Isn't it said on the open platform that the sent parameters should be sorted, encrypted and compared? You didn't do it!
You see:
Website visit
After the public platform user submits the information, the WeChat server will send a GET request to the filled URL with four parameters:
-
Parameter description
Signature wechat encrypted signature
Time stamp time stamp
Random number random number
Echostr random string
-
The developer verifies the request by verifying the signature (there are verification methods below). If it is confirmed that the GET request comes from WeChat server, please return the echostr parameter content as it is, and the access will take effect, otherwise the access will fail.
Signature combines token parameters filled by developers with timestamp parameters and nonce parameters in the request.
-
Encryption/authentication process:
1. Sort the token, timestamp and nonce in dictionary order.
2. Splicing three parameter strings into one string for sha 1 encryption.
3. The encrypted string obtained by the developer can be compared with the signature, indicating that the request is from WeChat.