完整的认证会经历4个步骤:
先做初始化查询动作,如查询用户必填项信息,支持的二次认证方式等。
登录或者注册,成功返回token则标识成功,如果有flowType则进入后续子流程(如果开启了二次认证则会进入下图第三步流程,否则进入下图第四步流程)。
用户在端上可以选择二次认证方式进行认证,认证通过如果返回token则标识登录成功,如果有flowType则进入到补充用户的信息环节,不同的flowType进行不同的业务。
当所有的完善信息环节走完,则要么登录成功,要么登录失败,有对应错误码进行提示。
一、 前期准备
在 CIAM 后台创建应用,赋权用于认证接口权限,并获取到 client_id,client_secret 信息。
当使用 CIAM 服务端对接时:鉴权方式使用 bearerToken。
1. 令牌有效性检验
接口说明:
调用上述检测接口时,请务必携带对应类型的token。
接口地址:
Request URI: GET/api/bff/v1.2/developer/ciam/oauth/token/check?access_token={{access_token}}
请求参数:
返回参数:
{
"success": true,
"code": "Operation.Success",
"message": "Operation.Success",
"requestId": "1662364827739$c13370e7-22ae-8697-f475-110da21f174f",
"data": null
}2. 获取登录配置信息
当开发者需要自定义开发登录注册表单时,可以通过该接口获取登录注册组件以及登录注册相关的一些配置项。
接口地址
Request URI: GET /api/bff/v1.2/developer/ciam/config/loginpage
请求参数
参数 | 类型 | 必填 | 含义 |
idaasAppId | String | 否 | 应用的 ID,服务端会从 request 参数中取,当取不到的时候会从请求头里取,如果也取不到则查询系统默认应用的 id |
userType | String | 否 | 用户类型的 code,当取不到时会从系统中查询默认的用户类型 |
返回参数
{
"success": true,
"code": "Operation.Success",
"message": "Operation.Success",
"requestId": "1672198428377$205f59b4-8a74-8fcb-19f5-b51e8580cf8f",
"data": {
"2factorType": [
"pwd",
"sms"
],
"smsEmailCaptchaRisk": {
"enterpriseUuid": "2bcdef58e8ae5cf6f5b18343bc1fbebc2f64xbYa0yx",
"riskType": "SMS_EMAIL_CAPTCHA",
"enabled": false,
"lockTime": 0,
"riskTimes": 1,
"riskTimeRange": 5,
"ipBlackList": null,
"historyTimes": 0,
"pwdCycle": 0,
"pwdWarnEnable": false,
"pwdWarnBefore": 0,
"pwdWarnType": null,
"pwdRules": 0,
"pwdLength": 0
},
"registerRule": {
"uuid": "83e0c7d57c5111ed97e700155d6496d5",
"createTime": 0,
"archived": false,
"registerRequired": "phoneNumber,email",
"sceneType": "LOGIN,REGISTER",
"userTypeCode": "default",
"enabled": true,
"enterpriseUuid": "2bcdef58e8ae5cf6f5b18343bc1fbebc2f64xbYa0yx",
"enableRegister": true,
"registerRequiredAttrs": [
"phoneNumber",
"email"
]
},
"userTypes": [],
"pwdFailRisk": {
"enterpriseUuid": "2bcdef58e8ae5cf6f5b18343bc1fbebc2f64xbYa0yx",
"riskType": "PWD_FAIL_CAPTCHA",
"enabled": false,
"lockTime": 0,
"riskTimes": 20,
"riskTimeRange": 5,
"ipBlackList": null,
"historyTimes": 0,
"pwdCycle": 0,
"pwdWarnEnable": false,
"pwdWarnBefore": 0,
"pwdWarnType": null,
"pwdRules": 0,
"pwdLength": 0
},
"pwdRule": {
"enterpriseUuid": "2bcdef58e8ae5cf6f5b18343bc1fbebc2f64xbYa0yx",
"riskType": "PWD_RULE",
"enabled": false,
"lockTime": 0,
"riskTimes": 0,
"riskTimeRange": 0,
"ipBlackList": null,
"historyTimes": 0,
"pwdCycle": 0,
"pwdWarnEnable": false,
"pwdWarnBefore": 0,
"pwdWarnType": null,
"pwdRules": 0,
"pwdLength": 8
},
"usernameRule": {
"id": 0,
"createTime": "2023-03-03 15:22",
"archived": false,
"updateTime": null,
"uppercase": true,
"lowercase": true,
"number": true,
"strike": true,
"underline": true,
"point": true,
"emailChar": false,
"minLength": 4,
"maxLength": 32,
"mobileNumAsAccountId": false,
"enterpriseUuid": null,
"usernamePolicyUuid": "1938a8f15d35bdd6814839bc8ebcf070lvk6sLvvBpY"
}
}
}参数名 | 类型 | 描述 |
2factorType | Array | 支持的二次认证方式 |
| String | 账密模式 |
| String | 手机验证码模式 |
| String | 邮箱验证码模式 |
| String | 指纹模式 |
| String | 人脸模式 |
smsEmailCaptchaRisk | Object | 手机号/邮箱风控配置 |
pwdFailRisk | Object | 密码风控配置 |
registerRule | Object | 注册相关规则 |
| Boolean | 是否启用注册,当为 false 时,不允许注册,不能显示注册按钮,不能进入注册页面 |
| Array | 注册必填的属性,可选为 phoneNumber、email |
pwdRule | Object | 密码策略 |
usernameRule | Object | 用户名策略 |
3. 获取应用已发布的条款
业务系统自己实现登录页面又需要使用 IDaaS 的条款信息时。 处理逻辑:IDaaS 会返回当前应用配置的登录和注册的最大版本号的条款记录。
接口地址
Request URI: GET /api/bff/v1.2/developer/ciam/consents
请求参数
无
返回参数
{
"success": true,
"code": "Operation.Success",
"message": "Operation.Success",
"requestId": "1656403156044$499ad3d2-0a72-08c0-f849-3b3e4b6d0530",
"data": {
"REGISTER": [
{
"versionNumber": "v1.0",
"versionTitle": "用户注册协议v1.0",
"versionContentType": "TEXT",
"publishDate": 1656388386000,
"expiredDate": null,
"recordUuid": "7839d3cb448c449d105e4c32cd97c06cEsTyC81Re7c",
"recordExternalId": "4d05f0fe-7b57-4a9c-a7ad-4624e5d62bb7",
"consentType": "REGISTER"
},
{
"versionNumber": "v1.0",
"versionTitle": "用户隐私条款v1.0",
"versionContentType": "TEXT",
"publishDate": 1656388390000,
"expiredDate": null,
"recordUuid": "95b1c752e2f69f91c6570699e764982dwsyao0iDg6p",
"recordExternalId": "35058f6e-b131-4b7c-b35c-26f188526167",
"consentType": "REGISTER"
},
{
"versionNumber": "v1.0",
"versionTitle": "阿里云 IDaaS CIAM 使用协议",
"versionContentType": "TEXT",
"publishDate": 1656388464000,
"expiredDate": null,
"recordUuid": "ed61f21663b6079c7622b641fc17fdf3pxkBEJwZqlg",
"recordExternalId": "569980f9-91b0-40d8-8813-567ef5df6f54",
"consentType": "GENERAL"
}
],
"LOGIN": [
{
"versionNumber": "v1.0",
"versionTitle": "用户协议v1.0",
"versionContentType": "TEXT",
"publishDate": 1656387390000,
"expiredDate": null,
"recordUuid": "4871329e10f51f85eb07d17975b8e4acUhuac1RyyDD",
"recordExternalId": "58fff533-6887-40cd-a799-1c6d168c5c3a",
"consentType": "LOGIN"
},
{
"versionNumber": "v1.1",
"versionTitle": "隐私条款1.0",
"versionContentType": "TEXT",
"publishDate": 1656387399000,
"expiredDate": null,
"recordUuid": "1e2e5c0eca5cddfeb14f88b44a03a0c3eukUKSIYxyP",
"recordExternalId": "68dd7e08-0db4-4219-a0b2-2f753593dd6e",
"consentType": "LOGIN"
},
{
"versionNumber": "v1.0",
"versionTitle": "阿里云 IDaaS CIAM 使用协议",
"versionContentType": "TEXT",
"publishDate": 1656388464000,
"expiredDate": null,
"recordUuid": "ed61f21663b6079c7622b641fc17fdf3pxkBEJwZqlg",
"recordExternalId": "569980f9-91b0-40d8-8813-567ef5df6f54",
"consentType": "GENERAL"
}
]
}
}参数名 | 类型 | 必须 | 内容说明 |
外层 key | String | 是 | 条款类型:
|
| String | 是 | 版本名称 |
| String | 是 | 标题 |
| String | 是 | 内容的类型:PDF | IMAGE| WORD| TEXT |
| Number | 是 | 发布时间 |
| Number | | 过期时间 |
| String | 是 | 所属条款的UUID |
| String | 是 | 所属条款外部ID |
4. 查看条款详情
该接口并是返回一个完整的 HTML 页面,而是返回条款的内容(base64 编码),业务方需要主动解码后渲染。 建议:解码后的条款内容显示到一个新的 html 中,防止 html 样式被污染。
接口地址
Request URI: POST /api/bff/v1.2/developer/ciam/consent
Content-Type: application/json
请求参数
参数名 | 类型 | 必须 | 内容说明 |
includeContent | boolean | 是 | 是否包含条款详情,固定为 true |
recordExternalId | string | 是 | 条款外部 ID |
versionNumber | string | 否 | 条款的版本号 |
返回参数
{
"success": true,
"code": "Operation.Success",
"message": "Operation.Success",
"requestId": "1657079658185$d74c4420-5a3e-d57a-a625-02dba1dcab48",
"data": {
"versionTitle": "用户协议v1.0",
"recordExternalId": "58fff533-6887-40cd-a799-1c6d168c5c3a",
"contentType": "TEXT",
"versionNumber": "v1.0",
"base64EncodeContent": "PHA+55m75b2V55u45YWz5p2h5qy+LeeUqOaIt+WNj+iurnYxLjA8L3A+",
"status": "PUBLISHED"
}
}参数名 | 类型 | 必须 | 内容说明 |
versionNumber | String | 是 | 条款的版本号 |
versionTitle | String | 是 | 条款的标题 |
contentType | String | 是 | 内容的类型:PDF | IMAGE| WORD| TEXT |
base64EncodeContent | String | 是 | 条款的内容,Base64 编码 |
recordExternalId | String | 是 | 条款的外部ID |
status | String | 是 | 条款的状态,一般为 PUBLISHED (已发布),参考值:
|
5. 获取应用支持的认证源
当业务系统需要集成IDaaS的社交类型登录时调用。IDaaS 会返回当前应用配置的所有认证方式,默认账密和手机 code 是不需要开通就会有的登录方式。
接口地址
Request URI: GET /api/bff/v1.2/developer/ciam/load_enterprise_auths
请求参数
无
返回参数
{
"success": true,
"code": "Operation.Success",
"message": "Operation.Success",
"requestId": "1660644717797$c35da4fa-d354-546c-8729-0e411473af14",
"data": {
"auths": [
{
"enterpriseAuthId": null,
"authName": "账号密码登录",
"authType": "usernamePassword",
"clientId": null,
"supportOAuth": true
},
{
"enterpriseAuthId": null,
"authName": "验证码登录",
"authType": "verifyCode",
"clientId": null,
"supportOAuth": true
},
{
"enterpriseAuthId": "dcealipay",
"authName": "支付宝小程序登录",
"authType": "alipay",
"clientId": "asd",
"supportOAuth": true
},
{
"enterpriseAuthId": "dcewechat1",
"authName": "移动微信登录",
"authType": "wechat",
"clientId": "sad",
"supportOAuth": true
},
{
"enterpriseAuthId": "dcewechat",
"authName": "网站微信登录",
"authType": "wechat",
"clientId": "asd",
"supportOAuth": true
}
]
}
}参数名 | 类型 | 必须 | 内容说明 |
enterpriseAuthId | String | 是 | 认证源 ID |
authName | String | 是 | 认证源名称 |
authType | String | 是 | 认证源类型 |
clientId | String | 是 | 认证源的 accessKey |
supportOAuth | Boolean | 是 | 是否支持 OAuth,系统保留参数,默认返回 true |
6. 获取社交认证源的信息
该 API 主要用于获取单个社交平台的配置信息,用于组装向第三方社交平台发起授权登录的链接。
接口地址
Request URI: GET /api/bff/v1.2/developer/ciam/get_adapter_info
请求参数
参数名 | 类型 | 必须 | 内容说明 |
enterpriseAuthId | string | 是 | IDaaS 认证源 ID,可以在认证源列表中获取。 |
idaasAppId | string | 否 | IDaaS 应用的 ID,如果想在社交登录完成后跳转到特定的应用而不是默认的用户中心时,需要传递该参数。 |
返回参数
{
"success": true,
"code": "Operation.Success",
"message": "Operation.Success",
"requestId": "1665199025342$d73bd194-ea31-0acc-8da7-9be7e5b7363e",
"data": {
"state": "ID:demoidaasappid",
"authenticateJson": "{\"appId\":\"wxexxxxxc8\",\"appSecret\":\"********\",\"authId\":\"wechat\",\"createTime\":\"2022-06-09 20:32\",\"creator\":\"admin\",\"display\":true,\"enabled\":true,\"enterpriseAuthId\":\"xxxx\",\"enterpriseHost\":\"127.0.0.1\",\"enterpriseId\":\"xxxx\",\"frontCallbackUrl\":\"http://xxxx.com/frontend/login/#/adapterCallback\",\"name\":\"微信登录\",\"redirectUrl\":\"\",\"uuid\":\"702e59b9cdf5dd2617b40572bb9b1efaVUMACThx5C4\"}"
}
}其中 authenticateJson为 JSON 字符串,格式如下:
{
"appId": "wxexxxxxc8",
"appSecret": "********",
"authId": "wechat",
"createTime": "2022-06-09 20:32",
"creator": "admin",
"display": true,
"enabled": true,
"enterpriseAuthId": "xxxx",
"enterpriseHost": "127.0.0.1",
