Skip to main content

OAuth

The Tailchat open platform supports the OAuth login protocol, and you can easily integrate the Tailchat account system into your system. Just like our common Github Login, Google Login, Apple Login

Now, you can use Tailchat to implement a unified account management system for your multiple platforms.

Create a new open platform application in Tailchat

You need to create an open platform application and enable OAuth service.

Fill in the address that is allowed to be redirected in callback address.

Create a stand-alone application that initiates and accepts callbacks

First of all, we need to have a general understanding of the basic process of OAuth before we officially start

Simply put, it is divided into three steps:

  • The first step: access authorization, you need to pass client_id: client id, redirect_uri: redirect uri, response_type is code, scope is the scope of authorization, fill in openid profile by default, and state is other custom parameters
  • Step 2: After the authorization is passed, it will be redirected to redirect_uri, and the code will be used as its parameter
  • Step 3: After getting the code, you can exchange it for an access token, and then you can directly access resources through the token

You can refer to [https://github.com/msgbyte/tailchat/blob/master/server/test/demo/openapi-client-simple/index.ts](https://github.com/msgbyte/tailchat/blob /master/server/test/demo/openapi-client-simple/index.ts) to implement your own OAuth application

Main process

Here is a brief overview of the process:

First construct a request address, like:

<API>/open/auth?client_id=<clientId>&redirect_uri=<redirect_uri>&scope=openid profile&response_type=code&state=123456789

in:

  • API is your tailchat backend address, if you use the default deployment scheme, it is your access address.
  • clientId is the address of the open platform you applied for in the first step.
  • redirect_uri is your callback address, you need to make sure it has been added to the whitelist of allowed callback addresses
  • scope is the scope of application authorization, currently fill in openid profile fixedly
  • response_type is the response type, just fill in code
  • state and other custom parameters will be called with redirection and code parameters.

After the user visits this address, it will jump to the Tailchat platform for login authorization. If the authorization is passed, it will be redirected to the address specified by redirect_uri. At this time, the receiving address can get code and state in the query string.

In the next step, we need to exchange code for token by sending a POST request. Next, we need to use token to obtain user information

POST <API>/open/token
{
  "client_id": clientId,
  "client_secret": clientSecret,
  "redirect_uri": redirect_uri,
  "code": code,
  "grant_type": 'authorization_code',
}

return value:

{
  access_token,
  expires_in,
  id_token,
  scope,
  token_type
}

At this point we got the access_token, which we can use to request user information:

POST <API>/open/me
{
  "access_token": access_token,
}

return value:

{
  sub,
  nickname,
  discriminator,
  avatar,
}

Among them, sub can be understood as the user's id, which is the unique identifier of the user