feat: try to support custom OAuth provider (#667 )

* feat: try to support private provider * fix: modify code according to code review * feat: set example values for custom params
feat: add isProfilePublic setting for accessing user info (#656 )
2025-07-23 14:33:28 +08:00 · 2022-04-16 17:17:45 +08:00 · 2022-04-16 15:10:03 +08:00 · 2022-04-16 13:23:05 +08:00 · 2022-04-16 00:09:23 +08:00 · 2022-04-15 11:49:56 +08:00
27 changed files with 630 additions and 109 deletions
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@ -70,7 +70,7 @@ jobs:

      - name: Fetch Previous version
        id: get-previous-tag
-        uses: actions-ecosystem/action-get-latest-tag@v1
+        uses: actions-ecosystem/action-get-latest-tag@v1.6.0

      - name: Release
        run: yarn global add semantic-release@17.4.4 && semantic-release
@ -79,7 +79,7 @@ jobs:

      - name: Fetch Current version
        id: get-current-tag
-        uses: actions-ecosystem/action-get-latest-tag@v1
+        uses: actions-ecosystem/action-get-latest-tag@v1.6.0

      - name: Decide Should_Push Or Not
        id: should_push
@ -101,7 +101,7 @@ jobs:
              echo ::set-output name=push::'false'
              
          fi
-        
+
      - name: Log in to Docker Hub
        uses: docker/login-action@v1
        if: github.repository == 'casdoor/casdoor' && github.event_name == 'push' &&steps.should_push.outputs.push=='true'
@ -109,14 +109,14 @@ jobs:
          username: ${{ secrets.DOCKERHUB_USERNAME }}
          password: ${{ secrets.DOCKERHUB_PASSWORD }}

-          
+
      - name: Push to Docker Hub
        uses: docker/build-push-action@v2
        if: github.repository == 'casdoor/casdoor' && github.event_name == 'push' && steps.should_push.outputs.push=='true'
        with:
          push: true
          tags: casbin/casdoor:${{steps.get-current-tag.outputs.tag }},casbin/casdoor:latest
-          
+
      - name: Push All In One Version to Docker Hub
        uses: docker/build-push-action@v2
        if: github.repository == 'casdoor/casdoor' && github.event_name == 'push' && steps.should_push.outputs.push=='true'
--- a/.github/workflows/sync.yml
+++ b/.github/workflows/sync.yml
@ -14,7 +14,7 @@ jobs:
      uses: actions/checkout@v2

    - name: crowdin action
-      uses: crowdin/github-action@1.2.0
+      uses: crowdin/github-action@1.4.8
      with:
        upload_translations: true

@ -32,4 +32,4 @@ jobs:
      env:
        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        CROWDIN_PROJECT_ID: '463556'
-        CROWDIN_PERSONAL_TOKEN: ${{ secrets.CROWDIN_PERSONAL_TOKEN }}
+        CROWDIN_PERSONAL_TOKEN: ${{ secrets.CROWDIN_PERSONAL_TOKEN }}
--- a/3
+++ b/3
@ -1,8 +1,7 @@
 FROM golang:1.17.5 AS BACK
 WORKDIR /go/src/casdoor
 COPY . .
-RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 GOPROXY=https://goproxy.cn,direct go build -ldflags="-w -s" -o server . \
-    && apt update && apt install wait-for-it && chmod +x /usr/bin/wait-for-it
+RUN ./build.sh && apt update && apt install wait-for-it && chmod +x /usr/bin/wait-for-it

 FROM node:16.13.0 AS FRONT
 WORKDIR /web
--- a/build.sh
+++ b/build.sh
@ -0,0 +1,11 @@
+#!/bin/bash
+#try to connect to google to determine whether user need to use proxy
+curl www.google.com -o /dev/null --connect-timeout 5
+if [ $? == 0 ]
+then
+    echo "connect to google.com successed"
+    CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -ldflags="-w -s" -o server .
+else
+    echo "connect to google.com failed"
+    CGO_ENABLED=0 GOOS=linux GOARCH=amd64 GOPROXY=https://goproxy.cn,direct go build -ldflags="-w -s" -o server .
+fi
--- a/controllers/auth.go
+++ b/controllers/auth.go
@ -283,7 +283,7 @@ func (c *ApiController) Login() {
 				clientSecret = provider.ClientSecret2
 			}

-			idProvider := idp.GetIdProvider(provider.Type, provider.SubType, clientId, clientSecret, provider.AppId, form.RedirectUri, provider.Domain)
+			idProvider := idp.GetIdProvider(provider.Type, provider.SubType, clientId, clientSecret, provider.AppId, form.RedirectUri, provider.Domain, provider.CustomAuthUrl, provider.CustomTokenUrl, provider.CustomUserInfoUrl)
 			if idProvider == nil {
 				c.ResponseError(fmt.Sprintf("The provider type: %s is not supported", provider.Type))
 				return
--- a/controllers/token.go
+++ b/controllers/token.go
@ -175,6 +175,8 @@ func (c *ApiController) GetOAuthToken() {
 	scope := c.Input().Get("scope")
 	username := c.Input().Get("username")
 	password := c.Input().Get("password")
+	tag := c.Input().Get("tag")
+	avatar := c.Input().Get("avatar")

 	if clientId == "" && clientSecret == "" {
 		clientId, clientSecret, _ = c.Ctx.Request.BasicAuth()
@ -191,11 +193,13 @@ func (c *ApiController) GetOAuthToken() {
 			scope = tokenRequest.Scope
 			username = tokenRequest.Username
 			password = tokenRequest.Password
+			tag = tokenRequest.Tag
+			avatar = tokenRequest.Avatar
 		}
 	}
 	host := c.Ctx.Request.Host

-	c.Data["json"] = object.GetOAuthToken(grantType, clientId, clientSecret, code, verifier, scope, username, password, host)
+	c.Data["json"] = object.GetOAuthToken(grantType, clientId, clientSecret, code, verifier, scope, username, password, host, tag, avatar)
 	c.ServeJSON()
 }

--- a/controllers/types.go
+++ b/controllers/types.go
@ -23,4 +23,6 @@ type TokenRequest struct {
 	Scope        string `json:"scope"`
 	Username     string `json:"username"`
 	Password     string `json:"password"`
+	Tag          string `json:"tag"`
+	Avatar       string `json:"avatar"`
 }
--- a/controllers/user.go
+++ b/controllers/user.go
@ -87,6 +87,17 @@ func (c *ApiController) GetUser() {
 	id := c.Input().Get("id")
 	owner := c.Input().Get("owner")
 	email := c.Input().Get("email")
+	userOwner, _ := util.GetOwnerAndNameFromId(id)
+	organization := object.GetOrganization(fmt.Sprintf("%s/%s", "admin", userOwner))
+
+	if !organization.IsProfilePublic {
+		requestUserId := c.GetSessionUsername()
+		hasPermission, err := object.CheckUserPermission(requestUserId, id, false)
+		if !hasPermission {
+			c.ResponseError(err.Error())
+			return
+		}
+	}

 	var user *object.User
 	if email == "" {
@ -111,6 +122,10 @@ func (c *ApiController) UpdateUser() {
 	id := c.Input().Get("id")
 	columnsStr := c.Input().Get("columns")

