文档

认证接口

更新时间:

完整的认证会经历4个步骤:

  1. 先做初始化查询动作,如查询用户必填项信息,支持的二次认证方式等。

  2. 登录或者注册,成功返回token则标识成功,如果有flowType则进入后续子流程(如果开启了二次认证则会进入下图第三步流程,否则进入下图第四步流程)。

  3. 用户在端上可以选择二次认证方式进行认证,认证通过如果返回token则标识登录成功,如果有flowType则进入到补充用户的信息环节,不同的flowType进行不同的业务。

  4. 当所有的完善信息环节走完,则要么登录成功,要么登录失败,有对应错误码进行提示。

image.png

一、 前期准备

在 CIAM 后台创建应用,赋权用于认证接口权限,并获取到 client_id,client_secret 信息。

当使用 CIAM 服务端对接时:鉴权方式使用 bearerToken。

1. 令牌有效性检验

接口说明:

调用上述检测接口时,请务必携带对应类型的token。

接口地址:

Request URI: GET/api/bff/v1.2/developer/ciam/oauth/token/check?access_token={{access_token}}

请求参数:

返回参数:

{
    "success": true,
    "code": "Operation.Success",
    "message": "Operation.Success",
    "requestId": "1662364827739$c13370e7-22ae-8697-f475-110da21f174f",
    "data": null
}

2. 获取登录配置信息

当开发者需要自定义开发登录注册表单时,可以通过该接口获取登录注册组件以及登录注册相关的一些配置项。

接口地址

Request URI: GET /api/bff/v1.2/developer/ciam/config/loginpage

请求参数

参数

类型

必填

含义

idaasAppId

String

应用的 ID,服务端会从 request 参数中取,当取不到的时候会从请求头里取,如果也取不到则查询系统默认应用的 id

userType

String

用户类型的 code,当取不到时会从系统中查询默认的用户类型

返回参数

{
    "success": true,
    "code": "Operation.Success",
    "message": "Operation.Success",
    "requestId": "1672198428377$205f59b4-8a74-8fcb-19f5-b51e8580cf8f",
    "data": {
        "2factorType": [
            "pwd",
            "sms"
        ],
        "smsEmailCaptchaRisk": {
            "enterpriseUuid": "2bcdef58e8ae5cf6f5b18343bc1fbebc2f64xbYa0yx",
            "riskType": "SMS_EMAIL_CAPTCHA",
            "enabled": false,
            "lockTime": 0,
            "riskTimes": 1,
            "riskTimeRange": 5,
            "ipBlackList": null,
            "historyTimes": 0,
            "pwdCycle": 0,
            "pwdWarnEnable": false,
            "pwdWarnBefore": 0,
            "pwdWarnType": null,
            "pwdRules": 0,
            "pwdLength": 0
        },
        "registerRule": {
            "uuid": "83e0c7d57c5111ed97e700155d6496d5",
            "createTime": 0,
            "archived": false,
            "registerRequired": "phoneNumber,email",
            "sceneType": "LOGIN,REGISTER",
            "userTypeCode": "default",
            "enabled": true,
            "enterpriseUuid": "2bcdef58e8ae5cf6f5b18343bc1fbebc2f64xbYa0yx",
            "enableRegister": true,
            "registerRequiredAttrs": [
                "phoneNumber",
                "email"
            ]
        },
        "userTypes": [],
        "pwdFailRisk": {
            "enterpriseUuid": "2bcdef58e8ae5cf6f5b18343bc1fbebc2f64xbYa0yx",
            "riskType": "PWD_FAIL_CAPTCHA",
            "enabled": false,
            "lockTime": 0,
            "riskTimes": 20,
            "riskTimeRange": 5,
            "ipBlackList": null,
            "historyTimes": 0,
            "pwdCycle": 0,
            "pwdWarnEnable": false,
            "pwdWarnBefore": 0,
            "pwdWarnType": null,
            "pwdRules": 0,
            "pwdLength": 0
        },
        "pwdRule": {
            "enterpriseUuid": "2bcdef58e8ae5cf6f5b18343bc1fbebc2f64xbYa0yx",
            "riskType": "PWD_RULE",
            "enabled": false,
            "lockTime": 0,
            "riskTimes": 0,
            "riskTimeRange": 0,
            "ipBlackList": null,
            "historyTimes": 0,
            "pwdCycle": 0,
            "pwdWarnEnable": false,
            "pwdWarnBefore": 0,
            "pwdWarnType": null,
            "pwdRules": 0,
            "pwdLength": 8
        },
        "usernameRule": {
            "id": 0,
            "createTime": "2023-03-03 15:22",
            "archived": false,
            "updateTime": null,
            "uppercase": true,
            "lowercase": true,
            "number": true,
            "strike": true,
            "underline": true,
            "point": true,
            "emailChar": false,
            "minLength": 4,
            "maxLength": 32,
            "mobileNumAsAccountId": false,
            "enterpriseUuid": null,
            "usernamePolicyUuid": "1938a8f15d35bdd6814839bc8ebcf070lvk6sLvvBpY"
        }
    }
}

参数名

类型

描述

2factorType

Array

支持的二次认证方式

  • PWD

String

账密模式

  • SMS

String

手机验证码模式

  • EMAIL

String

邮箱验证码模式

  • FINGERPRINT

String

指纹模式

  • FACE

String

人脸模式

smsEmailCaptchaRisk

Object

手机号/邮箱风控配置

pwdFailRisk

Object

密码风控配置

registerRule

Object

注册相关规则

  • enableRegister

Boolean

是否启用注册,当为 false 时,不允许注册,不能显示注册按钮,不能进入注册页面

  • registerRequiredAttrs

Array

注册必填的属性,可选为 phoneNumber、email

pwdRule

Object

密码策略

usernameRule

Object

用户名策略

3. 获取应用已发布的条款

说明

业务系统自己实现登录页面又需要使用 IDaaS 的条款信息时。 处理逻辑:IDaaS 会返回当前应用配置的登录和注册的最大版本号的条款记录。

接口地址

Request URI: GET /api/bff/v1.2/developer/ciam/consents

请求参数

返回参数

{
    "success": true,
    "code": "Operation.Success",
    "message": "Operation.Success",
    "requestId": "1656403156044$499ad3d2-0a72-08c0-f849-3b3e4b6d0530",
    "data": {
        "REGISTER": [
            {
                "versionNumber": "v1.0",
                "versionTitle": "用户注册协议v1.0",
                "versionContentType": "TEXT",
                "publishDate": 1656388386000,
                "expiredDate": null,
                "recordUuid": "7839d3cb448c449d105e4c32cd97c06cEsTyC81Re7c",
                "recordExternalId": "4d05f0fe-7b57-4a9c-a7ad-4624e5d62bb7",
                "consentType": "REGISTER"
            },
            {
                "versionNumber": "v1.0",
                "versionTitle": "用户隐私条款v1.0",
                "versionContentType": "TEXT",
                "publishDate": 1656388390000,
                "expiredDate": null,
                "recordUuid": "95b1c752e2f69f91c6570699e764982dwsyao0iDg6p",
                "recordExternalId": "35058f6e-b131-4b7c-b35c-26f188526167",
                "consentType": "REGISTER"
            },
            {
                "versionNumber": "v1.0",
                "versionTitle": "阿里云 IDaaS CIAM 使用协议",
                "versionContentType": "TEXT",
                "publishDate": 1656388464000,
                "expiredDate": null,
                "recordUuid": "ed61f21663b6079c7622b641fc17fdf3pxkBEJwZqlg",
                "recordExternalId": "569980f9-91b0-40d8-8813-567ef5df6f54",
                "consentType": "GENERAL"
            }
        ],
        "LOGIN": [
            {
                "versionNumber": "v1.0",
                "versionTitle": "用户协议v1.0",
                "versionContentType": "TEXT",
                "publishDate": 1656387390000,
                "expiredDate": null,
                "recordUuid": "4871329e10f51f85eb07d17975b8e4acUhuac1RyyDD",
                "recordExternalId": "58fff533-6887-40cd-a799-1c6d168c5c3a",
                "consentType": "LOGIN"
            },
            {
                "versionNumber": "v1.1",
                "versionTitle": "隐私条款1.0",
                "versionContentType": "TEXT",
                "publishDate": 1656387399000,
                "expiredDate": null,
                "recordUuid": "1e2e5c0eca5cddfeb14f88b44a03a0c3eukUKSIYxyP",
                "recordExternalId": "68dd7e08-0db4-4219-a0b2-2f753593dd6e",
                "consentType": "LOGIN"
            },
            {
                "versionNumber": "v1.0",
                "versionTitle": "阿里云 IDaaS CIAM 使用协议",
                "versionContentType": "TEXT",
                "publishDate": 1656388464000,
                "expiredDate": null,
                "recordUuid": "ed61f21663b6079c7622b641fc17fdf3pxkBEJwZqlg",
                "recordExternalId": "569980f9-91b0-40d8-8813-567ef5df6f54",
                "consentType": "GENERAL"
            }
        ]
    }
}

参数名

类型

必须

内容说明

外层 key

String

条款类型:

  • LOGIN - 登录相关条款

  • REGISTER:注册相关条款

  • versionNumber

String

版本名称

  • versionTitle

String

标题

  • versionContentType

String

内容的类型:PDF | IMAGE| WORD| TEXT

  • publishDate

Number

发布时间

  • expiredDate

Number

过期时间

  • recordUuid

String

所属条款的UUID

  • recordExternalId

String

所属条款外部ID

4. 查看条款详情

说明

该接口并是返回一个完整的 HTML 页面,而是返回条款的内容(base64 编码),业务方需要主动解码后渲染。 建议:解码后的条款内容显示到一个新的 html 中,防止 html 样式被污染。

接口地址

Request URI: POST /api/bff/v1.2/developer/ciam/consent

Content-Type: application/json

请求参数

参数名

类型

必须

内容说明

includeContent

boolean

是否包含条款详情,固定为 true

recordExternalId

string

条款外部 ID

versionNumber

string

条款的版本号

返回参数

{
  "success": true,
  "code": "Operation.Success",
  "message": "Operation.Success",
  "requestId": "1657079658185$d74c4420-5a3e-d57a-a625-02dba1dcab48",
  "data": {
    "versionTitle": "用户协议v1.0",
    "recordExternalId": "58fff533-6887-40cd-a799-1c6d168c5c3a",
    "contentType": "TEXT",
    "versionNumber": "v1.0",
    "base64EncodeContent": "PHA+55m75b2V55u45YWz5p2h5qy+LeeUqOaIt+WNj+iurnYxLjA8L3A+",
    "status": "PUBLISHED"
  }
}

参数名

类型

必须

内容说明

versionNumber

String

条款的版本号

versionTitle

String

条款的标题

contentType

String

内容的类型:PDF | IMAGE| WORD| TEXT

base64EncodeContent

String

条款的内容,Base64 编码

recordExternalId

String

条款的外部ID

status

String

条款的状态,一般为 PUBLISHED (已发布),参考值:

  • PREPARING:未发布

  • PUBLISHED:已发布

  • ARCHIVED:已停用

5. 获取应用支持的认证源

说明

当业务系统需要集成IDaaS的社交类型登录时调用。IDaaS 会返回当前应用配置的所有认证方式,默认账密和手机 code 是不需要开通就会有的登录方式。

接口地址

Request URI: GET /api/bff/v1.2/developer/ciam/load_enterprise_auths

请求参数

返回参数

{
    "success": true,
    "code": "Operation.Success",
    "message": "Operation.Success",
    "requestId": "1660644717797$c35da4fa-d354-546c-8729-0e411473af14",
    "data": {
        "auths": [
            {
                "enterpriseAuthId": null,
                "authName": "账号密码登录",
                "authType": "usernamePassword",
                "clientId": null,
                "supportOAuth": true
            },
            {
                "enterpriseAuthId": null,
                "authName": "验证码登录",
                "authType": "verifyCode",
                "clientId": null,
                "supportOAuth": true
            },
            {
                "enterpriseAuthId": "dcealipay",
                "authName": "支付宝小程序登录",
                "authType": "alipay",
                "clientId": "asd",
                "supportOAuth": true
            },
            {
                "enterpriseAuthId": "dcewechat1",
                "authName": "移动微信登录",
                "authType": "wechat",
                "clientId": "sad",
                "supportOAuth": true
            },
            {
                "enterpriseAuthId": "dcewechat",
                "authName": "网站微信登录",
                "authType": "wechat",
                "clientId": "asd",
                "supportOAuth": true
            }
        ]
    }
}

参数名

类型

必须

内容说明

enterpriseAuthId

String

认证源 ID

authName

String

认证源名称

authType

String

认证源类型

clientId

String

认证源的 accessKey

supportOAuth

Boolean

是否支持 OAuth,系统保留参数,默认返回 true

6. 获取社交认证源的信息

该 API 主要用于获取单个社交平台的配置信息,用于组装向第三方社交平台发起授权登录的链接。

接口地址

Request URI: GET /api/bff/v1.2/developer/ciam/get_adapter_info

请求参数

参数名

类型

必须

内容说明

enterpriseAuthId

string

IDaaS 认证源 ID,可以在认证源列表中获取。

idaasAppId

string

IDaaS 应用的 ID,如果想在社交登录完成后跳转到特定的应用而不是默认的用户中心时,需要传递该参数。

返回参数

{
	"success": true,
	"code": "Operation.Success",
	"message": "Operation.Success",
	"requestId": "1665199025342$d73bd194-ea31-0acc-8da7-9be7e5b7363e",
	"data": {
		"state": "ID:demoidaasappid",
		"authenticateJson": "{\"appId\":\"wxexxxxxc8\",\"appSecret\":\"********\",\"authId\":\"wechat\",\"createTime\":\"2022-06-09 20:32\",\"creator\":\"admin\",\"display\":true,\"enabled\":true,\"enterpriseAuthId\":\"xxxx\",\"enterpriseHost\":\"127.0.0.1\",\"enterpriseId\":\"xxxx\",\"frontCallbackUrl\":\"http://xxxx.com/frontend/login/#/adapterCallback\",\"name\":\"微信登录\",\"redirectUrl\":\"\",\"uuid\":\"702e59b9cdf5dd2617b40572bb9b1efaVUMACThx5C4\"}"
	}
}

其中 authenticateJson为 JSON 字符串,格式如下:

{
	"appId": "wxexxxxxc8",
	"appSecret": "********",
	"authId": "wechat",
	"createTime": "2022-06-09 20:32",
	"creator": "admin",
	"display": true,
	"enabled": true,
	"enterpriseAuthId": "xxxx",
	"enterpriseHost": "127.0.0.1",
	"enterpriseId": "xxxx",
	"frontCallbackUrl": "http://xxxx.com/frontend/login/#/adapterCallback",
	"name": "微信登录",
	"redirectUrl": "",
	"uuid": "702e59b9cdf5dd2617b40572bb9b1efaVUMACThx5C4"
}

参数名

类型

必须

内容说明

state

String

当入参传了 idaasAppId 的前提下,该值格式为 ID:{idaasAppId},否则为一串随机的字符串

authenticateJson

String

社交认证源的配置信息

  • appId

String

社交认证源的 appId,第三方社交平台的应用 id

  • appSecret

String

社交认证源的密钥,固定返回脱敏后的 *,业务端用不到

  • authId

String

认证源标识

  • creator

String

认证源创建者

  • display

Boolean

是否显示,固定为 true

  • enabled

Boolean

是否启用,固定为 true

  • enterpriseAuthId

String

认证源 ID

  • enterpriseId

String

企业 ID

  • frontCallbackUrl

String

前端回调地址,对应第三方社交平台配置的回调地址

  • name

String

认证源名称

  • enterpriseHost

String

保留字段,可忽略

  • redirectUrl

String

保留字段,可忽略

  • uuid

String

认证源 uuid

业务端获取到认证源配置信息后组装第三方社交平台的授权地址即可,以微信开放平台为例,组装完的授权地址为:

GET https://open.weixin.qq.com/connect/qrconnect?appid=wxexxxxxc8
	&redirect_uri=http%3A%2F%2Fxxx.com%2Ffrontend%2Flogin%2F%23%2FadapterCallback
	&response_type=code
	&scope=snsapi_login
	&state=xxxx
重要

如果业务方不依赖该接口返回的信息而是自行拼接第三方认证源的授权地址,并且需要在第三方社交平台登录完成后跳转到非用户中心的应用时,就需要按照 ID:{idaasAppId}方式生成 state 并附带到第三方认证源的授权地址中。

7. 获取图片验证码

在发送短信、登录之前,建议调用本接口获取图片验证码,并在登录时传给 IDaaS。这样可以有效避免针对发短信、登录接口的机器攻击。当开启了系统风控时,也会触发校验图片验证码的逻辑。

