📝 编写文档

Merge branch 'dev'
Merge branch 'dev' of github.com:justauth/JustAuth into dev
2026-05-22 13:43:20 +00:00 · 2024-12-14 17:32:48 +08:00 · 2024-12-14 17:14:04 +08:00 · 2024-12-14 17:13:06 +08:00 · 2024-12-14 17:12:00 +08:00 · 2024-12-14 17:09:49 +08:00
75 changed files with 1707 additions and 189 deletions
@@ -1,3 +1,26 @@
+## 1.16.7
+
+### 2024/12/14
+
+- 新增
+  - 添加`微信小程序`登录能力，对接文档：[点击查看](https://justauth.cn/guide/oauth/wechat_mini_program/)。
+  - 添加`支付宝证书模式`登录能力（原支持的公钥登录模式依然可用），对接文档：[点击查看](https://justauth.cn/guide/oauth/alipay_cert)。
+  - 添加`appleid`社交登录能力，对接文档：[点击查看](https://justauth.cn/guide/oauth/appleid/)。 [Github#192](https://github.com/justauth/JustAuth/pull/192)
+  - 添加`QQ小程序`社交登录能力。 [Github#223](https://github.com/justauth/JustAuth/pull/223)
+  - 添加`figma`社交登录能力。 [Gitee#41](https://gitee.com/yadong.zhang/JustAuth/pulls/41)
+  - 添加新版`企业微信扫码`登录能力，对接文档：[点击查看](https://justauth.cn/guide/oauth/wechat_enterprise_qrcode_v2/)。 [Github Issue#165](https://github.com/justauth/JustAuth/issues/165)
+  - 添加新版`钉钉扫码`登录能力，对接文档：[点击查看](https://justauth.cn/guide/oauth/dingtalk_v2/)。 [Gitee Issue#I73FZL](https://gitee.com/yadong.zhang/JustAuth/issues/I73FZL)
+  - 添加新版`华为`登录能力，对接文档：[点击查看](https://justauth.cn/guide/oauth/huawei_v3/)，原`AuthHuaweiRequest`会在后面版本被弃用，如有使用，请切换到`AuthHuaweiV3Request`
+- 优化
+  - 修复文档错误。[Github #222](https://github.com/justauth/JustAuth/pull/222)
+  - 更新 Google 端点地址。[Github #198](https://github.com/justauth/JustAuth/pull/198)
+  - Amazon PKCE 中的 `code_verifier` 基于 `state` 缓存
+  - `AuthRequest`响应时携带泛型，避免二次解析。[Gitee#38](https://gitee.com/yadong.zhang/JustAuth/pulls/38)
+  - 优化业务调用方式：`getAccessToken`和`getUserInfo`两个方法从`AuthDefaultRequest`提升至`AuthRequest`中，部分场景下可以减少一次网络请求。[Github Issue#194](https://github.com/justauth/JustAuth/issues/194)
+    - ***注意：如果有基于 JustAuth 规范自定义实现的三方平台 Request（[自定义第三方平台的OAuth](https://justauth.cn/features/customize-the-oauth/)），需要注意`getAccessToken`和`getUserInfo`接口的访问级别是否正确！！！***
+- 其他
+  -  补充单侧，[Gitee#39](https://gitee.com/yadong.zhang/JustAuth/pulls/39)
+
 ## 1.16.6

 ### 2023/12/03
@@ -55,11 +55,11 @@ JustAuth 集成了诸如：Github、Gitee、支付宝、新浪微博、微信、

 ## 有哪些功能？

- 集成国内外数十家第三方平台，实现快速接入。<a href="https://www.justauth.cn/quickstart/how-to-use.html" target="_blank">参考文档</a>
- 自定义 State 缓存，支持各种分布式缓存组件。<a href="https://www.justauth.cn/features/customize-the-state-cache.html" target="_blank">参考文档</a>
- 自定义 OAuth 平台，更容易适配自有的 OAuth 服务。<a href="https://www.justauth.cn/features/customize-the-oauth.html" target="_blank">参考文档</a>
- 自定义 Http 实现，选择权完全交给开发者，不会单独依赖某一具体实现。<a href="https://www.justauth.cn/quickstart/how-to-use.html#%E4%BD%BF%E7%94%A8%E6%96%B9%E5%BC%8F" target="_blank">参考文档</a>
- 自定义 Scope，支持更完善的授权体系。<a href="https://www.justauth.cn/features/customize-scopes.html" target="_blank">参考文档</a>
+- 集成国内外数十家第三方平台，实现快速接入。<a href="https://www.justauth.cn/guide/" target="_blank">参考文档</a>
+- 自定义 State 缓存，支持各种分布式缓存组件。<a href="https://www.justauth.cn/features/using-state/" target="_blank">参考文档</a>
+- 自定义 OAuth 平台，更容易适配自有的 OAuth 服务。<a href="https://www.justauth.cn/features/customize-the-oauth/" target="_blank">参考文档</a>
+- 自定义 Http 实现，选择权完全交给开发者，不会单独依赖某一具体实现。<a href="https://www.justauth.cn/guide/quickstart/how-to-use/#%E4%BD%BF%E7%94%A8%E6%AD%A5%E9%AA%A4" target="_blank">参考文档</a>
+- 自定义 Scope，支持更完善的授权体系。<a href="https://www.justauth.cn/features/customize-scopes/#%E5%85%B3%E4%BA%8E-scope" target="_blank">参考文档</a>
 - 更多...<a href="https://www.justauth.cn" target="_blank">参考文档</a>

 ## 快速开始
@@ -0,0 +1 @@
+git pull origin master && git pull github master
@@ -1 +1 @@
-1.16.6
+1.16.7
@@ -18,6 +18,9 @@ case "$1" in
  'ppd')
    bin/pull-dev.sh
 	;;
+  'pp')
+    bin/pull.sh
+	;;
  'pd')
    bin/push-dev.sh
 	;;
@@ -6,7 +6,7 @@

  <groupId>me.zhyd.oauth</groupId>
  <artifactId>JustAuth</artifactId>
-  <version>1.16.6</version>
+  <version>1.16.7</version>

  <name>JustAuth</name>
  <url>https://gitee.com/yadong.zhang/JustAuth</url>
@@ -58,11 +58,13 @@
    <maven-gpg-version>1.6</maven-gpg-version>
    <maven.test.skip>false</maven.test.skip>
    <simple-http.version>1.0.5</simple-http.version>
-    <lombok-version>1.18.20</lombok-version>
+    <lombok-version>1.18.30</lombok-version>
    <junit-version>4.13.2</junit-version>
    <fastjson-version>1.2.83</fastjson-version>
-    <alipay-sdk-version>4.17.5.ALL</alipay-sdk-version>
+    <alipay-sdk-version>4.39.165.ALL</alipay-sdk-version>
    <jacoco-version>0.8.2</jacoco-version>
+    <jwt.version>0.12.3</jwt.version>
+    <bcpkix-jdk18on.version>1.78</bcpkix-jdk18on.version>
  </properties>

  <dependencies>
@@ -100,6 +102,30 @@
        </exclusion>
      </exclusions>
    </dependency>
+    <dependency>
+      <groupId>io.jsonwebtoken</groupId>
+      <artifactId>jjwt-api</artifactId>
+      <version>${jwt.version}</version>
+      <scope>provided</scope>
+    </dependency>
+    <dependency>
+      <groupId>io.jsonwebtoken</groupId>
+      <artifactId>jjwt-impl</artifactId>
+      <version>${jwt.version}</version>
+      <scope>provided</scope>
+    </dependency>
+    <dependency>
+      <groupId>io.jsonwebtoken</groupId>
+      <artifactId>jjwt-jackson</artifactId>
+      <version>${jwt.version}</version>
+      <scope>provided</scope>
+    </dependency>
+    <dependency>
+      <groupId>org.bouncycastle</groupId>
+      <artifactId>bcpkix-jdk18on</artifactId>
+      <version>${bcpkix-jdk18on.version}</version>
+      <scope>provided</scope>
+    </dependency>
  </dependencies>

  <build>
@@ -186,4 +186,70 @@ public class AuthConfig {
     * Microsoft Entra ID（原微软 AAD）中的租户 ID
     */
    private String tenantId;
+
+    /**
+     * 苹果开发者账号中的密钥标识符
+     * @see <a href="https://developer.apple.com/help/account/configure-app-capabilities/create-a-sign-in-with-apple-private-key/">create-a-sign-in-with-apple-private-key</a>
+     */
+    private String kid;
+
+    /**
+     * 苹果开发者账号中的团队ID
+     * @see <a href="https://developer.apple.com/help/glossary/team-id/">team id</a>
+     */
+    private String teamId;
+
+    /**
+     * 新版企业微信 Web 登录时的参数，
+     *
+     * 登录类型。ServiceApp：服务商登录；CorpApp：企业自建/代开发应用登录。
+     * @see <a href="https://developer.work.weixin.qq.com/document/path/98152">https://developer.work.weixin.qq.com/document/path/98152</a>
+     * @since 1.16.7
+     */
+    private String loginType = "CorpApp";
+
+    /**
+     * 企业微信平台的语言编码
+     *
+     * @since 1.16.7
+     */
+    private String lang = "zh";
+
+    /**
+     * 钉钉平台参数：控制输出特定类型的组织列表，org_type=management 表示只输出有管理权限的组织。
+     *
+     * scope包含corpid时该参数存在意义。
+     *
+     * @see <a href="https://open.dingtalk.com/document/orgapp/obtain-identity-credentials#title-4up-u8w-5ug">https://open.dingtalk.com/document/orgapp/obtain-identity-credentials#title-4up-u8w-5ug</a>
+     * @since 1.16.7
+     */
+    private String dingTalkOrgType;
+
+    /**
+     * 钉钉平台参数：用于指定用户需要选择的组织。
+     *
+     * scope包含corpid时该参数存在意义。传入的corpId需要是当前用户所在的组织。
+     *
+     * @see <a href="https://open.dingtalk.com/document/orgapp/obtain-identity-credentials#title-4up-u8w-5ug">https://open.dingtalk.com/document/orgapp/obtain-identity-credentials#title-4up-u8w-5ug</a>
+     * @since 1.16.7
+     */
+    private String dingTalkCorpId;
+
+    /**
+     * 钉钉平台参数：true表示专属帐号登录，展示组织代码输入页。
+     *
+     * @see <a href="https://open.dingtalk.com/document/orgapp/obtain-identity-credentials#title-4up-u8w-5ug">https://open.dingtalk.com/document/orgapp/obtain-identity-credentials#title-4up-u8w-5ug</a>
+     * @since 1.16.7
+     */
+    private boolean dingTalkExclusiveLogin;
+
+    /**
+     * 钉钉平台参数：开启了专属帐号功能的组织corpId。
+     *
+     * scope包含corpid时该参数存在意义。传入的corpId需要是当前用户所在的组织。
+     *
+     * @see <a href="https://open.dingtalk.com/document/orgapp/obtain-identity-credentials#title-4up-u8w-5ug">https://open.dingtalk.com/document/orgapp/obtain-identity-credentials#title-4up-u8w-5ug</a>
+     * @since 1.16.7
+     */
+    private String dingTalkExclusiveCorpId;
 }
@@ -112,6 +112,30 @@ public enum AuthDefaultSource implements AuthSource {
            return AuthDingTalkRequest.class;
        }
    },
+    /**
+     * 新版钉钉扫码登录
+     */
+    DINGTALK_V2 {
+        @Override
+        public String authorize() {
+            return "https://login.dingtalk.com/oauth2/challenge.htm";
+        }
+
+        @Override
+        public String accessToken() {
+            return "https://api.dingtalk.com/v1.0/oauth2/userAccessToken";
+        }
+
+        @Override
+        public String userInfo() {
+            return "https://api.dingtalk.com/v1.0/contact/users/me";
+        }
+
+        @Override
+        public Class<? extends AuthDefaultRequest> getTargetClass() {
+            return AuthDingTalkV2Request.class;
+        }
+    },
    /**
     * 钉钉账号登录
     */
@@ -382,6 +406,7 @@ public enum AuthDefaultSource implements AuthSource {
    },
    /**
     * Google
+     * 端点地址：https://accounts.google.com/.well-known/openid-configuration
     */
    GOOGLE {
        @Override
@@ -391,12 +416,12 @@ public enum AuthDefaultSource implements AuthSource {

        @Override
        public String accessToken() {
-            return "https://www.googleapis.com/oauth2/v4/token";
+            return "https://oauth2.googleapis.com/token";
        }

        @Override
        public String userInfo() {
-            return "https://www.googleapis.com/oauth2/v3/userinfo";
+            return "https://openidconnect.googleapis.com/v1/userinfo";
        }

        @Override
@@ -708,8 +733,11 @@ public enum AuthDefaultSource implements AuthSource {
    /**
     * 华为
     *
+     * 当前方式未来可能被废弃，建议使用 {@link this#HUAWEI_V3}
+     *
     * @since 1.10.0
     */
+    @Deprecated
    HUAWEI {
        @Override
        public String authorize() {
@@ -737,6 +765,38 @@ public enum AuthDefaultSource implements AuthSource {
        }
    },

+    /**
+     * 华为最新版本的 API
+     *
+     * @since 1.16.7
+     */
+    HUAWEI_V3 {
+        @Override
+        public String authorize() {
+            return "https://oauth-login.cloud.huawei.com/oauth2/v3/authorize";
+        }
+
+        @Override
+        public String accessToken() {
+            return "https://oauth-login.cloud.huawei.com/oauth2/v3/token";
+        }
+
+        @Override
+        public String userInfo() {
+            return "https://account.cloud.huawei.com/rest.php";
+        }
+
+        @Override
+        public String refresh() {
+            return "https://oauth-login.cloud.huawei.com/oauth2/v3/token";
+        }
+
+        @Override
+        public Class<? extends AuthDefaultRequest> getTargetClass() {
+            return AuthHuaweiV3Request.class;
+        }
+    },
+
    /**
     * 企业微信二维码登录
     *
@@ -763,6 +823,32 @@ public enum AuthDefaultSource implements AuthSource {
            return AuthWeChatEnterpriseQrcodeRequest.class;
        }
    },
+    /**
+     * 新版企业微信 Web 登录（扫码），参考 <a href="https://developer.work.weixin.qq.com/document/path/98152">https://developer.work.weixin.qq.com/document/path/98152</a>
+     *
+     * @since 1.16.7
+     */
+    WECHAT_ENTERPRISE_V2 {
+        @Override
+        public String authorize() {
+            return "https://login.work.weixin.qq.com/wwlogin/sso/login";
+        }
+
+        @Override
+        public String accessToken() {
+            return "https://qyapi.weixin.qq.com/cgi-bin/gettoken";
+        }
+
+        @Override
+        public String userInfo() {
+            return "https://qyapi.weixin.qq.com/cgi-bin/auth/getuserinfo";
+        }
+
+        @Override
+        public Class<? extends AuthDefaultRequest> getTargetClass() {
+            return AuthWeChatEnterpriseQrcodeV2Request.class;
+        }
+    },
    /**
     * 企业微信二维码第三方登录
     */
@@ -1296,6 +1382,117 @@ public enum AuthDefaultSource implements AuthSource {
        public Class<? extends AuthDefaultRequest> getTargetClass() {
            return AuthProginnRequest.class;
        }
+    },
+
+    APPLE {
+        @Override
+        public String authorize() {
+            return "https://appleid.apple.com/auth/authorize";
+        }
+
+        /**
+         * @see <a href="https://developer.apple.com/documentation/sign_in_with_apple/generate_and_validate_tokens">generate_and_validate_tokens</a>
+         */
+        @Override
+        public String accessToken() {
+            return "https://appleid.apple.com/auth/token";
+        }
+
+        @Override
+        public String userInfo() {
+            return "";
+        }
+
+        @Override
+        public Class<? extends AuthDefaultRequest> getTargetClass() {
+            return AuthAppleRequest.class;
+        }
+    },
+
+    FIGMA{
+        @Override
+        public String authorize() {
+            return "https://www.figma.com/oauth";
+        }
+
+        @Override
+        public String accessToken() {
+            return "https://www.figma.com/api/oauth/token";
+        }
+
+        @Override
+        public String userInfo() {
+            return "https://api.figma.com/v1/me";
+        }
+
+        @Override
+        public String refresh() {
+            return "https://www.figma.com/api/oauth/refresh";
+        }
+
+        @Override
+        public Class<? extends AuthDefaultRequest> getTargetClass() {
+            return AuthFigmaRequest.class;
+        }
+    },
+    /**
+     * 微信小程序授权登录
+     * @since yudaocode
+     */
+    WECHAT_MINI_PROGRAM {
+
+        @Override
+        public String authorize() {
+            // 参见 https://developers.weixin.qq.com/miniprogram/dev/framework/open-ability/login.html 文档
+            throw new UnsupportedOperationException("不支持获取授权 url，请使用小程序内置函数 wx.login() 登录获取 code");
+        }
+
+        @Override
+        public String accessToken() {
+            // 参见 https://developers.weixin.qq.com/miniprogram/dev/api-backend/open-api/login/auth.code2Session.html 文档
+            // 获取 openid, unionId , session_key 等字段
+            return "https://api.weixin.qq.com/sns/jscode2session";
+        }
+
+        @Override
+        public String userInfo() {
+            // 参见 https://developers.weixin.qq.com/miniprogram/dev/api/open-api/user-info/wx.getUserProfile.html 文档
+            throw new UnsupportedOperationException("不支持获取用户信息 url，请使用小程序内置函数 wx.getUserProfile() 获取用户信息");
+        }
+
+        @Override
+        public Class<? extends AuthDefaultRequest> getTargetClass() {
+            return AuthWechatMiniProgramRequest.class;
+        }
+    },
+
+    /**
+     * QQ小程序授权登录
+     */
+    QQ_MINI_PROGRAM {
+        @Override
+        public String authorize() {
+            // 参见 https://q.qq.com/wiki/develop/miniprogram/frame/open_ability/open_userinfo.html 文档
+            throw new UnsupportedOperationException("不支持获取授权 url，请使用小程序内置函数 qq.login() 登录获取 code");
+        }
+
+        @Override
+        public String accessToken() {
+            // 参见 https://q.qq.com/wiki/develop/miniprogram/server/open_port/port_login.html 文档
+            // 获取 openid, unionId , session_key 等字段
+            return "https://api.q.qq.com/sns/jscode2session";
+        }
+
+        @Override
+        public String userInfo() {
+            // 参见 https://q.qq.com/wiki/develop/miniprogram/API/open_port/port_userinfo.html 文档
+            throw new UnsupportedOperationException("不支持获取用户信息 url，请使用小程序内置函数 qq.getUserInfo() 获取用户信息");
+        }
+
+        @Override
+        public Class<? extends AuthDefaultRequest> getTargetClass() {
+            return null;
+        }
    }