+	if id == "" {
+		id = c.GetSessionUsername()
+	}
+
 	var user object.User
 	err := json.Unmarshal(c.Ctx.Input.RequestBody, &user)
 	if err != nil {
@ -229,39 +244,15 @@ func (c *ApiController) SetPassword() {
 	newPassword := c.Ctx.Request.Form.Get("newPassword")

 	requestUserId := c.GetSessionUsername()
-	if requestUserId == "" {
-		c.ResponseError("Please login first")
-		return
-	}
-
 	userId := fmt.Sprintf("%s/%s", userOwner, userName)
-	targetUser := object.GetUser(userId)
-	if targetUser == nil {
-		c.ResponseError(fmt.Sprintf("The user: %s doesn't exist", userId))
+
+	hasPermission, err := object.CheckUserPermission(requestUserId, userId, true)
+	if !hasPermission {
+		c.ResponseError(err.Error())
 		return
 	}

-	hasPermission := false
-	if strings.HasPrefix(requestUserId, "app/") {
-		hasPermission = true
-	} else {
-		requestUser := object.GetUser(requestUserId)
-		if requestUser == nil {
-			c.ResponseError("Session outdated. Please login again.")
-			return
-		}
-		if requestUser.IsGlobalAdmin {
-			hasPermission = true
-		} else if requestUserId == userId {
-			hasPermission = true
-		} else if targetUser.Owner == requestUser.Owner && requestUser.IsAdmin {
-			hasPermission = true
-		}
-	}
-	if !hasPermission {
-		c.ResponseError("You don't have the permission to do this.")
-		return
-	}
+	targetUser := object.GetUser(userId)

 	if oldPassword != "" {
 		msg := object.CheckPassword(targetUser, oldPassword)
--- a/idp/custom.go
+++ b/idp/custom.go
@ -0,0 +1,108 @@
+// Copyright 2022 The Casdoor Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package idp
+
+import (
+	"context"
+	"encoding/json"
+	"fmt"
+	"io/ioutil"
+	"net/http"
+	_ "net/url"
+	_ "time"
+
+	"golang.org/x/oauth2"
+)
+
+type CustomIdProvider struct {
+	Client      *http.Client
+	Config      *oauth2.Config
+	UserInfoUrl string
+}
+
+func NewCustomIdProvider(clientId string, clientSecret string, redirectUrl string, authUrl string, tokenUrl string, userInfoUrl string) *CustomIdProvider {
+	idp := &CustomIdProvider{}
+	idp.UserInfoUrl = userInfoUrl
+
+	var config = &oauth2.Config{
+		ClientID:     clientId,
+		ClientSecret: clientSecret,
+		RedirectURL:  redirectUrl,
+		Endpoint: oauth2.Endpoint{
+			AuthURL:  authUrl,
+			TokenURL: tokenUrl,
+		},
+	}
+	idp.Config = config
+
+	return idp
+}
+
+func (idp *CustomIdProvider) SetHttpClient(client *http.Client) {
+	idp.Client = client
+}
+
+func (idp *CustomIdProvider) GetToken(code string) (*oauth2.Token, error) {
+	ctx := context.WithValue(context.Background(), oauth2.HTTPClient, idp.Client)
+	return idp.Config.Exchange(ctx, code)
+}
+
+type CustomUserInfo struct {
+	Id          string `json:"sub"`
+	Name        string `json:"name"`
+	DisplayName string `json:"preferred_username"`
+	Email       string `json:"email"`
+	AvatarUrl   string `json:"picture"`
+	Status      string `json:"status"`
+	Msg         string `json:"msg"`
+}
+
+func (idp *CustomIdProvider) GetUserInfo(token *oauth2.Token) (*UserInfo, error) {
+	ctUserinfo := &CustomUserInfo{}
+	accessToken := token.AccessToken
+	request, err := http.NewRequest("GET", idp.UserInfoUrl, nil)
+	if err != nil {
+		return nil, err
+	}
+	//add accessToken to request header
+	request.Header.Add("Authorization", fmt.Sprintf("Bearer %s", accessToken))
+	resp, err := idp.Client.Do(request)
+	if err != nil {
+		return nil, err
+	}
+
+	data, err := ioutil.ReadAll(resp.Body)
+	if err != nil {
+		return nil, err
+	}
+
+	err = json.Unmarshal(data, ctUserinfo)
+	if err != nil {
+		return nil, err
+	}
+
+	if ctUserinfo.Status != "" {
+		return nil, fmt.Errorf("err: %s", ctUserinfo.Msg)
+	}
+
+	userInfo := &UserInfo{
+		Id:          ctUserinfo.Id,
+		Username:    ctUserinfo.Name,
+		DisplayName: ctUserinfo.DisplayName,
+		Email:       ctUserinfo.Email,
+		AvatarUrl:   ctUserinfo.AvatarUrl,
+	}
+	return userInfo, nil
+}
--- a/idp/provider.go
+++ b/idp/provider.go
@ -35,7 +35,7 @@ type IdProvider interface {
 	GetUserInfo(token *oauth2.Token) (*UserInfo, error)
 }

