🍻 文档

🍻 完善饿了么授权登录
Merge branch 'master' into dev
2026-05-22 21:53:18 +00:00 · 2019-09-17 18:38:35 +08:00 · 2019-09-11 19:46:16 +08:00 · 2019-09-11 15:06:38 +08:00 · 2019-09-11 11:18:35 +08:00 · 2019-09-11 11:16:31 +08:00
137 changed files with 7396 additions and 3284 deletions
@@ -0,0 +1,19 @@
+# JustAuth 开发组IDE 编辑器标准
+root = true
+
+# 空格替代Tab缩进在各种编辑工具下效果一致
+[*]
+indent_style = space
+indent_size = 2
+charset = utf-8
+end_of_line = lf
+trim_trailing_whitespace = true
+insert_final_newline = true
+
+[*.java]
+indent_size = 4
+
+[*.md]
+insert_final_newline = false
+trim_trailing_whitespace = false
+
@@ -1,13 +1,12 @@
-### 哪个平台？
+为更快的帮您定位问题，推荐您用以下模板反馈问题：

+### 1. 出现问题时，您做了哪些操作？

+### 2. 在哪个步骤出现了问题？

-### 重现步骤
-
-
-
-### 报错信息
-
+### 3. 您希望得到什么结果？

+### 4. 您实际得到什么结果？

+### 5. 请附上您出现问题的整屏截图或者整个异常堆栈信息

@@ -1,15 +1,26 @@
-### 该Pull Request关联的Issue
+- [ ] 是否为解决Issue？


-### 修改描述
-
-
-
-### 测试用例
-
-
-
-### 修复效果的截屏
+### 您做了哪些更新？
+
+- 新增
+
+- 修改
+
+- 修复
+
+- 其他
+
+
+### 是否做了充分测试？
+
+- [ ] 是，已经做过测试，并且测试通过
+- [ ] 否，还没做测试，需要作者自测
+
+注：测试demo可以使用：
+- [Springboot版](https://gitee.com/yadong.zhang/JustAuth-demo)
+- [jFinal版](https://github.com/xkcoding/jfinal-justauth-demo)
+- [ActFramework版](https://github.com/xkcoding/act-justauth-demo)



@@ -0,0 +1,19 @@
+language: java
+
+sudo: false # faster builds
+
+install: true
+
+jdk:
+  - openjdk8
+
+notifications:
+  email: false
+
+script:
+  - export TZ=Asia/Shanghai
+  - mvn install -DskipTests=true -Dmaven.javadoc.skip=true -B -V
+  - mvn cobertura:cobertura -Dcobertura.report.format=xml -Dmaven.javadoc.skip.true
+
+after_success:
+  - bash <(curl -s https://codecov.io/bash)
@@ -0,0 +1,188 @@
+<p align="center">
+	<a href="https://docs.justauth.whnb.wang"><img src="https://gitee.com/yadong.zhang/static/raw/master/JustAuth/logo.png" width="400"></a>
+</p>
+<p align="center">
+	<strong>Login, so easy.</strong>
+</p>
+<p align="center">
+	<a target="_blank" href="https://search.maven.org/search?q=JustAuth">
+		<img src="https://img.shields.io/badge/Maven Central-1.12.0-blue.svg" ></img>
+	</a>
+	<a target="_blank" href="https://gitee.com/yadong.zhang/JustAuth/blob/master/LICENSE">
+		<img src="https://img.shields.io/apm/l/vim-mode.svg?color=yellow" ></img>
+	</a>
+	<a target="_blank" href="https://www.oracle.com/technetwork/java/javase/downloads/index.html">
+		<img src="https://img.shields.io/badge/JDK-1.8+-green.svg" ></img>
+	</a>
+	<a target="_blank" href="https://apidoc.gitee.com/yadong.zhang/JustAuth/" title="API文档">
+		<img src="https://img.shields.io/badge/Api Docs-1.12.0-orange.svg" ></img>
+	</a>
+	<a target="_blank" href="https://docs.justauth.whnb.wang" title="参考文档">
+		<img src="https://img.shields.io/badge/Docs-latest-blueviolet.svg" ></img>
+	</a>
+	<a href="https://codecov.io/gh/zhangyd-c/JustAuth">
+		<img src="https://codecov.io/gh/zhangyd-c/JustAuth/branch/master/graph/badge.svg" />
+	</a>
+	<a href='https://gitee.com/yadong.zhang/JustAuth/stargazers'>
+	  <img src='https://gitee.com/yadong.zhang/JustAuth/badge/star.svg?theme=white' alt='star'></img>
+	</a>
+	<a target="_blank" href='https://github.com/zhangyd-c/JustAuth'>
+		<img src="https://img.shields.io/github/stars/zhangyd-c/JustAuth.svg?style=social" alt="github star"></img>
+	</a>
+</p>
+
+<center>
+    <table>
+        <tr>
+            <td align="center" width="200"><img src="https://gitee.com/yadong.zhang/static/raw/master/JustAuth/gitee.png" width="20"></td>
+            <td align="center" width="200"><img src="https://gitee.com/yadong.zhang/static/raw/master/JustAuth/github.png" width="20"></td>
+            <td align="center" width="200"><img src="https://gitee.com/yadong.zhang/static/raw/master/JustAuth/weibo.png" width="20"></td>
+            <td align="center" width="200"><img src="https://gitee.com/yadong.zhang/static/raw/master/JustAuth/dingtalk.png" width="20"></td>
+            <td align="center" width="200"><img src="https://gitee.com/yadong.zhang/static/raw/master/JustAuth/baidu.png" width="20"></td>
+            <td align="center" width="200"><img src="https://gitee.com/yadong.zhang/static/raw/master/JustAuth/coding.png" width="20"></td>
+            <td align="center" width="200"><img src="https://gitee.com/yadong.zhang/static/raw/master/JustAuth/tencentCloud.png" width="20"></td>
+            <td align="center" width="200"><img src="https://gitee.com/yadong.zhang/static/raw/master/JustAuth/oschina.png" width="20"></td>
+            <td align="center" width="200"><img src="https://gitee.com/yadong.zhang/static/raw/master/JustAuth/alipay.png" width="20"></td>
+            <td align="center" width="200"><img src="https://gitee.com/yadong.zhang/static/raw/master/JustAuth/qq.png" width="20"></td>
+            <td align="center" width="200"><img src="https://gitee.com/yadong.zhang/static/raw/master/JustAuth/wechat.png" width="20"></td>
+            <td align="center" width="200"><img src="https://gitee.com/yadong.zhang/static/raw/master/JustAuth/taobao.png" width="20"></td>
+            <td align="center" width="200"><img src="https://gitee.com/yadong.zhang/static/raw/master/JustAuth/google.png" width="20"></td>
+            <td align="center" width="200"><img src="https://gitee.com/yadong.zhang/static/raw/master/JustAuth/facebook.png" width="20"></td>
+            <td align="center" width="200"><img src="https://gitee.com/yadong.zhang/static/raw/master/JustAuth/douyin.png" width="20"></td>
+        </tr>
+    </table>
+    <table>
+        <tr>
+            <td align="center" width="200"><img src="https://gitee.com/yadong.zhang/static/raw/master/JustAuth/linkedin.png" width="20"></td>
+            <td align="center" width="200"><img src="https://gitee.com/yadong.zhang/static/raw/master/JustAuth/microsoft.png" width="20"></td>
+            <td align="center" width="200"><img src="https://gitee.com/yadong.zhang/static/raw/master/JustAuth/mi.png" width="20"></td>
+            <td align="center" width="200"><img src="https://gitee.com/yadong.zhang/static/raw/master/JustAuth/toutiao.png" width="20"></td>
+            <td align="center" width="200"><img src="https://gitee.com/yadong.zhang/static/raw/master/JustAuth/teambition.png" width="20"></td>
+            <td align="center" width="200"><img src="https://gitee.com/yadong.zhang/static/raw/master/JustAuth/renren.png" width="20"></td>
+            <td align="center" width="200"><img src="https://gitee.com/yadong.zhang/static/raw/master/JustAuth/pinterest.png" width="20"></td>
+            <td align="center" width="200"><img src="https://gitee.com/yadong.zhang/static/raw/master/JustAuth/stackoverflow.png" width="20"></td>
+            <td align="center" width="200"><img src="https://gitee.com/yadong.zhang/static/raw/master/JustAuth/huawei.png" width="20"></td>
+            <td align="center" width="200"><img src="https://gitee.com/yadong.zhang/static/raw/master/JustAuth/wechat.png" width="20" title="微信企业版"></td>
+            <td align="center" width="200"><img src="https://gitee.com/yadong.zhang/static/raw/master/JustAuth/csdn.png" width="20"></td>
+            <td align="center" width="200"><img src="https://gitee.com/yadong.zhang/static/raw/master/JustAuth/kujiale.png" width="20"></td>
+            <td align="center" width="200"><img src="https://gitee.com/yadong.zhang/static/raw/master/JustAuth/gitlab.png" width="20"></td>
+            <td align="center" width="200"><img src="https://gitee.com/yadong.zhang/static/raw/master/JustAuth/meituan.png" width="20"></td>
+            <td align="center" width="200"><img src="https://gitee.com/yadong.zhang/static/raw/master/JustAuth/eleme.png" width="20"></td>
+        </tr>
+    </table>
+</center>
+
+-------------------------------------------------------------------------------
+
+
+
+`JustAuth`, as you see, It is just a Java library of third-party authorized login, It's smaller and easier to use. JustAuth is the best third-party login tool written in JAVA.
+
+Source Code：[gitee](https://gitee.com/yadong.zhang/JustAuth) | [github](https://github.com/zhangyd-c/JustAuth)    
+Docs：[Reference Doc](https://docs.justauth.whnb.wang)
+
+## Features
+
+1. **Multiple platform**: Has integrated more than a dozen third-party platforms.
+2. **Minimalist**: The minimalist design is very simple to use.
+
+## Quick start
+
+- Add maven dependency
+
+These artifacts are available from Maven Central:
+```xml
+<dependency>
+    <groupId>me.zhyd.oauth</groupId>
+    <artifactId>JustAuth</artifactId>
+    <version>${latest.version}</version>
+</dependency>
+```
+- Using JustAuth
+```java
+// Create authorization request
+AuthRequest authRequest = new AuthGiteeRequest(AuthConfig.builder()
+        .clientId("clientId")
+        .clientSecret("clientSecret")
+        .redirectUri("redirectUri")
+        .build());
+// Generate authorization url
+authRequest.authorize("state");
+// After authorization to login, it will return: code(auth_code(Alipay only)),state, After version 1.8.0, you can use the AuthCallback as a parameter to the callback interface
+// Note: JustAuth saves state for 3 minutes by default. If it is not used within 3 minutes, the expired state will be cleared automatically.
+authRequest.login(callback);
+```
+
+**Examples**：
+- [Springboot Example](https://gitee.com/yadong.zhang/JustAuth-demo)
+- [jFinal Example](https://github.com/xkcoding/jfinal-justauth-demo): by [xkcoding](https://github.com/xkcoding)
+- [ActFramework Example](https://github.com/xkcoding/act-justauth-demo): by [xkcoding](https://github.com/xkcoding)
+- [Nutzboot版](https://github.com/EggsBlue/nutzboot-justauth-demo): by [蛋蛋](https://github.com/EggsBlue)
+
+**Springboot Starter**
+
+- [justauth-spring-boot-starter](https://github.com/xkcoding/justauth-spring-boot-starter): Spring Boot integrates best practices with JustAuth by [xkcoding](https://github.com/xkcoding)
+
+#### API
+|  :computer: platform  |  :coffee: API  |  :page_facing_up: Official document  |
+|:------:|:-------:|:-------:|
+|  <img src="https://gitee.com/yadong.zhang/static/raw/master/JustAuth/gitee.png" width="20">  |  [AuthGiteeRequest](https://gitee.com/yadong.zhang/JustAuth/blob/master/src/main/java/me/zhyd/oauth/request/AuthGiteeRequest.java)  | <a href="https://gitee.com/api/v5/oauth_doc#list_1" target="_blank">参考文档</a> |
+|  <img src="https://gitee.com/yadong.zhang/static/raw/master/JustAuth/github.png" width="20">  |  [AuthGithubRequest](https://gitee.com/yadong.zhang/JustAuth/blob/master/src/main/java/me/zhyd/oauth/request/AuthGiteeRequest.java)  |  <a href="https://developer.github.com/apps/building-oauth-apps/authorizing-oauth-apps/" target="_blank">参考文档</a> |
+|  <img src="https://gitee.com/yadong.zhang/static/raw/master/JustAuth/weibo.png" width="20">  |  [AuthWeiboRequest](https://gitee.com/yadong.zhang/JustAuth/blob/master/src/main/java/me/zhyd/oauth/request/AuthGiteeRequest.java)  |  <a href="https://open.weibo.com/wiki/%E6%8E%88%E6%9D%83%E6%9C%BA%E5%88%B6%E8%AF%B4%E6%98%8E" target="_blank">参考文档</a>  |
+|  <img src="https://gitee.com/yadong.zhang/static/raw/master/JustAuth/dingtalk.png" width="20">  |  [AuthDingTalkRequest](https://gitee.com/yadong.zhang/JustAuth/blob/master/src/main/java/me/zhyd/oauth/request/AuthDingTalkRequest.java)  |  <a href="https://open-doc.dingtalk.com/microapp/serverapi2/kymkv6" target="_blank">参考文档</a>  |
+|  <img src="https://gitee.com/yadong.zhang/static/raw/master/JustAuth/baidu.png" width="20">  |  [AuthBaiduRequest](https://gitee.com/yadong.zhang/JustAuth/blob/master/src/main/java/me/zhyd/oauth/request/AuthBaiduRequest.java)  |  <a href="http://developer.baidu.com/wiki/index.php?title=docs/oauth" target="_blank">参考文档</a>  |
+|  <img src="https://gitee.com/yadong.zhang/static/raw/master/JustAuth/coding.png" width="25">  |  [AuthCodingRequest](https://gitee.com/yadong.zhang/JustAuth/blob/master/src/main/java/me/zhyd/oauth/request/AuthCodingRequest.java)  |  <a href="https://open.coding.net/references/oauth/" target="_blank">参考文档</a> |
+|  <img src="https://gitee.com/yadong.zhang/static/raw/master/JustAuth/tencentCloud.png" width="25">  |  [AuthTencentCloudRequest](https://gitee.com/yadong.zhang/JustAuth/blob/master/src/main/java/me/zhyd/oauth/request/AuthTencentCloudRequest.java)  |  <a href="https://dev.tencent.com/help/doc/faq/b4e5b7aee786/oauth" target="_blank">参考文档</a> |
+|  <img src="https://gitee.com/yadong.zhang/static/raw/master/JustAuth/oschina.png" width="20">  |  [AuthOschinaRequest](https://gitee.com/yadong.zhang/JustAuth/blob/master/src/main/java/me/zhyd/oauth/request/AuthOschinaRequest.java)  |  <a href="https://www.oschina.net/openapi/docs/oauth2_authorize" target="_blank">参考文档</a> |
+|  <img src="https://gitee.com/yadong.zhang/static/raw/master/JustAuth/alipay.png" width="20">  |  [AuthAlipayRequest](https://gitee.com/yadong.zhang/JustAuth/blob/master/src/main/java/me/zhyd/oauth/request/AuthAlipayRequest.java)  |  <a href="https://alipay.open.taobao.com/docs/doc.htm?spm=a219a.7629140.0.0.336d4b70GUKXOl&treeId=193&articleId=105809&docType=1" target="_blank">参考文档</a> |
+|  <img src="https://gitee.com/yadong.zhang/static/raw/master/JustAuth/qq.png" width="20">  |  [AuthQqRequest](https://gitee.com/yadong.zhang/JustAuth/blob/master/src/main/java/me/zhyd/oauth/request/AuthQqRequest.java)  |  <a href="https://wiki.connect.qq.com/%E4%BD%BF%E7%94%A8authorization_code%E8%8E%B7%E5%8F%96access_token" target="_blank">参考文档</a>  |
+|  <img src="https://gitee.com/yadong.zhang/static/raw/master/JustAuth/wechat.png" width="20">  |  [AuthWeChatRequest](https://gitee.com/yadong.zhang/JustAuth/blob/master/src/main/java/me/zhyd/oauth/request/AuthWeChatRequest.java)   |  <a href="https://open.weixin.qq.com/cgi-bin/showdocument?action=dir_list&t=resource/res_list&verify=1&id=open1419316505&token=&lang=zh_CN" target="_blank">参考文档</a>  |
+|  <img src="https://gitee.com/yadong.zhang/static/raw/master/JustAuth/taobao.png" width="20">  |  [AuthTaobaoRequest](https://gitee.com/yadong.zhang/JustAuth/blob/master/src/main/java/me/zhyd/oauth/request/AuthTaobaoRequest.java)   |  <a href="https://open.taobao.com/doc.htm?spm=a219a.7386797.0.0.4e00669acnkQy6&source=search&docId=105590&docType=1" target="_blank">参考文档</a>  |
+|  <img src="https://gitee.com/yadong.zhang/static/raw/master/JustAuth/google.png" width="20">  |  [AuthGoogleRequest](https://gitee.com/yadong.zhang/JustAuth/blob/master/src/main/java/me/zhyd/oauth/request/AuthGoogleRequest.java)   |  <a href="https://developers.google.com/identity/protocols/OpenIDConnect" target="_blank">参考文档</a>  |
+|  <img src="https://gitee.com/yadong.zhang/static/raw/master/JustAuth/facebook.png" width="20">  |  [AuthFacebookRequest](https://gitee.com/yadong.zhang/JustAuth/blob/master/src/main/java/me/zhyd/oauth/request/AuthFacebookRequest.java)   |  <a href="https://developers.facebook.com/docs/facebook-login/manually-build-a-login-flow" target="_blank">参考文档</a>  |
+|  <img src="https://gitee.com/yadong.zhang/static/raw/master/JustAuth/douyin.png" width="20">  |  [AuthDouyinRequest](https://gitee.com/yadong.zhang/JustAuth/blob/master/src/main/java/me/zhyd/oauth/request/AuthDouyinRequest.java)   |  <a href="https://www.douyin.com/platform/doc/m-2-1-1" target="_blank">参考文档</a>  |
+|  <img src="https://gitee.com/yadong.zhang/static/raw/master/JustAuth/linkedin.png" width="20">  |  [AuthLinkedinRequest](https://gitee.com/yadong.zhang/JustAuth/blob/master/src/main/java/me/zhyd/oauth/request/AuthLinkedinRequest.java)   |  <a href="https://docs.microsoft.com/zh-cn/linkedin/shared/authentication/authorization-code-flow?context=linkedin/context" target="_blank">参考文档</a>  |
+|  <img src="https://gitee.com/yadong.zhang/static/raw/master/JustAuth/microsoft.png" width="20">  | [AuthMicrosoftRequest](https://gitee.com/yadong.zhang/JustAuth/blob/master/src/main/java/me/zhyd/oauth/request/AuthMicrosoftRequest.java) | <a href="https://docs.microsoft.com/zh-cn/graph/auth/" target="_blank">参考文档</a> |
+|  <img src="https://gitee.com/yadong.zhang/static/raw/master/JustAuth/mi.png" width="20">  | [AuthMiRequest](https://gitee.com/yadong.zhang/JustAuth/blob/master/src/main/java/me/zhyd/oauth/request/AuthMiRequest.java) | <a href="https://dev.mi.com/console/doc/detail?pId=711" target="_blank">参考文档</a> |
+|  <img src="https://gitee.com/yadong.zhang/static/raw/master/JustAuth/toutiao.png" width="20">  | [AuthToutiaoRequest](https://gitee.com/yadong.zhang/JustAuth/blob/master/src/main/java/me/zhyd/oauth/request/AuthToutiaoRequest.java) | <a href="https://open.mp.toutiao.com/#/resource?_k=y7mfgk" target="_blank">参考文档</a> |
+|  <img src="https://gitee.com/yadong.zhang/static/raw/master/JustAuth/teambition.png" width="20">  | [AuthTeambitionRequest](https://gitee.com/yadong.zhang/JustAuth/blob/master/src/main/java/me/zhyd/oauth/request/AuthTeambitionRequest.java) | <a href="https://docs.teambition.com/" target="_blank">参考文档</a> |
+|  <img src="https://gitee.com/yadong.zhang/static/raw/master/JustAuth/renren.png" width="20">  | [AuthRenrenRequest](https://gitee.com/yadong.zhang/JustAuth/blob/master/src/main/java/me/zhyd/oauth/request/AuthRenrenRequest.java) | <a href="http://open.renren.com/wiki/OAuth2.0" target="_blank">参考文档</a> |
+|  <img src="https://gitee.com/yadong.zhang/static/raw/master/JustAuth/pinterest.png" width="20">  | [AuthPinterestRequest](https://gitee.com/yadong.zhang/JustAuth/blob/master/src/main/java/me/zhyd/oauth/request/AuthPinterestRequest.java) | <a href="https://developers.pinterest.com/docs/api/overview/?" target="_blank">参考文档</a> |
+|  <img src="https://gitee.com/yadong.zhang/static/raw/master/JustAuth/stackoverflow.png" width="20">  | [AuthStackOverflowRequest](https://gitee.com/yadong.zhang/JustAuth/blob/master/src/main/java/me/zhyd/oauth/request/AuthStackOverflowRequest.java) | <a href="https://api.stackexchange.com/docs/authentication" target="_blank">参考文档</a> |
+|  <img src="https://gitee.com/yadong.zhang/static/raw/master/JustAuth/huawei.png" width="20">  | [AuthHuaweiRequest](https://gitee.com/yadong.zhang/JustAuth/blob/master/src/main/java/me/zhyd/oauth/request/AuthHuaweiRequest.java) | <a href="https://developer.huawei.com/consumer/cn/devservice/doc/30101" target="_blank">参考文档</a> |
+|  <img src="https://gitee.com/yadong.zhang/static/raw/master/JustAuth/wechat.png" width="20">  | [AuthWeChatEnterpriseRequest](https://gitee.com/yadong.zhang/JustAuth/blob/master/src/main/java/me/zhyd/oauth/request/AuthWeChatEnterpriseRequest.java) | <a href="https://open.work.weixin.qq.com/api/doc#90000/90135/90664" target="_blank">参考文档</a> |
+|  <img src="https://gitee.com/yadong.zhang/static/raw/master/JustAuth/kujiale.png" width="20">  |  [AuthKujialeRequest](https://gitee.com/yadong.zhang/JustAuth/blob/master/src/main/java/me/zhyd/oauth/request/AuthKujialeRequest.java)  |  <a href="https://open.kujiale.com/open/apps/2/docs?doc_id=95" target="_blank">参考文档</a> |
+|  <img src="https://gitee.com/yadong.zhang/static/raw/master/JustAuth/gitlab.png" width="20">  |  [AuthGitlabRequest](https://gitee.com/yadong.zhang/JustAuth/blob/master/src/main/java/me/zhyd/oauth/request/AuthGitlabRequest.java)  |  <a href="https://docs.gitlab.com/ee/api/oauth2.html" target="_blank">参考文档</a> |
+|  <img src="https://gitee.com/yadong.zhang/static/raw/master/JustAuth/meituan.png" width="20">  |  [AuthMeituanRequest](https://gitee.com/yadong.zhang/JustAuth/blob/master/src/main/java/me/zhyd/oauth/request/AuthMeituanRequest.java)  |  <a href="http://open.waimai.meituan.com/openapi_docs/oauth/" target="_blank">参考文档</a> |
+|  <img src="https://gitee.com/yadong.zhang/static/raw/master/JustAuth/eleme.png" width="20">  |  [AuthElemeRequest](https://gitee.com/yadong.zhang/JustAuth/blob/master/src/main/java/me/zhyd/oauth/request/AuthElemeRequest.java)  |  <a href="https://open.shop.ele.me/openapi/documents/khd001" target="_blank">参考文档</a> |
+|  <img src="https://gitee.com/yadong.zhang/static/raw/master/JustAuth/csdn.png" width="20">  |  [AuthCsdnRequest](https://gitee.com/yadong.zhang/JustAuth/blob/master/src/main/java/me/zhyd/oauth/request/AuthCsdnRequest.java)  |  无 |
+
+
+
+## Contributions
+
+1. Fork this project to your repository
+2. Clone the project after fork.
+3. Modify the code (either to fix issue, or to add new features)
+4. Commit and push code to a remote repository
+5. Create a new PR (pull request), and select `dev` branch
+6. Waiting for author to merge
+
+I look forward to your joining us.
+
+
+## Contributors
+
+[contributors](https://docs.justauth.whnb.wang/#/contributors)
+
+## Recommend
+
+- `spring-boot-demo` In-depth study and actual combat of spring boot projects: [https://github.com/xkcoding/spring-boot-demo](https://github.com/xkcoding/spring-boot-demo)
+- `mica` Efficient Development of scaffolding by Spring Cloud: [https://github.com/lets-mica/mica](https://github.com/lets-mica/mica)
+- `pig` Cosmic strongest Micro Services Certified authorized scaffolding (essential for Architects): [https://gitee.com/log4j/pig](https://gitee.com/log4j/pig)
+- `SpringBlade` Complete online solution (necessary for enterprise development): https://gitee.com/smallc/SpringBlade
+
+## References
+
+- [The OAuth 2.0 Authorization Framework](https://tools.ietf.org/html/rfc6749)
+- [OAuth 2.0](https://oauth.net/2/)
@@ -1,12 +1,12 @@
 <p align="center">
-	<a href="https://www.justauth.cn/"><img src="https://gitee.com/yadong.zhang/static/raw/master/JustAuth/logo.png" width="400"></a>
+	<a href="https://docs.justauth.whnb.wang"><img src="https://gitee.com/yadong.zhang/static/raw/master/JustAuth/logo.png" width="400"></a>
 </p>
 <p align="center">
 	<strong>Login, so easy.</strong>
 </p>
 <p align="center">
 	<a target="_blank" href="https://search.maven.org/search?q=JustAuth">
-		<img src="https://img.shields.io/badge/Maven Central-1.5.1-blue.svg" ></img>
+		<img src="https://img.shields.io/badge/Maven Central-1.12.0-blue.svg" ></img>
 	</a>
 	<a target="_blank" href="https://gitee.com/yadong.zhang/JustAuth/blob/master/LICENSE">
 		<img src="https://img.shields.io/apm/l/vim-mode.svg?color=yellow" ></img>
@@ -14,40 +14,72 @@
 	<a target="_blank" href="https://www.oracle.com/technetwork/java/javase/downloads/index.html">
 		<img src="https://img.shields.io/badge/JDK-1.8+-green.svg" ></img>
 	</a>
+	<a target="_blank" href="https://apidoc.gitee.com/yadong.zhang/JustAuth/" title="API文档">
+		<img src="https://img.shields.io/badge/Api Docs-1.12.0-orange.svg" ></img>
+	</a>
+	<a target="_blank" href="https://docs.justauth.whnb.wang" title="参考文档">
+		<img src="https://img.shields.io/badge/Docs-latest-blueviolet.svg" ></img>
+	</a>
+	<a href="https://codecov.io/gh/zhangyd-c/JustAuth">
+		<img src="https://codecov.io/gh/zhangyd-c/JustAuth/branch/master/graph/badge.svg" />
+	</a>
+	<a href='https://gitee.com/yadong.zhang/JustAuth/stargazers'>
+	  <img src='https://gitee.com/yadong.zhang/JustAuth/badge/star.svg?theme=white' alt='star'></img>
+	</a>
+	<a target="_blank" href='https://github.com/zhangyd-c/JustAuth'>
+		<img src="https://img.shields.io/github/stars/zhangyd-c/JustAuth.svg?style=social" alt="github star"></img>
+	</a>
 </p>

 <center>
    <table>
        <tr>
-            <td align="center" width="200"><a href="#授权gitee"><img src="https://gitee.com/yadong.zhang/static/raw/master/JustAuth/gitee.png" width="20"></a></td>
-            <td align="center" width="200"><a href="#授权github"><img src="https://gitee.com/yadong.zhang/static/raw/master/JustAuth/github.png" width="20"></a></td>
-            <td align="center" width="200"><a href="#授权weibo"><img src="https://gitee.com/yadong.zhang/static/raw/master/JustAuth/weibo.png" width="20"></a></td>
-            <td align="center" width="200"><a href="#授权钉钉"><img src="https://gitee.com/yadong.zhang/static/raw/master/JustAuth/dingtalk.png" width="20"></a></td>
-            <td align="center" width="200"><a href="#授权百度"><img src="https://gitee.com/yadong.zhang/static/raw/master/JustAuth/baidu.png" width="20"></a></td>
-            <td align="center" width="200"><a href="#授权coding"><img src="https://gitee.com/yadong.zhang/static/raw/master/JustAuth/coding.png" width="20"></a></td>
-            <td align="center" width="200"><a href="#授权腾讯云开发者平台"><img src="https://gitee.com/yadong.zhang/static/raw/master/JustAuth/tencentCloud.png" width="20"></a></td>
-            <td align="center" width="200"><a href="#授权oschina"><img src="https://gitee.com/yadong.zhang/static/raw/master/JustAuth/oschina.png" width="20"></a></td>
-            <td align="center" width="200"><a href="#授权支付宝"><img src="https://gitee.com/yadong.zhang/static/raw/master/JustAuth/alipay.png" width="20"></a></td>
-            <td align="center" width="200"><a href="#授权qq"><img src="https://gitee.com/yadong.zhang/static/raw/master/JustAuth/qq.png" width="20"></a></td>
-            <td align="center" width="200"><a href="#授权微信"><img src="https://gitee.com/yadong.zhang/static/raw/master/JustAuth/wechat.png" width="20"></a></td>
-            <td align="center" width="200"><a href="#授权淘宝"><img src="https://gitee.com/yadong.zhang/static/raw/master/JustAuth/taobao.png" width="20"></a></td>
-            <td align="center" width="200"><a href="#授权google"><img src="https://gitee.com/yadong.zhang/static/raw/master/JustAuth/google.png" width="20"></a></td>
-            <td align="center" width="200"><a href="#授权facebook"><img src="https://gitee.com/yadong.zhang/static/raw/master/JustAuth/facebook.png" width="20"></a></td>
-            <td align="center" width="200"><a href="#授权抖音"><img src="https://gitee.com/yadong.zhang/static/raw/master/JustAuth/douyin.png" width="20"></a></td>
-            <td align="center" width="200"><a href="#授权领英"><img src="https://gitee.com/yadong.zhang/static/raw/master/JustAuth/linkedin.png" width="20"></a></td>
-            <td align="center" width="200"><a href="#授权微软"><img src="https://gitee.com/yadong.zhang/static/raw/master/JustAuth/microsoft.png" width="20"></a></td>
-            <td align="center" width="200"><a href="#授权小米"><img src="https://gitee.com/yadong.zhang/static/raw/master/JustAuth/mi.png" width="20"></a></td>
-            <td align="center" width="200"><a href="#授权csdn"><img src="https://gitee.com/yadong.zhang/static/raw/master/JustAuth/csdn.png" width="20"></a></td>
+            <td align="center" width="200"><img src="https://gitee.com/yadong.zhang/static/raw/master/JustAuth/gitee.png" width="20"></td>
+            <td align="center" width="200"><img src="https://gitee.com/yadong.zhang/static/raw/master/JustAuth/github.png" width="20"></td>
+            <td align="center" width="200"><img src="https://gitee.com/yadong.zhang/static/raw/master/JustAuth/weibo.png" width="20"></td>
+            <td align="center" width="200"><img src="https://gitee.com/yadong.zhang/static/raw/master/JustAuth/dingtalk.png" width="20"></td>
+            <td align="center" width="200"><img src="https://gitee.com/yadong.zhang/static/raw/master/JustAuth/baidu.png" width="20"></td>
+            <td align="center" width="200"><img src="https://gitee.com/yadong.zhang/static/raw/master/JustAuth/coding.png" width="20"></td>
+            <td align="center" width="200"><img src="https://gitee.com/yadong.zhang/static/raw/master/JustAuth/tencentCloud.png" width="20"></td>
+            <td align="center" width="200"><img src="https://gitee.com/yadong.zhang/static/raw/master/JustAuth/oschina.png" width="20"></td>
+            <td align="center" width="200"><img src="https://gitee.com/yadong.zhang/static/raw/master/JustAuth/alipay.png" width="20"></td>
+            <td align="center" width="200"><img src="https://gitee.com/yadong.zhang/static/raw/master/JustAuth/qq.png" width="20"></td>
+            <td align="center" width="200"><img src="https://gitee.com/yadong.zhang/static/raw/master/JustAuth/wechat.png" width="20"></td>
+            <td align="center" width="200"><img src="https://gitee.com/yadong.zhang/static/raw/master/JustAuth/taobao.png" width="20"></td>
+            <td align="center" width="200"><img src="https://gitee.com/yadong.zhang/static/raw/master/JustAuth/google.png" width="20"></td>
+            <td align="center" width="200"><img src="https://gitee.com/yadong.zhang/static/raw/master/JustAuth/facebook.png" width="20"></td>
+            <td align="center" width="200"><img src="https://gitee.com/yadong.zhang/static/raw/master/JustAuth/douyin.png" width="20"></td>
+        </tr>
+    </table>
+    <table>
+        <tr>
+            <td align="center" width="200"><img src="https://gitee.com/yadong.zhang/static/raw/master/JustAuth/linkedin.png" width="20"></td>
+            <td align="center" width="200"><img src="https://gitee.com/yadong.zhang/static/raw/master/JustAuth/microsoft.png" width="20"></td>
+            <td align="center" width="200"><img src="https://gitee.com/yadong.zhang/static/raw/master/JustAuth/mi.png" width="20"></td>
+            <td align="center" width="200"><img src="https://gitee.com/yadong.zhang/static/raw/master/JustAuth/toutiao.png" width="20"></td>
+            <td align="center" width="200"><img src="https://gitee.com/yadong.zhang/static/raw/master/JustAuth/teambition.png" width="20"></td>
+            <td align="center" width="200"><img src="https://gitee.com/yadong.zhang/static/raw/master/JustAuth/renren.png" width="20"></td>
+            <td align="center" width="200"><img src="https://gitee.com/yadong.zhang/static/raw/master/JustAuth/pinterest.png" width="20"></td>
+            <td align="center" width="200"><img src="https://gitee.com/yadong.zhang/static/raw/master/JustAuth/stackoverflow.png" width="20"></td>
+            <td align="center" width="200"><img src="https://gitee.com/yadong.zhang/static/raw/master/JustAuth/huawei.png" width="20"></td>
+            <td align="center" width="200"><img src="https://gitee.com/yadong.zhang/static/raw/master/JustAuth/wechat.png" width="20" title="微信企业版"></td>
+            <td align="center" width="200"><img src="https://gitee.com/yadong.zhang/static/raw/master/JustAuth/csdn.png" width="20"></td>
+            <td align="center" width="200"><img src="https://gitee.com/yadong.zhang/static/raw/master/JustAuth/kujiale.png" width="20"></td>
+            <td align="center" width="200"><img src="https://gitee.com/yadong.zhang/static/raw/master/JustAuth/gitlab.png" width="20"></td>
+            <td align="center" width="200"><img src="https://gitee.com/yadong.zhang/static/raw/master/JustAuth/meituan.png" width="20"></td>
+            <td align="center" width="200"><img src="https://gitee.com/yadong.zhang/static/raw/master/JustAuth/eleme.png" width="20"></td>
        </tr>
    </table>
 </center>
+
 -------------------------------------------------------------------------------



 JustAuth，如你所见，它仅仅是一个**第三方授权登录**的**工具类库**，它可以让我们脱离繁琐的第三方登录SDK，让登录变得**So easy!**

-项目开源地址：[gitee](https://gitee.com/yadong.zhang/JustAuth) | [github](https://github.com/zhangyd-c/JustAuth)
+项目开源地址：[gitee](https://gitee.com/yadong.zhang/JustAuth) | [github](https://github.com/zhangyd-c/JustAuth)    
+项目文档：[参考文档](https://docs.justauth.whnb.wang)

 ## 特点

@@ -63,7 +95,7 @@ JustAuth，如你所见，它仅仅是一个**第三方授权登录**的**工具
 <dependency>
    <groupId>me.zhyd.oauth</groupId>
    <artifactId>JustAuth</artifactId>
-    <version>1.5.1</version>
+    <version>1.12.0</version>
 </dependency>
 ```
 - 调用api
@@ -75,39 +107,59 @@ AuthRequest authRequest = new AuthGiteeRequest(AuthConfig.builder()
        .redirectUri("redirectUri")
        .build());
 // 生成授权页面
-authRequest.authorize();
-// 授权登录后会返回一个code，用这个code进行登录
-authRequest.login("code");
+authRequest.authorize("state");
+// 授权登录后会返回code（auth_code（仅限支付宝））、state，1.8.0版本后，可以用AuthCallback类作为回调接口的参数
+// 注：JustAuth默认保存state的时效为3分钟，3分钟内未使用则会自动清除过期的state
+authRequest.login(callback);
 ```

-**配套Demo**：[JustAuth-demo](https://gitee.com/yadong.zhang/JustAuth-demo)
+**配套Demo**：
+- [Springboot版](https://gitee.com/yadong.zhang/JustAuth-demo)
+- [jFinal版](https://github.com/xkcoding/jfinal-justauth-demo): Jfinal集成JustAuth的demo by [xkcoding](https://github.com/xkcoding)
+- [ActFramework版](https://github.com/xkcoding/act-justauth-demo): ActFramework 集成 JustAuth 的 demo by [xkcoding](https://github.com/xkcoding)
+- [Nutzboot版](https://github.com/EggsBlue/nutzboot-justauth-demo): NutzBoot集成JustAuth的demo  by [蛋蛋](https://github.com/EggsBlue)
+
+## 插件
+- [justauth-spring-boot-starter](https://github.com/xkcoding/justauth-spring-boot-starter): Spring Boot 集成 JustAuth 的最佳实践 by [xkcoding](https://github.com/xkcoding)

 具体的例子可以参考：

 - [实现Gitee授权登录](http://t.cn/ExDKxQs)
 - [实现Github授权登录](http://t.cn/EJ0Fxqo)
+- [Spring Boot 快速集成第三方登录功能](http://t.cn/AiWWx5kH)

 #### API列表
 |  :computer: 平台  |  :coffee: API类  |  :page_facing_up: SDK  |
 |:------:|:-------:|:-------:|
 |  <img src="https://gitee.com/yadong.zhang/static/raw/master/JustAuth/gitee.png" width="20">  |  [AuthGiteeRequest](https://gitee.com/yadong.zhang/JustAuth/blob/master/src/main/java/me/zhyd/oauth/request/AuthGiteeRequest.java)  | <a href="https://gitee.com/api/v5/oauth_doc#list_1" target="_blank">参考文档</a> |
-|  <img src="https://gitee.com/yadong.zhang/static/raw/master/JustAuth/github.png" width="20">  |  [AuthGithubRequest](https://gitee.com/yadong.zhang/JustAuth/blob/master/src/main/java/me/zhyd/oauth/request/AuthGiteeRequest.java)  |  <a href="https://github.com/settings/developers" target="_blank">参考文档</a> |
-|  <img src="https://gitee.com/yadong.zhang/static/raw/master/JustAuth/weibo.png" width="20">  |  [AuthWeiboRequest](https://gitee.com/yadong.zhang/JustAuth/blob/master/src/main/java/me/zhyd/oauth/request/AuthGiteeRequest.java)  |  <a href="https://open.weibo.com/wiki/%E5%BE%AE%E5%8D%9AAPI" target="_blank">参考文档</a>  |
+|  <img src="https://gitee.com/yadong.zhang/static/raw/master/JustAuth/github.png" width="20">  |  [AuthGithubRequest](https://gitee.com/yadong.zhang/JustAuth/blob/master/src/main/java/me/zhyd/oauth/request/AuthGiteeRequest.java)  |  <a href="https://developer.github.com/apps/building-oauth-apps/authorizing-oauth-apps/" target="_blank">参考文档</a> |
+|  <img src="https://gitee.com/yadong.zhang/static/raw/master/JustAuth/weibo.png" width="20">  |  [AuthWeiboRequest](https://gitee.com/yadong.zhang/JustAuth/blob/master/src/main/java/me/zhyd/oauth/request/AuthGiteeRequest.java)  |  <a href="https://open.weibo.com/wiki/%E6%8E%88%E6%9D%83%E6%9C%BA%E5%88%B6%E8%AF%B4%E6%98%8E" target="_blank">参考文档</a>  |
 |  <img src="https://gitee.com/yadong.zhang/static/raw/master/JustAuth/dingtalk.png" width="20">  |  [AuthDingTalkRequest](https://gitee.com/yadong.zhang/JustAuth/blob/master/src/main/java/me/zhyd/oauth/request/AuthDingTalkRequest.java)  |  <a href="https://open-doc.dingtalk.com/microapp/serverapi2/kymkv6" target="_blank">参考文档</a>  |
-|  <img src="https://gitee.com/yadong.zhang/static/raw/master/JustAuth/baidu.png" width="20">  |  [AuthBaiduRequest](https://gitee.com/yadong.zhang/JustAuth/blob/master/src/main/java/me/zhyd/oauth/request/AuthBaiduRequest.java)  |  <a href="https://developer.baidu.com/" target="_blank">参考文档</a>  |
+|  <img src="https://gitee.com/yadong.zhang/static/raw/master/JustAuth/baidu.png" width="20">  |  [AuthBaiduRequest](https://gitee.com/yadong.zhang/JustAuth/blob/master/src/main/java/me/zhyd/oauth/request/AuthBaiduRequest.java)  |  <a href="http://developer.baidu.com/wiki/index.php?title=docs/oauth" target="_blank">参考文档</a>  |
 |  <img src="https://gitee.com/yadong.zhang/static/raw/master/JustAuth/coding.png" width="25">  |  [AuthCodingRequest](https://gitee.com/yadong.zhang/JustAuth/blob/master/src/main/java/me/zhyd/oauth/request/AuthCodingRequest.java)  |  <a href="https://open.coding.net/references/oauth/" target="_blank">参考文档</a> |
 |  <img src="https://gitee.com/yadong.zhang/static/raw/master/JustAuth/tencentCloud.png" width="25">  |  [AuthTencentCloudRequest](https://gitee.com/yadong.zhang/JustAuth/blob/master/src/main/java/me/zhyd/oauth/request/AuthTencentCloudRequest.java)  |  <a href="https://dev.tencent.com/help/doc/faq/b4e5b7aee786/oauth" target="_blank">参考文档</a> |
-|  <img src="https://gitee.com/yadong.zhang/static/raw/master/JustAuth/oschina.png" width="20">  |  [AuthOschinaRequest](https://gitee.com/yadong.zhang/JustAuth/blob/master/src/main/java/me/zhyd/oauth/request/AuthOschinaRequest.java)  |  <a href="https://www.oschina.net/openapi/docs/openapi_user" target="_blank">参考文档</a> |
+|  <img src="https://gitee.com/yadong.zhang/static/raw/master/JustAuth/oschina.png" width="20">  |  [AuthOschinaRequest](https://gitee.com/yadong.zhang/JustAuth/blob/master/src/main/java/me/zhyd/oauth/request/AuthOschinaRequest.java)  |  <a href="https://www.oschina.net/openapi/docs/oauth2_authorize" target="_blank">参考文档</a> |
 |  <img src="https://gitee.com/yadong.zhang/static/raw/master/JustAuth/alipay.png" width="20">  |  [AuthAlipayRequest](https://gitee.com/yadong.zhang/JustAuth/blob/master/src/main/java/me/zhyd/oauth/request/AuthAlipayRequest.java)  |  <a href="https://alipay.open.taobao.com/docs/doc.htm?spm=a219a.7629140.0.0.336d4b70GUKXOl&treeId=193&articleId=105809&docType=1" target="_blank">参考文档</a> |
-|  <img src="https://gitee.com/yadong.zhang/static/raw/master/JustAuth/qq.png" width="20">  |  [AuthQqRequest](https://gitee.com/yadong.zhang/JustAuth/blob/master/src/main/java/me/zhyd/oauth/request/AuthQqRequest.java)  |  <a href="http://wiki.connect.qq.com/" target="_blank">参考文档</a>  |
+|  <img src="https://gitee.com/yadong.zhang/static/raw/master/JustAuth/qq.png" width="20">  |  [AuthQqRequest](https://gitee.com/yadong.zhang/JustAuth/blob/master/src/main/java/me/zhyd/oauth/request/AuthQqRequest.java)  |  <a href="https://wiki.connect.qq.com/%E4%BD%BF%E7%94%A8authorization_code%E8%8E%B7%E5%8F%96access_token" target="_blank">参考文档</a>  |
 |  <img src="https://gitee.com/yadong.zhang/static/raw/master/JustAuth/wechat.png" width="20">  |  [AuthWeChatRequest](https://gitee.com/yadong.zhang/JustAuth/blob/master/src/main/java/me/zhyd/oauth/request/AuthWeChatRequest.java)   |  <a href="https://open.weixin.qq.com/cgi-bin/showdocument?action=dir_list&t=resource/res_list&verify=1&id=open1419316505&token=&lang=zh_CN" target="_blank">参考文档</a>  |
 |  <img src="https://gitee.com/yadong.zhang/static/raw/master/JustAuth/taobao.png" width="20">  |  [AuthTaobaoRequest](https://gitee.com/yadong.zhang/JustAuth/blob/master/src/main/java/me/zhyd/oauth/request/AuthTaobaoRequest.java)   |  <a href="https://open.taobao.com/doc.htm?spm=a219a.7386797.0.0.4e00669acnkQy6&source=search&docId=105590&docType=1" target="_blank">参考文档</a>  |
 |  <img src="https://gitee.com/yadong.zhang/static/raw/master/JustAuth/google.png" width="20">  |  [AuthGoogleRequest](https://gitee.com/yadong.zhang/JustAuth/blob/master/src/main/java/me/zhyd/oauth/request/AuthGoogleRequest.java)   |  <a href="https://developers.google.com/identity/protocols/OpenIDConnect" target="_blank">参考文档</a>  |
 |  <img src="https://gitee.com/yadong.zhang/static/raw/master/JustAuth/facebook.png" width="20">  |  [AuthFacebookRequest](https://gitee.com/yadong.zhang/JustAuth/blob/master/src/main/java/me/zhyd/oauth/request/AuthFacebookRequest.java)   |  <a href="https://developers.facebook.com/docs/facebook-login/manually-build-a-login-flow" target="_blank">参考文档</a>  |
-|  <img src="https://gitee.com/yadong.zhang/static/raw/master/JustAuth/douyin.png" width="20">  |  [AuthDouyinRequest](https://gitee.com/yadong.zhang/JustAuth/blob/master/src/main/java/me/zhyd/oauth/request/AuthDouyinRequest.java)   |  <a href="https://www.douyin.com/platform/doc" target="_blank">参考文档</a>  |
+|  <img src="https://gitee.com/yadong.zhang/static/raw/master/JustAuth/douyin.png" width="20">  |  [AuthDouyinRequest](https://gitee.com/yadong.zhang/JustAuth/blob/master/src/main/java/me/zhyd/oauth/request/AuthDouyinRequest.java)   |  <a href="https://www.douyin.com/platform/doc/m-2-1-1" target="_blank">参考文档</a>  |
 |  <img src="https://gitee.com/yadong.zhang/static/raw/master/JustAuth/linkedin.png" width="20">  |  [AuthLinkedinRequest](https://gitee.com/yadong.zhang/JustAuth/blob/master/src/main/java/me/zhyd/oauth/request/AuthLinkedinRequest.java)   |  <a href="https://docs.microsoft.com/zh-cn/linkedin/shared/authentication/authorization-code-flow?context=linkedin/context" target="_blank">参考文档</a>  |
 |  <img src="https://gitee.com/yadong.zhang/static/raw/master/JustAuth/microsoft.png" width="20">  | [AuthMicrosoftRequest](https://gitee.com/yadong.zhang/JustAuth/blob/master/src/main/java/me/zhyd/oauth/request/AuthMicrosoftRequest.java) | <a href="https://docs.microsoft.com/zh-cn/graph/auth/" target="_blank">参考文档</a> |
 |  <img src="https://gitee.com/yadong.zhang/static/raw/master/JustAuth/mi.png" width="20">  | [AuthMiRequest](https://gitee.com/yadong.zhang/JustAuth/blob/master/src/main/java/me/zhyd/oauth/request/AuthMiRequest.java) | <a href="https://dev.mi.com/console/doc/detail?pId=711" target="_blank">参考文档</a> |
+|  <img src="https://gitee.com/yadong.zhang/static/raw/master/JustAuth/toutiao.png" width="20">  | [AuthToutiaoRequest](https://gitee.com/yadong.zhang/JustAuth/blob/master/src/main/java/me/zhyd/oauth/request/AuthToutiaoRequest.java) | <a href="https://open.mp.toutiao.com/#/resource?_k=y7mfgk" target="_blank">参考文档</a> |
+|  <img src="https://gitee.com/yadong.zhang/static/raw/master/JustAuth/teambition.png" width="20">  | [AuthTeambitionRequest](https://gitee.com/yadong.zhang/JustAuth/blob/master/src/main/java/me/zhyd/oauth/request/AuthTeambitionRequest.java) | <a href="https://docs.teambition.com/" target="_blank">参考文档</a> |
+|  <img src="https://gitee.com/yadong.zhang/static/raw/master/JustAuth/renren.png" width="20">  | [AuthRenrenRequest](https://gitee.com/yadong.zhang/JustAuth/blob/master/src/main/java/me/zhyd/oauth/request/AuthRenrenRequest.java) | <a href="http://open.renren.com/wiki/OAuth2.0" target="_blank">参考文档</a> |
+|  <img src="https://gitee.com/yadong.zhang/static/raw/master/JustAuth/pinterest.png" width="20">  | [AuthPinterestRequest](https://gitee.com/yadong.zhang/JustAuth/blob/master/src/main/java/me/zhyd/oauth/request/AuthPinterestRequest.java) | <a href="https://developers.pinterest.com/docs/api/overview/?" target="_blank">参考文档</a> |
+|  <img src="https://gitee.com/yadong.zhang/static/raw/master/JustAuth/stackoverflow.png" width="20">  | [AuthStackOverflowRequest](https://gitee.com/yadong.zhang/JustAuth/blob/master/src/main/java/me/zhyd/oauth/request/AuthStackOverflowRequest.java) | <a href="https://api.stackexchange.com/docs/authentication" target="_blank">参考文档</a> |
+|  <img src="https://gitee.com/yadong.zhang/static/raw/master/JustAuth/huawei.png" width="20">  | [AuthHuaweiRequest](https://gitee.com/yadong.zhang/JustAuth/blob/master/src/main/java/me/zhyd/oauth/request/AuthHuaweiRequest.java) | <a href="https://developer.huawei.com/consumer/cn/devservice/doc/30101" target="_blank">参考文档</a> |
+|  <img src="https://gitee.com/yadong.zhang/static/raw/master/JustAuth/wechat.png" width="20">  | [AuthWeChatEnterpriseRequest](https://gitee.com/yadong.zhang/JustAuth/blob/master/src/main/java/me/zhyd/oauth/request/AuthWeChatEnterpriseRequest.java) | <a href="https://open.work.weixin.qq.com/api/doc#90000/90135/90664" target="_blank">参考文档</a> |
+|  <img src="https://gitee.com/yadong.zhang/static/raw/master/JustAuth/kujiale.png" width="20">  |  [AuthKujialeRequest](https://gitee.com/yadong.zhang/JustAuth/blob/master/src/main/java/me/zhyd/oauth/request/AuthKujialeRequest.java)  |  <a href="https://open.kujiale.com/open/apps/2/docs?doc_id=95" target="_blank">参考文档</a> |
+|  <img src="https://gitee.com/yadong.zhang/static/raw/master/JustAuth/gitlab.png" width="20">  |  [AuthGitlabRequest](https://gitee.com/yadong.zhang/JustAuth/blob/master/src/main/java/me/zhyd/oauth/request/AuthGitlabRequest.java)  |  <a href="https://docs.gitlab.com/ee/api/oauth2.html" target="_blank">参考文档</a> |
+|  <img src="https://gitee.com/yadong.zhang/static/raw/master/JustAuth/meituan.png" width="20">  |  [AuthMeituanRequest](https://gitee.com/yadong.zhang/JustAuth/blob/master/src/main/java/me/zhyd/oauth/request/AuthMeituanRequest.java)  |  <a href="http://open.waimai.meituan.com/openapi_docs/oauth/" target="_blank">参考文档</a> |
+|  <img src="https://gitee.com/yadong.zhang/static/raw/master/JustAuth/eleme.png" width="20">  |  [AuthElemeRequest](https://gitee.com/yadong.zhang/JustAuth/blob/master/src/main/java/me/zhyd/oauth/request/AuthElemeRequest.java)  |  <a href="https://open.shop.ele.me/openapi/documents/khd001" target="_blank">参考文档</a> |
 |  <img src="https://gitee.com/yadong.zhang/static/raw/master/JustAuth/csdn.png" width="20">  |  [AuthCsdnRequest](https://gitee.com/yadong.zhang/JustAuth/blob/master/src/main/java/me/zhyd/oauth/request/AuthCsdnRequest.java)  |  无 |