 }
@@ -29,6 +29,11 @@ public enum AuthResponseStatus {
    ILLEGAL_STATUS(5009, "Illegal state"),
    REQUIRED_REFRESH_TOKEN(5010, "The refresh token is required; it must not be null"),
    ILLEGAL_TOKEN(5011, "Invalid token"),
+    ILLEGAL_KID(5012, "Invalid key identifier(kid)"),
+    ILLEGAL_TEAM_ID(5013, "Invalid team id"),
+    ILLEGAL_CLIENT_ID(5014, "Invalid client id"),
+    ILLEGAL_CLIENT_SECRET(5015, "Invalid client secret"),
+    ILLEGAL_WECHAT_AGENT_ID(5016, "Illegal wechat agent id"),
    ;

    private final int code;
@@ -0,0 +1,19 @@
+package me.zhyd.oauth.enums.scope;
+
+import lombok.AllArgsConstructor;
+import lombok.Getter;
+
+/**
+ * @see <a href="https://developer.apple.com/documentation/sign_in_with_apple/clientconfigi/3230955-scope/">scope</a>
+ */
+@Getter
+@AllArgsConstructor
+public enum AuthAppleScope implements AuthScope {
+    EMAIL("email", "用户邮箱", true),
+    NAME("name", "用户名", true),
+    ;
+
+    private final String scope;
+    private final String description;
+    private final boolean isDefault;
+}
@@ -0,0 +1,33 @@
+package me.zhyd.oauth.enums.scope;
+
+import lombok.AllArgsConstructor;
+import lombok.Getter;
+
+/**
+ * 钉钉平台 OAuth 授权范围
+ *
+ * https://open.dingtalk.com/document/orgapp/obtain-identity-credentials#title-4up-u8w-5ug
+ *
+ * @author yadong.zhang (yadong.zhang0415(a)gmail.com)
+ * @version 1.0.0
+ * @since 1.16.7
+ */
+@Getter
+@AllArgsConstructor
+public enum AuthDingTalkScope implements AuthScope {
+
+    /**
+     * 无需申请	默认开启
+     */
+    openid("openid", "授权后可获得用户userid", true),
+    /**
+     * 无需申请	默认开启
+     */
+    corpid("corpid", "授权后可获得登录过程中用户选择的组织id", false)
+    ;
+
+    private final String scope;
+    private final String description;
+    private final boolean isDefault;
+
+}
@@ -0,0 +1,29 @@
+package me.zhyd.oauth.enums.scope;
+
+import lombok.AllArgsConstructor;
+import lombok.Getter;
+
+/**
+ * Figma OAuth 授权范围
+ * <a href="https://www.figma.com/developers/api#authentication-scopes">...</a>
+ *
+ * @author xiangqian
+ * @since 1.16.6
+ */
+@Getter
+@AllArgsConstructor
+public enum AuthFigmaScope implements AuthScope {
+
+    FILE_CONTENT("files:read", "Read files, projects, users, versions, comments, components & styles, and webhooks", true),
+    VARIABLES("file_variables:read,file_variables:write", "Read and write to variables in Figma file. Note: this is only available to members in Enterprise organizations", false),
+    COMMENTS("file_comments:write", "Post and delete comments and comment reactions in files", false),
+    DEV_RESOURCES("file_dev_resources:read,file_dev_resources:write", "Read and write to dev resources in files", false),
+    LIBRARY_ANALYTICS("library_analytics:read", "Read your design system analytics", false),
+    WEBHOOKS("webhooks:write", "Create and manage webhooks", false);
+
+    private final String scope;
+    private final String description;
+    private final boolean isDefault;
+
+
+}
@@ -6,12 +6,15 @@ import lombok.Getter;
 /**
 * 华为平台 OAuth 授权范围
 *
+ * 当前方式未来可能被废弃，建议使用 {@link AuthHuaweiV3Scope}
+ *
 * @author yadong.zhang (yadong.zhang0415(a)gmail.com)
 * @version 1.0.0
 * @since 1.0.0
 */
@Getter
@AllArgsConstructor
+@Deprecated
 public enum AuthHuaweiScope implements AuthScope {

    /**
@@ -0,0 +1,51 @@
+package me.zhyd.oauth.enums.scope;
+
+import lombok.AllArgsConstructor;
+import lombok.Getter;
+
+/**
+ * 华为平台 V3 版本 OAuth 授权范围
+ *
+ * @author yadong.zhang (yadong.zhang0415(a)gmail.com)
+ * @version 1.0.0
+ * @since 1.16.7
+ */
+@Getter
+@AllArgsConstructor
+public enum AuthHuaweiV3Scope implements AuthScope {
+
+    /**
+     * {@code scope} 含义，以{@code description} 为准
+     */
+    OPENID("openid", "基础scope，v3必选", true),
+    /**
+     * {@code scope} 含义，以{@code description} 为准
+     */
+    BASE_PROFILE("https://www.huawei.com/auth/account/base.profile", "获取用户的基本信息", true),
+    MOBILE_NUMBER("https://www.huawei.com/auth/account/mobile.number", "获取用户的手机号", false),
+    ACCOUNTLIST("https://www.huawei.com/auth/account/accountlist", "获取用户的账单列表", false),
+
+    /**
+     * 以下两个 scope 不需要经过华为评估和验证
+     */
+    SCOPE_DRIVE_FILE("https://www.huawei.com/auth/drive.file", "只允许访问由应用程序创建或打开的文件", false),
+    SCOPE_DRIVE_APPDATA("https://www.huawei.com/auth/drive.appdata", "只允许访问由应用程序创建或打开的文件", false),
+    /**
+     * 以下四个 scope 使用前需要向drivekit@huawei.com提交申请
+     * <p>
+     * 参考：https://developer.huawei.com/consumer/cn/doc/development/HMSCore-Guides-V5/server-dev-0000001050039664-V5#ZH-CN_TOPIC_0000001050039664__section1618418855716
+     */
+    SCOPE_DRIVE("https://www.huawei.com/auth/drive", "只允许访问由应用程序创建或打开的文件", false),
+    SCOPE_DRIVE_READONLY("https://www.huawei.com/auth/drive.readonly", "只允许访问由应用程序创建或打开的文件", false),
+    SCOPE_DRIVE_METADATA("https://www.huawei.com/auth/drive.metadata", "只允许访问由应用程序创建或打开的文件", false),
+    SCOPE_DRIVE_METADATA_READONLY("https://www.huawei.com/auth/drive.metadata.readonly", "只允许访问由应用程序创建或打开的文件", false),
+
+
+    ;
+    ;
+
+    private final String scope;
+    private final String description;
+    private final boolean isDefault;
+
+}
@@ -5,6 +5,7 @@ import lombok.Builder;
 import lombok.Getter;
 import lombok.NoArgsConstructor;
 import lombok.Setter;
+import me.zhyd.oauth.utils.StringUtils;

 import java.io.Serializable;

@@ -57,4 +58,19 @@ public class AuthCallback implements Serializable {
     */
    private String oauth_verifier;

+    /**
+     * 苹果仅在用户首次授权应用程序时返回此值。如果您的应用程序已经获得了用户的授权，那么苹果将不会再次返回此值
+     * @see <a href="https://developer.apple.com/documentation/sign_in_with_apple/useri">user info</a>
+     */
+    private String user;
+
+    /**
+     * 苹果错误信息，仅在用户取消授权时返回此值
+     * @see <a href="https://developer.apple.com/documentation/sign_in_with_apple/sign_in_with_apple_js/incorporating_sign_in_with_apple_into_other_platforms">error response</a>
+     */
+    private String error;
+
+    public String getCode() {
+        return StringUtils.isEmpty(code) ? auth_code : code;
+    }
 }
@@ -62,4 +62,15 @@ public class AuthToken implements Serializable {
    private String screenName;
    private Boolean oauthCallbackConfirmed;

+    /**
+     * Apple附带属性
+     */
+    private String username;
+
+    /**
+     * 新版钉钉附带属性
+     *
+     * @since 1.16.7
+     */
+    private String corpId;
 }
@@ -34,12 +34,12 @@ public abstract class AbstractAuthDingtalkRequest extends AuthDefaultRequest {
    }

    @Override
-    protected AuthToken getAccessToken(AuthCallback authCallback) {
+    public AuthToken getAccessToken(AuthCallback authCallback) {
        return AuthToken.builder().accessCode(authCallback.getCode()).build();
    }

    @Override
-    protected AuthUser getUserInfo(AuthToken authToken) {
+    public AuthUser getUserInfo(AuthToken authToken) {
        String code = authToken.getAccessCode();
        JSONObject param = new JSONObject();
        param.put("tmp_auth_code", code);
@@ -39,7 +39,7 @@ public abstract class AbstractAuthMicrosoftRequest extends AuthDefaultRequest {
    }

    @Override
-    protected AuthToken getAccessToken(AuthCallback authCallback) {
+    public AuthToken getAccessToken(AuthCallback authCallback) {
        return getToken(accessTokenUrl(authCallback.getCode()));
    }

@@ -80,7 +80,7 @@ public abstract class AbstractAuthMicrosoftRequest extends AuthDefaultRequest {
    }

    @Override
-    protected AuthUser getUserInfo(AuthToken authToken) {
+    public AuthUser getUserInfo(AuthToken authToken) {
        String token = authToken.getAccessToken();
        String tokenType = authToken.getTokenType();
        String jwt = tokenType + " " + token;
@@ -111,8 +111,8 @@ public abstract class AbstractAuthMicrosoftRequest extends AuthDefaultRequest {
     * @return AuthResponse
     */
    @Override
-    public AuthResponse refresh(AuthToken authToken) {
-        return AuthResponse.builder()
+    public AuthResponse<AuthToken> refresh(AuthToken authToken) {
+        return AuthResponse.<AuthToken>builder()
            .code(AuthResponseStatus.SUCCESS.getCode())
            .data(getToken(refreshTokenUrl(authToken.getRefreshToken())))
            .build();
@@ -34,7 +34,7 @@ public abstract class AbstractAuthWeChatEnterpriseRequest extends AuthDefaultReq
    }

    @Override
-    protected AuthToken getAccessToken(AuthCallback authCallback) {
+    public AuthToken getAccessToken(AuthCallback authCallback) {
        String response = doGetAuthorizationCode(accessTokenUrl(null));

        JSONObject object = this.checkResponse(response);
@@ -47,7 +47,7 @@ public abstract class AbstractAuthWeChatEnterpriseRequest extends AuthDefaultReq
    }

    @Override
-    protected AuthUser getUserInfo(AuthToken authToken) {
+    public AuthUser getUserInfo(AuthToken authToken) {
        String response = doGetUserInfo(authToken);
        JSONObject object = this.checkResponse(response);

@@ -30,7 +30,7 @@ public class AuthAfDianRequest extends AuthDefaultRequest {
    }

    @Override
-    protected AuthToken getAccessToken(AuthCallback authCallback) {
+    public AuthToken getAccessToken(AuthCallback authCallback) {
        Map<String, String> params = new HashMap<>();
        params.put("grant_type", "authorization_code");
        params.put("client_id", config.getClientId());
@@ -44,7 +44,7 @@ public class AuthAfDianRequest extends AuthDefaultRequest {
    }

    @Override
-    protected AuthUser getUserInfo(AuthToken authToken) {
+    public AuthUser getUserInfo(AuthToken authToken) {
        return AuthUser.builder()
            .uuid(authToken.getUserId())
            .gender(AuthUserGender.UNKNOWN)
@@ -0,0 +1,152 @@
+package me.zhyd.oauth.request;
+
+
+import com.alibaba.fastjson.JSONObject;
+import com.alipay.api.AlipayApiException;
+import com.alipay.api.AlipayClient;
+import com.alipay.api.AlipayConfig;
+import com.alipay.api.DefaultAlipayClient;
+import com.alipay.api.request.AlipaySystemOauthTokenRequest;
+import com.alipay.api.request.AlipayUserInfoShareRequest;
+import com.alipay.api.response.AlipaySystemOauthTokenResponse;
+import com.alipay.api.response.AlipayUserInfoShareResponse;
+import me.zhyd.oauth.config.AuthConfig;
+import me.zhyd.oauth.enums.AuthResponseStatus;
+import me.zhyd.oauth.enums.AuthUserGender;
+import me.zhyd.oauth.exception.AuthException;
+import me.zhyd.oauth.model.AuthCallback;
+import me.zhyd.oauth.model.AuthResponse;
+import me.zhyd.oauth.model.AuthToken;
+import me.zhyd.oauth.model.AuthUser;
+import me.zhyd.oauth.utils.StringUtils;
+import me.zhyd.oauth.utils.UrlBuilder;
+
+import static me.zhyd.oauth.config.AuthDefaultSource.ALIPAY;
+
+/**
+ * 支付宝证书模式登录
+ *
+ * @since 1.16.7
+ */
+public class AuthAlipayCertRequest extends AuthDefaultRequest {
+
+    private final AlipayClient alipayClient;
+
+    public AuthAlipayCertRequest(AuthConfig config, AlipayConfig alipayConfig) {
+        super(config, ALIPAY);
+        try {
+            this.alipayClient = new DefaultAlipayClient(alipayConfig);
+        } catch (AlipayApiException e) {
+            throw new AuthException(e);
+        }
+    }
+
+    @Override
+    protected void checkCode(AuthCallback authCallback) {
+        if (StringUtils.isEmpty(authCallback.getAuth_code())) {
+            throw new AuthException(AuthResponseStatus.ILLEGAL_CODE, source);
+        }
+    }
+
+    @Override
+    public AuthToken getAccessToken(AuthCallback authCallback) {
+        AlipaySystemOauthTokenRequest request = new AlipaySystemOauthTokenRequest();
+        request.setGrantType("authorization_code");
+        request.setCode(authCallback.getAuth_code());
+        AlipaySystemOauthTokenResponse response;
+        try {
+            response = this.alipayClient.certificateExecute(request);
+        } catch (Exception e) {
+            throw new AuthException(e);
+        }
+        if (!response.isSuccess()) {
+            throw new AuthException(response.getSubMsg());
+        }
+        return AuthToken.builder()
+            .accessToken(response.getAccessToken())
+            .uid(response.getUserId())
+            .expireIn(Integer.parseInt(response.getExpiresIn()))
+            .refreshToken(response.getRefreshToken())
+            .build();
+    }
+
+
+    /**
+     * 刷新access token （续期）
+     *
+     * @param authToken 登录成功后返回的Token信息
+     * @return AuthResponse
+     */
+    @Override
+    public AuthResponse<AuthToken> refresh(AuthToken authToken) {
+        AlipaySystemOauthTokenRequest request = new AlipaySystemOauthTokenRequest();
+        request.setGrantType("refresh_token");
+        request.setRefreshToken(authToken.getRefreshToken());
+        AlipaySystemOauthTokenResponse response = null;
+        try {
+            response = this.alipayClient.certificateExecute(request);
+        } catch (Exception e) {
+            throw new AuthException(e);
+        }
+        if (!response.isSuccess()) {
+            throw new AuthException(response.getSubMsg());
+        }
+        return AuthResponse.<AuthToken>builder()
+            .code(AuthResponseStatus.SUCCESS.getCode())
+            .data(AuthToken.builder()
+                .accessToken(response.getAccessToken())
+                .uid(response.getUserId())
+                .expireIn(Integer.parseInt(response.getExpiresIn()))
+                .refreshToken(response.getRefreshToken())
+                .build())
+            .build();
+    }
+
+    @Override
+    public AuthUser getUserInfo(AuthToken authToken) {
+        String accessToken = authToken.getAccessToken();
+        AlipayUserInfoShareRequest request = new AlipayUserInfoShareRequest();
+        AlipayUserInfoShareResponse response = null;
+        try {
+            response = this.alipayClient.certificateExecute(request, accessToken);
+        } catch (AlipayApiException e) {
+            throw new AuthException(e.getErrMsg(), e);
+        }
+        if (!response.isSuccess()) {
+            throw new AuthException(response.getSubMsg());
+        }
+
+        String province = response.getProvince(), city = response.getCity();
+        String location = String.format("%s %s", StringUtils.isEmpty(province) ? "" : province, StringUtils.isEmpty(city) ? "" : city);
+
+        return AuthUser.builder()
+            .rawUserInfo(JSONObject.parseObject(JSONObject.toJSONString(response)))
+            .uuid(response.getOpenId())
+            .username(StringUtils.isEmpty(response.getUserName()) ? response.getNickName() : response.getUserName())
+            .nickname(response.getNickName())
+            .avatar(response.getAvatar())
+            .location(location)
+            .gender(AuthUserGender.getRealGender(response.getGender()))
+            .token(authToken)
+            .source(source.toString())
+            .build();
+    }
+
+
+    /**
+     * 返回带{@code state}参数的授权url，授权回调时会带上这个{@code state}
+     *
+     * @param state state 验证授权流程的参数，可以防止csrf
+     * @return 返回授权地址
+     * @since 1.9.3
+     */
+    @Override
+    public String authorize(String state) {
+        return UrlBuilder.fromBaseUrl(source.authorize())
+            .queryParam("app_id", config.getClientId())
+            .queryParam("scope", "auth_user")
+            .queryParam("redirect_uri", config.getRedirectUri())
+            .queryParam("state", getRealState(state))
+            .build();
+    }
+}
@@ -26,7 +26,7 @@ import me.zhyd.oauth.utils.UrlBuilder;
 import java.net.InetSocketAddress;

