aiden
/
tailchat
mirror of https://github.com/msgbyte/tailchat
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
master
chore/cli-prune-script
chore/devcontainer
chore/upgrade-rn-0.72.7
perf/livekit-chat-count
feat/group-preview
test/ios-bundle
feat/excalidraw
feat/group-panel-support-ack
feat/uniplus
feat/desktop
release/desktop
v1.11.10
v1.11.9
v1.11.8
v1.11.7
v1.11.6
v1.11.5
v1.11.4
v1.11.3
v1.11.2
v1.11.1
v1.11.0
v1.10.1
v1.10.0
v1.9.5
v1.9.4
v1.9.3
v1.9.2
v1.9.1
v1.9.0
v1.8.12
v1.8.11
v1.8.10
v1.8.9
v1.8.8
v1.8.7
v1.8.6
v1.8.5
v1.8.4
v1.8.3
v1.8.2
v1.8.1
v1.8.0
v1.7.6
v1.7.5
v1.7.4
v1.7.3
v1.7.2
v1.7.1
v1.7.0
v1.6.8
v1.6.7
v1.6.6
v1.6.5
v1.6.4
v1.6.3
v1.6.2
v1.6.1
v1.6.0
v1.5.0
v1.4.0
v1.3.1
v1.3.0
v0.0.9
v0.0.8
v0.0.7
v0.0.6
v0.0.5
v0.0.3
v0.0.2
v0.0.1
widget-v0.0.8
v0.0.4
v0.0.10
v0.0.11
v0.0.12
v1.0.0
v1.0.1
v1.0.2
v1.1.0
v1.2.0
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '5fe0ff06d7'
${ noResults }
tailchat/website/docs/advanced-usage/openapp/oauth.md

3.4 KiB
Raw Blame History

sidebar_position title
5 OAuth

The Tailchat open platform supports the OAuth login protocol, and you can easily integrate the Tailchat account system into your system. Just like our common Github Login, Google Login, Apple Login

Now, you can use Tailchat to implement a unified account management system for your multiple platforms.

Create a new open platform application in Tailchat

You need to create an open platform application and enable OAuth service.

Fill in the address that is allowed to be redirected in callback address.

Create a stand-alone application that initiates and accepts callbacks

First of all, we need to have a general understanding of the basic process of OAuth before we officially start

Simply put, it is divided into three steps:

  • The first step: access authorization, you need to pass client_id: client id, redirect_uri: redirect uri, response_type is code, scope is the scope of authorization, fill in openid profile by default, and state is other custom parameters
  • Step 2: After the authorization is passed, it will be redirected to redirect_uri, and the code will be used as its parameter
  • Step 3: After getting the code, you can exchange it for an access token, and then you can directly access resources through the token

You can refer to [https://github.com/msgbyte/tailchat/blob/master/server/test/demo/openapi-client-simple/index.ts](https://github.com/msgbyte/tailchat/blob /master/server/test/demo/openapi-client-simple/index.ts) to implement your own OAuth application

Main process

Here is a brief overview of the process:

First construct a request address, like:

<API>/open/auth?client_id=<clientId>&redirect_uri=<redirect_uri>&scope=openid profile&response_type=code&state=123456789

in:

  • API is your tailchat backend address, if you use the default deployment scheme, it is your access address.
  • clientId is the address of the open platform you applied for in the first step.
  • redirect_uri is your callback address, you need to make sure it has been added to the whitelist of allowed callback addresses
  • scope is the scope of application authorization, currently fill in openid profile fixedly
  • response_type is the response type, just fill in code
  • state and other custom parameters will be called with redirection and code parameters.

After the user visits this address, it will jump to the Tailchat platform for login authorization. If the authorization is passed, it will be redirected to the address specified by redirect_uri. At this time, the receiving address can get code and state in the query string.

In the next step, we need to exchange code for token by sending a POST request. Next, we need to use token to obtain user information

POST <API>/open/token
{
  "client_id": clientId,
  "client_secret": clientSecret,
  "redirect_uri": redirect_uri,
  "code": code,
  "grant_type": 'authorization_code',
}

return value:

{
  access_token,
  expires_in,
  id_token,
  scope,
  token_type
}

At this point we got the access_token, which we can use to request user information:

POST <API>/open/me
{
  "access_token": access_token,
}

return value:

{
  sub,
  nickname,
  discriminator,
  avatar,
}

Among them, sub can be understood as the user's id, which is the unique identifier of the user