Skip to content

Commit

Permalink
Merge pull request #939 from longguikeji/feature-12
Browse files Browse the repository at this point in the history
feat: 🎸 增加了oidc和oauth2的文档,创建应用去掉多的字段和不同步用户权限的bug;token,用户信息接口更新
  • Loading branch information
hanbinloop authored Jun 15, 2022
2 parents eff9163 + 8ae12b2 commit ccdb3d1
Show file tree
Hide file tree
Showing 6 changed files with 440 additions and 13 deletions.
4 changes: 2 additions & 2 deletions api/v1/schema/app.py
Original file line number Diff line number Diff line change
Expand Up @@ -66,13 +66,13 @@ class ConfigOpenApiVersionSchemaOut(Schema):

AppProtocolConfigIn = AppProtocolExtension.create_composite_config_schema(
'AppProtocolConfigIn',
exclude=["name", "type", "logo", "url", 'description', 'entry_permission_id'],
exclude=["name", "type", "logo", "url", 'description', 'entry_permission'],
)

AppProtocolConfigItemOut = AppProtocolExtension.create_composite_config_schema(
'AppProtocolConfigItemOut',
id=(UUID, Field(hidden=True)),
exclude=["name", "type", "logo", "url", 'description', 'entry_permission_id'],
exclude=["name", "type", "logo", "url", 'description', 'entry_permission'],
)


Expand Down
8 changes: 4 additions & 4 deletions arkid/core/perm/permission_data.py
Original file line number Diff line number Diff line change
Expand Up @@ -248,9 +248,9 @@ def update_arkid_all_user_permission(self, tenant_id=None):
if tenant_id is None:
tenant = self.get_platfrom_tenant()
else:
tenant = Tenant.valid_objects.filter(tenant_id)
tenant = Tenant.valid_objects.filter(id=tenant_id).first()
# 取得当前租户的所有用户
auth_users = User.valid_objects.filter(tenant__id=tenant.id)
auth_users = User.valid_objects.filter(tenant_id=tenant.id)
# 区分出那些人是管理员
systempermission = SystemPermission.objects.filter(tenant=tenant, code=tenant.admin_perm_code, is_system=True).first()
userpermissionresults = UserPermissionResult.valid_objects.filter(
Expand Down Expand Up @@ -636,7 +636,7 @@ def update_app_all_user_permission(self, tenant, app):
更新应用所有用户权限
'''
# 取得当前租户的所有用户
auth_users = User.valid_objects.filter(tenant__id=tenant.id)
auth_users = User.valid_objects.filter(tenant_id=tenant.id)
# 区分出那些人是管理员
systempermission = SystemPermission.valid_objects.filter(tenant=tenant, code=tenant.admin_perm_code, is_system=True).first()
# app的
Expand Down Expand Up @@ -955,7 +955,7 @@ def update_tenant_all_user_permission(self, tenant):
更新租户的所有用户权限
'''
# 取得当前租户的所有用户
auth_users = User.valid_objects.filter(tenant__id=tenant.id)
auth_users = User.valid_objects.filter(tenant_id=tenant.id)
userpermissionresults = UserPermissionResult.valid_objects.filter(
tenant=tenant,
is_self_create=True,
Expand Down
199 changes: 199 additions & 0 deletions extension_root/com_longgui_app_protocol_oidc/OAuth2.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,199 @@
# OAuth2

OAuth2是一个授权的开放协议

## 添加OAuth2应用

=== "打开应用列表"

[![X55Ch4.md.jpg](https://s1.ax1x.com/2022/06/14/X55Ch4.md.jpg)](https://imgtu.com/i/X55Ch4)

=== "点击创建,填写表单"

点击确认后,对话框关闭,可以看到你创建的应用。

[![XT9IET.md.jpg](https://s1.ax1x.com/2022/06/15/XT9IET.md.jpg)](https://imgtu.com/i/XT9IET)

=== "点击协议配置"

[![XT9LvR.md.jpg](https://s1.ax1x.com/2022/06/15/XT9LvR.md.jpg)](https://imgtu.com/i/XT9LvR)

=== "填写配置"
应用类型选择为OIDC,填写参数,创建完毕

[![XTCP8H.md.jpg](https://s1.ax1x.com/2022/06/15/XTCP8H.md.jpg)](https://imgtu.com/i/XTCP8H)

=== "再次点击协议配置"
即可查看该协议所有相关的参数。

[![XTCMGQ.md.jpg](https://s1.ax1x.com/2022/06/15/XTCMGQ.md.jpg)](https://imgtu.com/i/XTCMGQ)


## 使用OAuth2应用

1. ### 明白页面字段含义

[![XTirE6.md.jpg](https://s1.ax1x.com/2022/06/15/XTirE6.md.jpg)](https://imgtu.com/i/XTirE6)

| 英文参数名称 | 对应页面字段 |
| :---------: | :----------------------------------: |
| `redirect url` | 回调地址 |
| `client_id` | 客户端id |
| `client_token` | 客户端秘钥 |
| `authorize url` | 授权url |
| `get token url` | 获取access_token地址 |
| `userinfo url` | 用户信息地址 |
| `logout url` | 退出登录地址 |


