--- sidebar_position: 5 title: OAuth --- The `Tailchat` open platform supports the `OAuth` login protocol, and you can easily integrate the `Tailchat` account system into your system. Just like our common `Github Login`, `Google Login`, `Apple Login` Now, you can use `Tailchat` to implement a unified account management system for your multiple platforms. ## Create a new open platform application in Tailchat You need to create an open platform application and enable **OAuth** service. Fill in the address that is allowed to be redirected in **callback address**. ![](/img/advanced-usage/openapp/3.png) ## Create a stand-alone application that initiates and accepts callbacks First of all, we need to have a general understanding of the basic process of **OAuth** before we officially start ![](/img/advanced-usage/openapp/4.png) Simply put, it is divided into three steps: - The first step: access authorization, you need to pass client_id: client id, redirect_uri: redirect uri, response_type is code, scope is the scope of authorization, fill in `openid profile` by default, and state is other custom parameters - Step 2: After the authorization is passed, it will be redirected to redirect_uri, and the code will be used as its parameter - Step 3: After getting the code, you can exchange it for an access token, and then you can directly access resources through the token You can refer to [https://github.com/msgbyte/tailchat/blob/master/server/test/demo/openapi-client-simple/index.ts](https://github.com/msgbyte/tailchat/blob /master/server/test/demo/openapi-client-simple/index.ts) to implement your own OAuth application ### Main process Here is a brief overview of the process: First construct a request address, like: ``` /open/auth?client_id=&redirect_uri=&scope=openid profile&response_type=code&state=123456789 ``` in: - `API` is your tailchat backend address, if you use the default deployment scheme, it is your access address. - `clientId` is the address of the open platform you applied for in the first step. - `redirect_uri` is your callback address, you need to make sure it has been added to the whitelist of allowed callback addresses - `scope` is the scope of application authorization, currently fill in `openid profile` fixedly - `response_type` is the response type, just fill in `code` - `state` and other custom parameters will be called with redirection and `code` parameters. After the user visits this address, it will jump to the Tailchat platform for login authorization. If the authorization is passed, it will be redirected to the address specified by `redirect_uri`. At this time, the receiving address can get `code` and `state` in the query string. In the next step, we need to exchange `code` for `token` by sending a POST request. Next, we need to use `token` to obtain user information ``` POST /open/token { "client_id": clientId, "client_secret": clientSecret, "redirect_uri": redirect_uri, "code": code, "grant_type": 'authorization_code', } ``` return value: ``` { access_token, expires_in, id_token, scope, token_type } ``` At this point we got the `access_token`, which we can use to request user information: ``` POST /open/me { "access_token": access_token, } ``` return value: ``` { sub, nickname, discriminator, avatar, } ``` Among them, `sub` can be understood as the user's id, which is the unique identifier of the user