"enterpriseId": "xxxx",
"frontCallbackUrl": "http://xxxx.com/frontend/login/#/adapterCallback",
"name": "微信登录",
"redirectUrl": "",
"uuid": "702e59b9cdf5dd2617b40572bb9b1efaVUMACThx5C4"
}参数名 | 类型 | 必须 | 内容说明 |
state | String | 是 | 当入参传了 idaasAppId 的前提下,该值格式为 |
authenticateJson | String | 是 | 社交认证源的配置信息 |
| String | 是 | 社交认证源的 appId,第三方社交平台的应用 id |
| String | 否 | 社交认证源的密钥,固定返回脱敏后的 *,业务端用不到 |
| String | 是 | 认证源标识 |
| String | 是 | 认证源创建者 |
| Boolean | 是 | 是否显示,固定为 true |
| Boolean | 是 | 是否启用,固定为 true |
| String | 是 | 认证源 ID |
| String | 是 | 企业 ID |
| String | 是 | 前端回调地址,对应第三方社交平台配置的回调地址 |
| String | 是 | 认证源名称 |
| String | 否 | 保留字段,可忽略 |
| String | 否 | 保留字段,可忽略 |
| String | 是 | 认证源 uuid |
业务端获取到认证源配置信息后组装第三方社交平台的授权地址即可,以微信开放平台为例,组装完的授权地址为:
GET https://open.weixin.qq.com/connect/qrconnect?appid=wxexxxxxc8
&redirect_uri=http%3A%2F%2Fxxx.com%2Ffrontend%2Flogin%2F%23%2FadapterCallback
&response_type=code
&scope=snsapi_login
&state=xxxx如果业务方不依赖该接口返回的信息而是自行拼接第三方认证源的授权地址,并且需要在第三方社交平台登录完成后跳转到非用户中心的应用时,就需要按照 ID:{idaasAppId}方式生成 state 并附带到第三方认证源的授权地址中。
7. 获取图片验证码
在发送短信、登录之前,建议调用本接口获取图片验证码,并在登录时传给 IDaaS。这样可以有效避免针对发短信、登录接口的机器攻击。当开启了系统风控时,也会触发校验图片验证码的逻辑。
接口地址
Request URI: GET/api/bff/v1.2/developer/ciam/captcha
请求参数
无
返回参数
{
"success": true,
"code": "Operation.Success",
"message": "Operation.Success",
"requestId": "1660882151242$64308516-92ed-4303-8d3c-47d29c95f2a7",
"data": {
"captchaCode": "557c0e18147974608a514a3071110e6bd7W1XxMMVXu",
"captchaImage": "iVBORw0KGgoAAAANSUhEUgAAAFAAAAAaCAIAAACvsEzwAAABW0lEQVR42u3YMQ7CMAwF0EjcgZWNnZEbcAIuwQILh2Jh4X5QKVL0ZTu20yZNJFplKAmleTg1DuH7Z0fYwBt4Aw91PJ73huD956S0XsIi85wIi7zYM93bvH1pTIYGpxngJHaHG7aFZvFa/wdWAOcWc2QnJOKrB9lvbgjO8cTO4/saWzwfEWymK4ytuMiJlp/r4PPrklrsTyd9IkxUyMYgc6EJRiT2TM3MmquCxVVdCk4wpV8xV8vSM8BxZvj0eo4YW5GEQ7lQ9wdjxvIvZiWGOMTf1hOcS9QKWwRj9uKjJNShRX7WzajlEdDNmJnItSSTkdH0svnmQSw8cAbc5gHz0OngVXdLvLTEOU02cW2bWZqsEf5bVS1pLTHzCRGembrIg6qA+++HcxEmGcssEkmBhYWXWXJ2+APAs23yFMYkOefC2x/shJXuqJzf3bjgRuahwbXMA4GdZj/bBP8A1qgY88PlCaMAAAAASUVORK5CYII="
}
}字段名 | 类型 | 示例 | 内容说明 |
captchaCode | string | 5c4bc75 ... ... XVH9Lqk | 图形验证码唯一标识,在验证的时候需要传入 |
captchaImage | string | iVBORw ... ... kSumCC | 验证码图片,base64格式数据 |
8. 获取系统支持的用户类型列表
登录注册前允许切换用户类型进行登录注册,用改接口可以获取到当前租户下支持的所有用户类型,调用方需要进行判断,当有且仅有一条用户类型时,不建议再弹出用户类型选择的窗口。
接口地址
Request URI: GET/api/bff/v1.2/developer/ciam/config/userTypes
请求参数
无
返回参数
{
"success": true,
"code": "Operation.Success",
"message": "Operation.Success",
"requestId": "1673424642819$110ff5f3-e47a-8404-cc3a-282d754fd32c",
"data": [
{
"userTypeName": "普通用户",
"userTypeCode": "default",
"uuid": "3762b69d9f2580c7901441719733271b22zUqxkuQDh"
},
{
"userTypeName": "医生",
"userTypeCode": "doctor"
"uuid": "3xxxxxd9f2580c7901441719733271b22zUqxkuQDh"
}
]
}字段名 | 类型 | 示例 | 内容说明 |
userTypeName | String | 普通用户 | 用户类型的名称 |
userTypeCode | String | default | 用户类型的编码 |
uuid | String | xxxxxxxxx | 用户类型的UUID |
9. 切换账号类型
登录注册流程中,允许用户切换当前登录的用户类型,切换后会生成新的流程 ID。
接口地址
Request URI: GET/api/bff/v1.2/developer/ciam/config/change_user_type
请求参数
参数名 | 类型 | 必填 | 含义 |
fId | String | 是 | 切换用户类型前的 fId,切换完成后会生成新的 fId |
userType | String | 是 | 切换后的用户类型 code |
返回参数
{
"success": true,
"code": "Operation.Success",
"message": "Operation.Success",
"requestId": "1660882151242$64308516-92ed-4303-8d3c-47d29c95f2a7",
"data": {
"fId": "xxxxxxxxxxxx"
}
}字段名 | 类型 | 示例 | 内容说明 |
fId | String | xxxxxxxxxxx | 切换完用户类型后新生成的 fId,后续流程需要使用该 fId,旧的 fId 需要舍弃 |
二、登录、注册
1 账密登录
接口地址
Request URI: POST /api/bff/v1.2/developer/ciam/login/pwd
Content-Type: application/json
请求参数
参数名 | 类型 | 必须 | 内容说明 |
fId | string | 否 | 上一步流程的 fId(如果存在) |
username | string | 是 | 用户名 |
userType | string | 否 | 自定义用户类型,默认为普通用户 |
password | string | 是 | 密码 |
response_type | string | 否 | 当传 code 时,返回授权码;当传 token 时,返回用户的 token |
agreeConsent | boolean | 否 | 用户是否勾选条款(当应用配置了相应条款,此参数必传) |
若开启了【账密防暴 图形验证码】则在认证失败次数超过风控阈值时需要验证图形验证码 | |||
captchaCode | string | 否 | 图形验证码的唯一标识,通过获取图形验证接口返回 |
captchaText | string | 否 | 图形验证码,根据界面中验证码图片显示的数字进行填写 |
返回参数
{
"success": true,
"code": "Operation.Success",
"message": "Operation.Success",
"requestId": "1656326070459$be264b8d-a6ca-a75c-f224-ade8531cc4af",
"data": {
"userId": null,
"uuid": "c0d7ebbae869a76781183310768088543DkolDLzrSB",
"access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6IjkxMGJkMTY4MzFhOTdhZDRhYjdlMGRjMmYzNDY5NTJiaXF6UVdEWWZMbz****.eyJjaXBoZXJUZXh0IjoiVkh3YXpxZTdVb1owNEs5TTlnN2pqLzUvTEhSc2ZyOG1wVHU0TWdUckYwTGJLZ0ZLaHl0ckRsTktUa2FYUzMxRU1kRE1GWE1iWlZLYXd2SzM2OWk1SGZzZk1rSjcyRHFnbCtUMHZTVzFKRG9mVEFpcm1POWJOQ0pWQ29tamxqbGp4dmRHalNET1BtNlhZeEtqWGFrelhxYytRODM3QjNnTlQzbmNJNDY3UExuOHNTNXFJNmdMa1doeWJKZHA0ZXZMaHovUmtuV0RTRXZlNUw3T1Jzd0xoMTdWTGw4SE5Va0Z1TWxDR2FGWVliT3JmL3dHMkpodktNZlZ6ZzFKUTROb1UzWDI4bzR6dHhRclZtWlV3dWo2R1NZcTB0alc0akJlQUErUkV4dkExd3VWUEtSdVJZS0dlZkt3Y0JWOVBxMGlkZjZ0dU04Vjlnd3BpSEtFVnhHM0lXVFVlL0hzb2RxMVVMMTVRZWErcTNvOEpDMitoRGozWE1KOS92Yis2YXo0IiwiZGF0YUNpcGhlckFsZyI6IkRFRkFVTFQiLCJ0ZW5hbnRLZXlVdWlkIjoiN2FiNDI3ZTEzNDRkZGUwMWM5Zjk3NDcyNzYwMzg0YWJwZnRLTWFuRkVGSCJ9.c57U7qi46KnVAPnzk2bgHI9sPoUlk93L5mPOq1WRy_s",
"token_type": "bearer",
"refresh_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6IjkxMGJkMTY4MzFhOTdhZDRhYjdlMGRjMmYzNDY5NTJiaXF6UVdEWWZMbzUifQ.eyJjaXBoZXJUZXh0IjoiVkh3YXpxZTdVb1owNEs5TTlnN2pqLzUvTEhSc2ZyOG1wVHU0TWdUckYwTGJLZ0ZLaHl0ckRsTktUa2FYUzMxRU1kRE1GWE1iWlZLYXd2SzM2OWk1SGZzZk1rSjcyRHFnbCtUMHZTVzFKRG9mVEFpcm1POWJOQ0pWQ29tamxqbGp4dmRHalNET1BtNlhZeEtqWGFrelh0UjBGQXd3eDdINTRsWldxNzdCdEhmUUd5UHFPZWVhK3pLNWRxeWFTMEdXb0NmRkJ1Q1Q1TEFvTlhTRVFWVlc1ZGp3eGJsRUZrSjhVaXBpYXoxTXI1Z3ZSV3N0NlRNN2xHR09tbEVETjJJbmg5dkluVEpUd0RNeTFOSEo1WDJqaGRwMlNvUlN0QUxONlZpaTVMakh3dHAxQWdqZlZuRlR1aVI3UWVLUTVsTjBkdnVmOEtHYkFoQ2lENngxalg4VERKOE5PRWNYYTYyRHdEQ0UrSDlRQlcxTzlPL1FWUG9TSXVqT1lGU0IyVkNsbGZGemM4RmhLbGZLRlcyZlNYbFRSY05YNDE5djcvNWpxL3RuUU1EMjl4YkoxbTAySmRTb3NacjIvNjR1dEpMOSIsImRhdGFDaXBoZXJBbGciOiJERUZBVUxUIiwidGVuYW50S2V5VXVpZCI6IjdhYjQyN2UxMzQ0ZGRlMDFjOWY5NzQ3Mjc2MDM4NGFicGZ0S01hbkZFRkgifQ.VjrWftgXUmLD_P9ECVYGwBEzpyrvZcy-hdrAciIp-aU",
"expires_in": 179999,
"scope": "USER_API",
"id_token": "eyJhbGciOiJSUzI1NiJ9.eyJzdWIiOiJjMGQ3ZWJiYWU4NjlhNzY3ODExODMzMTA3NjgwODg1NDNEa29sREx6clNCIiwic2NvcGUiOiJjMGQ3ZWJiYWU4NjlhNzY3ODExODMzMTA3NjgwODg1NDNEa29sREx6clNCIDEyMzQ2MTExMUAxMy5jb20gMTU4MDExMTExMDAiLCJsb2dpbk5hbWUiOiJ0ZXN0MDI3IiwiY3VzdG9tZXJJZCI6IjQ0MTIxNjU2Mjk4NDE5NTY4MTkiLCJleHAiOjE2NTY1MDYwODAsImp0aSI6InZRN0Uxa0xPTzVpQ3ZuR2JYTUdkZWciLCJpYXQiOjE2NTYzMjYwODEsIm5iZiI6MTY1NjMyNjAyMX0.CW3d41c7oGP23FU5DKGyiX553qLea09oYS4s-dISnse9iE-gGjZxUEqXlHSgfSERES9VeaaVwXEUqPOGKkHEEW0fQKcS82WTepiy1QHB0WeRzqKQQY9t38Rp-v_uMlpKLhnrfK_q_Q1A9ak5kDlpvidp2p5I84NmnisiQmGW7ep3xzs9V7axV9ump207ek5Bl1fs1kZ2gOUTHyWuQ0XoIDF6NHmUjtpA31jc5a13o-UIgX1Bd3ZNjmFiwm4EQ3xyZci72w0rTV7EyRa4KU7KyBjv-QJGv8T2Y4e2GnI-BiqWsaE1wtImhvXRRQ__MT_lRDph87-7zA4cTWEsZJRSXg"
}
}2. 验证码登录
2.1. 发送验证码
该接口适用于用户通过短信验证码登录时获取验证码。CIAM 首先会基于客户端 IP 和手机号码维度,校验短信发送频率,如果超过系统风控策略配置的阈值,则会强制校验图形验证码(此时必须传递 captchaCode 和 captchaText 参数,可以通过获取图形验证码接口获得),如果未超过阈值,则不校验图形验证码。为了防止短信轰炸,强烈建议配置系统风控策略。
接口地址
Request URI: POST/api/bff/v1.2/developer/ciam/login/obtain_code
Content-Type: application/json
请求参数
参数名 | 类型 | 必须 | 内容说明 |
fId | string | 否 | 上一步流程的 fId(如果存在) |
phoneNumber | string | 是 | 手机号,当 type 传 SMS 时该值必传 |
phoneRegion | string | 否 | 手机区号,默认86 |
type | string | 是 | 验证码类型。SMS 代表短信,EMAIL 代表邮箱 |
string | 否 | 邮箱,当 type 传 EMAIL 时该值必传 | |
language | string | 否 | 发送验证码的语言类型,默认取首选语言 |
engineCode | string | 否 | 发送验证码的网关编码,默认取首选服务商的首选网关 |
userType | string | 否 | 自定义用户类型,默认为普通用户 |
说明 若开启了【短信/邮件防暴 图形验证码】则在发送验证码次数超过风控阈值时需要验证图形验证码 | |||
captchaCode | string | 否 | 图形验证码的唯一标识,通过获取图形验证接口返回 |
captchaText | string | 否 | 图形验证码,根据界面中验证码图片显示的数字进行填写 |
返回参数
参数名 | 类型 | 示例 | 内容说明 |
fId | string | sfwf2w233fsfdsddf | 请求验证码时需要原样传回 |
2.2. 校验验证码
服务端仅保留 fid 30分钟(默认),所以30分钟内如果没有进行校验,则验证码将会失效; 验证码校验成功后,将会立即失效,防止重放攻击; 验证码连续校验失败超过系统风控策略配置的阈值后,将会失效并锁定该用户,防止暴力破解验证码;
接口地址
Request URI: POST/api/bff/v1.2/developer/ciam/login/verify_code
Content-Type: application/json
请求参数
参数名 | 类型 | 必须 | 内容说明 |
phoneNumber | string | 否 | 当 type 传 SMS 时该值必传,需要与发送时保持一致 |
string | 否 | 邮箱,当 type 传 EMAIL 时该值必传 | |
code | string | 是 | 短信验证码注册 - 发送验证码接口发送的验证码 |
fId | string | 是 | 短信验证码注册 - 发送验证码接口返回参数中的流程 ID |
type | string | 是 | 验证码类型。SMS 代表短信,EMAIL 代表邮箱 |
responseType | string | 否 | 当传 code 时,返回授权码; 当传 token 时,返回用户的 token |
userType | string | 否 | 自定义用户类型,默认为普通用户 |
agreeConsent | boolean | 否 | 用户是否勾选条款(当应用配置了相应条款,此参数必传) |
返回参数
{
"success": true,
"code": "Operation.Success",
"message": "Operation.Success",
"requestId": "1656326070459$be264b8d-a6ca-a75c-f224-ade8531cc4af",
"data": {
"userId": null,
"uuid": "c0d7ebbae869a76781183310768088543DkolDLzrSB",
"access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6IjkxMGJkMTY4MzFhOTdhZDRhYjdlMGRjMmYzNDY5NTJiaXF6UVdEWWZMbz****.eyJjaXBoZXJUZXh0IjoiVkh3YXpxZTdVb1owNEs5TTlnN2pqLzUvTEhSc2ZyOG1wVHU0TWdUckYwTGJLZ0ZLaHl0ckRsTktUa2FYUzMxRU1kRE1GWE1iWlZLYXd2SzM2OWk1SGZzZk1rSjcyRHFnbCtUMHZTVzFKRG9mVEFpcm1POWJOQ0pWQ29tamxqbGp4dmRHalNET1BtNlhZeEtqWGFrelhxYytRODM3QjNnTlQzbmNJNDY3UExuOHNTNXFJNmdMa1doeWJKZHA0ZXZMaHovUmtuV0RTRXZlNUw3T1Jzd0xoMTdWTGw4SE5Va0Z1TWxDR2FGWVliT3JmL3dHMkpodktNZlZ6ZzFKUTROb1UzWDI4bzR6dHhRclZtWlV3dWo2R1NZcTB0alc0akJlQUErUkV4dkExd3VWUEtSdVJZS0dlZkt3Y0JWOVBxMGlkZjZ0dU04Vjlnd3BpSEtFVnhHM0lXVFVlL0hzb2RxMVVMMTVRZWErcTNvOEpDMitoRGozWE1KOS92Yis2YXo0IiwiZGF0YUNpcGhlckFsZyI6IkRFRkFVTFQiLCJ0ZW5hbnRLZXlVdWlkIjoiN2FiNDI3ZTEzNDRkZGUwMWM5Zjk3NDcyNzYwMzg0YWJwZnRLTWFuRkVGSCJ9.c57U7qi46KnVAPnzk2bgHI9sPoUlk93L5mPOq1WRy_s",