 /**
- * 支付宝登录
+ * 支付宝公钥模式登录
 *
 * @author yadong.zhang (yadong.zhang0415(a)gmail.com)
 * @since 1.0.1
@@ -147,7 +147,7 @@ public class AuthAlipayRequest extends AuthDefaultRequest {
    }

    @Override
-    protected AuthToken getAccessToken(AuthCallback authCallback) {
+    public AuthToken getAccessToken(AuthCallback authCallback) {
        AlipaySystemOauthTokenRequest request = new AlipaySystemOauthTokenRequest();
        request.setGrantType("authorization_code");
        request.setCode(authCallback.getAuth_code());
@@ -175,7 +175,7 @@ public class AuthAlipayRequest extends AuthDefaultRequest {
     * @return AuthResponse
     */
    @Override
-    public AuthResponse refresh(AuthToken authToken) {
+    public AuthResponse<AuthToken> refresh(AuthToken authToken) {
        AlipaySystemOauthTokenRequest request = new AlipaySystemOauthTokenRequest();
        request.setGrantType("refresh_token");
        request.setRefreshToken(authToken.getRefreshToken());
@@ -188,7 +188,7 @@ public class AuthAlipayRequest extends AuthDefaultRequest {
        if (!response.isSuccess()) {
            throw new AuthException(response.getSubMsg());
        }
-        return AuthResponse.builder()
+        return AuthResponse.<AuthToken>builder()
            .code(AuthResponseStatus.SUCCESS.getCode())
            .data(AuthToken.builder()
                .accessToken(response.getAccessToken())
@@ -200,7 +200,7 @@ public class AuthAlipayRequest extends AuthDefaultRequest {
    }

    @Override
-    protected AuthUser getUserInfo(AuthToken authToken) {
+    public AuthUser getUserInfo(AuthToken authToken) {
        String accessToken = authToken.getAccessToken();
        AlipayUserInfoShareRequest request = new AlipayUserInfoShareRequest();
        AlipayUserInfoShareResponse response = null;
@@ -26,7 +26,7 @@ public class AuthAliyunRequest extends AuthDefaultRequest {
    }

    @Override
-    protected AuthToken getAccessToken(AuthCallback authCallback) {
+    public AuthToken getAccessToken(AuthCallback authCallback) {
        String response = doPostAuthorizationCode(authCallback.getCode());
        JSONObject accessTokenObject = JSONObject.parseObject(response);
        return AuthToken.builder()
@@ -39,7 +39,7 @@ public class AuthAliyunRequest extends AuthDefaultRequest {
    }

    @Override
-    protected AuthUser getUserInfo(AuthToken authToken) {
+    public AuthUser getUserInfo(AuthToken authToken) {
        String userInfo = doGetUserInfo(authToken);
        JSONObject object = JSONObject.parseObject(userInfo);
        return AuthUser.builder()
@@ -50,15 +50,16 @@ public class AuthAmazonRequest extends AuthDefaultRequest {
     */
    @Override
    public String authorize(String state) {
+        String realState = getRealState(state);
        UrlBuilder builder = UrlBuilder.fromBaseUrl(source.authorize())
            .queryParam("client_id", config.getClientId())
            .queryParam("scope", this.getScopes(" ", true, AuthScopeUtils.getDefaultScopes(AuthAmazonScope.values())))
            .queryParam("redirect_uri", config.getRedirectUri())
            .queryParam("response_type", "code")
-            .queryParam("state", getRealState(state));
+            .queryParam("state", realState);

        if (config.isPkce()) {
-            String cacheKey = this.source.getName().concat(":code_verifier:").concat(config.getClientId());
+            String cacheKey = this.source.getName().concat(":code_verifier:").concat(realState);
            String codeVerifier = PkceUtil.generateCodeVerifier();
            String codeChallengeMethod = "S256";
            String codeChallenge = PkceUtil.generateCodeChallenge(codeChallengeMethod, codeVerifier);
@@ -77,7 +78,7 @@ public class AuthAmazonRequest extends AuthDefaultRequest {
     * @return access token
     */
    @Override
-    protected AuthToken getAccessToken(AuthCallback authCallback) {
+    public AuthToken getAccessToken(AuthCallback authCallback) {
        Map<String, String> form = new HashMap<>(9);
        form.put("grant_type", "authorization_code");
        form.put("code", authCallback.getCode());
@@ -86,7 +87,7 @@ public class AuthAmazonRequest extends AuthDefaultRequest {
        form.put("client_secret", config.getClientSecret());

        if (config.isPkce()) {
-            String cacheKey = this.source.getName().concat(":code_verifier:").concat(config.getClientId());
+            String cacheKey = this.source.getName().concat(":code_verifier:").concat(authCallback.getState());
            String codeVerifier = this.authStateCache.get(cacheKey);
            form.put("code_verifier", codeVerifier);
        }
@@ -94,13 +95,13 @@ public class AuthAmazonRequest extends AuthDefaultRequest {
    }

    @Override
-    public AuthResponse refresh(AuthToken authToken) {
+    public AuthResponse<AuthToken> refresh(AuthToken authToken) {
        Map<String, String> form = new HashMap<>(7);
        form.put("grant_type", "refresh_token");
        form.put("refresh_token", authToken.getRefreshToken());
        form.put("client_id", config.getClientId());
        form.put("client_secret", config.getClientSecret());
-        return AuthResponse.builder()
+        return AuthResponse.<AuthToken>builder()
            .code(AuthResponseStatus.SUCCESS.getCode())
            .data(getToken(form, this.source.refresh()))
            .build();
@@ -140,7 +141,7 @@ public class AuthAmazonRequest extends AuthDefaultRequest {
     * @return AuthUser
     */
    @Override
-    protected AuthUser getUserInfo(AuthToken authToken) {
+    public AuthUser getUserInfo(AuthToken authToken) {
        String accessToken = authToken.getAccessToken();
        this.checkToken(accessToken);

@@ -0,0 +1,156 @@
+package me.zhyd.oauth.request;
+
+import com.alibaba.fastjson.JSONObject;
+import io.jsonwebtoken.Jwts;
+import io.jsonwebtoken.impl.security.AbstractJwk;
+import lombok.Data;
+import me.zhyd.oauth.cache.AuthStateCache;
+import me.zhyd.oauth.config.AuthConfig;
+import me.zhyd.oauth.config.AuthDefaultSource;
+import me.zhyd.oauth.enums.AuthResponseStatus;
+import me.zhyd.oauth.enums.scope.AuthAppleScope;
+import me.zhyd.oauth.exception.AuthException;
+import me.zhyd.oauth.model.AuthCallback;
+import me.zhyd.oauth.model.AuthToken;
+import me.zhyd.oauth.model.AuthUser;
+import me.zhyd.oauth.utils.AuthScopeUtils;
+import me.zhyd.oauth.utils.StringUtils;
+import me.zhyd.oauth.utils.UrlBuilder;
+import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
+import org.bouncycastle.openssl.PEMParser;
+import org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter;
+
+import java.io.IOException;
+import java.io.StringReader;
+import java.security.PrivateKey;
+import java.util.Base64;
+import java.util.Date;
+import java.util.concurrent.TimeUnit;
+
+public class AuthAppleRequest extends AuthDefaultRequest {
+
+    private static final String AUD = "https://appleid.apple.com";
+
+    private volatile PrivateKey privateKey;
+
+    public AuthAppleRequest(AuthConfig config) {
+        super(config, AuthDefaultSource.APPLE);
+    }
+
+    public AuthAppleRequest(AuthConfig config, AuthStateCache authStateCache) {
+        super(config, AuthDefaultSource.APPLE, authStateCache);
+    }
+
+    @Override
+    public String authorize(String state) {
+        return UrlBuilder.fromBaseUrl(super.authorize(state))
+            .queryParam("response_mode", "form_post")
+            .queryParam("scope", this.getScopes(" ", false, AuthScopeUtils.getDefaultScopes(AuthAppleScope.values())))
+            .build();
+    }
+
+    @Override
+    public AuthToken getAccessToken(AuthCallback authCallback) {
+        if (!StringUtils.isEmpty(authCallback.getError())) {
+            throw new AuthException(authCallback.getError());
+        }
+        this.config.setClientSecret(this.getToken());
+        // if failed will throw AuthException
+        String response = doPostAuthorizationCode(authCallback.getCode());
+        JSONObject accessTokenObject = JSONObject.parseObject(response);
+        // https://developer.apple.com/documentation/sign_in_with_apple/tokenresponse
+        AuthToken.AuthTokenBuilder builder = AuthToken.builder()
+            .accessToken(accessTokenObject.getString("access_token"))
+            .expireIn(accessTokenObject.getIntValue("expires_in"))
+            .refreshToken(accessTokenObject.getString("refresh_token"))
+            .tokenType(accessTokenObject.getString("token_type"))
+            .idToken(accessTokenObject.getString("id_token"));
+        if (!StringUtils.isEmpty(authCallback.getUser())) {
+            try {
+                AppleUserInfo userInfo = JSONObject.parseObject(authCallback.getUser(), AppleUserInfo.class);
+                builder.username(userInfo.getName().getFirstName() + " " + userInfo.getName().getLastName());
+            } catch (Exception ignored) {
+            }
+        }
+        return builder.build();
+    }
+
+    @Override
+    public AuthUser getUserInfo(AuthToken authToken) {
+        Base64.Decoder urlDecoder = Base64.getUrlDecoder();
+        String[] idToken = authToken.getIdToken().split("\\.");
+        String payload = new String(urlDecoder.decode(idToken[1]));
+        JSONObject object = JSONObject.parseObject(payload);
+        // https://developer.apple.com/documentation/sign_in_with_apple/sign_in_with_apple_rest_api/authenticating_users_with_sign_in_with_apple#3383773
+        return AuthUser.builder()
+            .rawUserInfo(object)
+            .uuid(object.getString("sub"))
+            .email(object.getString("email"))
+            .username(authToken.getUsername())
+            .token(authToken)
+            .source(source.toString())
+            .build();
+    }
+
+    @Override
+    protected void checkConfig(AuthConfig config) {
+        super.checkConfig(config);
+        if (StringUtils.isEmpty(config.getClientId())) {
+            throw new AuthException(AuthResponseStatus.ILLEGAL_CLIENT_ID, source);
+        }
+        if (StringUtils.isEmpty(config.getClientSecret())) {
+            throw new AuthException(AuthResponseStatus.ILLEGAL_CLIENT_SECRET, source);
+        }
+        if (StringUtils.isEmpty(config.getKid())) {
+            throw new AuthException(AuthResponseStatus.ILLEGAL_KID, source);
+        }
+        if (StringUtils.isEmpty(config.getTeamId())) {
+            throw new AuthException(AuthResponseStatus.ILLEGAL_TEAM_ID, source);
+        }
+    }
+
+    /**
+     * 获取token
+     * @see <a href="https://developer.apple.com/documentation/accountorganizationaldatasharing/creating-a-client-secret">creating-a-client-secret</a>
+     * @return jwt token
+     */
+    private String getToken() {
+        return Jwts.builder().header().add(AbstractJwk.KID.getId(), this.config.getKid()).and()
+            .issuer(this.config.getTeamId())
+            .subject(this.config.getClientId())
+            .audience().add(AUD).and()
+            .expiration(new Date(System.currentTimeMillis() + TimeUnit.MINUTES.toMillis(3)))
+            .issuedAt(new Date())
+            .signWith(getPrivateKey())
+            .compact();
+    }
+
+    private PrivateKey getPrivateKey() {
+        if (this.privateKey == null) {
+            synchronized (this) {
+                if (this.privateKey == null) {
+                    try (PEMParser pemParser = new PEMParser(new StringReader(this.config.getClientSecret()))) {
+                        JcaPEMKeyConverter pemKeyConverter = new JcaPEMKeyConverter();
+                        PrivateKeyInfo keyInfo = (PrivateKeyInfo) pemParser.readObject();
+                        this.privateKey = pemKeyConverter.getPrivateKey(keyInfo);
+                    } catch (IOException e) {
+                        throw new AuthException("Failed to get apple private key", e);
+                    }
+                }
+            }
+        }
+        return this.privateKey;
+    }
+
+    @Data
+    static class AppleUserInfo {
+        private AppleUsername name;
+        private String email;
+    }
+
+    @Data
+    static class AppleUsername {
+        private String firstName;
+        private String lastName;
+    }
+}
@@ -34,7 +34,7 @@ public class AuthBaiduRequest extends AuthDefaultRequest {
    }

    @Override
-    protected AuthToken getAccessToken(AuthCallback authCallback) {
+    public AuthToken getAccessToken(AuthCallback authCallback) {
        String response = doPostAuthorizationCode(authCallback.getCode());
        return getAuthToken(response);
    }
@@ -48,7 +48,7 @@ public class AuthBaiduRequest extends AuthDefaultRequest {
     * @return AuthUser
     */
    @Override
-    protected AuthUser getUserInfo(AuthToken authToken) {
+    public AuthUser getUserInfo(AuthToken authToken) {
        String userInfo = doGetUserInfo(authToken);
        JSONObject object = JSONObject.parseObject(userInfo);
        this.checkResponse(object);
@@ -81,7 +81,7 @@ public class AuthBaiduRequest extends AuthDefaultRequest {
    }

    @Override
-    public AuthResponse refresh(AuthToken authToken) {
+    public AuthResponse<AuthToken> refresh(AuthToken authToken) {
        String refreshUrl = UrlBuilder.fromBaseUrl(this.source.refresh())
            .queryParam("grant_type", "refresh_token")
            .queryParam("refresh_token", authToken.getRefreshToken())
@@ -89,7 +89,7 @@ public class AuthBaiduRequest extends AuthDefaultRequest {
            .queryParam("client_secret", this.config.getClientSecret())
            .build();
        String response = new HttpUtils(config.getHttpConfig()).get(refreshUrl).getBody();
-        return AuthResponse.builder()
+        return AuthResponse.<AuthToken>builder()
            .code(AuthResponseStatus.SUCCESS.getCode())
            .data(this.getAuthToken(response))
            .build();
@@ -30,7 +30,7 @@ public class AuthCodingRequest extends AuthDefaultRequest {
    }

    @Override
-    protected AuthToken getAccessToken(AuthCallback authCallback) {
+    public AuthToken getAccessToken(AuthCallback authCallback) {
        String response = doGetAuthorizationCode(authCallback.getCode());
        JSONObject accessTokenObject = JSONObject.parseObject(response);
        this.checkResponse(accessTokenObject);
@@ -42,7 +42,7 @@ public class AuthCodingRequest extends AuthDefaultRequest {
    }

    @Override
-    protected AuthUser getUserInfo(AuthToken authToken) {
+    public AuthUser getUserInfo(AuthToken authToken) {
        String response = doGetUserInfo(authToken);
        JSONObject object = JSONObject.parseObject(response);
        this.checkResponse(object);
@@ -28,7 +28,7 @@ public class AuthCsdnRequest extends AuthDefaultRequest {
    }

    @Override
-    protected AuthToken getAccessToken(AuthCallback authCallback) {
+    public AuthToken getAccessToken(AuthCallback authCallback) {
        String response = doPostAuthorizationCode(authCallback.getCode());
        JSONObject accessTokenObject = JSONObject.parseObject(response);
        this.checkResponse(accessTokenObject);
@@ -36,7 +36,7 @@ public class AuthCsdnRequest extends AuthDefaultRequest {
    }

    @Override
-    protected AuthUser getUserInfo(AuthToken authToken) {
+    public AuthUser getUserInfo(AuthToken authToken) {
        String response = doGetUserInfo(authToken);
        JSONObject object = JSONObject.parseObject(response);
        this.checkResponse(object);
@@ -40,28 +40,9 @@ public abstract class AuthDefaultRequest implements AuthRequest {
            throw new AuthException(AuthResponseStatus.PARAMETER_INCOMPLETE, source);
        }
        // 校验配置合法性
-        AuthChecker.checkConfig(config, source);
+        this.checkConfig(config);
    }