接口地址

Request URI: GET/api/bff/v1.2/developer/ciam/captcha

请求参数

返回参数

{
    "success": true,
    "code": "Operation.Success",
    "message": "Operation.Success",
    "requestId": "1660882151242$64308516-92ed-4303-8d3c-47d29c95f2a7",
    "data": {
        "captchaCode": "557c0e18147974608a514a3071110e6bd7W1XxMMVXu",
        "captchaImage": "iVBORw0KGgoAAAANSUhEUgAAAFAAAAAaCAIAAACvsEzwAAABW0lEQVR42u3YMQ7CMAwF0EjcgZWNnZEbcAIuwQILh2Jh4X5QKVL0ZTu20yZNJFplKAmleTg1DuH7Z0fYwBt4Aw91PJ73huD956S0XsIi85wIi7zYM93bvH1pTIYGpxngJHaHG7aFZvFa/wdWAOcWc2QnJOKrB9lvbgjO8cTO4/saWzwfEWymK4ytuMiJlp/r4PPrklrsTyd9IkxUyMYgc6EJRiT2TM3MmquCxVVdCk4wpV8xV8vSM8BxZvj0eo4YW5GEQ7lQ9wdjxvIvZiWGOMTf1hOcS9QKWwRj9uKjJNShRX7WzajlEdDNmJnItSSTkdH0svnmQSw8cAbc5gHz0OngVXdLvLTEOU02cW2bWZqsEf5bVS1pLTHzCRGembrIg6qA+++HcxEmGcssEkmBhYWXWXJ2+APAs23yFMYkOefC2x/shJXuqJzf3bjgRuahwbXMA4GdZj/bBP8A1qgY88PlCaMAAAAASUVORK5CYII="
    }
}

字段名

类型

示例

内容说明

captchaCode

string

5c4bc75 ... ... XVH9Lqk

图形验证码唯一标识,在验证的时候需要传入

captchaImage

string

iVBORw ... ... kSumCC

验证码图片,base64格式数据

8. 获取系统支持的用户类型列表

登录注册前允许切换用户类型进行登录注册,用改接口可以获取到当前租户下支持的所有用户类型,调用方需要进行判断,当有且仅有一条用户类型时,不建议再弹出用户类型选择的窗口。

接口地址

Request URI: GET/api/bff/v1.2/developer/ciam/config/userTypes

请求参数

返回参数

{
    "success": true,
    "code": "Operation.Success",
    "message": "Operation.Success",
    "requestId": "1673424642819$110ff5f3-e47a-8404-cc3a-282d754fd32c",
    "data": [
        {
            "userTypeName": "普通用户",
            "userTypeCode": "default",
            "uuid": "3762b69d9f2580c7901441719733271b22zUqxkuQDh"
        },
        {
            "userTypeName": "医生",
            "userTypeCode": "doctor"
            "uuid": "3xxxxxd9f2580c7901441719733271b22zUqxkuQDh"
        }
    ]
}

字段名

类型

示例

内容说明

userTypeName

String

普通用户

用户类型的名称

userTypeCode

String

default

用户类型的编码

uuid

String

xxxxxxxxx

用户类型的UUID

9. 切换账号类型

登录注册流程中,允许用户切换当前登录的用户类型,切换后会生成新的流程 ID。

接口地址

Request URI: GET/api/bff/v1.2/developer/ciam/config/change_user_type

请求参数

参数名

类型

必填

含义

fId

String

切换用户类型前的 fId,切换完成后会生成新的 fId

userType

String

切换后的用户类型 code

返回参数

{
    "success": true,
    "code": "Operation.Success",
    "message": "Operation.Success",
    "requestId": "1660882151242$64308516-92ed-4303-8d3c-47d29c95f2a7",
    "data": {
      "fId": "xxxxxxxxxxxx"
    }
}

字段名

类型

示例

内容说明

fId

String

xxxxxxxxxxx

切换完用户类型后新生成的 fId,后续流程需要使用该 fId,旧的 fId 需要舍弃

二、登录、注册

1 账密登录

接口地址

Request URI: POST /api/bff/v1.2/developer/ciam/login/pwd

Content-Type: application/json

请求参数

参数名

类型

必须

内容说明

fId

string

上一步流程的 fId(如果存在)

username

string

用户名

userType

string

自定义用户类型,默认为普通用户

password

string

密码

response_type

string

当传 code 时,返回授权码;当传 token 时,返回用户的 token

agreeConsent

boolean

用户是否勾选条款(当应用配置了相应条款,此参数必传)

若开启了【账密防暴 图形验证码】则在认证失败次数超过风控阈值时需要验证图形验证码

captchaCode

string

图形验证码的唯一标识,通过获取图形验证接口返回

captchaText

string

图形验证码,根据界面中验证码图片显示的数字进行填写

返回参数

{
    "success": true,
    "code": "Operation.Success",
    "message": "Operation.Success",
    "requestId": "1656326070459$be264b8d-a6ca-a75c-f224-ade8531cc4af",
    "data": {
        "userId": null,
        "uuid": "c0d7ebbae869a76781183310768088543DkolDLzrSB",
        "access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6IjkxMGJkMTY4MzFhOTdhZDRhYjdlMGRjMmYzNDY5NTJiaXF6UVdEWWZMbzUifQ.eyJjaXBoZXJUZXh0IjoiVkh3YXpxZTdVb1owNEs5TTlnN2pqLzUvTEhSc2ZyOG1wVHU0TWdUckYwTGJLZ0ZLaHl0ckRsTktUa2FYUzMxRU1kRE1GWE1iWlZLYXd2SzM2OWk1SGZzZk1rSjcyRHFnbCtUMHZTVzFKRG9mVEFpcm1POWJOQ0pWQ29tamxqbGp4dmRHalNET1BtNlhZeEtqWGFrelhxYytRODM3QjNnTlQzbmNJNDY3UExuOHNTNXFJNmdMa1doeWJKZHA0ZXZMaHovUmtuV0RTRXZlNUw3T1Jzd0xoMTdWTGw4SE5Va0Z1TWxDR2FGWVliT3JmL3dHMkpodktNZlZ6ZzFKUTROb1UzWDI4bzR6dHhRclZtWlV3dWo2R1NZcTB0alc0akJlQUErUkV4dkExd3VWUEtSdVJZS0dlZkt3Y0JWOVBxMGlkZjZ0dU04Vjlnd3BpSEtFVnhHM0lXVFVlL0hzb2RxMVVMMTVRZWErcTNvOEpDMitoRGozWE1KOS92Yis2YXo0IiwiZGF0YUNpcGhlckFsZyI6IkRFRkFVTFQiLCJ0ZW5hbnRLZXlVdWlkIjoiN2FiNDI3ZTEzNDRkZGUwMWM5Zjk3NDcyNzYwMzg0YWJwZnRLTWFuRkVGSCJ9.c57U7qi46KnVAPnzk2bgHI9sPoUlk93L5mPOq1WRy_s",
        "token_type": "bearer",
        "refresh_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6IjkxMGJkMTY4MzFhOTdhZDRhYjdlMGRjMmYzNDY5NTJiaXF6UVdEWWZMbzUifQ.eyJjaXBoZXJUZXh0IjoiVkh3YXpxZTdVb1owNEs5TTlnN2pqLzUvTEhSc2ZyOG1wVHU0TWdUckYwTGJLZ0ZLaHl0ckRsTktUa2FYUzMxRU1kRE1GWE1iWlZLYXd2SzM2OWk1SGZzZk1rSjcyRHFnbCtUMHZTVzFKRG9mVEFpcm1POWJOQ0pWQ29tamxqbGp4dmRHalNET1BtNlhZeEtqWGFrelh0UjBGQXd3eDdINTRsWldxNzdCdEhmUUd5UHFPZWVhK3pLNWRxeWFTMEdXb0NmRkJ1Q1Q1TEFvTlhTRVFWVlc1ZGp3eGJsRUZrSjhVaXBpYXoxTXI1Z3ZSV3N0NlRNN2xHR09tbEVETjJJbmg5dkluVEpUd0RNeTFOSEo1WDJqaGRwMlNvUlN0QUxONlZpaTVMakh3dHAxQWdqZlZuRlR1aVI3UWVLUTVsTjBkdnVmOEtHYkFoQ2lENngxalg4VERKOE5PRWNYYTYyRHdEQ0UrSDlRQlcxTzlPL1FWUG9TSXVqT1lGU0IyVkNsbGZGemM4RmhLbGZLRlcyZlNYbFRSY05YNDE5djcvNWpxL3RuUU1EMjl4YkoxbTAySmRTb3NacjIvNjR1dEpMOSIsImRhdGFDaXBoZXJBbGciOiJERUZBVUxUIiwidGVuYW50S2V5VXVpZCI6IjdhYjQyN2UxMzQ0ZGRlMDFjOWY5NzQ3Mjc2MDM4NGFicGZ0S01hbkZFRkgifQ.VjrWftgXUmLD_P9ECVYGwBEzpyrvZcy-hdrAciIp-aU",
        "expires_in": 179999,
        "scope": "USER_API",
        "id_token": "eyJhbGciOiJSUzI1NiJ9.eyJzdWIiOiJjMGQ3ZWJiYWU4NjlhNzY3ODExODMzMTA3NjgwODg1NDNEa29sREx6clNCIiwic2NvcGUiOiJjMGQ3ZWJiYWU4NjlhNzY3ODExODMzMTA3NjgwODg1NDNEa29sREx6clNCIDEyMzQ2MTExMUAxMy5jb20gMTU4MDExMTExMDAiLCJsb2dpbk5hbWUiOiJ0ZXN0MDI3IiwiY3VzdG9tZXJJZCI6IjQ0MTIxNjU2Mjk4NDE5NTY4MTkiLCJleHAiOjE2NTY1MDYwODAsImp0aSI6InZRN0Uxa0xPTzVpQ3ZuR2JYTUdkZWciLCJpYXQiOjE2NTYzMjYwODEsIm5iZiI6MTY1NjMyNjAyMX0.CW3d41c7oGP23FU5DKGyiX553qLea09oYS4s-dISnse9iE-gGjZxUEqXlHSgfSERES9VeaaVwXEUqPOGKkHEEW0fQKcS82WTepiy1QHB0WeRzqKQQY9t38Rp-v_uMlpKLhnrfK_q_Q1A9ak5kDlpvidp2p5I84NmnisiQmGW7ep3xzs9V7axV9ump207ek5Bl1fs1kZ2gOUTHyWuQ0XoIDF6NHmUjtpA31jc5a13o-UIgX1Bd3ZNjmFiwm4EQ3xyZci72w0rTV7EyRa4KU7KyBjv-QJGv8T2Y4e2GnI-BiqWsaE1wtImhvXRRQ__MT_lRDph87-7zA4cTWEsZJRSXg"
    }
}

2. 验证码登录

2.1. 发送验证码

该接口适用于用户通过短信验证码登录时获取验证码。CIAM 首先会基于客户端 IP 和手机号码维度,校验短信发送频率,如果超过系统风控策略配置的阈值,则会强制校验图形验证码(此时必须传递 captchaCode 和 captchaText 参数,可以通过获取图形验证码接口获得),如果未超过阈值,则不校验图形验证码。为了防止短信轰炸,强烈建议配置系统风控策略。

接口地址

Request URI: POST/api/bff/v1.2/developer/ciam/login/obtain_code

Content-Type: application/json

请求参数

参数名

类型

必须

内容说明

fId

string

上一步流程的 fId(如果存在)

phoneNumber

string

手机号,当 type 传 SMS 时该值必传

phoneRegion

string

手机区号,默认86

type

string

验证码类型。SMS 代表短信,EMAIL 代表邮箱

email

string

邮箱,当 type 传 EMAIL 时该值必传

language

string

发送验证码的语言类型,默认取首选语言

engineCode

string

发送验证码的网关编码,默认取首选服务商的首选网关

userType

string

自定义用户类型,默认为普通用户

说明

若开启了【短信/邮件防暴 图形验证码】则在发送验证码次数超过风控阈值时需要验证图形验证码

captchaCode

string

图形验证码的唯一标识,通过获取图形验证接口返回

captchaText

string

图形验证码,根据界面中验证码图片显示的数字进行填写

返回参数

参数名

类型

示例

内容说明

fId

string

sfwf2w233fsfdsddf

请求验证验证码时需要原样传回

2.2. 校验验证码

重要

服务端仅保留 fid 30分钟(默认),所以30分钟内如果没有进行校验,则验证码将会失效; 验证码校验成功后,将会立即失效,防止重放攻击; 验证码连续校验失败超过系统风控策略配置的阈值后,将会失效并锁定该用户,防止暴力破解验证码;

接口地址

Request URI: POST/api/bff/v1.2/developer/ciam/login/verify_code

Content-Type: application/json

请求参数

参数名

类型

必须

内容说明

phoneNumber

string

当 type 传 SMS 时该值必传,需要与发送时保持一致

email

string

邮箱,当 type 传 EMAIL 时该值必传

code

string

短信验证码注册 - 发送验证码接口发送的验证码

fId

string

短信验证码注册 - 发送验证码接口返回参数中的流程 ID

type

string

验证码类型。SMS 代表短信,EMAIL 代表邮箱

responseType

string

当传 code 时,返回授权码;

当传 token 时,返回用户的 token

userType

string

自定义用户类型,默认为普通用户

agreeConsent

boolean

用户是否勾选条款(当应用配置了相应条款,此参数必传)

返回参数

{
    "success": true,
    "code": "Operation.Success",
    "message": "Operation.Success",
    "requestId": "1656326070459$be264b8d-a6ca-a75c-f224-ade8531cc4af",
    "data": {
        "userId": null,
        "uuid": "c0d7ebbae869a76781183310768088543DkolDLzrSB",
        "access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6IjkxMGJkMTY4MzFhOTdhZDRhYjdlMGRjMmYzNDY5NTJiaXF6UVdEWWZMbzUifQ.eyJjaXBoZXJUZXh0IjoiVkh3YXpxZTdVb1owNEs5TTlnN2pqLzUvTEhSc2ZyOG1wVHU0TWdUckYwTGJLZ0ZLaHl0ckRsTktUa2FYUzMxRU1kRE1GWE1iWlZLYXd2SzM2OWk1SGZzZk1rSjcyRHFnbCtUMHZTVzFKRG9mVEFpcm1POWJOQ0pWQ29tamxqbGp4dmRHalNET1BtNlhZeEtqWGFrelhxYytRODM3QjNnTlQzbmNJNDY3UExuOHNTNXFJNmdMa1doeWJKZHA0ZXZMaHovUmtuV0RTRXZlNUw3T1Jzd0xoMTdWTGw4SE5Va0Z1TWxDR2FGWVliT3JmL3dHMkpodktNZlZ6ZzFKUTROb1UzWDI4bzR6dHhRclZtWlV3dWo2R1NZcTB0alc0akJlQUErUkV4dkExd3VWUEtSdVJZS0dlZkt3Y0JWOVBxMGlkZjZ0dU04Vjlnd3BpSEtFVnhHM0lXVFVlL0hzb2RxMVVMMTVRZWErcTNvOEpDMitoRGozWE1KOS92Yis2YXo0IiwiZGF0YUNpcGhlckFsZyI6IkRFRkFVTFQiLCJ0ZW5hbnRLZXlVdWlkIjoiN2FiNDI3ZTEzNDRkZGUwMWM5Zjk3NDcyNzYwMzg0YWJwZnRLTWFuRkVGSCJ9.c57U7qi46KnVAPnzk2bgHI9sPoUlk93L5mPOq1WRy_s",
        "token_type": "bearer",
        "refresh_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6IjkxMGJkMTY4MzFhOTdhZDRhYjdlMGRjMmYzNDY5NTJiaXF6UVdEWWZMbzUifQ.eyJjaXBoZXJUZXh0IjoiVkh3YXpxZTdVb1owNEs5TTlnN2pqLzUvTEhSc2ZyOG1wVHU0TWdUckYwTGJLZ0ZLaHl0ckRsTktUa2FYUzMxRU1kRE1GWE1iWlZLYXd2SzM2OWk1SGZzZk1rSjcyRHFnbCtUMHZTVzFKRG9mVEFpcm1POWJOQ0pWQ29tamxqbGp4dmRHalNET1BtNlhZeEtqWGFrelh0UjBGQXd3eDdINTRsWldxNzdCdEhmUUd5UHFPZWVhK3pLNWRxeWFTMEdXb0NmRkJ1Q1Q1TEFvTlhTRVFWVlc1ZGp3eGJsRUZrSjhVaXBpYXoxTXI1Z3ZSV3N0NlRNN2xHR09tbEVETjJJbmg5dkluVEpUd0RNeTFOSEo1WDJqaGRwMlNvUlN0QUxONlZpaTVMakh3dHAxQWdqZlZuRlR1aVI3UWVLUTVsTjBkdnVmOEtHYkFoQ2lENngxalg4VERKOE5PRWNYYTYyRHdEQ0UrSDlRQlcxTzlPL1FWUG9TSXVqT1lGU0IyVkNsbGZGemM4RmhLbGZLRlcyZlNYbFRSY05YNDE5djcvNWpxL3RuUU1EMjl4YkoxbTAySmRTb3NacjIvNjR1dEpMOSIsImRhdGFDaXBoZXJBbGciOiJERUZBVUxUIiwidGVuYW50S2V5VXVpZCI6IjdhYjQyN2UxMzQ0ZGRlMDFjOWY5NzQ3Mjc2MDM4NGFicGZ0S01hbkZFRkgifQ.VjrWftgXUmLD_P9ECVYGwBEzpyrvZcy-hdrAciIp-aU",
        "expires_in": 179999,
        "scope": "USER_API",
        "id_token": "eyJhbGciOiJSUzI1NiJ9.eyJzdWIiOiJjMGQ3ZWJiYWU4NjlhNzY3ODExODMzMTA3NjgwODg1NDNEa29sREx6clNCIiwic2NvcGUiOiJjMGQ3ZWJiYWU4NjlhNzY3ODExODMzMTA3NjgwODg1NDNEa29sREx6clNCIDEyMzQ2MTExMUAxMy5jb20gMTU4MDExMTExMDAiLCJsb2dpbk5hbWUiOiJ0ZXN0MDI3IiwiY3VzdG9tZXJJZCI6IjQ0MTIxNjU2Mjk4NDE5NTY4MTkiLCJleHAiOjE2NTY1MDYwODAsImp0aSI6InZRN0Uxa0xPTzVpQ3ZuR2JYTUdkZWciLCJpYXQiOjE2NTYzMjYwODEsIm5iZiI6MTY1NjMyNjAyMX0.CW3d41c7oGP23FU5DKGyiX553qLea09oYS4s-dISnse9iE-gGjZxUEqXlHSgfSERES9VeaaVwXEUqPOGKkHEEW0fQKcS82WTepiy1QHB0WeRzqKQQY9t38Rp-v_uMlpKLhnrfK_q_Q1A9ak5kDlpvidp2p5I84NmnisiQmGW7ep3xzs9V7axV9ump207ek5Bl1fs1kZ2gOUTHyWuQ0XoIDF6NHmUjtpA31jc5a13o-UIgX1Bd3ZNjmFiwm4EQ3xyZci72w0rTV7EyRa4KU7KyBjv-QJGv8T2Y4e2GnI-BiqWsaE1wtImhvXRRQ__MT_lRDph87-7zA4cTWEsZJRSXg"
    }
}