"token_type": "bearer",
"refresh_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6IjkxMGJkMTY4MzFhOTdhZDRhYjdlMGRjMmYzNDY5NTJiaXF6UVdEWWZMbzUifQ.eyJjaXBoZXJUZXh0IjoiVkh3YXpxZTdVb1owNEs5TTlnN2pqLzUvTEhSc2ZyOG1wVHU0TWdUckYwTGJLZ0ZLaHl0ckRsTktUa2FYUzMxRU1kRE1GWE1iWlZLYXd2SzM2OWk1SGZzZk1rSjcyRHFnbCtUMHZTVzFKRG9mVEFpcm1POWJOQ0pWQ29tamxqbGp4dmRHalNET1BtNlhZeEtqWGFrelh0UjBGQXd3eDdINTRsWldxNzdCdEhmUUd5UHFPZWVhK3pLNWRxeWFTMEdXb0NmRkJ1Q1Q1TEFvTlhTRVFWVlc1ZGp3eGJsRUZrSjhVaXBpYXoxTXI1Z3ZSV3N0NlRNN2xHR09tbEVETjJJbmg5dkluVEpUd0RNeTFOSEo1WDJqaGRwMlNvUlN0QUxONlZpaTVMakh3dHAxQWdqZlZuRlR1aVI3UWVLUTVsTjBkdnVmOEtHYkFoQ2lENngxalg4VERKOE5PRWNYYTYyRHdEQ0UrSDlRQlcxTzlPL1FWUG9TSXVqT1lGU0IyVkNsbGZGemM4RmhLbGZLRlcyZlNYbFRSY05YNDE5djcvNWpxL3RuUU1EMjl4YkoxbTAySmRTb3NacjIvNjR1dEpMOSIsImRhdGFDaXBoZXJBbGciOiJERUZBVUxUIiwidGVuYW50S2V5VXVpZCI6IjdhYjQyN2UxMzQ0ZGRlMDFjOWY5NzQ3Mjc2MDM4NGFicGZ0S01hbkZFRkgifQ.VjrWftgXUmLD_P9ECVYGwBEzpyrvZcy-hdrAciIp-aU",
"expires_in": 179999,
"scope": "USER_API",
"id_token": "eyJhbGciOiJSUzI1NiJ9.eyJzdWIiOiJjMGQ3ZWJiYWU4NjlhNzY3ODExODMzMTA3NjgwODg1NDNEa29sREx6clNCIiwic2NvcGUiOiJjMGQ3ZWJiYWU4NjlhNzY3ODExODMzMTA3NjgwODg1NDNEa29sREx6clNCIDEyMzQ2MTExMUAxMy5jb20gMTU4MDExMTExMDAiLCJsb2dpbk5hbWUiOiJ0ZXN0MDI3IiwiY3VzdG9tZXJJZCI6IjQ0MTIxNjU2Mjk4NDE5NTY4MTkiLCJleHAiOjE2NTY1MDYwODAsImp0aSI6InZRN0Uxa0xPTzVpQ3ZuR2JYTUdkZWciLCJpYXQiOjE2NTYzMjYwODEsIm5iZiI6MTY1NjMyNjAyMX0.CW3d41c7oGP23FU5DKGyiX553qLea09oYS4s-dISnse9iE-gGjZxUEqXlHSgfSERES9VeaaVwXEUqPOGKkHEEW0fQKcS82WTepiy1QHB0WeRzqKQQY9t38Rp-v_uMlpKLhnrfK_q_Q1A9ak5kDlpvidp2p5I84NmnisiQmGW7ep3xzs9V7axV9ump207ek5Bl1fs1kZ2gOUTHyWuQ0XoIDF6NHmUjtpA31jc5a13o-UIgX1Bd3ZNjmFiwm4EQ3xyZci72w0rTV7EyRa4KU7KyBjv-QJGv8T2Y4e2GnI-BiqWsaE1wtImhvXRRQ__MT_lRDph87-7zA4cTWEsZJRSXg"
}
}3. 社交登录
接口地址
Request URI: POST /api/bff/v1.2/developer/ciam/login/social
Content-Type: application/json
请求参数
{
"enterpriseAuthId": "ciammasterwechat",
"code": "011RaA1w3Gp0GY234r0w3vhlzU2RaA1P",
"state": "xxxxx",
"agreeConsent": true
}参数名 | 类型 | 必填 | 内容描述 |
code | string | 是 | 第三方社交平台授权登录成功后传回的 code,AppleId 平台需要传苹果返回的 identity_token |
state | string | 否 | 第三方社交平台授权登录完成后传回的 state |
userType | string | 否 | 自定义用户类型,默认为普通用户 |
enterpriseAuthId | string | 是 | 认证源 ID |
agreeConsent | boolean | 否 | 用户是否勾选条款(当应用配置了相应条款,此参数必传) |
返回参数
有绑定关系
{
"success": true,
"code": "Operation.Success",
"message": "Operation.Success",
"requestId": "1656326070459$be264b8d-a6ca-a75c-f224-ade8531cc4af",
"data": {
"userId": null,
"uuid": "c0d7ebbae869a76781183310768088543DkolDLzrSB",
"access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6IjkxMGJkMTY4MzFhOTdhZDRhYjdlMGRjMmYzNDY5NTJiaXF6UVdEWWZMbz****.eyJjaXBoZXJUZXh0IjoiVkh3YXpxZTdVb1owNEs5TTlnN2pqLzUvTEhSc2ZyOG1wVHU0TWdUckYwTGJLZ0ZLaHl0ckRsTktUa2FYUzMxRU1kRE1GWE1iWlZLYXd2SzM2OWk1SGZzZk1rSjcyRHFnbCtUMHZTVzFKRG9mVEFpcm1POWJOQ0pWQ29tamxqbGp4dmRHalNET1BtNlhZeEtqWGFrelhxYytRODM3QjNnTlQzbmNJNDY3UExuOHNTNXFJNmdMa1doeWJKZHA0ZXZMaHovUmtuV0RTRXZlNUw3T1Jzd0xoMTdWTGw4SE5Va0Z1TWxDR2FGWVliT3JmL3dHMkpodktNZlZ6ZzFKUTROb1UzWDI4bzR6dHhRclZtWlV3dWo2R1NZcTB0alc0akJlQUErUkV4dkExd3VWUEtSdVJZS0dlZkt3Y0JWOVBxMGlkZjZ0dU04Vjlnd3BpSEtFVnhHM0lXVFVlL0hzb2RxMVVMMTVRZWErcTNvOEpDMitoRGozWE1KOS92Yis2YXo0IiwiZGF0YUNpcGhlckFsZyI6IkRFRkFVTFQiLCJ0ZW5hbnRLZXlVdWlkIjoiN2FiNDI3ZTEzNDRkZGUwMWM5Zjk3NDcyNzYwMzg0YWJwZnRLTWFuRkVGSCJ9.c57U7qi46KnVAPnzk2bgHI9sPoUlk93L5mPOq1WRy_s",
"token_type": "bearer",
"refresh_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6IjkxMGJkMTY4MzFhOTdhZDRhYjdlMGRjMmYzNDY5NTJiaXF6UVdEWWZMbzUifQ.eyJjaXBoZXJUZXh0IjoiVkh3YXpxZTdVb1owNEs5TTlnN2pqLzUvTEhSc2ZyOG1wVHU0TWdUckYwTGJLZ0ZLaHl0ckRsTktUa2FYUzMxRU1kRE1GWE1iWlZLYXd2SzM2OWk1SGZzZk1rSjcyRHFnbCtUMHZTVzFKRG9mVEFpcm1POWJOQ0pWQ29tamxqbGp4dmRHalNET1BtNlhZeEtqWGFrelh0UjBGQXd3eDdINTRsWldxNzdCdEhmUUd5UHFPZWVhK3pLNWRxeWFTMEdXb0NmRkJ1Q1Q1TEFvTlhTRVFWVlc1ZGp3eGJsRUZrSjhVaXBpYXoxTXI1Z3ZSV3N0NlRNN2xHR09tbEVETjJJbmg5dkluVEpUd0RNeTFOSEo1WDJqaGRwMlNvUlN0QUxONlZpaTVMakh3dHAxQWdqZlZuRlR1aVI3UWVLUTVsTjBkdnVmOEtHYkFoQ2lENngxalg4VERKOE5PRWNYYTYyRHdEQ0UrSDlRQlcxTzlPL1FWUG9TSXVqT1lGU0IyVkNsbGZGemM4RmhLbGZLRlcyZlNYbFRSY05YNDE5djcvNWpxL3RuUU1EMjl4YkoxbTAySmRTb3NacjIvNjR1dEpMOSIsImRhdGFDaXBoZXJBbGciOiJERUZBVUxUIiwidGVuYW50S2V5VXVpZCI6IjdhYjQyN2UxMzQ0ZGRlMDFjOWY5NzQ3Mjc2MDM4NGFicGZ0S01hbkZFRkgifQ.VjrWftgXUmLD_P9ECVYGwBEzpyrvZcy-hdrAciIp-aU",
"expires_in": 179999,
"scope": "USER_API",
"id_token": "eyJhbGciOiJSUzI1NiJ9.eyJzdWIiOiJjMGQ3ZWJiYWU4NjlhNzY3ODExODMzMTA3NjgwODg1NDNEa29sREx6clNCIiwic2NvcGUiOiJjMGQ3ZWJiYWU4NjlhNzY3ODExODMzMTA3NjgwODg1NDNEa29sREx6clNCIDEyMzQ2MTExMUAxMy5jb20gMTU4MDExMTExMDAiLCJsb2dpbk5hbWUiOiJ0ZXN0MDI3IiwiY3VzdG9tZXJJZCI6IjQ0MTIxNjU2Mjk4NDE5NTY4MTkiLCJleHAiOjE2NTY1MDYwODAsImp0aSI6InZRN0Uxa0xPTzVpQ3ZuR2JYTUdkZWciLCJpYXQiOjE2NTYzMjYwODEsIm5iZiI6MTY1NjMyNjAyMX0.CW3d41c7oGP23FU5DKGyiX553qLea09oYS4s-dISnse9iE-gGjZxUEqXlHSgfSERES9VeaaVwXEUqPOGKkHEEW0fQKcS82WTepiy1QHB0WeRzqKQQY9t38Rp-v_uMlpKLhnrfK_q_Q1A9ak5kDlpvidp2p5I84NmnisiQmGW7ep3xzs9V7axV9ump207ek5Bl1fs1kZ2gOUTHyWuQ0XoIDF6NHmUjtpA31jc5a13o-UIgX1Bd3ZNjmFiwm4EQ3xyZci72w0rTV7EyRa4KU7KyBjv-QJGv8T2Y4e2GnI-BiqWsaE1wtImhvXRRQ__MT_lRDph87-7zA4cTWEsZJRSXg"
}
}无绑定关系
{
"success": true,
"code": "Operation.Success",
"message": "Operation.Success",
"requestId": "1658980728774$5abe2ca5-a666-dc36-e6eb-2b97e2aa2d0e",
"data": {
"fId": "202207281158486517671753087716352_X_ABD",
"flowType": "NEED_LOGIN_OR_REGISTOR",
"additional": null
}
}传递了 ID:xx 格式的 state 跳转到业务应用中
{
"success": true,
"code": "Operation.Success",
"message": "Operation.Success",
"requestId": "1658980728774$5abe2ca5-a666-dc36-e6eb-2b97e2aa2d0e",
"data": {
"redirectUrl": "http://xxx.com/social/callback?idaasAppId=xx&code=xxx&state=xxx"
}
}4 微信小程序登录
4.1. 静默登录
静默登录的原理是通过小程序的 wx.login 获取到临时 code 后,直接去服务端查询对应的 openid 和 unionid,再去查询是否有绑定关系,如果有则验证用户状态后登录成功,否则登录失败,静默登录失败无后续流程。只要没有正常返回用户 token 都认为是静默登录失败,包括账号异常、无绑定关系等。 注意:CIAM 中小程序授权登录是基于 unionid 关联唯一微信用户,因此在对接小程序登录时,务必保证小程序已经绑定到微信开放平台账号下,否则无法正常使用 CIAM 的小程序登录。
接口地址
Request URI: POST /api/bff/v1.2/developer/ciam/login/miniprogram/silent
Content-Type: application/json
请求参数
参数名 | 类型 | 必填 | 内容描述 |
loginCode | string | 是 | 微信小程序中通过 wx.login 获取的 临时登录凭证 code(此 code 不能重复使用) |
idaasAppId | string | 是 | 应用 ID,对应控制台应用管理-应用列表中的应用ID |
enterpriseAuthId | string | 是 | 认证源ID,对应控制台认证源列表中的认证源ID |
deviceId | string | 否 | 可选,小程序端设备id |
userType | string | 否 | 自定义用户类型,默认为普通用户 |
{
"loginCode": "033nOZZv3GFRJY2Iwf3w3RrQdn1nOZZI",
"idaasAppId": "{{idaasAppId}}",
"enterpriseAuthId": "{{enterpriseAuthId}}"
}返回参数
静默登录成功
{
"success": true,
"code": "Operation.Success",
"message": "Operation.Success",
"requestId": "1656040913922$ca04c8b1-76ea-f3bd-599a-66c3d445259b",
"data": {
"userId": null,
"uuid": "c0d7ebbae869a76781183310768088543DkolDLzrSB",
"access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6IjkxMGJkMTY4MzFhOTdhZDRhYjdlMGRjMmYzNDY5NTJiaXF6UVdEWWZMbz****.eyJjaXBoZXJUZXh0IjoiVkh3YXpxZTdVb1owNEs5TTlnN2pqLzUvTEhSc2ZyOG1wVHU0TWdUckYwTGJLZ0ZLaHl0ckRsTktUa2FYUzMxRU1kRE1GWE1iWlZLYXd2SzM2OWk1SGZzZk1rSjcyRHFnbCtUMHZTVzFKRG9mVEFpcm1POWJOQ0pWQ29tamxqbGp4dmRHalNET1BtNlhZeEtqWGFrelhnSUJxNlhhNmFrWmN6MDNKT0NUWGxrWHpWWVpYUjg3SEo4SzV2SU5WTW1pUi9xNWgxVVZ4SnFrajIvQmRpNHFDSmt6cEhrN3UybTFUL09RblFIR1pBL3FKazhya1hMTmMxVVE3dHlLYlhTbk9OblA1Wmh2Vlp0RXBwem5Xb3oxYU1lQktqbmxOSnpEWGExQlJ1RDNtTXZpM202ZUFrUXJaNVMzakI4M09haVZ0dUtRQnhvVXhHTXVrNGV0Q0pQK2ZzLzFpWW1xNGpsc2M0NkpXNGdVSGc0bU5RbHBHRGJsWEtCMVowMVMrY3A0IiwiZGF0YUNpcGhlckFsZyI6IkRFRkFVTFQiLCJ0ZW5hbnRLZXlVdWlkIjoiN2FiNDI3ZTEzNDRkZGUwMWM5Zjk3NDcyNzYwMzg0YWJwZnRLTWFuRkVGSCJ9.5QXEYp6GlgomFF08zFUkwNt-8cwDPSBV0UpAsg3jRtg",
"token_type": "bearer",
"refresh_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6IjkxMGJkMTY4MzFhOTdhZDRhYjdlMGRjMmYzNDY5NTJiaXF6UVdEWWZMbzUifQ.eyJjaXBoZXJUZXh0IjoiVkh3YXpxZTdVb1owNEs5TTlnN2pqLzUvTEhSc2ZyOG1wVHU0TWdUckYwTGJLZ0ZLaHl0ckRsTktUa2FYUzMxRU1kRE1GWE1iWlZLYXd2SzM2OWk1SGZzZk1rSjcyRHFnbCtUMHZTVzFKRG9mVEFpcm1POWJOQ0pWQ29tamxqbGp4dmRHalNET1BtNlhZeEtqWGFrelhxYWdsOEdINkJXNEF4eTgrYWpOVXl5T0JCeFB6NGRxNmcwRlNvRTJTVGpmclNSZ2lGS0M3Y25YVGFoVXlJVTE0c1Q5QUgwckVIVko3UnY3RVNQYXdrL0dOZ3d4b2tvd25yczMyUEh3RXFGNXlUT3hDQk9kTG1IWXNWMFRHR2FHaTFWcUpERzh2Ui9JOXBtdmZnZlVHUGFGRUJjTVZmVlRBMU1nVWN0cWNpQnlpQTVrSng5QTVuNG9SVXdnMFZ1MWorcEhZQnFUTkp1SVpUQWttWElhcjQyanhHNFdFMVlscC93SUR3NlFFeHR0a3JrUE8rMGdka0llVGttQ0JybGVOZ3MxaVROckIyNUVvRGJwektxcWZyMUhoQ3VjK0JTTmVKYTdmakNmN0VkOCIsImRhdGFDaXBoZXJBbGciOiJERUZBVUxUIiwidGVuYW50S2V5VXVpZCI6IjdhYjQyN2UxMzQ0ZGRlMDFjOWY5NzQ3Mjc2MDM4NGFicGZ0S01hbkZFRkgifQ.NkmM3xdRMq2xkI_j1A1E7TYUsPZsJn6J2wmJ2gj7Gg4",
"expires_in": 179999,
"scope": "USER_API",
"id_token": "eyJhbGciOiJSUzI1NiJ9.eyJzdWIiOiJjMGQ3ZWJiYWU4NjlhNzY3ODExODMzMTA3NjgwODg1NDNEa29sREx6clNCIiwic2NvcGUiOiJjMGQ3ZWJiYWU4NjlhNzY3ODExODMzMTA3NjgwODg1NDNEa29sREx6clNCIDEyMzQ2MTExMUAxMy5jb20gMTU4MDExMTExMDAiLCJsb2dpbk5hbWUiOiJ0ZXN0MDI3IiwiY3VzdG9tZXJJZCI6IjQ0MTIxNjU2Mjk4NDE5NTY4MTkiLCJleHAiOjE2NTY1MDYwODAsImp0aSI6InZRN0Uxa0xPTzVpQ3ZuR2JYTUdkZWciLCJpYXQiOjE2NTYzMjYwODEsIm5iZiI6MTY1NjMyNjAyMX0.CW3d41c7oGP23FU5DKGyiX553qLea09oYS4s-dISnse9iE-gGjZxUEqXlHSgfSERES9VeaaVwXEUqPOGKkHEEW0fQKcS82WTepiy1QHB0WeRzqKQQY9t38Rp-v_uMlpKLhnrfK_q_Q1A9ak5kDlpvidp2p5I84NmnisiQmGW7ep3xzs9V7axV9ump207ek5Bl1fs1kZ2gOUTHyWuQ0XoIDF6NHmUjtpA31jc5a13o-UIgX1Bd3ZNjmFiwm4EQ3xyZci72w0rTV7EyRa4KU7KyBjv-QJGv8T2Y4e2GnI-BiqWsaE1wtImhvXRRQ__MT_lRDph87-7zA4cTWEsZJRSXg"