-    /**
-     * 获取access token
-     *
-     * @param authCallback 授权成功后的回调参数
-     * @return token
-     * @see AuthDefaultRequest#authorize()
-     * @see AuthDefaultRequest#authorize(String)
-     */
-    protected abstract AuthToken getAccessToken(AuthCallback authCallback);
-
-    /**
-     * 使用token换取用户信息
-     *
-     * @param authToken token信息
-     * @return 用户信息
-     * @see AuthDefaultRequest#getAccessToken(AuthCallback)
-     */
-    protected abstract AuthUser getUserInfo(AuthToken authToken);
-
    /**
     * 统一的登录入口。当通过{@link AuthDefaultRequest#authorize(String)}授权成功后，会跳转到调用方的相关回调方法中
     * 方法的入参可以使用{@code AuthCallback}，{@code AuthCallback}类中封装好了OAuth2授权回调所需要的参数
@@ -70,7 +51,7 @@ public abstract class AuthDefaultRequest implements AuthRequest {
     * @return AuthResponse
     */
    @Override
-    public AuthResponse login(AuthCallback authCallback) {
+    public AuthResponse<AuthUser> login(AuthCallback authCallback) {
        try {
            checkCode(authCallback);
            if (!config.isIgnoreCheckState()) {
@@ -79,7 +60,7 @@ public abstract class AuthDefaultRequest implements AuthRequest {

            AuthToken authToken = this.getAccessToken(authCallback);
            AuthUser user = this.getUserInfo(authToken);
-            return AuthResponse.builder().code(AuthResponseStatus.SUCCESS.getCode()).data(user).build();
+            return AuthResponse.<AuthUser>builder().code(AuthResponseStatus.SUCCESS.getCode()).data(user).build();
        } catch (Exception e) {
            Log.error("Failed to login with oauth authorization.", e);
            return this.responseError(e);
@@ -96,7 +77,7 @@ public abstract class AuthDefaultRequest implements AuthRequest {
     * @param e 具体的异常
     * @return AuthResponse
     */
-    AuthResponse responseError(Exception e) {
+    AuthResponse<AuthUser> responseError(Exception e) {
        int errorCode = AuthResponseStatus.FAILURE.getCode();
        String errorMsg = e.getMessage();
        if (e instanceof AuthException) {
@@ -106,7 +87,7 @@ public abstract class AuthDefaultRequest implements AuthRequest {
                errorMsg = authException.getErrorMsg();
            }
        }
-        return AuthResponse.builder().code(errorCode).msg(errorMsg).build();
+        return AuthResponse.<AuthUser>builder().code(errorCode).msg(errorMsg).build();
    }

    /**
@@ -295,4 +276,8 @@ public abstract class AuthDefaultRequest implements AuthRequest {
        return encode ? UrlUtil.urlEncode(scopeStr) : scopeStr;
    }

+    protected void checkConfig(AuthConfig config) {
+        AuthChecker.checkConfig(config, source);
+    }
+
 }
@@ -0,0 +1,108 @@
+package me.zhyd.oauth.request;
+
+import com.alibaba.fastjson.JSONObject;
+import com.xkcoding.http.support.HttpHeader;
+import me.zhyd.oauth.cache.AuthStateCache;
+import me.zhyd.oauth.config.AuthConfig;
+import me.zhyd.oauth.config.AuthDefaultSource;
+import me.zhyd.oauth.enums.scope.AuthDingTalkScope;
+import me.zhyd.oauth.exception.AuthException;
+import me.zhyd.oauth.model.AuthCallback;
+import me.zhyd.oauth.model.AuthToken;
+import me.zhyd.oauth.model.AuthUser;
+import me.zhyd.oauth.utils.AuthScopeUtils;
+import me.zhyd.oauth.utils.HttpUtils;
+import me.zhyd.oauth.utils.UrlBuilder;
+
+import java.util.HashMap;
+import java.util.Map;
+
+/**
+ * 新版钉钉二维码登录
+ *
+ * @author yadong.zhang (yadong.zhang0415(a)gmail.com)
+ * @since 1.16.7
+ */
+public class AuthDingTalkV2Request extends AuthDefaultRequest {
+
+    public AuthDingTalkV2Request(AuthConfig config) {
+        super(config, AuthDefaultSource.DINGTALK_V2);
+    }
+
+    public AuthDingTalkV2Request(AuthConfig config, AuthStateCache authStateCache) {
+        super(config, AuthDefaultSource.DINGTALK_V2, authStateCache);
+    }
+
+    @Override
+    public String authorize(String state) {
+        return UrlBuilder.fromBaseUrl(source.authorize())
+            .queryParam("response_type", "code")
+            .queryParam("client_id", config.getClientId())
+            .queryParam("scope", this.getScopes(",", true, AuthScopeUtils.getDefaultScopes(AuthDingTalkScope.values())))
+            .queryParam("redirect_uri", config.getRedirectUri())
+            .queryParam("prompt", "consent")
+            .queryParam("org_type", config.getDingTalkOrgType())
+            .queryParam("corpId", config.getDingTalkCorpId())
+            .queryParam("exclusiveLogin", config.isDingTalkExclusiveLogin())
+            .queryParam("exclusiveCorpId", config.getDingTalkExclusiveCorpId())
+            .queryParam("state", getRealState(state))
+            .build();
+    }
+
+    @Override
+    public AuthToken getAccessToken(AuthCallback authCallback) {
+        Map<String, String> params = new HashMap<>();
+        params.put("grantType", "authorization_code");
+        params.put("clientId", config.getClientId());
+        params.put("clientSecret", config.getClientSecret());
+        params.put("code", authCallback.getCode());
+        String response = new HttpUtils(config.getHttpConfig()).post(this.source.accessToken(), JSONObject.toJSONString(params)).getBody();
+        JSONObject accessTokenObject = JSONObject.parseObject(response);
+        if (!accessTokenObject.containsKey("accessToken")) {
+            throw new AuthException(JSONObject.toJSONString(response), source);
+        }
+        return AuthToken.builder()
+            .accessToken(accessTokenObject.getString("accessToken"))
+            .refreshToken(accessTokenObject.getString("refreshToken"))
+            .expireIn(accessTokenObject.getIntValue("expireIn"))
+            .corpId(accessTokenObject.getString("corpId"))
+            .build();
+    }
+
+    @Override
+    public AuthUser getUserInfo(AuthToken authToken) {
+        HttpHeader header = new HttpHeader();
+        header.add("x-acs-dingtalk-access-token", authToken.getAccessToken());
+
+        String response = new HttpUtils(config.getHttpConfig()).get(this.source.userInfo(), null, header, false).getBody();
+        JSONObject object = JSONObject.parseObject(response);
+
+        authToken.setOpenId(object.getString("openId"));
+        authToken.setUnionId(object.getString("unionId"));
+        return AuthUser.builder()
+            .rawUserInfo(object)
+            .uuid(object.getString("unionId"))
+            .username(object.getString("nick"))
+            .nickname(object.getString("nick"))
+            .avatar(object.getString("avatarUrl"))
+            .snapshotUser(object.getBooleanValue("visitor"))
+            .token(authToken)
+            .source(source.toString())
+            .build();
+    }
+
+    /**
+     * 返回获取accessToken的url
+     *
+     * @param code 授权码
+     * @return 返回获取accessToken的url
+     */
+    protected String accessTokenUrl(String code) {
+        return UrlBuilder.fromBaseUrl(source.accessToken())
+            .queryParam("code", code)
+            .queryParam("clientId", config.getClientId())
+            .queryParam("clientSecret", config.getClientSecret())
+            .queryParam("grantType", "authorization_code")
+            .build();
+    }
+}
@@ -34,16 +34,17 @@ public class AuthDouyinRequest extends AuthDefaultRequest {
    }

    @Override
-    protected AuthToken getAccessToken(AuthCallback authCallback) {
+    public AuthToken getAccessToken(AuthCallback authCallback) {
        return this.getToken(accessTokenUrl(authCallback.getCode()));
    }

    @Override
-    protected AuthUser getUserInfo(AuthToken authToken) {
+    public AuthUser getUserInfo(AuthToken authToken) {
        String response = doGetUserInfo(authToken);
        JSONObject userInfoObject = JSONObject.parseObject(response);
        this.checkResponse(userInfoObject);
        JSONObject object = userInfoObject.getJSONObject("data");
+        authToken.setUnionId(object.getString("union_id"));
        return AuthUser.builder()
            .rawUserInfo(object)
            .uuid(object.getString("union_id"))
@@ -59,8 +60,8 @@ public class AuthDouyinRequest extends AuthDefaultRequest {
    }

    @Override
-    public AuthResponse refresh(AuthToken oldToken) {
-        return AuthResponse.builder()
+    public AuthResponse<AuthToken> refresh(AuthToken oldToken) {
+        return AuthResponse.<AuthToken>builder()
            .code(AuthResponseStatus.SUCCESS.getCode())
            .data(getToken(refreshTokenUrl(oldToken.getRefreshToken())))
            .build();
@@ -96,6 +97,7 @@ public class AuthDouyinRequest extends AuthDefaultRequest {
            .openId(dataObj.getString("open_id"))
            .expireIn(dataObj.getIntValue("expires_in"))
            .refreshToken(dataObj.getString("refresh_token"))
+            .refreshTokenExpireIn(dataObj.getIntValue("refresh_expires_in"))
            .scope(dataObj.getString("scope"))
            .build();
    }
@@ -44,7 +44,7 @@ public class AuthElemeRequest extends AuthDefaultRequest {
    }

    @Override
-    protected AuthToken getAccessToken(AuthCallback authCallback) {
+    public AuthToken getAccessToken(AuthCallback authCallback) {
        Map<String, String> form = new HashMap<>(7);
        form.put("client_id", config.getClientId());
        form.put("redirect_uri", config.getRedirectUri());
@@ -66,7 +66,7 @@ public class AuthElemeRequest extends AuthDefaultRequest {
    }

    @Override
-    protected AuthUser getUserInfo(AuthToken authToken) {
+    public AuthUser getUserInfo(AuthToken authToken) {
        Map<String, Object> parameters = new HashMap<>(4);
        // 获取商户账号信息的API接口名称
        String action = "eleme.user.getUser";
@@ -117,7 +117,7 @@ public class AuthElemeRequest extends AuthDefaultRequest {
    }

    @Override
-    public AuthResponse refresh(AuthToken oldToken) {
+    public AuthResponse<AuthToken> refresh(AuthToken oldToken) {
        Map<String, String> form = new HashMap<>(4);
        form.put("refresh_token", oldToken.getRefreshToken());
        form.put("grant_type", "refresh_token");
@@ -129,7 +129,7 @@ public class AuthElemeRequest extends AuthDefaultRequest {

        this.checkResponse(object);

-        return AuthResponse.builder()
+        return AuthResponse.<AuthToken>builder()
            .code(AuthResponseStatus.SUCCESS.getCode())
            .data(AuthToken.builder()
                .accessToken(object.getString("access_token"))
@@ -4,6 +4,7 @@ import com.alibaba.fastjson.JSONObject;
 import me.zhyd.oauth.cache.AuthStateCache;
 import me.zhyd.oauth.config.AuthConfig;
 import me.zhyd.oauth.config.AuthDefaultSource;
+import me.zhyd.oauth.enums.AuthResponseStatus;
 import me.zhyd.oauth.enums.AuthUserGender;
 import me.zhyd.oauth.enums.scope.AuthFacebookScope;
 import me.zhyd.oauth.exception.AuthException;
@@ -11,6 +12,7 @@ import me.zhyd.oauth.model.AuthCallback;
 import me.zhyd.oauth.model.AuthToken;
 import me.zhyd.oauth.model.AuthUser;
 import me.zhyd.oauth.utils.AuthScopeUtils;
+import me.zhyd.oauth.utils.GlobalAuthUtils;
 import me.zhyd.oauth.utils.UrlBuilder;

 /**
@@ -30,7 +32,7 @@ public class AuthFacebookRequest extends AuthDefaultRequest {
    }

    @Override
-    protected AuthToken getAccessToken(AuthCallback authCallback) {
+    public AuthToken getAccessToken(AuthCallback authCallback) {
        String response = doPostAuthorizationCode(authCallback.getCode());
        JSONObject accessTokenObject = JSONObject.parseObject(response);
        this.checkResponse(accessTokenObject);
@@ -42,7 +44,7 @@ public class AuthFacebookRequest extends AuthDefaultRequest {
    }

    @Override
-    protected AuthUser getUserInfo(AuthToken authToken) {
+    public AuthUser getUserInfo(AuthToken authToken) {
        String userInfo = doGetUserInfo(authToken);
        JSONObject object = JSONObject.parseObject(userInfo);
        this.checkResponse(object);
@@ -87,6 +89,16 @@ public class AuthFacebookRequest extends AuthDefaultRequest {
            .build();
    }

+    @Override
+    protected void checkConfig(AuthConfig config) {
+        super.checkConfig(config);
+        // facebook的回调地址必须为https的链接
+        if (AuthDefaultSource.FACEBOOK == source && !GlobalAuthUtils.isHttpsProtocol(config.getRedirectUri())) {
+            // Facebook's redirect uri must use the HTTPS protocol
+            throw new AuthException(AuthResponseStatus.ILLEGAL_REDIRECT_URI, source);
+        }
+    }
+
    /**
     * 检查响应内容是否正确
     *
@@ -66,7 +66,7 @@ public class AuthFeishuRequest extends AuthDefaultRequest {
    }

    @Override
-    protected AuthToken getAccessToken(AuthCallback authCallback) {
+    public AuthToken getAccessToken(AuthCallback authCallback) {
        JSONObject requestObject = new JSONObject();
        requestObject.put("app_access_token", this.getAppAccessToken());
        requestObject.put("grant_type", "authorization_code");
@@ -76,7 +76,7 @@ public class AuthFeishuRequest extends AuthDefaultRequest {
    }

    @Override
-    protected AuthUser getUserInfo(AuthToken authToken) {
+    public AuthUser getUserInfo(AuthToken authToken) {
        String accessToken = authToken.getAccessToken();
        String response = new HttpUtils(config.getHttpConfig()).get(source.userInfo(), null, new HttpHeader()
            .add("Content-Type", "application/json")
@@ -98,12 +98,12 @@ public class AuthFeishuRequest extends AuthDefaultRequest {
    }

    @Override
-    public AuthResponse refresh(AuthToken authToken) {
+    public AuthResponse<AuthToken> refresh(AuthToken authToken) {
        JSONObject requestObject = new JSONObject();
        requestObject.put("app_access_token", this.getAppAccessToken());
        requestObject.put("grant_type", "refresh_token");
        requestObject.put("refresh_token", authToken.getRefreshToken());
-        return AuthResponse.builder()
+        return AuthResponse.<AuthToken>builder()
            .code(AuthResponseStatus.SUCCESS.getCode())
            .data(getToken(requestObject, this.source.refresh()))
            .build();
@@ -0,0 +1,118 @@
+package me.zhyd.oauth.request;
+
+import com.alibaba.fastjson.JSONObject;
+import com.xkcoding.http.support.HttpHeader;
+import me.zhyd.oauth.cache.AuthStateCache;
+import me.zhyd.oauth.config.AuthConfig;
+import me.zhyd.oauth.config.AuthDefaultSource;
+import me.zhyd.oauth.enums.AuthResponseStatus;
+import me.zhyd.oauth.enums.scope.AuthFigmaScope;
+import me.zhyd.oauth.exception.AuthException;
+import me.zhyd.oauth.model.AuthCallback;
+import me.zhyd.oauth.model.AuthResponse;
+import me.zhyd.oauth.model.AuthToken;
+import me.zhyd.oauth.model.AuthUser;
+import me.zhyd.oauth.utils.*;
+
+/**
+ * Figma登录
+ * @author xiangqian
+ * @since 1.16.6
+ */
+public class AuthFigmaRequest extends AuthDefaultRequest {
+    public AuthFigmaRequest(AuthConfig config) {
+        super(config, AuthDefaultSource.FIGMA);
+    }
+
+    public AuthFigmaRequest(AuthConfig config, AuthStateCache authStateCache) {
+        super(config, AuthDefaultSource.FIGMA, authStateCache);
+    }
+
+    @Override
+    public String authorize(String state) {
+        return UrlBuilder.fromBaseUrl(super.authorize(state))
+            .queryParam("scope", this.getScopes(",", true, AuthScopeUtils.getDefaultScopes(AuthFigmaScope.values())))
+            .build();
+    }
+
+    @Override
+    public AuthToken getAccessToken(AuthCallback authCallback) {
+        HttpHeader header = new HttpHeader()
+            .add("content-type", "application/x-www-form-urlencoded")
+            .add("Authorization", "Basic " + Base64Utils.encode(config.getClientId().concat(":").concat(config.getClientSecret())));
+
+        String response = new HttpUtils(config.getHttpConfig()).post(super.accessTokenUrl(authCallback.getCode()), null, header, true).getBody();
+        JSONObject accessTokenObject = JSONObject.parseObject(response);
+
+        this.checkResponse(accessTokenObject);
+
+        return AuthToken.builder()
+            .accessToken(accessTokenObject.getString("access_token"))
+            .refreshToken(accessTokenObject.getString("refresh_token"))
+            .scope(accessTokenObject.getString("scope"))
+            .userId(accessTokenObject.getString("user_id"))
+            .expireIn(accessTokenObject.getIntValue("expires_in"))
+            .build();
+    }
+
+    @Override
+    public AuthResponse<AuthToken> refresh(AuthToken authToken) {
+        HttpHeader header = new HttpHeader().add("content-type", "application/x-www-form-urlencoded");
+        String response = new HttpUtils(config.getHttpConfig()).post(this.refreshTokenUrl(authToken.getRefreshToken()), null, header, false).getBody();
+        JSONObject dataObj = JSONObject.parseObject(response);
+
+        this.checkResponse(dataObj);
+
+        return AuthResponse.<AuthToken>builder()
+            .code(AuthResponseStatus.SUCCESS.getCode())
+            .data(AuthToken.builder()
+                .accessToken(dataObj.getString("access_token"))
+                .openId(dataObj.getString("open_id"))
+                .expireIn(dataObj.getIntValue("expires_in"))
+                .refreshToken(dataObj.getString("refresh_token"))
+                .scope(dataObj.getString("scope"))
+                .build())
+            .build();
+
+    }
+
+    @Override
+    protected String refreshTokenUrl(String refreshToken) {
+        return UrlBuilder.fromBaseUrl(source.refresh())
+            .queryParam("client_id", config.getClientId())
+            .queryParam("client_secret", config.getClientSecret())
+            .queryParam("refresh_token", refreshToken)
+            .build();
+    }
+
+    @Override
+    public AuthUser getUserInfo(AuthToken authToken) {
+        HttpHeader header = new HttpHeader().add("Authorization", "Bearer " + authToken.getAccessToken());
+        String response = new HttpUtils(config.getHttpConfig()).get(super.userInfoUrl(authToken), null, header, false).getBody();
+        JSONObject dataObj = JSONObject.parseObject(response);
+
+        this.checkResponse(dataObj);
+
+        return AuthUser.builder()
+            .rawUserInfo(dataObj)
+            .uuid(dataObj.getString("id"))
+            .username(dataObj.getString("handle"))
+            .avatar(dataObj.getString("img_url"))
+            .email(dataObj.getString("email"))
+            .token(authToken)
+            .source(source.toString())
+            .build();
+    }
+
+
+    /**
+     * 校验响应结果
+     *
+     * @param object 接口返回的结果
+     */
+    private void checkResponse(JSONObject object) {
+        if (object.containsKey("error")) {
+            throw new AuthException(object.getString("error") + ":" + object.getString("message"));
+        }
+    }
+}
@@ -30,7 +30,7 @@ public class AuthGiteeRequest extends AuthDefaultRequest {
    }