2. ### 获取Authorization Code

- 请求地址: `authorize url`
- 请求方式: GET
- 请求参数:

| 参数名称 | 参数说明 | 示例 |
| :---------: | :--------------: | :--------------: |
| `client_id` | `client_id` |
| `redirect_uri` | `redirect url` |
| `response_type`| 填入code | code
| `scope` | 可选 ( openid userinfo) | 如果传递openid,获取token会多一个id_token

- 请求示例: http://authorize url/?client_id=xxxxx&redirect_uri=xxxxx&response_type=code&scope=userinfo
- 返回参数:

| 参数名称 | 参数说明 | 示例 |
| :---------: | :--------------: | :--------------: |
| `code` | 授权码 |

- 返回示例: http://redirect_uri?code=XEV8esOvaVk9wyAuiNXpb3Nuwn5av9&token=cd34840ffc804b894ede31bc21b176ef559e137f


3. ### 获取Access Token

- 请求地址: `get token url`
- 请求方式: POST
- 请求头参数:

| 参数名称 | 参数说明 | 示例 |
| :---------: | :--------------: | :--------------: |
| `Authorization` | 这个token由client_id和client_secret生成 | Basic Token
| `Content-Type` | 填入multipart/form-data |

- 请求参数:

| 参数名称 | 参数说明 | 示例 |
| :---------: | :--------------: | :--------------: |
| `code` | 授权码 |
| `grant_type` | 填入authorization_code |


- 请求示例:

[![XoX9Z4.md.jpg](https://s1.ax1x.com/2022/06/15/XoX9Z4.md.jpg)](https://imgtu.com/i/XoX9Z4)

- 返回参数:

| 参数名称 | 参数说明 | 示例 |
| :---------: | :--------------: | :--------------: |
| `access_token` | 令牌 |
| `expires_in` | 过期时间 |
| `token_type` | Bearer |
| `scope` | userinfo openid |
| `refresh_token` | 用于更新令牌的令牌 |

- 返回示例:
``` json
{
"access_token": "cFcWq78HH9MKVQOFJgGPl6RFtESAc2",
"expires_in": 36000,
"token_type": "Bearer",
"scope": "userinfo",
"refresh_token": "oRHcgoGYsL5h1UimT4rWcg93lcTyjN"
}
```


4. ### 获取用户信息

- 请求地址: `userinfo url`
- 请求方式: GET
- 请求头参数:

| 参数名称 | 参数说明 | 示例 |
| :---------: | :--------------: | :--------------: |
| `Authorization` | Bearer access_token | Bearer cFcWq78HH9MKVQOFJgGPl6RFtESAc2

- 返回参数:

| 参数名称 | 参数说明 | 示例 |
| :---------: | :--------------: | :--------------: |
| `id` | 用户id |
| `name` | 用户名称 |
| `sub` | 用户id |
| `sub_id` | 用户id |
| `preferred_username` | 用户名 |
| `groups` | 用户分组 |
| `tenant_id` | 租户id |
| `tenant_slug` | 租户slug |

- 返回示例:
``` json
{
"id": "faf5aae6-3cdf-4595-8b4a-3a06b31117c8",
"name": "admin",
"sub": "faf5aae6-3cdf-4595-8b4a-3a06b31117c8",
"sub_id": "faf5aae6-3cdf-4595-8b4a-3a06b31117c8",
"preferred_username": "admin",
"groups": [
],
"tenant_id": "4da114ce-e115-44a0-823b-d372114425d0",
"tenant_slug": ""
}
```

5. ### 刷新token

这一步是可选的如果颁发的令牌过了有效期,可以使用这个接口更换新的令牌

- 请求地址: `get token url`
- 请求方式: POST
- 请求头参数:

| 参数名称 | 参数说明 | 示例 |
| :---------: | :--------------: | :--------------: |
| `Authorization` | 这个token由client_id和client_secret生成 | Basic Token
| `Content-Type` | 填入multipart/form-data |

- 请求参数:

| 参数名称 | 参数说明 | 示例 |
| :---------: | :--------------: | :--------------: |
| `refresh_token` | 更新令牌 |
| `grant_type` | 填入refresh_token |


- 请求示例:

[![XozCX6.md.jpg](https://s1.ax1x.com/2022/06/15/XozCX6.md.jpg)](https://imgtu.com/i/XozCX6)

- 返回参数:

| 参数名称 | 参数说明 | 示例 |
| :---------: | :--------------: | :--------------: |
| `access_token` | 令牌 |
| `expires_in` | 过期时间 |
| `token_type` | Bearer |
| `scope` | userinfo openid |
| `refresh_token` | 用于更新令牌的令牌 |

- 返回示例:
``` json
{
"access_token": "51s34LPxhhKlUTP5r5mHevGW7ussXC",
"expires_in": 36000,
"token_type": "Bearer",
"scope": "userinfo",
"refresh_token": "68trmzGvLmmbjACnHFGgzoCl5LBOrJ"
}
```
Loading

0 comments on commit ccdb3d1

Please sign in to comment.