3. 社交登录

接口地址

Request URI: POST /api/bff/v1.2/developer/ciam/login/social

Content-Type: application/json

请求参数

{
    "enterpriseAuthId": "ciammasterwechat",
    "code": "011RaA1w3Gp0GY234r0w3vhlzU2RaA1P",
    "state": "xxxxx",
    "agreeConsent": true
}

参数名

类型

必填

内容描述

code

string

第三方社交平台授权登录成功后传回的 code,AppleId 平台需要传苹果返回的 identity_token

state

string

第三方社交平台授权登录完成后传回的 state

userType

string

自定义用户类型,默认为普通用户

enterpriseAuthId

string

认证源 ID

agreeConsent

boolean

用户是否勾选条款(当应用配置了相应条款,此参数必传)

返回参数

有绑定关系

{
    "success": true,
    "code": "Operation.Success",
    "message": "Operation.Success",
    "requestId": "1656326070459$be264b8d-a6ca-a75c-f224-ade8531cc4af",
    "data": {
        "userId": null,
        "uuid": "c0d7ebbae869a76781183310768088543DkolDLzrSB",
        "access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6IjkxMGJkMTY4MzFhOTdhZDRhYjdlMGRjMmYzNDY5NTJiaXF6UVdEWWZMbzUifQ.eyJjaXBoZXJUZXh0IjoiVkh3YXpxZTdVb1owNEs5TTlnN2pqLzUvTEhSc2ZyOG1wVHU0TWdUckYwTGJLZ0ZLaHl0ckRsTktUa2FYUzMxRU1kRE1GWE1iWlZLYXd2SzM2OWk1SGZzZk1rSjcyRHFnbCtUMHZTVzFKRG9mVEFpcm1POWJOQ0pWQ29tamxqbGp4dmRHalNET1BtNlhZeEtqWGFrelhxYytRODM3QjNnTlQzbmNJNDY3UExuOHNTNXFJNmdMa1doeWJKZHA0ZXZMaHovUmtuV0RTRXZlNUw3T1Jzd0xoMTdWTGw4SE5Va0Z1TWxDR2FGWVliT3JmL3dHMkpodktNZlZ6ZzFKUTROb1UzWDI4bzR6dHhRclZtWlV3dWo2R1NZcTB0alc0akJlQUErUkV4dkExd3VWUEtSdVJZS0dlZkt3Y0JWOVBxMGlkZjZ0dU04Vjlnd3BpSEtFVnhHM0lXVFVlL0hzb2RxMVVMMTVRZWErcTNvOEpDMitoRGozWE1KOS92Yis2YXo0IiwiZGF0YUNpcGhlckFsZyI6IkRFRkFVTFQiLCJ0ZW5hbnRLZXlVdWlkIjoiN2FiNDI3ZTEzNDRkZGUwMWM5Zjk3NDcyNzYwMzg0YWJwZnRLTWFuRkVGSCJ9.c57U7qi46KnVAPnzk2bgHI9sPoUlk93L5mPOq1WRy_s",
        "token_type": "bearer",
        "refresh_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6IjkxMGJkMTY4MzFhOTdhZDRhYjdlMGRjMmYzNDY5NTJiaXF6UVdEWWZMbzUifQ.eyJjaXBoZXJUZXh0IjoiVkh3YXpxZTdVb1owNEs5TTlnN2pqLzUvTEhSc2ZyOG1wVHU0TWdUckYwTGJLZ0ZLaHl0ckRsTktUa2FYUzMxRU1kRE1GWE1iWlZLYXd2SzM2OWk1SGZzZk1rSjcyRHFnbCtUMHZTVzFKRG9mVEFpcm1POWJOQ0pWQ29tamxqbGp4dmRHalNET1BtNlhZeEtqWGFrelh0UjBGQXd3eDdINTRsWldxNzdCdEhmUUd5UHFPZWVhK3pLNWRxeWFTMEdXb0NmRkJ1Q1Q1TEFvTlhTRVFWVlc1ZGp3eGJsRUZrSjhVaXBpYXoxTXI1Z3ZSV3N0NlRNN2xHR09tbEVETjJJbmg5dkluVEpUd0RNeTFOSEo1WDJqaGRwMlNvUlN0QUxONlZpaTVMakh3dHAxQWdqZlZuRlR1aVI3UWVLUTVsTjBkdnVmOEtHYkFoQ2lENngxalg4VERKOE5PRWNYYTYyRHdEQ0UrSDlRQlcxTzlPL1FWUG9TSXVqT1lGU0IyVkNsbGZGemM4RmhLbGZLRlcyZlNYbFRSY05YNDE5djcvNWpxL3RuUU1EMjl4YkoxbTAySmRTb3NacjIvNjR1dEpMOSIsImRhdGFDaXBoZXJBbGciOiJERUZBVUxUIiwidGVuYW50S2V5VXVpZCI6IjdhYjQyN2UxMzQ0ZGRlMDFjOWY5NzQ3Mjc2MDM4NGFicGZ0S01hbkZFRkgifQ.VjrWftgXUmLD_P9ECVYGwBEzpyrvZcy-hdrAciIp-aU",
        "expires_in": 179999,
        "scope": "USER_API",
        "id_token": "eyJhbGciOiJSUzI1NiJ9.eyJzdWIiOiJjMGQ3ZWJiYWU4NjlhNzY3ODExODMzMTA3NjgwODg1NDNEa29sREx6clNCIiwic2NvcGUiOiJjMGQ3ZWJiYWU4NjlhNzY3ODExODMzMTA3NjgwODg1NDNEa29sREx6clNCIDEyMzQ2MTExMUAxMy5jb20gMTU4MDExMTExMDAiLCJsb2dpbk5hbWUiOiJ0ZXN0MDI3IiwiY3VzdG9tZXJJZCI6IjQ0MTIxNjU2Mjk4NDE5NTY4MTkiLCJleHAiOjE2NTY1MDYwODAsImp0aSI6InZRN0Uxa0xPTzVpQ3ZuR2JYTUdkZWciLCJpYXQiOjE2NTYzMjYwODEsIm5iZiI6MTY1NjMyNjAyMX0.CW3d41c7oGP23FU5DKGyiX553qLea09oYS4s-dISnse9iE-gGjZxUEqXlHSgfSERES9VeaaVwXEUqPOGKkHEEW0fQKcS82WTepiy1QHB0WeRzqKQQY9t38Rp-v_uMlpKLhnrfK_q_Q1A9ak5kDlpvidp2p5I84NmnisiQmGW7ep3xzs9V7axV9ump207ek5Bl1fs1kZ2gOUTHyWuQ0XoIDF6NHmUjtpA31jc5a13o-UIgX1Bd3ZNjmFiwm4EQ3xyZci72w0rTV7EyRa4KU7KyBjv-QJGv8T2Y4e2GnI-BiqWsaE1wtImhvXRRQ__MT_lRDph87-7zA4cTWEsZJRSXg"
    }
}

无绑定关系

{
    "success": true,
    "code": "Operation.Success",
    "message": "Operation.Success",
    "requestId": "1658980728774$5abe2ca5-a666-dc36-e6eb-2b97e2aa2d0e",
    "data": {
        "fId": "202207281158486517671753087716352_X_ABD",
        "flowType": "NEED_LOGIN_OR_REGISTOR",
        "additional": null
    }
}

传递了 ID:xx 格式的 state 跳转到业务应用中

{
    "success": true,
    "code": "Operation.Success",
    "message": "Operation.Success",
    "requestId": "1658980728774$5abe2ca5-a666-dc36-e6eb-2b97e2aa2d0e",
    "data": {
        "redirectUrl": "http://xxx.com/social/callback?idaasAppId=xx&code=xxx&state=xxx"
    }
}

4 微信小程序登录

4.1. 静默登录

静默登录的原理是通过小程序的 wx.login 获取到临时 code 后,直接去服务端查询对应的 openid 和 unionid,再去查询是否有绑定关系,如果有则验证用户状态后登录成功,否则登录失败,静默登录失败无后续流程。只要没有正常返回用户 token 都认为是静默登录失败,包括账号异常、无绑定关系等。 注意:CIAM 中小程序授权登录是基于 unionid 关联唯一微信用户,因此在对接小程序登录时,务必保证小程序已经绑定到微信开放平台账号下,否则无法正常使用 CIAM 的小程序登录。

接口地址

Request URI: POST /api/bff/v1.2/developer/ciam/login/miniprogram/silent

Content-Type: application/json

请求参数

参数名

类型

必填

内容描述

loginCode

string

微信小程序中通过 wx.login 获取的 临时登录凭证 code(此 code 不能重复使用)

idaasAppId

string

应用 ID,对应控制台应用管理-应用列表中的应用ID

enterpriseAuthId

string

认证源ID,对应控制台认证源列表中的认证源ID

deviceId

string

可选,小程序端设备id

userType

string

自定义用户类型,默认为普通用户

{
    "loginCode": "033nOZZv3GFRJY2Iwf3w3RrQdn1nOZZI",
    "idaasAppId": "{{idaasAppId}}",
    "enterpriseAuthId": "{{enterpriseAuthId}}"
}

返回参数

静默登录成功

{
    "success": true,
    "code": "Operation.Success",
    "message": "Operation.Success",
    "requestId": "1656040913922$ca04c8b1-76ea-f3bd-599a-66c3d445259b",
    "data": {
        "userId": null,
        "uuid": "c0d7ebbae869a76781183310768088543DkolDLzrSB",
        "access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6IjkxMGJkMTY4MzFhOTdhZDRhYjdlMGRjMmYzNDY5NTJiaXF6UVdEWWZMbzUifQ.eyJjaXBoZXJUZXh0IjoiVkh3YXpxZTdVb1owNEs5TTlnN2pqLzUvTEhSc2ZyOG1wVHU0TWdUckYwTGJLZ0ZLaHl0ckRsTktUa2FYUzMxRU1kRE1GWE1iWlZLYXd2SzM2OWk1SGZzZk1rSjcyRHFnbCtUMHZTVzFKRG9mVEFpcm1POWJOQ0pWQ29tamxqbGp4dmRHalNET1BtNlhZeEtqWGFrelhnSUJxNlhhNmFrWmN6MDNKT0NUWGxrWHpWWVpYUjg3SEo4SzV2SU5WTW1pUi9xNWgxVVZ4SnFrajIvQmRpNHFDSmt6cEhrN3UybTFUL09RblFIR1pBL3FKazhya1hMTmMxVVE3dHlLYlhTbk9OblA1Wmh2Vlp0RXBwem5Xb3oxYU1lQktqbmxOSnpEWGExQlJ1RDNtTXZpM202ZUFrUXJaNVMzakI4M09haVZ0dUtRQnhvVXhHTXVrNGV0Q0pQK2ZzLzFpWW1xNGpsc2M0NkpXNGdVSGc0bU5RbHBHRGJsWEtCMVowMVMrY3A0IiwiZGF0YUNpcGhlckFsZyI6IkRFRkFVTFQiLCJ0ZW5hbnRLZXlVdWlkIjoiN2FiNDI3ZTEzNDRkZGUwMWM5Zjk3NDcyNzYwMzg0YWJwZnRLTWFuRkVGSCJ9.5QXEYp6GlgomFF08zFUkwNt-8cwDPSBV0UpAsg3jRtg",
        "token_type": "bearer",
        "refresh_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6IjkxMGJkMTY4MzFhOTdhZDRhYjdlMGRjMmYzNDY5NTJiaXF6UVdEWWZMbzUifQ.eyJjaXBoZXJUZXh0IjoiVkh3YXpxZTdVb1owNEs5TTlnN2pqLzUvTEhSc2ZyOG1wVHU0TWdUckYwTGJLZ0ZLaHl0ckRsTktUa2FYUzMxRU1kRE1GWE1iWlZLYXd2SzM2OWk1SGZzZk1rSjcyRHFnbCtUMHZTVzFKRG9mVEFpcm1POWJOQ0pWQ29tamxqbGp4dmRHalNET1BtNlhZeEtqWGFrelhxYWdsOEdINkJXNEF4eTgrYWpOVXl5T0JCeFB6NGRxNmcwRlNvRTJTVGpmclNSZ2lGS0M3Y25YVGFoVXlJVTE0c1Q5QUgwckVIVko3UnY3RVNQYXdrL0dOZ3d4b2tvd25yczMyUEh3RXFGNXlUT3hDQk9kTG1IWXNWMFRHR2FHaTFWcUpERzh2Ui9JOXBtdmZnZlVHUGFGRUJjTVZmVlRBMU1nVWN0cWNpQnlpQTVrSng5QTVuNG9SVXdnMFZ1MWorcEhZQnFUTkp1SVpUQWttWElhcjQyanhHNFdFMVlscC93SUR3NlFFeHR0a3JrUE8rMGdka0llVGttQ0JybGVOZ3MxaVROckIyNUVvRGJwektxcWZyMUhoQ3VjK0JTTmVKYTdmakNmN0VkOCIsImRhdGFDaXBoZXJBbGciOiJERUZBVUxUIiwidGVuYW50S2V5VXVpZCI6IjdhYjQyN2UxMzQ0ZGRlMDFjOWY5NzQ3Mjc2MDM4NGFicGZ0S01hbkZFRkgifQ.NkmM3xdRMq2xkI_j1A1E7TYUsPZsJn6J2wmJ2gj7Gg4",
        "expires_in": 179999,
        "scope": "USER_API",
        "id_token": "eyJhbGciOiJSUzI1NiJ9.eyJzdWIiOiJjMGQ3ZWJiYWU4NjlhNzY3ODExODMzMTA3NjgwODg1NDNEa29sREx6clNCIiwic2NvcGUiOiJjMGQ3ZWJiYWU4NjlhNzY3ODExODMzMTA3NjgwODg1NDNEa29sREx6clNCIDEyMzQ2MTExMUAxMy5jb20gMTU4MDExMTExMDAiLCJsb2dpbk5hbWUiOiJ0ZXN0MDI3IiwiY3VzdG9tZXJJZCI6IjQ0MTIxNjU2Mjk4NDE5NTY4MTkiLCJleHAiOjE2NTY1MDYwODAsImp0aSI6InZRN0Uxa0xPTzVpQ3ZuR2JYTUdkZWciLCJpYXQiOjE2NTYzMjYwODEsIm5iZiI6MTY1NjMyNjAyMX0.CW3d41c7oGP23FU5DKGyiX553qLea09oYS4s-dISnse9iE-gGjZxUEqXlHSgfSERES9VeaaVwXEUqPOGKkHEEW0fQKcS82WTepiy1QHB0WeRzqKQQY9t38Rp-v_uMlpKLhnrfK_q_Q1A9ak5kDlpvidp2p5I84NmnisiQmGW7ep3xzs9V7axV9ump207ek5Bl1fs1kZ2gOUTHyWuQ0XoIDF6NHmUjtpA31jc5a13o-UIgX1Bd3ZNjmFiwm4EQ3xyZci72w0rTV7EyRa4KU7KyBjv-QJGv8T2Y4e2GnI-BiqWsaE1wtImhvXRRQ__MT_lRDph87-7zA4cTWEsZJRSXg"
    }
}