-func GetIdProvider(typ string, subType string, clientId string, clientSecret string, appId string, redirectUrl string, hostUrl string) IdProvider {
+func GetIdProvider(typ string, subType string, clientId string, clientSecret string, appId string, redirectUrl string, hostUrl string, authUrl string, tokenUrl string, userInfoUrl string) IdProvider {
 	if typ == "GitHub" {
 		return NewGithubIdProvider(clientId, clientSecret, redirectUrl)
 	} else if typ == "Google" {
@ -72,6 +72,8 @@ func GetIdProvider(typ string, subType string, clientId string, clientSecret str
 		return NewBaiduIdProvider(clientId, clientSecret, redirectUrl)
 	} else if typ == "Alipay" {
 		return NewAlipayIdProvider(clientId, clientSecret, redirectUrl)
+	} else if typ == "Custom" {
+		return NewCustomIdProvider(clientId, clientSecret, redirectUrl, authUrl, tokenUrl, userInfoUrl)
 	} else if typ == "Infoflow" {
 		if subType == "Internal" {
 			return NewInfoflowInternalIdProvider(clientId, clientSecret, appId, redirectUrl)
--- a/idp/wechat_miniprogram.go
+++ b/idp/wechat_miniprogram.go
@ -0,0 +1,82 @@
+// Copyright 2022 The Casdoor Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package idp
+
+import (
+	"encoding/json"
+	"fmt"
+	"io/ioutil"
+	"net/http"
+
+	"golang.org/x/oauth2"
+)
+
+type WeChatMiniProgramIdProvider struct {
+	Client *http.Client
+	Config *oauth2.Config
+}
+
+func NewWeChatMiniProgramIdProvider(clientId string, clientSecret string) *WeChatMiniProgramIdProvider {
+	idp := &WeChatMiniProgramIdProvider{}
+
+	config := idp.getConfig(clientId, clientSecret)
+	idp.Config = config
+	idp.Client = &http.Client{}
+	return idp
+}
+
+func (idp *WeChatMiniProgramIdProvider) SetHttpClient(client *http.Client) {
+	idp.Client = client
+}
+
+func (idp *WeChatMiniProgramIdProvider) getConfig(clientId string, clientSecret string) *oauth2.Config {
+	var config = &oauth2.Config{
+		ClientID:     clientId,
+		ClientSecret: clientSecret,
+	}
+
+	return config
+}
+
+type WeChatMiniProgramSessionResponse struct {
+	Openid     string `json:"openid"`
+	SessionKey string `json:"session_key"`
+	Unionid    string `json:"unionid"`
+	Errcode    int    `json:"errcode"`
+	Errmsg     string `json:"errmsg"`
+}
+
+func (idp *WeChatMiniProgramIdProvider) GetSessionByCode(code string) (*WeChatMiniProgramSessionResponse, error) {
+	sessionUri := fmt.Sprintf("https://api.weixin.qq.com/sns/jscode2session?appid=%s&secret=%s&js_code=%s&grant_type=authorization_code", idp.Config.ClientID, idp.Config.ClientSecret, code)
+	sessionResponse, err := idp.Client.Get(sessionUri)
+	if err != nil {
+		return nil, err
+	}
+	defer sessionResponse.Body.Close()
+	data, err := ioutil.ReadAll(sessionResponse.Body)
+	if err != nil {
+		return nil, err
+	}
+	var session WeChatMiniProgramSessionResponse
+	err = json.Unmarshal(data, &session)
+	if err != nil {
+		return nil, err
+	}
+	if session.Errcode != 0 {
+		return nil, fmt.Errorf("err: %s", session.Errmsg)
+	}
+	return &session, nil
+
+}
--- a/object/check.go
+++ b/object/check.go
@ -17,6 +17,7 @@ package object
 import (
 	"fmt"
 	"regexp"
+	"strings"

 	"github.com/casdoor/casdoor/cred"
 	"github.com/casdoor/casdoor/util"
@ -195,3 +196,37 @@ func CheckUserPassword(organization string, username string, password string) (*
 func filterField(field string) bool {
 	return reFieldWhiteList.MatchString(field)
 }
+
+func CheckUserPermission(requestUserId, userId string, strict bool) (bool, error) {
+	if requestUserId == "" {
+		return false, fmt.Errorf("please login first")
+	}
+
+	targetUser := GetUser(userId)
+	if targetUser == nil {
+		return false, fmt.Errorf("the user: %s doesn't exist", userId)
+	}
+
+	hasPermission := false
+	if strings.HasPrefix(requestUserId, "app/") {
+		hasPermission = true
+	} else {
+		requestUser := GetUser(requestUserId)
+		if requestUser == nil {
+			return false, fmt.Errorf("session outdated, please login again")
+		}
+		if requestUser.IsGlobalAdmin {
+			hasPermission = true
+		} else if requestUserId == userId {
+			hasPermission = true
+		} else if targetUser.Owner == requestUser.Owner {
+			if strict {
+				hasPermission = requestUser.IsAdmin
+			} else {
+				hasPermission = true
+			}
+		}
+	}
+
+	return hasPermission, fmt.Errorf("you don't have the permission to do this")
+}
--- a/object/organization.go
+++ b/object/organization.go
@ -35,6 +35,7 @@ type Organization struct {
 	Tags               []string `xorm:"mediumtext" json:"tags"`
 	MasterPassword     string   `xorm:"varchar(100)" json:"masterPassword"`
 	EnableSoftDeletion bool     `json:"enableSoftDeletion"`
+	IsProfilePublic    bool     `json:"isProfilePublic"`
 }

 func GetOrganizationCount(owner, field, value string) int {
--- a/object/provider.go
+++ b/object/provider.go
@ -27,16 +27,21 @@ type Provider struct {
 	Name        string `xorm:"varchar(100) notnull pk" json:"name"`
 	CreatedTime string `xorm:"varchar(100)" json:"createdTime"`

-	DisplayName   string `xorm:"varchar(100)" json:"displayName"`
-	Category      string `xorm:"varchar(100)" json:"category"`
-	Type          string `xorm:"varchar(100)" json:"type"`
-	SubType       string `xorm:"varchar(100)" json:"subType"`
-	Method        string `xorm:"varchar(100)" json:"method"`
-	ClientId      string `xorm:"varchar(100)" json:"clientId"`
-	ClientSecret  string `xorm:"varchar(2000)" json:"clientSecret"`
-	ClientId2     string `xorm:"varchar(100)" json:"clientId2"`
-	ClientSecret2 string `xorm:"varchar(100)" json:"clientSecret2"`
-	Cert          string `xorm:"varchar(100)" json:"cert"`
+	DisplayName       string `xorm:"varchar(100)" json:"displayName"`
+	Category          string `xorm:"varchar(100)" json:"category"`
+	Type              string `xorm:"varchar(100)" json:"type"`
+	SubType           string `xorm:"varchar(100)" json:"subType"`
+	Method            string `xorm:"varchar(100)" json:"method"`
+	ClientId          string `xorm:"varchar(100)" json:"clientId"`
+	ClientSecret      string `xorm:"varchar(2000)" json:"clientSecret"`
+	ClientId2         string `xorm:"varchar(100)" json:"clientId2"`
+	ClientSecret2     string `xorm:"varchar(100)" json:"clientSecret2"`
+	Cert              string `xorm:"varchar(100)" json:"cert"`
+	CustomAuthUrl     string `xorm:"varchar(200)" json:"customAuthUrl"`
+	CustomScope       string `xorm:"varchar(200)" json:"customScope"`
+	CustomTokenUrl    string `xorm:"varchar(200)" json:"customTokenUrl"`
+	CustomUserInfoUrl string `xorm:"varchar(200)" json:"customUserInfoUrl"`
+	CustomLogo        string `xorm:"varchar(200)" json:"customLogo"`

 	Host    string `xorm:"varchar(100)" json:"host"`
 	Port    int    `json:"port"`
@ -151,6 +156,16 @@ func GetDefaultHumanCheckProvider() *Provider {
 	return &provider
 }

+func GetWechatMiniProgramProvider(application *Application) *Provider {
+	providers := application.Providers
+	for _, provider := range providers {
+		if provider.Provider.Type == "WeChatMiniProgram" {
+			return provider.Provider
+		}
+	}
+	return nil
+}
+
 func UpdateProvider(id string, provider *Provider) bool {
 	owner, name := util.GetOwnerAndNameFromId(id)
 	if getProvider(owner, name) == nil {
--- a/object/resource.go
+++ b/object/resource.go
@ -23,7 +23,7 @@ import (

 type Resource struct {
 	Owner       string `xorm:"varchar(100) notnull pk" json:"owner"`
-	Name        string `xorm:"varchar(200) notnull pk" json:"name"`
+	Name        string `xorm:"varchar(250) notnull pk" json:"name"`
 	CreatedTime string `xorm:"varchar(100)" json:"createdTime"`

