User Authorization
User authorization describes the process of obtaining a user's consent to access user information. It is based on the industry standard OAuth2.0 authorization mechanism. On the ZaloPay Mini App Platform, developers need to get permission from users in the mini app before obtaining and using their information.
Terminology
| Name | Description |
|---|---|
| Scope of authorization(scope) | A scope represents the scope of permissions that developers need to request user authorization. One authorization can combine multiple scopes for combined authorization. For more information, refer to Scopes description. |
| Authorization code(auth_code) | Temporary user authorization credentials. After obtaining it, promptly exchange it for the access token mentioned below. |
| Access token(access_token) | Long-term authorization credentials, 1 hour expired time. It is used to call from merchant server to Authorization server to obtain user information. |
| Refresh token(refresh_token) | Used to refresh and obtain a new access token after the access token expires. The refresh token expires after 30 days. |
Authorization flow
Highlevel flow
Implementation flow
1. Obtain authorization code
The user consent popup will be shown to ask user's consent to access user infomation.
- Call User.getOauthV1Code function to obtain authorization code.
2. Obtain access token
Exchange authorization code for access token and refresh token.
- After obtaining authorization code call Access token API to get access token.
3. Refresh token
When access token is expired, use referesh token to get a new one.
4. Request user information
After getting access token, you will able to get user information that user allowed via Get user info API
Scopes description
| Name | Description |
|---|---|
| user.phone | Phone number |
| user.name | Display name |
| user.identity.info | Personal information includes: birthday, gender, full_name, permanent_address |
| user.identity.image | Identification information includes: id_number, id_type, issue_date ,issue_place, expiration_date, identity_image_font , identity_image_back |
| user.avatar | Avatar |
User information description
| Field name | Type | Description |
|---|---|---|
| user_phone | int64 | The user phone number |
| muid | string | The user id, mini app can use this id to identify user |
| user_name | string | The user display name |
| birthday | int64 | Date of birth |
| gender | int | Gener. 1: Male, 2: Female |
| full_name | string | The full name of user |
| permanent_address | string | The permanent address |
| id_number | string | The identity id |
| id_type | int | Type of identity card. 1: CMND, 2: passport, 3: CCCD, 4: CMSQ, 5: CCCD with embeded chip |
| issue_date | string | The issue date |
| issue_place | string | The issue place |
| identity_image_font | string | The front identity image.(base64 format) |
| identity_image_back | string | The back identity image(base 64 format) |