💡 修改注释

fix: bug 58-63 scope在微软最新的文档中要求必须用空格隔开,form构建时候空格会被强制转换为%20,所以此处重新覆盖

.github/FUNDING.yml

@@ -9,4 +9,4 @@ community_bridge: # Replace with a single Community Bridge project-name e.g., cl
 liberapay: # Replace with a single Liberapay username
 issuehunt: # Replace with a single IssueHunt username
 otechie: # Replace with a single Otechie username
-custom: ['https://justauth.wiki/sponsor.html']
+custom: ['https://www.justauth.cn/sponsor.html']

.github/ISSUE_TEMPLATE/bug_report.md

@@ -9,8 +9,8 @@ assignees: ''
 ## Pre-submission checklist:
 
 - [ ] I have searched the relevant information in the existing list of Issues.
-- [ ] I have searched the developer documentation for that information: https://justauth.wiki
-- [ ] I have read the relevant Q&A: https://justauth.wiki
+- [ ] I have searched the developer documentation for that information: https://www.justauth.cn
+- [ ] I have read the relevant Q&A: https://www.justauth.cn
 
 ## Issue description
 

CHANGELOGS.md

@@ -1,3 +1,20 @@
+## 1.16.6
+
+### 2023/12/03
+- 优化
+  - 微信公众平台支持返回快照标识（快照标识为 true 时，标识当前获取到的微信用户信息都是虚拟的）
+  - 企业微信网页登录--获取用户敏感信。 [Github #155](https://github.com/justauth/JustAuth/pull/155)
+  - 添加飞书单元测试。 [Github #159](https://github.com/justauth/JustAuth/pull/159)
+  - 升级fastjson版本到1.2.83，1.2.83版本之前存在代码执行漏洞风险 ，CVE-2022-25845。[Gitee PR #31](https://gitee.com/yadong.zhang/JustAuth/pulls/31)
+- 新增
+  - 添加微软中国(世纪华联)第三方登录，新增微软方式登录的redirectUri校验。[Gitee PR #33](https://gitee.com/yadong.zhang/JustAuth/pulls/33)
+  - 新增爱发电平台 [Gitee #35](https://gitee.com/yadong.zhang/JustAuth/pulls/35)
+  - 微软平台适配 AzureAD（目前改名为 Microsoft Entra ID）登录认证
+- Fixed
+  - 修复 twitter 平台在 Java11 环境下登录失败的问题。[#174](https://github.com/justauth/JustAuth/issues/174)
+  - 修复 Facebook 平台无法登录的问题（facebook 平台 API 进行了升级）
+  - 修复微信公众平台 scope 为 snsapi_base 登录报错的问题 [181](https://github.com/justauth/JustAuth/issues/181)
+
 ## 1.16.5
 
 ### 2021/10/18
@@ -161,7 +178,7 @@
     - 新增 [微信企业版登录](oauth/wechatEnterprise.md)文档
     - 新增 [Facebook 登录](oauth/facebook.md)文档
     - 完善 [JustAuth 使用者](users.md)文档
-    - 替换“帮助文档”域名，由[https://docs.justauth.whnb.wang](https://docs.justauth.whnb.wang)迁移到[https://justauth.wiki](https://justauth.wiki)
+    - 替换“帮助文档”域名，由[https://docs.justauth.whnb.wang](https://docs.justauth.whnb.wang)迁移到[https://www.justauth.cn](https://www.justauth.cn)
 - 新增
     - 增加阿里云授权登录中刷新授权token的接口，by “QQ群用户需求”
     - AuthConfig 增加忽略校验 state 的参数，详情参考：[Github#Issue#83](https://github.com/justauth/JustAuth/issues/83)
@@ -214,7 +231,7 @@ new AuthGoogleRequest(AuthConfig.builder()
 - 修复
     - 解决 Twitter 授权失败的BUG
 - 文档
-    - 完善 [https://justauth.wiki](https://justauth.wiki/) 的404引导页内容
+    - 完善 [https://www.justauth.cn](https://www.justauth.cn/) 的404引导页内容
     - 增加名词解释： `uuid`
     - 补充 [Q&A](Q&A.md)
     - 新增 [参考文档](references.md)，包含 OAuth 授权和第三方平台的API文档等内容
@@ -294,9 +311,9 @@ System.setProperty("proxyHost", "127.0.0.1");
 - 新增
     - 增加微信、QQ、支付宝、微博授权登录的帮助文档
     - 合并[PR#57](https://github.com/justauth/JustAuth/pull/57)，增加微信公众号登录 by [@xkcoding](https://github.com/xkcoding)
-    - [帮助文档](https://justauth.wiki)中增加自定义的404页面
-    - [帮助文档](https://justauth.wiki)中增加Gittalk插件
-    - [帮助文档](https://justauth.wiki)中增加Java代码高亮的插件
+    - [帮助文档](https://www.justauth.cn)中增加自定义的404页面
+    - [帮助文档](https://www.justauth.cn)中增加Gittalk插件
+    - [帮助文档](https://www.justauth.cn)中增加Java代码高亮的插件
     - 增加`AuthUserGender#getWechatRealGender`方法，兼容获取微信平台的用户性别
 - 修改
     - 修复抖音登录取值取错层级的问题（[issue#I15SIG@Gitee](https://gitee.com/yadong.zhang/JustAuth/issues/I15SIG)）
@@ -305,7 +322,7 @@ System.setProperty("proxyHost", "127.0.0.1");
     - `AuthResponseStatus`枚举类中增加`ILLEGAL_STATUS`、`REQUIRED_REFRESH_TOKEN`两个枚举值
     - `AuthSource`接口中增加`getName`方法，用来对外提供实际`source`的字符串值
     - `AuthWeiboRequest`微博授权登录中实现`revoke`方法，支持手动回收授权
-    - [帮助文档](https://justauth.wiki)中修复[腾讯云登录]链接错误的问题
+    - [帮助文档](https://www.justauth.cn)中修复[腾讯云登录]链接错误的问题
 - 升级
     - 升级相关依赖：lombok@v1.18.10，hutool@5.0.5，fastjson@1.2.62，alipay@4.8.10.ALL（[PR#11@Gitee](https://gitee.com/yadong.zhang/JustAuth/pulls/11)）
 