}
}静默登录失败(只要没有正常返回用户 token 都认为是静默登录失败,包括账号异常、无绑定关系等)
静默登录失败会将微信用户信息回传给业务端,供业务端使用(非必须)
{
"success": false,
"code": "Operation.Failure",
"message": "Operation.Failure.Mini.Program.Silent.Login",
"requestId": "1656572265429$49b433a9-219a-910a-0323-2af4f1f1a9ce",
"data": {
"unionid": "o89vut2y09r3zcDIhxoU6sMdjmiw",
"openid": "oVq2f4m1pC1Z8rhxYNzTtsWKTJFI"
}
}参数名 | 类型 | 示例 | 描述 |
unionid | String | | 微信用户的 unionid |
openid | String | | 微信用户的 openid |
4.2. 授权登录
授权登录的原理是通过小程序的 wx.login 获取到临时 code 后,再通过 wx.getUserProfile 获取到微信用户的加密信息,然后去服务端通过 loginCode 查询对应的 openid 和 unionid 和 session_key,最后再根据 session_key 解码用户的信息,获取到用户信息后判断是否有绑定关系,如果有则登录成功,否则会进行下一步流程,比如登录注册。
接口地址
Request URI: POST /api/bff/v1.2/developer/ciam/login/miniprogram/authorized
Content-Type: application/json
请求参数
参数名 | 类型 | 必填 | 内容描述 |
loginCode | string | 是 | 微信小程序中通过 wx.login 获取的 临时登录凭证 code(此 code 不能重复使用) |
idaasAppId | string | 是 | 应用 ID,对应控制台应用管理-应用列表中的应用ID |
enterpriseAuthId | string | 是 | 认证源ID,对应控制台认证源列表中的认证源ID |
encryptedData | string | 是 | 包括敏感数据在内的完整用户信息的加密数据,通过 wx.getUserProfile 接口获取,参考:https://developers.weixin.qq.com/miniprogram/dev/api/open-api/user-info/wx.getUserProfile.html |
iv | string | 是 | 加密算法的初始向量,通过 wx.getUserProfile 接口获取,参考: https://developers.weixin.qq.com/miniprogram/dev/api/open-api/user-info/wx.getUserProfile.html |
deviceId | string | 否 | 可选,小程序端设备id |
userType | string | 否 | 自定义用户类型,默认为普通用户 |
agreeConsent | boolean | 否 | 用户是否勾选条款(当应用配置了相应条款,此参数必传) |
{
"loginCode": "063oewll2JUCH84Idiol2sxzFd0oewl4",
"idaasAppId": "{{idaasAppId}}",
"enterpriseAuthId": "{{enterpriseAuthId}}",
"encryptedData": "Wp85WrAol3Xq8H/gm0xl5ux25ZZ4snh1uF3wjJ1KfzDP6BLqERNLw1f2wOQ/GRPgBnTUgJXuMUYKVGRY099graBknp0dbyfMoIS1NllnlrwVmrikhnSWwwU0X9iFig9u6fSUtUK69L80hALQ3H0GPDmNo64MWfd3e/bUy1Gfr2Mw2N9useithN6nbvFQlRZDotIb7Yr3fNPYpjXc+a1q/VCf/XYYUR+1gBWd/xXbFBYbrm+1iYbJomNEfRLcgSCU/pNYTzAgmRxn+bt/KUCiuDWXxLjJl1vySmgPre6Use4XJY9jwQIf+EB6C2ja2WQK8pk2wKCmhWoSZxDRoSUZ8gQXOqk6Ef0rWiazte5ibIcw/j5ridkqDctYyOMU1J4DNdRxjohTTgx/3t5BTpzQNcKwuA+SXcj8CRv2kPhgVUM=",
"iv": "Gv3JeogqQ5eWM93vWSKWPQ==",
"agreeConsent": true
}返回参数
有绑定关系
{
"success": true,
"code": "Operation.Success",
"message": "Operation.Success",
"requestId": "1656040913922$ca04c8b1-76ea-f3bd-599a-66c3d445259b",
"data": {
"userId": null,
"uuid": "c0d7ebbae869a76781183310768088543DkolDLzrSB",
"access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6IjkxMGJkMTY4MzFhOTdhZDRhYjdlMGRjMmYzNDY5NTJiaXF6UVdEWWZMbz****.eyJjaXBoZXJUZXh0IjoiVkh3YXpxZTdVb1owNEs5TTlnN2pqLzUvTEhSc2ZyOG1wVHU0TWdUckYwTGJLZ0ZLaHl0ckRsTktUa2FYUzMxRU1kRE1GWE1iWlZLYXd2SzM2OWk1SGZzZk1rSjcyRHFnbCtUMHZTVzFKRG9mVEFpcm1POWJOQ0pWQ29tamxqbGp4dmRHalNET1BtNlhZeEtqWGFrelhnSUJxNlhhNmFrWmN6MDNKT0NUWGxrWHpWWVpYUjg3SEo4SzV2SU5WTW1pUi9xNWgxVVZ4SnFrajIvQmRpNHFDSmt6cEhrN3UybTFUL09RblFIR1pBL3FKazhya1hMTmMxVVE3dHlLYlhTbk9OblA1Wmh2Vlp0RXBwem5Xb3oxYU1lQktqbmxOSnpEWGExQlJ1RDNtTXZpM202ZUFrUXJaNVMzakI4M09haVZ0dUtRQnhvVXhHTXVrNGV0Q0pQK2ZzLzFpWW1xNGpsc2M0NkpXNGdVSGc0bU5RbHBHRGJsWEtCMVowMVMrY3A0IiwiZGF0YUNpcGhlckFsZyI6IkRFRkFVTFQiLCJ0ZW5hbnRLZXlVdWlkIjoiN2FiNDI3ZTEzNDRkZGUwMWM5Zjk3NDcyNzYwMzg0YWJwZnRLTWFuRkVGSCJ9.5QXEYp6GlgomFF08zFUkwNt-8cwDPSBV0UpAsg3jRtg",
"token_type": "bearer",
"refresh_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6IjkxMGJkMTY4MzFhOTdhZDRhYjdlMGRjMmYzNDY5NTJiaXF6UVdEWWZMbzUifQ.eyJjaXBoZXJUZXh0IjoiVkh3YXpxZTdVb1owNEs5TTlnN2pqLzUvTEhSc2ZyOG1wVHU0TWdUckYwTGJLZ0ZLaHl0ckRsTktUa2FYUzMxRU1kRE1GWE1iWlZLYXd2SzM2OWk1SGZzZk1rSjcyRHFnbCtUMHZTVzFKRG9mVEFpcm1POWJOQ0pWQ29tamxqbGp4dmRHalNET1BtNlhZeEtqWGFrelhxYWdsOEdINkJXNEF4eTgrYWpOVXl5T0JCeFB6NGRxNmcwRlNvRTJTVGpmclNSZ2lGS0M3Y25YVGFoVXlJVTE0c1Q5QUgwckVIVko3UnY3RVNQYXdrL0dOZ3d4b2tvd25yczMyUEh3RXFGNXlUT3hDQk9kTG1IWXNWMFRHR2FHaTFWcUpERzh2Ui9JOXBtdmZnZlVHUGFGRUJjTVZmVlRBMU1nVWN0cWNpQnlpQTVrSng5QTVuNG9SVXdnMFZ1MWorcEhZQnFUTkp1SVpUQWttWElhcjQyanhHNFdFMVlscC93SUR3NlFFeHR0a3JrUE8rMGdka0llVGttQ0JybGVOZ3MxaVROckIyNUVvRGJwektxcWZyMUhoQ3VjK0JTTmVKYTdmakNmN0VkOCIsImRhdGFDaXBoZXJBbGciOiJERUZBVUxUIiwidGVuYW50S2V5VXVpZCI6IjdhYjQyN2UxMzQ0ZGRlMDFjOWY5NzQ3Mjc2MDM4NGFicGZ0S01hbkZFRkgifQ.NkmM3xdRMq2xkI_j1A1E7TYUsPZsJn6J2wmJ2gj7Gg4",
"expires_in": 179999,
"scope": "USER_API",
"id_token": "eyJhbGciOiJSUzI1NiJ9.eyJzdWIiOiJjMGQ3ZWJiYWU4NjlhNzY3ODExODMzMTA3NjgwODg1NDNEa29sREx6clNCIiwic2NvcGUiOiJjMGQ3ZWJiYWU4NjlhNzY3ODExODMzMTA3NjgwODg1NDNEa29sREx6clNCIDEyMzQ2MTExMUAxMy5jb20gMTU4MDExMTExMDAiLCJsb2dpbk5hbWUiOiJ0ZXN0MDI3IiwiY3VzdG9tZXJJZCI6IjQ0MTIxNjU2Mjk4NDE5NTY4MTkiLCJleHAiOjE2NTY1MDYwODAsImp0aSI6InZRN0Uxa0xPTzVpQ3ZuR2JYTUdkZWciLCJpYXQiOjE2NTYzMjYwODEsIm5iZiI6MTY1NjMyNjAyMX0.CW3d41c7oGP23FU5DKGyiX553qLea09oYS4s-dISnse9iE-gGjZxUEqXlHSgfSERES9VeaaVwXEUqPOGKkHEEW0fQKcS82WTepiy1QHB0WeRzqKQQY9t38Rp-v_uMlpKLhnrfK_q_Q1A9ak5kDlpvidp2p5I84NmnisiQmGW7ep3xzs9V7axV9ump207ek5Bl1fs1kZ2gOUTHyWuQ0XoIDF6NHmUjtpA31jc5a13o-UIgX1Bd3ZNjmFiwm4EQ3xyZci72w0rTV7EyRa4KU7KyBjv-QJGv8T2Y4e2GnI-BiqWsaE1wtImhvXRRQ__MT_lRDph87-7zA4cTWEsZJRSXg"
}
}无绑定关系(需要登录或者注册)
微信小程序的授权登录比较特殊,当没有绑定关系或者有绑定关系但是绑定的用户不存在(可能被逻辑删除,或者其他原因引起的脏数据)时,不会返回 flowType,而是会返回一个 Operation.Failure.User.Not.Exist 异常码,同时 data 中会将 fId 返回。 也就是说,小程序在开发时,需要判断该接口的返回错误信息,如果 message 返回的是 Operation.Failure.User.Not.Exist 则认为当前流程存在下一步,即手机号一键登录。
{
"success": false,
"code": "Operation.Failure.Social.Login",
"message": "Operation.Failure.User.Not.Exist",
"requestId": "1656572612543$ad6dff47-af68-1296-c65b-28e84cf59579",
"data": {
"fId": "202206301503325238257221755438080_X_ABD"
}
}参数名 | 类型 | 示例 | 描述 |
fId | String | | 流程 ID,下一个流程传回来 |
4.3. 手机号一键登录
手机号一键登录的原理是通过小程序的 wx.login 获取到临时 code 后,再通过 wx.getPhoneNumber 获取到微信用户的手机号加密信息或者手机号code,然后去服务端通过 loginCode 查询对应的 openid 和 unionid 和 session_key,最后再判断是否传递 phoneNumberCode,如果传了则根据该 code 去微信换取用户的真实手机号,否则根据 session_key 解码用户的手机号信息,获取到用户信息后判断是否有绑定关系,如果有则登录成功,否则会进行下一步流程,比如登录注册。
接口地址
Request URI: POST /api/bff/v1.2/developer/ciam/login/miniprogram/phone
Content-Type: application/json
请求参数
参数名 | 类型 | 必填 | 内容描述 |
fId | string | 否 | 上一步流程(如果有)产生的 fid |
loginCode | string | 是 | 微信小程序中通过 wx.login 获取的 临时登录凭证 code(此 code 不能重复使用) |
idaasAppId | string | 是 | 应用 ID,对应控制台应用管理-应用列表中的应用ID |
enterpriseAuthId | string | 是 | 认证源ID,对应控制台认证源列表中的认证源ID |
phoneNumberCode | string | 是 | 微信小程序中通过 getPhoneNumber 获取到的 code,参考:https://developers.weixin.qq.com/miniprogram/dev/framework/open-ability/getPhoneNumber.html |
encryptedData | string | 是 | 包括敏感数据在内的完整用户信息的加密数据,通过 getPhoneNumber 获取,参考:https://developers.weixin.qq.com/miniprogram/dev/framework/open-ability/deprecatedGetPhoneNumber.html |
iv | string | 是 | 微信小程序中通过 getPhoneNumber 获取到的 加密算法的初始向量,参考:https://developers.weixin.qq.com/miniprogram/dev/framework/open-ability/deprecatedGetPhoneNumber.html |
deviceId | string | 否 | 可选,小程序端设备id |
userType | string | 否 | 自定义用户类型,默认为普通用户 |
agreeConsent | boolean | 否 | 用户是否勾选条款(当应用配置了相应条款,此参数必传) |
{
"fId": "{{fId}}",
"loginCode": "023arx000zEEHiO6N3arx0D",
"idaasAppId": "{{idaasAppId}}",
"enterpriseAuthId": "{{enterpriseAuthId}}",
"phoneNumberCode": "c773d67f9ca3538ae7da881f0df96c2000bdedc4e",
"encryptedData": "",
"iv": "",
"agreeConsent": true
}返回参数
有绑定关系
{
"success": true,
"code": "Operation.Success",
"message": "Operation.Success",
"requestId": "1656040913922$ca04c8b1-76ea-f3bd-599a-66c3d445259b",
"data": {
"userId": null,
"uuid": "c0d7ebbae869a76781183310768088543DkolDLzrSB",
"access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6IjkxMGJkMTY4MzFhOTdhZDRhYjdlMGRjMmYzNDY5NTJiaXF6UVdEWWZMbz****.eyJjaXBoZXJUZXh0IjoiVkh3YXpxZTdVb1owNEs5TTlnN2pqLzUvTEhSc2ZyOG1wVHU0TWdUckYwTGJLZ0ZLaHl0ckRsTktUa2FYUzMxRU1kRE1GWE1iWlZLYXd2SzM2OWk1SGZzZk1rSjcyRHFnbCtUMHZTVzFKRG9mVEFpcm1POWJOQ0pWQ29tamxqbGp4dmRHalNET1BtNlhZeEtqWGFrelhnSUJxNlhhNmFrWmN6MDNKT0NUWGxrWHpWWVpYUjg3SEo4SzV2SU5WTW1pUi9xNWgxVVZ4SnFrajIvQmRpNHFDSmt6cEhrN3UybTFUL09RblFIR1pBL3FKazhya1hMTmMxVVE3dHlLYlhTbk9OblA1Wmh2Vlp0RXBwem5Xb3oxYU1lQktqbmxOSnpEWGExQlJ1RDNtTXZpM202ZUFrUXJaNVMzakI4M09haVZ0dUtRQnhvVXhHTXVrNGV0Q0pQK2ZzLzFpWW1xNGpsc2M0NkpXNGdVSGc0bU5RbHBHRGJsWEtCMVowMVMrY3A0IiwiZGF0YUNpcGhlckFsZyI6IkRFRkFVTFQiLCJ0ZW5hbnRLZXlVdWlkIjoiN2FiNDI3ZTEzNDRkZGUwMWM5Zjk3NDcyNzYwMzg0YWJwZnRLTWFuRkVGSCJ9.5QXEYp6GlgomFF08zFUkwNt-8cwDPSBV0UpAsg3jRtg",
"token_type": "bearer",
"refresh_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6IjkxMGJkMTY4MzFhOTdhZDRhYjdlMGRjMmYzNDY5NTJiaXF6UVdEWWZMbzUifQ.eyJjaXBoZXJUZXh0IjoiVkh3YXpxZTdVb1owNEs5TTlnN2pqLzUvTEhSc2ZyOG1wVHU0TWdUckYwTGJLZ0ZLaHl0ckRsTktUa2FYUzMxRU1kRE1GWE1iWlZLYXd2SzM2OWk1SGZzZk1rSjcyRHFnbCtUMHZTVzFKRG9mVEFpcm1POWJOQ0pWQ29tamxqbGp4dmRHalNET1BtNlhZeEtqWGFrelhxYWdsOEdINkJXNEF4eTgrYWpOVXl5T0JCeFB6NGRxNmcwRlNvRTJTVGpmclNSZ2lGS0M3Y25YVGFoVXlJVTE0c1Q5QUgwckVIVko3UnY3RVNQYXdrL0dOZ3d4b2tvd25yczMyUEh3RXFGNXlUT3hDQk9kTG1IWXNWMFRHR2FHaTFWcUpERzh2Ui9JOXBtdmZnZlVHUGFGRUJjTVZmVlRBMU1nVWN0cWNpQnlpQTVrSng5QTVuNG9SVXdnMFZ1MWorcEhZQnFUTkp1SVpUQWttWElhcjQyanhHNFdFMVlscC93SUR3NlFFeHR0a3JrUE8rMGdka0llVGttQ0JybGVOZ3MxaVROckIyNUVvRGJwektxcWZyMUhoQ3VjK0JTTmVKYTdmakNmN0VkOCIsImRhdGFDaXBoZXJBbGciOiJERUZBVUxUIiwidGVuYW50S2V5VXVpZCI6IjdhYjQyN2UxMzQ0ZGRlMDFjOWY5NzQ3Mjc2MDM4NGFicGZ0S01hbkZFRkgifQ.NkmM3xdRMq2xkI_j1A1E7TYUsPZsJn6J2wmJ2gj7Gg4",
