身份认证:配置管理
配置和管理 CloudBase 认证提供商,启用/禁用登录方式(短信、邮箱、微信、Google、匿名、用户名密码等)
如何使用
查看如何使用提示词了解详细的使用方法。
测试提示词
你可以使用以下提示词来测试:
- "帮我配置短信登录方式"
- "启用邮箱验证码登录"
- "配置微信开放平台登录"
- "设置匿名登录功能"
提示词
rule.md
## When to use this skill
Use this skill for CloudBase Auth provider setting, such as:
- Turn on or turn off auth providers, such as Sms, Email, WeChat, Google, Anonymous, Username/password, OAuth, SAML, CAS, Dingding, etc.
- Setup auth provider settings
- Get auth provider settings
---
## How to use this skill (for a coding agent)
1. **Confirm CloudBase environment**
- Ask the user for:
- `env` – CloudBase environment ID
2. **ILoginStrategy interface**
-`LoginStrategy` is a object that contains the following properties:
```ts
interface ILoginStrategy {
AnonymousLogin: boolean; // 是否开启匿名登录
EmailLogin: boolean; // 是否开启邮箱登录方式
UserNameLogin: boolean; // 是否开启用户名密码登录方式
PhoneNumberLogin: boolean; // 是否开启短信登录方式
Mfa: boolean; // 是否开启多因素认证
// 短信验证码配置
SmsVerificationConfig: {
Type: 'apis' | 'default' // apis:微搭APIs, default:默认短信
Method: string; // 方法名
SmsDayLimit: number; // 短信发送日限额,如果不设上限,该值为 -1
};
// 密码更新配置
PwdUpdateStrategy: {
FirstLoginUpdate: boolean; // 首次登录是否更新密码
PeriodUpdate: boolean; // 是否定期更新
PeriodValue: number; // 定期更新周期的值
PeriodType: 'WEEK' | 'MONTH' | 'YEAR'; // 定期更新周期的时间单位
};
// 多因子登录配置
MfaConfig: {
On: 'TRUE' | 'FALSE'; // 是否开启多因子登录
Sms: 'TRUE' | 'FALSE'; // 是否开启短信验证
Email: 'TRUE' | 'FALSE'; // 是否开启邮箱验证
RequiredBindPhone: 'TRUE' | 'FALSE'; // 是否强制绑定手机号
}
}
```
---
## All login scenarios (flat list)
### Scenario 1: Get Login Strategy
- Call `callCloudApi` with parameter to get Login Strategy and save the `result.Data` as `LoginStrategy`:
```ts
{
"params":{
"EnvId": `env`
},
"service":"lowcode",
"action":"DescribeLoginStrategy"
}
```
- If `LoginStrategy` is empty, then return `false`.
- If `LoginStrategy` is not empty, then return `LoginStrategy` filter By ILoginStrategy interface.
### Scenario 2: Anonymous Login turn on/off
- Call `callCloudApi` with parameter to get Login Strategy and save the `result.Data` as `LoginStrategy`:
```ts
{
"params":{
"EnvId": `env`
},
"service":"lowcode",
"action":"DescribeLoginStrategy"
}
```
- If `LoginStrategy` is empty, then return `false`.
- If `LoginStrategy` is not empty, then set `LoginStrategy.AnonymousLogin` with boolean value `true`(Turn on) or `false`(Turn off).
- Call `callCloudApi` with parameter toupdate Login Strategy:
```ts
{
"params":{
"EnvId": `env`,
...LoginStrategy
},
"service":"lowcode",
"action":"ModifyLoginStrategy"
}
```
- Return result.
### Scenario 3: Username/password Login turn on/off
- Call `callCloudApi` with parameter to get Login Strategy and save the `result.Data` as `LoginStrategy`:
```ts
{
"params":{
"EnvId": `env`
},
"service":"lowcode",
"action":"DescribeLoginStrategy"
}
```
- If `LoginStrategy` is empty, then return `false`.
- If `LoginStrategy` is not empty, then set `LoginStrategy.UserNameLogin` with boolean value `true`(Turn on) or `false`(Turn off).
- Call `callCloudApi` with parameter toupdate Login Strategy:
```ts
{
"params":{
"EnvId": `env`,
...LoginStrategy
},
"service":"lowcode",
"action":"ModifyLoginStrategy"
}
```
- Return result.
### Scenario 4: Sms Login turn on/off
- Call `callCloudApi` with parameter to get Login Strategy and save the `result.Data` as `LoginStrategy`:
```ts
{
"params":{
"EnvId": `env`
},
"service":"lowcode",
"action":"DescribeLoginStrategy"
}
```
- If `LoginStrategy` is empty, then return `false`.
- If `LoginStrategy` is not empty, then set `LoginStrategy.PhoneNumberLogin` with boolean value `true`(Turn on) or `false`(Turn off).
- Call `callCloudApi` with parameter toupdate Login Strategy:
```ts
{
"params":{
"EnvId": `env`,
...LoginStrategy
},
"service":"lowcode",
"action":"ModifyLoginStrategy"
}
```
- Return result.
### Scenario 5: Sms Login config
- Call `callCloudApi` with parameter to get Login Strategy and save the `result.Data` as `LoginStrategy`:
```ts
{
"params":{
"EnvId": `env`
},
"service":"lowcode",
"action":"DescribeLoginStrategy"
}
```
- If `LoginStrategy` is empty, then return `false`.
