OAuth

1. Background When configuring Directus to use DingTalk QR code login, I found that DingTalk’s password-free login (OAuth 2) is not consistent with the RFC specification. Protocol conversion is needed before it can communicate with Directus normally. This is a relatively niche requirement, and there was no existing software available, so I had to build it myself. 2. Main Functions Can act as a middleware for API communication, forwarding communication between clients and API servers, recording LOGs for convenient protocol analysis; As a middleware, it can modify request content and response content; it can do protocol adaptation and conversion. APIPROXY is a RESTFUL API proxy, monitor and adaptor. ...

1. Project Overview The expected outcome of this small project is to allow Directus to support logging in with DingTalk accounts. After understanding the OAuth2 protocol (see the previous blog post, reference 1), we have enough knowledge to implement this. Directus natively supports GitHub login, so the approach is to start with GitHub. Follow these steps: Configure Directus to use GitHub account login to get familiar with Directus’s standard OAuth support Configure Directus to use DingTalk account login; since DingTalk’s protocol implementation differs from RFC6749/GitHub, we may need to handle issues as they arise Deploy Directus to the server environment and verify on both DingTalk PC and mobile versions 2. Environment Configuration Use ngrok locally to expose a service to receive OAuth server redirects. ...

1. Principle Suppose there’s an APP that wants me to use GitHub for authorized login. In this login scenario: I, as the data owner, tell the system (GitHub) that I agree to authorize a third-party application (App) to enter the system and obtain certain data (my ID, avatar, etc.). The system then generates a short-term access token to replace the password for the third-party application (APP) to access the data. ...