 _请知悉：经咨询CSDN官方客服得知，CSDN的授权开放平台已经下线。如果以前申请过的应用，可以继续使用，但是不再支持申请新的应用。so, 本项目中的CSDN登录只能针对少部分用户使用了_
@@ -124,92 +176,33 @@ _请知悉：经咨询CSDN官方客服得知，CSDN的授权开放平台已经
 2. 把fork过去的项目也就是你仓库中的项目clone到你的本地
 3. 修改代码
 4. commit后push到自己的库
-5. 发起PR（pull request） 请求
+5. 发起PR（pull request） 请求，提交到`dev`分支
 6. 等待作者合并

+## 贡献者名单
+
+[contributors](https://docs.justauth.whnb.wang/#/contributors)
+
 ## 致谢

 在项目立项初期，也对当前开源圈的一些相同类型的项目作过调研，同时本项目也参考过这些项目，再次感谢开源圈内的朋友。

-[YurunOAuthLogin](https://gitee.com/yurunsoft/YurunOAuthLogin): PHP 第三方登录授权 SDK
+- [YurunOAuthLogin](https://gitee.com/yurunsoft/YurunOAuthLogin): PHP 第三方登录授权 SDK
+- [阿里妈妈MUX倾力打造的矢量图标库-iconfont](https://www.iconfont.cn/search/index): 本文档中的图标大部分取自该平台
+- [mica](https://github.com/lets-mica/mica)：Spring Cloud 微服务开发核心包，支持 `web `和 `webflux`。注：JustAuth项目中的[UuidUtils](https://gitee.com/yadong.zhang/JustAuth/blob/master/src/main/java/me/zhyd/oauth/utils/UuidUtils.java)就是直接使用的mica提供的高性能的uuid创建工具类源码[StringUtil.java](https://github.com/lets-mica/mica/blob/master/mica-core/src/main/java/net/dreamlu/mica/core/utils/StringUtil.java#L335)
+- 感谢 JetBrains 提供的免费开源 License：
+<img src="https://github.com/lets-mica/mica/raw/c251e176b81518a6a570bf4eb21f525c4f582a81/docs/img/jetbrains.png" alt="图片引用自lets-mica" style="float:left;">

-[阿里妈妈MUX倾力打造的矢量图标库-iconfont](https://www.iconfont.cn/search/index): 本文档中的图标大部分取自该平台
+## 开源推荐
+- `spring-boot-demo` 深度学习并实战 spring boot 的项目: [https://github.com/xkcoding/spring-boot-demo](https://github.com/xkcoding/spring-boot-demo)
+- `mica` SpringBoot 微服务高效开发工具集: [https://github.com/lets-mica/mica](https://github.com/lets-mica/mica)
+- `pig` 宇宙最强微服务认证授权脚手架(架构师必备): [https://gitee.com/log4j/pig](https://gitee.com/log4j/pig)
+- `SpringBlade` 完整的线上解决方案（企业开发必备）: https://gitee.com/smallc/SpringBlade

+## 关于OAuth

-## 参考授权图例
-
-#### 授权gitee
-
-![Gitee授权登录](https://images.gitee.com/uploads/images/2019/0221/140015_4c09610e_784199.png "Gitee授权登录")
-
-#### 授权github
-
-![Github授权登录](https://images.gitee.com/uploads/images/2019/0221/140032_58f7dfb5_784199.png "Github授权登录")
-
-#### 授权weibo
-
-![微博授权登录](https://images.gitee.com/uploads/images/2019/0222/191210_67d5597c_784199.png "微博授权登录")
-
-#### 授权钉钉
-
-![钉钉授权登录](https://images.gitee.com/uploads/images/2019/0221/140540_8da8d959_784199.jpeg "钉钉授权登录")
-
-#### 授权百度
-
-![百度授权登录](https://images.gitee.com/uploads/images/2019/0221/140607_ebf1dcb6_784199.png "百度授权登录")
-
-#### 授权coding
-
-![Coding授权登录](https://images.gitee.com/uploads/images/2019/0224/192106_fd53b3d7_784199.png "Coding授权登录")
-
-#### 授权腾讯云开发者平台
-
-![腾讯云开发者平台授权登录](https://images.gitee.com/uploads/images/2019/0224/192128_db9e203b_784199.png "腾讯云开发者平台授权登录")
-
-#### 授权oschina
-
-![授权oschina登录](https://images.gitee.com/uploads/images/2019/0322/230652_05b4fd8a_784199.png "授权oschina")
-
-#### 授权支付宝
-
-![授权支付宝登录](https://images.gitee.com/uploads/images/2019/0327/183654_3d4b94eb_784199.png "授权支付宝登录")
-
-#### 授权qq
-
-待续
-
-#### 授权微信
-
-![授权微信登录](https://images.gitee.com/uploads/images/2019/0523/104955_d4cea750_784199.png "授权微信登录")
-
-#### 授权淘宝
-
-![授权淘宝登录](https://images.gitee.com/uploads/images/2019/0518/154604_68b38305_784199.png "授权淘宝登录")
-
-
-#### 授权Google
-
-![授权google登录](https://images.gitee.com/uploads/images/2019/0521/190650_85c5f1c7_784199.png "授权google登录")
-
-#### 授权Facebook
-
-![授权facebook登录](https://images.gitee.com/uploads/images/2019/0521/233647_6a89fb45_784199.png "授权facebook登录")
-
-#### 授权抖音
-
-
-#### 授权领英
-
-![授权领英登录](https://images.gitee.com/uploads/images/2019/0527/152207_a6342979_784199.png "授权领英登录")
-
-
-#### 授权微软
-
-#### 授权小米
-
-#### 授权csdn
-
-_请知悉：经咨询CSDN官方客服得知，CSDN的授权开放平台已经下线。如果以前申请过的应用，可以继续使用，但是不再支持申请新的应用。so, 本项目中的CSDN登录只能针对少部分用户使用了_
+- [The OAuth 2.0 Authorization Framework](https://tools.ietf.org/html/rfc6749)
+- [OAuth 2.0](https://oauth.net/2/)

 ## 关注&交流

@@ -221,11 +214,10 @@ _请知悉：经咨询CSDN官方客服得知，CSDN的授权开放平台已经

 - JustAuth交流群 （230017570）：专业交流该项目

- 开源总群 （190886500）：各个开源项目的都有，也有博客建设等方面的朋友。（注意，该群需付费进入，防止发垃圾广告、垃圾推广等人士）
-
+- 开源总群 （190886500）：各个开源项目的都有，也有博客建设等方面的朋友。

 ## 请喝咖啡

 | 支付宝  | 微信  |
 | :------------: | :------------: |
-| <img src="https://gitee.com/yadong.zhang/static/raw/master/qrcode/zfb_code.png" width="200"/> | <img src="https://gitee.com/yadong.zhang/static/raw/master/qrcode/wx_code.png" width="200" /> |
+| <img src="https://gitee.com/yadong.zhang/static/raw/master/qrcode/zfb_code.png" width="200"/> | <img src="https://gitee.com/yadong.zhang/static/raw/master/qrcode/wx_code.png" width="200" /> |
@@ -0,0 +1,77 @@
+## ~~升级到1.8.0后如何启用state？~~
+
+~~在原api使用方法的基础上，为config追加一个state即可。~~
+```
+AuthRequest authRequest = new AuthGiteeRequest(AuthConfig.builder()
+        .clientId("clientId")
+        .clientSecret("clientSecret")
+        .redirectUri("redirectUri")
+        .state("state") // 就是这儿
+        .build());
+```
+
+## ~~升级到1.8.0后login方法报错？~~
+
+~~这是因为1.8.0版本中新增了[AuthCallback](https://gitee.com/yadong.zhang/JustAuth/blob/master/src/main/java/me/zhyd/oauth/model/AuthCallback.java)类，这个类封装了所有可能的回调参数。目前包含以下三个参数：~~
+- ~~`code`: 访问AuthorizeUrl后回调时带的参数code，用来换取token~~
+- ~~`auth_code`: 支付宝授权登陆时不会返回code而是返回`auth_code`参数~~
+- ~~`state`: 访问AuthorizeUrl后回调时带的参数state，用于和请求AuthorizeUrl前的state比较，防止CSRF攻击~~
+
+~~1.8.0版本之后的api，可以直接用AuthCallback类作为回调方法的入参，比如：~~
+```
+@RequestMapping("/callback/{source}")
+public Object login(@PathVariable("source") String source, AuthCallback callback) {
+	System.out.println("进入callback：" + source + " callback params：" + JSONObject.toJSONString(callback));
+	AuthRequest authRequest = getAuthRequest(source);
+	AuthResponse response = authRequest.login(callback);
+	System.out.println(JSONObject.toJSONString(response));
+	return response;
+}
+```
+ ~~_代码截取自_ ：https://gitee.com/yadong.zhang/JustAuth-demo~~
+
+## ~~升级到1.8.0后对于state参数有什么特殊要求吗？~~
+
+~~理论上没有，stata只是用来保持会话状态，因为http协议的无状态性，从授权到回调，无法感知具体是哪个用户触发的。所以可以使用state作为校验。注：state参数每次完整的授权链中只可用一次！（也是为了防止不必要的危险）~~
+
+~~作者建议state命名格式如下：~~
+- ~~授权登录：`{source}_{ip}_{random}`~~
+- ~~账号绑定：`{source}_{userId}_{ip}_{random}`~~
+
+~~其中`source`表示授权平台，可以直接去JustAuth中的source，`ip`为当前用户的ip（部分情况可能不适用），`random`为随机字符串，`userId`为当前登录用户的id。~~
+
+~~注：`authorize`和`login`（不是指回调传回的`state`，而是声明`request`时传入的`state`）中传的`state`务必保证一致~~
+
+## 升级到1.9.3+版本后编译失败
+
+主要明显的就是`IpUtils.getIp`和request的`.state`报错。
+
+这是因为从`v1.9.3`版本开始，对项目进行了一些优化，具体优化内容参考：[v1.9.3](https://gitee.com/yadong.zhang/JustAuth/releases/v1.9.3)和[v1.9.4](https://gitee.com/yadong.zhang/JustAuth/releases/v1.9.4)。
+
+新版本的使用方式，参考[JustAuth-demo](https://gitee.com/yadong.zhang/JustAuth-demo/blob/master/src/main/java/me/zhyd/justauth/RestAuthController.java)
+```
+@RequestMapping("/render/{source}")
+public void renderAuth(@PathVariable("source") String source, HttpServletResponse response) throws IOException {
+	AuthRequest authRequest = getAuthRequest(source);
+	String authorizeUrl = authRequest.authorize(AuthStateUtils.createState());
+	response.sendRedirect(authorizeUrl);
+}
+@RequestMapping("/callback/{source}")
+public Object login(@PathVariable("source") String source, AuthCallback callback) {
+	AuthRequest authRequest = getAuthRequest(source);
+	AuthResponse response = authRequest.login(callback);
+	return response;
+}
+```
+
+## 升级到最新版本后为什么支付宝登录不能用了？
+
+在升级到新版后，使用支付宝登录会提示`ClassNotFoundExcption`异常，这是因为从`1.9.4`版本开始，JustAuth将不在强依赖`alipay-sdk-java`，如果你需要用到Alipay的授权登陆，那么你还需要添加以下依赖：
+
+```
+<dependency>
+	<groupId>com.alipay.sdk</groupId>
+	<artifactId>alipay-sdk-java</artifactId>
+	<version>3.7.4.ALL</version>
+</dependency>
+```
@@ -0,0 +1,169 @@
+<p align="center">
+	<a href="https://docs.justauth.whnb.wang"><img src="./_media/cover.png" width="400"></a>
+</p>
+<p align="center">
+	<strong>Login, so easy!</strong>
+</p>
+<p align="center">
+	<strong>史上最全的整合第三方登录的开源库</strong>
+</p>
+<p align="center">
+	<a target="_blank" href="https://search.maven.org/search?q=JustAuth">
+		<img src="https://img.shields.io/badge/Maven Central-1.12.0-blue.svg" ></img>
+	</a>
+	<a target="_blank" href="https://gitee.com/yadong.zhang/JustAuth/blob/master/LICENSE">
+		<img src="https://img.shields.io/apm/l/vim-mode.svg?color=yellow" ></img>
+	</a>
+	<a target="_blank" href="https://www.oracle.com/technetwork/java/javase/downloads/index.html">
+		<img src="https://img.shields.io/badge/JDK-1.8+-green.svg" ></img>
+	</a>
+	<a target="_blank" href="https://apidoc.gitee.com/yadong.zhang/JustAuth/" title="API文档">
+		<img src="https://img.shields.io/badge/Api Docs-1.12.0-orange.svg" ></img>
+	</a>
+	<a target="_blank" href="https://docs.justauth.whnb.wang" title="参考文档">
+		<img src="https://img.shields.io/badge/Docs-latest-blueviolet.svg" ></img>
+	</a>
+	<a href="https://codecov.io/gh/zhangyd-c/JustAuth">
+		<img src="https://codecov.io/gh/zhangyd-c/JustAuth/branch/master/graph/badge.svg" />
+	</a>
+	<a href='https://gitee.com/yadong.zhang/JustAuth/stargazers'>
+	  <img src='https://gitee.com/yadong.zhang/JustAuth/badge/star.svg?theme=white' alt='star'></img>
+	</a>
+	<a target="_blank" href='https://github.com/zhangyd-c/JustAuth'>
+		<img src="https://img.shields.io/github/stars/zhangyd-c/JustAuth.svg?style=social" alt="github star"></img>
+	</a>
+</p>
+<p align="center">
+	<strong>开源地址：</strong> <a target="_blank" href='https://gitee.com/yadong.zhang/JustAuth'>Gitee</a> | <a target="_blank" href='https://github.com/zhangyd-c/JustAuth'>Github</a>
+</p>
+<p align="center">
+    <strong>QQ群：</strong>230017570
+</p>
+<p align="center"> 
+    <strong>文档更新日期：</strong> {docsify-updated}
+</p>
+
+## 简介
+
+JustAuth，如你所见，它仅仅是一个**第三方授权登录**的**工具类库**，它可以让我们脱离繁琐的第三方登录SDK，让登录变得**So easy!**
+
+## 特点
+
+废话不多说，就俩字：
+
+1. **全**：已集成十多家第三方平台（国内外常用的基本都已包含），后续依然还有扩展计划！
+2. **简**：API就是奔着最简单去设计的，尽量让您用起来没有障碍感！
+
+## 项目关注度趋势
+
+[![Stargazers over time](https://starchart.cc/justauth/JustAuth.svg)](https://starchart.cc/justauth/JustAuth)
+
+## 已集成的平台
+
+|  :computer: 平台  |  :coffee: API类  |  :page_facing_up: SDK  |
+|:------:|:-------:|:-------:|
+|  <img src="https://gitee.com/yadong.zhang/static/raw/master/JustAuth/gitee.png" width="20">  |  [AuthGiteeRequest](https://gitee.com/yadong.zhang/JustAuth/blob/master/src/main/java/me/zhyd/oauth/request/AuthGiteeRequest.java)  | <a href="https://gitee.com/api/v5/oauth_doc#list_1" target="_blank">参考文档</a> |
+|  <img src="https://gitee.com/yadong.zhang/static/raw/master/JustAuth/github.png" width="20">  |  [AuthGithubRequest](https://gitee.com/yadong.zhang/JustAuth/blob/master/src/main/java/me/zhyd/oauth/request/AuthGiteeRequest.java)  |  <a href="https://developer.github.com/apps/building-oauth-apps/authorizing-oauth-apps/" target="_blank">参考文档</a> |
+|  <img src="https://gitee.com/yadong.zhang/static/raw/master/JustAuth/weibo.png" width="20">  |  [AuthWeiboRequest](https://gitee.com/yadong.zhang/JustAuth/blob/master/src/main/java/me/zhyd/oauth/request/AuthGiteeRequest.java)  |  <a href="https://open.weibo.com/wiki/%E6%8E%88%E6%9D%83%E6%9C%BA%E5%88%B6%E8%AF%B4%E6%98%8E" target="_blank">参考文档</a>  |
+|  <img src="https://gitee.com/yadong.zhang/static/raw/master/JustAuth/dingtalk.png" width="20">  |  [AuthDingTalkRequest](https://gitee.com/yadong.zhang/JustAuth/blob/master/src/main/java/me/zhyd/oauth/request/AuthDingTalkRequest.java)  |  <a href="https://open-doc.dingtalk.com/microapp/serverapi2/kymkv6" target="_blank">参考文档</a>  |
+|  <img src="https://gitee.com/yadong.zhang/static/raw/master/JustAuth/baidu.png" width="20">  |  [AuthBaiduRequest](https://gitee.com/yadong.zhang/JustAuth/blob/master/src/main/java/me/zhyd/oauth/request/AuthBaiduRequest.java)  |  <a href="http://developer.baidu.com/wiki/index.php?title=docs/oauth" target="_blank">参考文档</a>  |
+|  <img src="https://gitee.com/yadong.zhang/static/raw/master/JustAuth/coding.png" width="25">  |  [AuthCodingRequest](https://gitee.com/yadong.zhang/JustAuth/blob/master/src/main/java/me/zhyd/oauth/request/AuthCodingRequest.java)  |  <a href="https://open.coding.net/references/oauth/" target="_blank">参考文档</a> |
+|  <img src="https://gitee.com/yadong.zhang/static/raw/master/JustAuth/tencentCloud.png" width="25">  |  [AuthTencentCloudRequest](https://gitee.com/yadong.zhang/JustAuth/blob/master/src/main/java/me/zhyd/oauth/request/AuthTencentCloudRequest.java)  |  <a href="https://dev.tencent.com/help/doc/faq/b4e5b7aee786/oauth" target="_blank">参考文档</a> |
+|  <img src="https://gitee.com/yadong.zhang/static/raw/master/JustAuth/oschina.png" width="20">  |  [AuthOschinaRequest](https://gitee.com/yadong.zhang/JustAuth/blob/master/src/main/java/me/zhyd/oauth/request/AuthOschinaRequest.java)  |  <a href="https://www.oschina.net/openapi/docs/oauth2_authorize" target="_blank">参考文档</a> |
+|  <img src="https://gitee.com/yadong.zhang/static/raw/master/JustAuth/alipay.png" width="20">  |  [AuthAlipayRequest](https://gitee.com/yadong.zhang/JustAuth/blob/master/src/main/java/me/zhyd/oauth/request/AuthAlipayRequest.java)  |  <a href="https://alipay.open.taobao.com/docs/doc.htm?spm=a219a.7629140.0.0.336d4b70GUKXOl&treeId=193&articleId=105809&docType=1" target="_blank">参考文档</a> |
+|  <img src="https://gitee.com/yadong.zhang/static/raw/master/JustAuth/qq.png" width="20">  |  [AuthQqRequest](https://gitee.com/yadong.zhang/JustAuth/blob/master/src/main/java/me/zhyd/oauth/request/AuthQqRequest.java)  |  <a href="https://wiki.connect.qq.com/%E4%BD%BF%E7%94%A8authorization_code%E8%8E%B7%E5%8F%96access_token" target="_blank">参考文档</a>  |
+|  <img src="https://gitee.com/yadong.zhang/static/raw/master/JustAuth/wechat.png" width="20">  |  [AuthWeChatRequest](https://gitee.com/yadong.zhang/JustAuth/blob/master/src/main/java/me/zhyd/oauth/request/AuthWeChatRequest.java)   |  <a href="https://open.weixin.qq.com/cgi-bin/showdocument?action=dir_list&t=resource/res_list&verify=1&id=open1419316505&token=&lang=zh_CN" target="_blank">参考文档</a>  |
+|  <img src="https://gitee.com/yadong.zhang/static/raw/master/JustAuth/taobao.png" width="20">  |  [AuthTaobaoRequest](https://gitee.com/yadong.zhang/JustAuth/blob/master/src/main/java/me/zhyd/oauth/request/AuthTaobaoRequest.java)   |  <a href="https://open.taobao.com/doc.htm?spm=a219a.7386797.0.0.4e00669acnkQy6&source=search&docId=105590&docType=1" target="_blank">参考文档</a>  |
+|  <img src="https://gitee.com/yadong.zhang/static/raw/master/JustAuth/google.png" width="20">  |  [AuthGoogleRequest](https://gitee.com/yadong.zhang/JustAuth/blob/master/src/main/java/me/zhyd/oauth/request/AuthGoogleRequest.java)   |  <a href="https://developers.google.com/identity/protocols/OpenIDConnect" target="_blank">参考文档</a>  |
+|  <img src="https://gitee.com/yadong.zhang/static/raw/master/JustAuth/facebook.png" width="20">  |  [AuthFacebookRequest](https://gitee.com/yadong.zhang/JustAuth/blob/master/src/main/java/me/zhyd/oauth/request/AuthFacebookRequest.java)   |  <a href="https://developers.facebook.com/docs/facebook-login/manually-build-a-login-flow" target="_blank">参考文档</a>  |
+|  <img src="https://gitee.com/yadong.zhang/static/raw/master/JustAuth/douyin.png" width="20">  |  [AuthDouyinRequest](https://gitee.com/yadong.zhang/JustAuth/blob/master/src/main/java/me/zhyd/oauth/request/AuthDouyinRequest.java)   |  <a href="https://www.douyin.com/platform/doc/m-2-1-1" target="_blank">参考文档</a>  |
+|  <img src="https://gitee.com/yadong.zhang/static/raw/master/JustAuth/linkedin.png" width="20">  |  [AuthLinkedinRequest](https://gitee.com/yadong.zhang/JustAuth/blob/master/src/main/java/me/zhyd/oauth/request/AuthLinkedinRequest.java)   |  <a href="https://docs.microsoft.com/zh-cn/linkedin/shared/authentication/authorization-code-flow?context=linkedin/context" target="_blank">参考文档</a>  |
+|  <img src="https://gitee.com/yadong.zhang/static/raw/master/JustAuth/microsoft.png" width="20">  | [AuthMicrosoftRequest](https://gitee.com/yadong.zhang/JustAuth/blob/master/src/main/java/me/zhyd/oauth/request/AuthMicrosoftRequest.java) | <a href="https://docs.microsoft.com/zh-cn/graph/auth/" target="_blank">参考文档</a> |
+|  <img src="https://gitee.com/yadong.zhang/static/raw/master/JustAuth/mi.png" width="20">  | [AuthMiRequest](https://gitee.com/yadong.zhang/JustAuth/blob/master/src/main/java/me/zhyd/oauth/request/AuthMiRequest.java) | <a href="https://dev.mi.com/console/doc/detail?pId=711" target="_blank">参考文档</a> |
+|  <img src="https://gitee.com/yadong.zhang/static/raw/master/JustAuth/toutiao.png" width="20">  | [AuthToutiaoRequest](https://gitee.com/yadong.zhang/JustAuth/blob/master/src/main/java/me/zhyd/oauth/request/AuthToutiaoRequest.java) | <a href="https://open.mp.toutiao.com/#/resource?_k=y7mfgk" target="_blank">参考文档</a> |
+|  <img src="https://gitee.com/yadong.zhang/static/raw/master/JustAuth/teambition.png" width="20">  | [AuthTeambitionRequest](https://gitee.com/yadong.zhang/JustAuth/blob/master/src/main/java/me/zhyd/oauth/request/AuthTeambitionRequest.java) | <a href="https://docs.teambition.com/" target="_blank">参考文档</a> |
+|  <img src="https://gitee.com/yadong.zhang/static/raw/master/JustAuth/renren.png" width="20">  | [AuthRenrenRequest](https://gitee.com/yadong.zhang/JustAuth/blob/master/src/main/java/me/zhyd/oauth/request/AuthRenrenRequest.java) | <a href="http://open.renren.com/wiki/OAuth2.0" target="_blank">参考文档</a> |
+|  <img src="https://gitee.com/yadong.zhang/static/raw/master/JustAuth/pinterest.png" width="20">  | [AuthPinterestRequest](https://gitee.com/yadong.zhang/JustAuth/blob/master/src/main/java/me/zhyd/oauth/request/AuthPinterestRequest.java) | <a href="https://developers.pinterest.com/docs/api/overview/?" target="_blank">参考文档</a> |
+|  <img src="https://gitee.com/yadong.zhang/static/raw/master/JustAuth/stackoverflow.png" width="20">  | [AuthStackOverflowRequest](https://gitee.com/yadong.zhang/JustAuth/blob/master/src/main/java/me/zhyd/oauth/request/AuthStackOverflowRequest.java) | <a href="https://api.stackexchange.com/docs/authentication" target="_blank">参考文档</a> |
+|  <img src="https://gitee.com/yadong.zhang/static/raw/master/JustAuth/huawei.png" width="20">  | [AuthHuaweiRequest](https://gitee.com/yadong.zhang/JustAuth/blob/master/src/main/java/me/zhyd/oauth/request/AuthHuaweiRequest.java) | <a href="https://developer.huawei.com/consumer/cn/devservice/doc/30101" target="_blank">参考文档</a> |
+|  <img src="https://gitee.com/yadong.zhang/static/raw/master/JustAuth/wechat.png" width="20">  | [AuthWeChatEnterpriseRequest](https://gitee.com/yadong.zhang/JustAuth/blob/master/src/main/java/me/zhyd/oauth/request/AuthWeChatEnterpriseRequest.java) | <a href="https://open.work.weixin.qq.com/api/doc#90000/90135/90664" target="_blank">参考文档</a> |
+|  <img src="https://gitee.com/yadong.zhang/static/raw/master/JustAuth/kujiale.png" width="20">  |  [AuthKujialeRequest](https://gitee.com/yadong.zhang/JustAuth/blob/master/src/main/java/me/zhyd/oauth/request/AuthKujialeRequest.java)  |  <a href="https://open.kujiale.com/open/apps/2/docs?doc_id=95" target="_blank">参考文档</a> |
+|  <img src="https://gitee.com/yadong.zhang/static/raw/master/JustAuth/gitlab.png" width="20">  |  [AuthGitlabRequest](https://gitee.com/yadong.zhang/JustAuth/blob/master/src/main/java/me/zhyd/oauth/request/AuthGitlabRequest.java)  |  <a href="https://docs.gitlab.com/ee/api/oauth2.html" target="_blank">参考文档</a> |
+|  <img src="https://gitee.com/yadong.zhang/static/raw/master/JustAuth/meituan.png" width="20">  |  [AuthMeituanRequest](https://gitee.com/yadong.zhang/JustAuth/blob/master/src/main/java/me/zhyd/oauth/request/AuthMeituanRequest.java)  |  <a href="http://open.waimai.meituan.com/openapi_docs/oauth/" target="_blank">参考文档</a> |
+|  <img src="https://gitee.com/yadong.zhang/static/raw/master/JustAuth/eleme.png" width="20">  |  [AuthElemeRequest](https://gitee.com/yadong.zhang/JustAuth/blob/master/src/main/java/me/zhyd/oauth/request/AuthElemeRequest.java)  |  <a href="https://open.shop.ele.me/openapi/documents/khd001" target="_blank">参考文档</a> |
+|  <img src="https://gitee.com/yadong.zhang/static/raw/master/JustAuth/csdn.png" width="20">  |  [AuthCsdnRequest](https://gitee.com/yadong.zhang/JustAuth/blob/master/src/main/java/me/zhyd/oauth/request/AuthCsdnRequest.java)  |  无 |
+
+
+## 快速开始
+
+- 引入依赖
+```xml
+<dependency>
+    <groupId>me.zhyd.oauth</groupId>
+    <artifactId>JustAuth</artifactId>
+    <version>${latest.version}</version>
+</dependency>
+```
+- 调用api
+```java
+// 创建授权request
+AuthRequest authRequest = new AuthGiteeRequest(AuthConfig.builder()
+        .clientId("clientId")
+        .clientSecret("clientSecret")
+        .redirectUri("redirectUri")
+        .build());
+// 生成授权页面
+authRequest.authorize("state");
+// 授权登录后会返回code（auth_code（仅限支付宝））、state，1.8.0版本后，可以用AuthCallback类作为回调接口的参数
+// 注：JustAuth默认保存state的时效为3分钟，3分钟内未使用则会自动清除过期的state
+authRequest.login(callback);
+```
+
+## 参与&贡献
+
+JustAuth的发展离不开朋友们的支持，时至今日，JustAuth已渐趋完善，但仍有很大的改善空间。欢迎各位朋友为JustAuth贡献一份力量。
+
+### 提供bug或建议
+
+- [Gitee](https://gitee.com/yadong.zhang/JustAuth/issues)
+- [Github](https://github.com/justauth/JustAuth/issues)
+
+如果你正在使用JustAuth，可以在这儿留下你的足迹，获得优先推送、曝光
+
+- [Gitee](https://gitee.com/yadong.zhang/JustAuth/issues/IZ2T7)
+- [Github](https://github.com/justauth/JustAuth/issues/17)
+
+### 贡献代码的步骤
+
+1. fork本项目到自己的repo
+2. 把fork过去的项目也就是你仓库中的项目clone到你本地
+3. 修改代码（`dev`分支）
+4. commit后push到自己的仓库
+5. 发起PR（pull request） 请求，提交到`dev`分支
+6. 等待合并
+
+### 注意事项
+
+1. JustAuth只接受集成**OAuth2.0**的平台
+2. 建议安装“**阿里编码规约**”插件，然后进行开发
+3. 提交PR前请格式化好自己的代码
+4. 注释规范，自定义的方法一定要加上：方法说明、参数说明、返回值说明等
+
+## 功能尝鲜
+
+JustAuth一共有两个主要分支：
+- 线上版分支（master）：稳定版，发布版就是这个分支的代码
+- 开发版分支（dev）：不保证稳定，新功能都会优先推送到该分支，对于想尝鲜的朋友，可以直接下载代码，然后源码编译dev分支
+
+## 开源推荐
+- `spring-boot-demo` 深度学习并实战 spring boot 的项目: [https://github.com/xkcoding/spring-boot-demo](https://github.com/xkcoding/spring-boot-demo)
+- `mica` SpringBoot 微服务高效开发工具集: [https://github.com/lets-mica/mica](https://github.com/lets-mica/mica)
+- `pig` 宇宙最强微服务认证授权脚手架(架构师必备): [https://gitee.com/log4j/pig](https://gitee.com/log4j/pig)
+- `SpringBlade` 完整的线上解决方案（企业开发必备）: https://gitee.com/smallc/SpringBlade
+
+## 捐赠
+
+| 支付宝  | 微信  |
+| :------------: | :------------: |
+| <img src="https://gitee.com/yadong.zhang/static/raw/master/qrcode/zfb_code.png" width="200"/> | <img src="https://gitee.com/yadong.zhang/static/raw/master/qrcode/wx_code.png" width="200" /> |
+
@@ -0,0 +1,16 @@
+
+![](_media/logo.png)
+# JustAuth <small>1.11.0</small>
+
+<strong>史上最全的整合第三方登录的开源库</strong>
+
+<strong>Login, so easy</strong>
+
+<p>已集成国内外十多家平台</p>
+<p>极简的API设计</p>
+
+
+[Gitee](https://gitee.com/yadong.zhang/JustAuth)
+[Github](https://github.com/zhangyd-c/JustAuth)
+[Get Started](#简介)
+
@@ -0,0 +1,14 @@
+- [入门和使用](README.md)
+- [贡献者名单](contributors.md)
+- 快速开始
+  - [名词解释](explain.md)
+  - [OAuth流程](oauth.md)
+  - [如何使用](how-to-use.md)
+- 其他特性
+  - [使用State](using-state.md)
+  - [自定义state缓存](customize-the-state-cache.md)
+- [配套项目](supporting.md)
+- [Q&A](Q&A.md)
+- [Who is using](users.md)
+- [致谢](thx.md)
+- [更新记录](update.md)
@@ -0,0 +1,31 @@
+# 项目贡献者名单
+
+> 排序不分先后
+
+- <img src="https://avatar.gitee.com/uploads/99/784199_yadong.zhang.png!avatar100?1462325358" width="20"> · yadong.zhang :  <a href="https://github.com/zhangyd-c" target="_blank">[Github]</a> | <a href="https://gitee.com/yadong.zhang" target="_blank">[Gitee]</a> | <a href="https://www.zhyd.me" target="_blank">[个人网站]</a>
+- <img src="https://avatars0.githubusercontent.com/u/10429917?s=460&v=4" width="20"> · yangkai.shen :  <a href="https://github.com/xkcoding" target="_blank">[Github]</a> | <a href="https://xkcoding.com" target="_blank">[个人网站]</a>    
+  - 集成微信登录、QQ登录、Google登录、微软登录、小米登录、企业微信登录
+  - 优化代码、架构，增加自定义缓存
+  - 提供jFinal版demo
+  - 提供ActFramework版demo
+  - 提供SpringBoot快速集成的justauth-spring-boot-starter
+- <img src="https://avatars2.githubusercontent.com/u/2988765?s=115&v=4" width="20"> · pengisgood :  <a href="https://github.com/pengisgood" target="_blank">[Github]</a> | <a href="https://pengisgood.github.io" target="_blank">[个人网站]</a>
+  - 集成人人登录、Pinterest登录、StackOverflow登录
+- <img src="https://avatar.gitee.com/uploads/51/1651_dolphinboy.png!avatar100?1479346570" width="20"> · skqing :  <a href="https://gitee.com/skqing" target="_blank">[Gitee]</a> | <a href="https://my.oschina.net/dolphinboy" target="_blank">[个人网站]</a>    
+  - 修复钉钉登录的部分问题
+  - 优化微博登录
+- <img src="https://avatars1.githubusercontent.com/u/47110161?s=88&v=4" width="20"> · dyc12ii :  <a href="https://github.com/dyc12ii" target="_blank">[Gitee]</a>
+  - 升级fastjson版本至1.2.58
+- <img src="https://gitee.com/uploads/22/4981222_harryleexyz.png?1556524275" width="20"> · harrylee :  <a href="https://gitee.com/harryleexyz" target="_blank">[Gitee]</a>
+  - 升级fastjson依赖到1.2.60
+- <img src="https://avatars3.githubusercontent.com/u/32814990?s=460&v=4" width="20"> · Veigar :  <a href="https://github.com/wuweiqi1993" target="_blank">[Github]</a>
+  -  集成酷家乐登录
+- <img src="https://avatar.gitee.com/uploads/24/1280924_TopCoderMyDream.png!avatar200?1523763232" width="20"> · 蛋蛋 :  <a href="https://gitee.com/TopCoderMyDream" target="_blank">[Gitee]</a> | <a href="https://github.com/EggsBlue" target="_blank">[Github]</a>
+  -  提供NutzBoot版的demo项目
+- <img src="https://avatars0.githubusercontent.com/u/35978114?s=180&v=4" width="20"> · Braavos96 :  <a href="https://github.com/Braavos96" target="_blank">[Github]</a>
+  -  添加测试用例：UrlBuilder 、GlobalAuthUtil 
+- <img src="https://avatars0.githubusercontent.com/u/283483?s=180&v=4" width="20"> · Chris Smowton :  <a href="https://github.com/smowton" target="_blank">[Github]</a>
+  -  添加测试用例：StringUtils
+- 千年等一回，我只为等你...
+
+ps: 如有遗漏，请告知
@@ -0,0 +1,3 @@
+# 自定义state缓存
+
+待补充
@@ -0,0 +1,29 @@
+本文将就JustAuth中涉及到的一些配置、关键词做一下简单说明，方便使用者理解、使用。
+
+## 本文相关名词
+
+- `开发者` 指使用`JustAuth`的开发者
+- `第三方` 指开发者对接的第三方网站，比如：QQ平台、微信平台、微博平台
+- `用户` 指最终服务的真实用户
+
+## JustAuth中的关键词
+
+以下内容了解后，将会使你更容易地上手JustAuth。
+
+- `clientId` 客户端身份标识符（应用id），一般在申请完Oauth应用后，由**第三方平台颁发**，唯一
+- `clientSecret` 客户端密钥，一般在申请完Oauth应用后，由**第三方平台颁发**
+- `redirectUri` **开发者项目中的有效api地址**。用户在确认第三方平台授权（登录）后，第三方平台会重定向到该地址，并携带code等参数
+- `state` 用来保持授权会话流程完整性，防止CSRF攻击的安全的随机的参数，由**开发者生成**
+- `alipayPublicKey`  支付宝公钥。当选择支付宝登录时，必传该值，由**开发者生成**
+- `unionId`  是否需要申请unionid，目前只针对**qq登录**。注：qq授权登录时，获取unionid需要单独发送邮件申请权限。如果个人开发者账号中申请了该权限，可以将该值置为true，在获取openId时就会同步获取unionId。参考链接：[UnionID介绍](http://wiki.connect.qq.com/unionid%E4%BB%8B%E7%BB%8D)
+- `stackOverflowKey` Stack Overflow 登陆时需单独提供的key，由**第三方平台颁发**
+- `agentId`  企业微信登陆时需单独提供该值，由**第三方平台颁发**，为授权方的网页应用ID
+- `source` JustAuth支持的第三方平台，比如：GITHUB、GITEE等
+
+## 参考资料
+
+关于OAuth2相关的内容、原理可以自行参阅以下资料：
+
+- [The OAuth 2.0 Authorization Framework](https://tools.ietf.org/html/rfc6749)
+- [OAuth 2.0](https://oauth.net/2/)
+
@@ -0,0 +1,148 @@
+# 如何使用
+
+在前面有介绍到，JustAuth的特点之一就是**简**，极简主义，不给使用者造成不必要的障碍。
+
+既然牛皮吹下了， 那么如何才能用JustAuth实现第三方登录呢？
+
+## 使用步骤
+
+使用JustAuth总共分三步（**这三步也适合于JustAuth支持的任何一个平台**）：
+
+1. 申请注册第三方平台的开发者账号
+2. 创建第三方平台的应用，获取配置信息(`accessKey`, `secretKey`, `redirectUri`)
+3. 使用该工具实现授权登陆
+
+## 使用方式
+
+- 引入依赖
+```xml
+<dependency>
+    <groupId>me.zhyd.oauth</groupId>
+    <artifactId>JustAuth</artifactId>
+    <version>${latest.version}</version>
+</dependency>
+```
+- 调用api
+```java
+// 创建授权request
+AuthRequest authRequest = new AuthGiteeRequest(AuthConfig.builder()
+        .clientId("clientId")
+        .clientSecret("clientSecret")
+        .redirectUri("redirectUri")
+        .build());
+// 生成授权页面
+authRequest.authorize("state");
+// 授权登录后会返回code（auth_code（仅限支付宝））、state，1.8.0版本后，可以用AuthCallback类作为回调接口的参数
+// 注：JustAuth默认保存state的时效为3分钟，3分钟内未使用则会自动清除过期的state
+authRequest.login(callback);
+```
+
+## API分解
+
+**JustAuth**的核心就是一个个的`request`，每个平台都对应一个具体的`request`类，所以在使用之前，需要就具体的授权平台创建响应的`request`
+
+```java
+// 创建授权request
+AuthRequest authRequest = new AuthGiteeRequest(AuthConfig.builder()
+        .clientId("clientId")
+        .clientSecret("clientSecret")
+        .redirectUri("redirectUri")
+        .build());
+```
+
+所有可用的`Request`列表请参考：[已集成的平台](https://docs.justauth.whnb.wang/#/README?id=已集成的平台)
+
+### 获取授权链接
+
+```java
+String authorizeUrl = authRequest.authorize("state");
+```
+获取到`authorizeUrl`后，可以手动实现redirect到`authorizeUrl`上
+
+**伪代码**
+
+```java
+/**
+ * 
+ * @param source 第三方授权平台，以本例为参考，该值为gitee（因为上面声明的AuthGiteeRequest）
+ */
+@RequestMapping("/render/{source}")
+public void renderAuth(@PathVariable("source") String source, HttpServletResponse response) throws IOException {
+    AuthRequest authRequest = getAuthRequest(source);
+    String authorizeUrl = authRequest.authorize(AuthStateUtils.createState());
+    response.sendRedirect(authorizeUrl);
+}
+```
+
+注：`state`建议必传！`state`在`OAuth`的流程中的主要作用就是保证请求完整性，防止**CSRF**风险，此处传的`state`将在回调时传回
+
+### 登录(获取用户信息)
+
+```java
+AuthResponse response = authRequest.login(callback);
+```
+
+授权登录后会返回code（auth_code（仅限支付宝）、authorization_code（仅限华为））、state，1.8.0版本后，用`AuthCallback`类作为回调接口的入参
+
+**伪代码**
+
+```java
+/**
+ * 
+ * @param source 第三方授权平台，以本例为参考，该值为gitee（因为上面声明的AuthGiteeRequest）
+ */
+@RequestMapping("/callback/{source}")
+public Object login(@PathVariable("source") String source, AuthCallback callback) {
+    AuthRequest authRequest = getAuthRequest(source);
+    AuthResponse response = authRequest.login(callback);
+    return response;
+}
+```
+
+**注：第三方平台中配置的授权回调地址，以本文为例，在创建授权应用时的回调地址应为：`[host]/callback/gitee`**
+
+### 刷新token
+
+注：`refresh`功能，并不是每个平台都支持
+
+```java
+AuthResponse response = authRequest.refresh(AuthToken.builder().refreshToken(token).build());
+```
+
+**伪代码**
+
+```java
+/**
+ * 
+ * @param source 第三方授权平台，以本例为参考，该值为gitee（因为上面声明的AuthGiteeRequest）
+ * @param token  login成功后返回的refreshToken
+ */
+@RequestMapping("/refresh/{source}")
+public Object refreshAuth(@PathVariable("source") String source, String token){
+    AuthRequest authRequest = getAuthRequest(source);
+    return authRequest.refresh(AuthToken.builder().refreshToken(token).build());
+}
+```
+
+### 取消授权
+
+注：`revoke`功能，并不是每个平台都支持
+
+```java
+AuthResponse response = authRequest.revoke(AuthToken.builder().accessToken(token).build());
+```
+
+**伪代码**
+
+```java
+/**
+ * 
+ * @param source 第三方授权平台，以本例为参考，该值为gitee（因为上面声明的AuthGiteeRequest）
+ * @param token  login成功后返回的accessToken
+ */
+@RequestMapping("/revoke/{source}/{token}")
+public Object revokeAuth(@PathVariable("source") String source, @PathVariable("token") String token) throws IOException {
+    AuthRequest authRequest = getAuthRequest(source);
+    return authRequest.revoke(AuthToken.builder().accessToken(token).build());
+}
+```
@@ -0,0 +1,78 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+  <meta charset="UTF-8">
+  <title>JustAuth - 史上最全的整合第三方登录的开源库</title>
+  <meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1" />
+  <meta name="viewport" content="width=device-width, user-scalable=no, initial-scale=1.0, maximum-scale=1.0, minimum-scale=1.0">
+
+  <meta name="description" content="JustAuth，史上最全的整合第三方登录的开源库" />
+  <meta name="keywords" content="JustAuth,第三方授权登录,OAuth" />
+
+  <meta itemprop="name" content="JustAuth,史上最全的整合第三方登录的开源库" />
+  <meta itemprop="description" content="JustAuth，如你所见，它仅仅是一个第三方授权登录的工具类库，它可以让我们脱离繁琐的第三方登录SDK，让登录变得So easy!" />
+  <meta itemprop="image" content="./_media/cover.png" />
+
+  <link rel="shortcut icon" href="favicon.ico">
+  <link rel="stylesheet" href="//unpkg.com/docsify/lib/themes/vue.css">
+  <!-- 百度统计 -->
+  <script>
+    var _hmt = _hmt || [];
+    (function() {
+      var hm = document.createElement("script");
+      hm.src = "https://hm.baidu.com/hm.js?4c7a1a462477545b480a3dd1ed95f0a9";
+      var s = document.getElementsByTagName("script")[0];
+      s.parentNode.insertBefore(hm, s);
+    })();
+  </script>
+</head>
+<body>
+  <div id="app">Please wait...</div>
+  <script>
+    window.$docsify = {
+      name: '<img src="./_media/cover.png" width="200"><br>Login, so easy',
+      search: {
+        maxAge: 86400000,
+        noData: {
+          '/': '找不到结果'
+        },
+        paths: 'auto',
+        placeholder: {
+          '/': '搜索'
+        }
+      },
+      repo: 'https://gitee.com/yadong.zhang/JustAuth',
+      loadSidebar: true,
+      maxLevel: 4,
+      subMaxLevel: 2,
+      auto2top: true,
+      coverpage: true,
+      formatUpdated: '{YYYY}/{MM}/{DD} {HH}:{mm}:{ss}',
+      plugins: [
+        function (hook, vm) {
+          var footer = [
+            '<hr/>',
+            '<footer>',
+            '<span>JustAuth: <a href="https://github.com/justauth/JustAuth">Github</a> | <a href="https://gitee.com/yadong.zhang/JustAuth">Gitee</a> &copy;2019.</span>',
+            '<span>Proudly published with <a href="https://github.com/docsifyjs/docsify" target="_blank">docsify</a>.</span>',
+            '</footer>'
+          ].join('');
+          hook.afterEach(function (html) {
+            return html + footer
+          });
+          hook.beforeEach(function (html) {
+            var url = 'https://gitee.com/yadong.zhang/JustAuth/tree/master/docs/' + vm.route.file;
+            var editHtml = '[📝 编辑该文档](' + url + ')\n';
+
+            return  html
+              + '\n----\n'
+              + 'Last modified {docsify-updated} '
+              + editHtml
+          })
+        }
+      ]
+    }
+  </script>
+  <script src="//unpkg.com/docsify/lib/docsify.min.js"></script>
+</body>
+</html>
@@ -0,0 +1,61 @@
+# 关于OAuth
+
+请先查阅以下资料：
+
+- [The OAuth 2.0 Authorization Framework](https://tools.ietf.org/html/rfc6749)
+- [OAuth 2.0](https://oauth.net/2/)
+
+## OAuth 2的授权流程
+
+### 参与的角色
+
+- `Resource Owner` 资源所有者，即代表授权客户端访问本身资源信息的用户（User），也就是应用场景中的“**开发者A**”
+- `Resource Server` 资源服务器，托管受保护的**用户账号信息**，比如Github
+- `Authorization Server` 授权服务器，**验证用户身份**然后为客户端派发资源访问令牌，比如Github
+  - `Resource Server`和`Authorization Server` 可以是同一台服务器，也可以是不同的服务器，视具体的授权平台而有所差异
+- `Client` 客户端，即代表意图访问受限资源的**第三方应用**
+
+### 授权流程
+```html
+     +--------+                               +---------------+
+     |        |--(A)- Authorization Request ->|   Resource    |
+     |        |                               |     Owner     |
+     |        |<-(B)-- Authorization Grant ---|               |
+     |        |                               +---------------+
+     |        |
+     |        |                               +---------------+
+     |        |--(C)-- Authorization Grant -->| Authorization |
+     | Client |                               |     Server    |
+     |        |<-(D)----- Access Token -------|               |
+     |        |                               +---------------+
+     |        |
+     |        |                               +---------------+
+     |        |--(E)----- Access Token ------>|    Resource   |
+     |        |                               |     Server    |
+     |        |<-(F)--- Protected Resource ---|               |
+     +--------+                               +---------------+
+```
+
+上面的流程图取自[The OAuth 2.0 Authorization Framework#1.2](https://tools.ietf.org/html/rfc6749#section-1.2)
+
+- (A)  用户打开**客户端**以后，**客户端**要求**用户**给予授权。
+- (B)  **用户**同意给予**客户端**授权。
+- (C)  **客户端**使用上一步获得的授权，向**认证服务器**申请令牌。
+- (D)  **认证服务器**对**客户端**进行认证以后，确认无误，同意发放令牌
+- (E)  **客户端**使用令牌，向**资源服务器**申请获取资源。
+- (F)  **资源服务器**确认令牌无误，同意向**客户端**开放资源。
+
+### 授权许可 `Authorization Grant`
+
+- Authorization Code
+  - 结合普通服务器端应用使用(**web**端常用的授权方式)
+- Implicit
+  - 结合移动应用或 Web App 使用
+- Resource Owner Password Credentials
+  - 适用于受信任客户端应用，例如同个组织的内部或外部应用
+- Client Credentials
+  - 适用于客户端调用主服务API型应用（比如百度API Store）
+  
+在`JustAuth`中是使用的`Authorization Code`授权方式，下面将主要讲解`Authorization Code`的授权流程
+
+（未完待续）
@@ -0,0 +1,8 @@
+**配套Demo**：
+- [Springboot版](https://gitee.com/yadong.zhang/JustAuth-demo)
+- [jFinal版](https://github.com/xkcoding/jfinal-justauth-demo): Jfinal集成JustAuth的demo by [xkcoding](https://github.com/xkcoding)
+- [ActFramework版](https://github.com/xkcoding/act-justauth-demo): ActFramework 集成 JustAuth 的 demo by [xkcoding](https://github.com/xkcoding)
+- [Nutzboot版](https://github.com/EggsBlue/nutzboot-justauth-demo): NutzBoot集成JustAuth的demo  by [蛋蛋](https://github.com/EggsBlue)
+
+## 插件
+- [justauth-spring-boot-starter](https://github.com/xkcoding/justauth-spring-boot-starter): Spring Boot 集成 JustAuth 的最佳实践 by [xkcoding](https://github.com/xkcoding)
@@ -0,0 +1,15 @@
+# 致谢
+
+在项目立项初期，也对当前开源圈的一些相同类型的项目作过调研，同时本项目也参考过这些项目，再次感谢开源圈内的朋友。
+
+- [YurunOAuthLogin](https://gitee.com/yurunsoft/YurunOAuthLogin): PHP 第三方登录授权 SDK
+- [阿里妈妈MUX倾力打造的矢量图标库-iconfont](https://www.iconfont.cn/search/index): 本文档中的图标大部分取自该平台
+- [mica](https://github.com/lets-mica/mica)：Spring Cloud 微服务开发核心包，支持 `web `和 `webflux`。注：JustAuth项目中的[UuidUtils](https://gitee.com/yadong.zhang/JustAuth/blob/master/src/main/java/me/zhyd/oauth/utils/UuidUtils.java)就是直接使用的mica提供的高性能的uuid创建工具类源码[StringUtil.java](https://github.com/lets-mica/mica/blob/master/mica-core/src/main/java/net/dreamlu/mica/core/utils/StringUtil.java#L335)
+
+
+**感谢 JetBrains 提供的免费开源 License**
+
+<img src="https://github.com/lets-mica/mica/raw/c251e176b81518a6a570bf4eb21f525c4f582a81/docs/img/jetbrains.png" alt="图片引用自lets-mica" style="float:left;">
+
+<div style="clear: both;"></div>
+
@@ -0,0 +1,216 @@
+## v1.12.0
+### 2019/09/06
+
+- 集成“美团”授权登录
+- 集成“饿了么”授权登录
+- 升级Fastjson依赖到1.2.60，预防[“Fastjson ＜ 1.2.60 远程拒绝服务漏洞预警”](https://card.weibo.com/article/m/show/id/2309404413257925394542)
+
+## v1.11.0
+### 2019/09/03
+
+- 集成“Gitlab”授权登录
+
+### 2019/09/02
+
+- 集成“酷家乐”授权登录
+
+## v1.10.1
+### 2019/08/17
+
+- AuthUser添加构造函数，支持反序列化
+
+### 2019/08/08
+
+- 项目迁移到组织[justauth](https://github.com/justauth)
+
+## v1.10.0
+### 2019/08/06
+
+- 合并[PR-34](https://github.com/zhangyd-c/JustAuth/pull/34)，添加StringUtil单元测试，修复bug
+- 合并[PR-35](https://github.com/zhangyd-c/JustAuth/pull/35)，集成企业微信
+
+### 2019/08/05
+
+- 集成华为登录
+- 修改`AuthChecker#checkCode`方法，对于不同平台使用不同参数接受code的情况统一做处理
+
+### 2019/08/03
+
+合并github上[xkcoding](https://github.com/xkcoding) 的[pr#32](https://github.com/zhangyd-c/JustAuth/pull/32)，抽取 cache 接口，方便用户自行集成 cache
+
+### 2019/08/02
+
+- 增加`AuthCache`配置类`AuthCacheConfig.java`，可以自定义缓存有效期以及是否开启定时任务
+- 去掉`slf4j`依赖，封装`Log.java`工具类
+- 规范测试类
+
+## v1.9.5
+### 2019/07/31 
+
+`v1.9.4`版本发布失败，请升级到`1.9.5`版本！
+
+由此给您带来的不便，敬请谅解！
+
+## v1.9.4
+### 2019/07/30 
+
+1. 升级`hutool-http`版本到`v4.6.1`
+2. 去除`AuthCallback`中增加的默认的校验state的方法，挪到`AuthDefaultRequest`中做统一处理
+3. `alipay-sdk-java`依赖改为`provided`，如果需要使用支付宝登录，需要使用方手动引入相关依赖，具体操作方式，见项目WIKI；
+4. 规范注释
+
+## v1.9.3
+### 2019/07/30 
+
+1. 规范注释
+2. 增加State缓存，`AuthCallback`中增加默认的校验state的方法
+3. 增加默认的state生成方法，参考`AuthStateUtils.java`和`UuidUtils.java`
+4. 升级`hutool-http`版本到`v4.6.0`
+5. 修复其他一些问题
+
+### 2019/07/27
+
+1. `IpUtils.getIp`改名为`IpUtils.getLocalIp`
+2. 规范注释
+
+### 2019/07/25
+
+1. `AuthConfig`类中去掉state参数
+2. 删除`AuthState`类
+3. 增加`authorize(String)`方法，并且使用`@Deprecated`标记`authorize()`方法
+
+## v1.9.2
+### 2019/07/22  
+1. 合并github上[xkcoding](https://github.com/xkcoding) 的[pr#26](https://github.com/zhangyd-c/JustAuth/pull/26)，AuthConfig类添加lombok注解，方便 [justauth-spring-boot-starter](https://github.com/xkcoding/justauth-spring-boot-starter) 直接使用 
+
+## v1.9.1
+### 2019/07/22  
+1. 增加`stackoverflow`参数校验
+2. 解决`Pinterest`获取用户失败的问题
+3. 添加注释
+
+## v1.9.0
+### 2019/07/19  
+
+1. 合并github上[@dyc12ii](https://github.com/dyc12ii) 的[pr#25](https://github.com/zhangyd-c/JustAuth/pull/25)，升级fastjson版本至1.2.58,避免安全漏洞
+2. `AuthUserGender`枚举类挪到`enums`包下
+3. 删除`AuthBaiduErrorCode`和`AuthDingTalkErrorCode`枚举类
+4. 优化百度授权流程，增加refresh token的方法
+5. 优化`AuthConfig`、`AuthResponse`类，去掉不必要的lombonk注解，减少编译后的代码量
+6. 使用lombok注解优化枚举类
+7. `AuthQqRequest`增加refresh方法
+8. 修复google登录无法获取用户信息的问题
+9. 优化代码
+
+### 2019/07/18
+
+1. 合并github上[@pengisgood](https://github.com/pengisgood) 的[pr#19](https://github.com/zhangyd-c/JustAuth/pull/19)，集成人人
+2. 合并github上[@pengisgood](https://github.com/pengisgood) 的[pr#20](https://github.com/zhangyd-c/JustAuth/pull/20)，集成Pinterest
+3. 合并github上[@pengisgood](https://github.com/pengisgood) 的[pr#21](https://github.com/zhangyd-c/JustAuth/pull/21)，集成StackOverflow
+4. 合并github上[@xkcoding](https://github.com/xkcoding) 的[pr#23](https://github.com/zhangyd-c/JustAuth/pull/23)，重构代码、新增编辑器规范，规范PR代码风格
+
+### 2019/07/17
+1. 优化代码
+2. 集成Teambition登录
+
+### 2019/07/16
+1. 重构UrlBuilder类
+2. 将CSDN相关的类置为`Deprecated`，后续可能会删除，也可能一直保留。毕竟CSDN的openAPI已经不对外开放了。
+3. `BaseAuthRequest` 改名为 `AuthDefaultRequest`
+4. `ResponseStatus` 改名为 `AuthResponseStatus` 并且移动到 `me.zhyd.oauth.model`
+5. 合并github上[@xkcoding](https://github.com/xkcoding) 的[pr#18](https://github.com/zhangyd-c/JustAuth/pull/18)，修复小米回调错误问题 同时 支持微信获取unionId 
+
+## v1.8.1
+### 2019/07/15 
+1. 新增 `AuthState` 类，内置默认的state生成规则和校验规则
+
+### 2019/07/12
+1. 合并[Braavos96](https://github.com/Braavos96)提交的[PR#16](https://github.com/zhangyd-c/JustAuth/pull/16)
+
+## v1.8.0
+### 2019/06/28 
+1. 修复百度登录获取不到token失效时间的问题
+2. 增加state参数校验，预防CSRF。**强烈建议启用state**！
+
+### 2019/06/27
+1. 修复百度登录获取不到token失效时间的问题
+2. 增加state参数校验，预防CSRF。**强烈建议启用state**！
+3. 修改login方法的参数为AuthCallback，封装回调返回的参数
+4. 支持state参数
+5. 增加code和state参数校验
+
+由于state安全问题，1.8.0以前的版本都有隐藏的CSRF漏洞问题，所以强烈建议正在使用JustAuth的朋友升级到1.8.0版本！
+
+## v1.7.1
+### 2019/06/25  
+qq授权登录时，需要获取`openId`作为`uuid`，在`1.6.1-beta`和`1.7.0`版本中，引入了`unionId`这一属性。获取`unionid`需要单独向qq团队**发送邮件**申请权限，鉴于这一申请权限的步骤比较麻烦（需要填写的内容比较多），所以在`AuthConfig`中增加了一个`unionId`属性，当为**true**时才会获取unionid，当为false时只获取openId。如果你需要该功能， 则在自行申请了相关权限后，将该属性置为true即可。关于unionId的参考链接：[UnionID介绍](http://wiki.connect.qq.com/unionid%E4%BB%8B%E7%BB%8D)
+
+## v1.7.0
+### 2019/06/19  
+1. 合并[xkcoding](https://github.com/xkcoding)提交的[PR](https://github.com/zhangyd-c/JustAuth/pull/14)，重构了部分代码，jar包由原来的`130+kb`优化到现在的`110+kb`
+2. 合并[skqing](https://gitee.com/skqing)提交的[PR](https://gitee.com/yadong.zhang/JustAuth/pulls/3)， 解决抖音登录失败问题 
+
+## v1.6.1-beta
+### 2019/06/18  
+1. 解决Issue [#IY2HW](https://gitee.com/yadong.zhang/JustAuth/issues/IY2HW)
+2. 解决Issue [#IY2OH](https://gitee.com/yadong.zhang/JustAuth/issues/IY2OH)
+3. 解决Issue [#IY2FV](https://gitee.com/yadong.zhang/JustAuth/issues/IY2FV)
+4. 修复部分注释、拼写错误
+5. 解决Issue [#IY1QR](https://gitee.com/yadong.zhang/JustAuth/issues/IY1QR) 增加对Config属性的校验功能，主要校验redirect uri的合法性
+6. 合并[skqing](https://gitee.com/skqing)提交的[PR](https://gitee.com/yadong.zhang/JustAuth/pulls/2)，解决一些BUG
+
+## v1.6.0-beta
+### 2019/06/06  
+1. 增加今日头条的授权登陆
+2. 发布1.6.0-beta版本，今日头条开发者暂时不能认证， 所以无法做测试，等测试通过后，正式发布release版本
+
+## v1.5.0
+### 2019/05/28  
+1. 增加小米账号和微软的授权登陆
+2. 发布1.5.0版本
+
+## v1.4.0
+### 2019/05/26 
+1. 增加抖音和Linkedin的授权登陆
+2. 修改部分图片命名
+3. 优化部分代码
+4. 修复`AuthSource`中腾讯云开发平台的拼写错误：`TENCEN_CLOUD`->`TENCENT_CLOUD`
+5. 修复支付宝登陆时用户名为空的问题
+
+## v1.3.3
+### 2019/05/24  
+1. 修复一些问题
+2. 升级api，在AuthUser中增加`uuid`属性，可以通过`uuid` + `source`唯一确定一个用户，此举解决了用户身份归属的问题。
+3. 发布1.3.3版本的jar包到公开仓库（1.3.2忘记发布了，( ╯□╰ )）
+4. 重要：经咨询官方客服得知，CSDN的授权开放平台已经下线，如果以前申请过的应用，可以继续使用，但是不再支持申请新的应用。so, 本项目中的CSDN登录只能针对少部分用户使用了
+
+## v1.3.1
+### 2019/05/23  
+1. 修复QQ登录的问题
+2. 发布1.3.1版本的jar包到公开仓库
+
+## v1.3.0
+### 2019/05/21  
+1. 新增google授权登录
+2. 新增facebook授权登录
+3. 发布1.3.0版本的jar包到公开仓库
+
+## v1.1.0
+### 2019/05/18  
+1. 发布1.1.0版本的jar包到公开仓库（支持qq和微信登录）
+2. 支持淘宝登录
+3. 修改`AuthUser.java`类中的`accessToken`属性，由原本的~~accessToken (String)~~改为`token (AuthToken)`
+4. 修复一些bug
+5. 发布1.2.0版本的jar包到公开仓库（支持淘宝登录）
+
+### 2019/05/17 
+1. 增加qq和微信的授权登录
+2. 修改getAccessToken方法的返回值
+
+## v1.0.1
+### 2019/03/27  
+集成 支付宝授权登录
+
+## v1.0.0
+### 2019/03/25  
+史上最全的整合第三方登录的工具,目前已支持Github、Gitee、微博、钉钉和百度、Coding、腾讯云开发者平台和OSChina登录。 Login, so easy!
@@ -0,0 +1,11 @@
+# Who is using?
+
+- [spring-boot-demo](https://github.com/xkcoding/spring-boot-demo): spring boot demo 是一个用来学习 spring boot 的项目，总共包含 55 个集成demo，已经完成 46 个。（注：[spring-boot-demo-social](https://github.com/xkcoding/spring-boot-demo/tree/master/spring-boot-demo-social)模块中集成了JustAuth）注：该作者是JustAuth的开发者之一，负责开发QQ登录、微信登录、小米登录、微软登录、谷歌登录。
+- [Guns](https://gitee.com/stylefeng/guns): Guns基于Spring Boot2，致力于做更简洁的后台管理系统。（注：Guns企业版中使用到了JustAuth实现第三方OAuth登录）
+
+- [Shiro-Action](https://github.com/zhaojun1998/Shiro-Action): 基于 Shiro 的权限管理系统，支持 restful url 授权
+- [project-template](https://github.com/HobbyBear/project-template): 作为前后端分离项目的后端模板整个项目基于springboot2.1.3，集jsr303框架做参数校验，spring security 做权限管理，并实现限制同一账号登陆会话数量功能，spring mail 发送邮件，justAuth做的第三方登陆， spring session做session共享，orm框架采用jpa,集成七牛云实现图片上传，redis实现分布式锁
+- [mica](https://github.com/lets-mica/mica/tree/master/mica-social)：mica是Spring Cloud 微服务开发核心包。采用源码形式（保留了作者名）另加改了一些代码。
+...
+
+我在这儿等你 >>> :alien: 
@@ -0,0 +1,53 @@
+# 使用State
+
+## state使用的流程
+
+在JustAuth中`state`参数的使用流程如下：
+
+1. 获取`authorizeUrl`时创建`state`(开发者创建，如果不创建则系统默认生成)
+2. 缓存`state`（JustAuth执行）
+3. 内置的缓存调度器自动清除已过期的`state`（JustAuth执行）
+
+## 创建state（开发者）
+`state`在OAuth授权流程中是一个**非必要但很重要**的参数，就如[名词解释](https://docs.justauth.whnb.wang/#/explain?id=justauth中的关键词)中描述的：`state`是用来保持授权会话流程完整性，防止CSRF攻击的安全的随机的参数，**由开发者生成**。
+
+在JustAuth中提供了一个默认的创建state的方法，使用方式：
+
+```java
+String state = AuthStateUtils.createState()
+```
+
+`createState`的内部实现其实就是生成了一个UUID（采用 jdk 9 的形式，优化性能），该工具是直接copy自[mica](https://github.com/lets-mica/mica/blob/master/mica-core/src/main/java/net/dreamlu/mica/core/utils/StringUtil.java)（`mica`是一个SpringBoot微服务高效开发工具集，开源地址：[https://github.com/lets-mica/mica](https://github.com/lets-mica/mica)），关于mica uuid生成方式的压测结果，可以参考：https://github.com/lets-mica/mica-jmh/wiki/uuid。
+
+除此之外，开发者还可以自己生成特定的`state`参数。
+
+## 缓存state（JustAuth）
+
+在JustAuth中，内置了一个基于map的state缓存器，默认缓存有效期为3分钟（缓存配置见`AuthCacheConfig.java`）。`AuthCacheConfig`中包含两个配置参数：
+
+- `timeout` 缓存过期时间，默认3分钟
+- `schedulePrune` 是否开启定时清理过期state的任务，默认开启。如果不开启，则需要开发者自己对state做处理，防止map存入过多内容
+
+缓存state的操作是在`getRealState`中触发的，不需要开发者自己处理
+```java
+/**
+ * 获取state，如果为空， 则默认取当前日期的时间戳
+ *
+ * @param state 原始的state
+ * @return 返回不为null的state
+ */
+protected String getRealState(String state) {
+    if (StringUtils.isEmpty(state)) {
+        state = UuidUtils.getUUID();
+    }
+    // 缓存state
+    authStateCache.cache(state, state);
+    return state;
+}
+```
+
+注：关于自定义缓存，请参考下节内容。
+
+## 清理state（JustAuth）
+
+JustAuth内置了一个缓存调度器，默认3分钟清理一次过期的`state`，缓存清理时间可以通过`AuthCacheConfig.timeout`进行修改，不建议修改太大。
@@ -0,0 +1,107 @@
+## 各平台授权页面示例
+
+_注：非全部平台，部分平台可能不存在图例_
+
+#### 授权gitee
+
+![Gitee授权登录](https://images.gitee.com/uploads/images/2019/0221/140015_4c09610e_784199.png "Gitee授权登录")
+
+#### 授权github
+
+![Github授权登录](https://images.gitee.com/uploads/images/2019/0221/140032_58f7dfb5_784199.png "Github授权登录")
+
+#### 授权weibo
+
+![微博授权登录](https://images.gitee.com/uploads/images/2019/0222/191210_67d5597c_784199.png "微博授权登录")
+
+#### 授权钉钉
+
+![钉钉授权登录](https://images.gitee.com/uploads/images/2019/0221/140540_8da8d959_784199.jpeg "钉钉授权登录")
+
+#### 授权百度
+
+![百度授权登录](https://images.gitee.com/uploads/images/2019/0221/140607_ebf1dcb6_784199.png "百度授权登录")
+
+#### 授权coding
+
+![Coding授权登录](https://images.gitee.com/uploads/images/2019/0224/192106_fd53b3d7_784199.png "Coding授权登录")
+
+#### 授权腾讯云开发者平台
+
+![腾讯云开发者平台授权登录](https://images.gitee.com/uploads/images/2019/0224/192128_db9e203b_784199.png "腾讯云开发者平台授权登录")
+
+#### 授权oschina
+
+![授权oschina登录](https://images.gitee.com/uploads/images/2019/0322/230652_05b4fd8a_784199.png "授权oschina")
+
+#### 授权支付宝
+
+![授权支付宝登录](https://images.gitee.com/uploads/images/2019/0327/183654_3d4b94eb_784199.png "授权支付宝登录")
+
+#### 授权qq
+
+暂无
+
+#### 授权微信
+
+![授权微信登录](https://images.gitee.com/uploads/images/2019/0523/104955_d4cea750_784199.png "授权微信登录")
+
+#### 授权淘宝
+
+![授权淘宝登录](https://images.gitee.com/uploads/images/2019/0518/154604_68b38305_784199.png "授权淘宝登录")
+
+
+#### 授权Google
+
+![授权google登录](https://images.gitee.com/uploads/images/2019/0521/190650_85c5f1c7_784199.png "授权google登录")
+
+#### 授权Facebook
+
+![授权facebook登录](https://images.gitee.com/uploads/images/2019/0521/233647_6a89fb45_784199.png "授权facebook登录")
+
+#### 授权抖音
+
+暂无
+
+#### 授权领英
+
+![授权领英登录](https://images.gitee.com/uploads/images/2019/0527/152207_a6342979_784199.png "授权领英登录")
+
+
+#### 授权微软
+
+![授权微软](https://images.gitee.com/uploads/images/2019/0718/224146_681aa535_784199.png "授权微软")
+
+#### 授权小米
+
+暂无
+
+#### 授权今日头条
+
+暂无
+
+#### 授权Teambition
+
+![授权Teambition](https://images.gitee.com/uploads/images/2019/0718/224119_3da514ab_784199.png "授权Teambition")
+
+#### 授权Pinterest
+
+![授权Pinterest](https://images.gitee.com/uploads/images/2019/0718/155012_6290f500_784199.jpeg "授权Pinterest")
+
+#### 授权Renren
+
+![授权Renre](https://images.gitee.com/uploads/images/2019/0718/155035_8e26c10a_784199.jpeg "授权Renren")
+
+#### 授权Stack Overflow
+
+![授权Stack Overflow](https://images.gitee.com/uploads/images/2019/0718/192639_cc301ba7_784199.png "授权Stack Overflow")
+
+#### 授权Twitter
+
+暂无
+
+#### 授权csdn
+
+暂无
+
+_请知悉：经咨询CSDN官方客服得知，CSDN的授权开放平台已经下线。如果以前申请过的应用，可以继续使用，但是不再支持申请新的应用。so, 本项目中的CSDN登录只能针对少部分用户使用了_
@@ -2,183 +2,265 @@

