支付宝第三方应用授权回调处理

因为公司业务需求，需接入支付宝ISV业务，成为支付宝的服务商，商户对开发者进行应用授权后，开发者可以帮助商户完成相应的业务逻辑，例如代替商户发起当面付的收单请求。

此业务只适用于支付宝当面付功能。

对应用授权，可以采用URL拼接，PC访问授权，或者将url生成二维码，商户用手机端支付宝扫码，授权。

URL拼接规则：

　　https://openauth.alipay.com/oauth2/appToAppAuth.htm?app_id=应用ID&redirect_uri=回调地址

     除了app_id 和 redirect_uri必要参数外，还可以附加自身业务参数，在回调地址中处理，以绑定此授权码和授权商户的关系

 

回调处理demo：

　　

<?php
/**
 * 支付宝isv授权回调地址,通过code和refresh_token换取token
 * User: Administrator
 * Date: 2017/2/26
 * Time: 16:17
 */
date_default_timezone_set('PRC');
$config = array();

require_once 'protected/extensions/AliF2F/f2fpay/service/AlipayTradeService.php';
require_once 'protected/extensions/AliF2F/f2fpay/config/lkhealth_config.php';

isset($_REQUEST['app_auth_code']) && $code = addslashes($_REQUEST['app_auth_code']); //授权code

isset($_REQUEST['hq_id']) && $hq_id = (int)$_REQUEST['hq_id']; //在授权链接上带的店铺标识

$currentDate = date('Y-m-d H:i:s');

(!$code || !$hq_id) && exit('Access Denied!');

$aop = new AopClient ();
$aop->gatewayUrl         = $config['gatewayUrl'];
$aop->appId              = $config['app_id'];
$aop->rsaPrivateKey      = $config['merchant_private_key'];
$aop->alipayrsaPublicKey = $config['alipay_public_key'];
$aop->apiVersion         = '1.0';
$aop->signType           = $config['sign_type'];
$aop->postCharset        = $config['charset'];
$aop->format             = 'json';
$request = new AlipayOpenAuthTokenAppRequest ();

$params = array(
    'grant_type'    => 'authorization_code', //refresh_token
    'code'          => $code,
    'hq_id'         => $hq_id,
    'refresh_token' => ''
);

$request->setBizContent(json_encode($params));
$result = $aop->execute ( $request );

/**
{
    "alipay_open_auth_token_app_response":{
        "app_auth_token":"201509BBeff9351ad1874306903e96b91d248A36",
        "app_refresh_token":"201509BBdcba1e3347de4e75ba3fed2c9abebE36",
        "auth_app_id":"2013121100055554",
        "code":"10000",
        "expires_in":"123456",
        "msg":"Success",
        "re_expires_in":"123456",
        "user_id":"2088102150527498"
    },
    "sign":"ERITJKEIJKJHKKKKKKKHJEREEEEEEEEEEE"
}
 */

$responseNode = str_replace(".", "_", $request->getApiMethodName()) . "_response";
$resultObj = $result->$responseNode;
$resultCode = $resultObj->code;

if(!empty($resultCode) && $resultCode == 10000){
    //授权成功,保存店铺对应的app_auth_token
    echo "success";
} else {
    //授权失败
    echo $result->$responseNode->msg;
}