- If `LoginStrategy` is not empty, then set `LoginStrategy.SmsVerificationConfig`.
- Call `callCloudApi` with parameter toupdate Login Strategy:
```ts
{
"params":{
"EnvId": `env`,
...LoginStrategy
},
"service":"lowcode",
"action":"ModifyLoginStrategy"
}
```
- Return result.
### Scenario 6: Email Login turn on/off
- Call `callCloudApi` with parameter toupdate Login Strategy:
```ts
{
"params":{
"EnvId": `env`,
"Id": "email",
"On": "TRUE" | "FALSE",
"EmailConfig": {
"On": "TRUE",
"SmtpConfig": {
"AccountPassword": "",
"AccountUsername": "",
"SecurityMode": "",
"SenderAddress": "",
"ServerHost": "",
"ServerPort": "",
}
}
},
"service":"tcb",
"action":"ModifyProvider"
}
```
- Return result.
### Scenario 7: Email Login config
- EmailConfig interface
```ts
interface IEmailConfig {
On: 'TRUE' | 'FALSE'; // 是否开启邮件代发
// 如果开启邮件代发,则以下字段为空字符串
SmtpConfig: {
AccountPassword: string; // SMTP 账号密码
AccountUsername: string; // SMTP 账号
SecurityMode: string; /// SMTP 安全模式
SenderAddress: string; // 发件人地址
ServerHost: string; // SMTP 服务器主机, QQ邮箱为"smtp.qq.com",腾讯企业邮箱为"smtp.exmail.qq.com"
ServerPort: string; // SMTP 服务器端口,QQ邮箱和腾讯企业邮箱为 465
}
}
```
- Call `callCloudApi` with parameter toupdate Login Strategy, if `EmailConfig.On` is `TRUE`, then set`EmailConfig.SmtpConfig` with empty object, ohterwise `EmailConfig.On` is `FALSE`, then ask the user to provide `EmailConfig.SmtpConfig`
```ts
{
"params":{
"EnvId": `env`,
"Id": "email",
"EmailConfig": IEmailConfig
},
"service":"tcb",
"action":"ModifyProvider"
}
```
- Return result.
### Scenario 8: WeChat Open Platform Login turn on/off
- Call `callCloudApi` with parameter to get all provider config then filter by `Id` is `wx_open`, and result save as `WeChatProvider`:
```ts
{
"params":{
"EnvId": `env`,
},
"service":"tcb",
"action":"GetProviders"
}
```
- Let user to visit `WeChat Open Platform`(https://open.weixin.qq.com/cgi-bin/readtemplate?t=regist/regist_tmpl) get `AppID` and `AppSecret`, then call `callCloudApi` with parameter to update WeChatProvider
```ts
{
"params":{
"EnvId": `env`,
"Id": "wx_open",
"On": "TRUE" | "FALSE",
"Config": {
...WeChatProvider.Config,
ClientId: `AppID`,
ClientSecret: `AppSecret`,
}
},
"service":"tcb",
"action":"ModifyProvider"
}
```
- Return result.
### Scenario 9: Google Login turn on/off
- Call`callCloudApi` with parameter to get auth domain and save `result.Data.StaticDomain` as `staticDomain`:
```ts
{
"params":{
"EnvId": `env`,
},
"service":"lowcode",
"action":"DescribeStaticDomain"
}
```
- Let user to visit `Google Cloud OAuth 2.0`(https://console.cloud.google.com/apis/credentials) get `Client ID` and `Client Secret`, and set "https://`staticDomain`/__auth/" to `Authorized redirect URI`, then call `callCloudApi` with parameter to update
```ts
{
params: {
EnvId: `env`,
ProviderType: 'OAUTH',
Id: 'google',
Name: {
Message: 'Google',
},
Description: {
Message: '',
},
Config: {
EnvId: `env`,
ClientId: `Client ID`,
ClientSecret: `Client Secret`,
Issuer: '',
JwksUri: '',
RedirectUri: '',
Scope: 'email openid profile',
AuthorizationEndpoint: 'https://accounts.google.com/o/oauth2/v2/auth',
TokenEndpoint: 'https://oauth2.googleapis.com/token',
UserinfoEndpoint: 'https://www.googleapis.com/oauth2/v3/userinfo',
RevocationEndpoint: '',
ResponseType: '',
SignoutEndpoint: '',
TokenEndpointAuthMethod: 'CLIENT_SECRET_BASIC',
SamlMetadata: '',
RequestParametersMap: {
RegisterUserSyncScope: 'syncEveryLogin',
RegisterUserType: 'externalUser',
IsGoogle: 'TRUE',
},
ResponseParametersMap: {
Name: '',
PhoneNumber: '',
Sub: '',
Username: '',
},
ProfileMetaMap: [],
Proxy: '',
UserinfoByAuthorizationCode: false,
AuthorizationUserAgentMap: {},
DisableProviderSub: false,
StorageDb: '',
},
Picture: 'https://qcloudimg.tencent-cloud.cn/raw/f9131c00dcbcbccd5899a449d68da3ba.png',
TransparentMode: 'FALSE',
ReuseUserId: 'TRUE',
AutoSignUpWithProviderUser: 'TRUE',
},
service: 'tcb',
action: 'ModifyProvider',
}
```
- Return result.