    @Override
-    protected AuthToken getAccessToken(AuthCallback authCallback) {
+    public AuthToken getAccessToken(AuthCallback authCallback) {
        String response = doPostAuthorizationCode(authCallback.getCode());
        JSONObject accessTokenObject = JSONObject.parseObject(response);
        this.checkResponse(accessTokenObject);
@@ -44,7 +44,7 @@ public class AuthGiteeRequest extends AuthDefaultRequest {
    }

    @Override
-    protected AuthUser getUserInfo(AuthToken authToken) {
+    public AuthUser getUserInfo(AuthToken authToken) {
        String userInfo = doGetUserInfo(authToken);
        JSONObject object = JSONObject.parseObject(userInfo);
        this.checkResponse(object);
@@ -35,7 +35,7 @@ public class AuthGithubRequest extends AuthDefaultRequest {
    }

    @Override
-    protected AuthToken getAccessToken(AuthCallback authCallback) {
+    public AuthToken getAccessToken(AuthCallback authCallback) {
        String response = doPostAuthorizationCode(authCallback.getCode());
        Map<String, String> res = GlobalAuthUtils.parseStringToMap(response);

@@ -49,7 +49,7 @@ public class AuthGithubRequest extends AuthDefaultRequest {
    }

    @Override
-    protected AuthUser getUserInfo(AuthToken authToken) {
+    public AuthUser getUserInfo(AuthToken authToken) {
        HttpHeader header = new HttpHeader();
        header.add("Authorization", "token " + authToken.getAccessToken());
        String response = new HttpUtils(config.getHttpConfig()).get(UrlBuilder.fromBaseUrl(source.userInfo()).build(), null, header, false).getBody();
@@ -30,7 +30,7 @@ public class AuthGitlabRequest extends AuthDefaultRequest {
    }

    @Override
-    protected AuthToken getAccessToken(AuthCallback authCallback) {
+    public AuthToken getAccessToken(AuthCallback authCallback) {
        String response = doPostAuthorizationCode(authCallback.getCode());
        JSONObject object = JSONObject.parseObject(response);

@@ -46,7 +46,7 @@ public class AuthGitlabRequest extends AuthDefaultRequest {
    }

    @Override
-    protected AuthUser getUserInfo(AuthToken authToken) {
+    public AuthUser getUserInfo(AuthToken authToken) {
        String response = doGetUserInfo(authToken);
        JSONObject object = JSONObject.parseObject(response);

@@ -33,7 +33,7 @@ public class AuthGoogleRequest extends AuthDefaultRequest {
    }

    @Override
-    protected AuthToken getAccessToken(AuthCallback authCallback) {
+    public AuthToken getAccessToken(AuthCallback authCallback) {
        String response = doPostAuthorizationCode(authCallback.getCode());
        JSONObject accessTokenObject = JSONObject.parseObject(response);
        this.checkResponse(accessTokenObject);
@@ -47,7 +47,7 @@ public class AuthGoogleRequest extends AuthDefaultRequest {
    }

    @Override
-    protected AuthUser getUserInfo(AuthToken authToken) {
+    public AuthUser getUserInfo(AuthToken authToken) {
        HttpHeader httpHeader = new HttpHeader();
        httpHeader.add("Authorization", "Bearer " + authToken.getAccessToken());
        String userInfo = new HttpUtils(config.getHttpConfig()).post(userInfoUrl(authToken), null, httpHeader).getBody();
@@ -23,10 +23,13 @@ import static me.zhyd.oauth.enums.AuthResponseStatus.SUCCESS;
 /**
 * 华为授权登录
 *
+ * 当前方式未来可能被废弃，建议使用 {@link AuthHuaweiV3Request}
+ *
 * @author yadong.zhang (yadong.zhang0415(a)gmail.com)
 * @version 1.0
 * @since 1.10.0
 */
+@Deprecated
 public class AuthHuaweiRequest extends AuthDefaultRequest {

    public AuthHuaweiRequest(AuthConfig config) {
@@ -46,7 +49,7 @@ public class AuthHuaweiRequest extends AuthDefaultRequest {
     * @see AuthDefaultRequest#authorize(String)
     */
    @Override
-    protected AuthToken getAccessToken(AuthCallback authCallback) {
+    public AuthToken getAccessToken(AuthCallback authCallback) {
        Map<String, String> form = new HashMap<>(8);
        form.put("grant_type", "authorization_code");
        form.put("code", authCallback.getAuthorization_code());
@@ -66,12 +69,14 @@ public class AuthHuaweiRequest extends AuthDefaultRequest {
     * @see AuthDefaultRequest#getAccessToken(AuthCallback)
     */
    @Override
-    protected AuthUser getUserInfo(AuthToken authToken) {
+    public AuthUser getUserInfo(AuthToken authToken) {
        Map<String, String> form = new HashMap<>(7);
        form.put("nsp_ts", System.currentTimeMillis() + "");
        form.put("access_token", authToken.getAccessToken());
        form.put("nsp_fmt", "JS");
-        form.put("nsp_svc", "OpenUP.User.getInfo");
+        form.put("open_id", "OPENID");
+        // form.put("nsp_svc", "OpenUP.User.getInfo");
+        form.put("nsp_svc", "huawei.oauth2.user.getTokenInfo");

        String response = new HttpUtils(config.getHttpConfig()).post(source.userInfo(), form, false).getBody();
        JSONObject object = JSONObject.parseObject(response);
@@ -99,7 +104,7 @@ public class AuthHuaweiRequest extends AuthDefaultRequest {
     * @return AuthResponse
     */
    @Override
-    public AuthResponse refresh(AuthToken authToken) {
+    public AuthResponse<AuthToken> refresh(AuthToken authToken) {
        Map<String, String> form = new HashMap<>(7);
        form.put("client_id", config.getClientId());
        form.put("client_secret", config.getClientSecret());
@@ -107,7 +112,7 @@ public class AuthHuaweiRequest extends AuthDefaultRequest {
        form.put("grant_type", "refresh_token");

        String response = new HttpUtils(config.getHttpConfig()).post(source.refresh(), form, false).getBody();
-        return AuthResponse.builder().code(SUCCESS.getCode()).data(getAuthToken(response)).build();
+        return AuthResponse.<AuthToken>builder().code(SUCCESS.getCode()).data(getAuthToken(response)).build();
    }

    private AuthToken getAuthToken(String response) {
@@ -0,0 +1,196 @@
+package me.zhyd.oauth.request;
+
+import com.alibaba.fastjson.JSONObject;
+import com.xkcoding.http.constants.Constants;
+import com.xkcoding.http.support.HttpHeader;
+import me.zhyd.oauth.cache.AuthStateCache;
+import me.zhyd.oauth.config.AuthConfig;
+import me.zhyd.oauth.config.AuthDefaultSource;
+import me.zhyd.oauth.enums.AuthUserGender;
+import me.zhyd.oauth.enums.scope.AuthHuaweiV3Scope;
+import me.zhyd.oauth.exception.AuthException;
+import me.zhyd.oauth.model.AuthCallback;
+import me.zhyd.oauth.model.AuthResponse;
+import me.zhyd.oauth.model.AuthToken;
+import me.zhyd.oauth.model.AuthUser;
+import me.zhyd.oauth.utils.*;
+
+import java.nio.charset.StandardCharsets;
+import java.util.Base64;
+import java.util.HashMap;
+import java.util.Map;
+import java.util.concurrent.TimeUnit;
+
+import static me.zhyd.oauth.enums.AuthResponseStatus.SUCCESS;
+
+/**
+ * 华为授权登录
+ *
+ * @author yadong.zhang (yadong.zhang0415(a)gmail.com)
+ * @version 1.0
+ * @since 1.16.7
+ */
+public class AuthHuaweiV3Request extends AuthDefaultRequest {
+
+    public AuthHuaweiV3Request(AuthConfig config) {
+        super(config, AuthDefaultSource.HUAWEI_V3);
+    }
+
+    public AuthHuaweiV3Request(AuthConfig config, AuthStateCache authStateCache) {
+        super(config, AuthDefaultSource.HUAWEI_V3, authStateCache);
+    }
+
+    /**
+     * 获取access token
+     *
+     * @param authCallback 授权成功后的回调参数
+     * @return token
+     * @see AuthDefaultRequest#authorize()
+     * @see AuthDefaultRequest#authorize(String)
+     */
+    @Override
+    public AuthToken getAccessToken(AuthCallback authCallback) {
+        Map<String, String> form = new HashMap<>(8);
+        form.put("grant_type", "authorization_code");
+        form.put("code", authCallback.getCode());
+        form.put("client_id", config.getClientId());
+        form.put("client_secret", config.getClientSecret());
+        form.put("redirect_uri", config.getRedirectUri());
+
+        if (config.isPkce()) {
+            String cacheKey = this.source.getName().concat(":code_verifier:").concat(authCallback.getState());
+            String codeVerifier = this.authStateCache.get(cacheKey);
+            form.put("code_verifier", codeVerifier);
+        }
+
+        HttpHeader httpHeader = new HttpHeader();
+        httpHeader.add(Constants.CONTENT_TYPE, "application/x-www-form-urlencoded");
+        String response = new HttpUtils(config.getHttpConfig()).post(source.accessToken(), form, httpHeader, false).getBody();
+        return getAuthToken(response);
+    }
+
+    /**
+     * 使用token换取用户信息
+     *
+     * @param authToken token信息
+     * @return 用户信息
+     * @see AuthDefaultRequest#getAccessToken(AuthCallback)
+     */
+    @Override
+    public AuthUser getUserInfo(AuthToken authToken) {
+        String idToken = authToken.getIdToken();
+        if (StringUtils.isEmpty(idToken)) {
+            Map<String, String> form = new HashMap<>(7);
+            form.put("access_token", authToken.getAccessToken());
+            form.put("getNickName", "1");
+            form.put("nsp_svc", "GOpen.User.getInfo");
+
+            HttpHeader httpHeader = new HttpHeader();
+            httpHeader.add(Constants.CONTENT_TYPE, "application/x-www-form-urlencoded");
+            String response = new HttpUtils(config.getHttpConfig()).post(source.userInfo(), form, httpHeader, false).getBody();
+            JSONObject object = JSONObject.parseObject(response);
+
+            this.checkResponse(object);
+
+            return AuthUser.builder()
+                .rawUserInfo(object)
+                .uuid(object.getString("unionID"))
+                .username(object.getString("displayName"))
+                .nickname(object.getString("displayName"))
+                .gender(AuthUserGender.UNKNOWN)
+                .avatar(object.getString("headPictureURL"))
+                .token(authToken)
+                .source(source.toString())
+                .build();
+        }
+        String payload = new String(Base64.getUrlDecoder().decode(idToken.split("\\.")[1]), StandardCharsets.UTF_8);
+
+        JSONObject object = JSONObject.parseObject(payload);
+        return AuthUser.builder()
+            .rawUserInfo(object)
+            .uuid(object.getString("sub"))
+            .username(object.getString("name"))
+            .nickname(object.getString("nickname"))
+            .gender(AuthUserGender.UNKNOWN)
+            .avatar(object.getString("picture"))
+            .token(authToken)
+            .source(source.toString())
+            .build();
+    }
+
+    /**
+     * 刷新access token （续期）
+     *
+     * @param authToken 登录成功后返回的Token信息
+     * @return AuthResponse
+     */
+    @Override
+    public AuthResponse<AuthToken> refresh(AuthToken authToken) {
+        Map<String, String> form = new HashMap<>(7);
+        form.put("client_id", config.getClientId());
+        form.put("client_secret", config.getClientSecret());
+        form.put("refresh_token", authToken.getRefreshToken());
+        form.put("grant_type", "refresh_token");
+
+        HttpHeader httpHeader = new HttpHeader();
+        httpHeader.add(Constants.CONTENT_TYPE, "application/x-www-form-urlencoded");
+        String response = new HttpUtils(config.getHttpConfig()).post(source.refresh(), form, httpHeader, false).getBody();
+        return AuthResponse.<AuthToken>builder().code(SUCCESS.getCode()).data(getAuthToken(response)).build();
+    }
+
+    private AuthToken getAuthToken(String response) {
+        JSONObject object = JSONObject.parseObject(response);
+
+        this.checkResponse(object);
+
+        return AuthToken.builder()
+            .accessToken(object.getString("access_token"))
+            .expireIn(object.getIntValue("expires_in"))
+            .refreshToken(object.getString("refresh_token"))
+            .idToken(object.getString("id_token"))
+            .build();
+    }
+
+    /**
+     * 返回带{@code state}参数的授权url，授权回调时会带上这个{@code state}
+     *
+     * @param state state 验证授权流程的参数，可以防止csrf
+     * @return 返回授权地址
+     * @since 1.9.3
+     */
+    @Override
+    public String authorize(String state) {
+        String realState = getRealState(state);
+        UrlBuilder builder = UrlBuilder.fromBaseUrl(super.authorize(realState))
+            .queryParam("access_type", "offline")
+            .queryParam("scope", this.getScopes(" ", true, AuthScopeUtils.getDefaultScopes(AuthHuaweiV3Scope.values())));
+
+        if (config.isPkce()) {
+            String cacheKey = this.source.getName().concat(":code_verifier:").concat(realState);
+            String codeVerifier = PkceUtil.generateCodeVerifier();
+            String codeChallengeMethod = "S256";
+            String codeChallenge = PkceUtil.generateCodeChallenge(codeChallengeMethod, codeVerifier);
+            builder.queryParam("code_challenge", codeChallenge)
+                .queryParam("code_challenge_method", codeChallengeMethod);
+            // 缓存 codeVerifier 十分钟
+            this.authStateCache.cache(cacheKey, codeVerifier, TimeUnit.MINUTES.toMillis(10));
+        }
+        return builder.build();
+    }
+
+    /**
+     * 校验响应结果
+     *
+     * @param object 接口返回的结果
+     */
+    private void checkResponse(JSONObject object) {
+        if (object.containsKey("NSP_STATUS")) {
+            throw new AuthException(object.getString("error"));
+        }
+        if (object.containsKey("error")) {
+            throw new AuthException(object.getString("sub_error") + ":" + object.getString("error_description"));
+        }
+    }
+
+
+}
@@ -39,7 +39,7 @@ public class AuthJdRequest extends AuthDefaultRequest {
    }

    @Override
-    protected AuthToken getAccessToken(AuthCallback authCallback) {
+    public AuthToken getAccessToken(AuthCallback authCallback) {

        Map<String, String> params = new HashMap<>(7);
        params.put("app_key", config.getClientId());
@@ -61,7 +61,7 @@ public class AuthJdRequest extends AuthDefaultRequest {
    }

    @Override
-    protected AuthUser getUserInfo(AuthToken authToken) {
+    public AuthUser getUserInfo(AuthToken authToken) {
        UrlBuilder urlBuilder = UrlBuilder.fromBaseUrl(source.userInfo())
            .queryParam("access_token", authToken.getAccessToken())
            .queryParam("app_key", config.getClientId())
@@ -103,7 +103,7 @@ public class AuthJdRequest extends AuthDefaultRequest {
    }