"expires_in": 179999,
"scope": "USER_API",
"id_token": "eyJhbGciOiJSUzI1NiJ9.eyJzdWIiOiJjMGQ3ZWJiYWU4NjlhNzY3ODExODMzMTA3NjgwODg1NDNEa29sREx6clNCIiwic2NvcGUiOiJjMGQ3ZWJiYWU4NjlhNzY3ODExODMzMTA3NjgwODg1NDNEa29sREx6clNCIDEyMzQ2MTExMUAxMy5jb20gMTU4MDExMTExMDAiLCJsb2dpbk5hbWUiOiJ0ZXN0MDI3IiwiY3VzdG9tZXJJZCI6IjQ0MTIxNjU2Mjk4NDE5NTY4MTkiLCJleHAiOjE2NTY1MDYwODAsImp0aSI6InZRN0Uxa0xPTzVpQ3ZuR2JYTUdkZWciLCJpYXQiOjE2NTYzMjYwODEsIm5iZiI6MTY1NjMyNjAyMX0.CW3d41c7oGP23FU5DKGyiX553qLea09oYS4s-dISnse9iE-gGjZxUEqXlHSgfSERES9VeaaVwXEUqPOGKkHEEW0fQKcS82WTepiy1QHB0WeRzqKQQY9t38Rp-v_uMlpKLhnrfK_q_Q1A9ak5kDlpvidp2p5I84NmnisiQmGW7ep3xzs9V7axV9ump207ek5Bl1fs1kZ2gOUTHyWuQ0XoIDF6NHmUjtpA31jc5a13o-UIgX1Bd3ZNjmFiwm4EQ3xyZci72w0rTV7EyRa4KU7KyBjv-QJGv8T2Y4e2GnI-BiqWsaE1wtImhvXRRQ__MT_lRDph87-7zA4cTWEsZJRSXg"
}
}无绑定关系(需要登录或者注册)
微信小程序的手机号一键登录比较特殊,当没有绑定关系或者有绑定关系但是绑定的用户不存在(可能被逻辑删除,或者其他原因引起的脏数据)时,不会返回 flowType,而是会返回一个 Operation.Failure.User.Not.Exist 异常码,同时 data 中会将 fId 返回。 也就是说,小程序在开发时,需要判断该接口的返回错误信息,如果 message 返回的是 Operation.Failure.User.Not.Exist 则认为当前流程存在下一步,即进入 h5 的登录注册页面。
{
"success": false,
"code": "Operation.Failure.Social.Login",
"message": "Operation.Failure.User.Not.Exist",
"requestId": "1656573286977$6584dc2c-78b9-d12c-a6db-21ff9a90dac9",
"data": {
"fId": "202206301514226999141257494492160_X_ABD",
"phoneNumber": "xxxx"
}
}参数名 | 类型 | 示例 | 描述 |
fId | String | | 流程 ID,下一个流程传回来 |
phoneNumber | String | | 当前识别初的手机号,可能前端需要用于展示 |
5 APP端
5.1. 获取accessToken
当手机端需要使用手机号码认证,或者IFAA认证时,需要给手机端进行授权,手机端获取此token信息可以与安全认证产品交互。
接口地址
Request URI: POST/api/bff/v1.2/developer/ciam/login/app/safeauth/fetch_accesstoken
Content-Type: application/json
请求参数
参数名 | 类型 | 必填 | 内容描述 |
applicationExternalId | string | 是 | 在安全认证创建的appid |
mobileExtendParamsJson | string | 是 | 手机端json信息 |
mobileExtendParamsJsonSign | string | 是 | 手机端json签名信息 |
userId | string | 否 | 手机端用户信息 |
返回参数
参数名 | 类型 | 示例 | 内容说明 |
access_token | string | eyJhbGciOiJIUzI1N**** ... ... PoKL1O0j0 | 安全认证的accessToken信息 |
expires_in | long | 3600 | token过期时间,单位:秒 |
错误异常列表
errorCode | errorMessage | 描述 |
Operation.Success | Operation.Success | 成功 |
Params.Blank | Params.Blank.ApplicationExternalId | 缺少参数 ApplicationExternalId |
Params.Blank | Params.Blank.MobileExtendParamsJson | 缺少参数MobileExtendParamsJson |
Params.Blank | Params.Blank.MobileExtendParamsJsonSign | 缺少参数MobileExtendParamsJsonSign |
Operation.Failure | Operation.Failure.RemoteServerCommonError | 调用安全认证服务失败 |
5.2. 获取fId
当点击更多登录方式,需要先获取一个fId。
接口地址
Request URI: POST/api/bff/v1.2/developer/ciam/login/app/getFid
Content-Type: application/json
请求参数
参数名 | 类型 | 示例 | 内容说明 |
deviceId | string | xxxxx | 设备ID |
response_type | string | code | 响应类型,参考OAuth协议的 response_type |
userType | string | 否 | 自定义用户类型,默认为普通用户 |
返回参数
参数名 | 类型 | 示例 | 内容说明 |
fId | string | hbGciOiJIUzI1NiIsI ... ... | 进入登录页面需要的流程ID |
flowType | string | LOGIN_NEED_REGISTER | 下一步流程类型 |
错误异常列表
errorCode | errorMessage | 描述 |
Operation.Success | Operation.Success | 成功 |
5.3. 号码、人脸、指纹认证
当手机端需要使用手机号码认证,或者IFAA认证时,手机端与安全认证通过后会给用户产生idToken,此接口验证完idToken,idaas就会认为认证成功且签发token信息。
接口地址
Request URI: POST /api/bff/v1.2/developer/ciam/login/app/safeauth/login
Content-Type: application/json
请求参数
参数名 | 类型 | 必填 | 内容描述 |
applicationExternalId | string | 是 | 在安全认证创建的appid |
idToken | string | 是 | 用户在安全认证签发的token |
userType | string | 否 | 自定义用户类型,默认为普通用户 |
返回参数
参数名 | 类型 | 示例 | 内容说明 |
id_token | string | hbGciOiJIUzI1NiIsI ... ... PoKL1O0 | 用户身份信息token |
access_token | string | eyJhbGciOiJIUzI1N**** ... ... PoKL1O0j0 | 用户访问token |
refresh_token | string | yJhbGciOiJIUhbGciOiJIUzI1NiIsI ... ... | 刷新用户token使用 |
scope | string | read | 匹配值 |
expires_in | long | 3600 | token过期时间,单位:秒 |
错误异常列表
errorCode | errorMessage | 描述 |
Operation.Success | Operation.Success | 成功 |
Params.Blank | Params.Blank.IdToken | 参数idToken不能都为空 |
Params.Blank | Params.Blank.ApplicationExternalId | 缺少参数applicationExternalId |
Operation.Failure | Operation.Failure.RemoteServerCommonError | 依赖安全认证服务调用失败 |
Operation.Failure | Operation.Failure.No.User.Bind | 安全认证没有绑定过账号信息 |
Operation.Failure | Operation.Failure.IDaaS.NoUser | CIAM系统没有绑定过账号信息 |
Operation.Failure | Operation.Failure.Service.Internal.Error | 服务端内部错误 |
5.4. 手势认证
当手机端需要使用手势认证时,在用户中心配置手势,即可使用手势登录。
接口地址
Request URI: POST /api/bff/v1.2/developer/ciam/login/app/gesture/login
Content-Type: application/json
请求参数
参数名 | 类型 | 必填 | 内容描述 |
gestureSign | string | 是 | 使用用户名对手势做加密 |
userName | string | 是 | 用户名 |
userType | string | 否 | 自定义用户类型,默认为普通用户 |
返回参数
参数名 | 类型 | 示例 | 内容说明 |
id_token | string | hbGciOiJIUzI1NiIsI ... ... PoKL1O0 | 用户身份信息token |
access_token | string | eyJhbGciOiJIUzI1N**** ... ... PoKL1O0j0 | 用户访问token |
refresh_token | string | yJhbGciOiJIUhbGciOiJIUzI1NiIsI ... ... | 刷新用户token使用 |
scope | string | read | 匹配值 |
expires_in | long | 3600 | token过期时间,单位:秒 |
错误异常列表
errorCode | errorMessage | 描述 |
Operation.Success | Operation.Success | 成功 |
Params.Blank | Params.Blank.Gesture.Sign | 参数sign不能都为空 |
Params.Blank | Params.Blank.User.Username | 缺少参数username |
Operation.Failure | Operation.Failure.User.Not.Exist | 不存在的用户 |
Operation.Failure | Operation.Failure.User.Not.Bind.Gesture | 用户没绑定过手势 |
Operation.Failure | Operation_Failure.Gesture.Error | 用户输入的手势错误 |
Operation.Failure | Operation.Failure.Service.Internal.Error | 服务端内部错误 |
6 注册
6.1. 注册-发送验证码
接口地址
Request URI: POST /api/bff/v1.2/developer/ciam/register/obtain_code
Content-Type: application/json
请求参数
{
"fId": "{{fId}}",
"type":"SMS",
"phoneNumber":"1510000****",
"phoneRegion":"",
"email":"111**@qq.com",
"userType":"",
"captchaCode":"",
"captchaText":""
}参数名 | 类型 | 必须 | 内容说明 |
fId | string | 是 | 上一步流程的 fId |
type | string | 是 | 验证码类型。SMS 代表短信,EMAIL 代表邮箱 |
phoneNumber | string | 否 | 手机号,当 type 传 SMS 时该值必传 |
phoneRegion | string | 否 | 手机号区号 |
string | 否 | 邮箱,当 type 传 EMAIL 时该值必传 | |
captchaCode | string | 否 | 图形验证码的 code,由获取验证码的接口返回,当存在图形验证码时必传 |
captchaText | string | 否 | 用户输入的图形验证码,当存在图形验证码时必传 |
userType | string | 否 | 用户类型,默认不传即可 |
language | string | 否 | 发送验证码的语言类型,默认取首选语言 |
engineCode | string | 否 | 发送验证码的网关编码,默认取首选服务商的首选网关 |
若开启了【短信/邮件防暴 图形验证码】则在发送验证码次数超过风控阈值时需要验证图形验证码 | |||
captchaCode | string | 否 | 图形验证码的唯一标识,通过获取图形验证接口返回 |
captchaText | string | 否 | 图形验证码,根据界面中验证码图片显示的数字进行填写 |
返回参数
{
"success": true,
"code": "Operation.Success",
"message": "Operation.Success",
"requestId": "1654591263236$eb20f2b1-5afe-72ab-1333-8515f5a68dee",
"data": {
"fId": "202206071641032416438565386055680_X_BDE"
}
}
6.2. 注册-验证码
接口地址
Request URI: POST /api/bff/v1.2/developer/ciam/register/submit
Content-Type: application/json
请求参数
{
"fId": "{{fId}}",
"type": "SMS",
"code": "000000",
"phoneNumber": "1511111****",
"phoneRegion": "86",
"email": "",
"username": "test001",
"password": "966966",
"userType": "",
"response_type": "token",
"agreeConsent": true
}参数名 | 类型 | 必须 | 内容说明 |
fId | string | 是 | 上一步流程的 fId |
type | string | 是 | 注册类型。SMS 代表短信,EMAIL 代表邮箱 |
phoneNumber | string | 否 | 手机号,上一步用手机发送验证码时,本次必传 |
phoneRegion | string | 否 | 手机号区号 |
string | 否 | 邮箱,上一步用邮箱发送验证码时,本次必传 | |
code | string | 否 | 邮箱或者手机号的验证码,新版本增加的属性(可以兼容旧版本的 smsCode 和 emailCode) |
username | string | 否 | 注册的用户名(登录用户名) |
password | string | 否 | 用户密码 |
userType | string | 否 | 用户类型,默认不传 |
response_type | string | 否 | 当传 code 时,返回授权码;当传 token 时,返回用户的 token |
agreeConsent | boolean | 是 | 用户是否勾选条款(如果未配置条款则可忽略该参数) |
返回参数
{
"success": true,
"code": "Operation.Success",
"message": "Operation.Success",
"requestId": "1656326070459$be264b8d-a6ca-a75c-f224-ade8531cc4af",
"data": {
"userId": null,
"uuid": "c0d7ebbae869a76781183310768088543DkolDLzrSB",
"access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6IjkxMGJkMTY4MzFhOTdhZDRhYjdlMGRjMmYzNDY5NTJiaXF6UVdEWWZMbz****.eyJjaXBoZXJUZXh0IjoiVkh3YXpxZTdVb1owNEs5TTlnN2pqLzUvTEhSc2ZyOG1wVHU0TWdUckYwTGJLZ0ZLaHl0ckRsTktUa2FYUzMxRU1kRE1GWE1iWlZLYXd2SzM2OWk1SGZzZk1rSjcyRHFnbCtUMHZTVzFKRG9mVEFpcm1POWJOQ0pWQ29tamxqbGp4dmRHalNET1BtNlhZeEtqWGFrelhxYytRODM3QjNnTlQzbmNJNDY3UExuOHNTNXFJNmdMa1doeWJKZHA0ZXZMaHovUmtuV0RTRXZlNUw3T1Jzd0xoMTdWTGw4SE5Va0Z1TWxDR2FGWVliT3JmL3dHMkpodktNZlZ6ZzFKUTROb1UzWDI4bzR6dHhRclZtWlV3dWo2R1NZcTB0alc0akJlQUErUkV4dkExd3VWUEtSdVJZS0dlZkt3Y0JWOVBxMGlkZjZ0dU04Vjlnd3BpSEtFVnhHM0lXVFVlL0hzb2RxMVVMMTVRZWErcTNvOEpDMitoRGozWE1KOS92Yis2YXo0IiwiZGF0YUNpcGhlckFsZyI6IkRFRkFVTFQiLCJ0ZW5hbnRLZXlVdWlkIjoiN2FiNDI3ZTEzNDRkZGUwMWM5Zjk3NDcyNzYwMzg0YWJwZnRLTWFuRkVGSCJ9.c57U7qi46KnVAPnzk2bgHI9sPoUlk93L5mPOq1WRy_s",
"token_type": "bearer",
"refresh_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6IjkxMGJkMTY4MzFhOTdhZDRhYjdlMGRjMmYzNDY5NTJiaXF6UVdEWWZMbzUifQ.eyJjaXBoZXJUZXh0IjoiVkh3YXpxZTdVb1owNEs5TTlnN2pqLzUvTEhSc2ZyOG1wVHU0TWdUckYwTGJLZ0ZLaHl0ckRsTktUa2FYUzMxRU1kRE1GWE1iWlZLYXd2SzM2OWk1SGZzZk1rSjcyRHFnbCtUMHZTVzFKRG9mVEFpcm1POWJOQ0pWQ29tamxqbGp4dmRHalNET1BtNlhZeEtqWGFrelh0UjBGQXd3eDdINTRsWldxNzdCdEhmUUd5UHFPZWVhK3pLNWRxeWFTMEdXb0NmRkJ1Q1Q1TEFvTlhTRVFWVlc1ZGp3eGJsRUZrSjhVaXBpYXoxTXI1Z3ZSV3N0NlRNN2xHR09tbEVETjJJbmg5dkluVEpUd0RNeTFOSEo1WDJqaGRwMlNvUlN0QUxONlZpaTVMakh3dHAxQWdqZlZuRlR1aVI3UWVLUTVsTjBkdnVmOEtHYkFoQ2lENngxalg4VERKOE5PRWNYYTYyRHdEQ0UrSDlRQlcxTzlPL1FWUG9TSXVqT1lGU0IyVkNsbGZGemM4RmhLbGZLRlcyZlNYbFRSY05YNDE5djcvNWpxL3RuUU1EMjl4YkoxbTAySmRTb3NacjIvNjR1dEpMOSIsImRhdGFDaXBoZXJBbGciOiJERUZBVUxUIiwidGVuYW50S2V5VXVpZCI6IjdhYjQyN2UxMzQ0ZGRlMDFjOWY5NzQ3Mjc2MDM4NGFicGZ0S01hbkZFRkgifQ.VjrWftgXUmLD_P9ECVYGwBEzpyrvZcy-hdrAciIp-aU",