README.en-US.md

@@ -1,5 +1,5 @@
 <p align="center">
-	<a href="https://justauth.wiki"><img src="https://gitee.com/yadong.zhang/static/raw/master/JustAuth/Justauth.png" width="400"></a>
+	<a href="https://www.justauth.cn"><img src="https://gitee.com/yadong.zhang/static/raw/master/JustAuth/Justauth.png" width="400"></a>
 </p>
 <p align="center">
 	<strong>Login, so easy.</strong>
@@ -17,7 +17,7 @@
 	<a target="_blank" href="https://www.oracle.com/technetwork/java/javase/downloads/index.html">
 		<img src="https://img.shields.io/badge/JDK-1.8+-green.svg" ></img>
 	</a>
-	<a target="_blank" href="https://justauth.wiki" title="参考文档">
+	<a target="_blank" href="https://www.justauth.cn" title="参考文档">
 		<img src="https://img.shields.io/badge/Docs-latest-blueviolet.svg" ></img>
 	</a>
 	<a href="https://codecov.io/gh/justauth/JustAuth">
@@ -43,7 +43,7 @@
 `JustAuth`, as you see, It is just a Java library of third-party authorized login, It's smaller and easier to use. JustAuth is the best third-party login tool written in JAVA.
 
 Source Code：[gitee](https://gitee.com/yadong.zhang/JustAuth) | [github](https://github.com/zhangyd-c/JustAuth)    
-Docs：[Reference Doc](https://justauth.wiki)
+Docs：[Reference Doc](https://www.justauth.cn)
 
 ## Features
 
@@ -180,11 +180,11 @@ I look forward to your joining us.
 
 ## Contributors
 
-[contributors](https://justauth.wiki/contributors.html)
+[contributors](https://www.justauth.cn/contributors.html)
 
 ## Change Logs
 
-[CHANGELOGS](https://justauth.wiki/update.html)
+[CHANGELOGS](https://www.justauth.cn/update.html)
 
 ## Recommend
 

README.md

@@ -1,5 +1,5 @@
 <p align="center">
-	<a href="https://justauth.wiki"><img src="https://gitee.com/yadong.zhang/static/raw/master/JustAuth/Justauth.png" width="400"></a>
+	<a href="https://www.justauth.cn"><img src="https://gitee.com/yadong.zhang/static/raw/master/JustAuth/Justauth.png" width="400"></a>
 </p>
 <p align="center">
 	<strong>Login, so easy.</strong>
@@ -17,7 +17,7 @@
 	<a target="_blank" href="https://www.oracle.com/technetwork/java/javase/downloads/index.html">
 		<img src="https://img.shields.io/badge/JDK-1.8+-green.svg" ></img>
 	</a>
-	<a target="_blank" href="https://justauth.wiki" title="参考文档">
+	<a target="_blank" href="https://www.justauth.cn" title="参考文档">
 		<img src="https://img.shields.io/badge/Docs-latest-blueviolet.svg" ></img>
 	</a>
 	<a href="https://codecov.io/gh/justauth/JustAuth">
@@ -40,13 +40,13 @@
 
 QQ 群：230017570    
 微信群：justauth （备注`justauth`或者`ja`）    
-帮助文档：[justauth.wiki](https://justauth.wiki)    
+帮助文档：[www.justauth.cn](https://www.justauth.cn)    
 
 ## 什么是 JustAuth？
 
 JustAuth，如你所见，它仅仅是一个**第三方授权登录**的**工具类库**，它可以让我们脱离繁琐的第三方登录 SDK，让登录变得**So easy!**
 
-JustAuth 集成了诸如：Github、Gitee、支付宝、新浪微博、微信、Google、Facebook、Twitter、StackOverflow等国内外数十家第三方平台。更多请参考<a href="https://justauth.wiki" target="_blank">已集成的平台</a>
+JustAuth 集成了诸如：Github、Gitee、支付宝、新浪微博、微信、Google、Facebook、Twitter、StackOverflow等国内外数十家第三方平台。更多请参考<a href="https://www.justauth.cn" target="_blank">已集成的平台</a>
 
