mirror of https://github.com/msgbyte/tailchat
You cannot select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
95 lines
3.4 KiB
Markdown
95 lines
3.4 KiB
Markdown
---
|
|
sidebar_position: 5
|
|
title: OAuth
|
|
---
|
|
|
|
The `Tailchat` open platform supports the `OAuth` login protocol, and you can easily integrate the `Tailchat` account system into your system. Just like our common `Github Login`, `Google Login`, `Apple Login`
|
|
|
|
Now, you can use `Tailchat` to implement a unified account management system for your multiple platforms.
|
|
|
|
## Create a new open platform application in Tailchat
|
|
|
|
You need to create an open platform application and enable **OAuth** service.
|
|
|
|
Fill in the address that is allowed to be redirected in **callback address**.
|
|
|
|
|
|
|
|
## Create a stand-alone application that initiates and accepts callbacks
|
|
|
|
First of all, we need to have a general understanding of the basic process of **OAuth** before we officially start
|
|
|
|
|
|
|
|
Simply put, it is divided into three steps:
|
|
|
|
- The first step: access authorization, you need to pass client_id: client id, redirect_uri: redirect uri, response_type is code, scope is the scope of authorization, fill in `openid profile` by default, and state is other custom parameters
|
|
- Step 2: After the authorization is passed, it will be redirected to redirect_uri, and the code will be used as its parameter
|
|
- Step 3: After getting the code, you can exchange it for an access token, and then you can directly access resources through the token
|
|
|
|
You can refer to [https://github.com/msgbyte/tailchat/blob/master/server/test/demo/openapi-client-simple/index.ts](https://github.com/msgbyte/tailchat/blob /master/server/test/demo/openapi-client-simple/index.ts) to implement your own OAuth application
|
|
|
|
### Main process
|
|
|
|
Here is a brief overview of the process:
|
|
|
|
First construct a request address, like:
|
|
```
|
|
<API>/open/auth?client_id=<clientId>&redirect_uri=<redirect_uri>&scope=openid profile&response_type=code&state=123456789
|
|
```
|
|
|
|
in:
|
|
- `API` is your tailchat backend address, if you use the default deployment scheme, it is your access address.
|
|
- `clientId` is the address of the open platform you applied for in the first step.
|
|
- `redirect_uri` is your callback address, you need to make sure it has been added to the whitelist of allowed callback addresses
|
|
- `scope` is the scope of application authorization, currently fill in `openid profile` fixedly
|
|
- `response_type` is the response type, just fill in `code`
|
|
- `state` and other custom parameters will be called with redirection and `code` parameters.
|
|
|
|
After the user visits this address, it will jump to the Tailchat platform for login authorization. If the authorization is passed, it will be redirected to the address specified by `redirect_uri`. At this time, the receiving address can get `code` and `state` in the query string.
|
|
|
|
In the next step, we need to exchange `code` for `token` by sending a POST request. Next, we need to use `token` to obtain user information
|
|
|
|
```
|
|
POST <API>/open/token
|
|
{
|
|
"client_id": clientId,
|
|
"client_secret": clientSecret,
|
|
"redirect_uri": redirect_uri,
|
|
"code": code,
|
|
"grant_type": 'authorization_code',
|
|
}
|
|
```
|
|
|
|
return value:
|
|
```
|
|
{
|
|
access_token,
|
|
expires_in,
|
|
id_token,
|
|
scope,
|
|
token_type
|
|
}
|
|
```
|
|
|
|
At this point we got the `access_token`, which we can use to request user information:
|
|
|
|
```
|
|
POST <API>/open/me
|
|
{
|
|
"access_token": access_token,
|
|
}
|
|
```
|
|
|
|
return value:
|
|
```
|
|
{
|
|
sub,
|
|
nickname,
|
|
discriminator,
|
|
avatar,
|
|
}
|
|
```
|
|
|
|
Among them, `sub` can be understood as the user's id, which is the unique identifier of the user
|