 <project xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://maven.apache.org/POM/4.0.0"
         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
-    <modelVersion>4.0.0</modelVersion>
+  <modelVersion>4.0.0</modelVersion>

-    <groupId>me.zhyd.oauth</groupId>
-    <artifactId>JustAuth</artifactId>
-    <version>1.5.1</version>
+  <groupId>me.zhyd.oauth</groupId>
+  <artifactId>JustAuth</artifactId>
+  <version>1.12.0</version>

-    <name>JustAuth</name>
+  <name>JustAuth</name>
+  <url>https://gitee.com/yadong.zhang/JustAuth</url>
+  <description>
+    史上最全的整合第三方登录的开源库。目前已支持Github、Gitee、微博、钉钉、百度、Coding、腾讯云开发者平台、OSChina、支付宝、
+    QQ、微信、淘宝、Google、Facebook、抖音、领英、小米、微软、今日头条、Teambition、StackOverflow、Pinterest、人人、华为、企业微信、酷家乐和Gitlab等第三方平台的授权登录。
+    Login, so easy!
+  </description>
+
+  <licenses>
+    <license>
+      <name>MIT</name>
+      <url>https://gitee.com/yadong.zhang/JustAuth/blob/master/LICENSE</url>
+    </license>
+  </licenses>
+
+  <scm>
+    <connection>scm:git:https://gitee.com/yadong.zhang/JustAuth.git</connection>
+    <developerConnection>scm:git:https://gitee.com/yadong.zhang/JustAuth.git</developerConnection>
    <url>https://gitee.com/yadong.zhang/JustAuth</url>
-    <description>
-        史上最全的整合第三方登录的工具,目前已支持Github、Gitee、微博、钉钉、百度、Coding、腾讯云开发者平台、OSChina、支付宝、QQ、微信、淘宝、Google、Facebook、抖音、领英、小米和微软等第三方平台的授权登录。
-        Login, so easy!
-    </description>
+  </scm>

-    <licenses>
-        <license>
-            <name>MIT</name>
-            <url>https://gitee.com/yadong.zhang/JustAuth/blob/master/LICENSE</url>
-        </license>
-    </licenses>
+  <developers>
+    <developer>
+      <name>Yadong.Zhang</name>
+      <email>yadong.zhang0415@gmail.com</email>
+      <url>https://www.zhyd.me</url>
+    </developer>
+    <developer>
+      <name>Yangkai.Shen</name>
+      <email>shenyangkai1994@gmail.com</email>
+      <url>https://xkcoding.com</url>
+    </developer>
+    <developer>
+      <name>Hongwei.Peng</name>
+      <email>pengisgood@gmail.com</email>
+      <url>https://github.com/pengisgood</url>
+    </developer>
+  </developers>

-    <scm>
-        <connection>scm:git:https://gitee.com/yadong.zhang/JustAuth.git</connection>
-        <developerConnection>scm:git:https://gitee.com/yadong.zhang/JustAuth.git</developerConnection>
-        <url>https://gitee.com/yadong.zhang/JustAuth</url>
-    </scm>
+  <properties>
+    <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
+    <java.version>1.8</java.version>
+    <maven.compiler.source>1.8</maven.compiler.source>
+    <maven.compiler.target>1.8</maven.compiler.target>
+    <maven-source.version>2.2.1</maven-source.version>
+    <maven-compiler.version>3.8.1</maven-compiler.version>
+    <maven-javadoc.version>3.1.0</maven-javadoc.version>
+    <cobertura-version>2.7</cobertura-version>
+    <maven-surefire-version>2.20</maven-surefire-version>
+    <maven-gpg-version>1.6</maven-gpg-version>
+    <maven.test.skip>false</maven.test.skip>
+    <hutool-version>4.6.1</hutool-version>
+    <lombok-version>1.18.4</lombok-version>
+    <junit-version>4.11</junit-version>
+    <fastjson-version>1.2.60</fastjson-version>
+    <alipay-sdk-version>3.7.4.ALL</alipay-sdk-version>
+    <jacoco-version>0.8.2</jacoco-version>
+  </properties>

-    <developers>
-        <developer>
-            <name>yadong.zhang</name>
-            <email>yadong.zhang0415@gmail.com</email>
-            <url>https://www.zhyd.me</url>
-        </developer>
-        <developer>
-            <name>Yangkai.Shen</name>
-            <email>shenyangkai1994@gmail.com</email>
-            <url>https://xkcoding.com</url>
-        </developer>
-    </developers>
+  <dependencies>
+    <dependency>
+      <groupId>org.projectlombok</groupId>
+      <artifactId>lombok</artifactId>
+      <version>${lombok-version}</version>
+      <optional>true</optional>
+    </dependency>
+    <dependency>
+      <groupId>cn.hutool</groupId>
+      <artifactId>hutool-http</artifactId>
+      <version>${hutool-version}</version>
+    </dependency>
+    <dependency>
+      <groupId>junit</groupId>
+      <artifactId>junit</artifactId>
+      <version>${junit-version}</version>
+      <scope>test</scope>
+    </dependency>
+    <dependency>
+      <groupId>com.alibaba</groupId>
+      <artifactId>fastjson</artifactId>
+      <version>${fastjson-version}</version>
+    </dependency>
+    <dependency>
+      <groupId>com.alipay.sdk</groupId>
+      <artifactId>alipay-sdk-java</artifactId>
+      <version>${alipay-sdk-version}</version>
+      <scope>provided</scope>
+    </dependency>
+  </dependencies>

