successful',
          icon: 'success'
        })
      },
      fail: err => {
        console.error('Authentication test failed:', err)
        wx.showToast({
          title: 'Auth failed',
          icon: 'error'
        })
      }
    })
  }
})

Key points:

  • No explicit login API call needed
  • User identity is automatically available in cloud function
  • OPENID is always present and verified
  • UNIONID may be undefined if not available
  • Use this pattern to verify authentication is working correctly

Best practices

1. Always use cloud.DYNAMIC_CURRENT_ENV

cloud.init({
  env: cloud.DYNAMIC_CURRENT_ENV
})

This ensures the cloud function uses the correct environment automatically.

2. Store OPENID for user identification

  • Use OPENID as the primary user identifier
  • Store it in your database to associate data with users
  • Never expose OPENID to other users

3. Handle UNIONID availability

const { OPENID, UNIONID } = cloud.getWXContext()

if (UNIONID) {
  // User has UNIONID - can be used for cross-app identification
  console.log('UNIONID available:', UNIONID)
} else {
  // UNIONID not available - use OPENID only
  console.log('Using OPENID only:', OPENID)
}

4. Use OPENID for user-specific operations

  • Use OPENID to identify and authorize users
  • Store OPENID when you need to associate data with users
  • Use OPENID in queries to ensure users only access their own data

5. Error handling

Always handle errors when calling cloud functions:

wx.cloud.callFunction({
  name: 'myFunction',
  success: res => {
    // Handle success
  },
  fail: err => {
    console.error('Cloud function error:', err)
    // Show user-friendly error message
    wx.showToast({
      title: 'Operation failed',
      icon: 'error'
    })
  }
})

6. Initialize CloudBase early

Initialize CloudBase in app.js onLaunch:

App({
  onLaunch: function () {
    wx.cloud.init({
      env: 'your-env-id',
      traceUser: true
    })
  }
})

Common patterns

Pattern 1: Get and return user identity

const cloud = require('wx-server-sdk')
cloud.init({ env: cloud.DYNAMIC_CURRENT_ENV })

exports.main = async (event, context) => {
  const { OPENID, APPID, UNIONID } = cloud.getWXContext()

  return {
    openid: OPENID,
    appid: APPID,
    unionid: UNIONID || null
  }
}

Pattern 2: Use OPENID for authorization

const cloud = require('wx-server-sdk')
cloud.init({ env: cloud.DYNAMIC_CURRENT_ENV })

exports.main = async (event, context) => {
  const { OPENID } = cloud.getWXContext()

  // Check if user is authorized
  if (OPENID === event.resourceOwnerId) {
    // User is authorized to access this resource
    return { authorized: true }
  } else {
    return { authorized: false, error: 'Unauthorized' }
  }
}

Pattern 3: Handle UNIONID availability

const cloud = require('wx-server-sdk')
cloud.init({ env: cloud.DYNAMIC_CURRENT_ENV })

exports.main = async (event, context) => {
  const { OPENID, UNIONID } = cloud.getWXContext()

  if (UNIONID) {
    // Can use UNIONID for cross-app user identification
    console.log('User has UNIONID:', UNIONID)
  } else {
    // Fall back to OPENID only
    console.log('Using OPENID only:', OPENID)
  }

  return { openid: OPENID, hasUnionId: !!UNIONID }
}

Summary

WeChat Mini Program authentication with CloudBase is simple and secure:

  1. No explicit login needed - authentication is automatic
  2. User identity is verified - OPENID, APPID, and UNIONID are trustworthy
  3. Easy to use - just call cloud.getWXContext() in cloud functions
  4. Secure by default - WeChat handles all authentication verification

Key takeaways:

  • Initialize CloudBase with wx.cloud.init() in Mini Program
  • Use cloud.getWXContext() to get user identity in cloud functions
  • Use OPENID for user identification and authorization
  • Handle UNIONID availability appropriately
  • No explicit login API calls needed - authentication is automatic

For more complex authentication scenarios or integration with other systems, consider using CloudBase custom login in combination with WeChat authentication.