 ## 有哪些特点？
 
@@ -55,12 +55,12 @@ JustAuth 集成了诸如：Github、Gitee、支付宝、新浪微博、微信、
 
 ## 有哪些功能？
 
-- 集成国内外数十家第三方平台，实现快速接入。<a href="https://justauth.wiki/quickstart/how-to-use.html" target="_blank">参考文档</a>
-- 自定义 State 缓存，支持各种分布式缓存组件。<a href="https://justauth.wiki/features/customize-the-state-cache.html" target="_blank">参考文档</a>
-- 自定义 OAuth 平台，更容易适配自有的 OAuth 服务。<a href="https://justauth.wiki/features/customize-the-oauth.html" target="_blank">参考文档</a>
-- 自定义 Http 实现，选择权完全交给开发者，不会单独依赖某一具体实现。<a href="https://justauth.wiki/quickstart/how-to-use.html#%E4%BD%BF%E7%94%A8%E6%96%B9%E5%BC%8F" target="_blank">参考文档</a>
-- 自定义 Scope，支持更完善的授权体系。<a href="https://justauth.wiki/features/customize-scopes.html" target="_blank">参考文档</a>
-- 更多...<a href="https://justauth.wiki" target="_blank">参考文档</a>
+- 集成国内外数十家第三方平台，实现快速接入。<a href="https://www.justauth.cn/quickstart/how-to-use.html" target="_blank">参考文档</a>
+- 自定义 State 缓存，支持各种分布式缓存组件。<a href="https://www.justauth.cn/features/customize-the-state-cache.html" target="_blank">参考文档</a>
+- 自定义 OAuth 平台，更容易适配自有的 OAuth 服务。<a href="https://www.justauth.cn/features/customize-the-oauth.html" target="_blank">参考文档</a>
+- 自定义 Http 实现，选择权完全交给开发者，不会单独依赖某一具体实现。<a href="https://www.justauth.cn/quickstart/how-to-use.html#%E4%BD%BF%E7%94%A8%E6%96%B9%E5%BC%8F" target="_blank">参考文档</a>
+- 自定义 Scope，支持更完善的授权体系。<a href="https://www.justauth.cn/features/customize-scopes.html" target="_blank">参考文档</a>
+- 更多...<a href="https://www.justauth.cn" target="_blank">参考文档</a>
 
 ## 快速开始
 
@@ -214,7 +214,7 @@ AuthRequest authRequest = AuthRequestBuilder.builder()
 
 感谢以下赞助商的支持：
 
-[我要赞助](https://justauth.wiki/sponsor.html)
+[我要赞助](https://www.justauth.cn/sponsor.html)
 
 ## JustAuth 的用户
 有很多公司、组织和个人把 JustAuth 用于学习、研究、生产环境和商业产品中，包括（但不限于）：
@@ -234,7 +234,7 @@ AuthRequest authRequest = AuthRequestBuilder.builder()
 - `mica` SpringBoot 微服务高效开发工具集: [https://github.com/lets-mica/mica](https://github.com/lets-mica/mica)
 - `sureness` 面向restful api的高性能认证鉴权框架：[sureness](https://github.com/usthe/sureness)
   
-更多推荐，请参考：[JustAuth - 开源推荐](https://justauth.wiki)
+更多推荐，请参考：[JustAuth - 开源推荐](https://www.justauth.cn)
 
 ## 鸣谢
 
@@ -246,8 +246,8 @@ AuthRequest authRequest = AuthRequestBuilder.builder()
 
 ## 其他
 
-- [CONTRIBUTORS](https://justauth.wiki/contributors.html)
-- [CHANGELOGS](https://justauth.wiki/update.html)
+- [CONTRIBUTORS](https://www.justauth.cn/contributors.html)
+- [CHANGELOGS](https://www.justauth.cn/update.html)
 - [PLAN](https://gitee.com/yadong.zhang/JustAuth/issues/IUGRK)
 
 ## 贡献者列表

bin/pull-dev.sh

@@ -1 +1 @@
-git pull origin dev && git pull github dev && git pull cc dev
+git pull origin dev && git pull github dev

bin/push-dev.sh

@@ -1 +1 @@
-git push origin dev && git push github dev && git push cc dev
+git push origin dev && git push github dev

bin/push.sh

@@ -1 +1 @@
-git push origin master && git push github master && git push cc master
+git push origin master && git push github master

bin/version.txt

@@ -1 +1 @@
-1.16.4
+1.16.6

docs/index.html

@@ -16,7 +16,7 @@
 </head>
 <body>
   <script>
-    window.location.href = "https://justauth.wiki";
+    window.location.href = "https://www.justauth.cn";
   </script>
 </body>
 </html>

example.md

@@ -96,6 +96,10 @@ _注：非全部平台，部分平台可能不存在图例_
 
 ![授权Stack Overflow](https://images.gitee.com/uploads/images/2019/0718/192639_cc301ba7_784199.png "授权Stack Overflow")
 
+#### 授权afdian
+
+![授权afdian](https://img.fastmirror.net/s/2023/03/24/641d63a8c19b5.png "授权afDian")
+
 #### 授权Twitter
 