-    <properties>
-        <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
-        <java.version>1.8</java.version>
-        <maven.compiler.source>1.8</maven.compiler.source>
-        <maven.compiler.target>1.8</maven.compiler.target>
-        <maven-source.version>2.2.1</maven-source.version>
-        <maven-compiler.version>3.7.0</maven-compiler.version>
-        <maven.test.skip>true</maven.test.skip>
-        <hutool-version>4.1.21</hutool-version>
-        <lombok-version>1.18.4</lombok-version>
-        <junit-version>4.11</junit-version>
-        <fastjson-version>1.2.44</fastjson-version>
-        <google-api-version>1.28.0</google-api-version>
-        <guava-version>27.1-jre</guava-version>
-        <alipay-sdk-version>3.7.4.ALL</alipay-sdk-version>
-    </properties>
-
-    <dependencies>
-        <dependency>
-            <groupId>org.projectlombok</groupId>
-            <artifactId>lombok</artifactId>
-            <version>${lombok-version}</version>
-        </dependency>
-        <dependency>
-            <groupId>cn.hutool</groupId>
-            <artifactId>hutool-http</artifactId>
-            <version>${hutool-version}</version>
-        </dependency>
-        <dependency>
-            <groupId>junit</groupId>
-            <artifactId>junit</artifactId>
-            <version>${junit-version}</version>
-            <scope>test</scope>
-        </dependency>
-        <dependency>
-            <groupId>com.alibaba</groupId>
-            <artifactId>fastjson</artifactId>
-            <version>${fastjson-version}</version>
-        </dependency>
-        <dependency>
-            <groupId>com.alipay.sdk</groupId>
-            <artifactId>alipay-sdk-java</artifactId>
-            <version>${alipay-sdk-version}</version>
-            <scope>compile</scope>
-        </dependency>
-    </dependencies>
-
-    <build>
-        <finalName>${project.artifactId}-${project.version}</finalName>
+  <build>
+    <finalName>${project.artifactId}-${project.version}</finalName>
+    <plugins>
+      <plugin>
+        <groupId>org.apache.maven.plugins</groupId>
+        <artifactId>maven-compiler-plugin</artifactId>
+        <version>${maven-compiler.version}</version>
+        <configuration>
+          <encoding>${project.build.sourceEncoding}</encoding>
+          <source>${java.version}</source>
+          <target>${java.version}</target>
+        </configuration>
+      </plugin>
+      <plugin>
+        <groupId>org.apache.maven.plugins</groupId>
+        <artifactId>maven-source-plugin</artifactId>
+        <version>${maven-source.version}</version>
+        <inherited>true</inherited>
+        <executions>
+          <execution>
+            <phase>package</phase>
+            <goals>
+              <goal>jar-no-fork</goal>
+            </goals>
+          </execution>
+        </executions>
+      </plugin>
+      <plugin>
+        <groupId>org.apache.maven.plugins</groupId>
+        <artifactId>maven-javadoc-plugin</artifactId>
+        <version>${maven-javadoc.version}</version>
+        <executions>
+          <execution>
+            <phase>package</phase>
+            <goals>
+              <goal>jar</goal>
+            </goals>
+          </execution>
+        </executions>
+      </plugin>
+      <plugin>
+        <groupId>org.apache.maven.plugins</groupId>
+        <artifactId>maven-surefire-plugin</artifactId>
+        <version>${maven-surefire-version}</version>
+        <configuration>
+          <!-- 包含其他测试类 -->
+          <includes>
+            <include>**/*Test.java</include>
+          </includes>
+          <!-- 排除掉AuthRequestTest测试类，该类只做api演示用 -->
+          <excludes>
+            <exclude>**/AuthRequestTest.java</exclude>
+          </excludes>
+        </configuration>
+      </plugin>
+    </plugins>
+  </build>
+  <profiles>
+    <profile>
+      <id>release</id>
+      <build>
        <plugins>
-            <plugin>
-                <groupId>org.apache.maven.plugins</groupId>
-                <artifactId>maven-compiler-plugin</artifactId>
-                <version>${maven-compiler.version}</version>
-                <configuration>
-                    <encoding>${project.build.sourceEncoding}</encoding>
-                    <source>${java.version}</source>
-                    <target>${java.version}</target>
-                </configuration>
-            </plugin>
-            <plugin>
-                <artifactId>maven-source-plugin</artifactId>
-                <version>${maven-source.version}</version>
-                <inherited>true</inherited>
-                <executions>
-                    <execution>
-                        <phase>package</phase>
-                        <goals>
-                            <goal>jar-no-fork</goal>
-                        </goals>
-                    </execution>
-                </executions>
-            </plugin>
-            <plugin>
-                <groupId>org.apache.maven.plugins</groupId>
-                <artifactId>maven-javadoc-plugin</artifactId>
-            </plugin>
-            <plugin>
-                <groupId>org.apache.maven.plugins</groupId>
-                <artifactId>maven-gpg-plugin</artifactId>
-            </plugin>
+          <plugin>
+            <groupId>org.apache.maven.plugins</groupId>
+            <artifactId>maven-source-plugin</artifactId>
+            <version>${maven-source.version}</version>
+            <inherited>true</inherited>
+            <executions>
+              <execution>
+                <phase>package</phase>
+                <goals>
+                  <goal>jar-no-fork</goal>
+                </goals>
+              </execution>
+            </executions>
+          </plugin>
+          <plugin>
+            <groupId>org.codehaus.mojo</groupId>
+            <artifactId>cobertura-maven-plugin</artifactId>
+            <version>${cobertura-version}</version>
+            <configuration>
+              <formats>
+                <format>html</format>
+                <format>xml</format>
+              </formats>
+              <check/>
+            </configuration>
+          </plugin>
+          <plugin>
+            <groupId>org.jacoco</groupId>
+            <artifactId>jacoco-maven-plugin</artifactId>
+            <version>${jacoco-version}</version>
+            <executions>
+              <execution>
+                <goals>
+                  <goal>prepare-agent</goal>
+                </goals>
+              </execution>
+              <execution>
+                <id>report</id>
+                <phase>test</phase>
+                <goals>
+                  <goal>report</goal>
+                </goals>
+              </execution>
+            </executions>
+          </plugin>
+          <plugin>
+            <groupId>org.apache.maven.plugins</groupId>
+            <artifactId>maven-gpg-plugin</artifactId>
+            <version>${maven-gpg-version}</version>
+            <executions>
+              <execution>
+                <phase>verify</phase>
+                <goals>
+                  <goal>sign</goal>
+                </goals>
+              </execution>
+            </executions>
+          </plugin>
        </plugins>
-    </build>
-    <profiles>
-        <profile>
-            <id>release</id>
-            <build>
-                <plugins>
-                    <plugin>
-                        <groupId>org.apache.maven.plugins</groupId>
-                        <artifactId>maven-source-plugin</artifactId>
-                        <version>${maven-source.version}</version>
-                        <inherited>true</inherited>
-                        <executions>
-                            <execution>
-                                <phase>package</phase>
-                                <goals>
-                                    <goal>jar-no-fork</goal>
-                                </goals>
-                            </execution>
-                        </executions>
-                    </plugin>
-                    <plugin>
-                        <groupId>org.apache.maven.plugins</groupId>
-                        <artifactId>maven-javadoc-plugin</artifactId>
-                        <executions>
-                            <execution>
-                                <phase>package</phase>
-                                <goals>
-                                    <goal>jar</goal>
-                                </goals>
-                            </execution>
-                        </executions>
-                    </plugin>
-                    <plugin>
-                        <groupId>org.apache.maven.plugins</groupId>
-                        <artifactId>maven-gpg-plugin</artifactId>
-                        <executions>
-                            <execution>
-                                <phase>verify</phase>
-                                <goals>
-                                    <goal>sign</goal>
-                                </goals>
-                            </execution>
-                        </executions>
-                    </plugin>
-                </plugins>
-            </build>
-            <distributionManagement>
-                <snapshotRepository>
-                    <id>sonatype-nexus-snapshots</id>
-                    <url>https://oss.sonatype.org/content/repositories/snapshots/</url>
-                </snapshotRepository>
-                <repository>
-                    <id>sonatype-nexus-staging</id>
-                    <url>https://oss.sonatype.org/service/local/staging/deploy/maven2/</url>
-                </repository>
-            </distributionManagement>
-        </profile>
-    </profiles>
-</project>
+      </build>
+      <distributionManagement>
+        <snapshotRepository>
+          <id>sonatype-nexus-snapshots</id>
+          <url>https://oss.sonatype.org/content/repositories/snapshots/</url>
+        </snapshotRepository>
+        <repository>
+          <id>sonatype-nexus-staging</id>
+          <url>https://oss.sonatype.org/service/local/staging/deploy/maven2/</url>
+        </repository>
+      </distributionManagement>
+    </profile>
+    <!--私服-->
+    <profile>
+      <id>nexus</id>
+      <build>
+        <plugins>
+          <plugin>
+            <groupId>org.apache.maven.plugins</groupId>
+            <artifactId>maven-gpg-plugin</artifactId>
+            <version>${maven-gpg-version}</version>
+            <executions>
+              <execution>
+                <phase>verify</phase>
+                <goals>
+                  <goal>sign</goal>
+                </goals>
+              </execution>
+            </executions>
+          </plugin>
+        </plugins>
+      </build>
+      <distributionManagement>
+        <repository>
+          <id>xkcoding-nexus</id>
+          <url>https://nexus.xkcoding.com/repository/maven-releases/</url>
+        </repository>
+        <snapshotRepository>
+          <id>xkcoding-nexus</id>
+          <url>https://nexus.xkcoding.com/repository/maven-snapshots/</url>
+        </snapshotRepository>
+      </distributionManagement>
+    </profile>
+  </profiles>
+</project>
@@ -1,19 +0,0 @@
-package me.zhyd.oauth.authorization;
-
-import me.zhyd.oauth.config.AuthConfig;
-import me.zhyd.oauth.utils.UrlBuilder;
-
-/**
- * 支付宝授权
- *
- * @author yadong.zhang (yadong.zhang0415(a)gmail.com)
- * @version 1.0
- * @since 1.8
- */
-public class AlipayAuthorization implements Authorization {
-
-    @Override
-    public String getAuthorizeUrl(AuthConfig config) {
-        return UrlBuilder.getAlipayAuthorizeUrl(config.getClientId(), config.getRedirectUri());
-    }
-}
@@ -1,21 +0,0 @@
-package me.zhyd.oauth.authorization;
-
-import me.zhyd.oauth.config.AuthConfig;
-
-/**
- * 授权接口，用来获取具体第三方平台的授权地址
- *
- * @author yadong.zhang (yadong.zhang0415(a)gmail.com)
- * @version 1.0
- * @since 1.8
- */
-public interface Authorization {
-
-    /**
-     * 获取授权页面地址
-     *
-     * @param config 授权基础配置
-     * @return 授权页面地址
-     */
-    String getAuthorizeUrl(AuthConfig config);
-}
@@ -1,80 +0,0 @@
-package me.zhyd.oauth.authorization;
-
-import me.zhyd.oauth.exception.AuthException;
-import me.zhyd.oauth.model.AuthSource;
-import me.zhyd.oauth.request.ResponseStatus;
-
-import java.util.HashMap;
-import java.util.Map;
-
-/**
- * 授权工厂类，负责创建指定平台的授权类获取授权地址
- * <p>
- * 使用策略模式 + 工厂模式 避免大量的if else（swatch）操作
- *
- * @author yadong.zhang (yadong.zhang0415(a)gmail.com)
- * @version 1.0
- * @since 1.8
- */
-public class AuthorizationFactory {
-
-    private static Map<String, Authorization> authorizationMap = new HashMap<>();
-    private static boolean loader = false;
-
-    private AuthorizationFactory() {
-
-    }
-
-    /**
-     * 根据第三方平台，获取具体的授权工具
-     *
-     * @param source 平台
-     * @return 具体的Authorization
-     */
-    public static Authorization getAuthorize(AuthSource source) {
-        if (null == source) {
-            throw new AuthException(ResponseStatus.NO_AUTH_SOURCE);
-        }
-        registerAllAuthorize();
-
-        Authorization authorization = authorizationMap.get(source.toString());
-        if (null == authorization) {
-            throw new AuthException(ResponseStatus.UNIDENTIFIED_PLATFORM);
-        }
-        return authorization;
-    }
-
-    /**
-     * 将所有Authorize的实现类注册到authorizeMap中，
-     * 每次增加新的平台都需要在这儿添加注册代码
-     */
-    private static void registerAllAuthorize() {
-        if (loader) {
-            return;
-        }
-        AuthorizationFactory.register(AuthSource.ALIPAY, new AlipayAuthorization());
-        AuthorizationFactory.register(AuthSource.BAIDU, new BaiduAuthorization());
-        AuthorizationFactory.register(AuthSource.CODING, new CodingAuthorization());
-        AuthorizationFactory.register(AuthSource.CSDN, new CsdnAuthorization());
-        AuthorizationFactory.register(AuthSource.DINGTALK, new DingTalkAuthorization());
-        AuthorizationFactory.register(AuthSource.GITEE, new GiteeAuthorization());
-        AuthorizationFactory.register(AuthSource.GITHUB, new GithubAuthorization());
-        AuthorizationFactory.register(AuthSource.GOOGLE, new GoogleAuthorization());
-        AuthorizationFactory.register(AuthSource.OSCHINA, new OschinaAuthorization());
-        AuthorizationFactory.register(AuthSource.QQ, new QqAuthorization());
-        AuthorizationFactory.register(AuthSource.TAOBAO, new TaobaoAuthorization());
-        AuthorizationFactory.register(AuthSource.TENCENT_CLOUD, new TencentCloudAuthorization());
-        AuthorizationFactory.register(AuthSource.WECHAT, new WeChatAuthorization());
-        AuthorizationFactory.register(AuthSource.WEIBO, new WeiboAuthorization());
-        AuthorizationFactory.register(AuthSource.FACEBOOK, new FacebookAuthorization());
-        AuthorizationFactory.register(AuthSource.DOUYIN, new DouyinAuthorization());
-        AuthorizationFactory.register(AuthSource.LINKEDIN, new LinkedinAuthorization());
-        AuthorizationFactory.register(AuthSource.MICROSOFT, new MicrosoftAuthorization());
-        AuthorizationFactory.register(AuthSource.MI, new MiAuthorization());
-        loader = true;
-    }
-
-    private static void register(AuthSource authSource, Authorization authorization) {
-        authorizationMap.put(authSource.toString(), authorization);
-    }
-}
@@ -1,19 +0,0 @@
-package me.zhyd.oauth.authorization;
-
-import me.zhyd.oauth.config.AuthConfig;
-import me.zhyd.oauth.utils.UrlBuilder;
-
-/**
- * 百度授权
- *
- * @author yadong.zhang (yadong.zhang0415(a)gmail.com)
- * @version 1.0
- * @since 1.8
- */
-public class BaiduAuthorization implements Authorization {
-
-    @Override
-    public String getAuthorizeUrl(AuthConfig config) {
-        return UrlBuilder.getBaiduAuthorizeUrl(config.getClientId(), config.getRedirectUri());
-    }
-}
@@ -1,19 +0,0 @@
-package me.zhyd.oauth.authorization;
-
-import me.zhyd.oauth.config.AuthConfig;
-import me.zhyd.oauth.utils.UrlBuilder;
-
-/**
- * Coding授权
- *
- * @author yadong.zhang (yadong.zhang0415(a)gmail.com)
- * @version 1.0
- * @since 1.8
- */
-public class CodingAuthorization implements Authorization {
-
-    @Override
-    public String getAuthorizeUrl(AuthConfig config) {
-        return UrlBuilder.getCodingAuthorizeUrl(config.getClientId(), config.getRedirectUri());
-    }
-}
@@ -1,19 +0,0 @@
-package me.zhyd.oauth.authorization;
-
-import me.zhyd.oauth.config.AuthConfig;
-import me.zhyd.oauth.utils.UrlBuilder;
-
-/**
- * CSDN授权
- *
- * @author yadong.zhang (yadong.zhang0415(a)gmail.com)
- * @version 1.0
- * @since 1.8
- */
-public class CsdnAuthorization implements Authorization {
-
-    @Override
-    public String getAuthorizeUrl(AuthConfig config) {
-        return UrlBuilder.getCsdnAuthorizeUrl(config.getClientId(), config.getRedirectUri());
-    }
-}
@@ -1,19 +0,0 @@
-package me.zhyd.oauth.authorization;
-
-import me.zhyd.oauth.config.AuthConfig;
-import me.zhyd.oauth.utils.UrlBuilder;
-
-/**
- * 钉钉授权
- *
- * @author yadong.zhang (yadong.zhang0415(a)gmail.com)
- * @version 1.0
- * @since 1.8
- */
-public class DingTalkAuthorization implements Authorization {
-
-    @Override
-    public String getAuthorizeUrl(AuthConfig config) {
-        return UrlBuilder.getDingTalkQrConnectUrl(config.getClientId(), config.getRedirectUri());
-    }
-}
@@ -1,19 +0,0 @@
-package me.zhyd.oauth.authorization;
-
-import me.zhyd.oauth.config.AuthConfig;
-import me.zhyd.oauth.utils.UrlBuilder;
-
-/**
- * 抖音授权
- *
- * @author yadong.zhang (yadong.zhang0415(a)gmail.com)
- * @version 1.0
- * @since 1.8
- */
-public class DouyinAuthorization implements Authorization {
-
-    @Override
-    public String getAuthorizeUrl(AuthConfig config) {
-        return UrlBuilder.getDouyinAuthorizeUrl(config.getClientId(), config.getRedirectUri());
-    }
-}
@@ -1,19 +0,0 @@
-package me.zhyd.oauth.authorization;
-
-import me.zhyd.oauth.config.AuthConfig;
-import me.zhyd.oauth.utils.UrlBuilder;
-
-/**
- * Facebook授权
- *
- * @author yadong.zhang (yadong.zhang0415(a)gmail.com)
- * @version 1.3
- * @since 1.3
- */
-public class FacebookAuthorization implements Authorization {
-
-    @Override
-    public String getAuthorizeUrl(AuthConfig config) {
-        return UrlBuilder.getFacebookAuthorizeUrl(config.getClientId(), config.getRedirectUri());
-    }
-}
@@ -1,19 +0,0 @@
-package me.zhyd.oauth.authorization;
-
-import me.zhyd.oauth.config.AuthConfig;
-import me.zhyd.oauth.utils.UrlBuilder;
-
-/**
- * 码云授权
- *
- * @author yadong.zhang (yadong.zhang0415(a)gmail.com)
- * @version 1.0
- * @since 1.8
- */
-public class GiteeAuthorization implements Authorization {
-
-    @Override
-    public String getAuthorizeUrl(AuthConfig config) {
-        return UrlBuilder.getGiteeAuthorizeUrl(config.getClientId(), config.getRedirectUri());
-    }
-}
@@ -1,19 +0,0 @@
-package me.zhyd.oauth.authorization;
-
-import me.zhyd.oauth.config.AuthConfig;
-import me.zhyd.oauth.utils.UrlBuilder;
-
-/**
- * Github授权
- *
- * @author yadong.zhang (yadong.zhang0415(a)gmail.com)
- * @version 1.0
- * @since 1.8
- */
-public class GithubAuthorization implements Authorization {
-
-    @Override
-    public String getAuthorizeUrl(AuthConfig config) {
-        return UrlBuilder.getGithubAuthorizeUrl(config.getClientId(), config.getRedirectUri());
-    }
-}
@@ -1,19 +0,0 @@
-package me.zhyd.oauth.authorization;
-
-import me.zhyd.oauth.config.AuthConfig;
-import me.zhyd.oauth.utils.UrlBuilder;
-
-/**
- * Google授权
- *
- * @author yangkai.shen (https://xkcoding.com)
- * @version 1.3
- * @since 1.3
- */
-public class GoogleAuthorization implements Authorization {
-
-    @Override
-    public String getAuthorizeUrl(AuthConfig config) {
-        return UrlBuilder.getGoogleAuthorizeUrl(config.getClientId(), config.getRedirectUri());
-    }
-}
@@ -1,19 +0,0 @@
-package me.zhyd.oauth.authorization;
-
-import me.zhyd.oauth.config.AuthConfig;
-import me.zhyd.oauth.utils.UrlBuilder;
-
-/**
- * 领英授权
- *
- * @author yadong.zhang (yadong.zhang0415(a)gmail.com)
- * @version 1.0
- * @since 1.8
- */
-public class LinkedinAuthorization implements Authorization {
-
-    @Override
-    public String getAuthorizeUrl(AuthConfig config) {
-        return UrlBuilder.getLinkedinAuthorizeUrl(config.getClientId(), config.getRedirectUri());
-    }
-}
@@ -1,19 +0,0 @@
-package me.zhyd.oauth.authorization;
-
-import me.zhyd.oauth.config.AuthConfig;
-import me.zhyd.oauth.utils.UrlBuilder;
-
-/**
- * 小米授权
- *
- * @author yangkai.shen (https://xkcoding.com)
- * @version 1.5
- * @since 1.5
- */
-public class MiAuthorization implements Authorization {
-
-    @Override
-    public String getAuthorizeUrl(AuthConfig config) {
-        return UrlBuilder.getMiAuthorizeUrl(config.getClientId(), config.getRedirectUri());
-    }
-}
@@ -1,19 +0,0 @@
-package me.zhyd.oauth.authorization;
-
-import me.zhyd.oauth.config.AuthConfig;
-import me.zhyd.oauth.utils.UrlBuilder;
-
-/**
- * 微软授权
- *
- * @author yangkai.shen (https://xkcoding.com)
- * @version 1.5
- * @since 1.5
- */
-public class MicrosoftAuthorization implements Authorization {
-
-    @Override
-    public String getAuthorizeUrl(AuthConfig config) {
-        return UrlBuilder.getMicrosoftAuthorizeUrl(config.getClientId(), config.getRedirectUri());
-    }
-}
@@ -1,19 +0,0 @@
-package me.zhyd.oauth.authorization;
-
-import me.zhyd.oauth.config.AuthConfig;
-import me.zhyd.oauth.utils.UrlBuilder;
-
-/**
- * 开源中国授权
- *
- * @author yadong.zhang (yadong.zhang0415(a)gmail.com)
- * @version 1.0
- * @since 1.8
- */
-public class OschinaAuthorization implements Authorization {
-
-    @Override
-    public String getAuthorizeUrl(AuthConfig config) {
-        return UrlBuilder.getOschinaAuthorizeUrl(config.getClientId(), config.getRedirectUri());
-    }
-}
@@ -1,19 +0,0 @@
-package me.zhyd.oauth.authorization;
-
-import me.zhyd.oauth.config.AuthConfig;
-import me.zhyd.oauth.utils.UrlBuilder;
-
-/**
- * QQ授权
- *
- * @author yadong.zhang (yadong.zhang0415(a)gmail.com)
- * @version 1.0
- * @since 1.8
- */
-public class QqAuthorization implements Authorization {
-
-    @Override
-    public String getAuthorizeUrl(AuthConfig config) {
-        return UrlBuilder.getQqAuthorizeUrl(config.getClientId(), config.getRedirectUri());
-    }
-}
@@ -1,19 +0,0 @@
-package me.zhyd.oauth.authorization;
-
-import me.zhyd.oauth.config.AuthConfig;
-import me.zhyd.oauth.utils.UrlBuilder;
-
-/**
- * 淘宝授权
- *
- * @author yadong.zhang (yadong.zhang0415(a)gmail.com)
- * @version 1.0
- * @since 1.8
- */
-public class TaobaoAuthorization implements Authorization {
-
-    @Override
-    public String getAuthorizeUrl(AuthConfig config) {
-        return UrlBuilder.getTaobaoAuthorizeUrl(config.getClientId(), config.getRedirectUri());
-    }
-}
@@ -1,19 +0,0 @@
-package me.zhyd.oauth.authorization;
-
-import me.zhyd.oauth.config.AuthConfig;
-import me.zhyd.oauth.utils.UrlBuilder;
-
-/**
- * 腾讯云授权
- *
- * @author yadong.zhang (yadong.zhang0415(a)gmail.com)
- * @version 1.0
- * @since 1.8
- */
-public class TencentCloudAuthorization implements Authorization {
-
-    @Override
-    public String getAuthorizeUrl(AuthConfig config) {
-        return UrlBuilder.getTencentCloudAuthorizeUrl(config.getClientId(), config.getRedirectUri());
-    }
-}
@@ -1,19 +0,0 @@
-package me.zhyd.oauth.authorization;
-
-import me.zhyd.oauth.config.AuthConfig;
-import me.zhyd.oauth.utils.UrlBuilder;
-
-/**
- * 微信授权
- *
- * @author yadong.zhang (yadong.zhang0415(a)gmail.com)
- * @version 1.0
- * @since 1.8
- */
-public class WeChatAuthorization implements Authorization {
-
-    @Override
-    public String getAuthorizeUrl(AuthConfig config) {
-        return UrlBuilder.getWeChatAuthorizeUrl(config.getClientId(), config.getRedirectUri());
-    }
-}
@@ -1,19 +0,0 @@
-package me.zhyd.oauth.authorization;
-
-import me.zhyd.oauth.config.AuthConfig;
-import me.zhyd.oauth.utils.UrlBuilder;
-
-/**
- * 微博授权
- *
- * @author yadong.zhang (yadong.zhang0415(a)gmail.com)
- * @version 1.0
- * @since 1.8
- */
-public class WeiboAuthorization implements Authorization {
-
-    @Override
-    public String getAuthorizeUrl(AuthConfig config) {
-        return UrlBuilder.getWeiboAuthorizeUrl(config.getClientId(), config.getRedirectUri());
-    }
-}
@@ -0,0 +1,50 @@
+package me.zhyd.oauth.cache;
+
+/**
+ * JustAuth缓存，用来缓存State
+ *
+ * @author yadong.zhang (yadong.zhang0415(a)gmail.com)
+ * @since 1.9.3
+ */
+public interface AuthCache {
+
+    /**
+     * 设置缓存
+     *
+     * @param key   缓存KEY
+     * @param value 缓存内容
+     */
+    void set(String key, String value);
+
+    /**
+     * 设置缓存，指定过期时间
+     *
+     * @param key     缓存KEY
+     * @param value   缓存内容
+     * @param timeout 指定缓存过期时间（毫秒）
+     */
+    void set(String key, String value, long timeout);
+
+    /**
+     * 获取缓存
+     *
+     * @param key 缓存KEY
+     * @return 缓存内容
+     */
+    String get(String key);
+
+    /**
+     * 是否存在key，如果对应key的value值已过期，也返回false
+     *
+     * @param key 缓存KEY
+     * @return true：存在key，并且value没过期；false：key不存在或者已过期
+     */
+    boolean containsKey(String key);
+
+    /**
+     * 清理过期的缓存
+     */
+    default void pruneCache() {
+    }
+
+}
@@ -0,0 +1,22 @@
+package me.zhyd.oauth.cache;
+
+/**
+ * AuthCache配置类
+ *
+ * @author yadong.zhang (yadong.zhang0415(a)gmail.com)
+ * @since 1.10.0
+ */
+public class AuthCacheConfig {
+
+    /**
+     * 默认缓存过期时间：3分钟
+     * 鉴于授权过程中，根据个人的操作习惯，或者授权平台的不同（google等），每个授权流程的耗时也有差异，不过单个授权流程一般不会太长
+     * 本缓存工具默认的过期时间设置为3分钟，即程序默认认为3分钟内的授权有效，超过3分钟则默认失效，失效后删除
+     */
+    public static long timeout = 3 * 60 * 1000;
+
+    /**
+     * 是否开启定时{@link AuthDefaultCache#pruneCache()}的任务
+     */
+    public static boolean schedulePrune = true;
+}
@@ -0,0 +1,42 @@
+package me.zhyd.oauth.cache;
+
+import java.util.concurrent.ScheduledExecutorService;
+import java.util.concurrent.ScheduledThreadPoolExecutor;
+import java.util.concurrent.TimeUnit;
+import java.util.concurrent.atomic.AtomicInteger;
+
+/**
+ * 缓存调度器
+ *
+ * @author yadong.zhang (yadong.zhang0415(a)gmail.com)
+ * @since 1.9.3
+ */
+public enum AuthCacheScheduler {
+
+    /**
+     * 当前实例
+     */
+    INSTANCE;
+
+    private AtomicInteger cacheTaskNumber = new AtomicInteger(1);
+    private ScheduledExecutorService scheduler;
+
+    AuthCacheScheduler() {
+        create();
+    }
+
+    private void create() {
+        this.shutdown();
+        this.scheduler = new ScheduledThreadPoolExecutor(10, r -> new Thread(r, String.format("JustAuth-Task-%s", cacheTaskNumber.getAndIncrement())));
+    }
+
+    private void shutdown() {
+        if (null != scheduler) {
+            this.scheduler.shutdown();
+        }
+    }
+
+    public void schedule(Runnable task, long delay) {
+        this.scheduler.scheduleAtFixedRate(task, delay, delay, TimeUnit.MILLISECONDS);
+    }
+}
@@ -0,0 +1,140 @@
+package me.zhyd.oauth.cache;
+
+import lombok.Getter;
+import lombok.Setter;
+
+import java.io.Serializable;
+import java.util.Iterator;
+import java.util.Map;
+import java.util.concurrent.ConcurrentHashMap;
+import java.util.concurrent.locks.Lock;
+import java.util.concurrent.locks.ReentrantReadWriteLock;
+
+/**
+ * 默认的缓存实现
+ *
+ * @author yadong.zhang (yadong.zhang0415(a)gmail.com)
+ * @since 1.9.3
+ */
+public class AuthDefaultCache implements AuthCache {
+
+    /**
+     * state cache
+     */
+    private static Map<String, CacheState> stateCache = new ConcurrentHashMap<>();
+    private final ReentrantReadWriteLock cacheLock = new ReentrantReadWriteLock(true);
+    private final Lock writeLock = cacheLock.writeLock();
+    private final Lock readLock = cacheLock.readLock();
+
+    public AuthDefaultCache() {
+        if (AuthCacheConfig.schedulePrune) {
+            this.schedulePrune(AuthCacheConfig.timeout);
+        }
+    }
+
+    /**
+     * 设置缓存
+     *
+     * @param key   缓存KEY
+     * @param value 缓存内容
+     */
+    @Override
+    public void set(String key, String value) {
+        set(key, value, AuthCacheConfig.timeout);
+    }
+
+    /**
+     * 设置缓存
+     *
+     * @param key     缓存KEY
+     * @param value   缓存内容
+     * @param timeout 指定缓存过期时间（毫秒）
+     */
+    @Override
+    public void set(String key, String value, long timeout) {
+        writeLock.lock();
+        try {
+            stateCache.put(key, new CacheState(value, timeout));
+        } finally {
+            writeLock.unlock();
+        }
+    }
+
+    /**
+     * 获取缓存
+     *
+     * @param key 缓存KEY
+     * @return 缓存内容
+     */
+    @Override
+    public String get(String key) {
+        readLock.lock();
+        try {
+            CacheState cacheState = stateCache.get(key);
+            if (null == cacheState || cacheState.isExpired()) {
+                return null;
+            }
+            return cacheState.getState();
+        } finally {
+            readLock.unlock();
+        }
+    }
+
+    /**
+     * 是否存在key，如果对应key的value值已过期，也返回false
+     *
+     * @param key 缓存KEY
+     * @return true：存在key，并且value没过期；false：key不存在或者已过期
+     */
+    @Override
+    public boolean containsKey(String key) {
+        readLock.lock();
+        try {
+            CacheState cacheState = stateCache.get(key);
+            return null != cacheState && !cacheState.isExpired();
+        } finally {
+            readLock.unlock();
+        }
+    }
+
+    /**
+     * 清理过期的缓存
+     */
+    @Override
+    public void pruneCache() {
+        Iterator<CacheState> values = stateCache.values().iterator();
+        CacheState cacheState;
+        while (values.hasNext()) {
+            cacheState = values.next();
+            if (cacheState.isExpired()) {
+                values.remove();
+            }
+        }
+    }
+
+    /**
+     * 定时清理
+     *
+     * @param delay 间隔时长，单位毫秒
+     */
+    public void schedulePrune(long delay) {
+        AuthCacheScheduler.INSTANCE.schedule(this::pruneCache, delay);
+    }
+
+    @Getter
+    @Setter
+    private class CacheState implements Serializable {
+        private String state;
+        private long expire;
+
+        CacheState(String state, long expire) {
+            this.state = state;
+            // 实际过期时间等于当前时间加上有效期
+            this.expire = System.currentTimeMillis() + expire;
+        }
+
+        boolean isExpired() {
+            return System.currentTimeMillis() > this.expire;
+        }
+    }
+}
@@ -0,0 +1,66 @@
+package me.zhyd.oauth.cache;
+
+/**
+ * 默认的state缓存实现
+ *
+ * @author yadong.zhang (yadong.zhang0415(a)gmail.com)
+ * @since 1.10.0
+ */
+public enum AuthDefaultStateCache implements AuthStateCache {
+
+    /**
+     * 当前实例
+     */
+    INSTANCE;
+
+    private AuthCache authCache;
+
+    AuthDefaultStateCache() {
+        authCache = new AuthDefaultCache();
+    }
+
+    /**
+     * 存入缓存
+     *
+     * @param key   缓存key
+     * @param value 缓存内容
+     */
+    @Override
+    public void cache(String key, String value) {
+        authCache.set(key, value);
+    }
+
+    /**
+     * 存入缓存
+     *
+     * @param key     缓存key
+     * @param value   缓存内容
+     * @param timeout 指定缓存过期时间（毫秒）
+     */
+    @Override
+    public void cache(String key, String value, long timeout) {
+        authCache.set(key, value, timeout);
+    }
+
+    /**
+     * 获取缓存内容
+     *
+     * @param key 缓存key
+     * @return 缓存内容
+     */
+    @Override
+    public String get(String key) {
+        return authCache.get(key);
+    }
+
+    /**
+     * 是否存在key，如果对应key的value值已过期，也返回false
+     *
+     * @param key 缓存key
+     * @return true：存在key，并且value没过期；false：key不存在或者已过期
+     */
+    @Override
+    public boolean containsKey(String key) {
+        return authCache.containsKey(key);
+    }
+}
@@ -0,0 +1,44 @@
+package me.zhyd.oauth.cache;
+
+/**
+ * <p>
+ * State缓存接口，方便用户扩展
+ * </p>
+ *
+ * @author yangkai.shen
+ * @since 1.10.0
+ */
+public interface AuthStateCache {
+    /**
+     * 存入缓存
+     *
+     * @param key   缓存key
+     * @param value 缓存内容
+     */
+    void cache(String key, String value);
+
+    /**
+     * 存入缓存
+     *
+     * @param key     缓存key
+     * @param value   缓存内容
+     * @param timeout 指定缓存过期时间（毫秒）
+     */
+    void cache(String key, String value, long timeout);
+
+    /**
+     * 获取缓存内容
+     *
+     * @param key 缓存key
+     * @return 缓存内容
+     */
+    String get(String key);
+
+    /**
+     * 是否存在key，如果对应key的value值已过期，也返回false
+     *
+     * @param key 缓存key
+     * @return true：存在key，并且value没过期；false：key不存在或者已过期
+     */
+    boolean containsKey(String key);
+}
@@ -0,0 +1,5 @@
+/**
+ * JustAuth 缓存实现， 提供基础的基于ConcurrentHashMap + ScheduledExecutorService 实现的定时缓存。
+ * 同时对外暴露{@code AuthStateCache}接口，可进行对缓存实现的自定义。
+ */
+package me.zhyd.oauth.cache;
@@ -6,23 +6,22 @@ import lombok.*;
 * JustAuth配置类
 *
 * @author yadong.zhang (yadong.zhang0415(a)gmail.com)
- * @version 1.0
 * @since 1.8
 */
-@Setter
@Getter
+@Setter
@Builder
@NoArgsConstructor
@AllArgsConstructor
 public class AuthConfig {

    /**
-     * 客户端id：对应个平台的appKey
+     * 客户端id：对应各平台的appKey
     */
    private String clientId;

    /**
-     * 客户端Secret：对应个平台的appSecret
+     * 客户端Secret：对应各平台的appSecret
     */
    private String clientSecret;

@@ -35,4 +34,28 @@ public class AuthConfig {
     * 支付宝公钥：当选择支付宝登录时，该值可用
     */
    private String alipayPublicKey;
+
+    /**
+     * 是否需要申请unionid，目前只针对qq登录
+     * 注：qq授权登录时，获取unionid需要单独发送邮件申请权限。如果个人开发者账号中申请了该权限，可以将该值置为true，在获取openId时就会同步获取unionId
+     * 参考链接：http://wiki.connect.qq.com/unionid%E4%BB%8B%E7%BB%8D
+     * <p>
+     * 1.7.1版本新增参数
+     */
+    private boolean unionId;
+
+    /**
+     * Stack Overflow Key
+     * <p>
+     *
+     * @since 1.9.0
+     */
+    private String stackOverflowKey;
+
+    /**
+     * 企业微信，授权方的网页应用ID
+     *
+     * @since 1.10.0
+     */
+    private String agentId;
 }
@@ -1,16 +1,15 @@
-package me.zhyd.oauth.consts;
+package me.zhyd.oauth.config;

+import me.zhyd.oauth.enums.AuthResponseStatus;
 import me.zhyd.oauth.exception.AuthException;
-import me.zhyd.oauth.request.ResponseStatus;

 /**
- * 各api需要的url， 用枚举类分平台类型管理
+ * JustAuth内置的各api需要的url， 用枚举类分平台类型管理
 *
 * @author yadong.zhang (yadong.zhang0415(a)gmail.com)
- * @version 1.0
 * @since 1.0
 */
-public enum ApiUrl {
+public enum AuthDefaultSource implements AuthSource {
    /**
     * Github
     */
@@ -29,16 +28,6 @@ public enum ApiUrl {
        public String userInfo() {
            return "https://api.github.com/user";
        }
-
-        @Override
-        public String revoke() {
-            throw new AuthException(ResponseStatus.UNSUPPORTED);
-        }
-
-        @Override
-        public String refresh() {
-            throw new AuthException(ResponseStatus.UNSUPPORTED);
-        }
    },
    /**
     * 新浪微博
@@ -58,16 +47,6 @@ public enum ApiUrl {
        public String userInfo() {
            return "https://api.weibo.com/2/users/show.json";
        }
-
-        @Override
-        public String revoke() {
-            throw new AuthException(ResponseStatus.UNSUPPORTED);
-        }
-
-        @Override
-        public String refresh() {
-            throw new AuthException(ResponseStatus.UNSUPPORTED);
-        }
    },
    /**
     * gitee
@@ -87,16 +66,6 @@ public enum ApiUrl {
        public String userInfo() {
            return "https://gitee.com/api/v5/user";
        }
-
-        @Override
-        public String revoke() {
-            throw new AuthException(ResponseStatus.UNSUPPORTED);
-        }
-
-        @Override
-        public String refresh() {
-            throw new AuthException(ResponseStatus.UNSUPPORTED);
-        }
    },
    /**
     * 钉钉
@@ -109,23 +78,13 @@ public enum ApiUrl {

        @Override
        public String accessToken() {
-            throw new AuthException(ResponseStatus.UNSUPPORTED);
+            throw new AuthException(AuthResponseStatus.UNSUPPORTED);
        }

        @Override
        public String userInfo() {
            return "https://oapi.dingtalk.com/sns/getuserinfo_bycode";
        }
-
-        @Override
-        public String revoke() {
-            throw new AuthException(ResponseStatus.UNSUPPORTED);
-        }
-
-        @Override
-        public String refresh() {
-            throw new AuthException(ResponseStatus.UNSUPPORTED);
-        }
    },
    /**
     * 百度
@@ -153,7 +112,7 @@ public enum ApiUrl {

        @Override
        public String refresh() {
-            throw new AuthException(ResponseStatus.UNSUPPORTED);
+            return "https://openapi.baidu.com/oauth/2.0/token";
        }
    },
    /**
@@ -174,16 +133,6 @@ public enum ApiUrl {
        public String userInfo() {
            return "https://api.csdn.net/user/getinfo";
        }
-
-        @Override
-        public String revoke() {
-            throw new AuthException(ResponseStatus.UNSUPPORTED);
-        }
-
-        @Override
-        public String refresh() {
-            throw new AuthException(ResponseStatus.UNSUPPORTED);
-        }
    },
    /**
     * Coding
@@ -203,21 +152,11 @@ public enum ApiUrl {
        public String userInfo() {
            return "https://coding.net/api/account/current_user";
        }
-
-        @Override
-        public String revoke() {
-            throw new AuthException(ResponseStatus.UNSUPPORTED);
-        }
-
-        @Override
-        public String refresh() {
-            throw new AuthException(ResponseStatus.UNSUPPORTED);
-        }
    },
    /**
     * 腾讯云开发者平台（coding升级后就变成腾讯云开发者平台了）
     */
-    TENCENTCLOUD {
+    TENCENT_CLOUD {
        @Override
        public String authorize() {
            return "https://dev.tencent.com/oauth_authorize.html";
@@ -232,16 +171,6 @@ public enum ApiUrl {
        public String userInfo() {
            return "https://dev.tencent.com/api/account/current_user";
        }
-
-        @Override
-        public String revoke() {
-            throw new AuthException(ResponseStatus.UNSUPPORTED);
-        }
-
-        @Override
-        public String refresh() {
-            throw new AuthException(ResponseStatus.UNSUPPORTED);
-        }
    },
    /**
     * oschina 开源中国
@@ -261,16 +190,6 @@ public enum ApiUrl {
        public String userInfo() {
            return "https://www.oschina.net/action/openapi/user";
        }
-
-        @Override
-        public String revoke() {
-            throw new AuthException(ResponseStatus.UNSUPPORTED);
-        }
-
-        @Override
-        public String refresh() {
-            throw new AuthException(ResponseStatus.UNSUPPORTED);
-        }
    },
    /**
     * 支付宝
@@ -290,16 +209,6 @@ public enum ApiUrl {
        public String userInfo() {
            return "https://openapi.alipay.com/gateway.do";
        }
-
-        @Override
-        public String revoke() {
-            throw new AuthException(ResponseStatus.UNSUPPORTED);
-        }
-
-        @Override
-        public String refresh() {
-            throw new AuthException(ResponseStatus.UNSUPPORTED);
-        }
    },
    /**
     * QQ
@@ -320,14 +229,9 @@ public enum ApiUrl {
            return "https://graph.qq.com/user/get_user_info";
        }

-        @Override
-        public String revoke() {
-            throw new AuthException(ResponseStatus.UNSUPPORTED);
-        }
-
        @Override
        public String refresh() {
-            throw new AuthException(ResponseStatus.UNSUPPORTED);
+            return "https://graph.qq.com/oauth2.0/token";
        }
    },
    /**
@@ -349,11 +253,6 @@ public enum ApiUrl {
            return "https://api.weixin.qq.com/sns/userinfo";
        }

-        @Override
-        public String revoke() {
-            throw new AuthException(ResponseStatus.UNSUPPORTED);
-        }
-
        @Override
        public String refresh() {
            return "https://api.weixin.qq.com/sns/oauth2/refresh_token";
@@ -375,17 +274,7 @@ public enum ApiUrl {

        @Override
        public String userInfo() {
-            throw new AuthException(ResponseStatus.UNSUPPORTED);
-        }
-
-        @Override
-        public String revoke() {
-            throw new AuthException(ResponseStatus.UNSUPPORTED);
-        }
-
-        @Override
-        public String refresh() {
-            throw new AuthException(ResponseStatus.UNSUPPORTED);
+            throw new AuthException(AuthResponseStatus.UNSUPPORTED);
        }
    },
    /**
@@ -404,17 +293,7 @@ public enum ApiUrl {

        @Override
        public String userInfo() {
-            return "https://oauth2.googleapis.com/tokeninfo";
-        }
-
-        @Override
-        public String revoke() {
-            throw new AuthException(ResponseStatus.UNSUPPORTED);
-        }
-
-        @Override
-        public String refresh() {
-            throw new AuthException(ResponseStatus.UNSUPPORTED);
+            return "https://www.googleapis.com/oauth2/v3/userinfo";
        }
    },
    /**
@@ -435,16 +314,6 @@ public enum ApiUrl {
        public String userInfo() {
            return "https://graph.facebook.com/v3.3/me";
        }
-
-        @Override
-        public String revoke() {
-            throw new AuthException(ResponseStatus.UNSUPPORTED);
-        }
-
-        @Override
-        public String refresh() {
-            throw new AuthException(ResponseStatus.UNSUPPORTED);
-        }
    },
    /**
     * 抖音
@@ -457,22 +326,17 @@ public enum ApiUrl {

        @Override
        public String accessToken() {
-            return "https://open.douyin.com/oauth/access_token";
+            return "https://open.douyin.com/oauth/access_token/";
        }

        @Override
        public String userInfo() {
-            return "https://open.douyin.com/oauth/userinfo";
-        }
-
-        @Override
-        public String revoke() {
-            throw new AuthException(ResponseStatus.UNSUPPORTED);
+            return "https://open.douyin.com/oauth/userinfo/";
        }

        @Override
        public String refresh() {
-            return "https://open.douyin.com/oauth/refresh_token";
+            return "https://open.douyin.com/oauth/refresh_token/";
        }
    },
    /**
@@ -494,11 +358,6 @@ public enum ApiUrl {
            return "https://api.linkedin.com/v2/me";
        }

-        @Override
-        public String revoke() {
-            throw new AuthException(ResponseStatus.UNSUPPORTED);
-        }
-
        @Override
        public String refresh() {
            return "https://www.linkedin.com/oauth/v2/accessToken";
@@ -523,11 +382,6 @@ public enum ApiUrl {
            return "https://graph.microsoft.com/v1.0/me";
        }

-        @Override
-        public String revoke() {
-            throw new AuthException(ResponseStatus.UNSUPPORTED);
-        }
-
        @Override
        public String refresh() {
            return "https://login.microsoftonline.com/common/oauth2/v2.0/token";
@@ -553,49 +407,271 @@ public enum ApiUrl {
        }

        @Override
-        public String revoke() {
-            throw new AuthException(ResponseStatus.UNSUPPORTED);
+        public String refresh() {
+            return "https://account.xiaomi.com/oauth2/token";
+        }
+    },
+    /**
+     * 今日头条
+     */
+    TOUTIAO {
+        @Override
+        public String authorize() {
+            return "https://open.snssdk.com/auth/authorize";
+        }
+
+        @Override
+        public String accessToken() {
+            return "https://open.snssdk.com/auth/token";
+        }
+
+        @Override
+        public String userInfo() {
+            return "https://open.snssdk.com/data/user_profile";
+        }
+    },
+    /**
+     * Teambition
+     */
+    TEAMBITION {
+        @Override
+        public String authorize() {
+            return "https://account.teambition.com/oauth2/authorize";
+        }
+
+        @Override
+        public String accessToken() {
+            return "https://account.teambition.com/oauth2/access_token";
        }

        @Override
        public String refresh() {
-            return "https://account.xiaomi.com/oauth2/token";
+            return "https://account.teambition.com/oauth2/refresh_token";
        }
-    };
+
+        @Override
+        public String userInfo() {
+            return "https://api.teambition.com/users/me";
+        }
+    },

    /**
-     * 授权的api
-     *
-     * @return url
+     * 人人网
     */
-    public abstract String authorize();
+    RENREN {
+        @Override
+        public String authorize() {
+            return "https://graph.renren.com/oauth/authorize";
+        }
+
+        @Override
+        public String accessToken() {
+            return "https://graph.renren.com/oauth/token";
+        }
+
+        @Override
+        public String refresh() {
+            return "https://graph.renren.com/oauth/token";
+        }
+
+        @Override
+        public String userInfo() {
+            return "https://api.renren.com/v2/user/get";
+        }
+    },

    /**
-     * 获取accessToken的api
-     *
-     * @return url
+     * Pinterest
     */
-    public abstract String accessToken();
+    PINTEREST {
+        @Override
+        public String authorize() {
+            return "https://api.pinterest.com/oauth";
+        }
+
+        @Override
+        public String accessToken() {
+            return "https://api.pinterest.com/v1/oauth/token";
+        }
+
+        @Override
+        public String userInfo() {
+            return "https://api.pinterest.com/v1/me";
+        }
+    },

    /**
-     * 获取用户信息的api
-     *
-     * @return url
+     * Stack Overflow
     */
-    public abstract String userInfo();
+    STACK_OVERFLOW {
+        @Override
+        public String authorize() {
+            return "https://stackoverflow.com/oauth";
+        }
+
+        @Override
+        public String accessToken() {
+            return "https://stackoverflow.com/oauth/access_token/json";
+        }
+
+        @Override
+        public String userInfo() {
+            return "https://api.stackexchange.com/2.2/me";
+        }
+    },

    /**
-     * 取消授权的api
+     * 华为
     *
-     * @return url
+     * @since 1.10.0
     */
-    public abstract String revoke();
+    HUAWEI {
+        @Override
+        public String authorize() {
+            return "https://oauth-login.cloud.huawei.com/oauth2/v2/authorize";
+        }
+
+        @Override
+        public String accessToken() {
+            return "https://oauth-login.cloud.huawei.com/oauth2/v2/token";
+        }
+
+        @Override
+        public String userInfo() {
+            return "https://api.vmall.com/rest.php";
+        }
+
+        @Override
+        public String refresh() {
+            return "https://oauth-login.cloud.huawei.com/oauth2/v2/token";
+        }
+    },

    /**
-     * 刷新授权的api
+     * 企业微信
     *
-     * @return url
+     * @since 1.10.0
     */
-    public abstract String refresh();
+    WECHAT_ENTERPRISE {
+        @Override
+        public String authorize() {
+            return "https://open.work.weixin.qq.com/wwopen/sso/qrConnect";
+        }
+
+        @Override
+        public String accessToken() {
+            return "https://qyapi.weixin.qq.com/cgi-bin/gettoken";
+        }
+
+        @Override
+        public String userInfo() {
+            return "https://qyapi.weixin.qq.com/cgi-bin/user/getuserinfo";
+        }
+    },
+
+    /**
+     * 酷家乐
+     *
+     * @since 1.11.0
+     */
+    KUJIALE {
+        @Override
+        public String authorize() {
+            return "https://oauth.kujiale.com/oauth2/show";
+        }
+
+        @Override
+        public String accessToken() {
+            return "https://oauth.kujiale.com/oauth2/auth/token";
+        }
+
+        @Override
+        public String userInfo() {
+            return "https://oauth.kujiale.com/oauth2/openapi/user";
+        }
+
+        @Override
+        public String refresh() {
+            return "https://oauth.kujiale.com/oauth2/auth/token/refresh";
+        }
+    },
+
+    /**
+     * Gitlab
+     *
+     * @since 1.11.0
+     */
+    GITLAB {
+        @Override
+        public String authorize() {
+            return "https://gitlab.com/oauth/authorize";
+        }
+
+        @Override
+        public String accessToken() {
+            return "https://gitlab.com/oauth/token";
+        }
+
+        @Override
+        public String userInfo() {
+            return "https://gitlab.com/api/v4/user";
+        }
+    },
+
+    /**
+     * 美团
+     *
+     * @since 1.12.0
+     */
+    MEITUAN {
+        @Override
+        public String authorize() {
+            return "https://openapi.waimai.meituan.com/oauth/authorize";
+        }
+
+        @Override
+        public String accessToken() {
+            return "https://openapi.waimai.meituan.com/oauth/access_token";
+        }
+
+        @Override
+        public String userInfo() {
+            return "https://openapi.waimai.meituan.com/oauth/userinfo";
+        }
+
+        @Override
+        public String refresh() {
+            return "https://openapi.waimai.meituan.com/oauth/refresh_token";
+        }
+    },
+
+    /**
+     * 饿了么
+     * <p>
+     * 注：集成的是正式环境，非沙箱环境
+     *
+     * @since 1.12.0
+     */
+    ELEME {
+        @Override
+        public String authorize() {
+            return "https://open-api.shop.ele.me/authorize";
+        }
+
+        @Override
+        public String accessToken() {
+            return "https://open-api.shop.ele.me/token";
+        }
+
+        @Override
+        public String userInfo() {
+            return "https://open-api.shop.ele.me/api/v1/";
+        }
+
+        @Override
+        public String refresh() {
+            return "https://open-api.shop.ele.me/token";
+        }
+    }

 }
@@ -0,0 +1,64 @@
+package me.zhyd.oauth.config;
+
+import me.zhyd.oauth.enums.AuthResponseStatus;
+import me.zhyd.oauth.exception.AuthException;
+import me.zhyd.oauth.model.AuthCallback;
+
+/**
+ * OAuth平台的API管理类的统一接口，提供以下接口：
+ * 1) {@link AuthSource#authorize()}: 获取授权api. 必须实现
+ * 2) {@link AuthSource#accessToken()}: 获取授权api. 必须实现
+ * 3) {@link AuthSource#userInfo()}: 获取授权api. 必须实现
+ * 4) {@link AuthSource#revoke()}: 获取授权api. 非必须实现接口（部分平台不支持）
+ * 5) {@link AuthSource#refresh()} ()}: 获取授权api. 非必须实现接口（部分平台不支持）
+ * <p>
+ * 注：
+ * ①、如需通过JustAuth扩展实现第三方授权，请参考{@link AuthDefaultSource}自行创建对应的枚举类并实现{@link AuthSource}接口
+ * ②、如果不是使用的枚举类，那么在授权成功后获取用户信息时，需要单独处理sourcec字段的赋值
+ * ③、如果扩展了对应枚举类时，在{@link me.zhyd.oauth.request.AuthRequest#login(AuthCallback)}中可以通过{@code xx.toString()}获取对应的source
+ *
+ * @author yadong.zhang (yadong.zhang0415(a)gmail.com)
+ * @version 1.0
+ * @since 1.12.0
+ */
+public interface AuthSource {
+
+    /**
+     * 授权的api
+     *
+     * @return url
+     */
+    String authorize();
+
+    /**
+     * 获取accessToken的api
+     *
+     * @return url
+     */
+    String accessToken();
+
+    /**
+     * 获取用户信息的api
+     *
+     * @return url
+     */
+    String userInfo();
+
+    /**
+     * 取消授权的api
+     *
+     * @return url
+     */
+    default String revoke() {
+        throw new AuthException(AuthResponseStatus.UNSUPPORTED);
+    }
+
+    /**
+     * 刷新授权的api
+     *
+     * @return url
+     */
+    default String refresh() {
+        throw new AuthException(AuthResponseStatus.UNSUPPORTED);
+    }
+}
@@ -0,0 +1,4 @@
+/**
+ * JustAuth 核心配置相关，包括{@code AuthConfig}和{@code AuthSource}
+ */
+package me.zhyd.oauth.config;
@@ -0,0 +1,34 @@
+package me.zhyd.oauth.enums;
+
+import lombok.AllArgsConstructor;
+import lombok.Getter;
+
+/**
+ * JustAuth通用的状态码对照表
+ *
+ * @author yadong.zhang (yadong.zhang0415(a)gmail.com)
+ * @since 1.8
+ */
+@Getter
+@AllArgsConstructor
+public enum AuthResponseStatus {
+    /**
+     * 2000：正常；
+     * other：调用异常，具体异常内容见{@code msg}
+     */
+    SUCCESS(2000, "Success"),
+    FAILURE(5000, "Failure"),
+    NOT_IMPLEMENTED(5001, "Not Implemented"),
+    PARAMETER_INCOMPLETE(5002, "Parameter incomplete"),
+    UNSUPPORTED(5003, "Unsupported operation"),
+    NO_AUTH_SOURCE(5004, "AuthDefaultSource cannot be null"),
+    UNIDENTIFIED_PLATFORM(5005, "Unidentified platform"),
+    ILLEGAL_REDIRECT_URI(5006, "Illegal redirect uri"),
+    ILLEGAL_REQUEST(5007, "Illegal request"),
+    ILLEGAL_CODE(5008, "Illegal code"),
+    ;
+
+    private int code;
+    private String msg;
+}
+
@@ -0,0 +1,49 @@
+package me.zhyd.oauth.enums;
+
+import lombok.AllArgsConstructor;
+import lombok.Getter;
+
+/**
+ * 今日头条授权登录时的异常状态码
+ *
+ * @author yadong.zhang (yadong.zhang0415(a)gmail.com)
+ * @since 1.8
+ */
+@Getter
+@AllArgsConstructor
+public enum AuthToutiaoErrorCode {
+    /**
+     * 0：正常；
+     * other：调用异常，具体异常内容见{@code desc}
+     */
+    EC0(0, "接口调用成功"),
+    EC1(1, "API配置错误，未传入Client Key"),
+    EC2(2, "API配置错误，Client Key错误，请检查是否和开放平台的ClientKey一致"),
+    EC3(3, "没有授权信息"),
+    EC4(4, "响应类型错误"),
+    EC5(5, "授权类型错误"),
+    EC6(6, "client_secret错误"),
+    EC7(7, "authorize_code过期"),
+    EC8(8, "指定url的scheme不是https"),
+    EC9(9, "接口内部错误，请联系头条技术"),
+    EC10(10, "access_token过期"),
+    EC11(11, "缺少access_token"),
+    EC12(12, "参数缺失"),
+    EC13(13, "url错误"),
+    EC21(21, "域名与登记域名不匹配"),
+    EC999(999, "未知错误，请联系头条技术"),
+    ;
+
+    private int code;
+    private String desc;
+
+    public static AuthToutiaoErrorCode getErrorCode(int errorCode) {
+        AuthToutiaoErrorCode[] errorCodes = AuthToutiaoErrorCode.values();
+        for (AuthToutiaoErrorCode code : errorCodes) {
+            if (code.getCode() == errorCode) {
+                return code;
+            }
+        }
+        return EC999;
+    }
+}
@@ -0,0 +1,42 @@
+package me.zhyd.oauth.enums;
+
+import lombok.AllArgsConstructor;
+import lombok.Getter;
+
+import java.util.Arrays;
+
+/**
+ * 用户性别
+ *
+ * @author yadong.zhang (yadong.zhang0415(a)gmail.com)
+ * @since 1.8
+ */
+@Getter
+@AllArgsConstructor
+public enum AuthUserGender {
+    /**
+     * MALE/FAMALE为正常值，通过{@link AuthUserGender#getRealGender(String)}方法获取真实的性别
+     * UNKNOWN为容错值，部分平台不会返回用户性别，为了方便统一，使用UNKNOWN标记所有未知或不可测的用户性别信息
+     */
+    MALE(1, "男"),
+    FEMALE(0, "女"),
+    UNKNOWN(-1, "未知");
+
+    private int code;
+    private String desc;
+
+    public static AuthUserGender getRealGender(String code) {
+        if (code == null) {
+            return UNKNOWN;
+        }
+        String[] males = {"m", "男", "1", "male"};
+        if (Arrays.asList(males).contains(code.toLowerCase())) {
+            return MALE;
+        }
+        String[] females = {"f", "女", "0", "female"};
+        if (Arrays.asList(females).contains(code.toLowerCase())) {
+            return FEMALE;
+        }
+        return UNKNOWN;
+    }
+}
@@ -0,0 +1,4 @@
+/**
+ * 提供一些必要的枚举类
+ */
+package me.zhyd.oauth.enums;
@@ -1,10 +1,11 @@
 package me.zhyd.oauth.exception;