 	User        string `xorm:"varchar(100)" json:"user"`
@ -31,7 +31,7 @@ type Resource struct {
 	Application string `xorm:"varchar(100)" json:"application"`
 	Tag         string `xorm:"varchar(100)" json:"tag"`
 	Parent      string `xorm:"varchar(100)" json:"parent"`
-	FileName    string `xorm:"varchar(100)" json:"fileName"`
+	FileName    string `xorm:"varchar(1000)" json:"fileName"`
 	FileType    string `xorm:"varchar(100)" json:"fileType"`
 	FileFormat  string `xorm:"varchar(100)" json:"fileFormat"`
 	FileSize    int    `json:"fileSize"`
--- a/object/token.go
+++ b/object/token.go
@ -22,6 +22,7 @@ import (
 	"strings"
 	"time"

+	"github.com/casdoor/casdoor/idp"
 	"github.com/casdoor/casdoor/util"
 	"xorm.io/core"
 )
@ -58,6 +59,7 @@ type TokenWrapper struct {
 	TokenType    string `json:"token_type"`
 	ExpiresIn    int    `json:"expires_in"`
 	Scope        string `json:"scope"`
+	Error        string `json:"error,omitempty"`
 }

 type IntrospectionResponse struct {
@ -305,24 +307,31 @@ func GetOAuthCode(userId string, clientId string, responseType string, redirectU
 	}
 }

-func GetOAuthToken(grantType string, clientId string, clientSecret string, code string, verifier string, scope string, username string, password string, host string) *TokenWrapper {
+
+func GetOAuthToken(grantType string, clientId string, clientSecret string, code string, verifier string, scope string, username string, password string, host string, tag string, avatar string) *TokenWrapper {
+	var errString string
 	application := GetApplicationByClientId(clientId)
 	if application == nil {
+		errString = "error: invalid client_id"
 		return &TokenWrapper{
-			AccessToken: "error: invalid client_id",
+			AccessToken: errString,
 			TokenType:   "",
 			ExpiresIn:   0,
 			Scope:       "",
+			Error:       errString,
 		}
 	}

 	//Check if grantType is allowed in the current application
-	if !IsGrantTypeValid(grantType, application.GrantTypes) {
+
+	if !IsGrantTypeValid(grantType, application.GrantTypes) && tag == "" {
+		errString = fmt.Sprintf("error: grant_type: %s is not supported in this application", grantType)
 		return &TokenWrapper{
-			AccessToken: fmt.Sprintf("error: grant_type: %s is not supported in this application", grantType),
+			AccessToken: errString,
 			TokenType:   "",
 			ExpiresIn:   0,
 			Scope:       "",
+			Error:       errString,
 		}
 	}

@ -337,12 +346,19 @@ func GetOAuthToken(grantType string, clientId string, clientSecret string, code
 		token, err = GetClientCredentialsToken(application, clientSecret, scope, host)
 	}

+	if tag == "wechat_miniprogram" {
+		// Wechat Mini Program
+		token, err = GetWechatMiniProgramToken(application, code, host, username, avatar)
+	}
+
 	if err != nil {
+		errString = err.Error()
 		return &TokenWrapper{
-			AccessToken: err.Error(),
+			AccessToken: errString,
 			TokenType:   "",
 			ExpiresIn:   0,
 			Scope:       "",
+			Error:       errString,
 		}
 	}

@ -361,62 +377,75 @@ func GetOAuthToken(grantType string, clientId string, clientSecret string, code
 }

 func RefreshToken(grantType string, refreshToken string, scope string, clientId string, clientSecret string, host string) *TokenWrapper {
+	var errString string
 	// check parameters
 	if grantType != "refresh_token" {
+		errString = "error: grant_type should be \"refresh_token\""
 		return &TokenWrapper{
-			AccessToken: "error: grant_type should be \"refresh_token\"",
+			AccessToken: errString,
 			TokenType:   "",
 			ExpiresIn:   0,
 			Scope:       "",
+			Error:       errString,
 		}
 	}
 	application := GetApplicationByClientId(clientId)
 	if application == nil {
+		errString = "error: invalid client_id"
 		return &TokenWrapper{
-			AccessToken: "error: invalid client_id",
+			AccessToken: errString,
 			TokenType:   "",
 			ExpiresIn:   0,
 			Scope:       "",
+			Error:       errString,
 		}
 	}
 	if clientSecret != "" && application.ClientSecret != clientSecret {
+		errString = "error: invalid client_secret"
 		return &TokenWrapper{
-			AccessToken: "error: invalid client_secret",
+			AccessToken: errString,
 			TokenType:   "",
 			ExpiresIn:   0,
 			Scope:       "",
+			Error:       errString,
 		}
 	}
 	// check whether the refresh token is valid, and has not expired.
 	token := Token{RefreshToken: refreshToken}
 	existed, err := adapter.Engine.Get(&token)
 	if err != nil || !existed {
+		errString = "error: invalid refresh_token"
 		return &TokenWrapper{
-			AccessToken: "error: invalid refresh_token",
+			AccessToken: errString,
 			TokenType:   "",
 			ExpiresIn:   0,
 			Scope:       "",
+			Error:       errString,
 		}
 	}