 ![授权Twitter]( "授权Twitter")

pom.xml

@@ -6,7 +6,7 @@
 
   <groupId>me.zhyd.oauth</groupId>
   <artifactId>JustAuth</artifactId>
-  <version>1.16.5</version>
+  <version>1.16.6</version>
 
   <name>JustAuth</name>
   <url>https://gitee.com/yadong.zhang/JustAuth</url>
@@ -60,7 +60,7 @@
     <simple-http.version>1.0.5</simple-http.version>
     <lombok-version>1.18.20</lombok-version>
     <junit-version>4.13.2</junit-version>
-    <fastjson-version>1.2.78</fastjson-version>
+    <fastjson-version>1.2.83</fastjson-version>
     <alipay-sdk-version>4.17.5.ALL</alipay-sdk-version>
     <jacoco-version>0.8.2</jacoco-version>
   </properties>
@@ -93,6 +93,12 @@
       <artifactId>alipay-sdk-java</artifactId>
       <version>${alipay-sdk-version}</version>
       <scope>provided</scope>
+      <exclusions>
+        <exclusion>
+          <artifactId>fastjson</artifactId>
+          <groupId>com.alibaba</groupId>
+        </exclusion>
+      </exclusions>
     </dependency>
   </dependencies>
 

src/main/java/me/zhyd/oauth/config/AuthConfig.java

@@ -181,4 +181,9 @@ public class AuthConfig {
     public String getAuthServerId() {
         return StringUtils.isEmpty(authServerId) ? "default" : authServerId;
     }
+
+    /**
+     * Microsoft Entra ID（原微软 AAD）中的租户 ID
+     */
+    private String tenantId;
 }

src/main/java/me/zhyd/oauth/config/AuthDefaultSource.java

@@ -410,17 +410,17 @@ public enum AuthDefaultSource implements AuthSource {
     FACEBOOK {
         @Override
         public String authorize() {
-            return "https://www.facebook.com/v10.0/dialog/oauth";
+            return "https://www.facebook.com/v18.0/dialog/oauth";
         }
 
         @Override
         public String accessToken() {
-            return "https://graph.facebook.com/v10.0/oauth/access_token";
+            return "https://graph.facebook.com/v18.0/oauth/access_token";
         }
 
         @Override
         public String userInfo() {
-            return "https://graph.facebook.com/v10.0/me";
+            return "https://graph.facebook.com/v18.0/me";
         }
 
         @Override
@@ -492,12 +492,12 @@ public enum AuthDefaultSource implements AuthSource {
     MICROSOFT {
         @Override
         public String authorize() {
-            return "https://login.microsoftonline.com/common/oauth2/v2.0/authorize";
+            return "https://login.microsoftonline.com/%s/oauth2/v2.0/authorize";
         }
 
         @Override
         public String accessToken() {
-            return "https://login.microsoftonline.com/common/oauth2/v2.0/token";
+            return "https://login.microsoftonline.com/%s/oauth2/v2.0/token";
         }
 
         @Override
@@ -507,7 +507,7 @@ public enum AuthDefaultSource implements AuthSource {
 
         @Override
         public String refresh() {
-            return "https://login.microsoftonline.com/common/oauth2/v2.0/token";
+            return "https://login.microsoftonline.com/%s/oauth2/v2.0/token";
         }
 
         @Override
@@ -521,12 +521,12 @@ public enum AuthDefaultSource implements AuthSource {
     MICROSOFT_CN {
         @Override
         public String authorize() {
-            return "https://login.partner.microsoftonline.cn/common/oauth2/v2.0/authorize";
+            return "https://login.partner.microsoftonline.cn/%s/oauth2/v2.0/authorize";
         }
 
         @Override
         public String accessToken() {
-            return "https://login.partner.microsoftonline.cn/common/oauth2/v2.0/token";
+            return "https://login.partner.microsoftonline.cn/%s/oauth2/v2.0/token";
         }
 
         @Override
@@ -536,7 +536,7 @@ public enum AuthDefaultSource implements AuthSource {
 
         @Override
         public String refresh() {
-            return "https://login.partner.microsoftonline.cn/common/oauth2/v2.0/token";
+            return "https://login.partner.microsoftonline.cn/%s/oauth2/v2.0/token";
         }
 
         @Override
@@ -1268,6 +1268,30 @@ public enum AuthDefaultSource implements AuthSource {
             return "https://www.proginn.com/openapi/user/basic_info";
         }
 
