WeChat Login
April 26, 2016
Recently I was tasked with the job of adding login support through WeChat (also known as Weixin). WeChat is a popular social media, mobile phone application based in China. I naively assumed this would be a simple task. Most social media platforms have very well documented SDKs used to query the user for access to their account.
WeChat was unfortunately not so. Very little English documentation is available and any community websites are mostly in Chinese. The SDK API documentation is minimal and doesn't provide much more detail than what could be assumed from reading function signatures. WeChat is based on a messaging system which allows you to send messages to the application. However, if any of the multiple configurations is incorrect, WeChat will never respond leaving you with no indication of what you did wrong.
When looking at the WeChat developer portal, there's two configuration values you need to provide for your android application, a "signature" and package name. Because everything is in Chinese, I had to rely on Google translate. After translation, it wasn't very clear what "signature" to use. After digging through a Chinese forum, I saw reference to MD5. Therefore I filled this field with the MD5 hash of the signature used to sign my application. Package name was easier to guess but there turned out to be some caveats.
Probably the greatest stumbling block in integration with WeChat is its required package structure. The package name I provided in the development portal turned out to be critical to the functionality of WeChat. It turns out your application cannot have an application ID that differs from your package (something that could be an issue). This is because WeChat expects an activity named WXEntryActivity to be placed in a certain location within your app. If your package name is com.demo.wechat, you must place an activity named WXEntryActivity under the package com.demo.wechat.wxapi. You cannot deviate at all from this or WeChat will never respond to your authentication request!
This forced constraint on naming and location was very surprising. None of this could be found on their official site and I only learned of this through lots of testing and digging through Chinese GitHub repositories. After solving the combination of portal and project configuration, the code to request access to a user's WeChat account was simple. After successful authentication, WeChat returns an authorization code which you must hit their rest endpoint with to convert it to an access token.
Don't forget that this all should be done on a real device. WeChat has to be registered and sends a code to a real phone number to do so.
Thoughts, questions, or comments? Feel free to reach out at aaronbruckner@gmail.com.