 	cert := getCertByApplication(application)
 	_, err = ParseJwtToken(refreshToken, cert)
 	if err != nil {
+		errString := fmt.Sprintf("error: %s", err.Error())
 		return &TokenWrapper{
-			AccessToken: fmt.Sprintf("error: %s", err.Error()),
+			AccessToken: errString,
 			TokenType:   "",
 			ExpiresIn:   0,
 			Scope:       "",
+			Error:       errString,
 		}
 	}
 	// generate a new token
 	user := getUser(application.Organization, token.User)
 	if user.IsForbidden {
+		errString = "error: the user is forbidden to sign in, please contact the administrator"
 		return &TokenWrapper{
-			AccessToken: "error: the user is forbidden to sign in, please contact the administrator",
+			AccessToken: errString,
 			TokenType:   "",
 			ExpiresIn:   0,
 			Scope:       "",
+			Error:       errString,
 		}
 	}
 	newAccessToken, newRefreshToken, err := generateJwtToken(application, user, "", scope, host)
@ -608,3 +637,74 @@ func GetTokenByUser(application *Application, user *User, scope string, host str
 	AddToken(token)
 	return token, nil
 }
+
+// Wechat Mini Program flow
+func GetWechatMiniProgramToken(application *Application, code string, host string, username string, avatar string) (*Token, error) {
+	mpProvider := GetWechatMiniProgramProvider(application)
+	if mpProvider == nil {
+		return nil, errors.New("error: the application does not support wechat mini program")
+	}
+	provider := GetProvider(util.GetId(mpProvider.Name))
+	mpIdp := idp.NewWeChatMiniProgramIdProvider(provider.ClientId, provider.ClientSecret)
+	session, err := mpIdp.GetSessionByCode(code)
+	if err != nil {
+		return nil, err
+	}
+	openId, unionId := session.Openid, session.Unionid
+	if openId == "" && unionId == "" {
+		return nil, errors.New("err: WeChat's openid and unionid are empty")
+	}
+	user := getUserByWechatId(openId, unionId)
+	if user == nil {
+		if !application.EnableSignUp {
+			return nil, errors.New("err: the application does not allow to sign up new account")
+		}
+		//Add new user
+		var name string
+		if username != "" {
+			name = username
+		} else {
+			name = fmt.Sprintf("wechat-%s", openId)
+		}
+
+		user = &User{
+			Owner:             application.Organization,
+			Id:                util.GenerateId(),
+			Name:              name,
+			Avatar:            avatar,
+			SignupApplication: application.Name,
+			WeChat:            openId,
+			WeChatUnionId:     unionId,
+			Type:              "normal-user",
+			CreatedTime:       util.GetCurrentTime(),
+			IsAdmin:           false,
+			IsGlobalAdmin:     false,
+			IsForbidden:       false,
+			IsDeleted:         false,
+		}
+		AddUser(user)
+	}
+
+	accessToken, refreshToken, err := generateJwtToken(application, user, "", "", host)
+	if err != nil {
+		return nil, err
+	}
+
+	token := &Token{
+		Owner:        application.Owner,
+		Name:         util.GenerateId(),
+		CreatedTime:  util.GetCurrentTime(),
+		Application:  application.Name,
+		Organization: user.Owner,
+		User:         user.Name,
+		Code:         session.SessionKey, //a trick, because miniprogram does not use the code, so use the code field to save the session_key
+		AccessToken:  accessToken,
+		RefreshToken: refreshToken,
+		ExpiresIn:    application.ExpireInHours * 60,
+		Scope:        "",
+		TokenType:    "Bearer",
+		CodeIsUsed:   true,
+	}
+	AddToken(token)
+	return token, nil
+}
--- a/object/user.go
+++ b/object/user.go
@ -72,27 +72,29 @@ type User struct {
 	LastSigninTime string `xorm:"varchar(100)" json:"lastSigninTime"`
 	LastSigninIp   string `xorm:"varchar(100)" json:"lastSigninIp"`

-	Github   string `xorm:"varchar(100)" json:"github"`
-	Google   string `xorm:"varchar(100)" json:"google"`
-	QQ       string `xorm:"qq varchar(100)" json:"qq"`
-	WeChat   string `xorm:"wechat varchar(100)" json:"wechat"`
-	Facebook string `xorm:"facebook varchar(100)" json:"facebook"`
-	DingTalk string `xorm:"dingtalk varchar(100)" json:"dingtalk"`
-	Weibo    string `xorm:"weibo varchar(100)" json:"weibo"`
-	Gitee    string `xorm:"gitee varchar(100)" json:"gitee"`
-	LinkedIn string `xorm:"linkedin varchar(100)" json:"linkedin"`
-	Wecom    string `xorm:"wecom varchar(100)" json:"wecom"`
-	Lark     string `xorm:"lark varchar(100)" json:"lark"`
-	Gitlab   string `xorm:"gitlab varchar(100)" json:"gitlab"`
-	Adfs     string `xorm:"adfs varchar(100)" json:"adfs"`
-	Baidu    string `xorm:"baidu varchar(100)" json:"baidu"`
-	Alipay   string `xorm:"alipay varchar(100)" json:"alipay"`
-	Casdoor  string `xorm:"casdoor varchar(100)" json:"casdoor"`
-	Infoflow string `xorm:"infoflow varchar(100)" json:"infoflow"`
-	Apple    string `xorm:"apple varchar(100)" json:"apple"`
-	AzureAD  string `xorm:"azuread varchar(100)" json:"azuread"`
-	Slack    string `xorm:"slack varchar(100)" json:"slack"`
-	Steam    string `xorm:"steam varchar(100)" json:"steam"`
+	Github        string `xorm:"varchar(100)" json:"github"`
+	Google        string `xorm:"varchar(100)" json:"google"`
+	QQ            string `xorm:"qq varchar(100)" json:"qq"`
+	WeChat        string `xorm:"wechat varchar(100)" json:"wechat"`
+	WeChatUnionId string `xorm:"varchar(100)" json:"unionId"`
+	Facebook      string `xorm:"facebook varchar(100)" json:"facebook"`
+	DingTalk      string `xorm:"dingtalk varchar(100)" json:"dingtalk"`
+	Weibo         string `xorm:"weibo varchar(100)" json:"weibo"`
+	Gitee         string `xorm:"gitee varchar(100)" json:"gitee"`
+	LinkedIn      string `xorm:"linkedin varchar(100)" json:"linkedin"`
+	Wecom         string `xorm:"wecom varchar(100)" json:"wecom"`
+	Lark          string `xorm:"lark varchar(100)" json:"lark"`
+	Gitlab        string `xorm:"gitlab varchar(100)" json:"gitlab"`
+	Adfs          string `xorm:"adfs varchar(100)" json:"adfs"`
+	Baidu         string `xorm:"baidu varchar(100)" json:"baidu"`
+	Alipay        string `xorm:"alipay varchar(100)" json:"alipay"`
+	Casdoor       string `xorm:"casdoor varchar(100)" json:"casdoor"`
+	Infoflow      string `xorm:"infoflow varchar(100)" json:"infoflow"`
+	Apple         string `xorm:"apple varchar(100)" json:"apple"`
+	AzureAD       string `xorm:"azuread varchar(100)" json:"azuread"`
+	Slack         string `xorm:"slack varchar(100)" json:"slack"`
+	Steam         string `xorm:"steam varchar(100)" json:"steam"`
+	Custom        string `xorm:"custom varchar(100)" json:"custom"`

 	Ldap       string            `xorm:"ldap varchar(100)" json:"ldap"`
 	Properties map[string]string `json:"properties"`
@ -227,6 +229,23 @@ func getUserById(owner string, id string) *User {
 	}
 }

