llvy.ltd/casdoor
1
0
Fork 0
mirror of https://github.com/casdoor/casdoor.git synced 2025-09-06 09:50:28 +08:00
Code Issues Packages Projects Releases Wiki Activity

feat: add Lark OAuth provider (#3956)

Browse Source
This commit is contained in:
DacongDA
2025-07-13 19:51:45 +08:00
committed by GitHub
parent 7fdc264ff6
commit 835273576b
4 changed files with 24 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
idp/lark.go
View File

@@ -27,16 +27,22 @@ import (
) )
type LarkIdProvider struct { type LarkIdProvider struct {
Client *http.Client Client *http.Client
Config *oauth2.Config Config *oauth2.Config
LarkDomain string
} }
func NewLarkIdProvider(clientId string, clientSecret string, redirectUrl string) *LarkIdProvider { func NewLarkIdProvider(clientId string, clientSecret string, redirectUrl string, useGlobalEndpoint bool) *LarkIdProvider {
idp := &LarkIdProvider{} idp := &LarkIdProvider{}
if useGlobalEndpoint {
idp.LarkDomain = "https://open.larksuite.com"
} else {
idp.LarkDomain = "https://open.feishu.cn"
}
config := idp.getConfig(clientId, clientSecret, redirectUrl) config := idp.getConfig(clientId, clientSecret, redirectUrl)
idp.Config = config idp.Config = config
return idp return idp
} }
@@ -47,7 +53,7 @@ func (idp *LarkIdProvider) SetHttpClient(client *http.Client) {
// getConfig return a point of Config, which describes a typical 3-legged OAuth2 flow // getConfig return a point of Config, which describes a typical 3-legged OAuth2 flow
func (idp *LarkIdProvider) getConfig(clientId string, clientSecret string, redirectUrl string) *oauth2.Config { func (idp *LarkIdProvider) getConfig(clientId string, clientSecret string, redirectUrl string) *oauth2.Config {
endpoint := oauth2.Endpoint{ endpoint := oauth2.Endpoint{
TokenURL: "https://open.feishu.cn/open-apis/auth/v3/tenant_access_token/internal", TokenURL: idp.LarkDomain + "/open-apis/auth/v3/tenant_access_token/internal",
} }
config := &oauth2.Config{ config := &oauth2.Config{
@@ -162,6 +168,7 @@ type LarkUserInfo struct {
} `json:"data"` } `json:"data"`
} }
// GetUserInfo use LarkAccessToken gotten before return LinkedInUserInf
// GetUserInfo use LarkAccessToken gotten before return LinkedInUserInfo // GetUserInfo use LarkAccessToken gotten before return LinkedInUserInfo
// get more detail via: https://docs.microsoft.com/en-us/linkedin/consumer/integrations/self-serve/sign-in-with-linkedin?context=linkedin/consumer/context // get more detail via: https://docs.microsoft.com/en-us/linkedin/consumer/integrations/self-serve/sign-in-with-linkedin?context=linkedin/consumer/context
func (idp *LarkIdProvider) GetUserInfo(token *oauth2.Token) (*UserInfo, error) { func (idp *LarkIdProvider) GetUserInfo(token *oauth2.Token) (*UserInfo, error) {
@@ -175,7 +182,7 @@ func (idp *LarkIdProvider) GetUserInfo(token *oauth2.Token) (*UserInfo, error) {
return nil, err return nil, err
} }
req, err := http.NewRequest("POST", "https://open.feishu.cn/open-apis/authen/v1/access_token", strings.NewReader(string(data))) req, err := http.NewRequest("POST", idp.LarkDomain+"/open-apis/authen/v1/access_token", strings.NewReader(string(data)))
if err != nil { if err != nil {
return nil, err return nil, err
} }