静默登录失败(只要没有正常返回用户 token 都认为是静默登录失败,包括账号异常、无绑定关系等)

说明

静默登录失败会将微信用户信息回传给业务端,供业务端使用(非必须)

{
    "success": false,
    "code": "Operation.Failure",
    "message": "Operation.Failure.Mini.Program.Silent.Login",
    "requestId": "1656572265429$49b433a9-219a-910a-0323-2af4f1f1a9ce",
    "data": {
        "unionid": "o89vut2y09r3zcDIhxoU6sMdjmiw",
        "openid": "oVq2f4m1pC1Z8rhxYNzTtsWKTJFI"
    }
}

参数名

类型

示例

描述

unionid

String

微信用户的 unionid

openid

String

微信用户的 openid

4.2. 授权登录

授权登录的原理是通过小程序的 wx.login 获取到临时 code 后,再通过 wx.getUserProfile 获取到微信用户的加密信息,然后去服务端通过 loginCode 查询对应的 openid 和 unionid 和 session_key,最后再根据 session_key 解码用户的信息,获取到用户信息后判断是否有绑定关系,如果有则登录成功,否则会进行下一步流程,比如登录注册。

接口地址

Request URI: POST /api/bff/v1.2/developer/ciam/login/miniprogram/authorized

Content-Type: application/json

请求参数

参数名

类型

必填

内容描述

loginCode

string

微信小程序中通过 wx.login 获取的 临时登录凭证 code(此 code 不能重复使用)

idaasAppId

string

应用 ID,对应控制台应用管理-应用列表中的应用ID

enterpriseAuthId

string

认证源ID,对应控制台认证源列表中的认证源ID

encryptedData

string

包括敏感数据在内的完整用户信息的加密数据,通过 wx.getUserProfile 接口获取,参考:https://developers.weixin.qq.com/miniprogram/dev/api/open-api/user-info/wx.getUserProfile.html

iv

string

加密算法的初始向量,通过 wx.getUserProfile 接口获取,参考:

https://developers.weixin.qq.com/miniprogram/dev/api/open-api/user-info/wx.getUserProfile.html

deviceId

string

可选,小程序端设备id

userType

string

自定义用户类型,默认为普通用户

agreeConsent

boolean

用户是否勾选条款(当应用配置了相应条款,此参数必传)

{
    "loginCode": "063oewll2JUCH84Idiol2sxzFd0oewl4",
    "idaasAppId": "{{idaasAppId}}",
    "enterpriseAuthId": "{{enterpriseAuthId}}",
    "encryptedData": "Wp85WrAol3Xq8H/gm0xl5ux25ZZ4snh1uF3wjJ1KfzDP6BLqERNLw1f2wOQ/GRPgBnTUgJXuMUYKVGRY099graBknp0dbyfMoIS1NllnlrwVmrikhnSWwwU0X9iFig9u6fSUtUK69L80hALQ3H0GPDmNo64MWfd3e/bUy1Gfr2Mw2N9useithN6nbvFQlRZDotIb7Yr3fNPYpjXc+a1q/VCf/XYYUR+1gBWd/xXbFBYbrm+1iYbJomNEfRLcgSCU/pNYTzAgmRxn+bt/KUCiuDWXxLjJl1vySmgPre6Use4XJY9jwQIf+EB6C2ja2WQK8pk2wKCmhWoSZxDRoSUZ8gQXOqk6Ef0rWiazte5ibIcw/j5ridkqDctYyOMU1J4DNdRxjohTTgx/3t5BTpzQNcKwuA+SXcj8CRv2kPhgVUM=",
    "iv": "Gv3JeogqQ5eWM93vWSKWPQ==",
    "agreeConsent": true
}

返回参数

有绑定关系

{
    "success": true,
    "code": "Operation.Success",
    "message": "Operation.Success",
    "requestId": "1656040913922$ca04c8b1-76ea-f3bd-599a-66c3d445259b",
    "data": {
        "userId": null,
        "uuid": "c0d7ebbae869a76781183310768088543DkolDLzrSB",
        "access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6IjkxMGJkMTY4MzFhOTdhZDRhYjdlMGRjMmYzNDY5NTJiaXF6UVdEWWZMbzUifQ.eyJjaXBoZXJUZXh0IjoiVkh3YXpxZTdVb1owNEs5TTlnN2pqLzUvTEhSc2ZyOG1wVHU0TWdUckYwTGJLZ0ZLaHl0ckRsTktUa2FYUzMxRU1kRE1GWE1iWlZLYXd2SzM2OWk1SGZzZk1rSjcyRHFnbCtUMHZTVzFKRG9mVEFpcm1POWJOQ0pWQ29tamxqbGp4dmRHalNET1BtNlhZeEtqWGFrelhnSUJxNlhhNmFrWmN6MDNKT0NUWGxrWHpWWVpYUjg3SEo4SzV2SU5WTW1pUi9xNWgxVVZ4SnFrajIvQmRpNHFDSmt6cEhrN3UybTFUL09RblFIR1pBL3FKazhya1hMTmMxVVE3dHlLYlhTbk9OblA1Wmh2Vlp0RXBwem5Xb3oxYU1lQktqbmxOSnpEWGExQlJ1RDNtTXZpM202ZUFrUXJaNVMzakI4M09haVZ0dUtRQnhvVXhHTXVrNGV0Q0pQK2ZzLzFpWW1xNGpsc2M0NkpXNGdVSGc0bU5RbHBHRGJsWEtCMVowMVMrY3A0IiwiZGF0YUNpcGhlckFsZyI6IkRFRkFVTFQiLCJ0ZW5hbnRLZXlVdWlkIjoiN2FiNDI3ZTEzNDRkZGUwMWM5Zjk3NDcyNzYwMzg0YWJwZnRLTWFuRkVGSCJ9.5QXEYp6GlgomFF08zFUkwNt-8cwDPSBV0UpAsg3jRtg",
        "token_type": "bearer",
        "refresh_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6IjkxMGJkMTY4MzFhOTdhZDRhYjdlMGRjMmYzNDY5NTJiaXF6UVdEWWZMbzUifQ.eyJjaXBoZXJUZXh0IjoiVkh3YXpxZTdVb1owNEs5TTlnN2pqLzUvTEhSc2ZyOG1wVHU0TWdUckYwTGJLZ0ZLaHl0ckRsTktUa2FYUzMxRU1kRE1GWE1iWlZLYXd2SzM2OWk1SGZzZk1rSjcyRHFnbCtUMHZTVzFKRG9mVEFpcm1POWJOQ0pWQ29tamxqbGp4dmRHalNET1BtNlhZeEtqWGFrelhxYWdsOEdINkJXNEF4eTgrYWpOVXl5T0JCeFB6NGRxNmcwRlNvRTJTVGpmclNSZ2lGS0M3Y25YVGFoVXlJVTE0c1Q5QUgwckVIVko3UnY3RVNQYXdrL0dOZ3d4b2tvd25yczMyUEh3RXFGNXlUT3hDQk9kTG1IWXNWMFRHR2FHaTFWcUpERzh2Ui9JOXBtdmZnZlVHUGFGRUJjTVZmVlRBMU1nVWN0cWNpQnlpQTVrSng5QTVuNG9SVXdnMFZ1MWorcEhZQnFUTkp1SVpUQWttWElhcjQyanhHNFdFMVlscC93SUR3NlFFeHR0a3JrUE8rMGdka0llVGttQ0JybGVOZ3MxaVROckIyNUVvRGJwektxcWZyMUhoQ3VjK0JTTmVKYTdmakNmN0VkOCIsImRhdGFDaXBoZXJBbGciOiJERUZBVUxUIiwidGVuYW50S2V5VXVpZCI6IjdhYjQyN2UxMzQ0ZGRlMDFjOWY5NzQ3Mjc2MDM4NGFicGZ0S01hbkZFRkgifQ.NkmM3xdRMq2xkI_j1A1E7TYUsPZsJn6J2wmJ2gj7Gg4",
        "expires_in": 179999,
        "scope": "USER_API",
        "id_token": "eyJhbGciOiJSUzI1NiJ9.eyJzdWIiOiJjMGQ3ZWJiYWU4NjlhNzY3ODExODMzMTA3NjgwODg1NDNEa29sREx6clNCIiwic2NvcGUiOiJjMGQ3ZWJiYWU4NjlhNzY3ODExODMzMTA3NjgwODg1NDNEa29sREx6clNCIDEyMzQ2MTExMUAxMy5jb20gMTU4MDExMTExMDAiLCJsb2dpbk5hbWUiOiJ0ZXN0MDI3IiwiY3VzdG9tZXJJZCI6IjQ0MTIxNjU2Mjk4NDE5NTY4MTkiLCJleHAiOjE2NTY1MDYwODAsImp0aSI6InZRN0Uxa0xPTzVpQ3ZuR2JYTUdkZWciLCJpYXQiOjE2NTYzMjYwODEsIm5iZiI6MTY1NjMyNjAyMX0.CW3d41c7oGP23FU5DKGyiX553qLea09oYS4s-dISnse9iE-gGjZxUEqXlHSgfSERES9VeaaVwXEUqPOGKkHEEW0fQKcS82WTepiy1QHB0WeRzqKQQY9t38Rp-v_uMlpKLhnrfK_q_Q1A9ak5kDlpvidp2p5I84NmnisiQmGW7ep3xzs9V7axV9ump207ek5Bl1fs1kZ2gOUTHyWuQ0XoIDF6NHmUjtpA31jc5a13o-UIgX1Bd3ZNjmFiwm4EQ3xyZci72w0rTV7EyRa4KU7KyBjv-QJGv8T2Y4e2GnI-BiqWsaE1wtImhvXRRQ__MT_lRDph87-7zA4cTWEsZJRSXg"
    }
}

无绑定关系(需要登录或者注册)

重要

微信小程序的授权登录比较特殊,当没有绑定关系或者有绑定关系但是绑定的用户不存在(可能被逻辑删除,或者其他原因引起的脏数据)时,不会返回 flowType,而是会返回一个 Operation.Failure.User.Not.Exist 异常码,同时 data 中会将 fId 返回。 也就是说,小程序在开发时,需要判断该接口的返回错误信息,如果 message 返回的是 Operation.Failure.User.Not.Exist 则认为当前流程存在下一步,即手机号一键登录。

{
    "success": false,
    "code": "Operation.Failure.Social.Login",
    "message": "Operation.Failure.User.Not.Exist",
    "requestId": "1656572612543$ad6dff47-af68-1296-c65b-28e84cf59579",
    "data": {
        "fId": "202206301503325238257221755438080_X_ABD"
    }
}

参数名

类型

示例

描述

fId

String

流程 ID,下一个流程传回来

4.3. 手机号一键登录

手机号一键登录的原理是通过小程序的 wx.login 获取到临时 code 后,再通过 wx.getPhoneNumber 获取到微信用户的手机号加密信息或者手机号code,然后去服务端通过 loginCode 查询对应的 openid 和 unionid 和 session_key,最后再判断是否传递 phoneNumberCode,如果传了则根据该 code 去微信换取用户的真实手机号,否则根据 session_key 解码用户的手机号信息,获取到用户信息后判断是否有绑定关系,如果有则登录成功,否则会进行下一步流程,比如登录注册。

接口地址

Request URI: POST /api/bff/v1.2/developer/ciam/login/miniprogram/phone

Content-Type: application/json

请求参数

参数名

类型

必填

内容描述

fId

string

上一步流程(如果有)产生的 fid

loginCode

string

微信小程序中通过 wx.login 获取的 临时登录凭证 code(此 code 不能重复使用)

idaasAppId

string

应用 ID,对应控制台应用管理-应用列表中的应用ID

enterpriseAuthId

string

认证源ID,对应控制台认证源列表中的认证源ID

phoneNumberCode

string

微信小程序中通过 getPhoneNumber 获取到的 code,参考:https://developers.weixin.qq.com/miniprogram/dev/framework/open-ability/getPhoneNumber.html

encryptedData

string

包括敏感数据在内的完整用户信息的加密数据,通过 getPhoneNumber 获取,参考:https://developers.weixin.qq.com/miniprogram/dev/framework/open-ability/deprecatedGetPhoneNumber.html

iv

string

微信小程序中通过 getPhoneNumber 获取到的 加密算法的初始向量,参考:https://developers.weixin.qq.com/miniprogram/dev/framework/open-ability/deprecatedGetPhoneNumber.html

deviceId

string

可选,小程序端设备id

userType

string

自定义用户类型,默认为普通用户

agreeConsent

boolean

用户是否勾选条款(当应用配置了相应条款,此参数必传)

{
    "fId": "{{fId}}",
    "loginCode": "023arx000zEEHiO6N3arx0D",
    "idaasAppId": "{{idaasAppId}}",
    "enterpriseAuthId": "{{enterpriseAuthId}}",
    "phoneNumberCode": "c773d67f9ca3538ae7da881f0df96c2000bdedc4e",
    "encryptedData": "",
    "iv": "",
    "agreeConsent": true
}

返回参数

有绑定关系

{
    "success": true,
    "code": "Operation.Success",
    "message": "Operation.Success",
    "requestId": "1656040913922$ca04c8b1-76ea-f3bd-599a-66c3d445259b",
    "data": {
        "userId": null,
        "uuid": "c0d7ebbae869a76781183310768088543DkolDLzrSB",
        "access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6IjkxMGJkMTY4MzFhOTdhZDRhYjdlMGRjMmYzNDY5NTJiaXF6UVdEWWZMbzUifQ.eyJjaXBoZXJUZXh0IjoiVkh3YXpxZTdVb1owNEs5TTlnN2pqLzUvTEhSc2ZyOG1wVHU0TWdUckYwTGJLZ0ZLaHl0ckRsTktUa2FYUzMxRU1kRE1GWE1iWlZLYXd2SzM2OWk1SGZzZk1rSjcyRHFnbCtUMHZTVzFKRG9mVEFpcm1POWJOQ0pWQ29tamxqbGp4dmRHalNET1BtNlhZeEtqWGFrelhnSUJxNlhhNmFrWmN6MDNKT0NUWGxrWHpWWVpYUjg3SEo4SzV2SU5WTW1pUi9xNWgxVVZ4SnFrajIvQmRpNHFDSmt6cEhrN3UybTFUL09RblFIR1pBL3FKazhya1hMTmMxVVE3dHlLYlhTbk9OblA1Wmh2Vlp0RXBwem5Xb3oxYU1lQktqbmxOSnpEWGExQlJ1RDNtTXZpM202ZUFrUXJaNVMzakI4M09haVZ0dUtRQnhvVXhHTXVrNGV0Q0pQK2ZzLzFpWW1xNGpsc2M0NkpXNGdVSGc0bU5RbHBHRGJsWEtCMVowMVMrY3A0IiwiZGF0YUNpcGhlckFsZyI6IkRFRkFVTFQiLCJ0ZW5hbnRLZXlVdWlkIjoiN2FiNDI3ZTEzNDRkZGUwMWM5Zjk3NDcyNzYwMzg0YWJwZnRLTWFuRkVGSCJ9.5QXEYp6GlgomFF08zFUkwNt-8cwDPSBV0UpAsg3jRtg",
        "token_type": "bearer",
        "refresh_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6IjkxMGJkMTY4MzFhOTdhZDRhYjdlMGRjMmYzNDY5NTJiaXF6UVdEWWZMbzUifQ.eyJjaXBoZXJUZXh0IjoiVkh3YXpxZTdVb1owNEs5TTlnN2pqLzUvTEhSc2ZyOG1wVHU0TWdUckYwTGJLZ0ZLaHl0ckRsTktUa2FYUzMxRU1kRE1GWE1iWlZLYXd2SzM2OWk1SGZzZk1rSjcyRHFnbCtUMHZTVzFKRG9mVEFpcm1POWJOQ0pWQ29tamxqbGp4dmRHalNET1BtNlhZeEtqWGFrelhxYWdsOEdINkJXNEF4eTgrYWpOVXl5T0JCeFB6NGRxNmcwRlNvRTJTVGpmclNSZ2lGS0M3Y25YVGFoVXlJVTE0c1Q5QUgwckVIVko3UnY3RVNQYXdrL0dOZ3d4b2tvd25yczMyUEh3RXFGNXlUT3hDQk9kTG1IWXNWMFRHR2FHaTFWcUpERzh2Ui9JOXBtdmZnZlVHUGFGRUJjTVZmVlRBMU1nVWN0cWNpQnlpQTVrSng5QTVuNG9SVXdnMFZ1MWorcEhZQnFUTkp1SVpUQWttWElhcjQyanhHNFdFMVlscC93SUR3NlFFeHR0a3JrUE8rMGdka0llVGttQ0JybGVOZ3MxaVROckIyNUVvRGJwektxcWZyMUhoQ3VjK0JTTmVKYTdmakNmN0VkOCIsImRhdGFDaXBoZXJBbGciOiJERUZBVUxUIiwidGVuYW50S2V5VXVpZCI6IjdhYjQyN2UxMzQ0ZGRlMDFjOWY5NzQ3Mjc2MDM4NGFicGZ0S01hbkZFRkgifQ.NkmM3xdRMq2xkI_j1A1E7TYUsPZsJn6J2wmJ2gj7Gg4",
        "expires_in": 179999,
        "scope": "USER_API",
        "id_token": "eyJhbGciOiJSUzI1NiJ9.eyJzdWIiOiJjMGQ3ZWJiYWU4NjlhNzY3ODExODMzMTA3NjgwODg1NDNEa29sREx6clNCIiwic2NvcGUiOiJjMGQ3ZWJiYWU4NjlhNzY3ODExODMzMTA3NjgwODg1NDNEa29sREx6clNCIDEyMzQ2MTExMUAxMy5jb20gMTU4MDExMTExMDAiLCJsb2dpbk5hbWUiOiJ0ZXN0MDI3IiwiY3VzdG9tZXJJZCI6IjQ0MTIxNjU2Mjk4NDE5NTY4MTkiLCJleHAiOjE2NTY1MDYwODAsImp0aSI6InZRN0Uxa0xPTzVpQ3ZuR2JYTUdkZWciLCJpYXQiOjE2NTYzMjYwODEsIm5iZiI6MTY1NjMyNjAyMX0.CW3d41c7oGP23FU5DKGyiX553qLea09oYS4s-dISnse9iE-gGjZxUEqXlHSgfSERES9VeaaVwXEUqPOGKkHEEW0fQKcS82WTepiy1QHB0WeRzqKQQY9t38Rp-v_uMlpKLhnrfK_q_Q1A9ak5kDlpvidp2p5I84NmnisiQmGW7ep3xzs9V7axV9ump207ek5Bl1fs1kZ2gOUTHyWuQ0XoIDF6NHmUjtpA31jc5a13o-UIgX1Bd3ZNjmFiwm4EQ3xyZci72w0rTV7EyRa4KU7KyBjv-QJGv8T2Y4e2GnI-BiqWsaE1wtImhvXRRQ__MT_lRDph87-7zA4cTWEsZJRSXg"
    }
}

