Obtaining a WeChat User's Nickname in an H5 Page via OAuth Authorization

When an H5 page is opened inside the WeChat client, a permission prompt appears that allows the page to access the user's public profile such as avatar and nickname after the user clicks "Allow".

Prerequisites : The feature is classified as a "premium" function, requiring a verified public account (approximately ¥300) and proper configuration of the security whitelist, JS interface domain, and callback domain.

Authorization request : By navigating to a specific URL, WeChat automatically shows the permission dialog. The URL format is:

https://open.weixin.qq.com/connect/oauth2/authorize?appid=YOUR_APPID&redirect_uri=YOUR_CALLBACK_URL&response_type=code&scope=snsapi_userinfo&state=YOUR_STATE#wechat_redirect

The required parameters are appid (public account ID), redirect_uri (URL‑encoded callback address), and optionally state for custom data.

After the user authorizes, WeChat redirects to the callback URL with code and state parameters, e.g.:

https://pk.migu.cn/pk/wechat/getUserInfoCallback?code=XXXXXX&state=/abc

The code is used to obtain an access_token via:

curl https://api.weixin.qq.com/sns/oauth2/access_token?appid=YOUR_APPID&secret=YOUR_SECRET&code=XXXXXX&grant_type=authorization_code

The response contains access_token , expires_in , refresh_token , openid , and scope .

With the access_token and openid , the user's basic information can be fetched:

https://api.weixin.qq.com/sns/userinfo?access_token=ACCESS_TOKEN&openid=OPENID&lang=zh_CN

The returned JSON includes fields such as nickname , headimgurl , city , province , etc.

After obtaining the nickname, the backend can read the state parameter from the callback URL and redirect the user to the original H5 page, for example:

https://pk.migu.cn/test/pk/page/teachersday/index.html?nickName=石头

Important notes :

The public account must be certified; otherwise user info cannot be retrieved.

The server IP must be whitelisted in the WeChat security center.

JS interface domain and callback domain must be correctly set.

Access tokens are valid for about two hours; a refresh_token (valid for 30 days) can be used to obtain a new token:

curl https://api.weixin.qq.com/sns/oauth2/refresh_token?appid=YOUR_APPID&grant_type=refresh_token&refresh_token=REFRESH_TOKEN

Token validity can be verified with:

curl https://api.weixin.qq.com/sns/auth?access_token=ACCESS_TOKEN&openid=OPENID

If the token is valid, the API returns {"errcode":0,"errmsg":"ok"} ; otherwise an error code is returned.

In summary, by configuring a certified WeChat public account, constructing the proper OAuth URL, handling the code‑to‑token exchange, and fetching user info, developers can seamlessly obtain a user's nickname and other profile data within an H5 page.