Third-party login is a common authentication mechanism that allows users to log in to your app or website using their accounts from other platforms, such as social media, email services, or development platforms, without the need to create new usernames and passwords. This approach not only simplifies the login process for users, but also improves user experience and security.
Key features of third-party login
Simplified registration and login:
Users don't need to create a new account, just use an existing third-party account to quickly log in.
Reduces the problem of users forgetting passwords and managing multiple accounts.
Improved security:
Users' passwords are not stored on your system, reducing the risk of password leakage.
Third-party platforms typically have stricter security measures in place to protect user data.
Increase user trust:
Users have a high level of trust in well-known third-party platforms, and logging in with an account from one of these platforms can increase users' trust in your app or website
Third-party login (Gitee)
-
Sign up for the app
Register an application with the Gitee developer platform, get client_id and client_secret
Configure the callback url, which is the address that the user will be redirected to after authorization. -
Directing the user to the authorization page
Build an authorization request url that directs the user to the gitee authorization page.
The request url format is as follows/oauth/authorize?client_id={client_id}&redirect_uri={redirect_uri}&response_type=code #client_id: Your app ID. #redirect_uri: The address of the callback, must be the same as the callback address in the app configuration. #response_type: The response type, usually code. #scope: The scope of the request, e.g. user_info. -
user authorization
Users clicking on the link will be redirected to the gitee authorization page
Users choose whether or not to authorize your app to access their data
If the user agrees to the authorization, gitee will redirect back to your configured callback address with an authorization code -
Get Access Token
Send a request to gitee using the authorization code (code) to get an access token (access_token)
The request url format is as follows/oauth/token?grant_type=authorization_code&code={code}&client_id={client_id}&redirect_uri={redirect_uri}&client_secret={client_secret} -
Using access tokens
Once you have the access_token, you can use it to access the gitee api for user information or other resources
For example, get the user information url/api/v5/user?access_token=7be75844c5439749f367c27cdbb96790
New Application
gitee oauth
OAuth2 Get AccessToken Authentication Steps
** Authorization code model**
The application directs the user to the CodeCloud triple authentication page via a browser or webview (GET request).
/oauth/authorize?client_id={client_id}&redirect_uri={redirect_uri}&response_type=code
``
User authorization for the application
Note: If you have already authorized the application before and need to skip the authorization page, you need to add the scope parameter to the URL in the first step above, and the value of the scope needs to be the same as the value of the checkbox of the user's last authorization. If the user authorized user_info, projects and pull_requests last time, the GET request in step A should be:
```python
/oauth/authorize?client_id={client_id}&redirect_uri={redirect_uri}&response_type=code&scope=user_info%20projects% 20pull_requests%&response_type=code&scope=user_info%20projects%20pull_requests 20pull_requests
Code Cloud Authentication Server passes the user authorization code to the application server via the callback address {redirect_uri} or directly jump to the callback address carrying the user authorization code in the Webview, and the Webview directly gets the code ({redirect_uri}?code=abc&state=xyz).
The application server or webview uses the access_token API to send a post request to the code cloud authentication server to pass in the user authorization code and the callback address (POST request).
Note: It is recommended to pass client_secret in Body to ensure data security.
/oauth/token?grant_type=authorization_code&code={code}&client_id={client_id}&redirect_uri={redirect_uri}&client_secret={client_secret}
Code Cloud Authentication Server returns access_token
The application accesses the Open API to use user data via access_token.
When the access_token has expired (valid for one day), you can get the access_token back by using the following refresh_token method (POST request)
/oauth/token?grant_type=refresh_token&refresh_token={refresh_token}
Note: If getting access_token returns 403, it may be because the User-Agent is not set.
tools
third_login = {
'gitee':'Gitee'
}
# Encapsulating Factory Classes
class SimpleFactory:
@staticmethod
def product(name):
return eval(third_login[name]+"()")
class Gitee:
def __init__(self):
self.redirect_uri = 'http://localhost:5000/gitee_back/'
self.client_id = 'db129dabb36711081dc7273f1cb174d051a68eb4f8e041ecda32b7d2dcb60203'
self.client_secret = '7d4d60b0c9b2d89e04ddf802a32a103768976143f4ede832645b7bc442cbf7ed'
# token
self.token_api = '/oauth/token'
#Get a three-way login link
def get_url(self):
return f"/oauth/authorize?client_id={self.client_id}&redirect_uri={self.redirect_uri}&response_type=code"
# Get user information
def get_info(self, code):
# changetoken
res = (
f"/oauth/token?grant_type=authorization_code&code={code}&client_id={self.client_id}&redirect_uri={self.redirect_uri}&client_secret={self.client_secret}")
token = ()["access_token"]
# Get user information
res = (f"/api/v5/user?access_token={token}")
name = ()["name"]
avatar_url = ()["avatar_url"]
return name,avatar_url
view layer
# pull back (of a key (in music)
class GiteeBack(MethodView):
# pull back (of a key (in music)接口
def get(self):
code = ('code', None)
gitee = ('gitee')
data = gitee.get_info(code)
return jsonify({'code':,'msg':code_desc[],'data':data})
# come (or go) backurl
def post(self):
return jsonify({'code':,'msg':code_desc[],'url':('gitee').get_url()})