+        @Override
+        public Class<? extends AuthDefaultRequest> getTargetClass() {
+            return AuthProginnRequest.class;
+        }
+    },
+    /**
+     * 爱发电 <a href="https://afdian.net/">爱发电</a>
+     */
+    AFDIAN {
+        @Override
+        public String authorize() {
+            return "https://afdian.net/oauth2/authorize";
+        }
+
+        @Override
+        public String accessToken() {
+            return "https://afdian.net/api/oauth2/access_token";
+        }
+
+        @Override
+        public String userInfo() {
+            return "";
+        }
+
         @Override
         public Class<? extends AuthDefaultRequest> getTargetClass() {
             return AuthProginnRequest.class;

src/main/java/me/zhyd/oauth/enums/scope/AuthFacebookScope.java

@@ -17,18 +17,19 @@ public enum AuthFacebookScope implements AuthScope {
     /**
      * {@code scope} 含义，以{@code description} 为准
      */
-    EMAIL("email", "获取用户的邮箱", true),
-    USER_AGE_RANGE("user_age_range", "允许应用程序访问用户的年龄范围", true),
-    USER_BIRTHDAY("user_birthday", "获取用户的生日", true),
-    USER_FRIENDS("user_friends", "获取用户的好友列表", true),
-    USER_GENDER("user_gender", "获取用户的性别", true),
-    USER_HOMETOWN("user_hometown", "获取用户的家乡信息", true),
-    USER_LIKES("user_likes", "获取用户的喜欢列表", true),
+    PUBLIC_PROFILE("public_profile", "权限允许应用读取用户默认的公开资料", true),
+    EMAIL("email", "获取用户的邮箱", false),
+    USER_AGE_RANGE("user_age_range", "允许应用程序访问用户的年龄范围", false),
+    USER_BIRTHDAY("user_birthday", "获取用户的生日", false),
+    USER_FRIENDS("user_friends", "获取用户的好友列表", false),
+    USER_GENDER("user_gender", "获取用户的性别", false),
+    USER_HOMETOWN("user_hometown", "获取用户的家乡信息", false),
+    USER_LIKES("user_likes", "获取用户的喜欢列表", false),
     USER_LINK("user_link", "获取用户的个人链接", true),
-    USER_LOCATION("user_location", "获取用户的位置信息", true),
-    USER_PHOTOS("user_photos", "获取用户的相册信息", true),
-    USER_POSTS("user_posts", "获取用户发布的内容", true),
-    USER_VIDEOS("user_videos", "获取用户上传的视频信息", true),
+    USER_LOCATION("user_location", "获取用户的位置信息", false),
+    USER_PHOTOS("user_photos", "获取用户的相册信息", false),
+    USER_POSTS("user_posts", "获取用户发布的内容", false),
+    USER_VIDEOS("user_videos", "获取用户上传的视频信息", false),
     GROUPS_ACCESS_MEMBER_INFO("groups_access_member_info", "获取公开的群组成员信息", false),
     PUBLISH_TO_GROUPS("publish_to_groups", "授权您的应用程序代表某人将内容发布到组中，前提是他们已经授予您的应用程序访问权限", false),
     ;

src/main/java/me/zhyd/oauth/model/AuthToken.java

@@ -44,6 +44,12 @@ public class AuthToken implements Serializable {
      * @since 1.10.0
      */
     private String code;
+    /**
+     * 微信公众号 - 网页授权的登录时可用
+     *
+     * 微信针对网页授权登录，增加了一个快照页的逻辑，快照页获取到的微信用户的 uid oid 和头像昵称都是虚拟的信息
+     */
+    private boolean snapshotUser;
 
     /**
      * Twitter附带属性

src/main/java/me/zhyd/oauth/model/AuthUser.java

@@ -72,4 +72,11 @@ public class AuthUser implements Serializable {
      */
     private JSONObject rawUserInfo;
 
+    /**
+     * 微信公众号 - 网页授权的登录时可用
+     *
+     * 微信针对网页授权登录，增加了一个快照页的逻辑，快照页获取到的微信用户的 uid oid 和头像昵称都是虚拟的信息
+     */
+    private boolean snapshotUser;
+
 }

src/main/java/me/zhyd/oauth/request/AbstractAuthMicrosoftRequest.java

@@ -16,6 +16,7 @@ import me.zhyd.oauth.model.AuthToken;
 import me.zhyd.oauth.model.AuthUser;
 import me.zhyd.oauth.utils.AuthScopeUtils;
 import me.zhyd.oauth.utils.HttpUtils;
+import me.zhyd.oauth.utils.StringUtils;
 import me.zhyd.oauth.utils.UrlBuilder;
 
 import java.util.Map;
@@ -126,9 +127,16 @@ public abstract class AbstractAuthMicrosoftRequest extends AuthDefaultRequest {
      */
     @Override
     public String authorize(String state) {
-        return UrlBuilder.fromBaseUrl(super.authorize(state))
+        // 兼容 Microsoft Entra ID 登录（原微软 AAD）
+        // @since 1.16.6
+        String tenantId = StringUtils.isEmpty(config.getTenantId()) ? "common" : config.getTenantId();
+        return UrlBuilder.fromBaseUrl(String.format(source.authorize(), tenantId))
+            .queryParam("response_type", "code")
+            .queryParam("client_id", config.getClientId())
+            .queryParam("redirect_uri", config.getRedirectUri())
+            .queryParam("state", getRealState(state))
             .queryParam("response_mode", "query")
-            .queryParam("scope", this.getScopes(" ", true, AuthScopeUtils.getDefaultScopes(AuthMicrosoftScope.values())))
+            .queryParam("scope", this.getScopes(" ", false, AuthScopeUtils.getDefaultScopes(AuthMicrosoftScope.values())))
             .build();
     }
 