-import me.zhyd.oauth.request.ResponseStatus;
+import me.zhyd.oauth.enums.AuthResponseStatus;

 /**
+ * JustAuth通用异常类
+ *
 * @author yadong.zhang (yadong.zhang0415(a)gmail.com)
- * @version 1.0
 * @since 1.8
 */
 public class AuthException extends RuntimeException {
@@ -13,16 +14,16 @@ public class AuthException extends RuntimeException {
    private String errorMsg;

    public AuthException(String errorMsg) {
-        this(ResponseStatus.FAILURE.getCode(), errorMsg);
+        this(AuthResponseStatus.FAILURE.getCode(), errorMsg);
    }

    public AuthException(int errorCode, String errorMsg) {
-        super(errorCode + ":" + errorMsg);
+        super(errorMsg);
        this.errorCode = errorCode;
        this.errorMsg = errorMsg;
    }

-    public AuthException(ResponseStatus status) {
+    public AuthException(AuthResponseStatus status) {
        super(status.getMsg());
    }

@@ -30,6 +31,10 @@ public class AuthException extends RuntimeException {
        super(message, cause);
    }

+    public AuthException(Throwable cause) {
+        super(cause);
+    }
+
    public int getErrorCode() {
        return errorCode;
    }
@@ -0,0 +1,4 @@
+/**
+ * JustAuth专用异常封装
+ */
+package me.zhyd.oauth.exception;
@@ -0,0 +1,150 @@
+package me.zhyd.oauth.log;
+
+import lombok.AllArgsConstructor;
+import lombok.Getter;
+
+import java.io.PrintStream;
+import java.time.LocalDateTime;
+import java.time.format.DateTimeFormatter;
+
+/**
+ * 针对JustAuth提供的轻量级的日志打印工具
+ *
+ * @author yadong.zhang (yadong.zhang0415(a)gmail.com)
+ * @see Log#debug(String)
+ * @see Log#debug(String, Throwable)
+ * @see Log#warn(String)
+ * @see Log#warn(String, Throwable)
+ * @see Log#error(String)
+ * @see Log#error(String, Throwable)
+ * @since 1.10.0
+ */
+public class Log {
+
+    public static void debug(String msg) {
+        debug(msg, null);
+    }
+
+    public static void warn(String msg) {
+        warn(msg, null);
+    }
+
+    public static void error(String msg) {
+        error(msg, null);
+    }
+
+    public static void debug(String msg, Throwable t) {
+        print(Level.DEBUG, msg, t, System.out);
+    }
+
+    public static void warn(String msg, Throwable t) {
+        print(Level.WARN, msg, t, System.out);
+    }
+
+    public static void error(String msg, Throwable t) {
+        print(Level.ERROR, msg, t, System.err);
+    }
+
+    /**
+     * 打印日志内容，格式：2019-08-02 20:44:07 main me.zhyd.oauth.log.Log(debug:39) [DEBUG] - xxxx
+     *
+     * @param level 日志级别
+     * @param msg   日志内容
+     * @param t     异常信息
+     * @param ps    实际执行打印的PrintStream
+     */
+    private static void print(Level level, String msg, Throwable t, PrintStream ps) {
+        if (Config.enable) {
+            if (level.getLevelNum() >= Config.level.getLevelNum()) {
+                ps.println(String.format("%s %s %s [%s] - %s", getDate(), Thread.currentThread().getName(), getCaller(), level, msg));
+                writeThrowable(t, ps);
+                ps.flush();
+            }
+        }
+    }
+
+    /**
+     * 获取调用方的信息
+     *
+     * @return 返回调用方的信息，格式：class(method:lineNumber)
+     */
+    private static String getCaller() {
+        int offset = 2;
+        StackTraceElement[] stackTraceArr = (new Throwable()).getStackTrace();
+        StackTraceElement stackTrace = null;
+        if (offset >= stackTraceArr.length) {
+            offset = offset - 1;
+        }
+        stackTrace = stackTraceArr[offset];
+        return stackTrace.getClassName() +
+            "(" +
+            stackTrace.getMethodName() +
+            ':' +
+            stackTrace.getLineNumber() +
+            ")";
+    }
+
+    /**
+     * 获取格式化后的日期
+     *
+     * @return string
+     */
+    private static String getDate() {
+        return LocalDateTime.now().format(DateTimeFormatter.ofPattern("yyyy-MM-dd HH:mm:ss"));
+    }
+
+    /**
+     * 打印异常信息
+     *
+     * @param t            异常
+     * @param targetStream 实际执行打印的PrintStream
+     */
+    private static void writeThrowable(Throwable t, PrintStream targetStream) {
+        if (t != null) {
+            t.printStackTrace(targetStream);
+        }
+    }
+
+    /**
+     * 日志级别
+     *
+     * @author yadong.zhang (yadong.zhang0415(a)gmail.com)
+     * @since 1.10.0
+     */
+    @Getter
+    @AllArgsConstructor
+    public enum Level {
+        /**
+         * DEBUG: 普通级别
+         */
+        DEBUG(10),
+        /**
+         * WARN: 警告级别
+         */
+        WARN(30),
+        /**
+         * ERROR: 异常级别
+         */
+        ERROR(40);
+
+        private int levelNum;
+    }
+
+    /**
+     * 日志配置
+     *
+     * @author yadong.zhang (yadong.zhang0415(a)gmail.com)
+     * @since 1.10.0
+     */
+    static class Config {
+
+        /**
+         * 需要打印的日志级别
+         */
+        static Level level = Level.DEBUG;
+        /**
+         * 是否启用日志打印功能，默认启用
+         */
+        static boolean enable = true;
+    }
+}
@@ -0,0 +1,4 @@
+/**
+ * 针对JustAuth简单封装的日志打印工具，可用过{@link me.zhyd.oauth.log.Log.Config}开关日志和指定日志级别
+ */
+package me.zhyd.oauth.log;
@@ -1,62 +0,0 @@
-package me.zhyd.oauth.model;
-
-import me.zhyd.oauth.utils.StringUtils;
-
-/**
- * 百度授权登录时的异常状态码
- *
- * @author yadong.zhang (yadong.zhang0415(a)gmail.com)
- * @version 1.0
- * @since 1.8
- */
-public enum AuthBaiduErrorCode {
-    OK("ok", "ok", "ok"),
-    INVALID_REQUEST("invalid_request", "invalid refresh token", "请求缺少某个必需参数，包含一个不支持的参数或参数值，或者格式不正确。"),
-    INVALID_CLIENT("invalid_client", "unknown client id", "client_id”、“client_secret”参数无效。"),
-    INVALID_GRANT("invalid_grant", "The provided authorization grant is revoked", "提供的Access Grant是无效的、过期的或已撤销的，例如，Authorization Code无效(一个授权码只能使用一次)、Refresh Token无效、redirect_uri与获取Authorization Code时提供的不一致、Devie Code无效(一个设备授权码只能使用一次)等。"),
-    UNAUTHORIZED_CLIENT("unauthorized_client", "The client is not authorized to use this authorization grant type", "应用没有被授权，无法使用所指定的grant_type。"),
-    UNSUPPORTED_GRANT_TYPE("unsupported_grant_type", "The authorization grant type is not supported", "“grant_type”百度OAuth2.0服务不支持该参数。"),
-    INVALID_SCOPE("invalid_scope", "The requested scope is exceeds the scope granted by the resource owner", "请求的“scope”参数是无效的、未知的、格式不正确的、或所请求的权限范围超过了数据拥有者所授予的权限范围。"),
-    EXPIRED_TOKEN("expired_token", "refresh token has been used", "提供的Refresh Token已过期"),
-    REDIRECT_URI_MISMATCH("redirect_uri_mismatch", "Invalid redirect uri", "“redirect_uri”所在的根域与开发者注册应用时所填写的根域名不匹配。"),
-    UNSUPPORTED_RESPONSE_TYPE("unsupported_response_type", "The response type is not supported", "“response_type”参数值不为百度OAuth2.0服务所支持，或者应用已经主动禁用了对应的授权模式"),
-    SLOW_DOWN("slow_down", "The device is polling too frequently", "Device Flow中，设备通过Device Code换取Access Token的接口过于频繁，两次尝试的间隔应大于5秒。"),
-    AUTHORIZATION_PENDING("authorization_pending", "User has not yet completed the authorization", "Device Flow中，用户还没有对Device Code完成授权操作。"),
-    AUTHORIZATION_DECLINED("authorization_declined", "User has declined the authorization", "Device Flow中，用户拒绝了对Device Code的授权操作。"),
-    INVALID_REFERER("invalid_referer", "Invalid Referer", "Implicit Grant模式中，浏览器请求的Referer与根域名绑定不匹配");
-
-    private String code;
-    private String msg;
-    private String desc;
-
-    AuthBaiduErrorCode(String code, String msg, String desc) {
-        this.code = code;
-        this.msg = msg;
-        this.desc = desc;
-    }
-
-    public static AuthBaiduErrorCode getErrorCode(String code) {
-        if (StringUtils.isEmpty(code)) {
-            return OK;
-        }
-        AuthBaiduErrorCode[] errorCodes = AuthBaiduErrorCode.values();
-        for (AuthBaiduErrorCode errorCode : errorCodes) {
-            if (code.equalsIgnoreCase(errorCode.getCode())) {
-                return errorCode;
-            }
-        }
-        return OK;
-    }
-
-    public String getCode() {
-        return code;
-    }
-
-    public String getMsg() {
-        return msg;
-    }
-
-    public String getDesc() {
-        return desc;
-    }
-}
@@ -0,0 +1,37 @@
+package me.zhyd.oauth.model;
+
+import lombok.Getter;
+import lombok.Setter;
+
+/**
+ * 授权回调时的参数类
+ *
+ * @author yadong.zhang (yadong.zhang0415(a)gmail.com)
+ * @since 1.8.0
+ */
+@Getter
+@Setter
+public class AuthCallback {
+
+    /**
+     * 访问AuthorizeUrl后回调时带的参数code
+     */
+    private String code;
+
+    /**
+     * 访问AuthorizeUrl后回调时带的参数auth_code，该参数目前只使用于支付宝登录
+     */
+    private String auth_code;
+
+    /**
+     * 访问AuthorizeUrl后回调时带的参数state，用于和请求AuthorizeUrl前的state比较，防止CSRF攻击
+     */
+    private String state;
+
+    /**
+     * 华为授权登录接受code的参数名
+     *
+     * @since 1.10.0
+     */
+    private String authorization_code;
+}
@@ -1,404 +0,0 @@
-package me.zhyd.oauth.model;
-
-/**
- * 钉钉授权登录时的异常状态码
- *
- * @author yadong.zhang (yadong.zhang0415(a)gmail.com)
- * @version 1.0
- * @since 1.8
- */
-public enum AuthDingTalkErrorCode {
-    EC1_MINUS(-1, "系统繁忙", "服务器暂不可用，建议稍候再重试1次，最多重试3次"),
-    EC0(0, "请求成功", "接口调用成功"),
-    EC404(404, "请求的URI地址不存在", "地址不存在，检查下url是否和文档里写的一致"),
-    EC33001(33001, "无效的企业ID", "请确认下access_token是否正确"),
-    EC33002(33002, "无效的微应用的名称", "校验下微应用的名称字段，不能为空且长度不能超过10个字符"),
-    EC33003(33003, "无效的微应用的描述", "校验下微应用的描述字段，不能为空且长度不能超过20个字符"),
-    EC33004(33004, "无效的微应用的ICON", "校验下微应用的icon字段，不能为空且确保图标存在"),
-    EC33005(33005, "无效的微应用的移动端主页", "校验下微应用的移动端主页，不能为空且必须以http开头或https开头"),
-    EC33006(33006, "无效的微应用的PC端主页", "校验下微应用的PC端主页，必须以http开头或https开头"),
-    EC33007(33007, "微应用的移动端的主页与PC端主页不同", "校验下微应用的PC端主页，确保它和移动端主页的域名保持一致"),
-    EC33008(33008, "无效的微应用OA后台的主页", "校验下微应用的后台管理的主页失败，必须以http开头或https开头"),
-    EC34001(34001, "无效的会话id", "检查下所传的chatId字段是否为空"),
-    EC34002(34002, "无效的会话消息的发送者", "检查下sender字段是否为空"),
-    EC34003(34003, "无效的会话消息的发送者的企业Id", "检查下发送者的企业Id"),
-    EC34004(34004, "无效的会话消息的类型", "检查下msgtype字段，是否为空，是否是定义的那几种类型"),
-    EC34005(34005, "无效的会话音频消息的播放时间", "该错误码已废弃"),
-    EC34006(34006, "发送者不在企业中", "检查下发送者是否在企业中"),
-    EC34007(34007, "发送者不在会话中", "检查下发送者是否在会话id中"),
-    EC34008(34008, "图片不能为空", "如果发的是图片消息，检查下图片是否为空"),
-    EC34009(34009, "链接内容不能为空", "检查下messageUrl字段是否为空"),
-    EC34010(34010, "文件不能为空", "检查下media_id字段是否为空"),
-    EC34011(34011, "音频文件不能为空", "检查下media_id字段是否为空"),
-    EC34012(34012, "找不到发送者的企业", "检查下发送者是否是真实的"),
-    EC34013(34013, "找不到群会话对象", "检查下chatid是否真实存在"),
-    EC34014(34014, "会话消息的json结构无效或不完整", "检查下消息的json格式是否正确，json的key对应msgtype的value值"),
-    EC34015(34015, "发送群会话消息失败", "消息发送失败，建议稍后再重试下"),
-    EC34016(34016, "消息内容长度超过限制", "检查下消息的content字段长度是否超过5000，title字段长度是否超过64，markdown字段长度是否超过5000，single_title字段长度是否超过20，single_url字段长度是否超过500，btn_json_list字段长度是否超过1000"),
-    EC40001(40001, "获取access_token时Secret错误，或者access_token无效", "检查下access_token是否正确"),
-    EC40002(40002, "不合法的凭证类型", "无"),
-    EC40003(40003, "不合法的UserID", "确保该id在通讯录中存在，且是在你所传access_token对应的企业里"),
-    EC40004(40004, "不合法的媒体文件类型", "检查下type字段，只支持image，voice，file"),
-    EC40005(40005, "不合法的文件类型", "如果是文件类型，检查下是否是支持的那几种，目前只支持doc，docx，xls，xlsx，ppt，pptx，zip，pdf，rar"),
-    EC40006(40006, "不合法的文件大小", "检查下文件大小，image类型最大1MB，file类型最大10MB，voice类型最大2MB"),
-    EC40007(40007, "不合法的媒体文件id", "检查下mediaId是否为空，是否真实存在"),
-    EC40008(40008, "不合法的消息类型", "检查下msgtype是否为空，确保它在开放平台定义的几种类型里，具体见消息类型及格式"),
-    EC40009(40009, "不合法的部门id", "检查下部门id是否为空，是否为数字且大于0"),
-    EC40010(40010, "不合法的父部门id", "检查下父部门id是否为一个数字"),
-    EC40011(40011, "不合法的排序order", "检查下order字段是否为空，是否为数字且大于0"),
-    EC40012(40012, "不合法的发送者", "检查下sender字段是否为空，是否真实存在"),
-    EC40013(40013, "不合法的corpid", "检查下corpid是否有效"),
-    EC40014(40014, "不合法的access_token", "检查下access_token是否正确，注意access_token这个参数应该是带在url后面的"),
-    EC40015(40015, "发送者不在会话中", "检查下sender字段和cid字段是否能对应上"),
-    EC40016(40016, "不合法的会话ID", "检查下cid字段是否为空，是否有效"),
-    EC40017(40017, "在会话中没有找到与发送者在同一企业的人", "cid对应的消息接收者为空，检查下cid字段"),
-    EC40018(40018, "不允许以递归方式查询部门用户列表", "检查下fetchChild字段，目前不支持递归查询"),
-    EC40019(40019, "该手机号码对应的用户最多可以加入5个非认证企业", "无"),
-    EC40020(40020, "当前团队人数已经达到上限，用电脑登录钉钉企业管理后台，升级成为认证企业", "无"),
-    EC40021(40021, "更换的号码已注册过钉钉，无法使用该号码", "无"),
-    EC40022(40022, "企业中的手机号码和登录钉钉的手机号码不一致，暂时不支持修改用户信息，可以删除后重新添加", "无"),
-    EC40023(40023, "部门人数达到上限", "部门人数不能超过1000"),
-    EC40024(40024, "(安全校验不通过)保存失败，团队人数超限。请在手机钉钉绑定支付宝完成实名认证，或者申请企业认证，人数上限自动扩充", "无"),
-    EC40025(40025, "无效的部门JSONArray对象，合法格式需要用中括号括起来，且如果属于多部门，部门id需要用逗号分隔", "无"),
-    EC40029(40029, "不合法的oauth_code", "无"),
-    EC40031(40031, "不合法的UserID列表", "指定的UserID列表，至少存在一个UserID不在通讯录中"),
-    EC40032(40032, "不合法的UserID列表长度", "检查下列表是否为空，且长度合适。创建部门接口的userPerimits最多接收10000个"),
-    EC40033(40033, "不合法的请求字符，不能包含\\uxxxx格式的字符", "无"),
-    EC40035(40035, "不合法的参数", "检查下有没有传请求参数，一般发生在http post形式的接口里，没有传参数"),
-    EC40038(40038, "不合法的请求格式", "检查下参数中是不是少了某个字段，具体参考各个文档的参数介绍"),
-    EC40039(40039, "不合法的URL长度", "无"),
-    EC40048(40048, "url中包含不合法domain", "发消息接口中消息url链接不安全"),
-    EC40055(40055, "不合法的agent结构", "已废弃"),
-    EC40056(40056, "不合法的agentid", "检查下agentid字段是否为空，是否真实存在"),
-    EC40057(40057, "不合法的callbackurl", "无"),
-    EC40061(40061, "设置应用头像失败", "无"),
-    EC40062(40062, "不合法的应用模式", "无"),
-    EC40063(40063, "不合法的分机号", "tel字段长度超长，长度不能超过50"),
-    EC40064(40064, "不合法的工作地址", "workPlace长度超长，长度不能超过50个字符"),
-    EC40065(40065, "不合法的备注", "remark长度超长，长度不能超过1024个字符"),
-    EC40066(40066, "不合法的部门列表", "部门id列表长度太长，不能超过10000，并且每个id必须是数字"),
-    EC40067(40067, "标题长度不合法", "检查下标题长度"),
-    EC40068(40068, "不合法的偏移量", "偏移量必须大于0"),
-    EC40069(40069, "不合法的分页大小", "分页大小不合法，具体参考每个接口的参数定义"),
-    EC40070(40070, "不合法的排序参数", "具体参考获取部门成员接口里面对order字段的定义"),
-    EC40073(40073, "不存在的openid", "openid不能为空"),
-    EC40077(40077, "不存在的预授权码", "无"),
-    EC40078(40078, "不存在的临时授权码", "临时授权码不能为空，且只能被使用一次"),
-    EC40079(40079, "不存在的授权信息", "检查下企业是否授权"),
-    EC40080(40080, "不合法的suitesecret", "无"),
-    EC40082(40082, "不合法的suitetoken", "检查下token"),
-    EC40083(40083, "不合法的suiteid", "suiteKey字段不合法"),
-    EC40084(40084, "不合法的永久授权码", "检查下永久授权码是否正确"),
-    EC40085(40085, "不存在的suiteticket", "检查下suiteticket是否正确，确保是由回调接口正确来接收suiteticket"),
-    EC40086(40086, "不合法的第三方应用appid", "appid字段不能为空"),
-    EC40087(40087, "创建永久授权码失败", "稍后再重试下，确保参数都传对"),
-    EC40088(40088, "不合法的套件key或secret", "稍后再重试下，确保suiteKey和suiteSecret都传对且一一对应"),
-    EC40089(40089, "不合法的corpid或corpsecret", "稍后再重试下，确保corpid和corpsecret字段传对且一一对应"),
-    EC40090(40090, "套件已经不存在", "检查下suiteKey字段是否正确"),
-    EC40091(40091, "用户授权码创建失败，需要用户重新授权", "创建永久授权码失败，需要用户重新授权产生临时授权码"),
-    EC40103(40103, "用户开启了账号保护，无法被加入到您的团队", "用户在钉钉“我的-设置-隐私”出开启了账号保护"),
-    EC40104(40104, "无效手机号", "检查手机号格式是否正确"),
-    EC41001(41001, "缺少access_token参数", "检查下access_token是否传了，注意该参数必须跟在请求url中"),
-    EC41002(41002, "缺少corpid参数", "检查下corpid是否为空"),
-    EC41003(41003, "缺少refresh_token参数", "检查下refresh_token是否为空"),
-    EC41004(41004, "缺少secret参数", "检查下secret参数是否为空"),
-    EC41005(41005, "缺少多媒体文件数据", "无"),
-    EC41006(41006, "缺少media_id参数", "检查下media_id参数是否为空"),
-    EC41007(41007, "无效的ssocode", "sso的永久授权code无效，检查下是否为空"),
-    EC41008(41008, "缺少oauth", "无"),
-    EC41009(41009, "缺少UserID", "检查下UserID是否为空"),
-    EC41010(41010, "缺少url", "检查下url是否为空"),
-    EC41011(41011, "缺少agentid", "检查下agentid是否为空"),
-    EC41012(41012, "缺少应用头像mediaid", "检查下mediaid是否为空"),
-    EC41013(41013, "缺少应用名字", "检查应用名字是否为空"),
-    EC41014(41014, "缺少应用描述", "检查应用描述是否为空"),
-    EC41015(41015, "缺少JSON参数", "检查JSON参数是否为空"),
-    EC41021(41021, "缺少suitekey", "检查suitekey参数是否为空"),
-    EC41022(41022, "缺少suitetoken", "检查suitetoken参数是否为空"),
-    EC41023(41023, "缺少suiteticket", "检查suiteticket参数是否为空"),
-    EC41024(41024, "缺少suitesecret", "检查suitesecret参数是否为空"),
-    EC41025(41025, "缺少permanent_code", "检查permanent_code永久授权码参数是否为空"),
-    EC41026(41026, "缺少tmp_auth_code", "检查tmp_auth_code临时授权码参数是否为空"),
-    EC41027(41027, "需要授权企业的corpid参数", "检查corpid参数是否为空"),
-    EC41028(41028, "禁止给全员发送消息", "检查是否有全员发送消息的权限，ISV没有该权限"),
-    EC41029(41029, "超过消息接收者人数上限", "发送OA消息人数超上限（企业消息人数上限：5000，ISV消息人数上限：1000）"),
-    EC41030(41030, "企业未对该套件授权", "检查该企业是否已经对该套件进行授权"),
-    EC41031(41031, "auth_corpid和permanent_code不匹配", "激活套件时使用的auth_corpid和permanent_code不匹配"),
-    EC41041(41041, "查询间隔时间太长", "考勤打卡数据查询间隔时间超过7天"),
-    EC41044(41044, "禁止发送消息", "检查是否有权限发送消息"),
-    EC41045(41045, "单应用全员消息/每天总量超限", "无"),
-    EC41046(41046, "超过发送全员消息的每分钟次数上限", "企业OA消息全员发送每天不能超过3次，ISV不能发送全员消息"),
-    EC41047(41047, "超过给该企业发消息的每分钟次数上限", "企业OA消息每分钟不能超过1500次，ISV OA消息每分钟不能超过200次"),
-    EC41048(41048, "超过给企业发消息的每分钟次数总上限", ""),
-    EC41049(41049, "包含违禁内容", "检查消息文本中是否有黄色、反动等词语"),
-    EC41050(41050, "无效的活动编码", "无"),
-    EC41051(41051, "活动权益的校验失败", "无"),
-    EC41100(41100, "时间参数不合法", "时间参数不能为空，且为“yyyy-MM-dd hh:mm:ss”格式"),
-    EC41101(41101, "数据内容过长", "请求体字符长度不能大于4096"),
-    EC41102(41102, "参数值过大", "上传文件或者idlist等参数过大"),
-    EC42001(42001, "access_token超时", "请检查网络状态"),
-    EC42002(42002, "refresh_token超时", "请检查网络状态"),
-    EC42003(42003, "oauth_code超时", "请检查网络状态"),
-    EC42007(42007, "预授权码失效", "请检查该预授权码是否已经使用过"),
-    EC42008(42008, "临时授权码失效", "请检查该临时授权码是否已经使用过或者是否不正确"),
-    EC42009(42009, "suitetoken失效", "请检查该suitetoken是否已经过期"),
-    EC43001(43001, "需要GET请求", "请检查http请求方式是否正确"),
-    EC43002(43002, "需要POST请求", "请检查http请求方式是否正确"),
-    EC43003(43003, "需要HTTPS", "请检查调用接口协议是否是https"),
-    EC43004(43004, "无效的HTTP HEADER Content-Type", "请检查请求头中的content-type是否正确"),
-    EC43005(43005, "需要Content-Type为application/json;charset=UTF-8", "请检查请求头中的content-type是否是“application/json;charset=UTF-8”"),
-    EC43007(43007, "需要授权", "该接口需要access_token才能调用"),
-    EC43008(43008, "参数需要multipart类型", "检查提交参数中的ENCTYPE是否是multipart类型"),
-    EC43009(43009, "post参数需要json类型", "请检查post参数数据是否是json类型"),
-    EC44001(44001, "多媒体文件为空", "请检查多媒体文件数据是否为空"),
-    EC44002(44002, "POST的数据包为空", "请检查POST的数据包是否为空"),
-    EC44003(44003, "图文消息内容为空", "请检查图文消息参数是否为空"),
-    EC44004(44004, "文本消息内容为空", "请检查文本消息参数是否为空"),
-    EC45001(45001, "多媒体文件大小超过限制", "无"),
-    EC45002(45002, "消息内容超过限制", "无"),
-    EC45003(45003, "标题字段超过限制", "无"),
-    EC45004(45004, "描述字段超过限制", "无"),
-    EC45005(45005, "链接字段超过限制", "无"),
-    EC45006(45006, "图片链接字段超过限制", "无"),
-    EC45007(45007, "语音播放时间超过限制", "无"),
-    EC45008(45008, "图文消息超过限制", "无"),
-    EC45009(45009, "接口调用超过限制", "无"),
-    EC45016(45016, "系统分组，不允许修改", "无"),
-    EC45017(45017, "分组名字过长", "无"),
-    EC45018(45018, "分组数量超过上限", "无"),
-    EC45024(45024, "账号数量超过上限", "无"),
-    EC46001(46001, "不存在媒体数据", "无"),
-    EC46004(46004, "不存在的员工", "无"),
-    EC47001(47001, "解析JSON/XML内容错误", "无"),
-    EC48002(48002, "Api禁用", "无"),
-    EC48003(48003, "suitetoken无效", "无"),
-    EC48004(48004, "授权关系无效", "无"),
-    EC49000(49000, "缺少chatid", "请检查参数中是否有chatid"),
-    EC49001(49001, "绑定的微应用超过个数限制", "绑定群会话和微应用超过5个"),
-    EC49002(49002, "一个群只能被一个ISV套件绑定一次", "无"),
-    EC49003(49003, "操作者必须为群主", "无"),
-    EC49004(49004, "添加成员列表和删除成员列表不能有交集", "无"),
-    EC49005(49005, "群人数超过人数限制", "无"),
-    EC49006(49006, "群成员列表必须包含群主", "无"),
-    EC49007(49007, "超过创建群的个数上限", "无"),
-    EC49008(49008, "不合法的群类型，只能传入0或2", "无"),
-    EC49009(49009, "企业群不能添加外部联系人，群主只能为企业员工", "无"),
-    EC49010(49010, "群成员不能为空", "无"),
-    EC49011(49011, "群员工列表超长", "无"),
-    EC49012(49012, "群外部联系人列表超长", "无"),
-    EC49013(49013, "群主不能为空", "无"),
-    EC49014(49014, "非法的群主类型，只能为emp或者ext", "无"),
-    EC49015(49015, "不合法的群名称", "无"),
-    EC49016(49016, "查询企业员工不存在", "无"),
-    EC49017(49017, "查询企业外部联系人不存在", "无"),
-    EC49018(49018, "群主非企业员工", "无"),
-    EC49019(49019, "群主非企业外部通讯录人员", "无"),
-    EC49020(49020, "某人处于勿扰模式，拒绝加入群聊；请先与TA建立好友关系", "无"),
-    EC49021(49021, "非好友建立群聊，认证用户一天只能拉50个人，非认证用户一天只能拉10个人", "无"),
-    EC49022(49022, "某人拒绝加入群聊", "无"),
-    EC49023(49023, "某人处于勿扰模式，拒绝加入群聊；请先与TA建立好友关系", "无"),
-    EC50001(50001, "redirect_uri未授权", "无"),
-    EC50002(50002, "员工不在权限范围", "无"),
-    EC50003(50003, "应用已停用", "无"),
-    EC50004(50004, "企业部门不在授权范围", "检查企业部门是否设置可见范围，具体排查方法请参考通讯录FAQ"),
-    EC50005(50005, "企业已禁用", "无"),
-    EC52010(52010, "无效的corpid", "请检查corpid参数是否正确"),
-    EC52011(52011, "jsapi ticket 读取失败", "请检查ticket参数是否正确"),
-    EC52012(52012, "jsapi 签名生成失败", "请检查“url, nonceStr, timestamp, ticket”等参数是否正确"),
-    EC52013(52013, "签名校验失败", "请检查“url, nonceStr, timestamp, ticket”等参数是否正确"),
-    EC52014(52014, "无效的url参数", "请检查url参数是否正确"),
-    EC52015(52015, "无效的随机字符串参数", "请检查nonceStr参数是否正确"),
-    EC52016(52016, "无效的签名参数", "请检查“url, nonceStr, timestamp, ticket”等参数是否正确"),
-    EC52017(52017, "无效的jsapi列表参数", "请检查dd.config中的jsApiList参数是否正确"),
-    EC52018(52018, "无效的时间戳", "请检查timestamp参数是否正确"),
-    EC52019(52019, "无效的agentid", "请检查agentid参数是否正确"),
-    EC60001(60001, "不合法的部门名称", "请检查部门名称是否正确，长度不能超过64个字符"),
-    EC60002(60002, "部门层级深度超过限制", "无"),
-    EC60003(60003, "部门不存在", "无"),
-    EC60004(60004, "父亲部门不存在", "无"),
-    EC60005(60005, "不允许删除有成员的部门", "无"),
-    EC60006(60006, "不允许删除有子部门的部门", "无"),
-    EC60007(60007, "不允许删除根部门", "无"),
-    EC60008(60008, "父部门下该部门名称已存在", "无"),
-    EC60009(60009, "部门名称含有非法字符", "无"),
-    EC60010(60010, "部门存在循环关系", "无"),
-    EC60011(60011, "没有调用该接口的权限", "请检查当前请求使用的access_token是否有对该部门/人的操作权限，查看获取appSecret授权范围"),
-    EC60012(60012, "不允许删除默认应用", "无"),
-    EC60013(60013, "不允许关闭应用", "无"),
-    EC60014(60014, "不允许开启应用", "无"),
-    EC60015(60015, "不允许修改默认应用可见范围", "无"),
-    EC60016(60016, "部门id已经存在", "无"),
-    EC60017(60017, "不允许设置企业", "无"),
-    EC60018(60018, "不允许更新根部门", "无"),
-    EC60019(60019, "从部门查询人员失败", "请检查该成员是否在该部门中"),
-    EC60020(60020, "访问ip不在白名单之中", "如果是企业应用，检查配置的服务器出口ip地址是否和请求ip地址一致。如果是isv应用，请检查套件ip白名单和请求ip是否一致"),
-    EC60067(60067, "部门的企业群群主不存在", "无"),
-    EC60068(60068, "部门的管理员不存在", "无"),
-    EC60102(60102, "UserID在公司中已存在", "无"),
-    EC60103(60103, "手机号码不合法", "无"),
-    EC60104(60104, "手机号码在公司中已存在", "无"),
-    EC60105(60105, "邮箱不合法", "无"),
-    EC60106(60106, "邮箱已存在", "无"),
-    EC60107(60107, "使用该手机登录钉钉的用户已经在企业中", "无"),
-    EC60110(60110, "部门个数超出限制", "无"),
-    EC60111(60111, "UserID不存在", "无"),
-    EC60112(60112, "用户name不合法", "无"),
-    EC60113(60113, "身份认证信息（手机/邮箱）不能同时为空", "无"),
-    EC60114(60114, "性别不合法", "无"),
-    EC60118(60118, "用户无有效邀请字段（邮箱，手机号）", "无"),
-    EC60119(60119, "不合法的position", "无"),
-    EC60120(60120, "用户已禁用", "无"),
-    EC60121(60121, "找不到该用户", "检查该企业下该员工是否存在"),
-    EC60122(60122, "不合法的extattr", "无"),
-    EC60123(60123, "不合法的jobnumber", "无"),
-    EC60124(60124, "用户不在此群中", "无"),
-    EC60125(60125, "CRM配置信息创建失败", "无"),
-    EC60126(60126, "CRM配置信息更新失败", "无"),
-    EC60127(60127, "CRM人员配置信息删除失败", "无"),
-    EC70001(70001, "企业不存在或者已经被解散", "无"),
-    EC70002(70002, "获取套件下的微应用失败", "无"),
-    EC70003(70003, "agentid对应微应用不存在", "无"),
-    EC70004(70004, "企业下没有对应该agentid的微应用", "注意：代表应用和企业映射关系的ID (appId的实例化ID)，同一个ISV应用在不同企业的agentId不一致"),
-    EC70005(70005, "ISV激活套件失败", "请检查激活套件使用的参数是否正确"),
-    EC71006(71006, "回调地址已经存在", "无"),
-    EC71007(71007, "回调地址已不存在", "无"),
-    EC71008(71008, "回调call_back_tag必须在指定的call_back_tag列表中", "无"),
-    EC71009(71009, "返回文本非success", "回调地址返回的内容必须是“success”文本经过加密后的结果"),
-    EC71010(71010, "POST的JSON数据不包含所需要的参数字段或包含的参数格式非法", "无"),
-    EC71011(71011, "传入的url参数不是合法的url格式", "合法的URL地址是协议+域名+端口+路径path+参数组成"),
-    EC71012(71012, "url地址访问异常", "无"),
-    EC71013(71013, "此域名或IP不能注册或者接收回调事件", "注意回调地址的域名或者IP必须在套件的ip白名单中，并且该ip必须为外网ip"),
-    EC72001(72001, "获取钉盘空间失败", "检查domain、agent_id、access_token参数是否正确有效"),
-    EC72002(72002, "授权钉盘空间访问权限失败", "无"),
-    EC80001(80001, "可信域名没有IPC备案，后续将不能在该域名下正常使用jssdk", "无"),
-    EC81001(81001, "两个用户没有任何关系，请先相互成为好友", "无"),
-    EC81002(81002, "用户拒收消息", "无"),
-    EC88005(88005, "管理日历个人日历操作失败", "无"),
-    EC89001(89001, "管理日历启动导出任务失败", "无"),
-    EC89011(89011, "管理日历写入数据失败", "无"),
-    EC89012(89012, "管理日历更新数据失败", "无"),
-    EC90001(90001, "您的服务器调用钉钉开放平台所有接口的请求都被暂时禁用了", "无"),
-    EC90002(90002, "您的服务器调用钉钉开放平台当前接口的所有请求都被暂时禁用了", "无"),
-    EC90003(90003, "您的企业调用钉钉开放平台所有接口的请求都被暂时禁用了，仅对企业自己的Accesstoken有效", "无"),
-    EC90004(90004, "您当前使用的CorpId及CorpSecret被暂时禁用了，仅对企业自己的Accesstoken有效", "无"),
-    EC90005(90005, "您的企业调用当前接口次数过多，请求被暂时禁用了，仅对企业自己的Accesstoken有效", "无"),
-    EC90006(90006, "您当前使用的CorpId及CorpSecret调用当前接口次数过多，请求被暂时禁用了，仅对企业自己的Accesstoken有效", "无"),
-    EC90007(90007, "您当前要调用的企业的接口次数过多，对该企业的所有请求都被暂时禁用了，仅对企业授权给ISV的Accesstoken有效", "无"),
-    EC90008(90008, "您当前要调用的企业的当前接口次数过多，对此企业下该接口的所有请求都被暂时禁用了，仅对企业授权给ISV的Accesstoken有效", "无"),
-    EC90009(90009, "您调用企业接口超过了限制，对所有企业的所有接口的请求都被暂时禁用了，仅对企业授权给ISV的Accesstoken有效", "无"),
-    EC90010(90010, "您调用企业当前接口超过了限制，对所有企业的该接口的请求都被暂时禁用了，仅对企业授权给ISV的Accesstoken有效", "无"),
-    EC90011(90011, "您的套件调用企业接口超过了限制，该套件的所有请求都被暂时禁用了，仅对企业授权给ISV的Accesstoken有效", "无"),
-    EC90012(90012, "您的套件调用企业当前接口超过了限制，该套件对此接口的所有请求都被暂时禁用了，仅对企业授权给ISV的Accesstoken有效", "无"),
-    EC90013(90013, "您的套件调用当前企业的接口超过了限制，该套件对此企业的所有请求都被暂时禁用了，仅对企业授权给ISV的Accesstoken有效", "无"),
-    EC90014(90014, "您的套件调用企业当前接口超过了限制，该套件对此企业该接口的所有请求都被暂时禁用了，仅对企业授权给ISV的Accesstoken有效", "无"),
-    EC900001(900001, "加密明文文本非法", "加密明文不能为空"),
-    EC900002(900002, "加密时间戳参数非法", "加密时间戳不能为空"),
-    EC900003(900003, "加密随机字符串参数非法", "加密随机字符串不能为空"),
-    EC900004(900004, "不合法的aeskey", "检查aeskey是否符合规格，长度固定为43个字符，从a-z, A-Z, 0-9共62个字符中选取，是AESKey的Base64编码。解码后即为32字节长的AESKey"),
-    EC900005(900005, "签名不匹配", "检查签名计算的参数是否正确。请参考文档获取签名参数"),
-    EC900006(900006, "计算签名错误", "检查签名计算的参数是否正确。请参考文档获取签名参数"),
-    EC900007(900007, "计算加密文字错误", "检查是否安装JRE补丁或者对应的JRE版本是否正常。 请参考文档ISV应用开发准备工作"),
-    EC900008(900008, "计算解密文字错误", "检查是否安装JRE补丁或者对应的JRE版本是否正常。 请参考文档ISV应用开发准备工作"),
-    EC900009(900009, "计算解密文字长度不匹配", "检查aeskey是否符合规格。长度固定为43个字符，从a-z, A-Z, 0-9共62个字符中选取，是AESKey的Base64编码"),
-    EC900010(900010, "计算解密文字corpid不匹配", "检查corpid是否正确或者是否为当前企业的corpid"),
-    EC400010(400010, "激活的设备不存在（未绑定）", "无"),
-    EC400011(400011, "设备已经激活", "无"),
-    EC400020(400020, "无访问权限", "无"),
-    EC400021(400021, "密钥错误", "无"),
-    EC400022(400022, "设备不存在", "无"),
-    EC400023(400023, "用户不存在", "无"),
-    EC400040(400040, "回调不存在", "检查是否注册回调事件"),
-    EC400041(400041, "回调已经存在", "检查该回调事件是否已注册过"),
-    EC400042(400042, "企业不存在", "无"),
-    EC400043(400043, "企业不合法", "无"),
-    EC400050(400050, "回调地址无效", "检查回调地址是否正确或者符合地址格式"),
-    EC400051(400051, "回调地址访问异常", "注意回调地址必须部署到外网以便开发平台通过回调地址推送回调信息"),
-    EC400052(400052, "回调地址访返回数据错误", "无"),
-    EC400053(400053, "回调地址在黑名单中无法注册", "回调地址已添加黑名单，无法注册"),
-    EC400054(400054, "回调URL访问超时", "无"),
-    EC400055(400055, "回调设备不在线", "无"),
-    EC400056(400056, "回调访问设备失败", "无"),
-    EC400057(400057, "回调访问设备不存在", "无"),
-    EC420001(420001, "客户不存在", "无"),
-    EC420002(420002, "客户查询失败", "无"),
-    EC420003(420003, "联系人不存在", "无"),
-    EC420004(420004, "联系人查询失败", "无"),
-    EC420005(420005, "客户删除失败", "无"),
-    EC420006(420006, "联系人删除失败", "无"),
-    EC420007(420007, "跟进人绑定失败", "无"),
-    EC420008(420008, "客户id非法", "无"),
-    EC420009(420009, "跟进人id非法", "无"),
-    EC4200010(4200010, "客户联系人id非法", "无"),
-    EC4200011(4200011, "客户描述表单不存在", "无"),
-    EC4200012(4200012, "客户描述表单查询失败", "无"),
-    EC4200013(4200013, "联系人描述表单不存在", "无"),
-    EC4200014(4200014, "联系人描述表单查询失败", "无"),
-    EC4200015(4200015, "客户描述表单格式校验错误", "无"),
-    EC4200016(4200016, "客户描述表单格缺少固定字段", "无"),
-    EC4200017(4200017, "客户联系人描述表单格式校验错误", "无"),
-    EC4200018(4200018, "客户联系人描述表单格缺少固定字段", "无"),
-    EC4200019(4200019, "客户描述表单数据格式校验错误", "无"),
-    EC4200020(4200020, "客户描述表单数据缺少固定字段", "无"),
-    EC4200021(4200021, "客户联系人描述表单数据格式校验错误", "无"),
-    EC4200022(4200022, "客户联系人描述表单数据缺少固定字段", "无"),
-    EC800001(800001, "仅限ISV调用", "只有ISV微应用才能调用"),
-    EC41042(41042, "加密失败", "无"),
-    EC41043(41043, "解密失败", "无"),
-    EC40100(40100, "分机号已经存在", "无"),
-    EC40101(40101, "邮箱已经存在", "无"),
-    EC33013(33013, "企业自建微应用的个数过多，通过接口创建微应用受限", "此限制只针对企业自建微应用，对ISV应用没有限制"),
-    EC90017(90017, "此IP使用CorpId及CorpSecret调用接口的CorpId个数超过限制", "从该ip发起超过XX个corpid的请求被限制"),
-    EC40102(40102, "过期的临时授权码", "注意临时授权只能使用一次后就不能在使用。 需要重新执行授权操作有开放平台推送新的临时授权码"),
-    EC52020(52020, "未找到服务窗授权", "无"),
-    EC52021(52021, "未找到微应用授权", "无"),
-    EC52022(52022, "无效的jsapi类型", "无"),
-    EC52023(52023, "无效的服务窗agentid", "检查服务窗微应用是否停用或者删除"),
-    EC52024(52024, "无效的jsapi tag", "无"),
-    EC52025(52025, "无效的安全微应用", "无"),
-    EC52026(52026, "无效的安全微应用URL", "无"),
-    EC71014(71014, "获取套件下的服务窗应用失败", "无"),
-    EC72003(72003, "钉盘空间添加文件失败", "无"),
-    EC60128(60128, "无效的主管id", "无"),
-    EC200001(200001, "表单不能为空", "无"),
-    EC200004(200004, "APP_ID 不允许为空", "app_id为创建套件成功后，创建的ISV微应用的微应用ID。 可以登录开发者后台查看"),
-    EC200005(200005, "表单名称不允许为空", "无"),
-    EC200006(200006, "表单内容不允许为空", "无"),
-    EC200007(200007, "表单值不允许为空", "无"),
-    EC200008(200008, "表单uuid不存在", "无"),
-    EC400001(400001, "系统错误", "无"),
-    EC400002(400002, "参数错误", "检查参数是否符合规格。具体请参考当前接口的文档的参数说明和参数示例"),
-    EC400003(400003, "时间戳无效", "检查随机时间戳是否符合规格。具体请参考当前接口的文档的参数说明和参数示例"),
-    EC400004(400004, "随机数无效", "检查随机随机数是否符合规格。具体请参考当前接口的文档的参数说明和参数示例");
-
-    private int code;
-    private String desc;
-    private String solution;
-
-    AuthDingTalkErrorCode(int code, String desc, String solution) {
-        this.code = code;
-        this.desc = desc;
-        this.solution = solution;
-    }
-
-    public static AuthDingTalkErrorCode getErrorCode(int errorCode) {
-        AuthDingTalkErrorCode[] errorCodes = AuthDingTalkErrorCode.values();
-        for (AuthDingTalkErrorCode code : errorCodes) {
-            if (code.getCode() == errorCode) {
-                return code;
-            }
-        }
-        return EC1_MINUS;
-    }
-
-    public int getCode() {
-        return code;
-    }
-
-    public String getDesc() {
-        return desc;
-    }
-
-    public String getSolution() {
-        return solution;
-    }
-}
@@ -1,18 +1,17 @@
 package me.zhyd.oauth.model;

 import lombok.Builder;
-import lombok.Data;
-import me.zhyd.oauth.request.ResponseStatus;
+import lombok.Getter;
+import me.zhyd.oauth.enums.AuthResponseStatus;

