Express middleware to decrypt wechat userInfo data for weapp(微信小程序) login scenario.

Usage no npm install needed!

<script type="module">
  import expressWeappAuth from '';



Build Status

Express middleware to decrypt wechat userInfo data for weapp login scenario.


# via Github
npm install xixilive/express-weapp-auth --save

# via npm
npm install express-weapp-auth --save


// basic example
import {middleware} from 'express-weapp-auth'

const app = require('express')()

  middleware('appId', 'appSecret'),

  (req, res, next) => {
    const {openId, sessionKey, userInfo} = req.weappAuth
    //your logic here

// advance example

  middleware('appId', 'appSecret', (req) => {
    return req.body
  }, {dataKey: 'customDataKey'}),
  (req, res, next) => {
    const {openId, sessionKey, userInfo} = req.customDataKey
    //your logic here


// all arguments
middleware('appId', 'appSecret' [, paramsResolver, options])

// without optional arguments
middleware('appId', 'appSecret')

// without options argument
middleware('appId', 'appSecret' paramsResolver)

// without paramsResolver argument
middleware('appId', 'appSecret' options)


  • appId: required, weapp app ID

  • appSecret: required, weapp app secret

  • paramsResolver: optional, a function(req){} to resolve auth-params for request object

  • options: optional, {dataKey: 'the key assign to req object to store decrypted data'}


It will use a built-in default resolver to resolve params for request if there has no function passed to middleware function. and the default function resolves params in a certain priority:

  • req.body with the highest priority

  • req.query with middle priority

  • req.params with the lowest priority

And it expects the resolver function to return an object value with following structure:

  code: 'login code',
  rawData: 'rawData',
  signature: 'signature for rawData',
  encryptedData: 'encrypted userInfo',
  iv: 'cipher/decipher vector'

For more details about this, please visit 微信小程序 API