    @Override
-    public AuthResponse refresh(AuthToken oldToken) {
+    public AuthResponse<AuthToken> refresh(AuthToken oldToken) {
        Map<String, String> params = new HashMap<>(7);
        params.put("app_key", config.getClientId());
        params.put("app_secret", config.getClientSecret());
@@ -114,7 +114,7 @@ public class AuthJdRequest extends AuthDefaultRequest {

        this.checkResponse(object);

-        return AuthResponse.builder()
+        return AuthResponse.<AuthToken>builder()
            .code(AuthResponseStatus.SUCCESS.getCode())
            .data(AuthToken.builder()
                .accessToken(object.getString("access_token"))
@@ -109,8 +109,8 @@ public class AuthKujialeRequest extends AuthDefaultRequest {
    }

    @Override
-    public AuthResponse refresh(AuthToken authToken) {
+    public AuthResponse<AuthToken> refresh(AuthToken authToken) {
        String response = new HttpUtils(config.getHttpConfig()).post(refreshTokenUrl(authToken.getRefreshToken())).getBody();
-        return AuthResponse.builder().code(AuthResponseStatus.SUCCESS.getCode()).data(getAuthToken(response)).build();
+        return AuthResponse.<AuthToken>builder().code(AuthResponseStatus.SUCCESS.getCode()).data(getAuthToken(response)).build();
    }
 }
@@ -36,7 +36,7 @@ public class AuthLineRequest extends AuthDefaultRequest {
    }

    @Override
-    protected AuthToken getAccessToken(AuthCallback authCallback) {
+    public AuthToken getAccessToken(AuthCallback authCallback) {
        Map<String, String> params = new HashMap<>();
        params.put("grant_type", "authorization_code");
        params.put("code", authCallback.getCode());
@@ -56,7 +56,7 @@ public class AuthLineRequest extends AuthDefaultRequest {
    }

    @Override
-    protected AuthUser getUserInfo(AuthToken authToken) {
+    public AuthUser getUserInfo(AuthToken authToken) {
        String userInfo = new HttpUtils(config.getHttpConfig()).get(source.userInfo(), null, new HttpHeader()
            .add("Content-Type", "application/x-www-form-urlencoded")
            .add("Authorization", "Bearer ".concat(authToken.getAccessToken())), false).getBody();
@@ -88,7 +88,7 @@ public class AuthLineRequest extends AuthDefaultRequest {
    }

    @Override
-    public AuthResponse refresh(AuthToken oldToken) {
+    public AuthResponse<AuthToken> refresh(AuthToken oldToken) {
        Map<String, String> params = new HashMap<>();
        params.put("grant_type", "refresh_token");
        params.put("refresh_token", oldToken.getRefreshToken());
@@ -96,7 +96,7 @@ public class AuthLineRequest extends AuthDefaultRequest {
        params.put("client_secret", config.getClientSecret());
        String response = new HttpUtils(config.getHttpConfig()).post(source.accessToken(), params, false).getBody();
        JSONObject accessTokenObject = JSONObject.parseObject(response);
-        return AuthResponse.builder()
+        return AuthResponse.<AuthToken>builder()
            .code(AuthResponseStatus.SUCCESS.getCode())
            .data(AuthToken.builder()
                .accessToken(accessTokenObject.getString("access_token"))
@@ -36,12 +36,12 @@ public class AuthLinkedinRequest extends AuthDefaultRequest {
    }

    @Override
-    protected AuthToken getAccessToken(AuthCallback authCallback) {
+    public AuthToken getAccessToken(AuthCallback authCallback) {
        return this.getToken(accessTokenUrl(authCallback.getCode()));
    }

    @Override
-    protected AuthUser getUserInfo(AuthToken authToken) {
+    public AuthUser getUserInfo(AuthToken authToken) {
        String accessToken = authToken.getAccessToken();
        HttpHeader httpHeader = new HttpHeader();
        httpHeader.add("Host", "api.linkedin.com");
@@ -34,7 +34,7 @@ public class AuthMeituanRequest extends AuthDefaultRequest {
    }

    @Override
-    protected AuthToken getAccessToken(AuthCallback authCallback) {
+    public AuthToken getAccessToken(AuthCallback authCallback) {
        Map<String, String> form = new HashMap<>(7);
        form.put("app_id", config.getClientId());
        form.put("secret", config.getClientSecret());
@@ -54,7 +54,7 @@ public class AuthMeituanRequest extends AuthDefaultRequest {
    }

    @Override
-    protected AuthUser getUserInfo(AuthToken authToken) {
+    public AuthUser getUserInfo(AuthToken authToken) {
        Map<String, String> form = new HashMap<>(5);
        form.put("app_id", config.getClientId());
        form.put("secret", config.getClientSecret());
@@ -78,7 +78,7 @@ public class AuthMeituanRequest extends AuthDefaultRequest {
    }

    @Override
-    public AuthResponse refresh(AuthToken oldToken) {
+    public AuthResponse<AuthToken> refresh(AuthToken oldToken) {
        Map<String, String> form = new HashMap<>(7);
        form.put("app_id", config.getClientId());
        form.put("secret", config.getClientSecret());
@@ -90,7 +90,7 @@ public class AuthMeituanRequest extends AuthDefaultRequest {

        this.checkResponse(object);

-        return AuthResponse.builder()
+        return AuthResponse.<AuthToken>builder()
            .code(AuthResponseStatus.SUCCESS.getCode())
            .data(AuthToken.builder()
                .accessToken(object.getString("access_token"))
@@ -38,7 +38,7 @@ public class AuthMiRequest extends AuthDefaultRequest {
    }

    @Override
-    protected AuthToken getAccessToken(AuthCallback authCallback) {
+    public AuthToken getAccessToken(AuthCallback authCallback) {
        return getToken(accessTokenUrl(authCallback.getCode()));
    }

@@ -64,7 +64,7 @@ public class AuthMiRequest extends AuthDefaultRequest {
    }

    @Override
-    protected AuthUser getUserInfo(AuthToken authToken) {
+    public AuthUser getUserInfo(AuthToken authToken) {
        // 获取用户信息
        String userResponse = doGetUserInfo(authToken);

@@ -110,8 +110,8 @@ public class AuthMiRequest extends AuthDefaultRequest {
     * @return AuthResponse
     */
    @Override
-    public AuthResponse refresh(AuthToken authToken) {
-        return AuthResponse.builder()
+    public AuthResponse<AuthToken> refresh(AuthToken authToken) {
+        return AuthResponse.<AuthToken>builder()
            .code(AuthResponseStatus.SUCCESS.getCode())
            .data(getToken(refreshTokenUrl(authToken.getRefreshToken())))
            .build();
@@ -3,6 +3,9 @@ package me.zhyd.oauth.request;
 import me.zhyd.oauth.cache.AuthStateCache;
 import me.zhyd.oauth.config.AuthConfig;
 import me.zhyd.oauth.config.AuthDefaultSource;
+import me.zhyd.oauth.enums.AuthResponseStatus;
+import me.zhyd.oauth.exception.AuthException;
+import me.zhyd.oauth.utils.GlobalAuthUtils;

 /**
 * 微软中国登录(世纪华联)
@@ -20,4 +23,14 @@ public class AuthMicrosoftCnRequest extends AbstractAuthMicrosoftRequest {
        super(config, AuthDefaultSource.MICROSOFT_CN, authStateCache);
    }

+    @Override
+    protected void checkConfig(AuthConfig config) {
+        super.checkConfig(config);
+        // 微软中国的回调地址必须为https的链接或者localhost,不允许使用http
+        if (AuthDefaultSource.MICROSOFT_CN == source && !GlobalAuthUtils.isHttpsProtocolOrLocalHost(config.getRedirectUri())) {
+            // Microsoft's redirect uri must use the HTTPS or localhost
+            throw new AuthException(AuthResponseStatus.ILLEGAL_REDIRECT_URI, source);
+        }
+    }
+
 }
@@ -3,6 +3,9 @@ package me.zhyd.oauth.request;
 import me.zhyd.oauth.cache.AuthStateCache;
 import me.zhyd.oauth.config.AuthConfig;
 import me.zhyd.oauth.config.AuthDefaultSource;
+import me.zhyd.oauth.enums.AuthResponseStatus;
+import me.zhyd.oauth.exception.AuthException;
+import me.zhyd.oauth.utils.GlobalAuthUtils;

 /**
 * 微软登录
@@ -21,4 +24,14 @@ public class AuthMicrosoftRequest extends AbstractAuthMicrosoftRequest {
        super(config, AuthDefaultSource.MICROSOFT, authStateCache);
    }

+    @Override
+    protected void checkConfig(AuthConfig config) {
+        super.checkConfig(config);
+        // 微软的回调地址必须为https的链接或者localhost,不允许使用http
+        if (AuthDefaultSource.MICROSOFT == source && !GlobalAuthUtils.isHttpsProtocolOrLocalHost(config.getRedirectUri())) {
+            // Microsoft's redirect uri must use the HTTPS or localhost
+            throw new AuthException(AuthResponseStatus.ILLEGAL_REDIRECT_URI, source);
+        }
+    }
+
 }
@@ -40,7 +40,7 @@ public class AuthOktaRequest extends AuthDefaultRequest {
    }

    @Override
-    protected AuthToken getAccessToken(AuthCallback authCallback) {
+    public AuthToken getAccessToken(AuthCallback authCallback) {
        String tokenUrl = accessTokenUrl(authCallback.getCode());
        return getAuthToken(tokenUrl);
    }
@@ -64,22 +64,22 @@ public class AuthOktaRequest extends AuthDefaultRequest {
    }

    @Override
-    public AuthResponse refresh(AuthToken authToken) {
+    public AuthResponse<AuthToken> refresh(AuthToken authToken) {
        if (null == authToken.getRefreshToken()) {
-            return AuthResponse.builder()
+            return AuthResponse.<AuthToken>builder()
                .code(AuthResponseStatus.ILLEGAL_TOKEN.getCode())
                .msg(AuthResponseStatus.ILLEGAL_TOKEN.getMsg())
                .build();
        }
        String refreshUrl = refreshTokenUrl(authToken.getRefreshToken());
-        return AuthResponse.builder()
+        return AuthResponse.<AuthToken>builder()
            .code(AuthResponseStatus.SUCCESS.getCode())
            .data(this.getAuthToken(refreshUrl))
            .build();
    }

    @Override
-    protected AuthUser getUserInfo(AuthToken authToken) {
+    public AuthUser getUserInfo(AuthToken authToken) {
        HttpHeader header = new HttpHeader()
            .add("Authorization", "Bearer " + authToken.getAccessToken());
        String response = new HttpUtils(config.getHttpConfig()).post(userInfoUrl(authToken), null, header, false).getBody();
@@ -28,7 +28,7 @@ public class AuthOschinaRequest extends AuthDefaultRequest {
    }

    @Override
-    protected AuthToken getAccessToken(AuthCallback authCallback) {
+    public AuthToken getAccessToken(AuthCallback authCallback) {
        String response = doPostAuthorizationCode(authCallback.getCode());
        JSONObject accessTokenObject = JSONObject.parseObject(response);
        this.checkResponse(accessTokenObject);
@@ -41,7 +41,7 @@ public class AuthOschinaRequest extends AuthDefaultRequest {
    }

    @Override
-    protected AuthUser getUserInfo(AuthToken authToken) {
+    public AuthUser getUserInfo(AuthToken authToken) {
        String response = doGetUserInfo(authToken);
        JSONObject object = JSONObject.parseObject(response);
        this.checkResponse(object);
@@ -36,7 +36,7 @@ public class AuthPinterestRequest extends AuthDefaultRequest {
    }

    @Override
-    protected AuthToken getAccessToken(AuthCallback authCallback) {
+    public AuthToken getAccessToken(AuthCallback authCallback) {
        String response = doPostAuthorizationCode(authCallback.getCode());
        JSONObject accessTokenObject = JSONObject.parseObject(response);
        this.checkResponse(accessTokenObject);
@@ -47,7 +47,7 @@ public class AuthPinterestRequest extends AuthDefaultRequest {
    }

    @Override
-    protected AuthUser getUserInfo(AuthToken authToken) {
+    public AuthUser getUserInfo(AuthToken authToken) {
        String userinfoUrl = userInfoUrl(authToken);
        // TODO: 是否需要 .setFollowRedirects(true)
        String response = new HttpUtils(config.getHttpConfig()).get(userinfoUrl).getBody();
@@ -34,7 +34,7 @@ public class AuthProginnRequest extends AuthDefaultRequest {
    }

    @Override
-    protected AuthToken getAccessToken(AuthCallback authCallback) {
+    public AuthToken getAccessToken(AuthCallback authCallback) {
        Map<String, String> params = new HashMap<>();
        params.put("code", authCallback.getCode());
        params.put("client_id", config.getClientId());
@@ -54,7 +54,7 @@ public class AuthProginnRequest extends AuthDefaultRequest {
    }

    @Override
-    protected AuthUser getUserInfo(AuthToken authToken) {
+    public AuthUser getUserInfo(AuthToken authToken) {
        String userInfo = doGetUserInfo(authToken);
        JSONObject object = JSONObject.parseObject(userInfo);
        this.checkResponse(object);
@@ -0,0 +1,100 @@
+package me.zhyd.oauth.request;
+
+import com.alibaba.fastjson.JSONObject;
+import com.alibaba.fastjson.annotation.JSONField;
+import lombok.Data;
+import me.zhyd.oauth.cache.AuthStateCache;
+import me.zhyd.oauth.config.AuthConfig;
+import me.zhyd.oauth.config.AuthDefaultSource;
+import me.zhyd.oauth.exception.AuthException;
+import me.zhyd.oauth.model.AuthCallback;
+import me.zhyd.oauth.model.AuthToken;
+import me.zhyd.oauth.model.AuthUser;
+import me.zhyd.oauth.utils.HttpUtils;
+import me.zhyd.oauth.utils.UrlBuilder;
+
+/**
+ * QQ小程序登陆 Request 请求
+ * <p>
+ * 参照微信小程序实现
+ *
+ * @author hurentian
+ * @since 2024-10-08
+ */
+public class AuthQQMiniProgramRequest extends AuthDefaultRequest {
+    public AuthQQMiniProgramRequest(AuthConfig config) {
+        super(config, AuthDefaultSource.QQ_MINI_PROGRAM);
+    }
+
+    public AuthQQMiniProgramRequest(AuthConfig config, AuthStateCache authStateCache) {
+        super(config, AuthDefaultSource.QQ_MINI_PROGRAM, authStateCache);
+    }
+
+    @Override
+    public AuthToken getAccessToken(AuthCallback authCallback) {
+        // 参见 https://q.qq.com/wiki/develop/miniprogram/server/open_port/port_login.html#code2session 文档
+        // 使用 code 获取对应的 openId、unionId 等字段
+        String response = new HttpUtils(config.getHttpConfig()).get(accessTokenUrl(authCallback.getCode())).getBody();
+        JSCode2SessionResponse accessTokenObject = JSONObject.parseObject(response, JSCode2SessionResponse.class);
+        assert accessTokenObject != null;
+        checkResponse(accessTokenObject);
+        // 拼装结果
+        return AuthToken.builder()
+            .openId(accessTokenObject.getOpenid())
+            .unionId(accessTokenObject.getUnionId())
+            .accessToken(accessTokenObject.getSessionKey())
+            .build();
+    }
+
+    @Override
+    public AuthUser getUserInfo(AuthToken authToken) {
+        // 参见 https://q.qq.com/wiki/develop/game/API/open-port/user-info.html#qq-getuserinfo 文档
+        // 如果需要用户信息，需要在小程序调用函数后传给后端
+        return AuthUser.builder()
+            .username("")
+            .nickname("")
+            .avatar("")
+            .uuid(authToken.getOpenId())
+            .token(authToken)
+            .source(source.toString())
+            .build();
+    }
+
+    /**
+     * 检查响应内容是否正确
+     *
+     * @param response 请求响应内容
+     */
+    private void checkResponse(JSCode2SessionResponse response) {
+        if (response.getErrorCode() != 0) {
+            throw new AuthException(response.getErrorCode(), response.getErrorMsg());
+        }
+    }
+
+    @Override
+    protected String accessTokenUrl(String code) {
+        return UrlBuilder.fromBaseUrl(source.accessToken())
+            .queryParam("appid", config.getClientId())
+            .queryParam("secret", config.getClientSecret())
+            .queryParam("js_code", code)
+            .queryParam("grant_type", "authorization_code")
+            .build();
+    }
+
+    @Data
+    @SuppressWarnings("SpellCheckingInspection")
+    private static class JSCode2SessionResponse {
+
+        @JSONField(name = "errcode")
+        private int errorCode;
+        @JSONField(name = "errmsg")
+        private String errorMsg;
+        @JSONField(name = "session_key")
+        private String sessionKey;
+        private String openid;
+        @JSONField(name = "unionid")
+        private String unionId;
+
+    }
+
+}
@@ -33,19 +33,19 @@ public class AuthQqRequest extends AuthDefaultRequest {
    }

    @Override
-    protected AuthToken getAccessToken(AuthCallback authCallback) {
+    public AuthToken getAccessToken(AuthCallback authCallback) {
        String response = doGetAuthorizationCode(authCallback.getCode());
        return getAuthToken(response);
    }

    @Override
-    public AuthResponse refresh(AuthToken authToken) {
+    public AuthResponse<AuthToken> refresh(AuthToken authToken) {
        String response = new HttpUtils(config.getHttpConfig()).get(refreshTokenUrl(authToken.getRefreshToken())).getBody();
-        return AuthResponse.builder().code(AuthResponseStatus.SUCCESS.getCode()).data(getAuthToken(response)).build();
+        return AuthResponse.<AuthToken>builder().code(AuthResponseStatus.SUCCESS.getCode()).data(getAuthToken(response)).build();
    }