@@ -140,12 +148,13 @@ public abstract class AbstractAuthMicrosoftRequest extends AuthDefaultRequest {
      */
     @Override
     protected String accessTokenUrl(String code) {
-        return UrlBuilder.fromBaseUrl(source.accessToken())
+        String tenantId = StringUtils.isEmpty(config.getTenantId()) ? "common" : config.getTenantId();
+        return UrlBuilder.fromBaseUrl(String.format(source.accessToken(), tenantId))
             .queryParam("code", code)
             .queryParam("client_id", config.getClientId())
             .queryParam("client_secret", config.getClientSecret())
             .queryParam("grant_type", "authorization_code")
-            .queryParam("scope", this.getScopes(" ", true, AuthScopeUtils.getDefaultScopes(AuthMicrosoftScope.values())))
+            .queryParam("scope", this.getScopes(" ", false, AuthScopeUtils.getDefaultScopes(AuthMicrosoftScope.values())))
             .queryParam("redirect_uri", config.getRedirectUri())
             .build();
     }
@@ -169,12 +178,13 @@ public abstract class AbstractAuthMicrosoftRequest extends AuthDefaultRequest {
      */
     @Override
     protected String refreshTokenUrl(String refreshToken) {
-        return UrlBuilder.fromBaseUrl(source.refresh())
+        String tenantId = StringUtils.isEmpty(config.getTenantId()) ? "common" : config.getTenantId();
+        return UrlBuilder.fromBaseUrl(String.format(source.refresh(), tenantId))
             .queryParam("client_id", config.getClientId())
             .queryParam("client_secret", config.getClientSecret())
             .queryParam("refresh_token", refreshToken)
             .queryParam("grant_type", "refresh_token")
-            .queryParam("scope", this.getScopes(" ", true, AuthScopeUtils.getDefaultScopes(AuthMicrosoftScope.values())))
+            .queryParam("scope", this.getScopes(" ", false, AuthScopeUtils.getDefaultScopes(AuthMicrosoftScope.values())))
             .queryParam("redirect_uri", config.getRedirectUri())
             .build();
     }

src/main/java/me/zhyd/oauth/request/AbstractAuthWeChatEnterpriseRequest.java

@@ -3,7 +3,6 @@ package me.zhyd.oauth.request;
 import com.alibaba.fastjson.JSONObject;
 import me.zhyd.oauth.cache.AuthStateCache;
 import me.zhyd.oauth.config.AuthConfig;
-import me.zhyd.oauth.config.AuthDefaultSource;
 import me.zhyd.oauth.config.AuthSource;
 import me.zhyd.oauth.enums.AuthResponseStatus;
 import me.zhyd.oauth.enums.AuthUserGender;
@@ -12,6 +11,7 @@ import me.zhyd.oauth.model.AuthCallback;
 import me.zhyd.oauth.model.AuthToken;
 import me.zhyd.oauth.model.AuthUser;
 import me.zhyd.oauth.utils.HttpUtils;
+import me.zhyd.oauth.utils.StringUtils;
 import me.zhyd.oauth.utils.UrlBuilder;
 
 /**
@@ -56,8 +56,8 @@ public abstract class AbstractAuthWeChatEnterpriseRequest extends AuthDefaultReq
             throw new AuthException(AuthResponseStatus.UNIDENTIFIED_PLATFORM, source);
         }
         String userId = object.getString("UserId");
-        String userDetailResponse = getUserDetail(authToken.getAccessToken(), userId);
-        JSONObject userDetail = this.checkResponse(userDetailResponse);
+        String userTicket = object.getString("user_ticket");
+        JSONObject userDetail = getUserDetail(authToken.getAccessToken(), userId, userTicket);
 
         return AuthUser.builder()
             .rawUserInfo(userDetail)
@@ -123,14 +123,31 @@ public abstract class AbstractAuthWeChatEnterpriseRequest extends AuthDefaultReq
      *
      * @param accessToken accessToken
      * @param userId      企业内用户id
+     * @param userTicket  成员票据，用于获取用户信息或敏感信息
      * @return 用户详情
      */
-    private String getUserDetail(String accessToken, String userId) {
-        String userDetailUrl = UrlBuilder.fromBaseUrl("https://qyapi.weixin.qq.com/cgi-bin/user/get")
+    private JSONObject getUserDetail(String accessToken, String userId, String userTicket) {
+        // 用户基础信息
+        String userInfoUrl = UrlBuilder.fromBaseUrl("https://qyapi.weixin.qq.com/cgi-bin/user/get")
             .queryParam("access_token", accessToken)
             .queryParam("userid", userId)
             .build();
-        return new HttpUtils(config.getHttpConfig()).get(userDetailUrl).getBody();
+        String userInfoResponse = new HttpUtils(config.getHttpConfig()).get(userInfoUrl).getBody();
+        JSONObject userInfo = checkResponse(userInfoResponse);
+
+        // 用户敏感信息
+        if (StringUtils.isNotEmpty(userTicket)) {
+            String userDetailUrl = UrlBuilder.fromBaseUrl("https://qyapi.weixin.qq.com/cgi-bin/auth/getuserdetail")
+                .queryParam("access_token", accessToken)
+                .build();
+            JSONObject param = new JSONObject();
+            param.put("user_ticket", userTicket);
+            String userDetailResponse = new HttpUtils(config.getHttpConfig()).post(userDetailUrl, param.toJSONString()).getBody();
+            JSONObject userDetail = checkResponse(userDetailResponse);
+
+            userInfo.putAll(userDetail);
+        }
+        return userInfo;
     }
 