+func getUserByWechatId(wechatOpenId string, wechatUnionId string) *User {
+	if wechatUnionId == "" {
+		wechatUnionId = wechatOpenId
+	}
+	user := &User{}
+	existed, err := adapter.Engine.Where("wechat = ? OR wechat = ? OR unionid = ?", wechatOpenId, wechatUnionId, wechatUnionId).Get(user)
+	if err != nil {
+		panic(err)
+	}
+
+	if existed {
+		return user
+	} else {
+		return nil
+	}
+}
+
 func GetUserByEmail(owner string, email string) *User {
 	if owner == "" || email == "" {
 		return nil
--- a/swagger/swagger.json
+++ b/swagger/swagger.json
@ -2797,11 +2797,11 @@
        }
    },
    "definitions": {
-        "2026.0xc000380de0.false": {
+        "2127.0xc00036c600.false": {
            "title": "false",
            "type": "object"
        },
-        "2060.0xc000380e10.false": {
+        "2161.0xc00036c630.false": {
            "title": "false",
            "type": "object"
        },
@ -2818,10 +2818,10 @@
            "type": "object",
            "properties": {
                "data": {
-                    "$ref": "#/definitions/2026.0xc000380de0.false"
+                    "$ref": "#/definitions/2127.0xc00036c600.false"
                },
                "data2": {
-                    "$ref": "#/definitions/2060.0xc000380e10.false"
+                    "$ref": "#/definitions/2161.0xc00036c630.false"
                },
                "msg": {
                    "type": "string"
@ -2842,10 +2842,10 @@
            "type": "object",
            "properties": {
                "data": {
-                    "$ref": "#/definitions/2026.0xc000380de0.false"
+                    "$ref": "#/definitions/2127.0xc00036c600.false"
                },
                "data2": {
-                    "$ref": "#/definitions/2060.0xc000380e10.false"
+                    "$ref": "#/definitions/2161.0xc00036c630.false"
                },
                "msg": {
                    "type": "string"
@ -3648,6 +3648,9 @@
                "access_token": {
                    "type": "string"
                },
+                "error": {
+                    "type": "string"
+                },
                "expires_in": {
                    "type": "integer",
                    "format": "int64"
@ -3682,6 +3685,9 @@
                "affiliation": {
                    "type": "string"
                },
+                "alipay": {
+                    "type": "string"
+                },
                "apple": {
                    "type": "string"
                },
@ -3721,6 +3727,9 @@
                "email": {
                    "type": "string"
                },
+                "emailVerified": {
+                    "type": "boolean"
+                },
                "facebook": {
                    "type": "string"
                },
--- a/swagger/swagger.yml
+++ b/swagger/swagger.yml
@ -1831,10 +1831,10 @@ paths:
          schema:
            $ref: '#/definitions/object.Userinfo'
 definitions:
-  2026.0xc000380de0.false:
+  2127.0xc00036c600.false:
    title: "false"
    type: object
-  2060.0xc000380e10.false:
+  2161.0xc00036c630.false:
    title: "false"
    type: object
  RequestForm:
@ -1848,9 +1848,9 @@ definitions:
    type: object
    properties:
      data:
-        $ref: '#/definitions/2026.0xc000380de0.false'
+        $ref: '#/definitions/2127.0xc00036c600.false'
      data2:
-        $ref: '#/definitions/2060.0xc000380e10.false'
+        $ref: '#/definitions/2161.0xc00036c630.false'
      msg:
        type: string
      name:
@ -1864,9 +1864,9 @@ definitions:
    type: object
    properties:
      data:
-        $ref: '#/definitions/2026.0xc000380de0.false'
+        $ref: '#/definitions/2127.0xc00036c600.false'
      data2:
-        $ref: '#/definitions/2060.0xc000380e10.false'
+        $ref: '#/definitions/2161.0xc00036c630.false'
      msg:
        type: string
      name:
@ -2407,6 +2407,8 @@ definitions:
    properties:
      access_token:
        type: string
+      error:
+        type: string
      expires_in:
        type: integer
        format: int64
@ -2430,6 +2432,8 @@ definitions:
        type: string
      affiliation:
        type: string
+      alipay:
+        type: string
      apple:
        type: string
      avatar:
@ -2456,6 +2460,8 @@ definitions:
        type: string
      email:
        type: string
+      emailVerified:
+        type: boolean
      facebook:
        type: string
      firstName:
--- a/web/crowdin.yml
+++ b/web/crowdin.yml
@ -4,7 +4,7 @@ preserve_hierarchy: true
 files: [
    # JSON translation files
    {
-      source: '/web/src/locales/en/data.json',
-      translation: '/web/src/locales/%two_letters_code%/data.json',
+      source: '/src/locales/en/data.json',
+      translation: '/src/locales/%two_letters_code%/data.json',
    },
  ]
--- a/web/src/OrganizationEditPage.js
+++ b/web/src/OrganizationEditPage.js
@ -240,6 +240,16 @@ class OrganizationEditPage extends React.Component {
            }} />
          </Col>
        </Row>
+        <Row style={{marginTop: '20px'}} >
+          <Col style={{marginTop: '5px'}} span={(Setting.isMobile()) ? 19 : 2}>
+            {Setting.getLabel(i18next.t("organization:Is profile public"), i18next.t("organization:Is profile public - Tooltip"))} :
+          </Col>
+          <Col span={1} >
+            <Switch checked={this.state.organization.isProfilePublic} onChange={checked => {
+              this.updateOrganizationField('isProfilePublic', checked);
+            }} />
+          </Col>
+        </Row>
        <Row style={{marginTop: '20px'}}>
          <Col style={{marginTop: '5px'}} span={(Setting.isMobile()) ? 22 : 2}>
            {Setting.getLabel(i18next.t("general:LDAPs"), i18next.t("general:LDAPs - Tooltip"))} :
--- a/web/src/OrganizationListPage.js
+++ b/web/src/OrganizationListPage.js
@ -39,6 +39,7 @@ class OrganizationListPage extends BaseListPage {
      tags: [],
      masterPassword: "",
      enableSoftDeletion: false,
+      isProfilePublic: true,
    }
  }