    @Override
-    protected AuthUser getUserInfo(AuthToken authToken) {
+    public AuthUser getUserInfo(AuthToken authToken) {
        String openId = this.getOpenId(authToken);
        String response = doGetUserInfo(authToken);
        JSONObject object = JSONObject.parseObject(response);
@@ -38,12 +38,12 @@ public class AuthRenrenRequest extends AuthDefaultRequest {
    }

    @Override
-    protected AuthToken getAccessToken(AuthCallback authCallback) {
+    public AuthToken getAccessToken(AuthCallback authCallback) {
        return this.getToken(accessTokenUrl(authCallback.getCode()));
    }

    @Override
-    protected AuthUser getUserInfo(AuthToken authToken) {
+    public AuthUser getUserInfo(AuthToken authToken) {
        String response = doGetUserInfo(authToken);
        JSONObject userObj = JSONObject.parseObject(response).getJSONObject("response");

@@ -60,8 +60,8 @@ public class AuthRenrenRequest extends AuthDefaultRequest {
    }

    @Override
-    public AuthResponse refresh(AuthToken authToken) {
-        return AuthResponse.builder()
+    public AuthResponse<AuthToken> refresh(AuthToken authToken) {
+        return AuthResponse.<AuthToken>builder()
            .code(SUCCESS.getCode())
            .data(getToken(this.refreshTokenUrl(authToken.getRefreshToken())))
            .build();
@@ -5,6 +5,7 @@ import me.zhyd.oauth.exception.AuthException;
 import me.zhyd.oauth.model.AuthCallback;
 import me.zhyd.oauth.model.AuthResponse;
 import me.zhyd.oauth.model.AuthToken;
+import me.zhyd.oauth.model.AuthUser;

 /**
 * JustAuth {@code Request}公共接口，所有平台的{@code Request}都需要实现该接口
@@ -43,13 +44,32 @@ public interface AuthRequest {
        throw new AuthException(AuthResponseStatus.NOT_IMPLEMENTED);
    }

+    /**
+     * 获取access token
+     *
+     * @param authCallback 授权成功后的回调参数
+     * @return token
+     * @see AuthDefaultRequest#authorize()
+     * @see AuthDefaultRequest#authorize(String)
+     */
+    AuthToken getAccessToken(AuthCallback authCallback);
+
+    /**
+     * 使用token换取用户信息
+     *
+     * @param authToken token信息
+     * @return 用户信息
+     * @see AuthDefaultRequest#getAccessToken(AuthCallback)
+     */
+     AuthUser getUserInfo(AuthToken authToken);
+
    /**
     * 第三方登录
     *
     * @param authCallback 用于接收回调参数的实体
     * @return 返回登录成功后的用户信息
     */
-    default AuthResponse login(AuthCallback authCallback) {
+    default AuthResponse<AuthUser> login(AuthCallback authCallback) {
        throw new AuthException(AuthResponseStatus.NOT_IMPLEMENTED);
    }

@@ -69,7 +89,7 @@ public interface AuthRequest {
     * @param authToken 登录成功后返回的Token信息
     * @return AuthResponse
     */
-    default AuthResponse refresh(AuthToken authToken) {
+    default AuthResponse<AuthToken> refresh(AuthToken authToken) {
        throw new AuthException(AuthResponseStatus.NOT_IMPLEMENTED);
    }
 }
@@ -35,7 +35,7 @@ public class AuthSlackRequest extends AuthDefaultRequest {
    }

    @Override
-    protected AuthToken getAccessToken(AuthCallback authCallback) {
+    public AuthToken getAccessToken(AuthCallback authCallback) {
        HttpHeader header = new HttpHeader()
            .add("Content-Type", "application/x-www-form-urlencoded");
        String response = new HttpUtils(config.getHttpConfig())
@@ -51,7 +51,7 @@ public class AuthSlackRequest extends AuthDefaultRequest {
    }

    @Override
-    protected AuthUser getUserInfo(AuthToken authToken) {
+    public AuthUser getUserInfo(AuthToken authToken) {
        HttpHeader header = new HttpHeader()
            .add("Content-Type", "application/x-www-form-urlencoded")
            .add("Authorization", "Bearer ".concat(authToken.getAccessToken()));
@@ -37,7 +37,7 @@ public class AuthStackOverflowRequest extends AuthDefaultRequest {
    }

    @Override
-    protected AuthToken getAccessToken(AuthCallback authCallback) {
+    public AuthToken getAccessToken(AuthCallback authCallback) {
        String accessTokenUrl = accessTokenUrl(authCallback.getCode());
        Map<String, String> form = MapUtil.parseStringToMap(accessTokenUrl, false);
        HttpHeader httpHeader = new HttpHeader();
@@ -54,7 +54,7 @@ public class AuthStackOverflowRequest extends AuthDefaultRequest {
    }

    @Override
-    protected AuthUser getUserInfo(AuthToken authToken) {
+    public AuthUser getUserInfo(AuthToken authToken) {
        String userInfoUrl = UrlBuilder.fromBaseUrl(this.source.userInfo())
            .queryParam("access_token", authToken.getAccessToken())
            .queryParam("site", "stackoverflow")
@@ -33,7 +33,7 @@ public class AuthTaobaoRequest extends AuthDefaultRequest {
    }

    @Override
-    protected AuthToken getAccessToken(AuthCallback authCallback) {
+    public AuthToken getAccessToken(AuthCallback authCallback) {
        return AuthToken.builder().accessCode(authCallback.getCode()).build();
    }

@@ -58,7 +58,7 @@ public class AuthTaobaoRequest extends AuthDefaultRequest {
    }

    @Override
-    protected AuthUser getUserInfo(AuthToken authToken) {
+    public AuthUser getUserInfo(AuthToken authToken) {
        String response = doPostAuthorizationCode(authToken.getAccessCode());
        JSONObject accessTokenObject = JSONObject.parseObject(response);
        if (accessTokenObject.containsKey("error")) {
@@ -79,11 +79,11 @@ public class AuthTaobaoRequest extends AuthDefaultRequest {
    }

    @Override
-    public AuthResponse refresh(AuthToken oldToken) {
+    public AuthResponse<AuthToken> refresh(AuthToken oldToken) {
        String tokenUrl = refreshTokenUrl(oldToken.getRefreshToken());
        String response = new HttpUtils(config.getHttpConfig()).post(tokenUrl).getBody();
        JSONObject accessTokenObject = JSONObject.parseObject(response);
-        return AuthResponse.builder()
+        return AuthResponse.<AuthToken>builder()
            .code(AuthResponseStatus.SUCCESS.getCode())
            .data(this.getAuthToken(accessTokenObject))
            .build();
@@ -38,7 +38,7 @@ public class AuthTeambitionRequest extends AuthDefaultRequest {
     * @return 所有信息
     */
    @Override
-    protected AuthToken getAccessToken(AuthCallback authCallback) {
+    public AuthToken getAccessToken(AuthCallback authCallback) {
        Map<String, String> form = new HashMap<>(7);
        form.put("client_id", config.getClientId());
        form.put("client_secret", config.getClientSecret());
@@ -57,7 +57,7 @@ public class AuthTeambitionRequest extends AuthDefaultRequest {
    }

    @Override
-    protected AuthUser getUserInfo(AuthToken authToken) {
+    public AuthUser getUserInfo(AuthToken authToken) {
        String accessToken = authToken.getAccessToken();

        HttpHeader httpHeader = new HttpHeader();
@@ -87,7 +87,7 @@ public class AuthTeambitionRequest extends AuthDefaultRequest {
    }

    @Override
-    public AuthResponse refresh(AuthToken oldToken) {
+    public AuthResponse<AuthToken> refresh(AuthToken oldToken) {
        String uid = oldToken.getUid();
        String refreshToken = oldToken.getRefreshToken();

@@ -99,7 +99,7 @@ public class AuthTeambitionRequest extends AuthDefaultRequest {

        this.checkResponse(refreshTokenObject);

-        return AuthResponse.builder()
+        return AuthResponse.<AuthToken>builder()
            .code(AuthResponseStatus.SUCCESS.getCode())
            .data(AuthToken.builder()
                .accessToken(refreshTokenObject.getString("access_token"))
@@ -29,7 +29,7 @@ public class AuthToutiaoRequest extends AuthDefaultRequest {
    }

    @Override
-    protected AuthToken getAccessToken(AuthCallback authCallback) {
+    public AuthToken getAccessToken(AuthCallback authCallback) {
        String response = doGetAuthorizationCode(authCallback.getCode());
        JSONObject accessTokenObject = JSONObject.parseObject(response);

@@ -43,7 +43,7 @@ public class AuthToutiaoRequest extends AuthDefaultRequest {
    }

    @Override
-    protected AuthUser getUserInfo(AuthToken authToken) {
+    public AuthUser getUserInfo(AuthToken authToken) {
        String userResponse = doGetUserInfo(authToken);

        JSONObject userProfile = JSONObject.parseObject(userResponse);
@@ -88,7 +88,7 @@ public class AuthTwitterRequest extends AuthDefaultRequest {
     * @return access token
     */
    @Override
-    protected AuthToken getAccessToken(AuthCallback authCallback) {
+    public AuthToken getAccessToken(AuthCallback authCallback) {
        Map<String, String> oauthParams = buildOauthParams();
        oauthParams.put("oauth_token", authCallback.getOauth_token());
        oauthParams.put("oauth_verifier", authCallback.getOauth_verifier());
@@ -115,7 +115,7 @@ public class AuthTwitterRequest extends AuthDefaultRequest {
    }

    @Override
-    protected AuthUser getUserInfo(AuthToken authToken) {
+    public AuthUser getUserInfo(AuthToken authToken) {
        Map<String, String> queryParams = new HashMap<>(5);
        queryParams.put("include_entities", Boolean.toString(true));
        queryParams.put("include_email", Boolean.toString(true));
@@ -31,6 +31,7 @@ public class AuthWeChatEnterpriseQrcodeRequest extends AbstractAuthWeChatEnterpr
            .queryParam("agentid", config.getAgentId())
            .queryParam("redirect_uri", config.getRedirectUri())
            .queryParam("state", getRealState(state))
+            .queryParam("lang", config.getLang())
            .build();
    }
 }
@@ -0,0 +1,51 @@
+package me.zhyd.oauth.request;
+
+import me.zhyd.oauth.cache.AuthStateCache;
+import me.zhyd.oauth.config.AuthConfig;
+import me.zhyd.oauth.config.AuthDefaultSource;
+import me.zhyd.oauth.enums.AuthResponseStatus;
+import me.zhyd.oauth.exception.AuthException;
+import me.zhyd.oauth.utils.GlobalAuthUtils;
+import me.zhyd.oauth.utils.StringUtils;
+import me.zhyd.oauth.utils.UrlBuilder;
+
+/**
+ * <p>
+ * 新版企业微信 Web 登录，参考 <a href="https://developer.work.weixin.qq.com/document/path/98152">https://developer.work.weixin.qq.com/document/path/98152</a>
+ * </p>
+ *
+ * @author yadong.zhang (yadong.zhang0415(a)gmail.com)
+ * @since 1.16.7
+ */
+public class AuthWeChatEnterpriseQrcodeV2Request extends AbstractAuthWeChatEnterpriseRequest {
+    public AuthWeChatEnterpriseQrcodeV2Request(AuthConfig config) {
+        super(config, AuthDefaultSource.WECHAT_ENTERPRISE_V2);
+    }
+
+    public AuthWeChatEnterpriseQrcodeV2Request(AuthConfig config, AuthStateCache authStateCache) {
+        super(config, AuthDefaultSource.WECHAT_ENTERPRISE_V2, authStateCache);
+    }
+
+    @Override
+    public String authorize(String state) {
+        return UrlBuilder.fromBaseUrl(source.authorize())
+            .queryParam("login_type", config.getLoginType())
+            // 登录类型为企业自建应用/服务商代开发应用时填企业 CorpID，第三方登录时填登录授权 SuiteID
+            .queryParam("appid", config.getClientId())
+            // 企业自建应用/服务商代开发应用 AgentID，当login_type=CorpApp时填写
+            .queryParam("agentid", config.getAgentId())
+            .queryParam("redirect_uri", GlobalAuthUtils.urlEncode(config.getRedirectUri()))
+            .queryParam("state", getRealState(state))
+            .queryParam("lang", config.getLang())
+            .build()
+            .concat("#wechat_redirect");
+    }
+
+    @Override
+    protected void checkConfig(AuthConfig config) {
+        super.checkConfig(config);
+        if ("CorpApp".equals(config.getLoginType()) && StringUtils.isEmpty(config.getAgentId())) {
+            throw new AuthException(AuthResponseStatus.ILLEGAL_WECHAT_AGENT_ID, source);
+        }
+    }
+}
@@ -41,14 +41,14 @@ public class AuthWeChatEnterpriseThirdQrcodeRequest extends AbstractAuthWeChatEn
    }

    @Override
-    public AuthResponse login(AuthCallback authCallback) {
+    public AuthResponse<AuthUser> login(AuthCallback authCallback) {
        try {
            if (!config.isIgnoreCheckState()) {
                AuthChecker.checkState(authCallback.getState(), source, authStateCache);
            }
            AuthToken authToken = this.getAccessToken(authCallback);
            AuthUser user = this.getUserInfo(authToken);
-            return AuthResponse.builder().code(AuthResponseStatus.SUCCESS.getCode()).data(user).build();
+            return AuthResponse.<AuthUser>builder().code(AuthResponseStatus.SUCCESS.getCode()).data(user).build();
        } catch (Exception e) {
            Log.error("Failed to login with oauth authorization.", e);
            return this.responseError(e);
@@ -56,13 +56,14 @@ public class AuthWeChatEnterpriseThirdQrcodeRequest extends AbstractAuthWeChatEn
    }

    @Override
-    protected AuthToken getAccessToken(AuthCallback authCallback) {
+    public AuthToken getAccessToken(AuthCallback authCallback) {
        try {
            String response = doGetAuthorizationCode(accessTokenUrl());
            JSONObject object = this.checkResponse(response);
            AuthToken authToken = AuthToken.builder()
                .accessToken(object.getString("provider_access_token"))
                .expireIn(object.getIntValue("expires_in"))
+                .code(authCallback.getCode())
                .build();
            return authToken;
        } catch (Exception e) {
@@ -89,7 +90,7 @@ public class AuthWeChatEnterpriseThirdQrcodeRequest extends AbstractAuthWeChatEn
    }

    @Override
-    protected AuthUser getUserInfo(AuthToken authToken) {
+    public AuthUser getUserInfo(AuthToken authToken) {
        JSONObject response = this.checkResponse(doGetUserInfo(authToken));
        return AuthUser.builder()
            .rawUserInfo(response)
@@ -36,12 +36,12 @@ public class AuthWeChatMpRequest extends AuthDefaultRequest {
     * @return 所有信息
     */
    @Override
-    protected AuthToken getAccessToken(AuthCallback authCallback) {
+    public AuthToken getAccessToken(AuthCallback authCallback) {
        return this.getToken(accessTokenUrl(authCallback.getCode()));
    }

    @Override
-    protected AuthUser getUserInfo(AuthToken authToken) {
+    public AuthUser getUserInfo(AuthToken authToken) {
        String openId = authToken.getOpenId();

        String scope = authToken.getScope();
@@ -79,8 +79,8 @@ public class AuthWeChatMpRequest extends AuthDefaultRequest {
    }

    @Override
-    public AuthResponse refresh(AuthToken oldToken) {
-        return AuthResponse.builder()
+    public AuthResponse<AuthToken> refresh(AuthToken oldToken) {
+        return AuthResponse.<AuthToken>builder()
            .code(AuthResponseStatus.SUCCESS.getCode())
            .data(this.getToken(refreshTokenUrl(oldToken.getRefreshToken())))
            .build();
@@ -36,12 +36,12 @@ public class AuthWeChatOpenRequest extends AuthDefaultRequest {
     * @return 所有信息
     */
    @Override
-    protected AuthToken getAccessToken(AuthCallback authCallback) {
+    public AuthToken getAccessToken(AuthCallback authCallback) {
        return this.getToken(accessTokenUrl(authCallback.getCode()));
    }

    @Override
-    protected AuthUser getUserInfo(AuthToken authToken) {
+    public AuthUser getUserInfo(AuthToken authToken) {
        String openId = authToken.getOpenId();

        String response = doGetUserInfo(authToken);
@@ -69,8 +69,8 @@ public class AuthWeChatOpenRequest extends AuthDefaultRequest {
    }