无绑定关系(需要登录或者注册)

重要

微信小程序的手机号一键登录比较特殊,当没有绑定关系或者有绑定关系但是绑定的用户不存在(可能被逻辑删除,或者其他原因引起的脏数据)时,不会返回 flowType,而是会返回一个 Operation.Failure.User.Not.Exist 异常码,同时 data 中会将 fId 返回。 也就是说,小程序在开发时,需要判断该接口的返回错误信息,如果 message 返回的是 Operation.Failure.User.Not.Exist 则认为当前流程存在下一步,即进入 h5 的登录注册页面。

{
    "success": false,
    "code": "Operation.Failure.Social.Login",
    "message": "Operation.Failure.User.Not.Exist",
    "requestId": "1656573286977$6584dc2c-78b9-d12c-a6db-21ff9a90dac9",
    "data": {
        "fId": "202206301514226999141257494492160_X_ABD",
        "phoneNumber": "xxxx"
    }
}

参数名

类型

示例

描述

fId

String

流程 ID,下一个流程传回来

phoneNumber

String

当前识别初的手机号,可能前端需要用于展示

5 APP端

5.1. 获取accessToken

image.png

当手机端需要使用手机号码认证,或者IFAA认证时,需要给手机端进行授权,手机端获取此token信息可以与安全认证产品交互。

接口地址

Request URI: POST/api/bff/v1.2/developer/ciam/login/app/safeauth/fetch_accesstoken

Content-Type: application/json

请求参数

参数名

类型

必填

内容描述

applicationExternalId

string

在安全认证创建的appid

mobileExtendParamsJson

string

手机端json信息

mobileExtendParamsJsonSign

string

手机端json签名信息

userId

string

手机端用户信息

返回参数

参数名

类型

示例

内容说明

access_token

string

eyJhbGciOiJIUzI1N**** ... ... PoKL1O0j0

安全认证的accessToken信息

expires_in

long

3600

token过期时间,单位:秒

错误异常列表

errorCode

errorMessage

描述

Operation.Success

Operation.Success

成功

Params.Blank

Params.Blank.ApplicationExternalId

缺少参数

ApplicationExternalId

Params.Blank

Params.Blank.MobileExtendParamsJson

缺少参数MobileExtendParamsJson

Params.Blank

Params.Blank.MobileExtendParamsJsonSign

缺少参数MobileExtendParamsJsonSign

Operation.Failure

Operation.Failure.RemoteServerCommonError

调用安全认证服务失败

5.2. 获取fId

当点击更多登录方式,需要先获取一个fId。

接口地址

Request URI: POST/api/bff/v1.2/developer/ciam/login/app/getFid

Content-Type: application/json

请求参数

参数名

类型

示例

内容说明

deviceId

string

xxxxx

设备ID

response_type

string

code

响应类型,参考OAuth协议的 response_type

userType

string

自定义用户类型,默认为普通用户

返回参数

参数名

类型

示例

内容说明

fId

string

hbGciOiJIUzI1NiIsI ... ...

进入登录页面需要的流程ID

flowType

string

LOGIN_NEED_REGISTER

下一步流程类型

错误异常列表

errorCode

errorMessage

描述

Operation.Success

Operation.Success

成功

5.3. 号码、人脸、指纹认证

当手机端需要使用手机号码认证,或者IFAA认证时,手机端与安全认证通过后会给用户产生idToken,此接口验证完idToken,idaas就会认为认证成功且签发token信息。

接口地址

Request URI: POST /api/bff/v1.2/developer/ciam/login/app/safeauth/login

Content-Type: application/json

请求参数

参数名

类型

必填

内容描述

applicationExternalId

string

在安全认证创建的appid

idToken

string

用户在安全认证签发的token

userType

string

自定义用户类型,默认为普通用户

返回参数

参数名

类型

示例

内容说明

id_token

string

hbGciOiJIUzI1NiIsI ... ... PoKL1O0

用户身份信息token

access_token

string

eyJhbGciOiJIUzI1N**** ... ... PoKL1O0j0

用户访问token

refresh_token

string

yJhbGciOiJIUhbGciOiJIUzI1NiIsI ... ...

刷新用户token使用

scop

string

read

expires_in

long

3600

token过期时间,单位:秒

错误异常列表

errorCode

errorMessage

描述

Operation.Success

Operation.Success

成功

Params.Blank

Params.Blank.IdToken

参数idToken不能都为空

Params.Blank

Params.Blank.ApplicationExternalId

缺少参数applicationExternalId

Operation.Failure

Operation.Failure.RemoteServerCommonError

依赖安全认证服务调用失败

Operation.Failure

Operation.Failure.No.User.Bind

安全认证没有绑定过账号信息

Operation.Failure

Operation.Failure.IDaaS.NoUser

CIAM系统没有绑定过账号信息

Operation.Failure

Operation.Failure.Service.Internal.Error

服务端内部错误

5.4. 手势认证

当手机端需要使用手势认证时,在用户中心配置手势,即可使用手势登录。

接口地址

Request URI: POST /api/bff/v1.2/developer/ciam/login/app/gesture/login

Content-Type: application/json

请求参数

参数名

类型

必填

内容描述

gestureSign

string

使用用户名对手势做加密

userName

string

用户名

userType

string

自定义用户类型,默认为普通用户

返回参数

参数名

类型

示例

内容说明

id_token

string

hbGciOiJIUzI1NiIsI ... ... PoKL1O0

用户身份信息token

access_token

string

eyJhbGciOiJIUzI1N**** ... ... PoKL1O0j0

用户访问token

refresh_token

string

yJhbGciOiJIUhbGciOiJIUzI1NiIsI ... ...

刷新用户token使用

scop

string

read

expires_in

long

3600

token过期时间,单位:秒

错误异常列表

errorCode

errorMessage

描述

Operation.Success

Operation.Success

成功

Params.Blank

Params.Blank.Gesture.Sign

参数sign不能都为空

Params.Blank

Params.Blank.User.Username

缺少参数username

Operation.Failure

Operation.Failure.User.Not.Exist

不存在的用户

Operation.Failure

Operation.Failure.User.Not.Bind.Gesture

用户没绑定过手势

Operation.Failure

Operation_Failure.Gesture.Error

用户输入的手势错误

Operation.Failure

Operation.Failure.Service.Internal.Error

服务端内部错误

6 注册

6.1. 注册-发送验证码

接口地址

Request URI: POST /api/bff/v1.2/developer/ciam/register/obtain_code

Content-Type: application/json

请求参数

{
  "fId": "{{fId}}",
	"type":"SMS",
	"phoneNumber":"15100000000",
	"phoneRegion":"",
	"email":"11111@qq.com",
  "userType":"",
	"captchaCode":"",
	"captchaText":""
}

参数名

类型

必须

内容说明

fId

string

上一步流程的 fId

type

string

验证码类型。SMS 代表短信,EMAIL 代表邮箱

phoneNumber

string

手机号,当 type 传 SMS 时该值必传

phoneRegion

string

手机号区号

email

string

邮箱,当 type 传 EMAIL 时该值必传

captchaCode

string

图形验证码的 code,由获取验证码的接口返回,当存在图形验证码时必传

captchaText

string

用户输入的图形验证码,当存在图形验证码时必传

userType

string

用户类型,默认不传即可

language

string

发送验证码的语言类型,默认取首选语言

engineCode

string

发送验证码的网关编码,默认取首选服务商的首选网关

若开启了【短信/邮件防暴 图形验证码】则在发送验证码次数超过风控阈值时需要验证图形验证码

captchaCode

string

图形验证码的唯一标识,通过获取图形验证接口返回

captchaText

string

图形验证码,根据界面中验证码图片显示的数字进行填写

返回参数

{
    "success": true,
    "code": "Operation.Success",
    "message": "Operation.Success",
    "requestId": "1654591263236$eb20f2b1-5afe-72ab-1333-8515f5a68dee",
    "data": {
        "fId": "202206071641032416438565386055680_X_BDE"
    }
}

6.2. 注册-验证验证码

接口地址

Request URI: POST /api/bff/v1.2/developer/ciam/register/submit

Content-Type: application/json

请求参数

{
    "fId": "{{fId}}",
    "type": "SMS",
    "code": "000000",
    "phoneNumber": "15111111111",
    "phoneRegion": "86",
    "email": "",
    "username": "test001",
    "password": "966966",
    "userType": "",
    "response_type": "token",
    "agreeConsent": true
}

参数名

类型

必须

内容说明

fId

string

上一步流程的 fId

type

string

注册类型。SMS 代表短信,EMAIL 代表邮箱

phoneNumber

string

手机号,上一步用手机发送验证码时,本次必传

phoneRegion

string

手机号区号

email

string

邮箱,上一步用邮箱发送验证码时,本次必传

code

string

邮箱或者手机号的验证码,新版本增加的属性(可以兼容旧版本的 smsCode 和 emailCode)

username

string

注册的用户名(登录用户名)

password

string

用户密码

userType

string

用户类型,默认不传

response_type

string

当传 code 时,返回授权码;当传 token 时,返回用户的 token

agreeConsent

boolean

用户是否勾选条款(如果未配置条款则可忽略该参数)

返回参数

{
    "success": true,
    "code": "Operation.Success",
    "message": "Operation.Success",
    "requestId": "1656326070459$be264b8d-a6ca-a75c-f224-ade8531cc4af",
    "data": {
        "userId": null,
        "uuid": "c0d7ebbae869a76781183310768088543DkolDLzrSB",
        "access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6IjkxMGJkMTY4MzFhOTdhZDRhYjdlMGRjMmYzNDY5NTJiaXF6UVdEWWZMbzUifQ.eyJjaXBoZXJUZXh0IjoiVkh3YXpxZTdVb1owNEs5TTlnN2pqLzUvTEhSc2ZyOG1wVHU0TWdUckYwTGJLZ0ZLaHl0ckRsTktUa2FYUzMxRU1kRE1GWE1iWlZLYXd2SzM2OWk1SGZzZk1rSjcyRHFnbCtUMHZTVzFKRG9mVEFpcm1POWJOQ0pWQ29tamxqbGp4dmRHalNET1BtNlhZeEtqWGFrelhxYytRODM3QjNnTlQzbmNJNDY3UExuOHNTNXFJNmdMa1doeWJKZHA0ZXZMaHovUmtuV0RTRXZlNUw3T1Jzd0xoMTdWTGw4SE5Va0Z1TWxDR2FGWVliT3JmL3dHMkpodktNZlZ6ZzFKUTROb1UzWDI4bzR6dHhRclZtWlV3dWo2R1NZcTB0alc0akJlQUErUkV4dkExd3VWUEtSdVJZS0dlZkt3Y0JWOVBxMGlkZjZ0dU04Vjlnd3BpSEtFVnhHM0lXVFVlL0hzb2RxMVVMMTVRZWErcTNvOEpDMitoRGozWE1KOS92Yis2YXo0IiwiZGF0YUNpcGhlckFsZyI6IkRFRkFVTFQiLCJ0ZW5hbnRLZXlVdWlkIjoiN2FiNDI3ZTEzNDRkZGUwMWM5Zjk3NDcyNzYwMzg0YWJwZnRLTWFuRkVGSCJ9.c57U7qi46KnVAPnzk2bgHI9sPoUlk93L5mPOq1WRy_s",
        "token_type": "bearer",
        "refresh_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6IjkxMGJkMTY4MzFhOTdhZDRhYjdlMGRjMmYzNDY5NTJiaXF6UVdEWWZMbzUifQ.eyJjaXBoZXJUZXh0IjoiVkh3YXpxZTdVb1owNEs5TTlnN2pqLzUvTEhSc2ZyOG1wVHU0TWdUckYwTGJLZ0ZLaHl0ckRsTktUa2FYUzMxRU1kRE1GWE1iWlZLYXd2SzM2OWk1SGZzZk1rSjcyRHFnbCtUMHZTVzFKRG9mVEFpcm1POWJOQ0pWQ29tamxqbGp4dmRHalNET1BtNlhZeEtqWGFrelh0UjBGQXd3eDdINTRsWldxNzdCdEhmUUd5UHFPZWVhK3pLNWRxeWFTMEdXb0NmRkJ1Q1Q1TEFvTlhTRVFWVlc1ZGp3eGJsRUZrSjhVaXBpYXoxTXI1Z3ZSV3N0NlRNN2xHR09tbEVETjJJbmg5dkluVEpUd0RNeTFOSEo1WDJqaGRwMlNvUlN0QUxONlZpaTVMakh3dHAxQWdqZlZuRlR1aVI3UWVLUTVsTjBkdnVmOEtHYkFoQ2lENngxalg4VERKOE5PRWNYYTYyRHdEQ0UrSDlRQlcxTzlPL1FWUG9TSXVqT1lGU0IyVkNsbGZGemM4RmhLbGZLRlcyZlNYbFRSY05YNDE5djcvNWpxL3RuUU1EMjl4YkoxbTAySmRTb3NacjIvNjR1dEpMOSIsImRhdGFDaXBoZXJBbGciOiJERUZBVUxUIiwidGVuYW50S2V5VXVpZCI6IjdhYjQyN2UxMzQ0ZGRlMDFjOWY5NzQ3Mjc2MDM4NGFicGZ0S01hbkZFRkgifQ.VjrWftgXUmLD_P9ECVYGwBEzpyrvZcy-hdrAciIp-aU",
        "expires_in": 179999,
        "scope": "USER_API",
        "id_token": "eyJhbGciOiJSUzI1NiJ9.eyJzdWIiOiJjMGQ3ZWJiYWU4NjlhNzY3ODExODMzMTA3NjgwODg1NDNEa29sREx6clNCIiwic2NvcGUiOiJjMGQ3ZWJiYWU4NjlhNzY3ODExODMzMTA3NjgwODg1NDNEa29sREx6clNCIDEyMzQ2MTExMUAxMy5jb20gMTU4MDExMTExMDAiLCJsb2dpbk5hbWUiOiJ0ZXN0MDI3IiwiY3VzdG9tZXJJZCI6IjQ0MTIxNjU2Mjk4NDE5NTY4MTkiLCJleHAiOjE2NTY1MDYwODAsImp0aSI6InZRN0Uxa0xPTzVpQ3ZuR2JYTUdkZWciLCJpYXQiOjE2NTYzMjYwODEsIm5iZiI6MTY1NjMyNjAyMX0.CW3d41c7oGP23FU5DKGyiX553qLea09oYS4s-dISnse9iE-gGjZxUEqXlHSgfSERES9VeaaVwXEUqPOGKkHEEW0fQKcS82WTepiy1QHB0WeRzqKQQY9t38Rp-v_uMlpKLhnrfK_q_Q1A9ak5kDlpvidp2p5I84NmnisiQmGW7ep3xzs9V7axV9ump207ek5Bl1fs1kZ2gOUTHyWuQ0XoIDF6NHmUjtpA31jc5a13o-UIgX1Bd3ZNjmFiwm4EQ3xyZci72w0rTV7EyRa4KU7KyBjv-QJGv8T2Y4e2GnI-BiqWsaE1wtImhvXRRQ__MT_lRDph87-7zA4cTWEsZJRSXg",
        "idaasCode": null,
        "locked": false,
        "enabled": false,
        "sourceApplicationUuid": null,
        "authId": null,
        "unionId": null,
        "openId": null,
        "phoneRegion": null,
        "createTime": null,
        "uamParams": null
    }
}