"expires_in": 179999,
"scope": "USER_API",
"id_token": "eyJhbGciOiJSUzI1NiJ9.eyJzdWIiOiJjMGQ3ZWJiYWU4NjlhNzY3ODExODMzMTA3NjgwODg1NDNEa29sREx6clNCIiwic2NvcGUiOiJjMGQ3ZWJiYWU4NjlhNzY3ODExODMzMTA3NjgwODg1NDNEa29sREx6clNCIDEyMzQ2MTExMUAxMy5jb20gMTU4MDExMTExMDAiLCJsb2dpbk5hbWUiOiJ0ZXN0MDI3IiwiY3VzdG9tZXJJZCI6IjQ0MTIxNjU2Mjk4NDE5NTY4MTkiLCJleHAiOjE2NTY1MDYwODAsImp0aSI6InZRN0Uxa0xPTzVpQ3ZuR2JYTUdkZWciLCJpYXQiOjE2NTYzMjYwODEsIm5iZiI6MTY1NjMyNjAyMX0.CW3d41c7oGP23FU5DKGyiX553qLea09oYS4s-dISnse9iE-gGjZxUEqXlHSgfSERES9VeaaVwXEUqPOGKkHEEW0fQKcS82WTepiy1QHB0WeRzqKQQY9t38Rp-v_uMlpKLhnrfK_q_Q1A9ak5kDlpvidp2p5I84NmnisiQmGW7ep3xzs9V7axV9ump207ek5Bl1fs1kZ2gOUTHyWuQ0XoIDF6NHmUjtpA31jc5a13o-UIgX1Bd3ZNjmFiwm4EQ3xyZci72w0rTV7EyRa4KU7KyBjv-QJGv8T2Y4e2GnI-BiqWsaE1wtImhvXRRQ__MT_lRDph87-7zA4cTWEsZJRSXg",
"idaasCode": null,
"locked": false,
"enabled": false,
"sourceApplicationUuid": null,
"authId": null,
"unionId": null,
"openId": null,
"phoneRegion": null,
"createTime": null,
"uamParams": null
}
}三、二次认证
1.验证码方式-发送验证码
当 flowType=NEED_TWO_FACTOR,进入二次认证 仅用于手机号、邮箱验证码的二次认证。
接口地址
Request URI: POST /api/bff/v1.2/developer/ciam/prepare_second_factor
Content-Type: application/json
请求参数
{
"fId":"{{fId}}",
"type":"SMS",
"captchaCode":"",
"captchaText":""
}参数名 | 类型 | 必须 | 内容说明 |
fId | string | 是 | 上一步流程的 fId |
type | string | 是 | 二次认证的方式,(目前)可选值:SMS、EMAIL 根据选择的二次认证传值 |
userType | string | 否 | 自定义用户类型,默认为普通用户 |
language | string | 否 | 发送验证码的语言类型,默认取首选语言 |
engineCode | string | 否 | 发送验证码的网关编码,默认取首选服务商的首选网关 |
若开启了【短信/邮件防暴 图形验证码】则在发送验证码次数超过风控阈值时需要验证图形验证码 | |||
captchaCode | string | 否 | 图形验证码的唯一标识,通过获取图形验证接口返回 |
captchaText | string | 否 | 图形验证码,根据界面中验证码图片显示的数字进行填写 |
返回参数
不支持的二次认证方式
{
"success": false,
"code": "Params.Illegal",
"message": "Operation.Failure.Unsupport.2fa.Type",
"requestId": "1654681888509$40033cb3-9d4f-4a52-e3a3-447c52c80fb1",
"data": null
}正常
{
"success": true,
"code": "Operation.Success",
"message": "Operation.Success",
"requestId": "1654681964158$6b18049f-68ee-0fbc-7128-d5627b387fad",
"data": {
"fId": "202206081747411329041361342880768_X_BCD"
}
}2. 验证码方式-验证码
接口地址
Request URI: POST /api/bff/v1.2/developer/ciam/verify_second_factor
Content-Type: application/json
请求参数
{
"code":"000000",
"type":"SMS",
"fId":"{{fId}}"
}参数名 | 类型 | 必须 | 内容说明 |
fId | string | 是 | 上一步流程的 fId |
type | string | 是 | 二次认证的方式,(目前)可选值:SMS、EMAIL、PWD,根据选择的二次认证传值 |
code | string | 是 | 手机或者邮箱的验证码 |
返回参数
{
"success": true,
"code": "Operation.Success",
"message": "Operation.Success",
"requestId": "1656326070459$be264b8d-a6ca-a75c-f224-ade8531cc4af",
"data": {
"userId": null,
"uuid": "c0d7ebbae869a76781183310768088543DkolDLzrSB",
"access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6IjkxMGJkMTY4MzFhOTdhZDRhYjdlMGRjMmYzNDY5NTJiaXF6UVdEWWZMbz****.eyJjaXBoZXJUZXh0IjoiVkh3YXpxZTdVb1owNEs5TTlnN2pqLzUvTEhSc2ZyOG1wVHU0TWdUckYwTGJLZ0ZLaHl0ckRsTktUa2FYUzMxRU1kRE1GWE1iWlZLYXd2SzM2OWk1SGZzZk1rSjcyRHFnbCtUMHZTVzFKRG9mVEFpcm1POWJOQ0pWQ29tamxqbGp4dmRHalNET1BtNlhZeEtqWGFrelhxYytRODM3QjNnTlQzbmNJNDY3UExuOHNTNXFJNmdMa1doeWJKZHA0ZXZMaHovUmtuV0RTRXZlNUw3T1Jzd0xoMTdWTGw4SE5Va0Z1TWxDR2FGWVliT3JmL3dHMkpodktNZlZ6ZzFKUTROb1UzWDI4bzR6dHhRclZtWlV3dWo2R1NZcTB0alc0akJlQUErUkV4dkExd3VWUEtSdVJZS0dlZkt3Y0JWOVBxMGlkZjZ0dU04Vjlnd3BpSEtFVnhHM0lXVFVlL0hzb2RxMVVMMTVRZWErcTNvOEpDMitoRGozWE1KOS92Yis2YXo0IiwiZGF0YUNpcGhlckFsZyI6IkRFRkFVTFQiLCJ0ZW5hbnRLZXlVdWlkIjoiN2FiNDI3ZTEzNDRkZGUwMWM5Zjk3NDcyNzYwMzg0YWJwZnRLTWFuRkVGSCJ9.c57U7qi46KnVAPnzk2bgHI9sPoUlk93L5mPOq1WRy_s",
"token_type": "bearer",
"refresh_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6IjkxMGJkMTY4MzFhOTdhZDRhYjdlMGRjMmYzNDY5NTJiaXF6UVdEWWZMbzUifQ.eyJjaXBoZXJUZXh0IjoiVkh3YXpxZTdVb1owNEs5TTlnN2pqLzUvTEhSc2ZyOG1wVHU0TWdUckYwTGJLZ0ZLaHl0ckRsTktUa2FYUzMxRU1kRE1GWE1iWlZLYXd2SzM2OWk1SGZzZk1rSjcyRHFnbCtUMHZTVzFKRG9mVEFpcm1POWJOQ0pWQ29tamxqbGp4dmRHalNET1BtNlhZeEtqWGFrelh0UjBGQXd3eDdINTRsWldxNzdCdEhmUUd5UHFPZWVhK3pLNWRxeWFTMEdXb0NmRkJ1Q1Q1TEFvTlhTRVFWVlc1ZGp3eGJsRUZrSjhVaXBpYXoxTXI1Z3ZSV3N0NlRNN2xHR09tbEVETjJJbmg5dkluVEpUd0RNeTFOSEo1WDJqaGRwMlNvUlN0QUxONlZpaTVMakh3dHAxQWdqZlZuRlR1aVI3UWVLUTVsTjBkdnVmOEtHYkFoQ2lENngxalg4VERKOE5PRWNYYTYyRHdEQ0UrSDlRQlcxTzlPL1FWUG9TSXVqT1lGU0IyVkNsbGZGemM4RmhLbGZLRlcyZlNYbFRSY05YNDE5djcvNWpxL3RuUU1EMjl4YkoxbTAySmRTb3NacjIvNjR1dEpMOSIsImRhdGFDaXBoZXJBbGciOiJERUZBVUxUIiwidGVuYW50S2V5VXVpZCI6IjdhYjQyN2UxMzQ0ZGRlMDFjOWY5NzQ3Mjc2MDM4NGFicGZ0S01hbkZFRkgifQ.VjrWftgXUmLD_P9ECVYGwBEzpyrvZcy-hdrAciIp-aU",
"expires_in": 179999,
"scope": "USER_API",
"id_token": "eyJhbGciOiJSUzI1NiJ9.eyJzdWIiOiJjMGQ3ZWJiYWU4NjlhNzY3ODExODMzMTA3NjgwODg1NDNEa29sREx6clNCIiwic2NvcGUiOiJjMGQ3ZWJiYWU4NjlhNzY3ODExODMzMTA3NjgwODg1NDNEa29sREx6clNCIDEyMzQ2MTExMUAxMy5jb20gMTU4MDExMTExMDAiLCJsb2dpbk5hbWUiOiJ0ZXN0MDI3IiwiY3VzdG9tZXJJZCI6IjQ0MTIxNjU2Mjk4NDE5NTY4MTkiLCJleHAiOjE2NTY1MDYwODAsImp0aSI6InZRN0Uxa0xPTzVpQ3ZuR2JYTUdkZWciLCJpYXQiOjE2NTYzMjYwODEsIm5iZiI6MTY1NjMyNjAyMX0.CW3d41c7oGP23FU5DKGyiX553qLea09oYS4s-dISnse9iE-gGjZxUEqXlHSgfSERES9VeaaVwXEUqPOGKkHEEW0fQKcS82WTepiy1QHB0WeRzqKQQY9t38Rp-v_uMlpKLhnrfK_q_Q1A9ak5kDlpvidp2p5I84NmnisiQmGW7ep3xzs9V7axV9ump207ek5Bl1fs1kZ2gOUTHyWuQ0XoIDF6NHmUjtpA31jc5a13o-UIgX1Bd3ZNjmFiwm4EQ3xyZci72w0rTV7EyRa4KU7KyBjv-QJGv8T2Y4e2GnI-BiqWsaE1wtImhvXRRQ__MT_lRDph87-7zA4cTWEsZJRSXg",
"idaasCode": null,
"locked": false,
"enabled": false,
"sourceApplicationUuid": null,
"authId": null,
"unionId": null,
"openId": null,
"phoneRegion": null,
"createTime": null,
"uamParams": null
}
}3. 密码方式-验证密码
接口地址
Request URI: POST /api/bff/v1.2/developer/ciam/verify_second_factor
Content-Type: application/json
请求参数
{
"password":"966966",
"type":"PWD",
"fId":"{{fId}}"
}参数名 | 类型 | 必须 | 内容说明 |
fId | string | 是 | 上一步流程的 fId |
type | string | 是 | 二次认证的方式,固定为 PWD |
password | string | 是 | 用户输入的密码 |
返回参数
二次认证失败
{
"success": false,
"code": "Operation.Failure",
"message": "Operation.Failure.User.Password.Error",
"requestId": "1654747792211$750c5b3e-5dd2-efa1-60a5-1acc88ca1f85",
"data": null
}二次认证成功
{
"success": true,
"code": "Operation.Success",
"message": "Operation.Success",
"requestId": "1656326070459$be264b8d-a6ca-a75c-f224-ade8531cc4af",
"data": {
"userId": null,
"uuid": "c0d7ebbae869a76781183310768088543DkolDLzrSB",
"access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6IjkxMGJkMTY4MzFhOTdhZDRhYjdlMGRjMmYzNDY5NTJiaXF6UVdEWWZMbz****.eyJjaXBoZXJUZXh0IjoiVkh3YXpxZTdVb1owNEs5TTlnN2pqLzUvTEhSc2ZyOG1wVHU0TWdUckYwTGJLZ0ZLaHl0ckRsTktUa2FYUzMxRU1kRE1GWE1iWlZLYXd2SzM2OWk1SGZzZk1rSjcyRHFnbCtUMHZTVzFKRG9mVEFpcm1POWJOQ0pWQ29tamxqbGp4dmRHalNET1BtNlhZeEtqWGFrelhxYytRODM3QjNnTlQzbmNJNDY3UExuOHNTNXFJNmdMa1doeWJKZHA0ZXZMaHovUmtuV0RTRXZlNUw3T1Jzd0xoMTdWTGw4SE5Va0Z1TWxDR2FGWVliT3JmL3dHMkpodktNZlZ6ZzFKUTROb1UzWDI4bzR6dHhRclZtWlV3dWo2R1NZcTB0alc0akJlQUErUkV4dkExd3VWUEtSdVJZS0dlZkt3Y0JWOVBxMGlkZjZ0dU04Vjlnd3BpSEtFVnhHM0lXVFVlL0hzb2RxMVVMMTVRZWErcTNvOEpDMitoRGozWE1KOS92Yis2YXo0IiwiZGF0YUNpcGhlckFsZyI6IkRFRkFVTFQiLCJ0ZW5hbnRLZXlVdWlkIjoiN2FiNDI3ZTEzNDRkZGUwMWM5Zjk3NDcyNzYwMzg0YWJwZnRLTWFuRkVGSCJ9.c57U7qi46KnVAPnzk2bgHI9sPoUlk93L5mPOq1WRy_s",
"token_type": "bearer",
"refresh_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6IjkxMGJkMTY4MzFhOTdhZDRhYjdlMGRjMmYzNDY5NTJiaXF6UVdEWWZMbzUifQ.eyJjaXBoZXJUZXh0IjoiVkh3YXpxZTdVb1owNEs5TTlnN2pqLzUvTEhSc2ZyOG1wVHU0TWdUckYwTGJLZ0ZLaHl0ckRsTktUa2FYUzMxRU1kRE1GWE1iWlZLYXd2SzM2OWk1SGZzZk1rSjcyRHFnbCtUMHZTVzFKRG9mVEFpcm1POWJOQ0pWQ29tamxqbGp4dmRHalNET1BtNlhZeEtqWGFrelh0UjBGQXd3eDdINTRsWldxNzdCdEhmUUd5UHFPZWVhK3pLNWRxeWFTMEdXb0NmRkJ1Q1Q1TEFvTlhTRVFWVlc1ZGp3eGJsRUZrSjhVaXBpYXoxTXI1Z3ZSV3N0NlRNN2xHR09tbEVETjJJbmg5dkluVEpUd0RNeTFOSEo1WDJqaGRwMlNvUlN0QUxONlZpaTVMakh3dHAxQWdqZlZuRlR1aVI3UWVLUTVsTjBkdnVmOEtHYkFoQ2lENngxalg4VERKOE5PRWNYYTYyRHdEQ0UrSDlRQlcxTzlPL1FWUG9TSXVqT1lGU0IyVkNsbGZGemM4RmhLbGZLRlcyZlNYbFRSY05YNDE5djcvNWpxL3RuUU1EMjl4YkoxbTAySmRTb3NacjIvNjR1dEpMOSIsImRhdGFDaXBoZXJBbGciOiJERUZBVUxUIiwidGVuYW50S2V5VXVpZCI6IjdhYjQyN2UxMzQ0ZGRlMDFjOWY5NzQ3Mjc2MDM4NGFicGZ0S01hbkZFRkgifQ.VjrWftgXUmLD_P9ECVYGwBEzpyrvZcy-hdrAciIp-aU",
"expires_in": 179999,
"scope": "USER_API",
"id_token": "eyJhbGciOiJSUzI1NiJ9.eyJzdWIiOiJjMGQ3ZWJiYWU4NjlhNzY3ODExODMzMTA3NjgwODg1NDNEa29sREx6clNCIiwic2NvcGUiOiJjMGQ3ZWJiYWU4NjlhNzY3ODExODMzMTA3NjgwODg1NDNEa29sREx6clNCIDEyMzQ2MTExMUAxMy5jb20gMTU4MDExMTExMDAiLCJsb2dpbk5hbWUiOiJ0ZXN0MDI3IiwiY3VzdG9tZXJJZCI6IjQ0MTIxNjU2Mjk4NDE5NTY4MTkiLCJleHAiOjE2NTY1MDYwODAsImp0aSI6InZRN0Uxa0xPTzVpQ3ZuR2JYTUdkZWciLCJpYXQiOjE2NTYzMjYwODEsIm5iZiI6MTY1NjMyNjAyMX0.CW3d41c7oGP23FU5DKGyiX553qLea09oYS4s-dISnse9iE-gGjZxUEqXlHSgfSERES9VeaaVwXEUqPOGKkHEEW0fQKcS82WTepiy1QHB0WeRzqKQQY9t38Rp-v_uMlpKLhnrfK_q_Q1A9ak5kDlpvidp2p5I84NmnisiQmGW7ep3xzs9V7axV9ump207ek5Bl1fs1kZ2gOUTHyWuQ0XoIDF6NHmUjtpA31jc5a13o-UIgX1Bd3ZNjmFiwm4EQ3xyZci72w0rTV7EyRa4KU7KyBjv-QJGv8T2Y4e2GnI-BiqWsaE1wtImhvXRRQ__MT_lRDph87-7zA4cTWEsZJRSXg",
"idaasCode": null,
"locked": false,
"enabled": false,
"sourceApplicationUuid": null,
"authId": null,
"unionId": null,