 /**
 * JustAuth统一授权响应类
 *
 * @author yadong.zhang (yadong.zhang0415(a)gmail.com)
- * @version 1.0
 * @since 1.8
 */
+@Getter
@Builder
-@Data
 public class AuthResponse<T> {
    /**
     * 授权响应状态码
@@ -35,6 +34,6 @@ public class AuthResponse<T> {
     * @return true or false
     */
    public boolean ok() {
-        return this.code == ResponseStatus.SUCCESS.getCode();
+        return this.code == AuthResponseStatus.SUCCESS.getCode();
    }
 }
@@ -1,30 +0,0 @@
-package me.zhyd.oauth.model;
-
-/**
- * 授权来源（平台）
- *
- * @author yadong.zhang (yadong.zhang0415(a)gmail.com)
- * @version 1.0
- * @since 1.8
- */
-public enum AuthSource {
-    GITHUB,
-    GITEE,
-    WEIBO,
-    DINGTALK,
-    BAIDU,
-    CSDN,
-    CODING,
-    OSCHINA,
-    TENCENT_CLOUD,
-    ALIPAY,
-    TAOBAO,
-    QQ,
-    WECHAT,
-    GOOGLE,
-    FACEBOOK,
-    DOUYIN,
-    LINKEDIN,
-    MICROSOFT,
-    MI
-}
@@ -1,16 +1,17 @@
 package me.zhyd.oauth.model;

 import lombok.Builder;
-import lombok.Data;
+import lombok.Getter;
+import lombok.Setter;

 /**
 * 授权所需的token
 *
 * @author yadong.zhang (yadong.zhang0415(a)gmail.com)
- * @version 1.0
 * @since 1.8
 */
-@Data
+@Getter
+@Setter
@Builder
 public class AuthToken {
    private String accessToken;
@@ -19,6 +20,7 @@ public class AuthToken {
    private String uid;
    private String openId;
    private String accessCode;
+    private String unionId;

    /**
     * Google附带属性
@@ -33,4 +35,11 @@ public class AuthToken {
    private String macAlgorithm;
    private String macKey;

+    /**
+     * 企业微信附带属性
+     *
+     * @since 1.10.0
+     */
+    private String code;
+
 }
@@ -1,18 +1,26 @@
 package me.zhyd.oauth.model;

-import lombok.Builder;
-import lombok.Data;
+import lombok.*;
+import me.zhyd.oauth.enums.AuthUserGender;

 /**
 * 授权成功后的用户信息，根据授权平台的不同，获取的数据完整性也不同
 *
 * @author yadong.zhang (yadong.zhang0415(a)gmail.com)
- * @version 1.0
 * @since 1.8
 */
+@Getter
+@Setter
@Builder
-@Data
+@NoArgsConstructor
+@AllArgsConstructor
 public class AuthUser {
+    /**
+     * 用户第三方系统的唯一id。在调用方集成改组件时，可以用uuid + source唯一确定一个用户
+     *
+     * @since 1.3.3
+     */
+    private String uuid;
    /**
     * 用户名
     */
@@ -52,13 +60,10 @@ public class AuthUser {
    /**
     * 用户来源
     */
-    private AuthSource source;
+    private String source;
    /**
     * 用户授权的token信息
     */
    private AuthToken token;
-    /**
-     * 用户第三方系统的唯一id。在调用方集成改组件时，可以用uuid + source唯一确定一个用户
-     */
-    private String uuid;
+
 }
@@ -1,44 +0,0 @@
-package me.zhyd.oauth.model;
-
-import java.util.Arrays;
-
-/**
- * 用户性别
- *
- * @author yadong.zhang (yadong.zhang0415(a)gmail.com)
- * @version 1.0
- * @since 1.8
- */
-public enum AuthUserGender {
-    MALE(1, "男"), FEMALE(0, "女"), UNKNOW(-1, "");
-    private int code;
-    private String desc;
-
-    AuthUserGender(int code, String desc) {
-        this.code = code;
-        this.desc = desc;
-    }
-
-    public static AuthUserGender getRealGender(String code) {
-        if (code == null) {
-            return UNKNOW;
-        }
-        String[] males = {"m", "男", "1", "male", "F"};
-        if (Arrays.asList(males).contains(code)) {
-            return MALE;
-        }
-        String[] females = {"f", "女", "0", "female"};
-        if (Arrays.asList(females).contains(code)) {
-            return FEMALE;
-        }
-        return UNKNOW;
-    }
-
-    public int getCode() {
-        return code;
-    }
-
-    public String getDesc() {
-        return desc;
-    }
-}
@@ -0,0 +1,4 @@
+/**
+ * JustAuth核心模型类，封装了用户、token、响应和callback等实体类
+ */
+package me.zhyd.oauth.model;
@@ -0,0 +1,8 @@
+/**
+ * JustAuth，如你所见，它仅仅是一个第三方授权登录的工具类库，它可以让我们脱离繁琐的第三方登录SDK，让登录变得So easy!
+ * <p>
+ * 史上最全的整合第三方登录的开源库。目前已支持Github、Gitee、微博、钉钉、百度、Coding、腾讯云开发者平台、OSChina、
+ * 支付宝、QQ、微信、淘宝、Google、Facebook、抖音、领英、小米、微软、今日头条、Teambition、StackOverflow、Pinterest、
+ * 人人、华为和企业微信等第三方平台的授权登录。 Login, so easy!
+ */
+package me.zhyd.oauth;
@@ -7,51 +7,59 @@ import com.alipay.api.request.AlipaySystemOauthTokenRequest;
 import com.alipay.api.request.AlipayUserInfoShareRequest;
 import com.alipay.api.response.AlipaySystemOauthTokenResponse;
 import com.alipay.api.response.AlipayUserInfoShareResponse;
+import me.zhyd.oauth.cache.AuthStateCache;
 import me.zhyd.oauth.config.AuthConfig;
-import me.zhyd.oauth.consts.ApiUrl;
+import me.zhyd.oauth.config.AuthDefaultSource;
+import me.zhyd.oauth.enums.AuthUserGender;
 import me.zhyd.oauth.exception.AuthException;
-import me.zhyd.oauth.model.AuthSource;
+import me.zhyd.oauth.model.AuthCallback;
 import me.zhyd.oauth.model.AuthToken;
 import me.zhyd.oauth.model.AuthUser;
-import me.zhyd.oauth.model.AuthUserGender;
 import me.zhyd.oauth.utils.StringUtils;
+import me.zhyd.oauth.utils.UrlBuilder;

 /**
 * 支付宝登录
 *
 * @author yadong.zhang (yadong.zhang0415(a)gmail.com)
- * @version 1.0
- * @since 1.8
+ * @since 1.0.1
 */
-public class AuthAlipayRequest extends BaseAuthRequest {
+public class AuthAlipayRequest extends AuthDefaultRequest {

    private AlipayClient alipayClient;

    public AuthAlipayRequest(AuthConfig config) {
-        super(config, AuthSource.ALIPAY);
-        this.alipayClient = new DefaultAlipayClient(ApiUrl.ALIPAY.accessToken(), config.getClientId(), config.getClientSecret(), "json", "UTF-8", config.getAlipayPublicKey(), "RSA2");
+        super(config, AuthDefaultSource.ALIPAY);
+        this.alipayClient = new DefaultAlipayClient(AuthDefaultSource.ALIPAY.accessToken(), config.getClientId(), config.getClientSecret(), "json", "UTF-8", config
+            .getAlipayPublicKey(), "RSA2");
+    }
+
+    public AuthAlipayRequest(AuthConfig config, AuthStateCache authStateCache) {
+        super(config, AuthDefaultSource.ALIPAY, authStateCache);
+        this.alipayClient = new DefaultAlipayClient(AuthDefaultSource.ALIPAY.accessToken(), config.getClientId(), config.getClientSecret(), "json", "UTF-8", config
+            .getAlipayPublicKey(), "RSA2");
    }

    @Override
-    protected AuthToken getAccessToken(String code) {
+    protected AuthToken getAccessToken(AuthCallback authCallback) {
        AlipaySystemOauthTokenRequest request = new AlipaySystemOauthTokenRequest();
        request.setGrantType("authorization_code");
-        request.setCode(code);
+        request.setCode(authCallback.getAuth_code());
        AlipaySystemOauthTokenResponse response = null;
        try {
            response = this.alipayClient.execute(request);
        } catch (Exception e) {
-            throw new AuthException("Unable to get token from alipay using code [" + code + "]", e);
+            throw new AuthException(e);
        }
        if (!response.isSuccess()) {
            throw new AuthException(response.getSubMsg());
        }
        return AuthToken.builder()
-                .accessToken(response.getAccessToken())
-                .uid(response.getUserId())
-                .expireIn(Integer.parseInt(response.getExpiresIn()))
-                .refreshToken(response.getRefreshToken())
-                .build();
+            .accessToken(response.getAccessToken())
+            .uid(response.getUserId())
+            .expireIn(Integer.parseInt(response.getExpiresIn()))
+            .refreshToken(response.getRefreshToken())
+            .build();
    }

    @Override
@@ -67,17 +75,36 @@ public class AuthAlipayRequest extends BaseAuthRequest {
        if (!response.isSuccess()) {
            throw new AuthException(response.getSubMsg());
        }
-        String province = response.getProvince(),
-                city = response.getCity();
+
+        String province = response.getProvince(), city = response.getCity();
+        String location = String.format("%s %s", StringUtils.isEmpty(province) ? "" : province, StringUtils.isEmpty(city) ? "" : city);
+
        return AuthUser.builder()
-                .uuid(response.getUserId())
-                .username(StringUtils.isEmpty(response.getUserName()) ? response.getNickName() : response.getUserName())
-                .nickname(response.getNickName())
-                .avatar(response.getAvatar())
-                .location(String.format("%s %s", StringUtils.isEmpty(province) ? "" : province, StringUtils.isEmpty(city) ? "" : city))
-                .gender(AuthUserGender.getRealGender(response.getGender()))
-                .token(authToken)
-                .source(AuthSource.ALIPAY)
-                .build();
+            .uuid(response.getUserId())
+            .username(StringUtils.isEmpty(response.getUserName()) ? response.getNickName() : response.getUserName())
+            .nickname(response.getNickName())
+            .avatar(response.getAvatar())
+            .location(location)
+            .gender(AuthUserGender.getRealGender(response.getGender()))
+            .token(authToken)
+            .source(source.toString())
+            .build();
+    }
+
+    /**
+     * 返回带{@code state}参数的授权url，授权回调时会带上这个{@code state}
+     *
+     * @param state state 验证授权流程的参数，可以防止csrf
+     * @return 返回授权地址
+     * @since 1.9.3
+     */
+    @Override
+    public String authorize(String state) {
+        return UrlBuilder.fromBaseUrl(source.authorize())
+            .queryParam("app_id", config.getClientId())
+            .queryParam("scope", "auth_user")
+            .queryParam("redirect_uri", config.getRedirectUri())
+            .queryParam("state", getRealState(state))
+            .build();
    }
 }
@@ -3,73 +3,127 @@ package me.zhyd.oauth.request;
 import cn.hutool.http.HttpRequest;
 import cn.hutool.http.HttpResponse;
 import com.alibaba.fastjson.JSONObject;
-import lombok.extern.slf4j.Slf4j;
+import me.zhyd.oauth.cache.AuthStateCache;
 import me.zhyd.oauth.config.AuthConfig;
+import me.zhyd.oauth.config.AuthDefaultSource;
+import me.zhyd.oauth.enums.AuthResponseStatus;
+import me.zhyd.oauth.enums.AuthUserGender;
 import me.zhyd.oauth.exception.AuthException;
-import me.zhyd.oauth.model.*;
+import me.zhyd.oauth.model.AuthCallback;
+import me.zhyd.oauth.model.AuthResponse;
+import me.zhyd.oauth.model.AuthToken;
+import me.zhyd.oauth.model.AuthUser;
+import me.zhyd.oauth.utils.StringUtils;
 import me.zhyd.oauth.utils.UrlBuilder;

 /**
 * 百度账号登录
 *
 * @author yadong.zhang (yadong.zhang0415(a)gmail.com)
- * @version 1.0
- * @since 1.8
+ * @since 1.0.0
 */
-public class AuthBaiduRequest extends BaseAuthRequest {
+public class AuthBaiduRequest extends AuthDefaultRequest {

    public AuthBaiduRequest(AuthConfig config) {
-        super(config, AuthSource.BAIDU);
+        super(config, AuthDefaultSource.BAIDU);
+    }
+
+    public AuthBaiduRequest(AuthConfig config, AuthStateCache authStateCache) {
+        super(config, AuthDefaultSource.BAIDU, authStateCache);
    }

    @Override
-    protected AuthToken getAccessToken(String code) {
-        String accessTokenUrl = UrlBuilder.getBaiduAccessTokenUrl(config.getClientId(), config.getClientSecret(), code, config.getRedirectUri());
-        HttpResponse response = HttpRequest.post(accessTokenUrl).execute();
-        JSONObject accessTokenObject = JSONObject.parseObject(response.body());
-        AuthBaiduErrorCode errorCode = AuthBaiduErrorCode.getErrorCode(accessTokenObject.getString("error"));
-        if (!AuthBaiduErrorCode.OK.equals(errorCode)) {
-            throw new AuthException(errorCode.getDesc());
-        }
-        return AuthToken.builder()
-                .accessToken(accessTokenObject.getString("access_token"))
-                .build();
+    protected AuthToken getAccessToken(AuthCallback authCallback) {
+        HttpResponse response = doPostAuthorizationCode(authCallback.getCode());
+        return getAuthToken(response);
    }

    @Override
    protected AuthUser getUserInfo(AuthToken authToken) {
-        String accessToken = authToken.getAccessToken();
-        HttpResponse response = HttpRequest.get(UrlBuilder.getBaiduUserInfoUrl(accessToken)).execute();
+        HttpResponse response = doGetUserInfo(authToken);
        String userInfo = response.body();
        JSONObject object = JSONObject.parseObject(userInfo);
-        AuthBaiduErrorCode errorCode = AuthBaiduErrorCode.getErrorCode(object.getString("error"));
-        if (!AuthBaiduErrorCode.OK.equals(errorCode)) {
-            throw new AuthException(errorCode.getDesc());
-        }
+        this.checkResponse(object);
        return AuthUser.builder()
-                .uuid(object.getString("userid"))
-                .username(object.getString("username"))
-                .nickname(object.getString("username"))
-                .gender(AuthUserGender.getRealGender(object.getString("sex")))
-                .token(authToken)
-                .source(AuthSource.BAIDU)
-                .build();
+            .uuid(object.getString("userid"))
+            .username(object.getString("username"))
+            .nickname(object.getString("username"))
+            .avatar(getAvatar(object))
+            .remark(object.getString("userdetail"))
+            .gender(AuthUserGender.getRealGender(object.getString("sex")))
+            .token(authToken)
+            .source(source.toString())
+            .build();
+    }
+
+    private String getAvatar(JSONObject object) {
+        String protrait = object.getString("portrait");
+        return StringUtils.isEmpty(protrait) ? null : String.format("http://himg.bdimg.com/sys/portrait/item/%s.jpg", protrait);
    }

    @Override
    public AuthResponse revoke(AuthToken authToken) {
-        String accessToken = authToken.getAccessToken();
-        HttpResponse response = HttpRequest.get(UrlBuilder.getBaiduRevokeUrl(accessToken)).execute();
-        String userInfo = response.body();
-        JSONObject object = JSONObject.parseObject(userInfo);
-        if(object.containsKey("error_code")) {
-            return AuthResponse.builder()
-                    .code(ResponseStatus.FAILURE.getCode())
-                    .msg(object.getString("error_msg"))
-                    .build();
-        }
-        ResponseStatus status = object.getIntValue("result") == 1 ? ResponseStatus.SUCCESS : ResponseStatus.FAILURE;
+        HttpResponse response = doGetRevoke(authToken);
+        JSONObject object = JSONObject.parseObject(response.body());
+        this.checkResponse(object);
+        // 返回1表示取消授权成功，否则失败
+        AuthResponseStatus status = object.getIntValue("result") == 1 ? AuthResponseStatus.SUCCESS : AuthResponseStatus.FAILURE;
        return AuthResponse.builder().code(status.getCode()).msg(status.getMsg()).build();
    }

+    @Override
+    public AuthResponse refresh(AuthToken authToken) {
+        String refreshUrl = UrlBuilder.fromBaseUrl(this.source.refresh())
+            .queryParam("grant_type", "refresh_token")
+            .queryParam("refresh_token", authToken.getRefreshToken())
+            .queryParam("client_id", this.config.getClientId())
+            .queryParam("client_secret", this.config.getClientSecret())
+            .build();
+        HttpResponse response = HttpRequest.get(refreshUrl).execute();
+        return AuthResponse.builder()
+            .code(AuthResponseStatus.SUCCESS.getCode())
+            .data(this.getAuthToken(response))
+            .build();
+    }
+
+    /**
+     * 返回带{@code state}参数的授权url，授权回调时会带上这个{@code state}
+     *
+     * @param state state 验证授权流程的参数，可以防止csrf
+     * @return 返回授权地址
+     * @since 1.9.3
+     */
+    @Override
+    public String authorize(String state) {
+        return UrlBuilder.fromBaseUrl(source.authorize())
+            .queryParam("response_type", "code")
+            .queryParam("client_id", config.getClientId())
+            .queryParam("redirect_uri", config.getRedirectUri())
+            .queryParam("display", "popup")
+            .queryParam("state", getRealState(state))
+            .build();
+    }
+
+    /**
+     * 检查响应内容是否正确
+     *
+     * @param object 请求响应内容
+     */
+    private void checkResponse(JSONObject object) {
+        if (object.containsKey("error") || object.containsKey("error_code")) {
+            String msg = object.containsKey("error_description") ? object.getString("error_description") : object.getString("error_msg");
+            throw new AuthException(msg);
+        }
+    }
+
+    private AuthToken getAuthToken(HttpResponse response) {
+        JSONObject accessTokenObject = JSONObject.parseObject(response.body());
+        this.checkResponse(accessTokenObject);
+        return AuthToken.builder()
+            .accessToken(accessTokenObject.getString("access_token"))
+            .refreshToken(accessTokenObject.getString("refresh_token"))
+            .scope(accessTokenObject.getString("scope"))
+            .expireIn(accessTokenObject.getIntValue("expires_in"))
+            .build();
+    }
 }
@@ -1,64 +1,94 @@
 package me.zhyd.oauth.request;

-import cn.hutool.http.HttpRequest;
 import cn.hutool.http.HttpResponse;
 import com.alibaba.fastjson.JSONObject;
+import me.zhyd.oauth.cache.AuthStateCache;
 import me.zhyd.oauth.config.AuthConfig;
+import me.zhyd.oauth.config.AuthDefaultSource;
+import me.zhyd.oauth.enums.AuthUserGender;
 import me.zhyd.oauth.exception.AuthException;
-import me.zhyd.oauth.model.AuthSource;
+import me.zhyd.oauth.model.AuthCallback;
 import me.zhyd.oauth.model.AuthToken;
 import me.zhyd.oauth.model.AuthUser;
-import me.zhyd.oauth.model.AuthUserGender;
 import me.zhyd.oauth.utils.UrlBuilder;

 /**
 * Cooding登录
 *
 * @author yadong.zhang (yadong.zhang0415(a)gmail.com)
- * @version 1.0
- * @since 1.8
+ * @since 1.0.0
 */
-public class AuthCodingRequest extends BaseAuthRequest {
+public class AuthCodingRequest extends AuthDefaultRequest {

    public AuthCodingRequest(AuthConfig config) {
-        super(config, AuthSource.CODING);
+        super(config, AuthDefaultSource.CODING);
+    }
+
+    public AuthCodingRequest(AuthConfig config, AuthStateCache authStateCache) {
+        super(config, AuthDefaultSource.CODING, authStateCache);
    }

    @Override
-    protected AuthToken getAccessToken(String code) {
-        String accessTokenUrl = UrlBuilder.getCodingAccessTokenUrl(config.getClientId(), config.getClientSecret(), code);
-        HttpResponse response = HttpRequest.get(accessTokenUrl).execute();
+    protected AuthToken getAccessToken(AuthCallback authCallback) {
+        HttpResponse response = doGetAuthorizationCode(authCallback.getCode());
        JSONObject accessTokenObject = JSONObject.parseObject(response.body());
-        if (accessTokenObject.getIntValue("code") != 0) {
-            throw new AuthException("Unable to get token from coding using code [" + code + "]");
-        }
+        this.checkResponse(accessTokenObject);
        return AuthToken.builder()
-                .accessToken(accessTokenObject.getString("access_token"))
-                .build();
+            .accessToken(accessTokenObject.getString("access_token"))
+            .expireIn(accessTokenObject.getIntValue("expires_in"))
+            .refreshToken(accessTokenObject.getString("refresh_token"))
+            .build();
    }

    @Override
    protected AuthUser getUserInfo(AuthToken authToken) {
-        String accessToken = authToken.getAccessToken();
-        HttpResponse response = HttpRequest.get(UrlBuilder.getCodingUserInfoUrl(accessToken)).execute();
+        HttpResponse response = doGetUserInfo(authToken);
        JSONObject object = JSONObject.parseObject(response.body());
+        this.checkResponse(object);
+
+        object = object.getJSONObject("data");
+        return AuthUser.builder()
+            .uuid(object.getString("id"))
+            .username(object.getString("name"))
+            .avatar("https://coding.net/" + object.getString("avatar"))
+            .blog("https://coding.net/" + object.getString("path"))
+            .nickname(object.getString("name"))
+            .company(object.getString("company"))
+            .location(object.getString("location"))
+            .gender(AuthUserGender.getRealGender(object.getString("sex")))
+            .email(object.getString("email"))
+            .remark(object.getString("slogan"))
+            .token(authToken)
+            .source(source.toString())
+            .build();
+    }
+
+    /**
+     * 检查响应内容是否正确
+     *
+     * @param object 请求响应内容
+     */
+    private void checkResponse(JSONObject object) {
        if (object.getIntValue("code") != 0) {
            throw new AuthException(object.getString("msg"));
        }
-        object = object.getJSONObject("data");
-        return AuthUser.builder()
-                .uuid(object.getString("id"))
-                .username(object.getString("name"))
-                .avatar("https://coding.net/" + object.getString("avatar"))
-                .blog("https://coding.net/" + object.getString("path"))
-                .nickname(object.getString("name"))
-                .company(object.getString("company"))
-                .location(object.getString("location"))
-                .gender(AuthUserGender.getRealGender(object.getString("sex")))
-                .email(object.getString("email"))
-                .remark(object.getString("slogan"))
-                .token(authToken)
-                .source(AuthSource.CODING)
-                .build();
+    }
+
+    /**
+     * 返回带{@code state}参数的授权url，授权回调时会带上这个{@code state}
+     *
+     * @param state state 验证授权流程的参数，可以防止csrf
+     * @return 返回授权地址
+     * @since 1.9.3
+     */
+    @Override
+    public String authorize(String state) {
+        return UrlBuilder.fromBaseUrl(source.authorize())
+            .queryParam("response_type", "code")
+            .queryParam("client_id", config.getClientId())
+            .queryParam("redirect_uri", config.getRedirectUri())
+            .queryParam("scope", "user")
+            .queryParam("state", getRealState(state))
+            .build();
    }
 }
@@ -1,56 +1,65 @@
 package me.zhyd.oauth.request;

-import cn.hutool.http.HttpRequest;
 import cn.hutool.http.HttpResponse;
 import com.alibaba.fastjson.JSONObject;
+import me.zhyd.oauth.cache.AuthStateCache;
 import me.zhyd.oauth.config.AuthConfig;
+import me.zhyd.oauth.config.AuthDefaultSource;
+import me.zhyd.oauth.enums.AuthUserGender;
 import me.zhyd.oauth.exception.AuthException;
-import me.zhyd.oauth.model.AuthSource;
+import me.zhyd.oauth.model.AuthCallback;
 import me.zhyd.oauth.model.AuthToken;
 import me.zhyd.oauth.model.AuthUser;
-import me.zhyd.oauth.utils.UrlBuilder;

 /**
 * CSDN登录
 *
 * @author yadong.zhang (yadong.zhang0415(a)gmail.com)
- * @version 1.0
- * @since 1.8
+ * @since 1.0.0
 */
-public class AuthCsdnRequest extends BaseAuthRequest {
+@Deprecated
+public class AuthCsdnRequest extends AuthDefaultRequest {

    public AuthCsdnRequest(AuthConfig config) {
-        super(config, AuthSource.CSDN);
+        super(config, AuthDefaultSource.CSDN);
+    }
+
+    public AuthCsdnRequest(AuthConfig config, AuthStateCache authStateCache) {
+        super(config, AuthDefaultSource.CSDN, authStateCache);
    }

    @Override
-    protected AuthToken getAccessToken(String code) {
-        String accessTokenUrl = UrlBuilder.getCsdnAccessTokenUrl(config.getClientId(), config.getClientSecret(), code, config.getRedirectUri());
-        HttpResponse response = HttpRequest.post(accessTokenUrl).execute();
+    protected AuthToken getAccessToken(AuthCallback authCallback) {
+        HttpResponse response = doPostAuthorizationCode(authCallback.getCode());
        JSONObject accessTokenObject = JSONObject.parseObject(response.body());
-        if (accessTokenObject.containsKey("error_code")) {
-            throw new AuthException("Unable to get token from csdn using code [" + code + "]");
-        }
-        return AuthToken.builder()
-                .accessToken(accessTokenObject.getString("access_token"))
-                .build();
+        this.checkResponse(accessTokenObject);
+        return AuthToken.builder().accessToken(accessTokenObject.getString("access_token")).build();
    }

    @Override
    protected AuthUser getUserInfo(AuthToken authToken) {
-        String accessToken = authToken.getAccessToken();
-        HttpResponse response = HttpRequest.get(UrlBuilder.getCsdnUserInfoUrl(accessToken)).execute();
+        HttpResponse response = doGetUserInfo(authToken);
        JSONObject object = JSONObject.parseObject(response.body());
+        this.checkResponse(object);
+        return AuthUser.builder()
+            .uuid(object.getString("username"))
+            .username(object.getString("username"))
+            .remark(object.getString("description"))
+            .blog(object.getString("website"))
+            .gender(AuthUserGender.UNKNOWN)
+            .token(authToken)
+            .source(source.toString())
+            .build();
+    }
+
+    /**
+     * 检查响应内容是否正确
+     *
+     * @param object 请求响应内容
+     */
+    private void checkResponse(JSONObject object) {
        if (object.containsKey("error_code")) {
            throw new AuthException(object.getString("error"));
        }
-        return AuthUser.builder()
-                .uuid(object.getString("username"))
-                .username(object.getString("username"))
-                .remark(object.getString("description"))
-                .blog(object.getString("website"))
-                .token(authToken)
-                .source(AuthSource.CSDN)
-                .build();
    }
 }
@@ -0,0 +1,275 @@
+package me.zhyd.oauth.request;
+
+import cn.hutool.http.HttpRequest;
+import cn.hutool.http.HttpResponse;
+import me.zhyd.oauth.cache.AuthDefaultStateCache;
+import me.zhyd.oauth.cache.AuthStateCache;
+import me.zhyd.oauth.config.AuthConfig;
+import me.zhyd.oauth.config.AuthSource;
+import me.zhyd.oauth.enums.AuthResponseStatus;
+import me.zhyd.oauth.exception.AuthException;
+import me.zhyd.oauth.log.Log;
+import me.zhyd.oauth.model.AuthCallback;
+import me.zhyd.oauth.model.AuthResponse;
+import me.zhyd.oauth.model.AuthToken;
+import me.zhyd.oauth.model.AuthUser;
+import me.zhyd.oauth.utils.AuthChecker;
+import me.zhyd.oauth.utils.StringUtils;
+import me.zhyd.oauth.utils.UrlBuilder;
+import me.zhyd.oauth.utils.UuidUtils;
+
+/**
+ * 默认的request处理类
+ *
+ * @author yadong.zhang (yadong.zhang0415(a)gmail.com)
+ * @author yangkai.shen (https://xkcoding.com)
+ * @since 1.0.0
+ */
+public abstract class AuthDefaultRequest implements AuthRequest {
+    protected AuthConfig config;
+    protected AuthSource source;
+    protected AuthStateCache authStateCache;
+
+    public AuthDefaultRequest(AuthConfig config, AuthSource source) {
+        this(config, source, AuthDefaultStateCache.INSTANCE);
+    }
+
+    public AuthDefaultRequest(AuthConfig config, AuthSource source, AuthStateCache authStateCache) {
+        this.config = config;
+        this.source = source;
+        this.authStateCache = authStateCache;
+        if (!AuthChecker.isSupportedAuth(config, source)) {
+            throw new AuthException(AuthResponseStatus.PARAMETER_INCOMPLETE);
+        }
+        // 校验配置合法性
+        AuthChecker.checkConfig(config, source);
+    }
+
+    /**
+     * 获取access token
+     *
+     * @param authCallback 授权成功后的回调参数
+     * @return token
+     * @see AuthDefaultRequest#authorize()
+     * @see AuthDefaultRequest#authorize(String)
+     */
+    protected abstract AuthToken getAccessToken(AuthCallback authCallback);
+
+    /**
+     * 使用token换取用户信息
+     *
+     * @param authToken token信息
+     * @return 用户信息
+     * @see AuthDefaultRequest#getAccessToken(AuthCallback)
+     */
+    protected abstract AuthUser getUserInfo(AuthToken authToken);
+
+    /**
+     * 统一的登录入口。当通过{@link AuthDefaultRequest#authorize(String)}授权成功后，会跳转到调用方的相关回调方法中
+     * 方法的入参可以使用{@code AuthCallback}，{@code AuthCallback}类中封装好了OAuth2授权回调所需要的参数
+     *
+     * @param authCallback 用于接收回调参数的实体
+     * @return AuthResponse
+     */
+    @Override
+    public AuthResponse login(AuthCallback authCallback) {
+        try {
+            AuthChecker.checkCode(source, authCallback);
+            this.checkState(authCallback.getState());
+
+            AuthToken authToken = this.getAccessToken(authCallback);
+            AuthUser user = this.getUserInfo(authToken);
+            return AuthResponse.builder().code(AuthResponseStatus.SUCCESS.getCode()).data(user).build();
+        } catch (Exception e) {
+            Log.error("Failed to login with oauth authorization.", e);
+            return this.responseError(e);
+        }
+    }
+
+    /**
+     * 处理{@link AuthDefaultRequest#login(AuthCallback)} 发生异常的情况，统一响应参数
+     *
+     * @param e 具体的异常
+     * @return AuthResponse
+     */
+    private AuthResponse responseError(Exception e) {
+        int errorCode = AuthResponseStatus.FAILURE.getCode();
+        if (e instanceof AuthException) {
+            errorCode = ((AuthException) e).getErrorCode();
+        }
+        return AuthResponse.builder().code(errorCode).msg(e.getMessage()).build();
+    }
+
+    /**
+     * 返回授权url，可自行跳转页面
+     * <p>
+     * 不建议使用该方式获取授权地址，不带{@code state}的授权地址，容易受到csrf攻击。
+     * 建议使用{@link AuthDefaultRequest#authorize(String)}方法生成授权地址，在回调方法中对{@code state}进行校验
+     *
+     * @return 返回授权地址
+     * @see AuthDefaultRequest#authorize(String)
+     */
+    @Deprecated
+    @Override
+    public String authorize() {
+        return this.authorize(null);
+    }
+
+    /**
+     * 返回带{@code state}参数的授权url，授权回调时会带上这个{@code state}
+     *
+     * @param state state 验证授权流程的参数，可以防止csrf
+     * @return 返回授权地址
+     * @since 1.9.3
+     */
+    @Override
+    public String authorize(String state) {
+        return UrlBuilder.fromBaseUrl(source.authorize())
+            .queryParam("response_type", "code")
+            .queryParam("client_id", config.getClientId())
+            .queryParam("redirect_uri", config.getRedirectUri())
+            .queryParam("state", getRealState(state))
+            .build();
+    }
+
+    /**
+     * 返回获取accessToken的url
+     *
+     * @param code 授权码
+     * @return 返回获取accessToken的url
+     */
+    protected String accessTokenUrl(String code) {
+        return UrlBuilder.fromBaseUrl(source.accessToken())
+            .queryParam("code", code)
+            .queryParam("client_id", config.getClientId())
+            .queryParam("client_secret", config.getClientSecret())
+            .queryParam("grant_type", "authorization_code")
+            .queryParam("redirect_uri", config.getRedirectUri())
+            .build();
+    }
+
+    /**
+     * 返回获取accessToken的url
+     *
+     * @param refreshToken refreshToken
+     * @return 返回获取accessToken的url
+     */
+    protected String refreshTokenUrl(String refreshToken) {
+        return UrlBuilder.fromBaseUrl(source.refresh())
+            .queryParam("client_id", config.getClientId())
+            .queryParam("client_secret", config.getClientSecret())
+            .queryParam("refresh_token", refreshToken)
+            .queryParam("grant_type", "refresh_token")
+            .queryParam("redirect_uri", config.getRedirectUri())
+            .build();
+    }
+
+    /**
+     * 返回获取userInfo的url
+     *
+     * @param authToken token
+     * @return 返回获取userInfo的url
+     */
+    protected String userInfoUrl(AuthToken authToken) {
+        return UrlBuilder.fromBaseUrl(source.userInfo()).queryParam("access_token", authToken.getAccessToken()).build();
+    }
+
+    /**
+     * 返回获取revoke authorization的url
+     *
+     * @param authToken token
+     * @return 返回获取revoke authorization的url
+     */
+    protected String revokeUrl(AuthToken authToken) {
+        return UrlBuilder.fromBaseUrl(source.revoke()).queryParam("access_token", authToken.getAccessToken()).build();
+    }
+
+    /**
+     * 获取state，如果为空， 则默认取当前日期的时间戳
+     *
+     * @param state 原始的state
+     * @return 返回不为null的state
+     */
+    protected String getRealState(String state) {
+        if (StringUtils.isEmpty(state)) {
+            state = UuidUtils.getUUID();
+        }
+        // 缓存state
+        authStateCache.cache(state, state);
+        return state;
+    }
+
+    /**
+     * 通用的 authorizationCode 协议
+     *
+     * @param code code码
+     * @return HttpResponse
+     */
+    protected HttpResponse doPostAuthorizationCode(String code) {
+        return HttpRequest.post(accessTokenUrl(code)).execute();
+    }
+
+    /**
+     * 通用的 authorizationCode 协议
+     *
+     * @param code code码
+     * @return HttpResponse
+     */
+    protected HttpResponse doGetAuthorizationCode(String code) {
+        return HttpRequest.get(accessTokenUrl(code)).execute();
+    }
+
+    /**
+     * 通用的 用户信息
+     *
+     * @param authToken token封装
+     * @return HttpResponse
+     */
+    @Deprecated
+    protected HttpResponse doPostUserInfo(AuthToken authToken) {
+        return HttpRequest.post(userInfoUrl(authToken)).execute();
+    }
+
+    /**
+     * 通用的 用户信息
+     *
+     * @param authToken token封装
+     * @return HttpResponse
+     */
+    protected HttpResponse doGetUserInfo(AuthToken authToken) {
+        return HttpRequest.get(userInfoUrl(authToken)).execute();
+    }
+
+    /**
+     * 通用的post形式的取消授权方法
+     *
+     * @param authToken token封装
+     * @return HttpResponse
+     */
+    @Deprecated
+    protected HttpResponse doPostRevoke(AuthToken authToken) {
+        return HttpRequest.post(revokeUrl(authToken)).execute();
+    }
+
+    /**
+     * 通用的post形式的取消授权方法
+     *
+     * @param authToken token封装
+     * @return HttpResponse
+     */
+    protected HttpResponse doGetRevoke(AuthToken authToken) {
+        return HttpRequest.get(revokeUrl(authToken)).execute();
+    }
+
+
+    /**
+     * 校验回调传回的state
+     *
+     * @param state {@code state}一定不为空
+     */
+    protected void checkState(String state) {
+        if (StringUtils.isEmpty(state) || !authStateCache.containsKey(state)) {
+            throw new AuthException(AuthResponseStatus.ILLEGAL_REQUEST);
+        }
+    }
+}
@@ -2,59 +2,99 @@ package me.zhyd.oauth.request;

 import cn.hutool.http.HttpRequest;
 import cn.hutool.http.HttpResponse;
-import cn.hutool.json.JSONObject;
+import com.alibaba.fastjson.JSON;
+import com.alibaba.fastjson.JSONObject;
+import me.zhyd.oauth.cache.AuthStateCache;
 import me.zhyd.oauth.config.AuthConfig;
+import me.zhyd.oauth.config.AuthDefaultSource;
+import me.zhyd.oauth.enums.AuthUserGender;
 import me.zhyd.oauth.exception.AuthException;
-import me.zhyd.oauth.model.AuthDingTalkErrorCode;
-import me.zhyd.oauth.model.AuthSource;
+import me.zhyd.oauth.model.AuthCallback;
 import me.zhyd.oauth.model.AuthToken;
 import me.zhyd.oauth.model.AuthUser;
 import me.zhyd.oauth.utils.GlobalAuthUtil;
 import me.zhyd.oauth.utils.UrlBuilder;

-import java.util.Objects;
-
 /**
 * 钉钉登录
 *
 * @author yadong.zhang (yadong.zhang0415(a)gmail.com)
- * @version 1.0
- * @since 1.8
+ * @since 1.0.0
 */
-public class AuthDingTalkRequest extends BaseAuthRequest {
+public class AuthDingTalkRequest extends AuthDefaultRequest {

    public AuthDingTalkRequest(AuthConfig config) {
-        super(config, AuthSource.DINGTALK);
+        super(config, AuthDefaultSource.DINGTALK);
+    }
+
+    public AuthDingTalkRequest(AuthConfig config, AuthStateCache authStateCache) {
+        super(config, AuthDefaultSource.DINGTALK, authStateCache);
    }

    @Override
-    protected AuthToken getAccessToken(String code) {
-        return AuthToken.builder()
-                .accessCode(code)
-                .build();
+    protected AuthToken getAccessToken(AuthCallback authCallback) {
+        return AuthToken.builder().accessCode(authCallback.getCode()).build();
    }

    @Override
    protected AuthUser getUserInfo(AuthToken authToken) {
        String code = authToken.getAccessCode();
-        // 根据timestamp, appSecret计算签名值
-        String stringToSign = System.currentTimeMillis() + "";
-        String urlEncodeSignature = GlobalAuthUtil.generateDingTalkSignature(config.getClientSecret(), stringToSign);
-        HttpResponse response = HttpRequest.post(UrlBuilder.getDingTalkUserInfoUrl(urlEncodeSignature, stringToSign, config.getClientId()))
-                .body(Objects.requireNonNull(new JSONObject().put("tmp_auth_code", code)))
-                .execute();
-        String userInfo = response.body();
-        JSONObject object = new JSONObject(userInfo);
-        AuthDingTalkErrorCode errorCode = AuthDingTalkErrorCode.getErrorCode(object.getInt("errcode"));
-        if (!AuthDingTalkErrorCode.EC0.equals(errorCode)) {
-            throw new AuthException(errorCode.getDesc());
+        JSONObject param = new JSONObject();
+        param.put("tmp_auth_code", code);
+        HttpResponse response = HttpRequest.post(userInfoUrl(authToken)).body(param.toJSONString()).execute();
+        JSONObject object = JSON.parseObject(response.body());
+        if (object.getIntValue("errcode") != 0) {
+            throw new AuthException(object.getString("errmsg"));
        }
        object = object.getJSONObject("user_info");
+        AuthToken token = AuthToken.builder()
+            .openId(object.getString("openid"))
+            .unionId(object.getString("unionid"))
+            .build();
        return AuthUser.builder()
-                .uuid(object.getStr("openid"))
-                .nickname(object.getStr("nick"))
-                .username(object.getStr("nick"))
-                .source(AuthSource.DINGTALK)
-                .build();
+            .uuid(object.getString("unionid"))
+            .nickname(object.getString("nick"))
+            .username(object.getString("nick"))
+            .gender(AuthUserGender.UNKNOWN)
+            .source(source.toString())
+            .token(token)
+            .build();
+    }
+
+    /**
+     * 返回带{@code state}参数的授权url，授权回调时会带上这个{@code state}
+     *
+     * @param state state 验证授权流程的参数，可以防止csrf
+     * @return 返回授权地址
+     * @since 1.9.3
+     */
+    @Override
+    public String authorize(String state) {
+        return UrlBuilder.fromBaseUrl(source.authorize())
+            .queryParam("response_type", "code")
+            .queryParam("appid", config.getClientId())
+            .queryParam("scope", "snsapi_login")
+            .queryParam("redirect_uri", config.getRedirectUri())
+            .queryParam("state", getRealState(state))
+            .build();
+    }
+
+    /**
+     * 返回获取userInfo的url
+     *
+     * @param authToken 用户授权后的token
+     * @return 返回获取userInfo的url
+     */
+    @Override
+    protected String userInfoUrl(AuthToken authToken) {
+        // 根据timestamp, appSecret计算签名值
+        String timestamp = System.currentTimeMillis() + "";
+        String urlEncodeSignature = GlobalAuthUtil.generateDingTalkSignature(config.getClientSecret(), timestamp);
+
+        return UrlBuilder.fromBaseUrl(source.userInfo())
+            .queryParam("signature", urlEncodeSignature)
+            .queryParam("timestamp", timestamp)
+            .queryParam("accessKey", config.getClientId())
+            .build();
    }
 }
@@ -3,10 +3,14 @@ package me.zhyd.oauth.request;
 import cn.hutool.http.HttpRequest;
 import cn.hutool.http.HttpResponse;
 import com.alibaba.fastjson.JSONObject;
+import me.zhyd.oauth.cache.AuthStateCache;
 import me.zhyd.oauth.config.AuthConfig;
+import me.zhyd.oauth.config.AuthDefaultSource;
+import me.zhyd.oauth.enums.AuthResponseStatus;
+import me.zhyd.oauth.enums.AuthUserGender;
 import me.zhyd.oauth.exception.AuthException;
+import me.zhyd.oauth.model.AuthCallback;
 import me.zhyd.oauth.model.AuthResponse;
-import me.zhyd.oauth.model.AuthSource;
 import me.zhyd.oauth.model.AuthToken;
 import me.zhyd.oauth.model.AuthUser;
 import me.zhyd.oauth.utils.UrlBuilder;
@@ -16,63 +20,60 @@ import me.zhyd.oauth.utils.UrlBuilder;
 * 抖音登录
 *
 * @author yadong.zhang (yadong.zhang0415(a)gmail.com)
- * @version 1.0
- * @since 1.8
+ * @since 1.4.0
 */
-public class AuthDouyinRequest extends BaseAuthRequest {
+public class AuthDouyinRequest extends AuthDefaultRequest {

    public AuthDouyinRequest(AuthConfig config) {
-        super(config, AuthSource.DOUYIN);
+        super(config, AuthDefaultSource.DOUYIN);
+    }
+
+    public AuthDouyinRequest(AuthConfig config, AuthStateCache authStateCache) {
+        super(config, AuthDefaultSource.DOUYIN, authStateCache);
    }

    @Override
-    protected AuthToken getAccessToken(String code) {
-        String accessTokenUrl = UrlBuilder.getDouyinAccessTokenUrl(config.getClientId(), config.getClientSecret(), code);
-        return this.getToken(accessTokenUrl);
+    protected AuthToken getAccessToken(AuthCallback authCallback) {
+        return this.getToken(accessTokenUrl(authCallback.getCode()));
    }

    @Override
    protected AuthUser getUserInfo(AuthToken authToken) {
-        String accessToken = authToken.getAccessToken();
-        String openId = authToken.getOpenId();
-        HttpResponse response = HttpRequest.get(UrlBuilder.getDouyinUserInfoUrl(accessToken, openId)).execute();
-        JSONObject object = JSONObject.parseObject(response.body());
-
-        JSONObject userInfoObject = this.checkResponse(object);
-
+        HttpResponse response = doGetUserInfo(authToken);
+        JSONObject userInfoObject = JSONObject.parseObject(response.body());
+        this.checkResponse(userInfoObject);
        return AuthUser.builder()
-                .uuid(userInfoObject.getString("open_id"))
-                .username(userInfoObject.getString("nickname"))
-                .nickname(userInfoObject.getString("nickname"))
-                .avatar(userInfoObject.getString("avatar"))
-                .token(authToken)
-                .source(AuthSource.DOUYIN)
-                .build();
+            .uuid(userInfoObject.getString("union_id"))
+            .username(userInfoObject.getString("nickname"))
+            .nickname(userInfoObject.getString("nickname"))
+            .avatar(userInfoObject.getString("avatar"))
+            .remark(userInfoObject.getString("description"))
+            .gender(AuthUserGender.UNKNOWN)
+            .token(authToken)
+            .source(source.toString())
+            .build();
    }

    @Override
    public AuthResponse refresh(AuthToken oldToken) {
-        String refreshTokenUrl = UrlBuilder.getDouyinRefreshUrl(config.getClientId(), oldToken.getRefreshToken());
        return AuthResponse.builder()
-                .code(ResponseStatus.SUCCESS.getCode())
-                .data(this.getToken(refreshTokenUrl))
-                .build();
+            .code(AuthResponseStatus.SUCCESS.getCode())
+            .data(getToken(refreshTokenUrl(oldToken.getRefreshToken())))
+            .build();
    }