三、二次认证

1.验证码方式-发送验证码

说明

当 flowType=NEED_TWO_FACTOR,进入二次认证 仅用于手机号、邮箱验证码的二次认证。

接口地址

Request URI: POST /api/bff/v1.2/developer/ciam/prepare_second_factor

Content-Type: application/json

请求参数

{
	"fId":"{{fId}}",
	"type":"SMS",
	"captchaCode":"",
	"captchaText":""
}

参数名

类型

必须

内容说明

fId

string

上一步流程的 fId

type

string

二次认证的方式,(目前)可选值:SMS、EMAIL 根据选择的二次认证传值

userType

string

自定义用户类型,默认为普通用户

language

string

发送验证码的语言类型,默认取首选语言

engineCode

string

发送验证码的网关编码,默认取首选服务商的首选网关

若开启了【短信/邮件防暴 图形验证码】则在发送验证码次数超过风控阈值时需要验证图形验证码

captchaCode

string

图形验证码的唯一标识,通过获取图形验证接口返回

captchaText

string

图形验证码,根据界面中验证码图片显示的数字进行填写

返回参数

不支持的二次认证方式

{
    "success": false,
    "code": "Params.Illegal",
    "message": "Operation.Failure.Unsupport.2fa.Type",
    "requestId": "1654681888509$40033cb3-9d4f-4a52-e3a3-447c52c80fb1",
    "data": null
}

正常

{
    "success": true,
    "code": "Operation.Success",
    "message": "Operation.Success",
    "requestId": "1654681964158$6b18049f-68ee-0fbc-7128-d5627b387fad",
    "data": {
        "fId": "202206081747411329041361342880768_X_BCD"
    }
}

2. 验证码方式-验证验证码

接口地址

Request URI: POST /api/bff/v1.2/developer/ciam/verify_second_factor

Content-Type: application/json

请求参数

{
	"code":"000000",
  "type":"SMS",
	"fId":"{{fId}}"
}

参数名

类型

必须

内容说明

fId

string

上一步流程的 fId

type

string

二次认证的方式,(目前)可选值:SMS、EMAIL、PWD,根据选择的二次认证传值

code

string

手机或者邮箱的验证码

返回参数

{
    "success": true,
    "code": "Operation.Success",
    "message": "Operation.Success",
    "requestId": "1656326070459$be264b8d-a6ca-a75c-f224-ade8531cc4af",
    "data": {
        "userId": null,
        "uuid": "c0d7ebbae869a76781183310768088543DkolDLzrSB",
        "access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6IjkxMGJkMTY4MzFhOTdhZDRhYjdlMGRjMmYzNDY5NTJiaXF6UVdEWWZMbzUifQ.eyJjaXBoZXJUZXh0IjoiVkh3YXpxZTdVb1owNEs5TTlnN2pqLzUvTEhSc2ZyOG1wVHU0TWdUckYwTGJLZ0ZLaHl0ckRsTktUa2FYUzMxRU1kRE1GWE1iWlZLYXd2SzM2OWk1SGZzZk1rSjcyRHFnbCtUMHZTVzFKRG9mVEFpcm1POWJOQ0pWQ29tamxqbGp4dmRHalNET1BtNlhZeEtqWGFrelhxYytRODM3QjNnTlQzbmNJNDY3UExuOHNTNXFJNmdMa1doeWJKZHA0ZXZMaHovUmtuV0RTRXZlNUw3T1Jzd0xoMTdWTGw4SE5Va0Z1TWxDR2FGWVliT3JmL3dHMkpodktNZlZ6ZzFKUTROb1UzWDI4bzR6dHhRclZtWlV3dWo2R1NZcTB0alc0akJlQUErUkV4dkExd3VWUEtSdVJZS0dlZkt3Y0JWOVBxMGlkZjZ0dU04Vjlnd3BpSEtFVnhHM0lXVFVlL0hzb2RxMVVMMTVRZWErcTNvOEpDMitoRGozWE1KOS92Yis2YXo0IiwiZGF0YUNpcGhlckFsZyI6IkRFRkFVTFQiLCJ0ZW5hbnRLZXlVdWlkIjoiN2FiNDI3ZTEzNDRkZGUwMWM5Zjk3NDcyNzYwMzg0YWJwZnRLTWFuRkVGSCJ9.c57U7qi46KnVAPnzk2bgHI9sPoUlk93L5mPOq1WRy_s",
        "token_type": "bearer",
        "refresh_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6IjkxMGJkMTY4MzFhOTdhZDRhYjdlMGRjMmYzNDY5NTJiaXF6UVdEWWZMbzUifQ.eyJjaXBoZXJUZXh0IjoiVkh3YXpxZTdVb1owNEs5TTlnN2pqLzUvTEhSc2ZyOG1wVHU0TWdUckYwTGJLZ0ZLaHl0ckRsTktUa2FYUzMxRU1kRE1GWE1iWlZLYXd2SzM2OWk1SGZzZk1rSjcyRHFnbCtUMHZTVzFKRG9mVEFpcm1POWJOQ0pWQ29tamxqbGp4dmRHalNET1BtNlhZeEtqWGFrelh0UjBGQXd3eDdINTRsWldxNzdCdEhmUUd5UHFPZWVhK3pLNWRxeWFTMEdXb0NmRkJ1Q1Q1TEFvTlhTRVFWVlc1ZGp3eGJsRUZrSjhVaXBpYXoxTXI1Z3ZSV3N0NlRNN2xHR09tbEVETjJJbmg5dkluVEpUd0RNeTFOSEo1WDJqaGRwMlNvUlN0QUxONlZpaTVMakh3dHAxQWdqZlZuRlR1aVI3UWVLUTVsTjBkdnVmOEtHYkFoQ2lENngxalg4VERKOE5PRWNYYTYyRHdEQ0UrSDlRQlcxTzlPL1FWUG9TSXVqT1lGU0IyVkNsbGZGemM4RmhLbGZLRlcyZlNYbFRSY05YNDE5djcvNWpxL3RuUU1EMjl4YkoxbTAySmRTb3NacjIvNjR1dEpMOSIsImRhdGFDaXBoZXJBbGciOiJERUZBVUxUIiwidGVuYW50S2V5VXVpZCI6IjdhYjQyN2UxMzQ0ZGRlMDFjOWY5NzQ3Mjc2MDM4NGFicGZ0S01hbkZFRkgifQ.VjrWftgXUmLD_P9ECVYGwBEzpyrvZcy-hdrAciIp-aU",
        "expires_in": 179999,
        "scope": "USER_API",
        "id_token": "eyJhbGciOiJSUzI1NiJ9.eyJzdWIiOiJjMGQ3ZWJiYWU4NjlhNzY3ODExODMzMTA3NjgwODg1NDNEa29sREx6clNCIiwic2NvcGUiOiJjMGQ3ZWJiYWU4NjlhNzY3ODExODMzMTA3NjgwODg1NDNEa29sREx6clNCIDEyMzQ2MTExMUAxMy5jb20gMTU4MDExMTExMDAiLCJsb2dpbk5hbWUiOiJ0ZXN0MDI3IiwiY3VzdG9tZXJJZCI6IjQ0MTIxNjU2Mjk4NDE5NTY4MTkiLCJleHAiOjE2NTY1MDYwODAsImp0aSI6InZRN0Uxa0xPTzVpQ3ZuR2JYTUdkZWciLCJpYXQiOjE2NTYzMjYwODEsIm5iZiI6MTY1NjMyNjAyMX0.CW3d41c7oGP23FU5DKGyiX553qLea09oYS4s-dISnse9iE-gGjZxUEqXlHSgfSERES9VeaaVwXEUqPOGKkHEEW0fQKcS82WTepiy1QHB0WeRzqKQQY9t38Rp-v_uMlpKLhnrfK_q_Q1A9ak5kDlpvidp2p5I84NmnisiQmGW7ep3xzs9V7axV9ump207ek5Bl1fs1kZ2gOUTHyWuQ0XoIDF6NHmUjtpA31jc5a13o-UIgX1Bd3ZNjmFiwm4EQ3xyZci72w0rTV7EyRa4KU7KyBjv-QJGv8T2Y4e2GnI-BiqWsaE1wtImhvXRRQ__MT_lRDph87-7zA4cTWEsZJRSXg",
        "idaasCode": null,
        "locked": false,
        "enabled": false,
        "sourceApplicationUuid": null,
        "authId": null,
        "unionId": null,
        "openId": null,
        "phoneRegion": null,
        "createTime": null,
        "uamParams": null
    }
}

3. 密码方式-验证密码

接口地址

Request URI: POST /api/bff/v1.2/developer/ciam/verify_second_factor

Content-Type: application/json

请求参数

{
	"password":"966966",
  "type":"PWD",
	"fId":"{{fId}}"
}

参数名

类型

必须

内容说明

fId

string

上一步流程的 fId

type

string

二次认证的方式,固定为 PWD

password

string

用户输入的密码

返回参数

二次认证失败

{
    "success": false,
    "code": "Operation.Failure",
    "message": "Operation.Failure.User.Password.Error",
    "requestId": "1654747792211$750c5b3e-5dd2-efa1-60a5-1acc88ca1f85",
    "data": null
}

二次认证成功

{
    "success": true,
    "code": "Operation.Success",
    "message": "Operation.Success",
    "requestId": "1656326070459$be264b8d-a6ca-a75c-f224-ade8531cc4af",
    "data": {
        "userId": null,
        "uuid": "c0d7ebbae869a76781183310768088543DkolDLzrSB",
        "access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6IjkxMGJkMTY4MzFhOTdhZDRhYjdlMGRjMmYzNDY5NTJiaXF6UVdEWWZMbzUifQ.eyJjaXBoZXJUZXh0IjoiVkh3YXpxZTdVb1owNEs5TTlnN2pqLzUvTEhSc2ZyOG1wVHU0TWdUckYwTGJLZ0ZLaHl0ckRsTktUa2FYUzMxRU1kRE1GWE1iWlZLYXd2SzM2OWk1SGZzZk1rSjcyRHFnbCtUMHZTVzFKRG9mVEFpcm1POWJOQ0pWQ29tamxqbGp4dmRHalNET1BtNlhZeEtqWGFrelhxYytRODM3QjNnTlQzbmNJNDY3UExuOHNTNXFJNmdMa1doeWJKZHA0ZXZMaHovUmtuV0RTRXZlNUw3T1Jzd0xoMTdWTGw4SE5Va0Z1TWxDR2FGWVliT3JmL3dHMkpodktNZlZ6ZzFKUTROb1UzWDI4bzR6dHhRclZtWlV3dWo2R1NZcTB0alc0akJlQUErUkV4dkExd3VWUEtSdVJZS0dlZkt3Y0JWOVBxMGlkZjZ0dU04Vjlnd3BpSEtFVnhHM0lXVFVlL0hzb2RxMVVMMTVRZWErcTNvOEpDMitoRGozWE1KOS92Yis2YXo0IiwiZGF0YUNpcGhlckFsZyI6IkRFRkFVTFQiLCJ0ZW5hbnRLZXlVdWlkIjoiN2FiNDI3ZTEzNDRkZGUwMWM5Zjk3NDcyNzYwMzg0YWJwZnRLTWFuRkVGSCJ9.c57U7qi46KnVAPnzk2bgHI9sPoUlk93L5mPOq1WRy_s",
        "token_type": "bearer",
        "refresh_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6IjkxMGJkMTY4MzFhOTdhZDRhYjdlMGRjMmYzNDY5NTJiaXF6UVdEWWZMbzUifQ.eyJjaXBoZXJUZXh0IjoiVkh3YXpxZTdVb1owNEs5TTlnN2pqLzUvTEhSc2ZyOG1wVHU0TWdUckYwTGJLZ0ZLaHl0ckRsTktUa2FYUzMxRU1kRE1GWE1iWlZLYXd2SzM2OWk1SGZzZk1rSjcyRHFnbCtUMHZTVzFKRG9mVEFpcm1POWJOQ0pWQ29tamxqbGp4dmRHalNET1BtNlhZeEtqWGFrelh0UjBGQXd3eDdINTRsWldxNzdCdEhmUUd5UHFPZWVhK3pLNWRxeWFTMEdXb0NmRkJ1Q1Q1TEFvTlhTRVFWVlc1ZGp3eGJsRUZrSjhVaXBpYXoxTXI1Z3ZSV3N0NlRNN2xHR09tbEVETjJJbmg5dkluVEpUd0RNeTFOSEo1WDJqaGRwMlNvUlN0QUxONlZpaTVMakh3dHAxQWdqZlZuRlR1aVI3UWVLUTVsTjBkdnVmOEtHYkFoQ2lENngxalg4VERKOE5PRWNYYTYyRHdEQ0UrSDlRQlcxTzlPL1FWUG9TSXVqT1lGU0IyVkNsbGZGemM4RmhLbGZLRlcyZlNYbFRSY05YNDE5djcvNWpxL3RuUU1EMjl4YkoxbTAySmRTb3NacjIvNjR1dEpMOSIsImRhdGFDaXBoZXJBbGciOiJERUZBVUxUIiwidGVuYW50S2V5VXVpZCI6IjdhYjQyN2UxMzQ0ZGRlMDFjOWY5NzQ3Mjc2MDM4NGFicGZ0S01hbkZFRkgifQ.VjrWftgXUmLD_P9ECVYGwBEzpyrvZcy-hdrAciIp-aU",
        "expires_in": 179999,
        "scope": "USER_API",
        "id_token": "eyJhbGciOiJSUzI1NiJ9.eyJzdWIiOiJjMGQ3ZWJiYWU4NjlhNzY3ODExODMzMTA3NjgwODg1NDNEa29sREx6clNCIiwic2NvcGUiOiJjMGQ3ZWJiYWU4NjlhNzY3ODExODMzMTA3NjgwODg1NDNEa29sREx6clNCIDEyMzQ2MTExMUAxMy5jb20gMTU4MDExMTExMDAiLCJsb2dpbk5hbWUiOiJ0ZXN0MDI3IiwiY3VzdG9tZXJJZCI6IjQ0MTIxNjU2Mjk4NDE5NTY4MTkiLCJleHAiOjE2NTY1MDYwODAsImp0aSI6InZRN0Uxa0xPTzVpQ3ZuR2JYTUdkZWciLCJpYXQiOjE2NTYzMjYwODEsIm5iZiI6MTY1NjMyNjAyMX0.CW3d41c7oGP23FU5DKGyiX553qLea09oYS4s-dISnse9iE-gGjZxUEqXlHSgfSERES9VeaaVwXEUqPOGKkHEEW0fQKcS82WTepiy1QHB0WeRzqKQQY9t38Rp-v_uMlpKLhnrfK_q_Q1A9ak5kDlpvidp2p5I84NmnisiQmGW7ep3xzs9V7axV9ump207ek5Bl1fs1kZ2gOUTHyWuQ0XoIDF6NHmUjtpA31jc5a13o-UIgX1Bd3ZNjmFiwm4EQ3xyZci72w0rTV7EyRa4KU7KyBjv-QJGv8T2Y4e2GnI-BiqWsaE1wtImhvXRRQ__MT_lRDph87-7zA4cTWEsZJRSXg",
        "idaasCode": null,
        "locked": false,
        "enabled": false,
        "sourceApplicationUuid": null,
        "authId": null,
        "unionId": null,
        "openId": null,
        "phoneRegion": null,
        "createTime": null,
        "uamParams": null
    }
}

四、完善个人信息

1. 发送验证码

账号补充账号信息时,如果需要补充手机号或者邮箱,则先验证手机号和邮箱是否为当前用户的,因此需要用到验证码校验。该接口用于发送手机号/邮箱验证码。

接口地址

Request URI: POST /api/bff/v1.2/developer/ciam/complete/obtain_code

Content-Type: application/json

请求参数

{
  "fId": "{{fId}}",
	"type":"EMAIL",
	"email":"test@test.com",
	"phoneNumber":"15100000000",
	"phoneRegion":"",
  "userType":"",
	"captchaCode":"",
	"captchaText":""
}