"openId": null,
"phoneRegion": null,
"createTime": null,
"uamParams": null
}
}四、完善个人信息
1. 发送验证码
账号补充账号信息时,如果需要补充手机号或者邮箱,则先验证手机号和邮箱是否为当前用户的,因此需要用到验证码校验。该接口用于发送手机号/邮箱验证码。
接口地址
Request URI: POST /api/bff/v1.2/developer/ciam/complete/obtain_code
Content-Type: application/json
请求参数
{
"fId": "{{fId}}",
"type":"EMAIL",
"email":"te**@test.com",
"phoneNumber":"1510000****",
"phoneRegion":"",
"userType":"",
"captchaCode":"",
"captchaText":""
}参数名 | 类型 | 必须 | 内容说明 |
fId | string | 是 | 上一步流程的 fId |
type | string | 是 | 绑定的属性类型。SMS 代表手机号,EMAIL 代表邮箱 |
phoneNumber | string | 否 | 手机号,当 type 传 SMS 时该值必传 |
phoneRegion | string | 否 | 手机号区号 |
string | 否 | 邮箱,当 type 传 EMAIL 时该值必传 | |
language | string | 否 | 发送验证码的语言类型,默认取首选语言 |
engineCode | string | 否 | 发送验证码的网关编码,默认取首选服务商的首选网关 |
userType | string | 否 | 自定义用户类型,默认为普通用户 |
说明 若开启了【短信/邮件防暴 图形验证码】则在发送验证码次数超过风控阈值时需要验证图形验证码 | |||
captchaCode | string | 否 | 图形验证码的唯一标识,通过获取图形验证接口返回 |
captchaText | string | 否 | 图形验证码,根据界面中验证码图片显示的数字进行填写 |
返回参数
{
"success": true,
"code": "Operation.Success",
"message": "Operation.Success",
"requestId": "1654591001075$3b675da5-5564-8ac5-f5cb-278f22c2908a",
"data": {
"fId": "20220607163529468654192924672_X_BDE"
}
}参数名 | 类型 | 示例 | 描述 |
fId | String | | 流程 ID,下一个流程传回来 |
2 补充账号属性
在用户进行认证操作时,若开启账户属性必填的配置,认证完成后将会返回 flowType = NEED_COMPLETE_ACCOUNT_ATTR,同时包含以下内容时,需要执行补充账户信息的流程:
{
"success": true,
"code": "Operation.Success",
"message": "Operation.Success",
"requestId": "1673335017357$4eec4dea-e833-365b-9076-4744fa49ae84",
"data": {
"fId": "202301101516523678255186083334144_X_BCDEF",
"flowType": "NEED_COMPLETE_ACCOUNT_ATTR",
"additional": {
"accountAttrs": [
"username",
"email",
"password"
],
"baseAttrs": [
{
"fieldName": "姓名",
"dataDictionaryFieldType": "TEXT",
"dataDictionaryType": "USER_BASE",
"dictionaryValueUuid": "xxxxxxx",
"selectFieldOptions": [],
"fieldValue": "fullName",
"uuid": "46b13e088966a93daa01d42ccacc0e88zk8mIRyXO0J",
"customAttributes": []
}
]
}
}
}该接口用于补充账号的属性(手机号、邮箱、用户名、密码等)和用户的基本属性(头像、昵称、姓名、性别、生日等),需要注意的是,该接口在部分场景下可能也会返回待补充的用户的扩展属性,前端需要做好适配。
接口地址
Request URI: POST /api/bff/v1.2/developer/ciam/complete/account_attr
Content-Type: application/json
请求参数
{
"fId": "xxxxxx",
"email": "te**@test.com",
"emailCode": "000000",
"phoneNumber": "1510000****",
"phoneRegion": "86",
"smsCode": "000000",
"username": "test"
}参数名 | 类型 | 必须 | 内容说明 |
fId | string | 是 | 上一步流程的 fId |
username | string | 否 | 用户名,该值是否必填,取决于当登录或者注册接口返回 flowType=NEED_COMPLETE_ACCOUNT_ATTR 时,接口返回数据中的 |
password | string | 否 | 密码,该值是否必填,取决于当登录或者注册接口返回 flowType=NEED_COMPLETE_ACCOUNT_ATTR 时,接口返回数据中的 |
string | 否 | 邮箱,该值是否必填,取决于当登录或者注册接口返回 flowType=NEED_COMPLETE_ACCOUNT_ATTR 时,接口返回数据中的 | |
phoneNumber | string | 否 | 手机号,该值是否必填,取决于当登录或者注册接口返回 flowType=NEED_COMPLETE_ACCOUNT_ATTR 时,接口返回数据中的 |
phoneRegion | string | 否 | 手机号区号,该值是否必填,取决于当登录或者注册接口返回 flowType=NEED_COMPLETE_ACCOUNT_ATTR 时,接口返回数据中的 |
smsCode | string | 否 | 手机验证码,当待补充的属性中存在手机号时,该值必填 |
emailCode | string | 否 | 邮箱验证码,当待补充的属性中存在邮箱时,该值必填 |
displayName | string | 否 | 显示名称,该值是否必填,取决于当登录或者注册接口返回 flowType=NEED_COMPLETE_ACCOUNT_ATTR 时,接口返回数据中的 |
enDisplayName | string | 否 | 英文显示名称,该值是否必填,取决于当登录或者注册接口返回 flowType=NEED_COMPLETE_ACCOUNT_ATTR 时,接口返回数据中的 |
fullName | string | 否 | 名称全称,该值是否必填,取决于当登录或者注册接口返回 flowType=NEED_COMPLETE_ACCOUNT_ATTR 时,接口返回数据中的 |
gender | string | 否 | 性别,该值是否必填,取决于当登录或者注册接口返回 flowType=NEED_COMPLETE_ACCOUNT_ATTR 时,接口返回数据中的 |
birthday | string | 否 | 生日,该值是否必填,取决于当登录或者注册接口返回 flowType=NEED_COMPLETE_ACCOUNT_ATTR 时,接口返回数据中的 |
country | string | 否 | 国家,该值是否必填,取决于当登录或者注册接口返回 flowType=NEED_COMPLETE_ACCOUNT_ATTR 时,接口返回数据中的 |
region | string | 否 | 地区,该值是否必填,取决于当登录或者注册接口返回 flowType=NEED_COMPLETE_ACCOUNT_ATTR 时,接口返回数据中的 |
province | string | 否 | 省份,该值是否必填,取决于当登录或者注册接口返回 flowType=NEED_COMPLETE_ACCOUNT_ATTR 时,接口返回数据中的 |
city | string | 否 | 城市,该值是否必填,取决于当登录或者注册接口返回 flowType=NEED_COMPLETE_ACCOUNT_ATTR 时,接口返回数据中的 |
street | string | 否 | 街道,该值是否必填,取决于当登录或者注册接口返回 flowType=NEED_COMPLETE_ACCOUNT_ATTR 时,接口返回数据中的 |
address | string | 否 | 详细地址,该值是否必填,取决于当登录或者注册接口返回 flowType=NEED_COMPLETE_ACCOUNT_ATTR 时,接口返回数据中的 |
description | string | 否 | 个人描述,该值是否必填,取决于当登录或者注册接口返回 flowType=NEED_COMPLETE_ACCOUNT_ATTR 时,接口返回数据中的 |
avatarUuid | string | 否 | 用户头像,该值是否必填,取决于当登录或者注册接口返回 flowType=NEED_COMPLETE_ACCOUNT_ATTR 时,接口返回数据中的 |
返回参数
{
"success": true,
"code": "Operation.Success",
"message": "Operation.Success",
"requestId": "1671451557868$5296056b-782c-38e6-aaf4-e2a9580055a9",
"data": {
"userId": null,
"uuid": "9c9f2eb104b1dd8ffc21a8c53cf168fc6LJFouMQJNH",
"access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6ImUyZTE0MTNmNGRiMzgwOTA4YjRlZDNlYjZmOGJmMDhhMURvZjZDblc0V0QifQ.eyJjaXBoZXJUZXh0IjoiVkh3YXpxZTdVb1owNEs5TTlnN2pqLzUvTEhSc2ZyOG1wVHU0TWdUckYwTGJLZ0ZLaHl0ckRsTktUa2FYUzMxRU1kRE1GWE1iWlZLYXd2SzM2OWk1SGZzZk1rSjcyRHFnbCtUMHZTVzFKRHB3Z1ozS3IyQU01T21FQmx5MDJlNzJ4dmRHalNET1BtNlhZeEtqWGFrelhzR2wwVVRtWEdxNm9mK2FLUzJJNllWOG9rZkRlQlIzb2JTbSt2Y0c3TTRPTm9KTDR6cG11ajZXNENwQTNkeTJQRHBOV0dkRktOeks1cmF2eERJcmJTZUtnMmp4bmFGN2R6SXlBS2xzcnc2eGJzODJuNU5INk5uSnZPZ2NHVW5LRlBqOG4xZHhVTHlLOHlIUk4rRUtMeWJIczcxbmVIeFFzM2pNbi9UaERzdDBuSStmVTI4LzFhMVV6RGd4MXRLUDBkbmNwS3owSGVwbWV5WnF1ZGppWXlZbjN1eVBibWg2SVBuNG1FWGdVbzNQeGp5dDNXRTlkQS9HSmJqR2t2N1NKRzJ4TlRlZnk0ejNhRXZ2UHNmemJpbm5kaG9jVFRrb2ZnbVdyLyt4Ky8yQWx3NFZMZHV5enZHR01jcUpLK3ZNNFE9PSIsImRhdGFDaXBoZXJBbGciOiJERUZBVUxUIiwidGVuYW50S2V5VXVpZCI6IjdhYjQyN2UxMzQ0ZGRlMDFjOWY5NzQ3Mjc2MDM4NGFicGZ0S01hbkZFRkgifQ.5T7iDRsl8FXZN1A-tFPepPS_huDSw8CRHuaCefBSyLs",
"token_type": "bearer",
"refresh_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6ImUyZTE0MTNmNGRiMzgwOTA4YjRlZDNlYjZmOGJmMDhhMURvZjZDblc0V0QifQ.eyJjaXBoZXJUZXh0IjoiVkh3YXpxZTdVb1owNEs5TTlnN2pqLzUvTEhSc2ZyOG1wVHU0TWdUckYwTGJLZ0ZLaHl0ckRsTktUa2FYUzMxRU1kRE1GWE1iWlZLYXd2SzM2OWk1SGZzZk1rSjcyRHFnbCtUMHZTVzFKRHB3Z1ozS3IyQU01T21FQmx5MDJlNzJ4dmRHalNET1BtNlhZeEtqWGFrelhzR2wwVVRtWEdxNm9mK2FLUzJJNllWcUNrRUtQbHpoOEw1ajVqRHJzM0VKRWNSd3ZxNGpGU0QvSjJ6VTc4VGlvTkFsb1VseVpYZ0dMMGV0V0pzT2ZuU2RyZCsrSjNLYTU3Mi8rbDdEd3VPeDF4V09VT2xpVDB5QnhseU5peVI4ZW5BaVhlMUxtSkxxWnlPSVNJdDlZU3VFdk9oTlBXbXkwalRMNVpSZGkxZWtQaXpERVhxTDdTQnc2UkgxVHViTjRkVUlLN0w3TFBXc3FITnVuSm9YcjNQTmJVcXh4M09OV1I0K0dMWFl0dmRSWDV4UjBnYzllZnk5ZkZpZk9oeFdYWWs5cTREdmw5cnR5dTdqc25iUit4czZYWjhoYms2VWp2MEo2YVFLdmE3dWpGMlBlc3oyRVo3V3NnUVVZVmY5SDY2ZGhnUTJGTnhYd3JBVlJnMnRvSzNjM1VWOUJ4RkNub0NFbytEWkxWN1giLCJkYXRhQ2lwaGVyQWxnIjoiREVGQVVMVCIsInRlbmFudEtleVV1aWQiOiI3YWI0MjdlMTM0NGRkZTAxYzlmOTc0NzI3NjAzODRhYnBmdEtNYW5GRUZIIn0.ZfQ4O1u1lHDIynAg63FpUfBS6BJslza6S33NvzdqMxs",
"expires_in": 719999,
"scope": "USER_API,openid,profile",
"id_token": "eyJhbGciOiJSUzI1NiJ9.eyJpc3MiOiJodHRwOi8vbG9jYWxob3N0OjgwODEiLCJzdWIiOiI5YzlmMmViMTA0YjFkZDhmZmMyMWE4YzUzY2YxNjhmYzZMSkZvdU1RSk5IIiwiYXVkIjoiZTJlMTQxM2Y0ZGIzODA5MDhiNGVkM2ViNmY4YmYwOGExRG9mNkNuVzRXRCIsImV4cCI6MTY3MjE3MTU2OCwiaWF0IjoxNjcxNDUxNTY5LCJqdGkiOiJrQ050MEpmbkVJZWZWbUdla0Z3QkpBIiwibmJmIjoxNjcxNDUxNTA5LCJ1c2VybmFtZSI6ImQxMjM0NTYiLCJleHRlcm5hbElkIjpudWxsLCJuaWNrbmFtZSI6IlIyMDIyMTEyODE2MTQxMDE2MjE5MDA1OTUiLCJwcmVmZXJyZWRfdXNlcm5hbWUiOiJSMjAyMjExMjgxNjE0MTAxNjIxOTAwNTk1In0.NXAqFDXtnqIYc08LzEmvCLkuRtiG9UIYpT-v3gka4eHUmWdxb0sAg3WuOWP_VXqWb2EkzFN1Jeo4x--WywBnpkwJ8OXR6GTnLu9eaxxktM7zrrQ-brriCeTm8Oi8UZrRm3ronY_7VvTXgKVNY1hiqbQyQGDp6zo5QdiBRbSyqXvHXkIrz2-R8716TxeGSmPV2PQMGjaFFNCQWgXXDOEX_8TK6TOtRy-nYIe39NeYGWT6X5-IrslsKKTKW3yjc6227EHQtCZjIxK51Ys7hQh-ahoQUbyPFJUQeFbbkRiXokOBIloWfoWWBCsXTfILWJm3wrq9lHyvlavUT64291k8RA"
}
}3.补充扩展属性
在用户进行认证操作时,若开启账户扩展必填的配置,认证完成后将会返回 flowType = NEED_COMPLETE_EXTENSION_ATTR,同时包含以下内容时,需要执行补充账户信息的流程:
{
"success": true,
"code": "Operation.Success",
"message": "Operation.Success",
"requestId": "1672307673561$a48a5b6a-baa8-dd7f-a805-d070a5f856b1",
"data": {
"fId": "202212291754332256045602524457984_X_BCDF",
"flowType": "NEED_COMPLETE_EXTENSION_ATTR",
"additional": {
"dataDictionaries": [
{
"needRelation": false,
"fieldName": "性别",
"dataDictionaryFieldType": "SELECT",
"dataDictionaryType": "UD_ACCOUNT",
"enterpriseUuid": "2bcdef58e8ae5cf6f5b18343bc1fbebc2f64xbYa0yx",
"needShow": true,
"fieldValue": "sex",
"uuid": "cc4d7cbfda2ebc0437921ab3fe900f7fylI7pPzLC9C",
"enabled": true,
"required": false,
"readonly": false,
"unique": false,
"dictionaryValueUuid": "0646c123295b07b93570b43c2e0b057ebEIKJZzEvWG",
"selectFieldOptions": [
{
"optionLabel": "男",
"optionValue": "男",
"optionId": "2fe9693edc921a4ae0bdd2e7653aafd4GW1e6uZFSgS",
"uuid": "077d6c18b9168aad2451ad063f5e4588O3zhBpn50y3"
},
{
"optionLabel": "女",
"optionValue": "女",
"optionId": "a547a2535e1aae7d2631e9e613e6824fmP9dg8SNfkr",
"uuid": "52f2a4b11b168696a64ee144f7b2729akjuANhofvcG"
}
],
"modifiable": true,
"needSensitive": false,
"customAttributes": []
}
]
},
"userList": null
}
}该接口用于补充账号的扩展属性,需要注意的是,该接口在部分场景下可能也会返回待补充的用户的账号属性,前端需要做好适配,账号属性的内容参考 2.4.4 补充账号属性。
接口地址
Request URI: POST /api/bff/v1.2/developer/ciam/complete/extension_attr
Content-Type: application/json
请求参数
{
"fId":"xxxxxxxxx",
"dataDictionaryValues": [
{
"uuid": "0646c123295b07b93570b43c2e0b057ebEIKJZzEvWG",
"dictionaryUuid": "cc4d7cbfda2ebc0437921ab3fe900f7fylI7pPzLC9C",
"dictionaryValue": "男"
},
{
"uuid": "880490b6d30c8c0f2612d3df8b2aae0bSUfpHl5rVsq",
"dictionaryUuid": "0fe64d5bf628a7*******3573de77f238x5hv7TROSWB",