--- a/web/src/ProviderEditPage.js
+++ b/web/src/ProviderEditPage.js
@ -212,6 +212,12 @@ class ProviderEditPage extends React.Component {
              if (value === "Local File System") {
                this.updateProviderField('domain', Setting.getFullServerUrl());
              }
+              if (value === "Custom") {
+                this.updateProviderField('customAuthUrl', 'https://door.casdoor.com/login/oauth/authorize');
+                this.updateProviderField('customScope', 'openid profile email');
+                this.updateProviderField('customTokenUrl', 'https://door.casdoor.com/api/login/oauth/access_token');
+                this.updateProviderField('customUserInfoUrl', 'https://door.casdoor.com/api/userinfo');
+              }
            })}>
              {
                Setting.getProviderTypeOptions(this.state.provider.category).map((providerType, index) => <Option key={index} value={providerType.id}>{providerType.name}</Option>)
@ -256,6 +262,79 @@ class ProviderEditPage extends React.Component {
            </React.Fragment>
          )
        }
+        {
+          this.state.provider.type !== "Custom" ? null : (
+            <React.Fragment>
+              <Row style={{marginTop: '20px'}} >
+                <Col style={{marginTop: '5px'}} span={(Setting.isMobile()) ? 22 : 2}>
+                  {Setting.getLabel(i18next.t("provider:Auth URL"), i18next.t("provider:Auth URL - Tooltip"))}
+                </Col>
+                <Col span={22} >
+                  <Input value={this.state.provider.customAuthUrl} onChange={e => {
+                    this.updateProviderField('customAuthUrl', e.target.value);
+                  }} />
+                </Col>
+              </Row>
+              <Row style={{marginTop: '20px'}} >
+                <Col style={{marginTop: '5px'}} span={(Setting.isMobile()) ? 22 : 2}>
+                  {Setting.getLabel(i18next.t("provider:Scope"), i18next.t("provider:Scope - Tooltip"))}
+                </Col>
+                <Col span={22} >
+                  <Input value={this.state.provider.customScope} onChange={e => {
+                    this.updateProviderField('customScope', e.target.value);
+                  }} />
+                </Col>
+              </Row>
+              <Row style={{marginTop: '20px'}} >
+                <Col style={{marginTop: '5px'}} span={(Setting.isMobile()) ? 22 : 2}>
+                  {Setting.getLabel(i18next.t("provider:Token URL"), i18next.t("provider:Token URL - Tooltip"))}
+                </Col>
+                <Col span={22} >
+                  <Input value={this.state.provider.customTokenUrl} onChange={e => {
+                    this.updateProviderField('customTokenUrl', e.target.value);
+                  }} />
+                </Col>
+              </Row>
+              <Row style={{marginTop: '20px'}} >
+                <Col style={{marginTop: '5px'}} span={(Setting.isMobile()) ? 22 : 2}>
+                  {Setting.getLabel(i18next.t("provider:UserInfo URL"), i18next.t("provider:UserInfo URL - Tooltip"))}
+                </Col>
+                <Col span={22} >
+                  <Input value={this.state.provider.customUserInfoUrl} onChange={e => {
+                    this.updateProviderField('customUserInfoUrl', e.target.value);
+                  }} />
+                </Col>
+              </Row>
+              <Row style={{marginTop: '20px'}} >
+                <Col style={{marginTop: '5px'}} span={(Setting.isMobile()) ? 22 : 2}>
+                  {Setting.getLabel( i18next.t("general:Favicon"), i18next.t("general:Favicon - Tooltip"))} :
+                </Col>
+                <Col span={22} >
+                  <Row style={{marginTop: '20px'}} >
+                    <Col style={{marginTop: '5px'}} span={(Setting.isMobile()) ? 22 : 2}>
+                      {Setting.getLabel(i18next.t("general:URL"), i18next.t("general:URL - Tooltip"))} :
+                    </Col>
+                    <Col span={23} >
+                      <Input prefix={<LinkOutlined/>} value={this.state.provider.customLogo} onChange={e => {
+                        this.updateProviderField('customLogo', e.target.value);
+                      }} />
+                    </Col>
+                  </Row>
+                  <Row style={{marginTop: '20px'}} >
+                    <Col style={{marginTop: '5px'}} span={(Setting.isMobile()) ? 22 : 2}>
+                      {i18next.t("general:Preview")}:
+                    </Col>
+                    <Col span={23} >
+                      <a target="_blank" rel="noreferrer" href={this.state.provider.customLogo}>
+                        <img src={this.state.provider.customLogo} alt={this.state.provider.customLogo} height={90} style={{marginBottom: '20px'}}/>
+                      </a>
+                    </Col>
+                  </Row>
+                </Col>
+              </Row>
+            </React.Fragment>
+          )
+        }
        <Row style={{marginTop: '20px'}} >
          <Col style={{marginTop: '5px'}} span={(Setting.isMobile()) ? 22 : 2}>
            {this.getClientIdLabel()}
--- a/web/src/Setting.js
+++ b/web/src/Setting.js
@ -76,6 +76,10 @@ export function isProviderVisible(providerItem) {
    return false;
  }

+  if (providerItem.provider.type === "WeChatMiniProgram"){
+    return false
+  }
+
  return true;
 }

@ -392,6 +396,7 @@ export function getProviderTypeOptions(category) {
        {id: 'GitHub', name: 'GitHub'},
        {id: 'QQ', name: 'QQ'},
        {id: 'WeChat', name: 'WeChat'},
+        {id: 'WeChatMiniProgram', name: 'WeChat Mini Program'},
        {id: 'Facebook', name: 'Facebook'},
        {id: 'DingTalk', name: 'DingTalk'},
        {id: 'Weibo', name: 'Weibo'},
@ -409,6 +414,7 @@ export function getProviderTypeOptions(category) {
        {id: 'AzureAD', name: 'AzureAD'},
        {id: 'Slack', name: 'Slack'},
        {id: 'Steam', name: 'Steam'},
+        {id: 'Custom', name: 'Custom'},
      ]
    );
  } else if (category === "Email") {
--- a/web/src/UserEditPage.js
+++ b/web/src/UserEditPage.js
@ -13,7 +13,7 @@
 // limitations under the License.

 import React from "react";
-import {Button, Card, Col, Input, Row, Select, Switch} from 'antd';
+import {Button, Card, Col, Input, Result, Row, Select, Spin, Switch} from 'antd';
 import * as UserBackend from "./backend/UserBackend";
 import * as OrganizationBackend from "./backend/OrganizationBackend";
 import * as Setting from "./Setting";
@ -47,6 +47,7 @@ class UserEditPage extends React.Component {
      organizations: [],
      applications: [],
      mode: props.location.mode !== undefined ? props.location.mode : "edit",
+      loading: true,
    };
  }

@ -59,9 +60,14 @@ class UserEditPage extends React.Component {

  getUser() {
    UserBackend.getUser(this.state.organizationName, this.state.userName)
-      .then((user) => {
+      .then((data) => {
+        if (data.status === null || data.status !== "error") {
+          this.setState({
+            user: data,
+          });
+        }
        this.setState({
-          user: user,
+          loading: false,
        });
      });
  }
@ -423,6 +429,8 @@ class UserEditPage extends React.Component {
          )
        }
      </Card>
+
+
    )
  }

@ -469,13 +477,24 @@ class UserEditPage extends React.Component {
    return (
      <div>
      {
-        this.state.user !== null ? this.renderUser() : null
+        this.state.loading ? <Spin loading={this.state.loading} size="large" /> : (
+          this.state.user !== null ? this.renderUser() :
+            <Result
+              status="404"
+              title="404 NOT FOUND"
+              subTitle={i18next.t("general:Sorry, the user you visited does not exist or you are not authorized to access this user.")}
+              extra={<a href="/"><Button type="primary">{i18next.t("general:Back Home")}</Button></a>}
+            />
+        )
+      }
+      {
+        this.state.user === null ? null :
+        <div style={{marginTop: '20px', marginLeft: '40px'}}>
+          <Button size="large" onClick={() => this.submitUserEdit(false)}>{i18next.t("general:Save")}</Button>
+          <Button style={{marginLeft: '20px'}} type="primary" size="large" onClick={() => this.submitUserEdit(true)}>{i18next.t("general:Save & Exit")}</Button>
+          {this.state.mode === "add" ? <Button style={{marginLeft: '20px'}} size="large" onClick={() => this.deleteUser()}>{i18next.t("general:Cancel")}</Button> : null}
+        </div>
      }
-      <div style={{marginTop: '20px', marginLeft: '40px'}}>
-        <Button size="large" onClick={() => this.submitUserEdit(false)}>{i18next.t("general:Save")}</Button>
-        <Button style={{marginLeft: '20px'}} type="primary" size="large" onClick={() => this.submitUserEdit(true)}>{i18next.t("general:Save & Exit")}</Button>
-        {this.state.mode === "add" ? <Button style={{marginLeft: '20px'}} size="large" onClick={() => this.deleteUser()}>{i18next.t("general:Cancel")}</Button> : null}
-      </div>
    </div>
    );
  }
--- a/web/src/auth/Provider.js
+++ b/web/src/auth/Provider.js
@ -36,6 +36,9 @@ const authInfo = {
    mpScope: "snsapi_userinfo",
    mpEndpoint: "https://open.weixin.qq.com/connect/oauth2/authorize"
  },
+  WeChatMiniProgram: {
+    endpoint: "https://mp.weixin.qq.com/",
+  },
  Facebook: {
    scope: "email,public_profile",
    endpoint: "https://www.facebook.com/dialog/oauth",
@ -104,6 +107,9 @@ const authInfo = {
  Steam: {
    endpoint: "https://steamcommunity.com/openid/login",
  },
+  Custom: {
+    endpoint: "https://example.com/",
+  },
 };

