problem description

Front-end separation project, front-end vue.js. The backend golang
accesses Wechat to log in
after getting the user openid, if the record does not exist in the database, then you need to register or bind. How to ensure the authenticity of registered or bound users
because the backend interface is stateless, and another interface is used when registering, mainly to prevent openId fraud

what methods have you tried

consider that when the record does not exist, generate a temporary verification token and pass it to openid
or directly pass accesstoken (only basic user information can be obtained) to the front end, and submit the back end to Wechat server for verification, but Wechat does not recommend accesstoken exposure

specific scenarios

Wechat"s open platform access website
after scanning and logging in, the backend gets the openid and finds that it is a new user. If you need to register or bind at this time, how to verify the user"s identity.

expect results

I"d like to ask if you have a better way to implement it.