 }

src/main/java/me/zhyd/oauth/request/AuthAfDianRequest.java

@@ -0,0 +1,73 @@
+package me.zhyd.oauth.request;
+
+import com.alibaba.fastjson.JSONObject;
+import me.zhyd.oauth.cache.AuthStateCache;
+import me.zhyd.oauth.config.AuthConfig;
+import me.zhyd.oauth.config.AuthDefaultSource;
+import me.zhyd.oauth.enums.AuthUserGender;
+import me.zhyd.oauth.model.AuthCallback;
+import me.zhyd.oauth.model.AuthToken;
+import me.zhyd.oauth.model.AuthUser;
+import me.zhyd.oauth.utils.HttpUtils;
+import me.zhyd.oauth.utils.UrlBuilder;
+
+import java.util.HashMap;
+import java.util.Map;
+
+/**
+ * 爱发电
+ *
+ * @author handy
+ */
+public class AuthAfDianRequest extends AuthDefaultRequest {
+
+    public AuthAfDianRequest(AuthConfig config) {
+        super(config, AuthDefaultSource.AFDIAN);
+    }
+
+    public AuthAfDianRequest(AuthConfig config, AuthStateCache authStateCache) {
+        super(config, AuthDefaultSource.AFDIAN, authStateCache);
+    }
+
+    @Override
+    protected AuthToken getAccessToken(AuthCallback authCallback) {
+        Map<String, String> params = new HashMap<>();
+        params.put("grant_type", "authorization_code");
+        params.put("client_id", config.getClientId());
+        params.put("client_secret", config.getClientSecret());
+        params.put("code", authCallback.getCode());
+        params.put("redirect_uri", config.getRedirectUri());
+        String response = new HttpUtils(config.getHttpConfig()).post(AuthDefaultSource.AFDIAN.accessToken(), params, false).getBody();
+        JSONObject accessTokenObject = JSONObject.parseObject(response);
+        String userId = accessTokenObject.getJSONObject("data").getString("user_id");
+        return AuthToken.builder().userId(userId).build();
+    }
+
+    @Override
+    protected AuthUser getUserInfo(AuthToken authToken) {
+        return AuthUser.builder()
+            .uuid(authToken.getUserId())
+            .gender(AuthUserGender.UNKNOWN)
+            .token(authToken)
+            .source(source.toString())
+            .build();
+    }
+
+    /**
+     * 返回带{@code state}参数的授权url，授权回调时会带上这个{@code state}
+     *
+     * @param state state 验证授权流程的参数，可以防止csrf
+     * @return 返回授权地址
+     */
+    @Override
+    public String authorize(String state) {
+        return UrlBuilder.fromBaseUrl(source.authorize())
+            .queryParam("response_type", "code")
+            .queryParam("scope", "basic")
+            .queryParam("client_id", config.getClientId())
+            .queryParam("redirect_uri", config.getRedirectUri())
+            .queryParam("state", getRealState(state))
+            .build();
+    }
+
+}

src/main/java/me/zhyd/oauth/request/AuthMicrosoftRequest.java

@@ -6,9 +6,9 @@ import me.zhyd.oauth.config.AuthDefaultSource;
 
 /**
  * 微软登录
+ * update 2021-08-24  mroldx (xzfqq5201314@gmail.com)
  *
  * @author yangkai.shen (https://xkcoding.com)
- * @update:2021-08-24  mroldx (xzfqq5201314@gmail.com)
  * @since 1.5.0
  */
 public class AuthMicrosoftRequest extends AbstractAuthMicrosoftRequest {

src/main/java/me/zhyd/oauth/request/AuthTwitterRequest.java

@@ -69,9 +69,7 @@ public class AuthTwitterRequest extends AuthDefaultRequest {
 
         HttpHeader httpHeader = new HttpHeader();
         httpHeader.add("Authorization", header);
-        httpHeader.add("User-Agent", "themattharris' HTTP Client");
-        httpHeader.add("Host", "api.twitter.com");
-        httpHeader.add("Accept", "*/*");
+        httpHeader.add("User-Agent", "'JustAuth' HTTP Client Simple-Http");
         String requestToken = new HttpUtils(config.getHttpConfig()).post(baseUrl, null, httpHeader).getBody();
 
         Map<String, String> res = MapUtil.parseStringToMap(requestToken, false);

src/main/java/me/zhyd/oauth/request/AuthWeChatEnterpriseThirdQrcodeRequest.java

@@ -81,7 +81,7 @@ public class AuthWeChatEnterpriseThirdQrcodeRequest extends AbstractAuthWeChatEn
     /**
      * 获取token的URL
      *
-     * @return
+     * @return accessTokenUrl
      */
     protected String accessTokenUrl() {
         return UrlBuilder.fromBaseUrl(source.accessToken())

src/main/java/me/zhyd/oauth/request/AuthWeChatEnterpriseWebRequest.java

@@ -5,6 +5,7 @@ import me.zhyd.oauth.config.AuthConfig;
 import me.zhyd.oauth.config.AuthDefaultSource;
 import me.zhyd.oauth.enums.scope.AuthWeChatEnterpriseWebScope;
 import me.zhyd.oauth.utils.AuthScopeUtils;
+import me.zhyd.oauth.utils.GlobalAuthUtils;
 import me.zhyd.oauth.utils.UrlBuilder;
 