参数名

类型

必须

内容说明

fId

string

上一步流程的 fId

type

string

绑定的属性类型。SMS 代表手机号,EMAIL 代表邮箱

phoneNumber

string

手机号,当 type 传 SMS 时该值必传

phoneRegion

string

手机号区号

email

string

邮箱,当 type 传 EMAIL 时该值必传

language

string

发送验证码的语言类型,默认取首选语言

engineCode

string

发送验证码的网关编码,默认取首选服务商的首选网关

userType

string

自定义用户类型,默认为普通用户

说明

若开启了【短信/邮件防暴 图形验证码】则在发送验证码次数超过风控阈值时需要验证图形验证码

captchaCode

string

图形验证码的唯一标识,通过获取图形验证接口返回

captchaText

string

图形验证码,根据界面中验证码图片显示的数字进行填写

返回参数

{
    "success": true,
    "code": "Operation.Success",
    "message": "Operation.Success",
    "requestId": "1654591001075$3b675da5-5564-8ac5-f5cb-278f22c2908a",
    "data": {
        "fId": "20220607163529468654192924672_X_BDE"
    }
}

参数名

类型

示例

描述

fId

String

流程 ID,下一个流程传回来

2 补充账号属性

在用户进行认证操作时,若开启账户属性必填的配置,认证完成后将会返回 flowType = NEED_COMPLETE_ACCOUNT_ATTR,同时包含以下内容时,需要执行补充账户信息的流程:

{
    "success": true,
    "code": "Operation.Success",
    "message": "Operation.Success",
    "requestId": "1673335017357$4eec4dea-e833-365b-9076-4744fa49ae84",
    "data": {
        "fId": "202301101516523678255186083334144_X_BCDEF",
        "flowType": "NEED_COMPLETE_ACCOUNT_ATTR",
        "additional": {
            "accountAttrs": [
                "username",
                "email",
                "password"
            ],
            "baseAttrs": [
                {
                    "fieldName": "姓名",
                    "dataDictionaryFieldType": "TEXT",
                    "dataDictionaryType": "USER_BASE",
                    "dictionaryValueUuid": "xxxxxxx",
                    "selectFieldOptions": [],
                    "fieldValue": "fullName",
                    "uuid": "46b13e088966a93daa01d42ccacc0e88zk8mIRyXO0J",
                    "customAttributes": []
                }
            ]
        }
    }
}

该接口用于补充账号的属性(手机号、邮箱、用户名、密码等)用户的基本属性(头像、昵称、姓名、性别、生日等),需要注意的是,该接口在部分场景下可能也会返回待补充的用户的扩展属性,前端需要做好适配。

接口地址

Request URI: POST /api/bff/v1.2/developer/ciam/complete/account_attr

Content-Type: application/json

请求参数

{
    "fId": "xxxxxx",
    "email": "test@test.com",
    "emailCode": "000000",
    "phoneNumber": "15100000000",
    "phoneRegion": "86",
    "smsCode": "000000",
    "username": "test"
}

参数名

类型

必须

内容说明

fId

string

上一步流程的 fId

username

string

用户名,该值是否必填,取决于当登录或者注册接口返回 flowType=NEED_COMPLETE_ACCOUNT_ATTR 时,接口返回数据中的data.additional.accountAttrs里是否包含 username属性

password

string

密码,该值是否必填,取决于当登录或者注册接口返回 flowType=NEED_COMPLETE_ACCOUNT_ATTR 时,接口返回数据中的data.additional.accountAttrs里是否包含 password 属性

email

string

邮箱,该值是否必填,取决于当登录或者注册接口返回 flowType=NEED_COMPLETE_ACCOUNT_ATTR 时,接口返回数据中的data.additional.accountAttrs里是否包含 email属性

phoneNumber

string

手机号,该值是否必填,取决于当登录或者注册接口返回 flowType=NEED_COMPLETE_ACCOUNT_ATTR 时,接口返回数据中的data.additional.accountAttrs里是否包含 phoneNumber属性

phoneRegion

string

手机号区号,该值是否必填,取决于当登录或者注册接口返回 flowType=NEED_COMPLETE_ACCOUNT_ATTR 时,接口返回数据中的data.additional.accountAttrs里是否包含 phoneNumber属性

smsCode

string

手机验证码,当待补充的属性中存在手机号时,该值必填

emailCode

string

邮箱验证码,当待补充的属性中存在邮箱时,该值必填

displayName

string

显示名称,该值是否必填,取决于当登录或者注册接口返回 flowType=NEED_COMPLETE_ACCOUNT_ATTR 时,接口返回数据中的data.additional.baseAttrs里是否包含 displayName属性

enDisplayName

string

英文显示名称,该值是否必填,取决于当登录或者注册接口返回 flowType=NEED_COMPLETE_ACCOUNT_ATTR 时,接口返回数据中的data.additional.baseAttrs里是否包含 enDisplayName属性

fullName

string

名称全称,该值是否必填,取决于当登录或者注册接口返回 flowType=NEED_COMPLETE_ACCOUNT_ATTR 时,接口返回数据中的data.additional.baseAttrs里是否包含 fullName属性

gender

string

性别,该值是否必填,取决于当登录或者注册接口返回 flowType=NEED_COMPLETE_ACCOUNT_ATTR 时,接口返回数据中的data.additional.baseAttrs里是否包含 gender属性

birthday

string

生日,该值是否必填,取决于当登录或者注册接口返回 flowType=NEED_COMPLETE_ACCOUNT_ATTR 时,接口返回数据中的data.additional.baseAttrs里是否包含 birthday属性

country

string

国家,该值是否必填,取决于当登录或者注册接口返回 flowType=NEED_COMPLETE_ACCOUNT_ATTR 时,接口返回数据中的data.additional.baseAttrs里是否包含 country属性

region

string

地区,该值是否必填,取决于当登录或者注册接口返回 flowType=NEED_COMPLETE_ACCOUNT_ATTR 时,接口返回数据中的data.additional.baseAttrs里是否包含 region属性

province

string

省份,该值是否必填,取决于当登录或者注册接口返回 flowType=NEED_COMPLETE_ACCOUNT_ATTR 时,接口返回数据中的data.additional.baseAttrs里是否包含 province属性

city

string

城市,该值是否必填,取决于当登录或者注册接口返回 flowType=NEED_COMPLETE_ACCOUNT_ATTR 时,接口返回数据中的data.additional.baseAttrs里是否包含 city属性

street

string

街道,该值是否必填,取决于当登录或者注册接口返回 flowType=NEED_COMPLETE_ACCOUNT_ATTR 时,接口返回数据中的data.additional.baseAttrs里是否包含 street属性

address

string

详细地址,该值是否必填,取决于当登录或者注册接口返回 flowType=NEED_COMPLETE_ACCOUNT_ATTR 时,接口返回数据中的data.additional.baseAttrs里是否包含 address属性

description

string

个人描述,该值是否必填,取决于当登录或者注册接口返回 flowType=NEED_COMPLETE_ACCOUNT_ATTR 时,接口返回数据中的data.additional.baseAttrs里是否包含 description属性

avatarUuid

string

用户头像,该值是否必填,取决于当登录或者注册接口返回 flowType=NEED_COMPLETE_ACCOUNT_ATTR 时,接口返回数据中的data.additional.baseAttrs里是否包含 avatarUuid属性

返回参数

{
    "success": true,
    "code": "Operation.Success",
    "message": "Operation.Success",
    "requestId": "1671451557868$5296056b-782c-38e6-aaf4-e2a9580055a9",
    "data": {
        "userId": null,
        "uuid": "9c9f2eb104b1dd8ffc21a8c53cf168fc6LJFouMQJNH",
        "access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6ImUyZTE0MTNmNGRiMzgwOTA4YjRlZDNlYjZmOGJmMDhhMURvZjZDblc0V0QifQ.eyJjaXBoZXJUZXh0IjoiVkh3YXpxZTdVb1owNEs5TTlnN2pqLzUvTEhSc2ZyOG1wVHU0TWdUckYwTGJLZ0ZLaHl0ckRsTktUa2FYUzMxRU1kRE1GWE1iWlZLYXd2SzM2OWk1SGZzZk1rSjcyRHFnbCtUMHZTVzFKRHB3Z1ozS3IyQU01T21FQmx5MDJlNzJ4dmRHalNET1BtNlhZeEtqWGFrelhzR2wwVVRtWEdxNm9mK2FLUzJJNllWOG9rZkRlQlIzb2JTbSt2Y0c3TTRPTm9KTDR6cG11ajZXNENwQTNkeTJQRHBOV0dkRktOeks1cmF2eERJcmJTZUtnMmp4bmFGN2R6SXlBS2xzcnc2eGJzODJuNU5INk5uSnZPZ2NHVW5LRlBqOG4xZHhVTHlLOHlIUk4rRUtMeWJIczcxbmVIeFFzM2pNbi9UaERzdDBuSStmVTI4LzFhMVV6RGd4MXRLUDBkbmNwS3owSGVwbWV5WnF1ZGppWXlZbjN1eVBibWg2SVBuNG1FWGdVbzNQeGp5dDNXRTlkQS9HSmJqR2t2N1NKRzJ4TlRlZnk0ejNhRXZ2UHNmemJpbm5kaG9jVFRrb2ZnbVdyLyt4Ky8yQWx3NFZMZHV5enZHR01jcUpLK3ZNNFE9PSIsImRhdGFDaXBoZXJBbGciOiJERUZBVUxUIiwidGVuYW50S2V5VXVpZCI6IjdhYjQyN2UxMzQ0ZGRlMDFjOWY5NzQ3Mjc2MDM4NGFicGZ0S01hbkZFRkgifQ.5T7iDRsl8FXZN1A-tFPepPS_huDSw8CRHuaCefBSyLs",
        "token_type": "bearer",
        "refresh_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6ImUyZTE0MTNmNGRiMzgwOTA4YjRlZDNlYjZmOGJmMDhhMURvZjZDblc0V0QifQ.eyJjaXBoZXJUZXh0IjoiVkh3YXpxZTdVb1owNEs5TTlnN2pqLzUvTEhSc2ZyOG1wVHU0TWdUckYwTGJLZ0ZLaHl0ckRsTktUa2FYUzMxRU1kRE1GWE1iWlZLYXd2SzM2OWk1SGZzZk1rSjcyRHFnbCtUMHZTVzFKRHB3Z1ozS3IyQU01T21FQmx5MDJlNzJ4dmRHalNET1BtNlhZeEtqWGFrelhzR2wwVVRtWEdxNm9mK2FLUzJJNllWcUNrRUtQbHpoOEw1ajVqRHJzM0VKRWNSd3ZxNGpGU0QvSjJ6VTc4VGlvTkFsb1VseVpYZ0dMMGV0V0pzT2ZuU2RyZCsrSjNLYTU3Mi8rbDdEd3VPeDF4V09VT2xpVDB5QnhseU5peVI4ZW5BaVhlMUxtSkxxWnlPSVNJdDlZU3VFdk9oTlBXbXkwalRMNVpSZGkxZWtQaXpERVhxTDdTQnc2UkgxVHViTjRkVUlLN0w3TFBXc3FITnVuSm9YcjNQTmJVcXh4M09OV1I0K0dMWFl0dmRSWDV4UjBnYzllZnk5ZkZpZk9oeFdYWWs5cTREdmw5cnR5dTdqc25iUit4czZYWjhoYms2VWp2MEo2YVFLdmE3dWpGMlBlc3oyRVo3V3NnUVVZVmY5SDY2ZGhnUTJGTnhYd3JBVlJnMnRvSzNjM1VWOUJ4RkNub0NFbytEWkxWN1giLCJkYXRhQ2lwaGVyQWxnIjoiREVGQVVMVCIsInRlbmFudEtleVV1aWQiOiI3YWI0MjdlMTM0NGRkZTAxYzlmOTc0NzI3NjAzODRhYnBmdEtNYW5GRUZIIn0.ZfQ4O1u1lHDIynAg63FpUfBS6BJslza6S33NvzdqMxs",
        "expires_in": 719999,
        "scope": "USER_API,openid,profile",
        "id_token": "eyJhbGciOiJSUzI1NiJ9.eyJpc3MiOiJodHRwOi8vbG9jYWxob3N0OjgwODEiLCJzdWIiOiI5YzlmMmViMTA0YjFkZDhmZmMyMWE4YzUzY2YxNjhmYzZMSkZvdU1RSk5IIiwiYXVkIjoiZTJlMTQxM2Y0ZGIzODA5MDhiNGVkM2ViNmY4YmYwOGExRG9mNkNuVzRXRCIsImV4cCI6MTY3MjE3MTU2OCwiaWF0IjoxNjcxNDUxNTY5LCJqdGkiOiJrQ050MEpmbkVJZWZWbUdla0Z3QkpBIiwibmJmIjoxNjcxNDUxNTA5LCJ1c2VybmFtZSI6ImQxMjM0NTYiLCJleHRlcm5hbElkIjpudWxsLCJuaWNrbmFtZSI6IlIyMDIyMTEyODE2MTQxMDE2MjE5MDA1OTUiLCJwcmVmZXJyZWRfdXNlcm5hbWUiOiJSMjAyMjExMjgxNjE0MTAxNjIxOTAwNTk1In0.NXAqFDXtnqIYc08LzEmvCLkuRtiG9UIYpT-v3gka4eHUmWdxb0sAg3WuOWP_VXqWb2EkzFN1Jeo4x--WywBnpkwJ8OXR6GTnLu9eaxxktM7zrrQ-brriCeTm8Oi8UZrRm3ronY_7VvTXgKVNY1hiqbQyQGDp6zo5QdiBRbSyqXvHXkIrz2-R8716TxeGSmPV2PQMGjaFFNCQWgXXDOEX_8TK6TOtRy-nYIe39NeYGWT6X5-IrslsKKTKW3yjc6227EHQtCZjIxK51Ys7hQh-ahoQUbyPFJUQeFbbkRiXokOBIloWfoWWBCsXTfILWJm3wrq9lHyvlavUT64291k8RA"
    }
}

3.补充扩展属性

在用户进行认证操作时,若开启账户扩展必填的配置,认证完成后将会返回 flowType = NEED_COMPLETE_EXTENSION_ATTR,同时包含以下内容时,需要执行补充账户信息的流程:

{
    "success": true,
    "code": "Operation.Success",
    "message": "Operation.Success",
    "requestId": "1672307673561$a48a5b6a-baa8-dd7f-a805-d070a5f856b1",
    "data": {
        "fId": "202212291754332256045602524457984_X_BCDF",
        "flowType": "NEED_COMPLETE_EXTENSION_ATTR",
        "additional": {
            "dataDictionaries": [
                {
                    "needRelation": false,
                    "fieldName": "性别",
                    "dataDictionaryFieldType": "SELECT",
                    "dataDictionaryType": "UD_ACCOUNT",
                    "enterpriseUuid": "2bcdef58e8ae5cf6f5b18343bc1fbebc2f64xbYa0yx",
                    "needShow": true,
                    "fieldValue": "sex",
                    "uuid": "cc4d7cbfda2ebc0437921ab3fe900f7fylI7pPzLC9C",
                    "enabled": true,
                    "required": false,
                    "readonly": false,
                    "unique": false,
                    "dictionaryValueUuid": "0646c123295b07b93570b43c2e0b057ebEIKJZzEvWG",
                    "selectFieldOptions": [
                        {
                            "optionLabel": "男",
                            "optionValue": "男",
                            "optionId": "2fe9693edc921a4ae0bdd2e7653aafd4GW1e6uZFSgS",
                            "uuid": "077d6c18b9168aad2451ad063f5e4588O3zhBpn50y3"
                        },
                        {
                            "optionLabel": "女",
                            "optionValue": "女",
                            "optionId": "a547a2535e1aae7d2631e9e613e6824fmP9dg8SNfkr",
                            "uuid": "52f2a4b11b168696a64ee144f7b2729akjuANhofvcG"
                        }
                    ],
                    "modifiable": true,
                    "needSensitive": false,
                    "customAttributes": []
                }
            ]
        },
        "userList": null
    }
}

该接口用于补充账号的扩展属性,需要注意的是,该接口在部分场景下可能也会返回待补充的用户的账号属性,前端需要做好适配,账号属性的内容参考 2.4.4 补充账号属性

接口地址

Request URI: POST /api/bff/v1.2/developer/ciam/complete/extension_attr

Content-Type: application/json

请求参数

{
  "fId":"xxxxxxxxx",
  "dataDictionaryValues": [
    {
      "uuid": "0646c123295b07b93570b43c2e0b057ebEIKJZzEvWG",
      "dictionaryUuid": "cc4d7cbfda2ebc0437921ab3fe900f7fylI7pPzLC9C",
      "dictionaryValue": "男"
    },
    {
      "uuid": "880490b6d30c8c0f2612d3df8b2aae0bSUfpHl5rVsq",
      "dictionaryUuid": "0fe64d5bf628a7*******3573de77f238x5hv7TROSWB",
      "dictionaryValue": "扩展属性的值"
    }
  ]
}

参数名

类型

必须

内容说明

fId

String

流程 ID,上个流程生成的

dataDictionaryValues

Array

扩展属性的值,数组类型

  • uuid

String

扩展属性值的 UUID,当登录或者注册接口返回 flowType=NEED_COMPLETE_EXTENSION_ATTR 时,该值对应登录注册接口返回数据中的data.additional.dataDictionaries[0].dictionaryValueUuid

