Skip to main content

Set up social login with Alipay (Web)

The official Logto connector for Alipay social sign-in in web apps.

tip:

In this guide, we assume you have basic knowledge of Logto Connectors. If you don't, check out the Configure connectors guide to get started.

Get started

Alipay Web connector is designed for desktop Web applications. It takes advantage of Alipay's OAuth 2.0 authentication workflow and enables Alipay users to sign in to other Apps using public Alipay user profiles without going through a troublesome register process.

Register Alipay developer account

Register an Alipay developer account if you don't have one.

Create and configure Alipay app

  1. Sign in to the Alipay console with the account you have just registered.
  2. Go to "Web & Mobile Apps" (网页&移动应用) tab in "My Application" (我的应用) panel.
  3. Click "Create an App" (立即创建) button to start configuring your application.
  4. Name your application in "Application Name" (应用名称) following the naming conventions and upload your "Application Icon" (应用图标), make sure you choose "web application" (网页应用) as "App type" (应用类型).
  5. After finishing creating the application, we come to the Overview page, where we should click "add ability" (添加能力) to add "Third-party application authorization" (第三方应用授权), "Get member information" (获取会员信息) and "App Alipay login" (App 支付宝登录) before enabling Alipay sign-in.
  6. Go to Alipay Customer Center, and sign in with the Alipay developer account. Click "Account Center" (账号中心) on the topbar and go to "APPID binding" (APPID 绑定), whose entrance can be found at the bottom of the sidebar. "Add binding" (添加绑定) by type in the APPID of the web application you just created in step 4.
  7. Click on "Sign" button of "App Alipay login", and finish signing process following the guide. After finishing this step, you are expected to find abilities you have just added in step 5 kicks in.
  8. Come back to Alipay open platform console page, and you can find "Interface signing method" (接口加签方式(密钥/证书)) in "development information" (开发信息) section. Click "set up" (设置) button, and you can find yourself on a page setting signing method. "Public Key" (公钥) is the preferred signing mode, and fill in contents from the public key file you have generated in the text input box.
  9. Set up "Authorization Redirect URI" (授权回调地址) by clicking "set up" (设置) button on the bottom of the Alipay console page. ${your_logto_origin}/callback/${connector_id} is the default redirect URI used in Logto core. The connector_id can be found on the top bar of the Logto Admin Console connector details page.
  10. After finishing all these steps, go back to the top right corner of Alipay console page, and click "Submit for review" (提交审核). Once the review is approved, you are good to go with a smooth Alipay sign-in flow.
note:

You can use openssl to generate key pairs on your local machine by executing following code snippet in terminal.

openssl genrsa -out private.pem 2048
openssl rsa -in private.pem -outform PEM -pubout -out public.pem

When filling in the public key on the Alipay app setup website, you need to remove the header and footer of public.pem, delete all newline characters, and paste the rest of the contents into the text input box for "public key".

Set up the Logto Alipay Web connector settings

  1. In the Alipay console workspace go to "My application" (我的应用) panel and click "Web & Mobile Apps" (网页&移动应用) tab, you can find APPID of all applications.
  2. In step 7 of the previous part, you have already generated a key pair including a private key and a public key.
  3. Fill out the Logto connector settings:
    • Fill out the appId field with APPID you've got from step 1.
    • Fill out the privateKey field with contents from the private key file mentioned in step 2. Please MAKE SURE to use '\n' to replace all newline characters and do not remove header and footer in private key file.
    • Fill out the signType field with 'RSA2' due to the Public key signing mode we chose in step 7 of "Create And Configure Alipay Apps".
    • Fill out the charset field with either 'gbk' or 'utf8'. You can leave this field blank as it is OPTIONAL. The default value is set to be 'utf8'.
    • Fill out the scope field with either 'auth_base' or 'auth_user'. You can leave this field blank as it is OPTIONAL. The default value is set to be 'auth_user'. You can check out the difference between different values.

Config types

NameTypeEnum values
appIdstringN/A
privateKeystringN/A
signTypeenum string'RSA' | 'RSA2'
charsetenum string (OPTIONAL)'gbk' | 'utf8' | undefined
scopeenum string (OPTIONAL)'auth_user' | 'auth_base'

Test Alipay web connector

That's it. Don't forget to Enable social connector in sign-in experience.

Once Alipay web connector is enabled, you can build and run your web app to see if it works.

References

Alipay Docs - Access Preparation - How to create an app

Alipay Docs - Web & Mobile Apps - Create an app