 /**
@@ -28,7 +29,8 @@ public class AuthWeChatEnterpriseWebRequest extends AbstractAuthWeChatEnterprise
     public String authorize(String state) {
         return UrlBuilder.fromBaseUrl(source.authorize())
             .queryParam("appid", config.getClientId())
-            .queryParam("redirect_uri", config.getRedirectUri())
+            .queryParam("agentid", config.getAgentId())
+            .queryParam("redirect_uri", GlobalAuthUtils.urlEncode(config.getRedirectUri()))
             .queryParam("response_type", "code")
             .queryParam("scope", this.getScopes(",", false, AuthScopeUtils.getDefaultScopes(AuthWeChatEnterpriseWebScope.values())))
             .queryParam("state", getRealState(state).concat("#wechat_redirect"))

src/main/java/me/zhyd/oauth/request/AuthWeChatMpRequest.java

@@ -12,10 +12,7 @@ import me.zhyd.oauth.model.AuthCallback;
 import me.zhyd.oauth.model.AuthResponse;
 import me.zhyd.oauth.model.AuthToken;
 import me.zhyd.oauth.model.AuthUser;
-import me.zhyd.oauth.utils.AuthScopeUtils;
-import me.zhyd.oauth.utils.GlobalAuthUtils;
-import me.zhyd.oauth.utils.HttpUtils;
-import me.zhyd.oauth.utils.UrlBuilder;
+import me.zhyd.oauth.utils.*;
 
 /**
  * 微信公众平台登录
@@ -47,17 +44,26 @@ public class AuthWeChatMpRequest extends AuthDefaultRequest {
     protected AuthUser getUserInfo(AuthToken authToken) {
         String openId = authToken.getOpenId();
 
+        String scope = authToken.getScope();
+        if (!StringUtils.isEmpty(scope) && !scope.contains("snsapi_userinfo")) {
+            return AuthUser.builder()
+                .rawUserInfo(JSONObject.parseObject(JSONObject.toJSONString(authToken)))
+                .uuid(openId)
+                .snapshotUser(authToken.isSnapshotUser())
+                .token(authToken)
+                .source(source.toString())
+                .build();
+        }
+
         String response = doGetUserInfo(authToken);
         JSONObject object = JSONObject.parseObject(response);
 
         this.checkResponse(object);
-
         String location = String.format("%s-%s-%s", object.getString("country"), object.getString("province"), object.getString("city"));
 
         if (object.containsKey("unionid")) {
             authToken.setUnionId(object.getString("unionid"));
         }
-
         return AuthUser.builder()
             .rawUserInfo(object)
             .username(object.getString("nickname"))
@@ -65,6 +71,7 @@ public class AuthWeChatMpRequest extends AuthDefaultRequest {
             .avatar(object.getString("headimgurl"))
             .location(location)
             .uuid(openId)
+            .snapshotUser(authToken.isSnapshotUser())
             .gender(AuthUserGender.getWechatRealGender(object.getString("sex")))
             .token(authToken)
             .source(source.toString())
@@ -108,6 +115,7 @@ public class AuthWeChatMpRequest extends AuthDefaultRequest {
             .expireIn(accessTokenObject.getIntValue("expires_in"))
             .openId(accessTokenObject.getString("openid"))
             .scope(accessTokenObject.getString("scope"))
+            .snapshotUser(accessTokenObject.getIntValue("is_snapshotuser") == 1)
             .build();
     }
 

src/test/java/me/zhyd/oauth/model/AuthUserTest.java

@@ -16,7 +16,7 @@ public class AuthUserTest {
             .nickname("test")
             .build();
         String json = JSON.toJSONString(user);
-        Assert.assertEquals(json, "{\"nickname\":\"test\"}");
+        Assert.assertEquals(json, "{\"nickname\":\"test\",\"snapshotUser\":false}");
 
     }
 

src/test/java/me/zhyd/oauth/request/AuthWeChatEnterpriseWebRequestTest.java

@@ -0,0 +1,20 @@
+package me.zhyd.oauth.request;
+
+import me.zhyd.oauth.config.AuthConfig;
+import me.zhyd.oauth.utils.AuthStateUtils;
+import org.junit.Test;
+
+import static org.junit.Assert.*;
+
+public class AuthWeChatEnterpriseWebRequestTest {
+
+    @Test
+    public void authorize() {
+        AuthRequest request = new AuthWeChatEnterpriseWebRequest(AuthConfig.builder()
+            .clientId("a")
+            .clientSecret("a")
+            .redirectUri("https://www.justauth.cn")
+            .build());
+        System.out.println(request.authorize(AuthStateUtils.createState()));
+    }
+}