2
idp/provider.go
View File

@@ -87,7 +87,7 @@ func GetIdProvider(idpInfo *ProviderInfo, redirectUrl string) (IdProvider, error
return nil, fmt.Errorf("WeCom provider subType: %s is not supported", idpInfo.SubType) return nil, fmt.Errorf("WeCom provider subType: %s is not supported", idpInfo.SubType)
} }
case "Lark": case "Lark":
return NewLarkIdProvider(idpInfo.ClientId, idpInfo.ClientSecret, redirectUrl), nil return NewLarkIdProvider(idpInfo.ClientId, idpInfo.ClientSecret, redirectUrl, idpInfo.DisableSsl), nil
case "GitLab": case "GitLab":
return NewGitlabIdProvider(idpInfo.ClientId, idpInfo.ClientSecret, redirectUrl), nil return NewGitlabIdProvider(idpInfo.ClientId, idpInfo.ClientSecret, redirectUrl), nil
case "ADFS": case "ADFS":

6
web/src/ProviderEditPage.js
View File

@@ -931,10 +931,12 @@ class ProviderEditPage extends React.Component {
) )
} }
{ {
this.state.provider.type !== "Google" ? null : ( this.state.provider.type !== "Google" && this.state.provider.type !== "Lark" ? null : (
<Row style={{marginTop: "20px"}} > <Row style={{marginTop: "20px"}} >
<Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}> <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
{Setting.getLabel(i18next.t("provider:Get phone number"), i18next.t("provider:Get phone number - Tooltip"))} : {this.state.provider.type === "Google" ?
Setting.getLabel(i18next.t("provider:Get phone number"), i18next.t("provider:Get phone number - Tooltip"))
: Setting.getLabel(i18next.t("provider:Use global endpoint"), i18next.t("provider:Use global endpoint - Tooltip"))} :
</Col> </Col>
<Col span={1} > <Col span={1} >
<Switch disabled={!this.state.provider.clientId} checked={this.state.provider.disableSsl} onChange={checked => { <Switch disabled={!this.state.provider.clientId} checked={this.state.provider.disableSsl} onChange={checked => {

6
web/src/auth/Provider.js
View File

@@ -68,6 +68,7 @@ const authInfo = {
Lark: { Lark: {
// scope: "email", // scope: "email",
endpoint: "https://open.feishu.cn/open-apis/authen/v1/index", endpoint: "https://open.feishu.cn/open-apis/authen/v1/index",
endpoint2: "https://accounts.larksuite.com/open-apis/authen/v1/authorize",
}, },
GitLab: { GitLab: {
scope: "read_user+profile", scope: "read_user+profile",
@@ -406,6 +407,8 @@ export function getAuthUrl(application, provider, method, code) {
if (provider.domain) { if (provider.domain) {
endpoint = `${provider.domain}/apps/oauth2/authorize`; endpoint = `${provider.domain}/apps/oauth2/authorize`;
} }
} else if (provider.type === "Lark" && provider.disableSsl) {
endpoint = authInfo[provider.type].endpoint2;
} }
if (provider.type === "Google" || provider.type === "GitHub" || provider.type === "Facebook" if (provider.type === "Google" || provider.type === "GitHub" || provider.type === "Facebook"
@@ -460,6 +463,9 @@ export function getAuthUrl(application, provider, method, code) {
return `https://error:not-supported-provider-sub-type:${provider.subType}`; return `https://error:not-supported-provider-sub-type:${provider.subType}`;
} }
} else if (provider.type === "Lark") { } else if (provider.type === "Lark") {
if (provider.disableSsl) {
redirectUri = encodeURIComponent(redirectUri);
}
return `${endpoint}?app_id=${provider.clientId}&redirect_uri=${redirectUri}&state=${state}`; return `${endpoint}?app_id=${provider.clientId}&redirect_uri=${redirectUri}&state=${state}`;
} else if (provider.type === "ADFS") { } else if (provider.type === "ADFS") {
return `${provider.domain}/adfs/oauth2/authorize?client_id=${provider.clientId}&redirect_uri=${redirectUri}&state=${state}&response_type=code&nonce=casdoor&scope=openid`; return `${provider.domain}/adfs/oauth2/authorize?client_id=${provider.clientId}&redirect_uri=${redirectUri}&state=${state}&response_type=code&nonce=casdoor&scope=openid`;