lkddi/certd
1
0
Fork 0
mirror of https://github.com/certd/certd.git synced 2026-04-19 00:50:53 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
79e973e9c81e407d37991cb6045fc06abdb6fcec
certd/packages/ui/certd-server/src/plugins/plugin-oauth/oauth2/plugin-microsoft.ts
xiaojunnuo beb7a4c992 perf: 第三方登录支持Microsoft
2026-02-05 16:14:05 +08:00

122 lines
3.4 KiB
TypeScript
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
import { AddonInput, BaseAddon, IsAddon } from "@certd/lib-server";
import { BuildLoginUrlReq, BuildLogoutUrlReq, IOauthProvider, OnCallbackReq } from "../api.js";
@IsAddon({
addonType: "oauth",
name: 'microsoft',
title: 'Microsoft认证',
desc: 'Microsoft OAuth2登录',
icon:"simple-icons:microsoft",
showTest: false,
})
export class MicrosoftOauthProvider extends BaseAddon implements IOauthProvider {
@AddonInput({
title: "ClientId",
helper: "[Azure Portal](https://portal.azure.com/)创建应用后获取",
required: true,
})
clientId = "";
@AddonInput({
title: "ClientSecretKey",
component: {
placeholder: "ClientSecretKey / appSecretKey",
},
required: true,
})
clientSecretKey = "";
@AddonInput({
title: "TenantId",
helper: "租户ID留空使用/common端点需要应用配置为多租户",
component: {
placeholder: "common 或 租户ID",
},
value: "common",
required: false,
})
tenantId = "common";
async buildLoginUrl(params: BuildLoginUrlReq) {
let scope = "openid profile email User.Read" // Scope of the access request
let state:any = {
forType: params.forType || 'login',
}
state = this.ctx.utils.hash.base64(JSON.stringify(state))
const authorizeEndpoint = `https://login.microsoftonline.com/${this.tenantId}/oauth2/v2.0/authorize`
const redirectUrl = encodeURIComponent(params.redirectUri)
const loginUrl = `${authorizeEndpoint}?client_id=${this.clientId}&redirect_uri=${redirectUrl}&response_type=code&scope=${scope}&state=${state}`
return {
loginUrl,
ticketValue: {
state,
},
};
}
async onCallback(req: OnCallbackReq) {
const code = req.code || ""
if (!code) {
throw new Error("Missing code parameter");
}
const tokenEndpoint = `https://login.microsoftonline.com/${this.tenantId}/oauth2/v2.0/token`
const uri = new URL(req.currentURL)
const redirectUri = `${uri.origin}${uri.pathname}`
// 构建 form-urlencoded 格式的数据
const formData = new URLSearchParams();
formData.append('client_id', this.clientId);
formData.append('client_secret', this.clientSecretKey);
formData.append('code', code);
formData.append('redirect_uri', redirectUri);
formData.append('grant_type', 'authorization_code');
const res = await this.ctx.utils.http.request( {
url: tokenEndpoint,
method: "post",
headers: {
"Content-Type": "application/x-www-form-urlencoded",
"Accept": "application/json"
},
data: formData.toString()
})
const tokens = res
const userInfoEndpoint = "https://graph.microsoft.com/v1.0/me"
// 获取用户信息
const userInfoRes = await this.ctx.utils.http.request( {
url: userInfoEndpoint,
method: "get",
headers: {
"Authorization": `Bearer ${tokens.access_token}`,
"Accept": "application/json"
}
})
const userInfo = userInfoRes
return {
token:{
accessToken: tokens.access_token,
refreshToken: tokens.refresh_token,
expiresIn: tokens.expires_in,
},
userInfo: {
openId: userInfo.id,
nickName: userInfo.displayName || userInfo.userPrincipalName || "",
avatar: userInfo.avatar || "",
},
}
};
async buildLogoutUrl(params: BuildLogoutUrlReq) {
return {};
}
}
Reference in New Issue View Git Blame Copy Permalink