 const otherProviderInfo = {
@ -181,6 +187,9 @@ const otherProviderInfo = {

 export function getProviderLogo(provider) {
  if (provider.category === "OAuth") {
+    if (provider.type === "Custom") {
+      return provider.customLogo;  
+    }
    return `${Setting.StaticBaseUrl}/img/social_${provider.type.toLowerCase()}.png`;
  } else {
    return otherProviderInfo[provider.category][provider.type].logo;
@ -305,5 +314,7 @@ export function getAuthUrl(application, provider, method) {
    return `${endpoint}?client_id=${provider.clientId}&redirect_uri=${redirectUri}&state=${state}&response_type=code&scope=${scope}`;
  } else if (provider.type === "Steam") {
    return `${endpoint}?openid.claimed_id=http://specs.openid.net/auth/2.0/identifier_select&openid.identity=http://specs.openid.net/auth/2.0/identifier_select&openid.mode=checkid_setup&openid.ns=http://specs.openid.net/auth/2.0&openid.realm=${window.location.origin}&openid.return_to=${redirectUri}?state=${state}`;
+  } else if (provider.type === "Custom") {
+    return `${provider.customAuthUrl}?client_id=${provider.clientId}&redirect_uri=${redirectUri}&scope=${provider.customScope}&response_type=code&state=${state}`;
  } 
 }
--- a/web/src/locales/zh/data.json
+++ b/web/src/locales/zh/data.json
@ -171,6 +171,7 @@
    "Signup application": "注册应用",
    "Signup application - Tooltip": "表示用户注册时通过哪个应用注册的",
    "Sorry, the page you visited does not exist.": "抱歉，您访问的页面不存在",
+    "Sorry, the user you visited does not exist or you are not authorized to access this user.": "抱歉，您访问的用户不存在或您无权访问该用户",
    "State": "状态",
    "State - Tooltip": "状态",
    "Swagger": "API文档",
@ -252,7 +253,9 @@
    "Tags": "标签集合",
    "Tags - Tooltip": "可供用户选择的标签的集合",
    "Website URL": "网页地址",
-    "Website URL - Tooltip": "网页地址"
+    "Website URL - Tooltip": "网页地址",
+    "Is profile public": "公开用户信息",
+    "Is profile public - Tooltip": "关闭后，只有全局管理员或同组织才能访问用户信息"
  },
  "payment": {
    "Currency": "币种",
@ -330,6 +333,8 @@
    "Agent ID - Tooltip": "Agent ID - Tooltip",
    "App ID": "App ID",
    "App ID - Tooltip": "App ID - Tooltip",
+    "Auth URL": "Auth URL",
+    "Auth URL - Tooltip": "Auth URL - 工具提示",
    "Bucket": "存储桶",
    "Bucket - Tooltip": "Bucket名称",
    "Can not parse Metadata": "无法解析元数据",
@ -377,6 +382,8 @@
    "Region endpoint for Internet": "地域节点 (外网)",
    "Region endpoint for Intranet": "地域节点 (内网)",
    "SAML 2.0 Endpoint (HTTP)": "SAML 2.0 Endpoint (HTTP)",
+    "Scope": "Scope",
+    "Scope - Tooltip": "Scope - 工具提示",
    "SMS account": "SMS account",
    "SMS account - Tooltip": "SMS account - Tooltip",
    "SP ACS URL": "SP ACS URL",
@ -400,8 +407,12 @@
    "Template Code - Tooltip": "模板CODE",
    "Terms of Use": "使用条款",
    "Terms of Use - Tooltip": "使用条款 - 工具提示",
+    "Token URL": "Token URL",
+    "Token URL - Tooltip": "Token URL - 工具提示",
    "Type": "类型",
    "Type - Tooltip": "类型",
+    "UserInfo URL": "UserInfo URL",
+    "UserInfo URL - Tooltip": "UserInfo URL - 工具提示",
    "alertType": "警报类型",
    "canSignIn": "canSignIn",
    "canSignUp": "canSignUp",
Author	SHA1	Message	Date
halozhy	287f60353c	feat: try to support custom OAuth provider (#667 ) * feat: try to support private provider * fix: modify code according to code review * feat: set example values for custom params	2022-04-16 17:17:45 +08:00
Yixiang Zhao	530330bd66	feat: add isProfilePublic setting for accessing user info (#656 ) * feat: add isProfilePublic setting for accessing user info Signed-off-by: Yixiang Zhao <seriouszyx@foxmail.com> * fix: requested changes Signed-off-by: Yixiang Zhao <seriouszyx@foxmail.com>	2022-04-16 15:10:03 +08:00
Yang Luo	70a1428972	Improve resource DB column length.	2022-04-16 13:23:05 +08:00
Nekotoxin	1d183decea	fix: cicd error (#671 ) * fix: ci/cd error * fix: ci/cd error * fix: ci/cd error	2022-04-16 00:09:23 +08:00
Yi Zhan	b92d03e2bb	feat: add wechat mini program support (#658 ) * feat: add wechat mini program support Signed-off-by: Steve0x2a <stevesough@gmail.com> * fix: accept suggestions. Signed-off-by: Steve0x2a <stevesough@gmail.com> * fix: error message and code level modification Signed-off-by: Steve0x2a <stevesough@gmail.com> * fix: simplify the use process Signed-off-by: Steve0x2a <stevesough@gmail.com>	2022-04-15 11:49:56 +08:00
Yi Zhan	9877174780	fix: add independent error message in token endpoint (#662 ) * fix: add independent error message in token endpoint Signed-off-by: Steve0x2a <stevesough@gmail.com> * fix: reduced use of variables Signed-off-by: Steve0x2a <stevesough@gmail.com> * fix: error messages use the same variable Signed-off-by: Steve0x2a <stevesough@gmail.com>	2022-04-14 10:22:56 +08:00
Товарищ программист	b178be9aef	feat: implement proxy (#661 )	2022-04-13 14:04:40 +08:00