    @Override
-    public AuthResponse refresh(AuthToken oldToken) {
-        return AuthResponse.builder()
+    public AuthResponse<AuthToken> refresh(AuthToken oldToken) {
+        return AuthResponse.<AuthToken>builder()
            .code(AuthResponseStatus.SUCCESS.getCode())
            .data(this.getToken(refreshTokenUrl(oldToken.getRefreshToken())))
            .build();
@@ -0,0 +1,100 @@
+package me.zhyd.oauth.request;
+
+import com.alibaba.fastjson.JSONObject;
+import com.alibaba.fastjson.annotation.JSONField;
+import lombok.Data;
+import me.zhyd.oauth.cache.AuthStateCache;
+import me.zhyd.oauth.config.AuthConfig;
+import me.zhyd.oauth.config.AuthDefaultSource;
+import me.zhyd.oauth.exception.AuthException;
+import me.zhyd.oauth.model.AuthCallback;
+import me.zhyd.oauth.model.AuthToken;
+import me.zhyd.oauth.model.AuthUser;
+import me.zhyd.oauth.utils.HttpUtils;
+import me.zhyd.oauth.utils.UrlBuilder;
+
+/**
+ * 微信小程序授权登录
+ *
+ * @author yadong.zhang (yadong.zhang0415(a)gmail.com)
+ * @author yudaocode
+ * @version 1.0.0
+ * @since 1.0.0
+ */
+public class AuthWechatMiniProgramRequest extends AuthDefaultRequest {
+    public AuthWechatMiniProgramRequest(AuthConfig config) {
+        super(config, AuthDefaultSource.WECHAT_MINI_PROGRAM);
+    }
+
+    public AuthWechatMiniProgramRequest(AuthConfig config, AuthStateCache authStateCache) {
+        super(config, AuthDefaultSource.WECHAT_MINI_PROGRAM, authStateCache);
+    }
+
+    @Override
+    public AuthToken getAccessToken(AuthCallback authCallback) {
+        // 参见 https://developers.weixin.qq.com/miniprogram/dev/api-backend/open-api/login/auth.code2Session.html 文档
+        // 使用 code 获取对应的 openId、unionId 等字段
+        String response = new HttpUtils(config.getHttpConfig()).get(accessTokenUrl(authCallback.getCode())).getBody();
+        JSCode2SessionResponse accessTokenObject = JSONObject.parseObject(response, JSCode2SessionResponse.class);
+        assert accessTokenObject != null;
+        checkResponse(accessTokenObject);
+        // 拼装结果
+        return AuthToken.builder()
+            .openId(accessTokenObject.getOpenid())
+            .unionId(accessTokenObject.getUnionId())
+            .accessToken(accessTokenObject.getSessionKey())
+            .build();
+    }
+
+    @Override
+    public AuthUser getUserInfo(AuthToken authToken) {
+        // 参见 https://developers.weixin.qq.com/miniprogram/dev/api/open-api/user-info/wx.getUserProfile.html 文档
+        // 如果需要用户信息，需要在小程序调用函数后传给后端
+        return AuthUser.builder()
+            .username("")
+            .nickname("")
+            .avatar("")
+            .uuid(authToken.getOpenId())
+            .token(authToken)
+            .source(source.toString())
+            .build();
+    }
+
+    /**
+     * 检查响应内容是否正确
+     *
+     * @param response 请求响应内容
+     */
+    private void checkResponse(JSCode2SessionResponse response) {
+        if (response.getErrorCode() != 0) {
+            throw new AuthException(response.getErrorCode(), response.getErrorMsg());
+        }
+    }
+
+    @Override
+    protected String accessTokenUrl(String code) {
+        return UrlBuilder.fromBaseUrl(source.accessToken())
+            .queryParam("appid", config.getClientId())
+            .queryParam("secret", config.getClientSecret())
+            .queryParam("js_code", code)
+            .queryParam("grant_type", "authorization_code")
+            .build();
+    }
+
+    @Data
+    @SuppressWarnings("SpellCheckingInspection")
+    private static class JSCode2SessionResponse {
+
+        @JSONField(name = "errcode")
+        private int errorCode;
+        @JSONField(name = "errmsg")
+        private String errorMsg;
+        @JSONField(name = "session_key")
+        private String sessionKey;
+        private String openid;
+        @JSONField(name = "unionid")
+        private String unionId;
+
+    }
+
+}
@@ -33,7 +33,7 @@ public class AuthWeiboRequest extends AuthDefaultRequest {
    }

    @Override
-    protected AuthToken getAccessToken(AuthCallback authCallback) {
+    public AuthToken getAccessToken(AuthCallback authCallback) {
        String response = doPostAuthorizationCode(authCallback.getCode());
        JSONObject accessTokenObject = JSONObject.parseObject(response);
        if (accessTokenObject.containsKey("error")) {
@@ -48,7 +48,7 @@ public class AuthWeiboRequest extends AuthDefaultRequest {
    }

    @Override
-    protected AuthUser getUserInfo(AuthToken authToken) {
+    public AuthUser getUserInfo(AuthToken authToken) {
        String accessToken = authToken.getAccessToken();
        String uid = authToken.getUid();
        String oauthParam = String.format("uid=%s&access_token=%s", uid, accessToken);
@@ -42,7 +42,7 @@ public class AuthXmlyRequest extends AuthDefaultRequest {
     * @see AuthDefaultRequest#authorize(String)
     */
    @Override
-    protected AuthToken getAccessToken(AuthCallback authCallback) {
+    public AuthToken getAccessToken(AuthCallback authCallback) {
        Map<String, String> map = new HashMap<>(9);
        map.put("code", authCallback.getCode());
        map.put("client_id", config.getClientId());
@@ -63,21 +63,6 @@ public class AuthChecker {
        if (!GlobalAuthUtils.isHttpProtocol(redirectUri) && !GlobalAuthUtils.isHttpsProtocol(redirectUri)) {
            throw new AuthException(AuthResponseStatus.ILLEGAL_REDIRECT_URI, source);
        }
-        // facebook的回调地址必须为https的链接
-        if (AuthDefaultSource.FACEBOOK == source && !GlobalAuthUtils.isHttpsProtocol(redirectUri)) {
-            // Facebook's redirect uri must use the HTTPS protocol
-            throw new AuthException(AuthResponseStatus.ILLEGAL_REDIRECT_URI, source);
-        }
-        // 微软的回调地址必须为https的链接或者localhost,不允许使用http
-        if (AuthDefaultSource.MICROSOFT == source && !GlobalAuthUtils.isHttpsProtocolOrLocalHost(redirectUri)) {
-            // Microsoft's redirect uri must use the HTTPS or localhost
-            throw new AuthException(AuthResponseStatus.ILLEGAL_REDIRECT_URI, source);
-        }
-        // 微软中国的回调地址必须为https的链接或者localhost,不允许使用http
-        if (AuthDefaultSource.MICROSOFT_CN == source && !GlobalAuthUtils.isHttpsProtocolOrLocalHost(redirectUri)) {
-            // Microsoft's redirect uri must use the HTTPS or localhost
-            throw new AuthException(AuthResponseStatus.ILLEGAL_REDIRECT_URI, source);
-        }
    }

    /**
@@ -95,7 +80,7 @@ public class AuthChecker {
            return;
        }
        String code = callback.getCode();
-        if (source == AuthDefaultSource.HUAWEI) {
+        if (StringUtils.isEmpty(code) && source == AuthDefaultSource.HUAWEI) {
            code = callback.getAuthorization_code();
        }
        if (StringUtils.isEmpty(code)) {
@@ -82,6 +82,10 @@ public class AuthRequestBuilderTest {
            .stackOverflowKey("asd")
            .deviceId("asd")
            .clientOsType(3)
+            .kid("kid")
+            .teamId("teamid")
+            .ignoreCheckState(true)
+            .ignoreCheckRedirectUri(true)
            .build();

        for (AuthDefaultSource value : AuthDefaultSource.values()) {
@@ -97,6 +101,18 @@ public class AuthRequestBuilderTest {
                    System.out.println(authRequest.authorize(AuthStateUtils.createState()));
                    continue;
                }
+                case WECHAT_MINI_PROGRAM: {
+                    // 小程序不支持获取调用 authorize
+                    AuthRequest authRequest = new AuthWechatMiniProgramRequest(config);
+                    System.out.println(value.getTargetClass());
+                    continue;
+                }
+                case QQ_MINI_PROGRAM: {
+                    // 小程序不支持获取调用 authorize
+                    AuthRequest authRequest = new AuthQQMiniProgramRequest(config);
+                    System.out.println(value.getTargetClass());
+                    continue;
+                }
                default:
                    AuthRequest authRequest = AuthRequestBuilder.builder()
                        .source(value.getName())
@@ -36,7 +36,7 @@ public class AuthExtendRequest extends AuthDefaultRequest {
     * @see AuthDefaultRequest#authorize(String)
     */
    @Override
-    protected AuthToken getAccessToken(AuthCallback authCallback) {
+    public AuthToken getAccessToken(AuthCallback authCallback) {
        return AuthToken.builder()
            .openId("openId")
            .expireIn(1000)
@@ -56,7 +56,7 @@ public class AuthExtendRequest extends AuthDefaultRequest {
     * @see AuthDefaultRequest#getAccessToken(AuthCallback)
     */
    @Override
-    protected AuthUser getUserInfo(AuthToken authToken) {
+    public AuthUser getUserInfo(AuthToken authToken) {
        return AuthUser.builder()
            .username("test")
            .nickname("test")
@@ -87,8 +87,8 @@ public class AuthExtendRequest extends AuthDefaultRequest {
     * @return AuthResponse
     */
    @Override
-    public AuthResponse refresh(AuthToken authToken) {
-        return AuthResponse.builder()
+    public AuthResponse<AuthToken> refresh(AuthToken authToken) {
+        return AuthResponse.<AuthToken>builder()
            .code(AuthResponseStatus.SUCCESS.getCode())
            .data(AuthToken.builder()
                .openId("openId")
@@ -45,10 +45,10 @@ public class AuthExtendRequestTest {
            .code("code")
            .state(state)
            .build();
-        AuthResponse response = request.login(callback);
+        AuthResponse<AuthUser> response = request.login(callback);
        Assert.assertNotNull(response);

-        AuthUser user = (AuthUser) response.getData();
+        AuthUser user = response.getData();
        Assert.assertNotNull(user);
        System.out.println(JSON.toJSONString(user));
    }
@@ -74,7 +74,7 @@ public class AuthExtendRequestTest {
            .redirectUri("http://redirectUri")
            .build());

-        AuthResponse response = request.refresh(AuthToken.builder().build());
+        AuthResponse<AuthToken> response = request.refresh(AuthToken.builder().build());
        Assert.assertNotNull(response);
        System.out.println(JSON.toJSONString(response.getData()));
Author	SHA1	Message	Date
yadong.zhang	694bbf1b01	📝 编写文档	2024-12-14 17:32:48 +08:00
yadong.zhang	bbf63c6056	Merge branch 'dev'	2024-12-14 17:14:04 +08:00
yadong.zhang	44d77f3d6a	Merge branch 'dev' of github.com:justauth/JustAuth into dev	2024-12-14 17:13:06 +08:00
yadong.zhang	2b6e419943	📝 编写文档	2024-12-14 17:12:00 +08:00
yadong.zhang	56bfe2803a	Merge pull request #223 from hurentian/dev feat: 支持QQ小程序	2024-12-14 17:09:49 +08:00
yadong.zhang	89d107f6da	Merge pull request #222 from Yeaury/fix-doc-link fix: Fix documentation link in README	2024-12-14 17:07:21 +08:00
yadong.zhang	cdcf9a5e8d	🔥 支持支付宝证书模式登录	2024-12-14 17:02:33 +08:00
yadong.zhang	354f00660b	💩 AppleId 登录的 POM 依赖改为 provided	2024-12-14 14:31:50 +08:00
hurentian	4b07aecfcf	feat: 支持QQ小程序	2024-10-17 09:52:33 +08:00
31445	9862f487b4	fix: correct documentation link in README	2024-10-13 11:57:27 +08:00
yadong.zhang	9153e97398	merge pr	2024-09-02 00:45:40 +08:00
yadong.zhang	64e1098519	💩 添加新版`钉钉扫码`登录能力	2024-09-02 00:24:05 +08:00
yadong.zhang	e9135436f9	💩 修复企业微信扫码登录 code 的传值	2024-09-01 18:19:05 +08:00
yadong.zhang	20731ea77e	💩 添加新版`华为`登录能力，原`AuthHuaweiRequest`会在后面版本被弃用，如有使用，请切换到`AuthHuaweiV3Request`	2024-09-01 18:15:18 +08:00
yadong.zhang	587d2f4072	!42 修改爱发电平台的域名为 https://afdian.com Merge pull request !42 from handy/handy-0827	2024-08-27 03:44:47 +00:00
handy	602a48b3ce	修改爱发电平台的域名为 https://afdian.com	2024-08-27 10:51:00 +08:00
yadong.zhang	91167bcbf7	🔥 支持微信小程序	2024-08-17 20:16:14 +08:00
yadong.zhang	8f376129d4	🔥 支持微信小程序	2024-08-17 20:11:51 +08:00
yadong.zhang	6859b8a949	🔥 Amazon PKCE 中的 code_verifier 基于 state 缓存	2024-08-04 23:28:55 +08:00
yadong.zhang	b01704ff78	💩 解决单测失败的问题	2024-08-04 15:51:38 +08:00
yadong.zhang	0731ebd130	Merge remote-tracking branch 'origin/dev' into dev	2024-08-04 15:38:56 +08:00
yadong.zhang	5eb8160a42	💩 添加新版`企业微信扫码`登录能力（PS. 新版企业微信登录，除了支持使用移动端企业微信扫码登录之外，还支持通过企业微信桌面端进行快速登录。）	2024-08-04 15:38:40 +08:00
yadong.zhang	415c703539	💩 修复 twitter 平台在 Java11 环境下登录失败的问题。[#174 ](https://github.com/justauth/JustAuth/issues/174 )	2024-08-04 15:33:49 +08:00
yadong.zhang	5d521e3ea4	💩 添加新版`企业微信扫码`登录能力（PS. 新版企业微信登录，除了支持使用移动端企业微信扫码登录之外，还支持通过企业微信桌面端进行快速登录。）	2024-08-04 15:33:37 +08:00
yadong.zhang	0eafb96a43	💩 improve: 优化 AuthCallback 获取 code 的方式	2024-08-04 14:45:30 +08:00
yadong.zhang	6d8b3b5f1d	💩 `getAccessToken`和`getUserInfo`两个方法从`AuthDefaultRequest`提升至`AuthRequest`中，方便直接使用。[Github Issue#194](https://github.com/justauth/JustAuth/issues/194 )	2024-08-03 18:27:36 +08:00
yadong.zhang	15b1a974f3	💩 补全抖音平台缺失字段补全。Github#188	2024-08-03 17:57:41 +08:00
yadong.zhang	74b5b4b3bc	Merge branch 'dev' of github.com:justauth/JustAuth into dev g the commit.	2024-08-03 16:35:53 +08:00
yadong.zhang	6cc414997d	Merge remote-tracking branch 'origin/dev' into dev # Conflicts: # src/main/java/me/zhyd/oauth/config/AuthDefaultSource.java	2024-08-03 16:34:13 +08:00
yadong.zhang	7c6f236733	Merge branch 'master' of github.com:justauth/JustAuth	2024-08-03 16:31:02 +08:00
yadong.zhang	bf5a6d1b17	Merge branch 'master' of github.com:justauth/JustAuth into dev	2024-08-03 16:29:12 +08:00
yadong.zhang	9db9fbdcc8	Merge pull request #211 from justauth/dependabot/maven/org.bouncycastle-bcpkix-jdk18on-1.78 ⬆️ Bump org.bouncycastle:bcpkix-jdk18on from 1.77 to 1.78	2024-08-03 16:28:39 +08:00
yadong.zhang	0acd67e704	⬆️ 切分 v1.16.7 版本	2024-08-03 12:15:03 +08:00
dependabot[bot]	992f4a67ac	⬆️ Bump org.bouncycastle:bcpkix-jdk18on from 1.77 to 1.78 Bumps [org.bouncycastle:bcpkix-jdk18on](https://github.com/bcgit/bc-java) from 1.77 to 1.78. - [Changelog](https://github.com/bcgit/bc-java/blob/main/docs/releasenotes.html) - [Commits](https://github.com/bcgit/bc-java/commits) --- updated-dependencies: - dependency-name: org.bouncycastle:bcpkix-jdk18on dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com>	2024-08-03 04:08:01 +00:00
yadong.zhang	2ee2483aee	Merge pull request #192 from G-XD/feat_apple feat: sign with apple	2024-08-03 12:07:24 +08:00
yadong.zhang	a1c1ab93bd	!41 集成Figma平台 Merge pull request !41 from xiangqian/fork	2024-07-22 15:27:26 +00:00
xiangqian	eaafd49890	feat: 集成figma平台	2024-07-22 21:40:07 +08:00
yadong.zhang	74be7d4c8b	Merge pull request #198 from GitHubzhaolei/master change:变更Google 端点地址	2024-06-23 23:06:03 +08:00
“zhaolei”	d62bb6eecf	change:[google oauth] api addr	2024-03-14 16:53:02 +08:00
yadong.zhang	b2b007aa4d	!39 补充单侧 Merge pull request !39 from handy/dev	2024-03-02 04:20:16 +00:00
handy	431adb447f	补充单侧	2024-02-02 10:12:21 +08:00
yadong.zhang	78a318e799	!38 AuthRequest 响应携带泛型，避免二次解析 Merge pull request !38 from handy/handy	2024-02-01 15:42:17 +00:00
G-XD	988d3cd293	fix: fix user info	2024-01-19 11:49:35 +08:00
G-XD	72e4a1d846	feat: support sign with apple	2024-01-19 01:42:31 +08:00
handy	65bb994012	AuthRequest 响应携带泛型，避免二次解析	2024-01-04 12:51:50 +08:00
				`@@ -0,0 +1 @@`
				`git pull origin master && git pull github master`
@@ -1 +1 @@
 .16.6
 .16.7