    /**
     * 检查响应内容是否正确
     *
     * @param object 请求响应内容
-     * @return 实际请求数据的json对象
     */
-    private JSONObject checkResponse(JSONObject object) {
+    private void checkResponse(JSONObject object) {
        String message = object.getString("message");
        JSONObject data = object.getJSONObject("data");
        int errorCode = data.getIntValue("error_code");
        if ("error".equals(message) || errorCode != 0) {
            throw new AuthException(errorCode, data.getString("description"));
        }
-        return data;
    }

    /**
@@ -85,14 +86,76 @@ public class AuthDouyinRequest extends BaseAuthRequest {
        HttpResponse response = HttpRequest.post(accessTokenUrl).execute();
        String accessTokenStr = response.body();
        JSONObject object = JSONObject.parseObject(accessTokenStr);
-
-        JSONObject accessTokenObject = this.checkResponse(object);
+        this.checkResponse(object);
        return AuthToken.builder()
-                .accessToken(accessTokenObject.getString("access_token"))
-                .openId(accessTokenObject.getString("open_id"))
-                .expireIn(accessTokenObject.getIntValue("expires_in"))
-                .refreshToken(accessTokenObject.getString("refresh_token"))
-                .scope(accessTokenObject.getString("scope"))
-                .build();
+            .accessToken(object.getString("access_token"))
+            .openId(object.getString("open_id"))
+            .expireIn(object.getIntValue("expires_in"))
+            .refreshToken(object.getString("refresh_token"))
+            .scope(object.getString("scope"))
+            .build();
+    }
+
+    /**
+     * 返回带{@code state}参数的授权url，授权回调时会带上这个{@code state}
+     *
+     * @param state state 验证授权流程的参数，可以防止csrf
+     * @return 返回授权地址
+     * @since 1.9.3
+     */
+    @Override
+    public String authorize(String state) {
+        return UrlBuilder.fromBaseUrl(source.authorize())
+            .queryParam("response_type", "code")
+            .queryParam("client_key", config.getClientId())
+            .queryParam("redirect_uri", config.getRedirectUri())
+            .queryParam("scope", "user_info")
+            .queryParam("state", getRealState(state))
+            .build();
+    }
+
+    /**
+     * 返回获取accessToken的url
+     *
+     * @param code oauth的授权码
+     * @return 返回获取accessToken的url
+     */
+    @Override
+    protected String accessTokenUrl(String code) {
+        return UrlBuilder.fromBaseUrl(source.accessToken())
+            .queryParam("code", code)
+            .queryParam("client_key", config.getClientId())
+            .queryParam("client_secret", config.getClientSecret())
+            .queryParam("grant_type", "authorization_code")
+            .build();
+    }
+
+    /**
+     * 返回获取userInfo的url
+     *
+     * @param authToken oauth返回的token
+     * @return 返回获取userInfo的url
+     */
+    @Override
+    protected String userInfoUrl(AuthToken authToken) {
+        return UrlBuilder.fromBaseUrl(source.userInfo())
+            .queryParam("access_token", authToken.getAccessToken())
+            .queryParam("open_id", authToken.getOpenId())
+            .build();
+    }
+
+    /**
+     * 返回获取accessToken的url
+     *
+     * @param refreshToken oauth返回的refreshtoken
+     * @return 返回获取accessToken的url
+     */
+    @Override
+    protected String refreshTokenUrl(String refreshToken) {
+        return UrlBuilder.fromBaseUrl(source.refresh())
+            .queryParam("client_key", config.getClientId())
+            .queryParam("refresh_token", refreshToken)
+            .queryParam("grant_type", "refresh_token")
+            .build();
    }
 }
@@ -0,0 +1,184 @@
+package me.zhyd.oauth.request;
+
+import cn.hutool.core.codec.Base64;
+import cn.hutool.http.HttpRequest;
+import cn.hutool.http.HttpResponse;
+import com.alibaba.fastjson.JSONObject;
+import me.zhyd.oauth.cache.AuthStateCache;
+import me.zhyd.oauth.config.AuthConfig;
+import me.zhyd.oauth.config.AuthDefaultSource;
+import me.zhyd.oauth.enums.AuthResponseStatus;
+import me.zhyd.oauth.enums.AuthUserGender;
+import me.zhyd.oauth.exception.AuthException;
+import me.zhyd.oauth.model.AuthCallback;
+import me.zhyd.oauth.model.AuthResponse;
+import me.zhyd.oauth.model.AuthToken;
+import me.zhyd.oauth.model.AuthUser;
+import me.zhyd.oauth.utils.GlobalAuthUtil;
+import me.zhyd.oauth.utils.UrlBuilder;
+import me.zhyd.oauth.utils.UuidUtils;
+
+import java.util.HashMap;
+import java.util.Map;
+
+/**
+ * 饿了么
+ * <p>
+ * 注：集成的是正式环境，非沙箱环境
+ *
+ * @author yadong.zhang (yadong.zhang0415(a)gmail.com)
+ * @since 1.12.0
+ */
+public class AuthElemeRequest extends AuthDefaultRequest {
+
+    public AuthElemeRequest(AuthConfig config) {
+        super(config, AuthDefaultSource.ELEME);
+    }
+
+    public AuthElemeRequest(AuthConfig config, AuthStateCache authStateCache) {
+        super(config, AuthDefaultSource.ELEME, authStateCache);
+    }
+
+    @Override
+    protected AuthToken getAccessToken(AuthCallback authCallback) {
+
+        HttpRequest request = HttpRequest.post(source.accessToken())
+            .form("client_id", config.getClientId())
+            .form("redirect_uri", config.getRedirectUri())
+            .form("code", authCallback.getCode())
+            .form("grant_type", "authorization_code");
+
+        // 设置header
+        this.setHeader(request);
+
+        HttpResponse response = request.execute();
+        JSONObject object = JSONObject.parseObject(response.body());
+
+        this.checkResponse(object);
+
+        return AuthToken.builder()
+            .accessToken(object.getString("access_token"))
+            .refreshToken(object.getString("refresh_token"))
+            .tokenType(object.getString("token_type"))
+            .expireIn(object.getIntValue("expires_in"))
+            .build();
+    }
+
+    @Override
+    protected AuthUser getUserInfo(AuthToken authToken) {
+        Map<String, Object> parameters = new HashMap<>();
+        // 获取商户账号信息的API接口名称
+        String action = "eleme.user.getUser";
+        // 时间戳，单位秒。API服务端允许客户端请求最大时间误差为正负5分钟。
+        final long timestamp = System.currentTimeMillis();
+        // 公共参数
+        Map<String, Object> metasHashMap = new HashMap<>();
+        metasHashMap.put("app_key", config.getClientId());
+        metasHashMap.put("timestamp", timestamp);
+        String signature = GlobalAuthUtil.generateElemeSignature(config.getClientId(), config.getClientSecret(), timestamp, action, authToken.getAccessToken(), parameters);
+
+        String requestId = this.getRequestId();
+
+
+        Map<String, Object> paramsMap = new HashMap<>();
+        paramsMap.put("nop", "1.0.0");
+        paramsMap.put("id", requestId);
+        paramsMap.put("action", action);
+        paramsMap.put("token", authToken.getAccessToken());
+        paramsMap.put("metas", metasHashMap);
+        paramsMap.put("params", parameters);
+        paramsMap.put("signature", signature);
+
+        HttpRequest request = HttpRequest.post(source.userInfo())
+            .body(JSONObject.toJSONBytes(paramsMap));
+
+        // 设置header
+        this.setHeader(request, "application/json; charset=utf-8", requestId);
+
+        HttpResponse response = request.execute();
+
+        JSONObject object = JSONObject.parseObject(response.body());
+
+        // 校验请求
+        if (object.containsKey("name")) {
+            throw new AuthException(object.getString("message"));
+        }
+        if (object.containsKey("error") && null != object.get("error")) {
+            throw new AuthException(object.getJSONObject("error").getString("message"));
+        }
+
+        JSONObject result = object.getJSONObject("result");
+
+        return AuthUser.builder()
+            .uuid(result.getString("userId"))
+            .username(result.getString("userName"))
+            .nickname(result.getString("userName"))
+            .gender(AuthUserGender.UNKNOWN)
+            .token(authToken)
+            .source(source.toString())
+            .build();
+    }
+
+    @Override
+    public AuthResponse refresh(AuthToken oldToken) {
+        HttpRequest request = HttpRequest.post(source.refresh())
+            .form("refresh_token", oldToken.getRefreshToken())
+            .form("grant_type", "refresh_token");
+
+        // 设置header
+        this.setHeader(request);
+
+        HttpResponse response = request.execute();
+        JSONObject object = JSONObject.parseObject(response.body());
+
+        this.checkResponse(object);
+
+        return AuthResponse.builder()
+            .code(AuthResponseStatus.SUCCESS.getCode())
+            .data(AuthToken.builder()
+                .accessToken(object.getString("access_token"))
+                .refreshToken(object.getString("refresh_token"))
+                .tokenType(object.getString("token_type"))
+                .expireIn(object.getIntValue("expires_in"))
+                .build())
+            .build();
+    }
+
+    @Override
+    public String authorize(String state) {
+        return UrlBuilder.fromBaseUrl(super.authorize(state))
+            .queryParam("scope", "all")
+            .build();
+    }
+
+    private String getBasic(String appKey, String appSecret) {
+        StringBuilder sb = new StringBuilder();
+        String encodeToString = Base64.encode((appKey + ":" + appSecret).getBytes());
+        sb.append("Basic").append(" ").append(encodeToString);
+        return sb.toString();
+    }
+
+    private void setHeader(HttpRequest request) {
+        setHeader(request, "application/x-www-form-urlencoded;charset=UTF-8", getRequestId());
+        request.header("Authorization", this.getBasic(config.getClientId(), config.getClientSecret()));
+    }
+
+    private void setHeader(HttpRequest request, String contentType, String requestId) {
+        request.header("Accept", "text/xml,text/javascript,text/html")
+            .header("Content-Type", contentType)
+            .header("Accept-Encoding", "gzip")
+            .header("User-Agent", "eleme-openapi-java-sdk")
+            .header("x-eleme-requestid", requestId);
+    }
+
+    private String getRequestId() {
+        return (UuidUtils.getUUID() + "|" + System.currentTimeMillis()).toUpperCase();
+    }
+
+    private void checkResponse(JSONObject object) {
+        if (object.containsKey("error")) {
+            throw new AuthException(object.getString("error_description"));
+        }
+    }
+
+}
@@ -1,55 +1,65 @@
 package me.zhyd.oauth.request;

-import cn.hutool.http.HttpRequest;
 import cn.hutool.http.HttpResponse;
 import com.alibaba.fastjson.JSONObject;
+import me.zhyd.oauth.cache.AuthStateCache;
 import me.zhyd.oauth.config.AuthConfig;
+import me.zhyd.oauth.config.AuthDefaultSource;
+import me.zhyd.oauth.enums.AuthUserGender;
 import me.zhyd.oauth.exception.AuthException;
-import me.zhyd.oauth.model.AuthSource;
+import me.zhyd.oauth.model.AuthCallback;
 import me.zhyd.oauth.model.AuthToken;
 import me.zhyd.oauth.model.AuthUser;
-import me.zhyd.oauth.model.AuthUserGender;
 import me.zhyd.oauth.utils.UrlBuilder;

 /**
 * Facebook登录
 *
 * @author yadong.zhang (yadong.zhang0415(a)gmail.com)
- * @version 1.0
- * @since 1.8
+ * @since 1.3.0
 */
-public class AuthFacebookRequest extends BaseAuthRequest {
+public class AuthFacebookRequest extends AuthDefaultRequest {

    public AuthFacebookRequest(AuthConfig config) {
-        super(config, AuthSource.FACEBOOK);
+        super(config, AuthDefaultSource.FACEBOOK);
+    }
+
+    public AuthFacebookRequest(AuthConfig config, AuthStateCache authStateCache) {
+        super(config, AuthDefaultSource.FACEBOOK, authStateCache);
    }

    @Override
-    protected AuthToken getAccessToken(String code) {
-        String accessTokenUrl = UrlBuilder.getFacebookAccessTokenUrl(config.getClientId(), config.getClientSecret(), code, config.getRedirectUri());
-        HttpResponse response = HttpRequest.post(accessTokenUrl).execute();
-        JSONObject object = JSONObject.parseObject(response.body());
-
-        if (object.containsKey("error")) {
-            throw new AuthException(object.getJSONObject("error").getString("message"));
-        }
-
+    protected AuthToken getAccessToken(AuthCallback authCallback) {
+        HttpResponse response = doPostAuthorizationCode(authCallback.getCode());
+        JSONObject accessTokenObject = JSONObject.parseObject(response.body());
+        this.checkResponse(accessTokenObject);
        return AuthToken.builder()
-                .accessToken(object.getString("access_token"))
-                .expireIn(object.getIntValue("expires_in"))
-                .tokenType(object.getString("token_type"))
-                .build();
+            .accessToken(accessTokenObject.getString("access_token"))
+            .expireIn(accessTokenObject.getIntValue("expires_in"))
+            .tokenType(accessTokenObject.getString("token_type"))
+            .build();
    }

    @Override
    protected AuthUser getUserInfo(AuthToken authToken) {
-        String accessToken = authToken.getAccessToken();
-        HttpResponse response = HttpRequest.get(UrlBuilder.getFacebookUserInfoUrl(accessToken)).execute();
+        HttpResponse response = doGetUserInfo(authToken);
        String userInfo = response.body();
        JSONObject object = JSONObject.parseObject(userInfo);
-        if (object.containsKey("error")) {
-            throw new AuthException(object.getJSONObject("error").getString("message"));
-        }
+        this.checkResponse(object);
+        return AuthUser.builder()
+            .uuid(object.getString("id"))
+            .username(object.getString("name"))
+            .nickname(object.getString("name"))
+            .avatar(getUserPicture(object))
+            .location(object.getString("locale"))
+            .email(object.getString("email"))
+            .gender(AuthUserGender.getRealGender(object.getString("gender")))
+            .token(authToken)
+            .source(source.toString())
+            .build();
+    }
+
+    private String getUserPicture(JSONObject object) {
        String picture = null;
        if (object.containsKey("picture")) {
            JSONObject pictureObj = object.getJSONObject("picture");
@@ -58,16 +68,31 @@ public class AuthFacebookRequest extends BaseAuthRequest {
                picture = pictureObj.getString("url");
            }
        }
-        return AuthUser.builder()
-                .uuid(object.getString("id"))
-                .username(object.getString("name"))
-                .nickname(object.getString("name"))
-                .avatar(picture)
-                .location(object.getString("locale"))
-                .email(object.getString("email"))
-                .gender(AuthUserGender.getRealGender(object.getString("gender")))
-                .token(authToken)
-                .source(AuthSource.FACEBOOK)
-                .build();
+        return picture;
+    }
+
+    /**
+     * 返回获取userInfo的url
+     *
+     * @param authToken 用户token
+     * @return 返回获取userInfo的url
+     */
+    @Override
+    protected String userInfoUrl(AuthToken authToken) {
+        return UrlBuilder.fromBaseUrl(source.userInfo())
+            .queryParam("access_token", authToken.getAccessToken())
+            .queryParam("fields", "id,name,birthday,gender,hometown,email,devices,picture.width(400)")
+            .build();
+    }
+
+    /**
+     * 检查响应内容是否正确
+     *
+     * @param object 请求响应内容
+     */
+    private void checkResponse(JSONObject object) {
+        if (object.containsKey("error")) {
+            throw new AuthException(object.getJSONObject("error").getString("message"));
+        }
    }
 }
@@ -1,59 +1,76 @@
 package me.zhyd.oauth.request;

-import cn.hutool.http.HttpRequest;
 import cn.hutool.http.HttpResponse;
 import com.alibaba.fastjson.JSONObject;
+import me.zhyd.oauth.cache.AuthStateCache;
 import me.zhyd.oauth.config.AuthConfig;
+import me.zhyd.oauth.config.AuthDefaultSource;
+import me.zhyd.oauth.enums.AuthUserGender;
 import me.zhyd.oauth.exception.AuthException;
-import me.zhyd.oauth.model.AuthSource;
+import me.zhyd.oauth.model.AuthCallback;
 import me.zhyd.oauth.model.AuthToken;
 import me.zhyd.oauth.model.AuthUser;
-import me.zhyd.oauth.utils.UrlBuilder;

 /**
 * Gitee登录
 *
 * @author yadong.zhang (yadong.zhang0415(a)gmail.com)
- * @version 1.0
- * @since 1.8
+ * @since 1.0.0
 */
-public class AuthGiteeRequest extends BaseAuthRequest {
+public class AuthGiteeRequest extends AuthDefaultRequest {

    public AuthGiteeRequest(AuthConfig config) {
-        super(config, AuthSource.GITEE);
+        super(config, AuthDefaultSource.GITEE);
+    }
+
+    public AuthGiteeRequest(AuthConfig config, AuthStateCache authStateCache) {
+        super(config, AuthDefaultSource.GITEE, authStateCache);
    }

    @Override
-    protected AuthToken getAccessToken(String code) {
-        String accessTokenUrl = UrlBuilder.getGiteeAccessTokenUrl(config.getClientId(), config.getClientSecret(), code, config.getRedirectUri());
-        HttpResponse response = HttpRequest.post(accessTokenUrl).execute();
+    protected AuthToken getAccessToken(AuthCallback authCallback) {
+        HttpResponse response = doPostAuthorizationCode(authCallback.getCode());
        JSONObject accessTokenObject = JSONObject.parseObject(response.body());
-        if (accessTokenObject.containsKey("error")) {
-            throw new AuthException("Unable to get token from gitee using code [" + code + "]");
-        }
+        this.checkResponse(accessTokenObject);
        return AuthToken.builder()
-                .accessToken(accessTokenObject.getString("access_token"))
-                .build();
+            .accessToken(accessTokenObject.getString("access_token"))
+            .refreshToken(accessTokenObject.getString("refresh_token"))
+            .scope(accessTokenObject.getString("scope"))
+            .tokenType(accessTokenObject.getString("token_type"))
+            .expireIn(accessTokenObject.getIntValue("expires_in"))
+            .build();
    }

    @Override
    protected AuthUser getUserInfo(AuthToken authToken) {
-        String accessToken = authToken.getAccessToken();
-        HttpResponse response = HttpRequest.get(UrlBuilder.getGiteeUserInfoUrl(accessToken)).execute();
+        HttpResponse response = doGetUserInfo(authToken);
        String userInfo = response.body();
        JSONObject object = JSONObject.parseObject(userInfo);
+        this.checkResponse(object);
        return AuthUser.builder()
-                .uuid(object.getString("id"))
-                .username(object.getString("login"))
-                .avatar(object.getString("avatar_url"))
-                .blog(object.getString("blog"))
-                .nickname(object.getString("name"))
-                .company(object.getString("company"))
-                .location(object.getString("address"))
-                .email(object.getString("email"))
-                .remark(object.getString("bio"))
-                .token(authToken)
-                .source(AuthSource.GITEE)
-                .build();
+            .uuid(object.getString("id"))
+            .username(object.getString("login"))
+            .avatar(object.getString("avatar_url"))
+            .blog(object.getString("blog"))
+            .nickname(object.getString("name"))
+            .company(object.getString("company"))
+            .location(object.getString("address"))
+            .email(object.getString("email"))
+            .remark(object.getString("bio"))
+            .gender(AuthUserGender.UNKNOWN)
+            .token(authToken)
+            .source(source.toString())
+            .build();
+    }
+
+    /**
+     * 检查响应内容是否正确
+     *
+     * @param object 请求响应内容
+     */
+    private void checkResponse(JSONObject object) {
+        if (object.containsKey("error")) {
+            throw new AuthException(object.getString("error_description"));
+        }
    }
 }
@@ -1,15 +1,16 @@
 package me.zhyd.oauth.request;

-import cn.hutool.http.HttpRequest;
 import cn.hutool.http.HttpResponse;
 import com.alibaba.fastjson.JSONObject;
+import me.zhyd.oauth.cache.AuthStateCache;
 import me.zhyd.oauth.config.AuthConfig;
+import me.zhyd.oauth.config.AuthDefaultSource;
+import me.zhyd.oauth.enums.AuthUserGender;
 import me.zhyd.oauth.exception.AuthException;
-import me.zhyd.oauth.model.AuthSource;
+import me.zhyd.oauth.model.AuthCallback;
 import me.zhyd.oauth.model.AuthToken;
 import me.zhyd.oauth.model.AuthUser;
 import me.zhyd.oauth.utils.GlobalAuthUtil;
-import me.zhyd.oauth.utils.UrlBuilder;

 import java.util.Map;

@@ -17,46 +18,59 @@ import java.util.Map;
 * Github登录
 *
 * @author yadong.zhang (yadong.zhang0415(a)gmail.com)
- * @version 1.0
- * @since 1.8
+ * @since 1.0.0
 */
-public class AuthGithubRequest extends BaseAuthRequest {
+public class AuthGithubRequest extends AuthDefaultRequest {

    public AuthGithubRequest(AuthConfig config) {
-        super(config, AuthSource.GITHUB);
+        super(config, AuthDefaultSource.GITHUB);
+    }
+
+    public AuthGithubRequest(AuthConfig config, AuthStateCache authStateCache) {
+        super(config, AuthDefaultSource.GITHUB, authStateCache);
    }

    @Override
-    protected AuthToken getAccessToken(String code) {
-        String accessTokenUrl = UrlBuilder.getGithubAccessTokenUrl(config.getClientId(), config.getClientSecret(), code, config.getRedirectUri());
-        HttpResponse response = HttpRequest.post(accessTokenUrl).execute();
+    protected AuthToken getAccessToken(AuthCallback authCallback) {
+        HttpResponse response = doPostAuthorizationCode(authCallback.getCode());
        Map<String, String> res = GlobalAuthUtil.parseStringToMap(response.body());
-        if (res.containsKey("error")) {
-            throw new AuthException(res.get("error") + ":" + res.get("error_description"));
-        }
+
+        this.checkResponse(res.containsKey("error"), res.get("error_description"));
+
        return AuthToken.builder()
-                .accessToken(res.get("access_token"))
-                .build();
+            .accessToken(res.get("access_token"))
+            .scope(res.get("scope"))
+            .tokenType(res.get("token_type"))
+            .build();
    }

    @Override
    protected AuthUser getUserInfo(AuthToken authToken) {
-        String accessToken = authToken.getAccessToken();
-        HttpResponse response = HttpRequest.get(UrlBuilder.getGithubUserInfoUrl(accessToken)).execute();
-        String userInfo = response.body();
-        JSONObject object = JSONObject.parseObject(userInfo);
+        HttpResponse response = doGetUserInfo(authToken);
+        JSONObject object = JSONObject.parseObject(response.body());
+
+        this.checkResponse(object.containsKey("error"), object.getString("error_description"));
+
        return AuthUser.builder()
-                .uuid(object.getString("id"))
-                .username(object.getString("login"))
-                .avatar(object.getString("avatar_url"))
-                .blog(object.getString("blog"))
-                .nickname(object.getString("name"))
-                .company(object.getString("company"))
-                .location(object.getString("location"))
-                .email(object.getString("email"))
-                .remark(object.getString("bio"))
-                .token(authToken)
-                .source(AuthSource.GITHUB)
-                .build();
+            .uuid(object.getString("id"))
+            .username(object.getString("login"))
+            .avatar(object.getString("avatar_url"))
+            .blog(object.getString("blog"))
+            .nickname(object.getString("name"))
+            .company(object.getString("company"))
+            .location(object.getString("location"))
+            .email(object.getString("email"))
+            .remark(object.getString("bio"))
+            .gender(AuthUserGender.UNKNOWN)
+            .token(authToken)
+            .source(source.toString())
+            .build();
    }
+
+    private void checkResponse(boolean error, String error_description) {
+        if (error) {
+            throw new AuthException(error_description);
+        }
+    }
+
 }
@@ -0,0 +1,95 @@
+package me.zhyd.oauth.request;
+
+import cn.hutool.http.HttpResponse;
+import com.alibaba.fastjson.JSONObject;
+import me.zhyd.oauth.cache.AuthStateCache;
+import me.zhyd.oauth.config.AuthConfig;
+import me.zhyd.oauth.config.AuthDefaultSource;
+import me.zhyd.oauth.enums.AuthUserGender;
+import me.zhyd.oauth.exception.AuthException;
+import me.zhyd.oauth.model.AuthCallback;
+import me.zhyd.oauth.model.AuthToken;
+import me.zhyd.oauth.model.AuthUser;
+import me.zhyd.oauth.utils.UrlBuilder;
+
+/**
+ * Gitlab登录
+ *
+ * @author yadong.zhang (yadong.zhang0415(a)gmail.com)
+ * @since 1.11.0
+ */
+public class AuthGitlabRequest extends AuthDefaultRequest {
+
+    public AuthGitlabRequest(AuthConfig config) {
+        super(config, AuthDefaultSource.GITLAB);
+    }
+
+    public AuthGitlabRequest(AuthConfig config, AuthStateCache authStateCache) {
+        super(config, AuthDefaultSource.GITLAB, authStateCache);
+    }
+
+    @Override
+    protected AuthToken getAccessToken(AuthCallback authCallback) {
+        HttpResponse response = doPostAuthorizationCode(authCallback.getCode());
+        JSONObject object = JSONObject.parseObject(response.body());
+
+        this.checkResponse(object);
+
+        return AuthToken.builder()
+            .accessToken(object.getString("access_token"))
+            .refreshToken(object.getString("refresh_token"))
+            .idToken(object.getString("id_token"))
+            .tokenType(object.getString("token_type"))
+            .scope(object.getString("scope"))
+            .build();
+    }
+
+    @Override
+    protected AuthUser getUserInfo(AuthToken authToken) {
+        HttpResponse response = doGetUserInfo(authToken);
+        JSONObject object = JSONObject.parseObject(response.body());
+
+        this.checkResponse(object);
+
+        return AuthUser.builder()
+            .uuid(object.getString("id"))
+            .username(object.getString("username"))
+            .nickname(object.getString("name"))
+            .avatar(object.getString("avatar_url"))
+            .blog(object.getString("web_url"))
+            .company(object.getString("organization"))
+            .location(object.getString("location"))
+            .email(object.getString("email"))
+            .remark(object.getString("bio"))
+            .gender(AuthUserGender.UNKNOWN)
+            .token(authToken)
+            .source(source.toString())
+            .build();
+    }
+
+    private void checkResponse(JSONObject object) {
+        // oauth/token 验证异常
+        if (object.containsKey("error")) {
+            throw new AuthException(object.getString("error_description"));
+        }
+        // user 验证异常
+        if (object.containsKey("message")) {
+            throw new AuthException(object.getString("message"));
+        }
+    }
+
+    /**
+     * 返回带{@code state}参数的授权url，授权回调时会带上这个{@code state}
+     *
+     * @param state state 验证授权流程的参数，可以防止csrf
+     * @return 返回授权地址
+     * @since 1.11.0
+     */
+    @Override
+    public String authorize(String state) {
+        return UrlBuilder.fromBaseUrl(super.authorize(state))
+            .queryParam("scope", "read_user+openid+profile+email")
+            .build();
+    }
+
+}
@@ -3,9 +3,12 @@ package me.zhyd.oauth.request;
 import cn.hutool.http.HttpRequest;
 import cn.hutool.http.HttpResponse;
 import com.alibaba.fastjson.JSONObject;
+import me.zhyd.oauth.cache.AuthStateCache;
 import me.zhyd.oauth.config.AuthConfig;
+import me.zhyd.oauth.config.AuthDefaultSource;
+import me.zhyd.oauth.enums.AuthUserGender;
 import me.zhyd.oauth.exception.AuthException;
-import me.zhyd.oauth.model.AuthSource;
+import me.zhyd.oauth.model.AuthCallback;
 import me.zhyd.oauth.model.AuthToken;
 import me.zhyd.oauth.model.AuthUser;
 import me.zhyd.oauth.utils.UrlBuilder;
@@ -14,51 +17,90 @@ import me.zhyd.oauth.utils.UrlBuilder;
 * Google登录
 *
 * @author yangkai.shen (https://xkcoding.com)
- * @version 1.3
- * @since 1.3
+ * @since 1.3.0
 */
-public class AuthGoogleRequest extends BaseAuthRequest {
+public class AuthGoogleRequest extends AuthDefaultRequest {

    public AuthGoogleRequest(AuthConfig config) {
-        super(config, AuthSource.GOOGLE);
+        super(config, AuthDefaultSource.GOOGLE);
+    }
+
+    public AuthGoogleRequest(AuthConfig config, AuthStateCache authStateCache) {
+        super(config, AuthDefaultSource.GOOGLE, authStateCache);
    }

    @Override
-    protected AuthToken getAccessToken(String code) {
-        String accessTokenUrl = UrlBuilder.getGoogleAccessTokenUrl(config.getClientId(), config.getClientSecret(), code, config
-                .getRedirectUri());
-        HttpResponse response = HttpRequest.post(accessTokenUrl).execute();
-        JSONObject object = JSONObject.parseObject(response.body());
-
-        if (object.containsKey("error") || object.containsKey("error_description")) {
-            throw new AuthException("get google access_token has error:[" + object.getString("error") + "], error_description:[" + object
-                    .getString("error_description") + "]");
-        }
-
+    protected AuthToken getAccessToken(AuthCallback authCallback) {
+        HttpResponse response = doPostAuthorizationCode(authCallback.getCode());
+        JSONObject accessTokenObject = JSONObject.parseObject(response.body());
+        this.checkResponse(accessTokenObject);
        return AuthToken.builder()
-                .accessToken(object.getString("access_token"))
-                .expireIn(object.getIntValue("expires_in"))
-                .scope(object.getString("scope"))
-                .tokenType(object.getString("token_type"))
-                .idToken(object.getString("id_token"))
-                .build();
+            .accessToken(accessTokenObject.getString("access_token"))
+            .expireIn(accessTokenObject.getIntValue("expires_in"))
+            .scope(accessTokenObject.getString("scope"))
+            .tokenType(accessTokenObject.getString("token_type"))
+            .idToken(accessTokenObject.getString("id_token"))
+            .build();
    }

    @Override
    protected AuthUser getUserInfo(AuthToken authToken) {
-        String accessToken = authToken.getIdToken();
-        HttpResponse response = HttpRequest.get(UrlBuilder.getGoogleUserInfoUrl(accessToken)).execute();
+        HttpResponse response = HttpRequest.post(userInfoUrl(authToken))
+            .header("Authorization", "Bearer " + authToken.getAccessToken())
+            .execute();
        String userInfo = response.body();
        JSONObject object = JSONObject.parseObject(userInfo);
+        this.checkResponse(object);
        return AuthUser.builder()
-                .uuid(object.getString("sub"))
-                .username(object.getString("name"))
-                .avatar(object.getString("picture"))
-                .nickname(object.getString("name"))
-                .location(object.getString("locale"))
-                .email(object.getString("email"))
-                .token(authToken)
-                .source(AuthSource.GOOGLE)
-                .build();
+            .uuid(object.getString("sub"))
+            .username(object.getString("email"))
+            .avatar(object.getString("picture"))
+            .nickname(object.getString("name"))
+            .location(object.getString("locale"))
+            .email(object.getString("email"))
+            .gender(AuthUserGender.UNKNOWN)
+            .token(authToken)
+            .source(source.toString())
+            .build();
+    }
+
+    /**
+     * 返回带{@code state}参数的授权url，授权回调时会带上这个{@code state}
+     *
+     * @param state state 验证授权流程的参数，可以防止csrf
+     * @return 返回授权地址
+     * @since 1.9.3
+     */
+    @Override
+    public String authorize(String state) {
+        return UrlBuilder.fromBaseUrl(source.authorize())
+            .queryParam("response_type", "code")
+            .queryParam("client_id", config.getClientId())
+            .queryParam("scope", "openid%20email%20profile")
+            .queryParam("redirect_uri", config.getRedirectUri())
+            .queryParam("state", getRealState(state))
+            .build();
+    }
+
+    /**
+     * 返回获取userInfo的url
+     *
+     * @param authToken 用户授权后的token
+     * @return 返回获取userInfo的url
+     */
+    @Override
+    protected String userInfoUrl(AuthToken authToken) {
+        return UrlBuilder.fromBaseUrl(source.userInfo()).queryParam("access_token", authToken.getAccessToken()).build();
+    }
+
+    /**
+     * 检查响应内容是否正确
+     *
+     * @param object 请求响应内容
+     */
+    private void checkResponse(JSONObject object) {
+        if (object.containsKey("error") || object.containsKey("error_description")) {
+            throw new AuthException(object.containsKey("error") + ":" + object.getString("error_description"));
+        }
    }
 }
@@ -0,0 +1,196 @@
+package me.zhyd.oauth.request;
+
+import cn.hutool.http.HttpRequest;
+import cn.hutool.http.HttpResponse;
+import com.alibaba.fastjson.JSONObject;
+import me.zhyd.oauth.cache.AuthStateCache;
+import me.zhyd.oauth.config.AuthConfig;
+import me.zhyd.oauth.config.AuthDefaultSource;
+import me.zhyd.oauth.enums.AuthUserGender;
+import me.zhyd.oauth.exception.AuthException;
+import me.zhyd.oauth.model.AuthCallback;
+import me.zhyd.oauth.model.AuthResponse;
+import me.zhyd.oauth.model.AuthToken;
+import me.zhyd.oauth.model.AuthUser;
+import me.zhyd.oauth.utils.UrlBuilder;
+
+import static me.zhyd.oauth.enums.AuthResponseStatus.SUCCESS;
+
+/**
+ * 华为授权登录
+ *
+ * @author yadong.zhang (yadong.zhang0415(a)gmail.com)
+ * @version 1.0
+ * @since 1.10.0
+ */
+public class AuthHuaweiRequest extends AuthDefaultRequest {
+
+    public AuthHuaweiRequest(AuthConfig config) {
+        super(config, AuthDefaultSource.HUAWEI);
+    }
+
+    public AuthHuaweiRequest(AuthConfig config, AuthStateCache authStateCache) {
+        super(config, AuthDefaultSource.HUAWEI, authStateCache);
+    }
+
+    /**
+     * 获取access token
+     *
+     * @param authCallback 授权成功后的回调参数
+     * @return token
+     * @see AuthDefaultRequest#authorize()
+     * @see AuthDefaultRequest#authorize(String)
+     */
+    @Override
+    protected AuthToken getAccessToken(AuthCallback authCallback) {
+        HttpRequest request = HttpRequest.post(source.accessToken())
+            .form("grant_type", "authorization_code")
+            .form("code", authCallback.getAuthorization_code())
+            .form("client_id", config.getClientId())
+            .form("client_secret", config.getClientSecret())
+            .form("redirect_uri", config.getRedirectUri());
+        return getAuthToken(request);
+    }
+
+    /**
+     * 使用token换取用户信息
+     *
+     * @param authToken token信息
+     * @return 用户信息
+     * @see AuthDefaultRequest#getAccessToken(AuthCallback)
+     */
+    @Override
+    protected AuthUser getUserInfo(AuthToken authToken) {
+        HttpResponse response = HttpRequest.post(source.userInfo())
+            .form("nsp_ts", System.currentTimeMillis())
+            .form("access_token", authToken.getAccessToken())
+            .form("nsp_fmt", "JS")
+            .form("nsp_svc", "OpenUP.User.getInfo")
+            .execute();
+        JSONObject object = JSONObject.parseObject(response.body());
+
+        this.checkResponse(object);
+
+        AuthUserGender gender = getRealGender(object);
+
+        return AuthUser.builder()
+            .uuid(object.getString("userID"))
+            .username(object.getString("userName"))
+            .nickname(object.getString("userName"))
+            .gender(gender)
+            .avatar(object.getString("headPictureURL"))
+            .token(authToken)
+            .source(source.toString())
+            .build();
+    }
+
+    /**
+     * 刷新access token （续期）
+     *
+     * @param authToken 登录成功后返回的Token信息
+     * @return AuthResponse
+     */
+    @Override
+    public AuthResponse refresh(AuthToken authToken) {
+        HttpRequest request = HttpRequest.post(source.refresh())
+            .form("client_id", config.getClientId())
+            .form("client_secret", config.getClientSecret())
+            .form("refresh_token", authToken.getRefreshToken())
+            .form("grant_type", "refresh_token");
+        return AuthResponse.builder()
+            .code(SUCCESS.getCode())
+            .data(getAuthToken(request))
+            .build();
+    }
+
+    private AuthToken getAuthToken(HttpRequest request) {
+        HttpResponse response = request.execute();
+        JSONObject object = JSONObject.parseObject(response.body());
+
+        this.checkResponse(object);
+
+        return AuthToken.builder()
+            .accessToken(object.getString("access_token"))
+            .expireIn(object.getIntValue("expires_in"))
+            .refreshToken(object.getString("refresh_token"))
+            .build();
+    }
+
+    /**
+     * 返回带{@code state}参数的授权url，授权回调时会带上这个{@code state}
+     *
+     * @param state state 验证授权流程的参数，可以防止csrf
+     * @return 返回授权地址
+     * @since 1.9.3
+     */
+    @Override
+    public String authorize(String state) {
+        return UrlBuilder.fromBaseUrl(source.authorize())
+            .queryParam("response_type", "code")
+            .queryParam("client_id", config.getClientId())
+            .queryParam("redirect_uri", config.getRedirectUri())
+            .queryParam("access_type", "offline")
+            .queryParam("scope", "https%3A%2F%2Fwww.huawei.com%2Fauth%2Faccount%2Fbase.profile")
+            .queryParam("state", getRealState(state))
+            .build();
+    }
+
+    /**
+     * 返回获取accessToken的url
+     *
+     * @param code 授权码
+     * @return 返回获取accessToken的url
+     */
+    @Override
+    protected String accessTokenUrl(String code) {
+        return UrlBuilder.fromBaseUrl(source.accessToken())
+            .queryParam("grant_type", "authorization_code")
+            .queryParam("code", code)
+            .queryParam("client_id", config.getClientId())
+            .queryParam("client_secret", config.getClientSecret())
+            .queryParam("redirect_uri", config.getRedirectUri())
+            .build();
+    }
+
+    /**
+     * 返回获取userInfo的url
+     *
+     * @param authToken token
+     * @return 返回获取userInfo的url
+     */
+    @Override
+    protected String userInfoUrl(AuthToken authToken) {
+        return UrlBuilder.fromBaseUrl(source.userInfo())
+            .queryParam("nsp_ts", System.currentTimeMillis())
+            .queryParam("access_token", authToken.getAccessToken())
+            .queryParam("nsp_fmt", "JS")
+            .queryParam("nsp_svc", "OpenUP.User.getInfo")
+            .build();
+    }
+
+    /**
+     * 获取用户的实际性别。华为系统中，用户的性别：1表示女，0表示男
+     *
+     * @param object obj
+     * @return AuthUserGender
+     */
+    private AuthUserGender getRealGender(JSONObject object) {
+        int genderCodeInt = object.getIntValue("gender");
+        String genderCode = genderCodeInt == 1 ? "0" : (genderCodeInt == 0) ? "1" : genderCodeInt + "";
+        return AuthUserGender.getRealGender(genderCode);
+    }
+
+    /**
+     * 校验响应结果
+     *
+     * @param object 接口返回的结果
+     */
+    private void checkResponse(JSONObject object) {
+        if (object.containsKey("NSP_STATUS")) {
+            throw new AuthException(object.getString("error"));
+        }
+        if (object.containsKey("error")) {
+            throw new AuthException(object.getString("sub_error") + ":" + object.getString("error_description"));
+        }
+    }
+}
@@ -0,0 +1,134 @@
+package me.zhyd.oauth.request;
+
+import cn.hutool.http.HttpRequest;
+import cn.hutool.http.HttpResponse;
+import com.alibaba.fastjson.JSONObject;
+import me.zhyd.oauth.cache.AuthStateCache;
+import me.zhyd.oauth.config.AuthConfig;
+import me.zhyd.oauth.config.AuthDefaultSource;
+import me.zhyd.oauth.enums.AuthResponseStatus;
+import me.zhyd.oauth.exception.AuthException;
+import me.zhyd.oauth.model.AuthCallback;
+import me.zhyd.oauth.model.AuthResponse;
+import me.zhyd.oauth.model.AuthToken;
+import me.zhyd.oauth.model.AuthUser;
+import me.zhyd.oauth.utils.StringUtils;
+import me.zhyd.oauth.utils.UrlBuilder;
+
+/**
+ * 酷家乐授权登录
+ *
+ * @author shahuang
+ * @since 1.11.0
+ */
+public class AuthKujialeRequest extends AuthDefaultRequest {
+
+    public AuthKujialeRequest(AuthConfig config) {
+        super(config, AuthDefaultSource.KUJIALE);
+    }
+
+    public AuthKujialeRequest(AuthConfig config, AuthStateCache authStateCache) {
+        super(config, AuthDefaultSource.KUJIALE, authStateCache);
+    }
+
+    /**
+     * 返回带{@code state}参数的授权url，授权回调时会带上这个{@code state}
+     * 默认只向用户请求用户信息授权
+     *
+     * @param state state 验证授权流程的参数，可以防止csrf
+     * @return 返回授权地址
+     * @since 1.11.0
+     */
+    @Override
+    public String authorize(String state) {
+        return authorize(state, "get_user_info");
+    }
+
+    /**
+     * 请求授权url
+     *
+     * @param state    state 验证授权流程的参数，可以防止csrf
+     * @param scopeStr 请求用户授权时向用户显示的可进行授权的列表。如果要填写多个接口名称，请用逗号隔开
+     *                 参考https://open.kujiale.com/open/apps/2/docs?doc_id=95#Step1%EF%BC%9A%E8%8E%B7%E5%8F%96Authorization%20Code参数表内的scope字段
+     * @return authorize url
+     */
+    public String authorize(String state, String scopeStr) {
+        UrlBuilder urlBuilder = UrlBuilder.fromBaseUrl(source.authorize())
+            .queryParam("response_type", "code")
+            .queryParam("client_id", config.getClientId())
+            .queryParam("redirect_uri", config.getRedirectUri())
+            .queryParam("state", getRealState(state));
+        if (StringUtils.isNotEmpty(scopeStr)) {
+            urlBuilder.queryParam("scope", scopeStr);
+        }
+        return urlBuilder.build();
+    }
+
+    @Override
+    public AuthToken getAccessToken(AuthCallback authCallback) {
+        HttpResponse response = doPostAuthorizationCode(authCallback.getCode());
+        return getAuthToken(response);
+    }
+
+    private AuthToken getAuthToken(HttpResponse response) {
+        JSONObject accessTokenObject = checkResponse(response);
+        JSONObject resultObject = accessTokenObject.getJSONObject("d");
+        return AuthToken.builder()
+            .accessToken(resultObject.getString("accessToken"))
+            .refreshToken(resultObject.getString("refreshToken"))
+            .expireIn(resultObject.getIntValue("expiresIn"))
+            .build();
+    }
+
+    private JSONObject checkResponse(HttpResponse response) {
+        String accessTokenStr = response.body();
+        JSONObject accessTokenObject = JSONObject.parseObject(accessTokenStr);
+        if (!"0".equals(accessTokenObject.getString("c"))) {
+            throw new AuthException(accessTokenObject.getString("m"));
+        }
+        return accessTokenObject;
+    }
+
+    @Override
+    public AuthUser getUserInfo(AuthToken authToken) {
+        String openId = this.getOpenId(authToken);
+        HttpResponse response = HttpRequest.get(UrlBuilder.fromBaseUrl(source.userInfo())
+            .queryParam("access_token", authToken.getAccessToken())
+            .queryParam("open_id", openId)
+            .build()).execute();
+        JSONObject object = JSONObject.parseObject(response.body());
+        if (!"0".equals(object.getString("c"))) {
+            throw new AuthException(object.getString("m"));
+        }
+        JSONObject resultObject = object.getJSONObject("d");
+
+        return AuthUser.builder()
+            .username(resultObject.getString("userName"))
+            .nickname(resultObject.getString("userName"))
+            .avatar(resultObject.getString("avatar"))
+            .uuid(resultObject.getString("openId"))
+            .token(authToken)
+            .source(source.toString())
+            .build();
+    }
+
+    /**
+     * 获取酷家乐的openId，此id在当前client范围内可以唯一识别授权用户
+     *
+     * @param authToken 通过{@link AuthKujialeRequest#getAccessToken(AuthCallback)}获取到的{@code authToken}
+     * @return openId
+     */
+    private String getOpenId(AuthToken authToken) {
+        HttpResponse response = HttpRequest.get(UrlBuilder.fromBaseUrl("https://oauth.kujiale.com/oauth2/auth/user")
+            .queryParam("access_token", authToken.getAccessToken())
+            .build()).execute();
+        JSONObject accessTokenObject = checkResponse(response);
+        return accessTokenObject.getString("d");
+    }
+
+    @Override
+    public AuthResponse refresh(AuthToken authToken) {
+        HttpResponse response = HttpRequest.post(refreshTokenUrl(authToken.getRefreshToken())).execute();
+        return AuthResponse.builder().code(AuthResponseStatus.SUCCESS.getCode()).data(getAuthToken(response)).build();
+    }
+}
@@ -4,10 +4,15 @@ import cn.hutool.http.HttpRequest;
 import cn.hutool.http.HttpResponse;
 import com.alibaba.fastjson.JSONArray;
 import com.alibaba.fastjson.JSONObject;
+import com.alibaba.fastjson.JSONPath;
+import me.zhyd.oauth.cache.AuthStateCache;
 import me.zhyd.oauth.config.AuthConfig;
+import me.zhyd.oauth.config.AuthDefaultSource;
+import me.zhyd.oauth.enums.AuthResponseStatus;
+import me.zhyd.oauth.enums.AuthUserGender;
 import me.zhyd.oauth.exception.AuthException;
+import me.zhyd.oauth.model.AuthCallback;
 import me.zhyd.oauth.model.AuthResponse;
-import me.zhyd.oauth.model.AuthSource;
 import me.zhyd.oauth.model.AuthToken;
 import me.zhyd.oauth.model.AuthUser;
 import me.zhyd.oauth.utils.StringUtils;
@@ -18,34 +23,61 @@ import me.zhyd.oauth.utils.UrlBuilder;
 * 领英登录
 *
 * @author yadong.zhang (yadong.zhang0415(a)gmail.com)
- * @version 1.0
- * @since 1.8
+ * @since 1.4.0
 */
-public class AuthLinkedinRequest extends BaseAuthRequest {
+public class AuthLinkedinRequest extends AuthDefaultRequest {

    public AuthLinkedinRequest(AuthConfig config) {
-        super(config, AuthSource.LINKEDIN);
+        super(config, AuthDefaultSource.LINKEDIN);
+    }
+
+    public AuthLinkedinRequest(AuthConfig config, AuthStateCache authStateCache) {
+        super(config, AuthDefaultSource.LINKEDIN, authStateCache);
    }