"dictionaryValue": "扩展属性的值"
}
]
}参数名 | 类型 | 必须 | 内容说明 |
fId | String | 是 | 流程 ID,上个流程生成的 |
dataDictionaryValues | Array | 是 | 扩展属性的值,数组类型 |
| String | 否 | 扩展属性值的 UUID,当登录或者注册接口返回 flowType=NEED_COMPLETE_EXTENSION_ATTR 时,该值对应登录注册接口返回数据中的 |
| String | 是 | 扩展属性的 UUID,当登录或者注册接口返回 flowType=NEED_COMPLETE_EXTENSION_ATTR 时,该值对应登录注册接口返回数据中的 |
| String | 是 | 扩展属性的值,由用户输入 |
返回参数
{
"success": true,
"code": "Operation.Success",
"message": "Operation.Success",
"requestId": "1671451557868$5296056b-782c-38e6-aaf4-e2a9580055a9",
"data": {
"userId": null,
"uuid": "9c9f2eb104b1dd8ffc21a8c53cf168fc6LJFouMQJNH",
"access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6ImUyZTE0MTNmNGRiMzgwOTA4YjRlZDNlYjZmOGJmMDhhMURvZjZDblc0V0QifQ.eyJjaXBoZXJUZXh0IjoiVkh3YXpxZTdVb1owNEs5TTlnN2pqLzUvTEhSc2ZyOG1wVHU0TWdUckYwTGJLZ0ZLaHl0ckRsTktUa2FYUzMxRU1kRE1GWE1iWlZLYXd2SzM2OWk1SGZzZk1rSjcyRHFnbCtUMHZTVzFKRHB3Z1ozS3IyQU01T21FQmx5MDJlNzJ4dmRHalNET1BtNlhZeEtqWGFrelhzR2wwVVRtWEdxNm9mK2FLUzJJNllWOG9rZkRlQlIzb2JTbSt2Y0c3TTRPTm9KTDR6cG11ajZXNENwQTNkeTJQRHBOV0dkRktOeks1cmF2eERJcmJTZUtnMmp4bmFGN2R6SXlBS2xzcnc2eGJzODJuNU5INk5uSnZPZ2NHVW5LRlBqOG4xZHhVTHlLOHlIUk4rRUtMeWJIczcxbmVIeFFzM2pNbi9UaERzdDBuSStmVTI4LzFhMVV6RGd4MXRLUDBkbmNwS3owSGVwbWV5WnF1ZGppWXlZbjN1eVBibWg2SVBuNG1FWGdVbzNQeGp5dDNXRTlkQS9HSmJqR2t2N1NKRzJ4TlRlZnk0ejNhRXZ2UHNmemJpbm5kaG9jVFRrb2ZnbVdyLyt4Ky8yQWx3NFZMZHV5enZHR01jcUpLK3ZNNFE9PSIsImRhdGFDaXBoZXJBbGciOiJERUZBVUxUIiwidGVuYW50S2V5VXVpZCI6IjdhYjQyN2UxMzQ0ZGRlMDFjOWY5NzQ3Mjc2MDM4NGFicGZ0S01hbkZFRkgifQ.5T7iDRsl8FXZN1A-tFPepPS_huDSw8CRHuaCefBSyLs",
"token_type": "bearer",
"refresh_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6ImUyZTE0MTNmNGRiMzgwOTA4YjRlZDNlYjZmOGJmMDhhMURvZjZDblc0V0QifQ.eyJjaXBoZXJUZXh0IjoiVkh3YXpxZTdVb1owNEs5TTlnN2pqLzUvTEhSc2ZyOG1wVHU0TWdUckYwTGJLZ0ZLaHl0ckRsTktUa2FYUzMxRU1kRE1GWE1iWlZLYXd2SzM2OWk1SGZzZk1rSjcyRHFnbCtUMHZTVzFKRHB3Z1ozS3IyQU01T21FQmx5MDJlNzJ4dmRHalNET1BtNlhZeEtqWGFrelhzR2wwVVRtWEdxNm9mK2FLUzJJNllWcUNrRUtQbHpoOEw1ajVqRHJzM0VKRWNSd3ZxNGpGU0QvSjJ6VTc4VGlvTkFsb1VseVpYZ0dMMGV0V0pzT2ZuU2RyZCsrSjNLYTU3Mi8rbDdEd3VPeDF4V09VT2xpVDB5QnhseU5peVI4ZW5BaVhlMUxtSkxxWnlPSVNJdDlZU3VFdk9oTlBXbXkwalRMNVpSZGkxZWtQaXpERVhxTDdTQnc2UkgxVHViTjRkVUlLN0w3TFBXc3FITnVuSm9YcjNQTmJVcXh4M09OV1I0K0dMWFl0dmRSWDV4UjBnYzllZnk5ZkZpZk9oeFdYWWs5cTREdmw5cnR5dTdqc25iUit4czZYWjhoYms2VWp2MEo2YVFLdmE3dWpGMlBlc3oyRVo3V3NnUVVZVmY5SDY2ZGhnUTJGTnhYd3JBVlJnMnRvSzNjM1VWOUJ4RkNub0NFbytEWkxWN1giLCJkYXRhQ2lwaGVyQWxnIjoiREVGQVVMVCIsInRlbmFudEtleVV1aWQiOiI3YWI0MjdlMTM0NGRkZTAxYzlmOTc0NzI3NjAzODRhYnBmdEtNYW5GRUZIIn0.ZfQ4O1u1lHDIynAg63FpUfBS6BJslza6S33NvzdqMxs",
"expires_in": 719999,
"scope": "USER_API,openid,profile",
"id_token": "eyJhbGciOiJSUzI1NiJ9.eyJpc3MiOiJodHRwOi8vbG9jYWxob3N0OjgwODEiLCJzdWIiOiI5YzlmMmViMTA0YjFkZDhmZmMyMWE4YzUzY2YxNjhmYzZMSkZvdU1RSk5IIiwiYXVkIjoiZTJlMTQxM2Y0ZGIzODA5MDhiNGVkM2ViNmY4YmYwOGExRG9mNkNuVzRXRCIsImV4cCI6MTY3MjE3MTU2OCwiaWF0IjoxNjcxNDUxNTY5LCJqdGkiOiJrQ050MEpmbkVJZWZWbUdla0Z3QkpBIiwibmJmIjoxNjcxNDUxNTA5LCJ1c2VybmFtZSI6ImQxMjM0NTYiLCJleHRlcm5hbElkIjpudWxsLCJuaWNrbmFtZSI6IlIyMDIyMTEyODE2MTQxMDE2MjE5MDA1OTUiLCJwcmVmZXJyZWRfdXNlcm5hbWUiOiJSMjAyMjExMjgxNjE0MTAxNjIxOTAwNTk1In0.NXAqFDXtnqIYc08LzEmvCLkuRtiG9UIYpT-v3gka4eHUmWdxb0sAg3WuOWP_VXqWb2EkzFN1Jeo4x--WywBnpkwJ8OXR6GTnLu9eaxxktM7zrrQ-brriCeTm8Oi8UZrRm3ronY_7VvTXgKVNY1hiqbQyQGDp6zo5QdiBRbSyqXvHXkIrz2-R8716TxeGSmPV2PQMGjaFFNCQWgXXDOEX_8TK6TOtRy-nYIe39NeYGWT6X5-IrslsKKTKW3yjc6227EHQtCZjIxK51Ys7hQh-ahoQUbyPFJUQeFbbkRiXokOBIloWfoWWBCsXTfILWJm3wrq9lHyvlavUT64291k8RA",
"uamParams": null
}
}4 跳过补充账号信息
在用户进行认证操作时,若开启账户扩展必填的配置,认证完成后将会返回 flowType = NEED_COMPLETE_ACCOUNT_ATTR 或者 flowType = NEED_COMPLETE_EXTENSION_ATTR,用户可以在注册环节选择是否跳过补充信息。该接口主要用于用户在注册环节跳过补充信息(包括补充账号信息和补充扩展信息,都调用该接口进行跳过)时使用。
接口地址
Request URI: POST /api/bff/v1.2/developer/ciam/complete/ignore
Content-Type: application/json
请求参数
{
"fId": "xxxxx"
}参数名 | 类型 | 必须 | 内容说明 |
fId | String | 是 | 流程 ID,上个流程生成的 |
返回参数
{
"success": true,
"code": "Operation.Success",
"message": "Operation.Success",
"requestId": "1671451557868$5296056b-782c-38e6-aaf4-e2a9580055a9",
"data": {
"userId": null,
"uuid": "9c9f2eb104b1dd8ffc21a8c53cf168fc6LJFouMQJNH",
"access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6ImUyZTE0MTNmNGRiMzgwOTA4YjRlZDNlYjZmOGJmMDhhMURvZjZDblc0V0QifQ.eyJjaXBoZXJUZXh0IjoiVkh3YXpxZTdVb1owNEs5TTlnN2pqLzUvTEhSc2ZyOG1wVHU0TWdUckYwTGJLZ0ZLaHl0ckRsTktUa2FYUzMxRU1kRE1GWE1iWlZLYXd2SzM2OWk1SGZzZk1rSjcyRHFnbCtUMHZTVzFKRHB3Z1ozS3IyQU01T21FQmx5MDJlNzJ4dmRHalNET1BtNlhZeEtqWGFrelhzR2wwVVRtWEdxNm9mK2FLUzJJNllWOG9rZkRlQlIzb2JTbSt2Y0c3TTRPTm9KTDR6cG11ajZXNENwQTNkeTJQRHBOV0dkRktOeks1cmF2eERJcmJTZUtnMmp4bmFGN2R6SXlBS2xzcnc2eGJzODJuNU5INk5uSnZPZ2NHVW5LRlBqOG4xZHhVTHlLOHlIUk4rRUtMeWJIczcxbmVIeFFzM2pNbi9UaERzdDBuSStmVTI4LzFhMVV6RGd4MXRLUDBkbmNwS3owSGVwbWV5WnF1ZGppWXlZbjN1eVBibWg2SVBuNG1FWGdVbzNQeGp5dDNXRTlkQS9HSmJqR2t2N1NKRzJ4TlRlZnk0ejNhRXZ2UHNmemJpbm5kaG9jVFRrb2ZnbVdyLyt4Ky8yQWx3NFZMZHV5enZHR01jcUpLK3ZNNFE9PSIsImRhdGFDaXBoZXJBbGciOiJERUZBVUxUIiwidGVuYW50S2V5VXVpZCI6IjdhYjQyN2UxMzQ0ZGRlMDFjOWY5NzQ3Mjc2MDM4NGFicGZ0S01hbkZFRkgifQ.5T7iDRsl8FXZN1A-tFPepPS_huDSw8CRHuaCefBSyLs",
"token_type": "bearer",
"refresh_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6ImUyZTE0MTNmNGRiMzgwOTA4YjRlZDNlYjZmOGJmMDhhMURvZjZDblc0V0QifQ.eyJjaXBoZXJUZXh0IjoiVkh3YXpxZTdVb1owNEs5TTlnN2pqLzUvTEhSc2ZyOG1wVHU0TWdUckYwTGJLZ0ZLaHl0ckRsTktUa2FYUzMxRU1kRE1GWE1iWlZLYXd2SzM2OWk1SGZzZk1rSjcyRHFnbCtUMHZTVzFKRHB3Z1ozS3IyQU01T21FQmx5MDJlNzJ4dmRHalNET1BtNlhZeEtqWGFrelhzR2wwVVRtWEdxNm9mK2FLUzJJNllWcUNrRUtQbHpoOEw1ajVqRHJzM0VKRWNSd3ZxNGpGU0QvSjJ6VTc4VGlvTkFsb1VseVpYZ0dMMGV0V0pzT2ZuU2RyZCsrSjNLYTU3Mi8rbDdEd3VPeDF4V09VT2xpVDB5QnhseU5peVI4ZW5BaVhlMUxtSkxxWnlPSVNJdDlZU3VFdk9oTlBXbXkwalRMNVpSZGkxZWtQaXpERVhxTDdTQnc2UkgxVHViTjRkVUlLN0w3TFBXc3FITnVuSm9YcjNQTmJVcXh4M09OV1I0K0dMWFl0dmRSWDV4UjBnYzllZnk5ZkZpZk9oeFdYWWs5cTREdmw5cnR5dTdqc25iUit4czZYWjhoYms2VWp2MEo2YVFLdmE3dWpGMlBlc3oyRVo3V3NnUVVZVmY5SDY2ZGhnUTJGTnhYd3JBVlJnMnRvSzNjM1VWOUJ4RkNub0NFbytEWkxWN1giLCJkYXRhQ2lwaGVyQWxnIjoiREVGQVVMVCIsInRlbmFudEtleVV1aWQiOiI3YWI0MjdlMTM0NGRkZTAxYzlmOTc0NzI3NjAzODRhYnBmdEtNYW5GRUZIIn0.ZfQ4O1u1lHDIynAg63FpUfBS6BJslza6S33NvzdqMxs",
"expires_in": 719999,
"scope": "USER_API,openid,profile",
"id_token": "eyJhbGciOiJSUzI1NiJ9.eyJpc3MiOiJodHRwOi8vbG9jYWxob3N0OjgwODEiLCJzdWIiOiI5YzlmMmViMTA0YjFkZDhmZmMyMWE4YzUzY2YxNjhmYzZMSkZvdU1RSk5IIiwiYXVkIjoiZTJlMTQxM2Y0ZGIzODA5MDhiNGVkM2ViNmY4YmYwOGExRG9mNkNuVzRXRCIsImV4cCI6MTY3MjE3MTU2OCwiaWF0IjoxNjcxNDUxNTY5LCJqdGkiOiJrQ050MEpmbkVJZWZWbUdla0Z3QkpBIiwibmJmIjoxNjcxNDUxNTA5LCJ1c2VybmFtZSI6ImQxMjM0NTYiLCJleHRlcm5hbElkIjpudWxsLCJuaWNrbmFtZSI6IlIyMDIyMTEyODE2MTQxMDE2MjE5MDA1OTUiLCJwcmVmZXJyZWRfdXNlcm5hbWUiOiJSMjAyMjExMjgxNjE0MTAxNjIxOTAwNTk1In0.NXAqFDXtnqIYc08LzEmvCLkuRtiG9UIYpT-v3gka4eHUmWdxb0sAg3WuOWP_VXqWb2EkzFN1Jeo4x--WywBnpkwJ8OXR6GTnLu9eaxxktM7zrrQ-brriCeTm8Oi8UZrRm3ronY_7VvTXgKVNY1hiqbQyQGDp6zo5QdiBRbSyqXvHXkIrz2-R8716TxeGSmPV2PQMGjaFFNCQWgXXDOEX_8TK6TOtRy-nYIe39NeYGWT6X5-IrslsKKTKW3yjc6227EHQtCZjIxK51Ys7hQh-ahoQUbyPFJUQeFbbkRiXokOBIloWfoWWBCsXTfILWJm3wrq9lHyvlavUT64291k8RA"
}
}五、其他接口
1. 忘记密码
用户输入手机号或邮箱来发起忘记密码流程。如果输入的唯一标识有效,那么 IDaaS 会发送一个 15 分钟有效的 OTP 验证码至该手机。
1.1. 发送验证码
接口地址
Request URI: POST /api/bff/v1.2/developer/ciam/forgot_password/send
Content-Type: application/json
请求参数
参数名 | 类型 | 必填 | 内容说明 |
fId | string | 否 | 上一步流程的 fId,比如切换用户类型 |
phoneNumber | string | 是 | 手机号,当 type = SMS 时必填 |
phoneRegion | string | 否 | 手机区号,默认86 |
type | string | 是 | 找回密码的类型。SMS 代表手机号,EMAIL 代表邮箱 |
string | 是 | 邮箱,当 type = EMAIL 时必填 | |
language | string | 否 | 发送验证码的语言类型,默认取首选语言 |
engineCode | string | 否 | 发送验证码的网关编码,默认取首选服务商的首选网关 |
userType | string | 否 | 自定义用户类型,默认为 default |
返回参数
参数名 | 类型 | 内容说明 |
fId | string | 流程 ID,下个流程请求接口时需要传递 |
{
"success": true,
"code": "Operation.Success",
"message": "Operation.Success",
"requestId": "1672232351358$83cbe428-a81c-039e-3d14-04614f31b52c",
"data": {
"fId": "d587561e6b8dad2ab2b90715d5f74372ysYHVUMy2AR"
}
}1.2. 校验短信验证码
调用当前接口来验证 OTP 验证码是否通过。当验证通过后,即可设置一个新密码。
接口地址
Request URI: POST /api/bff/v1.2/developer/ciam/forgot_password/verify
Content-Type: application/json
请求参数
参数名 | 类型 | 必须 | 内容说明 |
fId | string | 是 | 上一步流程的 fId |
type | string | 是 | 绑定的属性类型。SMS 代表手机号,EMAIL 代表邮箱 |
code | string | 是 | 用户输入的邀请码 |
phoneNumber | string | 否 | 手机号,当 type 传 SMS 时该值必传 |
phoneRegion | string | 否 | 手机号区号 |
string | 否 | 邮箱,当 type 传 EMAIL 时该值必传 | |
若开启了【短信/邮件防暴 图形验证码】则在发送验证码次数超过风控阈值时需要验证图形验证码 | |||
captchaCode | string | 否 | 图形验证码的唯一标识,通过获取图形验证接口返回 |
captchaText | string | 否 | 图形验证码,根据界面中验证码图片显示的数字进行填写 |
返回参数
参数名 | 类型 | 内容说明 |
fId | String | 流程 ID,下一步流程需要原样传回 |
{
"success": true,
"code": "Operation.Success",
"message": "Operation.Success",
"requestId": "1662014149034$463a0625-928e-3951-d004-2bd553d9da51",
"data": {
"fId": "64075566080ea2757ada330861adc94a7HjhIK08J25"
}
}1.3. 提交新密码
当用户验证通过,并拿到 forgotPasswordId 后,调用本接口来设置一个新密码。
接口地址
Request URI: POST /api/bff/v1.2/developer/ciam/forgot_password/update_pwd
Content-Type: application/json
请求参数
参数名 | 类型 | 必填 | 内容说明 |
newPassword | stirng | 是 | 用户输入的新密码 |
fId | stirng | 是 | 流程 ID,由上一步接口返回 |
返回参数
{
"success": true,
"code": "Operation.Success",
"message": "Operation.Success",
"requestId": "1662014236325$ffee369b-f927-abdf-0585-48c2a5c69506",
"data": null
}- 本页导读 (0)