Sitecore WeChat authentication – and what no one tells you

By Danny Paul van Iersel, 14-1-2024

WeChat before Sitecore connections

WeChat (also called Weixin) is a Chinese messaging system and has grown throughout the years to become the app for everything. From texting, video conversations, sharing files and payments.

With customers located or doing business with China this is an important application to use to integrate with.

What we need to accomplish this?

Like any OAuth system we need to get a Application ID or Client ID and a secret key. This is needed for the communication between your application and the WeChat login system.

WeChat account and registration

In order to continue with WeChat integration we first must have a verified account on the Weixin Open Platform. This can be obtained at the website https://open.weixin.qq.com/

Once we have signed up and created our account we need to get it verified. To get a verified account there is a fee that needs to be paid. For people within China this fee is currently 300 CNY (+/- 39 Euro), for people outside China it is 99 USD (+/- 92 Euro).

When all the forms have been filled in and the payment has been made it will take some time to get verified.

When you are verified you can start registering you application. Depending on your type of application you need to head to that section. We continue with Website Application.

Create a new Website Application and fill in the form. Keep in mind the Website Application name is what the users see from the login screen. There are checks on this if you use trademark names and you need to provide additional information in order to use that.

From the form you can download the “Website Information Registration Form” this form is important and has to match all the information you are using on the registration form. The form requires a company seal (stamp) and a signature for Authorization.

Once you have all that fill in the rest of the form and you have to wait until your application is verified.

If your application is not verified you will receive some information (in Chinese) what is wrong.

When we have an approved application we can go to the details.

Here we can find the AppID and an option to generate the AppSecret.

The AppSecret is only shown when you create is after that it is no longer visible. If you have forgotten it you have to option to Reset it.

Sitecore connection with WeChat

Lets have a look at the config file we are using and see what we need to implement the authentication.

Parts we use to connect it all:

• IdentityProvidersProcessor - WeChatIdentityProvider
• Sitecore.Owin.Authentication.Services.DefaultExternalUserBuilder - CustomExternalUserBuilder
• AuthenticationMiddleware - WeChat security Middleware

With the ProviderProcessor we can define the Provider and make customizations for the onAuthenticated and onReturnEndpoint Tasks. For in the onAuthenticated task we can set the ApplyClaimsTransformations.

For the onReturnEndpoint we can configure additional redirects after a user has successfully loggedin.

On the External user builder we configure what should be the Sitecore unique identifier from the logged in Identity Provider with CreateUniqueUserName.

The AuthenticationMiddleware is used to connect with the Authentication system. You can create your own Middleware or if they are available use nuget packages. For WeChat there is the package “Microsoft.Owin.Security.Tencent.Wechat”.

To create your own the following parts should be taken into consideration:

• Create the MiddleWare that can be called from your code
• Options, that you can give as parameters to the login for example:
  • Caption
  • ReturnEndpointPath
  • AuthenticationMode
  • Scope
  • BackchannelTimeout
• Most important the AuthenticationHandler to get it all working
  • Calls the endpoints of the login provider
  • Requesting Token to do any further calls
  • Call User information with the received Token

Concluding the roundtrip back to Sitecore

With all this you have successfully setup your solution to use WeChat. We only need a page to set the login button and we are good to go. We can collect all configured Providers with GetSignInUrlInfoArgs.

The most difficult part with integrating WeChat would be for not Chinese readers. Many parts of the website remain Chinese even if you change to English from the menu. Luckily with many translation options it is manageable to get through it.

When starting this journey keep in mind it might be more time consuming then you might think. Some times it takes a while before finalizing and approving all the required parts needed for WeChat.

If you are stuck with your integration, get in touch with us. We might be able to help you continue your way into Authenticating your users for the best Experience.