    @Override
-    protected AuthToken getAccessToken(String code) {
-        String accessTokenUrl = UrlBuilder.getLinkedinAccessTokenUrl(config.getClientId(), config.getClientSecret(), code, config.getRedirectUri());
-        return this.getToken(accessTokenUrl);
+    protected AuthToken getAccessToken(AuthCallback authCallback) {
+        return this.getToken(accessTokenUrl(authCallback.getCode()));
    }

    @Override
    protected AuthUser getUserInfo(AuthToken authToken) {
        String accessToken = authToken.getAccessToken();
-        HttpResponse response = HttpRequest.get(UrlBuilder.getLinkedinUserInfoUrl())
-                .header("Host", "api.linkedin.com")
-                .header("Connection", "Keep-Alive")
-                .header("Authorization", "Bearer " + accessToken)
-                .execute();
+        HttpResponse response = HttpRequest.get(userInfoUrl(authToken))
+            .header("Host", "api.linkedin.com")
+            .header("Connection", "Keep-Alive")
+            .header("Authorization", "Bearer " + accessToken)
+            .execute();
        JSONObject userInfoObject = JSONObject.parseObject(response.body());

        this.checkResponse(userInfoObject);

-        // 组装用户名
+        String userName = getUserName(userInfoObject);
+
+        // 获取用户头像
+        String avatar = this.getAvatar(userInfoObject);
+
+        // 获取用户邮箱地址
+        String email = this.getUserEmail(accessToken);
+        return AuthUser.builder()
+            .uuid(userInfoObject.getString("id"))
+            .username(userName)
+            .nickname(userName)
+            .avatar(avatar)
+            .email(email)
+            .token(authToken)
+            .gender(AuthUserGender.UNKNOWN)
+            .source(source.toString())
+            .build();
+    }
+
+    /**
+     * 获取用户的真实名
+     *
+     * @param userInfoObject 用户json对象
+     * @return 用户名
+     */
+    private String getUserName(JSONObject userInfoObject) {
        String firstName, lastName;
        // 获取firstName
        if (userInfoObject.containsKey("localizedFirstName")) {
@@ -59,45 +91,45 @@ public class AuthLinkedinRequest extends BaseAuthRequest {
        } else {
            lastName = getUserName(userInfoObject, "lastName");
        }
-        String userName = firstName + " " + lastName;
+        return firstName + " " + lastName;
+    }

-        // 获取用户头像
+    /**
+     * 获取用户的头像
+     *
+     * @param userInfoObject 用户json对象
+     * @return 用户的头像地址
+     */
+    private String getAvatar(JSONObject userInfoObject) {
        String avatar = null;
        JSONObject profilePictureObject = userInfoObject.getJSONObject("profilePicture");
        if (profilePictureObject.containsKey("displayImage~")) {
-            JSONArray displayImageElements = profilePictureObject.getJSONObject("displayImage~").getJSONArray("elements");
+            JSONArray displayImageElements = profilePictureObject.getJSONObject("displayImage~")
+                .getJSONArray("elements");
            if (null != displayImageElements && displayImageElements.size() > 0) {
                JSONObject largestImageObj = displayImageElements.getJSONObject(displayImageElements.size() - 1);
                avatar = largestImageObj.getJSONArray("identifiers").getJSONObject(0).getString("identifier");
            }
        }
-
-        // 获取用户邮箱地址
-        String email = this.getUserEmail(accessToken);
-        return AuthUser.builder()
-                .uuid(userInfoObject.getString("id"))
-                .username(userName)
-                .nickname(userName)
-                .avatar(avatar)
-                .email(email)
-                .token(authToken)
-                .source(AuthSource.LINKEDIN)
-                .build();
+        return avatar;
    }

+    /**
+     * 获取用户的email
+     *
+     * @param accessToken 用户授权后返回的token
+     * @return 用户的邮箱地址
+     */
    private String getUserEmail(String accessToken) {
-        String email = null;
        HttpResponse emailResponse = HttpRequest.get("https://api.linkedin.com/v2/emailAddress?q=members&projection=(elements*(handle~))")
-                .header("Host", "api.linkedin.com")
-                .header("Connection", "Keep-Alive")
-                .header("Authorization", "Bearer " + accessToken)
-                .execute();
-        System.out.println(emailResponse.body());
+            .header("Host", "api.linkedin.com")
+            .header("Connection", "Keep-Alive")
+            .header("Authorization", "Bearer " + accessToken)
+            .execute();
        JSONObject emailObj = JSONObject.parseObject(emailResponse.body());
-        if (emailObj.containsKey("elements")) {
-            email = emailObj.getJSONArray("elements").getJSONObject(0).getJSONObject("handle~").getString("emailAddress");
-        }
-        return email;
+        this.checkResponse(emailObj);
+        Object obj = JSONPath.eval(emailObj, "$['elements'][0]['handle~']['emailAddress']");
+        return null == obj ? null : (String) obj;
    }

    private String getUserName(JSONObject userInfoObject, String nameKey) {
@@ -111,19 +143,25 @@ public class AuthLinkedinRequest extends BaseAuthRequest {

    @Override
    public AuthResponse refresh(AuthToken oldToken) {
-        if (StringUtils.isEmpty(oldToken.getRefreshToken())) {
-            throw new AuthException(ResponseStatus.UNSUPPORTED);
+        String refreshToken = oldToken.getRefreshToken();
+        if (StringUtils.isEmpty(refreshToken)) {
+            throw new AuthException(AuthResponseStatus.UNSUPPORTED);
        }
-        String refreshTokenUrl = UrlBuilder.getLinkedinRefreshUrl(config.getClientId(), config.getClientSecret(), oldToken.getRefreshToken());
+        String refreshTokenUrl = refreshTokenUrl(refreshToken);
        return AuthResponse.builder()
-                .code(ResponseStatus.SUCCESS.getCode())
-                .data(this.getToken(refreshTokenUrl))
-                .build();
+            .code(AuthResponseStatus.SUCCESS.getCode())
+            .data(this.getToken(refreshTokenUrl))
+            .build();
    }

-    private void checkResponse(JSONObject userInfoObject) {
-        if (userInfoObject.containsKey("error")) {
-            throw new AuthException(userInfoObject.getString("error_description"));
+    /**
+     * 检查响应内容是否正确
+     *
+     * @param object 请求响应内容
+     */
+    private void checkResponse(JSONObject object) {
+        if (object.containsKey("error")) {
+            throw new AuthException(object.getString("error_description"));
        }
    }

@@ -135,18 +173,49 @@ public class AuthLinkedinRequest extends BaseAuthRequest {
     */
    private AuthToken getToken(String accessTokenUrl) {
        HttpResponse response = HttpRequest.post(accessTokenUrl)
-                .header("Host", "www.linkedin.com")
-                .header("Content-Type", "application/x-www-form-urlencoded")
-                .execute();
+            .header("Host", "www.linkedin.com")
+            .contentType("application/x-www-form-urlencoded")
+            .execute();
        String accessTokenStr = response.body();
        JSONObject accessTokenObject = JSONObject.parseObject(accessTokenStr);

        this.checkResponse(accessTokenObject);

        return AuthToken.builder()
-                .accessToken(accessTokenObject.getString("access_token"))
-                .expireIn(accessTokenObject.getIntValue("expires_in"))
-                .refreshToken(accessTokenObject.getString("refresh_token"))
-                .build();
+            .accessToken(accessTokenObject.getString("access_token"))
+            .expireIn(accessTokenObject.getIntValue("expires_in"))
+            .refreshToken(accessTokenObject.getString("refresh_token"))
+            .build();
+    }
+
+    /**
+     * 返回带{@code state}参数的授权url，授权回调时会带上这个{@code state}
+     *
+     * @param state state 验证授权流程的参数，可以防止csrf
+     * @return 返回授权地址
+     * @since 1.9.3
+     */
+    @Override
+    public String authorize(String state) {
+        return UrlBuilder.fromBaseUrl(source.authorize())
+            .queryParam("response_type", "code")
+            .queryParam("client_id", config.getClientId())
+            .queryParam("redirect_uri", config.getRedirectUri())
+            .queryParam("scope", "r_liteprofile%20r_emailaddress%20w_member_social")
+            .queryParam("state", getRealState(state))
+            .build();
+    }
+
+    /**
+     * 返回获取userInfo的url
+     *
+     * @param authToken 用户授权后的token
+     * @return 返回获取userInfo的url
+     */
+    @Override
+    protected String userInfoUrl(AuthToken authToken) {
+        return UrlBuilder.fromBaseUrl(source.userInfo())
+            .queryParam("projection", "(id,firstName,lastName,profilePicture(displayImage~:playableStreams))")
+            .build();
    }
 }
@@ -0,0 +1,114 @@
+package me.zhyd.oauth.request;
+
+import cn.hutool.http.HttpRequest;
+import cn.hutool.http.HttpResponse;
+import com.alibaba.fastjson.JSONObject;
+import me.zhyd.oauth.cache.AuthStateCache;
+import me.zhyd.oauth.config.AuthConfig;
+import me.zhyd.oauth.config.AuthDefaultSource;
+import me.zhyd.oauth.enums.AuthResponseStatus;
+import me.zhyd.oauth.enums.AuthUserGender;
+import me.zhyd.oauth.exception.AuthException;
+import me.zhyd.oauth.model.AuthCallback;
+import me.zhyd.oauth.model.AuthResponse;
+import me.zhyd.oauth.model.AuthToken;
+import me.zhyd.oauth.model.AuthUser;
+import me.zhyd.oauth.utils.UrlBuilder;
+
+/**
+ * 美团登录
+ *
+ * @author yadong.zhang (yadong.zhang0415(a)gmail.com)
+ * @since 1.12.0
+ */
+public class AuthMeituanRequest extends AuthDefaultRequest {
+
+    public AuthMeituanRequest(AuthConfig config) {
+        super(config, AuthDefaultSource.MEITUAN);
+    }
+
+    public AuthMeituanRequest(AuthConfig config, AuthStateCache authStateCache) {
+        super(config, AuthDefaultSource.MEITUAN, authStateCache);
+    }
+
+    @Override
+    protected AuthToken getAccessToken(AuthCallback authCallback) {
+        HttpResponse response = HttpRequest.post(source.accessToken())
+            .form("app_id", config.getClientId())
+            .form("secret", config.getClientSecret())
+            .form("code", authCallback.getCode())
+            .form("grant_type", "authorization_code")
+            .execute();
+        JSONObject object = JSONObject.parseObject(response.body());
+
+        this.checkResponse(object);
+
+        return AuthToken.builder()
+            .accessToken(object.getString("access_token"))
+            .refreshToken(object.getString("refresh_token"))
+            .expireIn(object.getIntValue("expires_in"))
+            .build();
+    }
+
+    @Override
+    protected AuthUser getUserInfo(AuthToken authToken) {
+        HttpResponse response = HttpRequest.post(source.userInfo())
+            .form("app_id", config.getClientId())
+            .form("secret", config.getClientSecret())
+            .form("access_token", authToken.getAccessToken())
+            .execute();
+        JSONObject object = JSONObject.parseObject(response.body());
+
+        this.checkResponse(object);
+
+        return AuthUser.builder()
+            .uuid(object.getString("openid"))
+            .username(object.getString("nickname"))
+            .nickname(object.getString("nickname"))
+            .avatar(object.getString("avatar"))
+            .gender(AuthUserGender.UNKNOWN)
+            .token(authToken)
+            .source(source.toString())
+            .build();
+    }
+
+    @Override
+    public AuthResponse refresh(AuthToken oldToken) {
+        HttpResponse response = HttpRequest.post(source.refresh())
+            .form("app_id", config.getClientId())
+            .form("secret", config.getClientSecret())
+            .form("refresh_token", oldToken.getRefreshToken())
+            .form("grant_type", "refresh_token")
+            .execute();
+        JSONObject object = JSONObject.parseObject(response.body());
+
+        this.checkResponse(object);
+
+        return AuthResponse.builder()
+            .code(AuthResponseStatus.SUCCESS.getCode())
+            .data(AuthToken.builder()
+                .accessToken(object.getString("access_token"))
+                .refreshToken(object.getString("refresh_token"))
+                .expireIn(object.getIntValue("expires_in"))
+                .build())
+            .build();
+    }
+
+    private void checkResponse(JSONObject object) {
+        if (object.containsKey("error_code")) {
+            throw new AuthException(object.getString("erroe_msg"));
+        }
+    }
+
+    @Override
+    public String authorize(String state) {
+        return UrlBuilder.fromBaseUrl(source.authorize())
+            .queryParam("response_type", "code")
+            .queryParam("app_id", config.getClientId())
+            .queryParam("redirect_uri", config.getRedirectUri())
+            .queryParam("state", getRealState(state))
+            .queryParam("scope", "")
+            .build();
+    }
+
+}
@@ -4,10 +4,15 @@ import cn.hutool.core.util.StrUtil;
 import cn.hutool.http.HttpRequest;
 import cn.hutool.http.HttpResponse;
 import com.alibaba.fastjson.JSONObject;
+import me.zhyd.oauth.cache.AuthStateCache;
 import me.zhyd.oauth.config.AuthConfig;
+import me.zhyd.oauth.config.AuthDefaultSource;
+import me.zhyd.oauth.enums.AuthResponseStatus;
+import me.zhyd.oauth.enums.AuthUserGender;
 import me.zhyd.oauth.exception.AuthException;
+import me.zhyd.oauth.log.Log;
+import me.zhyd.oauth.model.AuthCallback;
 import me.zhyd.oauth.model.AuthResponse;
-import me.zhyd.oauth.model.AuthSource;
 import me.zhyd.oauth.model.AuthToken;
 import me.zhyd.oauth.model.AuthUser;
 import me.zhyd.oauth.utils.UrlBuilder;
@@ -18,75 +23,79 @@ import java.text.MessageFormat;
 * 小米登录
 *
 * @author yangkai.shen (https://xkcoding.com)
- * @version 1.5
- * @since 1.5
+ * @since 1.5.0
 */
-public class AuthMiRequest extends BaseAuthRequest {
+public class AuthMiRequest extends AuthDefaultRequest {
    private static final String PREFIX = "&&&START&&&";

    public AuthMiRequest(AuthConfig config) {
-        super(config, AuthSource.MI);
+        super(config, AuthDefaultSource.MI);
+    }
+
+    public AuthMiRequest(AuthConfig config, AuthStateCache authStateCache) {
+        super(config, AuthDefaultSource.MI, authStateCache);
    }

    @Override
-    protected AuthToken getAccessToken(String code) {
-        String accessTokenUrl = UrlBuilder.getMiAccessTokenUrl(config.getClientId(), config.getClientSecret(), config.getRedirectUri(), code);
-        return getToken(accessTokenUrl);
+    protected AuthToken getAccessToken(AuthCallback authCallback) {
+        return getToken(accessTokenUrl(authCallback.getCode()));
    }

    private AuthToken getToken(String accessTokenUrl) {
        HttpResponse response = HttpRequest.get(accessTokenUrl).execute();
        String jsonStr = StrUtil.replace(response.body(), PREFIX, StrUtil.EMPTY);
-        JSONObject object = JSONObject.parseObject(jsonStr);
+        JSONObject accessTokenObject = JSONObject.parseObject(jsonStr);

-        if (object.containsKey("error")) {
-            throw new AuthException(object.getString("error_description"));
+        if (accessTokenObject.containsKey("error")) {
+            throw new AuthException(accessTokenObject.getString("error_description"));
        }

        return AuthToken.builder()
-                .accessToken(object.getString("access_token"))
-                .expireIn(object.getIntValue("expires_in"))
-                .scope(object.getString("scope"))
-                .tokenType(object.getString("token_type"))
-                .refreshToken(object.getString("refresh_token"))
-                .openId(object.getString("openId"))
-                .macAlgorithm(object.getString("mac_algorithm"))
-                .macKey(object.getString("mac_key"))
-                .build();
+            .accessToken(accessTokenObject.getString("access_token"))
+            .expireIn(accessTokenObject.getIntValue("expires_in"))
+            .scope(accessTokenObject.getString("scope"))
+            .tokenType(accessTokenObject.getString("token_type"))
+            .refreshToken(accessTokenObject.getString("refresh_token"))
+            .openId(accessTokenObject.getString("openId"))
+            .macAlgorithm(accessTokenObject.getString("mac_algorithm"))
+            .macKey(accessTokenObject.getString("mac_key"))
+            .build();
    }

    @Override
    protected AuthUser getUserInfo(AuthToken authToken) {
        // 获取用户信息
-        HttpResponse userResponse = HttpRequest.get(UrlBuilder.getMiUserInfoUrl(config.getClientId(), authToken.getAccessToken()))
-                .execute();
+        HttpResponse userResponse = doGetUserInfo(authToken);

        JSONObject userProfile = JSONObject.parseObject(userResponse.body());
-        if (StrUtil.equalsIgnoreCase(userProfile.getString("result"), "error")) {
+        if ("error".equalsIgnoreCase(userProfile.getString("result"))) {
            throw new AuthException(userProfile.getString("description"));
        }

        JSONObject user = userProfile.getJSONObject("data");

        AuthUser authUser = AuthUser.builder()
-                .uuid(authToken.getOpenId())
-                .username(user.getString("miliaoNick"))
-                .nickname(user.getString("miliaoNick"))
-                .avatar(user.getString("miliaoIcon"))
-                .email(user.getString("mail"))
-                .token(authToken)
-                .source(AuthSource.MI)
-                .build();
+            .uuid(authToken.getOpenId())
+            .username(user.getString("miliaoNick"))
+            .nickname(user.getString("miliaoNick"))
+            .avatar(user.getString("miliaoIcon"))
+            .email(user.getString("mail"))
+            .gender(AuthUserGender.UNKNOWN)
+            .token(authToken)
+            .source(source.toString())
+            .build();

        // 获取用户邮箱手机号等信息
        String emailPhoneUrl = MessageFormat.format("{0}?clientId={1}&token={2}", "https://open.account.xiaomi.com/user/phoneAndEmail", config
-                .getClientId(), authToken.getAccessToken());
+            .getClientId(), authToken.getAccessToken());

        HttpResponse emailResponse = HttpRequest.get(emailPhoneUrl).execute();
        JSONObject userEmailPhone = JSONObject.parseObject(emailResponse.body());
-        if (!StrUtil.equalsIgnoreCase(userEmailPhone.getString("result"), "error")) {
+        if (!"error".equalsIgnoreCase(userEmailPhone.getString("result"))) {
            JSONObject emailPhone = userEmailPhone.getJSONObject("data");
            authUser.setEmail(emailPhone.getString("email"));
+        } else {
+            Log.warn("小米开发平台暂时不对外开放用户手机及邮箱信息的获取");
        }

        return authUser;
@@ -100,9 +109,42 @@ public class AuthMiRequest extends BaseAuthRequest {
     */
    @Override
    public AuthResponse refresh(AuthToken authToken) {
-        String miRefreshUrl = UrlBuilder.getMiRefreshUrl(config.getClientId(), config.getClientSecret(), config.getRedirectUri(), authToken
-                .getRefreshToken());
+        return AuthResponse.builder()
+            .code(AuthResponseStatus.SUCCESS.getCode())
+            .data(getToken(refreshTokenUrl(authToken.getRefreshToken())))
+            .build();
+    }

-        return AuthResponse.builder().code(ResponseStatus.SUCCESS.getCode()).data(getToken(miRefreshUrl)).build();
+    /**
+     * 返回带{@code state}参数的授权url，授权回调时会带上这个{@code state}
+     *
+     * @param state state 验证授权流程的参数，可以防止csrf
+     * @return 返回授权地址
+     * @since 1.9.3
+     */
+    @Override
+    public String authorize(String state) {
+        return UrlBuilder.fromBaseUrl(source.authorize())
+            .queryParam("response_type", "code")
+            .queryParam("client_id", config.getClientId())
+            .queryParam("redirect_uri", config.getRedirectUri())
+            .queryParam("scope", "user/profile%20user/openIdV2%20user/phoneAndEmail")
+            .queryParam("skip_confirm", "false")
+            .queryParam("state", getRealState(state))
+            .build();
+    }
+
+    /**
+     * 返回获取userInfo的url
+     *
+     * @param authToken 用户授权后的token
+     * @return 返回获取userInfo的url
+     */
+    @Override
+    protected String userInfoUrl(AuthToken authToken) {
+        return UrlBuilder.fromBaseUrl(source.userInfo())
+            .queryParam("clientId", config.getClientId())
+            .queryParam("token", authToken.getAccessToken())
+            .build();
    }
 }
@@ -2,37 +2,39 @@ package me.zhyd.oauth.request;

 import cn.hutool.http.HttpRequest;
 import cn.hutool.http.HttpResponse;
-import cn.hutool.http.HttpUtil;
 import com.alibaba.fastjson.JSONObject;
+import me.zhyd.oauth.cache.AuthStateCache;
 import me.zhyd.oauth.config.AuthConfig;
+import me.zhyd.oauth.config.AuthDefaultSource;
+import me.zhyd.oauth.enums.AuthResponseStatus;
+import me.zhyd.oauth.enums.AuthUserGender;
 import me.zhyd.oauth.exception.AuthException;
+import me.zhyd.oauth.model.AuthCallback;
 import me.zhyd.oauth.model.AuthResponse;
-import me.zhyd.oauth.model.AuthSource;
 import me.zhyd.oauth.model.AuthToken;
 import me.zhyd.oauth.model.AuthUser;
 import me.zhyd.oauth.utils.UrlBuilder;

-import java.util.HashMap;
-import java.util.Map;
+import static me.zhyd.oauth.utils.GlobalAuthUtil.parseQueryToMap;

 /**
 * 微软登录
 *
 * @author yangkai.shen (https://xkcoding.com)
- * @version 1.5
- * @since 1.5
+ * @since 1.5.0
 */
-public class AuthMicrosoftRequest extends BaseAuthRequest {
+public class AuthMicrosoftRequest extends AuthDefaultRequest {
    public AuthMicrosoftRequest(AuthConfig config) {
-        super(config, AuthSource.MICROSOFT);
+        super(config, AuthDefaultSource.MICROSOFT);
+    }
+
+    public AuthMicrosoftRequest(AuthConfig config, AuthStateCache authStateCache) {
+        super(config, AuthDefaultSource.MICROSOFT, authStateCache);
    }

    @Override
-    protected AuthToken getAccessToken(String code) {
-        String accessTokenUrl = UrlBuilder.getMicrosoftAccessTokenUrl(config.getClientId(), config.getClientSecret(), config
-                .getRedirectUri(), code);
-
-        return getToken(accessTokenUrl);
+    protected AuthToken getAccessToken(AuthCallback authCallback) {
+        return getToken(accessTokenUrl(authCallback.getCode()));
    }

    /**
@@ -42,30 +44,33 @@ public class AuthMicrosoftRequest extends BaseAuthRequest {
     * @return token对象
     */
    private AuthToken getToken(String accessTokenUrl) {
-        Map<String, Object> paramMap = new HashMap<>(6);
-        HttpUtil.decodeParamMap(accessTokenUrl, "UTF-8").forEach(paramMap::put);
        HttpResponse response = HttpRequest.post(accessTokenUrl)
-                .header("Host", "https://login.microsoftonline.com")
-                .header("Content-Type", "application/x-www-form-urlencoded")
-                .form(paramMap)
-                .execute();
+            .header("Host", "https://login.microsoftonline.com")
+            .contentType("application/x-www-form-urlencoded")
+            .form(parseQueryToMap(accessTokenUrl))
+            .execute();
        String accessTokenStr = response.body();
-        JSONObject object = JSONObject.parseObject(accessTokenStr);
+        JSONObject accessTokenObject = JSONObject.parseObject(accessTokenStr);

-        this.checkResponse(object);
+        this.checkResponse(accessTokenObject);

        return AuthToken.builder()
-                .accessToken(object.getString("access_token"))
-                .expireIn(object.getIntValue("expires_in"))
-                .scope(object.getString("scope"))
-                .tokenType(object.getString("token_type"))
-                .refreshToken(object.getString("refresh_token"))
-                .build();
+            .accessToken(accessTokenObject.getString("access_token"))
+            .expireIn(accessTokenObject.getIntValue("expires_in"))
+            .scope(accessTokenObject.getString("scope"))
+            .tokenType(accessTokenObject.getString("token_type"))
+            .refreshToken(accessTokenObject.getString("refresh_token"))
+            .build();
    }

-    private void checkResponse(JSONObject response) {
-        if (response.containsKey("error")) {
-            throw new AuthException(response.getString("error_description"));
+    /**
+     * 检查响应内容是否正确
+     *
+     * @param object 请求响应内容
+     */
+    private void checkResponse(JSONObject object) {
+        if (object.containsKey("error")) {
+            throw new AuthException(object.getString("error_description"));
        }
    }

@@ -74,20 +79,20 @@ public class AuthMicrosoftRequest extends BaseAuthRequest {
        String token = authToken.getAccessToken();
        String tokenType = authToken.getTokenType();
        String jwt = tokenType + " " + token;
-        HttpResponse response = HttpRequest.get(UrlBuilder.getMicrosoftUserInfoUrl())
-                .header("Authorization", jwt)
-                .execute();
+        HttpResponse response = HttpRequest.get(userInfoUrl(authToken)).header("Authorization", jwt).execute();
        String userInfo = response.body();
        JSONObject object = JSONObject.parseObject(userInfo);
+        this.checkResponse(object);
        return AuthUser.builder()
-                .uuid(object.getString("id"))
-                .username(object.getString("userPrincipalName"))
-                .nickname(object.getString("displayName"))
-                .location(object.getString("officeLocation"))
-                .email(object.getString("mail"))
-                .token(authToken)
-                .source(AuthSource.MICROSOFT)
-                .build();
+            .uuid(object.getString("id"))
+            .username(object.getString("userPrincipalName"))
+            .nickname(object.getString("displayName"))
+            .location(object.getString("officeLocation"))
+            .email(object.getString("mail"))
+            .gender(AuthUserGender.UNKNOWN)
+            .token(authToken)
+            .source(source.toString())
+            .build();
    }

    /**
@@ -98,9 +103,75 @@ public class AuthMicrosoftRequest extends BaseAuthRequest {
     */
    @Override
    public AuthResponse refresh(AuthToken authToken) {
-        String refreshTokenUrl = UrlBuilder.getMicrosoftRefreshUrl(config.getClientId(), config.getClientSecret(), config
-                .getRedirectUri(), authToken.getRefreshToken());
+        return AuthResponse.builder()
+            .code(AuthResponseStatus.SUCCESS.getCode())
+            .data(getToken(refreshTokenUrl(authToken.getRefreshToken())))
+            .build();
+    }

-        return AuthResponse.builder().code(ResponseStatus.SUCCESS.getCode()).data(getToken(refreshTokenUrl)).build();
+    /**
+     * 返回带{@code state}参数的授权url，授权回调时会带上这个{@code state}
+     *
+     * @param state state 验证授权流程的参数，可以防止csrf
+     * @return 返回授权地址
+     * @since 1.9.3
+     */
+    @Override
+    public String authorize(String state) {
+        return UrlBuilder.fromBaseUrl(source.authorize())
+            .queryParam("response_type", "code")
+            .queryParam("client_id", config.getClientId())
+            .queryParam("redirect_uri", config.getRedirectUri())
+            .queryParam("response_mode", "query")
+            .queryParam("scope", "offline_access%20user.read%20mail.read")
+            .queryParam("state", getRealState(state))
+            .build();
+    }
+
+    /**
+     * 返回获取accessToken的url
+     *
+     * @param code 授权code
+     * @return 返回获取accessToken的url
+     */
+    @Override
+    protected String accessTokenUrl(String code) {
+        return UrlBuilder.fromBaseUrl(source.accessToken())
+            .queryParam("code", code)
+            .queryParam("client_id", config.getClientId())
+            .queryParam("client_secret", config.getClientSecret())
+            .queryParam("grant_type", "authorization_code")
+            .queryParam("scope", "user.read%20mail.read")
+            .queryParam("redirect_uri", config.getRedirectUri())
+            .build();
+    }
+
+    /**
+     * 返回获取userInfo的url
+     *
+     * @param authToken 用户授权后的token
+     * @return 返回获取userInfo的url
+     */
+    @Override
+    protected String userInfoUrl(AuthToken authToken) {
+        return UrlBuilder.fromBaseUrl(source.userInfo()).build();
+    }
+
+    /**
+     * 返回获取accessToken的url
+     *
+     * @param refreshToken 用户授权后的token
+     * @return 返回获取accessToken的url
+     */
+    @Override
+    protected String refreshTokenUrl(String refreshToken) {
+        return UrlBuilder.fromBaseUrl(source.refresh())
+            .queryParam("client_id", config.getClientId())
+            .queryParam("client_secret", config.getClientSecret())
+            .queryParam("refresh_token", refreshToken)
+            .queryParam("grant_type", "refresh_token")
+            .queryParam("scope", "user.read%20mail.read")
+            .queryParam("redirect_uri", config.getRedirectUri())
+            .build();
    }
 }
@@ -1,61 +1,105 @@
 package me.zhyd.oauth.request;

-import cn.hutool.http.HttpRequest;
 import cn.hutool.http.HttpResponse;
 import com.alibaba.fastjson.JSONObject;
+import me.zhyd.oauth.cache.AuthStateCache;
 import me.zhyd.oauth.config.AuthConfig;
+import me.zhyd.oauth.config.AuthDefaultSource;
+import me.zhyd.oauth.enums.AuthUserGender;
 import me.zhyd.oauth.exception.AuthException;
-import me.zhyd.oauth.model.AuthSource;
+import me.zhyd.oauth.model.AuthCallback;
 import me.zhyd.oauth.model.AuthToken;
 import me.zhyd.oauth.model.AuthUser;
-import me.zhyd.oauth.model.AuthUserGender;
 import me.zhyd.oauth.utils.UrlBuilder;

 /**
 * oschina登录
 *
 * @author yadong.zhang (yadong.zhang0415(a)gmail.com)
- * @version 1.0
- * @since 1.8
+ * @since 1.0.0
 */
-public class AuthOschinaRequest extends BaseAuthRequest {
+public class AuthOschinaRequest extends AuthDefaultRequest {

    public AuthOschinaRequest(AuthConfig config) {
-        super(config, AuthSource.OSCHINA);
+        super(config, AuthDefaultSource.OSCHINA);
+    }
+
+    public AuthOschinaRequest(AuthConfig config, AuthStateCache authStateCache) {
+        super(config, AuthDefaultSource.OSCHINA, authStateCache);
    }

    @Override
-    protected AuthToken getAccessToken(String code) {
-        String accessTokenUrl = UrlBuilder.getOschinaAccessTokenUrl(config.getClientId(), config.getClientSecret(), code, config.getRedirectUri());
-        HttpResponse response = HttpRequest.post(accessTokenUrl).execute();
+    protected AuthToken getAccessToken(AuthCallback authCallback) {
+        HttpResponse response = doPostAuthorizationCode(authCallback.getCode());
        JSONObject accessTokenObject = JSONObject.parseObject(response.body());
-        if (accessTokenObject.containsKey("error")) {
-            throw new AuthException("Unable to get token from oschina using code [" + code + "]");
-        }
+        this.checkResponse(accessTokenObject);
        return AuthToken.builder()
-                .accessToken(accessTokenObject.getString("access_token"))
-                .build();
+            .accessToken(accessTokenObject.getString("access_token"))
+            .refreshToken(accessTokenObject.getString("refresh_token"))
+            .uid(accessTokenObject.getString("uid"))
+            .expireIn(accessTokenObject.getIntValue("expires_in"))
+            .build();
    }

    @Override
    protected AuthUser getUserInfo(AuthToken authToken) {
-        String accessToken = authToken.getAccessToken();
-        HttpResponse response = HttpRequest.get(UrlBuilder.getOschinaUserInfoUrl(accessToken)).execute();
+        HttpResponse response = doGetUserInfo(authToken);
        JSONObject object = JSONObject.parseObject(response.body());
+        this.checkResponse(object);
+        return AuthUser.builder()
+            .uuid(object.getString("id"))
+            .username(object.getString("name"))
+            .nickname(object.getString("name"))
+            .avatar(object.getString("avatar"))
+            .blog(object.getString("url"))
+            .location(object.getString("location"))
+            .gender(AuthUserGender.getRealGender(object.getString("gender")))
+            .email(object.getString("email"))
+            .token(authToken)
+            .source(source.toString())
+            .build();
+    }
+
+    /**
+     * 返回获取accessToken的url
+     *
+     * @param code 授权回调时带回的授权码
+     * @return 返回获取accessToken的url
+     */
+    @Override
+    protected String accessTokenUrl(String code) {
+        return UrlBuilder.fromBaseUrl(source.accessToken())
+            .queryParam("code", code)
+            .queryParam("client_id", config.getClientId())
+            .queryParam("client_secret", config.getClientSecret())
+            .queryParam("grant_type", "authorization_code")
+            .queryParam("redirect_uri", config.getRedirectUri())
+            .queryParam("dataType", "json")
+            .build();
+    }
+
+    /**
+     * 返回获取userInfo的url
+     *
+     * @param authToken 用户授权后的token
+     * @return 返回获取userInfo的url
+     */
+    @Override
+    protected String userInfoUrl(AuthToken authToken) {
+        return UrlBuilder.fromBaseUrl(source.userInfo())
+            .queryParam("access_token", authToken.getAccessToken())
+            .queryParam("dataType", "json")
+            .build();
+    }
+
+    /**
+     * 检查响应内容是否正确
+     *
+     * @param object 请求响应内容
+     */
+    private void checkResponse(JSONObject object) {
        if (object.containsKey("error")) {
            throw new AuthException(object.getString("error_description"));
        }
-        return AuthUser.builder()
-                .uuid(object.getString("id"))
-                .username(object.getString("name"))
-                .nickname(object.getString("name"))
-                .avatar(object.getString("avatar"))
-                .blog(object.getString("url"))
-                .location(object.getString("location"))
-                .gender(AuthUserGender.getRealGender(object.getString("gender")))
-                .email(object.getString("email"))
-                .token(authToken)
-                .source(AuthSource.OSCHINA)
-                .build();
    }
 }
@@ -0,0 +1,119 @@
+package me.zhyd.oauth.request;
+
+import cn.hutool.http.HttpRequest;
+import cn.hutool.http.HttpResponse;
+import com.alibaba.fastjson.JSONObject;
+import me.zhyd.oauth.cache.AuthStateCache;
+import me.zhyd.oauth.config.AuthConfig;
+import me.zhyd.oauth.enums.AuthUserGender;
+import me.zhyd.oauth.exception.AuthException;
+import me.zhyd.oauth.model.AuthCallback;
+import me.zhyd.oauth.model.AuthToken;
+import me.zhyd.oauth.model.AuthUser;
+import me.zhyd.oauth.utils.UrlBuilder;
+
+import java.util.Objects;
+
+import static me.zhyd.oauth.config.AuthDefaultSource.PINTEREST;
+
+/**
+ * Pinterest登录
+ *
+ * @author hongwei.peng (pengisgood(at)gmail(dot)com)
+ * @since 1.9.0
+ */
+public class AuthPinterestRequest extends AuthDefaultRequest {
+
+    private static final String FAILURE = "failure";
+
+    public AuthPinterestRequest(AuthConfig config) {
+        super(config, PINTEREST);
+    }
+
+    public AuthPinterestRequest(AuthConfig config, AuthStateCache authStateCache) {
+        super(config, PINTEREST, authStateCache);
+    }
+
+    @Override
+    protected AuthToken getAccessToken(AuthCallback authCallback) {
+        HttpResponse response = doPostAuthorizationCode(authCallback.getCode());
+        JSONObject accessTokenObject = JSONObject.parseObject(response.body());
+        this.checkResponse(accessTokenObject);
+        return AuthToken.builder()
+            .accessToken(accessTokenObject.getString("access_token"))
+            .tokenType(accessTokenObject.getString("token_type"))
+            .build();
+    }
+
+    @Override
+    protected AuthUser getUserInfo(AuthToken authToken) {
+        String userinfoUrl = userInfoUrl(authToken);
+        HttpResponse response = HttpRequest.get(userinfoUrl).setFollowRedirects(true).execute();
+        JSONObject object = JSONObject.parseObject(response.body());
+        this.checkResponse(object);
+        JSONObject userObj = object.getJSONObject("data");
+        return AuthUser.builder()
+            .uuid(userObj.getString("id"))
+            .avatar(getAvatarUrl(userObj))
+            .username(userObj.getString("username"))
+            .nickname(userObj.getString("first_name") + " " + userObj.getString("last_name"))
+            .gender(AuthUserGender.UNKNOWN)
+            .remark(userObj.getString("bio"))
+            .token(authToken)
+            .source(source.toString())
+            .build();
+    }
+
+    private String getAvatarUrl(JSONObject userObj) {
+        // image is a map data structure
+        JSONObject jsonObject = userObj.getJSONObject("image");
+        if (Objects.isNull(jsonObject)) {
+            return null;
+        }
+        return jsonObject.getJSONObject("60x60").getString("url");
+    }
+
+    /**
+     * 返回带{@code state}参数的授权url，授权回调时会带上这个{@code state}
+     *
+     * @param state state 验证授权流程的参数，可以防止csrf
+     * @return 返回授权地址
+     * @since 1.9.3
+     */
+    @Override
+    public String authorize(String state) {
+        return UrlBuilder.fromBaseUrl(source.authorize())
+            .queryParam("response_type", "code")
+            .queryParam("client_id", config.getClientId())
+            .queryParam("redirect_uri", config.getRedirectUri())
+            .queryParam("scope", "read_public")
+            .queryParam("state", getRealState(state))
+            .build();
+    }
+
+    /**
+     * 返回获取userInfo的url
+     *
+     * @param authToken token
+     * @return 返回获取userInfo的url
+     */
+    @Override
+    protected String userInfoUrl(AuthToken authToken) {
+        return UrlBuilder.fromBaseUrl(source.userInfo())
+            .queryParam("access_token", authToken.getAccessToken())
+            .queryParam("fields", "id,username,first_name,last_name,bio,image")
+            .build();
+    }
+
+    /**
+     * 检查响应内容是否正确
+     *
+     * @param object 请求响应内容
+     */
+    private void checkResponse(JSONObject object) {
+        if (!object.containsKey("status") && FAILURE.equals(object.getString("status"))) {
+            throw new AuthException(object.getString("message"));
+        }
+    }
+
+}
@@ -4,12 +4,16 @@ import cn.hutool.core.util.StrUtil;
 import cn.hutool.http.HttpRequest;
 import cn.hutool.http.HttpResponse;
 import com.alibaba.fastjson.JSONObject;
+import me.zhyd.oauth.cache.AuthStateCache;
 import me.zhyd.oauth.config.AuthConfig;
+import me.zhyd.oauth.config.AuthDefaultSource;
+import me.zhyd.oauth.enums.AuthResponseStatus;
+import me.zhyd.oauth.enums.AuthUserGender;
 import me.zhyd.oauth.exception.AuthException;
-import me.zhyd.oauth.model.AuthSource;
+import me.zhyd.oauth.model.AuthCallback;
+import me.zhyd.oauth.model.AuthResponse;
 import me.zhyd.oauth.model.AuthToken;
 import me.zhyd.oauth.model.AuthUser;
-import me.zhyd.oauth.model.AuthUserGender;
 import me.zhyd.oauth.utils.GlobalAuthUtil;
 import me.zhyd.oauth.utils.StringUtils;
 import me.zhyd.oauth.utils.UrlBuilder;
@@ -21,36 +25,33 @@ import java.util.Map;
 *
 * @author yadong.zhang (yadong.zhang0415(a)gmail.com)
 * @author yangkai.shen (https://xkcoding.com)
- * @version 1.0
- * @since 1.8
+ * @since 1.1.0
 */
-public class AuthQqRequest extends BaseAuthRequest {
+public class AuthQqRequest extends AuthDefaultRequest {
    public AuthQqRequest(AuthConfig config) {
-        super(config, AuthSource.QQ);
+        super(config, AuthDefaultSource.QQ);
+    }
+
+    public AuthQqRequest(AuthConfig config, AuthStateCache authStateCache) {
+        super(config, AuthDefaultSource.QQ, authStateCache);
    }

    @Override
-    protected AuthToken getAccessToken(String code) {
-        String accessTokenUrl = UrlBuilder.getQqAccessTokenUrl(config.getClientId(), config.getClientSecret(), code, config
-                .getRedirectUri());
-        HttpResponse response = HttpRequest.get(accessTokenUrl).execute();
-        Map<String, String> accessTokenObject = GlobalAuthUtil.parseStringToMap(response.body());
-        if (!accessTokenObject.containsKey("access_token")) {
-            throw new AuthException("Unable to get token from qq using code [" + code + "]");
-        }
-        return AuthToken.builder()
-                .accessToken(accessTokenObject.get("access_token"))
-                .expireIn(Integer.valueOf(accessTokenObject.get("expires_in")))
-                .refreshToken(accessTokenObject.get("refresh_token"))
-                .build();
+    protected AuthToken getAccessToken(AuthCallback authCallback) {
+        HttpResponse response = doGetAuthorizationCode(authCallback.getCode());
+        return getAuthToken(response);
+    }
+
+    @Override
+    public AuthResponse refresh(AuthToken authToken) {
+        HttpResponse response = HttpRequest.get(refreshTokenUrl(authToken.getRefreshToken())).execute();
+        return AuthResponse.builder().code(AuthResponseStatus.SUCCESS.getCode()).data(getAuthToken(response)).build();
    }

    @Override
    protected AuthUser getUserInfo(AuthToken authToken) {
-        String accessToken = authToken.getAccessToken();
-        String openId = this.getOpenId(accessToken);
-        HttpResponse response = HttpRequest.get(UrlBuilder.getQqUserInfoUrl(config.getClientId(), accessToken, openId))
-                .execute();
+        String openId = this.getOpenId(authToken);
+        HttpResponse response = doGetUserInfo(authToken);
        JSONObject object = JSONObject.parseObject(response.body());
        if (object.getIntValue("ret") != 0) {
            throw new AuthException(object.getString("msg"));
@@ -59,32 +60,75 @@ public class AuthQqRequest extends BaseAuthRequest {
        if (StringUtils.isEmpty(avatar)) {
            avatar = object.getString("figureurl_qq_1");
        }
+
+        String location = String.format("%s-%s", object.getString("province"), object.getString("city"));
        return AuthUser.builder()
-                .username(object.getString("nickname"))
-                .nickname(object.getString("nickname"))
-                .avatar(avatar)
-                .location(object.getString("province") + "-" + object.getString("city"))
-                .uuid(openId)
-                .gender(AuthUserGender.getRealGender(object.getString("gender")))
-                .token(authToken)
-                .source(AuthSource.QQ)
-                .build();
+            .username(object.getString("nickname"))
+            .nickname(object.getString("nickname"))
+            .avatar(avatar)
+            .location(location)
+            .uuid(openId)
+            .gender(AuthUserGender.getRealGender(object.getString("gender")))
+            .token(authToken)
+            .source(source.toString())
+            .build();
    }

-    private String getOpenId(String accessToken) {
-        HttpResponse response = HttpRequest.get(UrlBuilder.getQqOpenidUrl("https://graph.qq.com/oauth2.0/me", accessToken))
-                .execute();
+    /**
+     * 获取QQ用户的OpenId，支持自定义是否启用查询unionid的功能，如果启用查询unionid的功能，
+     * 那就需要开发者先通过邮件申请unionid功能，参考链接 {@see http://wiki.connect.qq.com/unionid%E4%BB%8B%E7%BB%8D}
+     *
+     * @param authToken 通过{@link AuthQqRequest#getAccessToken(AuthCallback)}获取到的{@code authToken}
+     * @return openId
+     */
+    private String getOpenId(AuthToken authToken) {
+        HttpResponse response = HttpRequest.get(UrlBuilder.fromBaseUrl("https://graph.qq.com/oauth2.0/me")
+            .queryParam("access_token", authToken.getAccessToken())
+            .queryParam("unionid", config.isUnionId() ? 1 : 0)
+            .build()).execute();
        if (response.isOk()) {
            String body = response.body();
            String removePrefix = StrUtil.replace(body, "callback(", "");
            String removeSuffix = StrUtil.replace(removePrefix, ");", "");
            String openId = StrUtil.trim(removeSuffix);
            JSONObject object = JSONObject.parseObject(openId);
-            if (object.containsKey("openid")) {
-                return object.getString("openid");
+            if (object.containsKey("error")) {
+                throw new AuthException(object.get("error") + ":" + object.get("error_description"));
            }
-            throw new AuthException("Invalid openId");
+            authToken.setOpenId(object.getString("openid"));
+            if (object.containsKey("unionid")) {
+                authToken.setUnionId(object.getString("unionid"));
+            }
+            return StringUtils.isEmpty(authToken.getUnionId()) ? authToken.getOpenId() : authToken.getUnionId();
        }
-        throw new AuthException("Invalid openId");
+
+        throw new AuthException("request error");
+    }
+
+    /**
+     * 返回获取userInfo的url
+     *
+     * @param authToken 用户授权token
+     * @return 返回获取userInfo的url
+     */
+    @Override
+    protected String userInfoUrl(AuthToken authToken) {
+        return UrlBuilder.fromBaseUrl(source.userInfo())
+            .queryParam("access_token", authToken.getAccessToken())
+            .queryParam("oauth_consumer_key", config.getClientId())
+            .queryParam("openid", authToken.getOpenId())
+            .build();
+    }
+
+    private AuthToken getAuthToken(HttpResponse response) {
+        Map<String, String> accessTokenObject = GlobalAuthUtil.parseStringToMap(response.body());
+        if (!accessTokenObject.containsKey("access_token") || accessTokenObject.containsKey("code")) {
+            throw new AuthException(accessTokenObject.get("msg"));
+        }
+        return AuthToken.builder()
+            .accessToken(accessTokenObject.get("access_token"))
+            .expireIn(Integer.valueOf(accessTokenObject.get("expires_in")))
+            .refreshToken(accessTokenObject.get("refresh_token"))
+            .build();
    }
 }
--- a/Show More
+++ b/Show More