  • dictionaryUuid

String

扩展属性的 UUID,当登录或者注册接口返回 flowType=NEED_COMPLETE_EXTENSION_ATTR 时,该值对应登录注册接口返回数据中的data.additional.dataDictionaries[0].uuid

  • dictionaryValue

String

扩展属性的值,由用户输入

返回参数

{
    "success": true,
    "code": "Operation.Success",
    "message": "Operation.Success",
    "requestId": "1671451557868$5296056b-782c-38e6-aaf4-e2a9580055a9",
    "data": {
        "userId": null,
        "uuid": "9c9f2eb104b1dd8ffc21a8c53cf168fc6LJFouMQJNH",
        "access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6ImUyZTE0MTNmNGRiMzgwOTA4YjRlZDNlYjZmOGJmMDhhMURvZjZDblc0V0QifQ.eyJjaXBoZXJUZXh0IjoiVkh3YXpxZTdVb1owNEs5TTlnN2pqLzUvTEhSc2ZyOG1wVHU0TWdUckYwTGJLZ0ZLaHl0ckRsTktUa2FYUzMxRU1kRE1GWE1iWlZLYXd2SzM2OWk1SGZzZk1rSjcyRHFnbCtUMHZTVzFKRHB3Z1ozS3IyQU01T21FQmx5MDJlNzJ4dmRHalNET1BtNlhZeEtqWGFrelhzR2wwVVRtWEdxNm9mK2FLUzJJNllWOG9rZkRlQlIzb2JTbSt2Y0c3TTRPTm9KTDR6cG11ajZXNENwQTNkeTJQRHBOV0dkRktOeks1cmF2eERJcmJTZUtnMmp4bmFGN2R6SXlBS2xzcnc2eGJzODJuNU5INk5uSnZPZ2NHVW5LRlBqOG4xZHhVTHlLOHlIUk4rRUtMeWJIczcxbmVIeFFzM2pNbi9UaERzdDBuSStmVTI4LzFhMVV6RGd4MXRLUDBkbmNwS3owSGVwbWV5WnF1ZGppWXlZbjN1eVBibWg2SVBuNG1FWGdVbzNQeGp5dDNXRTlkQS9HSmJqR2t2N1NKRzJ4TlRlZnk0ejNhRXZ2UHNmemJpbm5kaG9jVFRrb2ZnbVdyLyt4Ky8yQWx3NFZMZHV5enZHR01jcUpLK3ZNNFE9PSIsImRhdGFDaXBoZXJBbGciOiJERUZBVUxUIiwidGVuYW50S2V5VXVpZCI6IjdhYjQyN2UxMzQ0ZGRlMDFjOWY5NzQ3Mjc2MDM4NGFicGZ0S01hbkZFRkgifQ.5T7iDRsl8FXZN1A-tFPepPS_huDSw8CRHuaCefBSyLs",
        "token_type": "bearer",
        "refresh_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6ImUyZTE0MTNmNGRiMzgwOTA4YjRlZDNlYjZmOGJmMDhhMURvZjZDblc0V0QifQ.eyJjaXBoZXJUZXh0IjoiVkh3YXpxZTdVb1owNEs5TTlnN2pqLzUvTEhSc2ZyOG1wVHU0TWdUckYwTGJLZ0ZLaHl0ckRsTktUa2FYUzMxRU1kRE1GWE1iWlZLYXd2SzM2OWk1SGZzZk1rSjcyRHFnbCtUMHZTVzFKRHB3Z1ozS3IyQU01T21FQmx5MDJlNzJ4dmRHalNET1BtNlhZeEtqWGFrelhzR2wwVVRtWEdxNm9mK2FLUzJJNllWcUNrRUtQbHpoOEw1ajVqRHJzM0VKRWNSd3ZxNGpGU0QvSjJ6VTc4VGlvTkFsb1VseVpYZ0dMMGV0V0pzT2ZuU2RyZCsrSjNLYTU3Mi8rbDdEd3VPeDF4V09VT2xpVDB5QnhseU5peVI4ZW5BaVhlMUxtSkxxWnlPSVNJdDlZU3VFdk9oTlBXbXkwalRMNVpSZGkxZWtQaXpERVhxTDdTQnc2UkgxVHViTjRkVUlLN0w3TFBXc3FITnVuSm9YcjNQTmJVcXh4M09OV1I0K0dMWFl0dmRSWDV4UjBnYzllZnk5ZkZpZk9oeFdYWWs5cTREdmw5cnR5dTdqc25iUit4czZYWjhoYms2VWp2MEo2YVFLdmE3dWpGMlBlc3oyRVo3V3NnUVVZVmY5SDY2ZGhnUTJGTnhYd3JBVlJnMnRvSzNjM1VWOUJ4RkNub0NFbytEWkxWN1giLCJkYXRhQ2lwaGVyQWxnIjoiREVGQVVMVCIsInRlbmFudEtleVV1aWQiOiI3YWI0MjdlMTM0NGRkZTAxYzlmOTc0NzI3NjAzODRhYnBmdEtNYW5GRUZIIn0.ZfQ4O1u1lHDIynAg63FpUfBS6BJslza6S33NvzdqMxs",
        "expires_in": 719999,
        "scope": "USER_API,openid,profile",
        "id_token": "eyJhbGciOiJSUzI1NiJ9.eyJpc3MiOiJodHRwOi8vbG9jYWxob3N0OjgwODEiLCJzdWIiOiI5YzlmMmViMTA0YjFkZDhmZmMyMWE4YzUzY2YxNjhmYzZMSkZvdU1RSk5IIiwiYXVkIjoiZTJlMTQxM2Y0ZGIzODA5MDhiNGVkM2ViNmY4YmYwOGExRG9mNkNuVzRXRCIsImV4cCI6MTY3MjE3MTU2OCwiaWF0IjoxNjcxNDUxNTY5LCJqdGkiOiJrQ050MEpmbkVJZWZWbUdla0Z3QkpBIiwibmJmIjoxNjcxNDUxNTA5LCJ1c2VybmFtZSI6ImQxMjM0NTYiLCJleHRlcm5hbElkIjpudWxsLCJuaWNrbmFtZSI6IlIyMDIyMTEyODE2MTQxMDE2MjE5MDA1OTUiLCJwcmVmZXJyZWRfdXNlcm5hbWUiOiJSMjAyMjExMjgxNjE0MTAxNjIxOTAwNTk1In0.NXAqFDXtnqIYc08LzEmvCLkuRtiG9UIYpT-v3gka4eHUmWdxb0sAg3WuOWP_VXqWb2EkzFN1Jeo4x--WywBnpkwJ8OXR6GTnLu9eaxxktM7zrrQ-brriCeTm8Oi8UZrRm3ronY_7VvTXgKVNY1hiqbQyQGDp6zo5QdiBRbSyqXvHXkIrz2-R8716TxeGSmPV2PQMGjaFFNCQWgXXDOEX_8TK6TOtRy-nYIe39NeYGWT6X5-IrslsKKTKW3yjc6227EHQtCZjIxK51Ys7hQh-ahoQUbyPFJUQeFbbkRiXokOBIloWfoWWBCsXTfILWJm3wrq9lHyvlavUT64291k8RA",
        "uamParams": null
    }
}

4 跳过补充账号信息

在用户进行认证操作时,若开启账户扩展必填的配置,认证完成后将会返回 flowType = NEED_COMPLETE_ACCOUNT_ATTR 或者 flowType = NEED_COMPLETE_EXTENSION_ATTR,用户可以在注册环节选择是否跳过补充信息。该接口主要用于用户在注册环节跳过补充信息(包括补充账号信息和补充扩展信息,都调用该接口进行跳过)时使用。

接口地址

Request URI: POST /api/bff/v1.2/developer/ciam/complete/ignore

Content-Type: application/json

请求参数

{
    "fId": "xxxxx"
}

参数名

类型

必须

内容说明

fId

String

流程 ID,上个流程生成的

返回参数

{
    "success": true,
    "code": "Operation.Success",
    "message": "Operation.Success",
    "requestId": "1671451557868$5296056b-782c-38e6-aaf4-e2a9580055a9",
    "data": {
        "userId": null,
        "uuid": "9c9f2eb104b1dd8ffc21a8c53cf168fc6LJFouMQJNH",
        "access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6ImUyZTE0MTNmNGRiMzgwOTA4YjRlZDNlYjZmOGJmMDhhMURvZjZDblc0V0QifQ.eyJjaXBoZXJUZXh0IjoiVkh3YXpxZTdVb1owNEs5TTlnN2pqLzUvTEhSc2ZyOG1wVHU0TWdUckYwTGJLZ0ZLaHl0ckRsTktUa2FYUzMxRU1kRE1GWE1iWlZLYXd2SzM2OWk1SGZzZk1rSjcyRHFnbCtUMHZTVzFKRHB3Z1ozS3IyQU01T21FQmx5MDJlNzJ4dmRHalNET1BtNlhZeEtqWGFrelhzR2wwVVRtWEdxNm9mK2FLUzJJNllWOG9rZkRlQlIzb2JTbSt2Y0c3TTRPTm9KTDR6cG11ajZXNENwQTNkeTJQRHBOV0dkRktOeks1cmF2eERJcmJTZUtnMmp4bmFGN2R6SXlBS2xzcnc2eGJzODJuNU5INk5uSnZPZ2NHVW5LRlBqOG4xZHhVTHlLOHlIUk4rRUtMeWJIczcxbmVIeFFzM2pNbi9UaERzdDBuSStmVTI4LzFhMVV6RGd4MXRLUDBkbmNwS3owSGVwbWV5WnF1ZGppWXlZbjN1eVBibWg2SVBuNG1FWGdVbzNQeGp5dDNXRTlkQS9HSmJqR2t2N1NKRzJ4TlRlZnk0ejNhRXZ2UHNmemJpbm5kaG9jVFRrb2ZnbVdyLyt4Ky8yQWx3NFZMZHV5enZHR01jcUpLK3ZNNFE9PSIsImRhdGFDaXBoZXJBbGciOiJERUZBVUxUIiwidGVuYW50S2V5VXVpZCI6IjdhYjQyN2UxMzQ0ZGRlMDFjOWY5NzQ3Mjc2MDM4NGFicGZ0S01hbkZFRkgifQ.5T7iDRsl8FXZN1A-tFPepPS_huDSw8CRHuaCefBSyLs",
        "token_type": "bearer",
        "refresh_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6ImUyZTE0MTNmNGRiMzgwOTA4YjRlZDNlYjZmOGJmMDhhMURvZjZDblc0V0QifQ.eyJjaXBoZXJUZXh0IjoiVkh3YXpxZTdVb1owNEs5TTlnN2pqLzUvTEhSc2ZyOG1wVHU0TWdUckYwTGJLZ0ZLaHl0ckRsTktUa2FYUzMxRU1kRE1GWE1iWlZLYXd2SzM2OWk1SGZzZk1rSjcyRHFnbCtUMHZTVzFKRHB3Z1ozS3IyQU01T21FQmx5MDJlNzJ4dmRHalNET1BtNlhZeEtqWGFrelhzR2wwVVRtWEdxNm9mK2FLUzJJNllWcUNrRUtQbHpoOEw1ajVqRHJzM0VKRWNSd3ZxNGpGU0QvSjJ6VTc4VGlvTkFsb1VseVpYZ0dMMGV0V0pzT2ZuU2RyZCsrSjNLYTU3Mi8rbDdEd3VPeDF4V09VT2xpVDB5QnhseU5peVI4ZW5BaVhlMUxtSkxxWnlPSVNJdDlZU3VFdk9oTlBXbXkwalRMNVpSZGkxZWtQaXpERVhxTDdTQnc2UkgxVHViTjRkVUlLN0w3TFBXc3FITnVuSm9YcjNQTmJVcXh4M09OV1I0K0dMWFl0dmRSWDV4UjBnYzllZnk5ZkZpZk9oeFdYWWs5cTREdmw5cnR5dTdqc25iUit4czZYWjhoYms2VWp2MEo2YVFLdmE3dWpGMlBlc3oyRVo3V3NnUVVZVmY5SDY2ZGhnUTJGTnhYd3JBVlJnMnRvSzNjM1VWOUJ4RkNub0NFbytEWkxWN1giLCJkYXRhQ2lwaGVyQWxnIjoiREVGQVVMVCIsInRlbmFudEtleVV1aWQiOiI3YWI0MjdlMTM0NGRkZTAxYzlmOTc0NzI3NjAzODRhYnBmdEtNYW5GRUZIIn0.ZfQ4O1u1lHDIynAg63FpUfBS6BJslza6S33NvzdqMxs",
        "expires_in": 719999,
        "scope": "USER_API,openid,profile",
        "id_token": "eyJhbGciOiJSUzI1NiJ9.eyJpc3MiOiJodHRwOi8vbG9jYWxob3N0OjgwODEiLCJzdWIiOiI5YzlmMmViMTA0YjFkZDhmZmMyMWE4YzUzY2YxNjhmYzZMSkZvdU1RSk5IIiwiYXVkIjoiZTJlMTQxM2Y0ZGIzODA5MDhiNGVkM2ViNmY4YmYwOGExRG9mNkNuVzRXRCIsImV4cCI6MTY3MjE3MTU2OCwiaWF0IjoxNjcxNDUxNTY5LCJqdGkiOiJrQ050MEpmbkVJZWZWbUdla0Z3QkpBIiwibmJmIjoxNjcxNDUxNTA5LCJ1c2VybmFtZSI6ImQxMjM0NTYiLCJleHRlcm5hbElkIjpudWxsLCJuaWNrbmFtZSI6IlIyMDIyMTEyODE2MTQxMDE2MjE5MDA1OTUiLCJwcmVmZXJyZWRfdXNlcm5hbWUiOiJSMjAyMjExMjgxNjE0MTAxNjIxOTAwNTk1In0.NXAqFDXtnqIYc08LzEmvCLkuRtiG9UIYpT-v3gka4eHUmWdxb0sAg3WuOWP_VXqWb2EkzFN1Jeo4x--WywBnpkwJ8OXR6GTnLu9eaxxktM7zrrQ-brriCeTm8Oi8UZrRm3ronY_7VvTXgKVNY1hiqbQyQGDp6zo5QdiBRbSyqXvHXkIrz2-R8716TxeGSmPV2PQMGjaFFNCQWgXXDOEX_8TK6TOtRy-nYIe39NeYGWT6X5-IrslsKKTKW3yjc6227EHQtCZjIxK51Ys7hQh-ahoQUbyPFJUQeFbbkRiXokOBIloWfoWWBCsXTfILWJm3wrq9lHyvlavUT64291k8RA"
    }
}

五、其他接口

1. 忘记密码

用户输入手机号或邮箱来发起忘记密码流程。如果输入的唯一标识有效,那么 IDaaS 会发送一个 15 分钟有效的 OTP 验证码至该手机。

1.1. 发送验证码

接口地址

Request URI: POST /api/bff/v1.2/developer/ciam/forgot_password/send

Content-Type: application/json

请求参数

参数名

类型

必填

内容说明

fId

string

上一步流程的 fId,比如切换用户类型

phoneNumber

string

手机号,当 type = SMS 时必填

phoneRegion

string

手机区号,默认86

type

string

找回密码的类型。SMS 代表手机号,EMAIL 代表邮箱

email

string

邮箱,当 type = EMAIL 时必填

language

string

发送验证码的语言类型,默认取首选语言

engineCode

string

发送验证码的网关编码,默认取首选服务商的首选网关

userType

string

自定义用户类型,默认为 default

返回参数

参数名

类型

内容说明

fId

string

流程 ID,下个流程请求接口时需要传递

{
  "success": true,
  "code": "Operation.Success",
  "message": "Operation.Success",
  "requestId": "1672232351358$83cbe428-a81c-039e-3d14-04614f31b52c",
  "data": {
    "fId": "d587561e6b8dad2ab2b90715d5f74372ysYHVUMy2AR"
  }
}

1.2. 校验短信验证码

调用当前接口来验证 OTP 验证码是否通过。当验证通过后,即可设置一个新密码。

接口地址

Request URI: POST /api/bff/v1.2/developer/ciam/forgot_password/verify

Content-Type: application/json

请求参数

参数名

类型

必须

内容说明

fId

string

上一步流程的 fId

type

string

绑定的属性类型。SMS 代表手机号,EMAIL 代表邮箱

code

string

用户输入的邀请码

phoneNumber

string

手机号,当 type 传 SMS 时该值必传

phoneRegion

string

手机号区号

email

string

邮箱,当 type 传 EMAIL 时该值必传

若开启了【短信/邮件防暴 图形验证码】则在发送验证码次数超过风控阈值时需要验证图形验证码

captchaCode

string

图形验证码的唯一标识,通过获取图形验证接口返回

captchaText

string

图形验证码,根据界面中验证码图片显示的数字进行填写

返回参数

参数名

类型

内容说明

fId

String

流程 ID,下一步流程需要原样传回

{
  "success": true,
  "code": "Operation.Success",
  "message": "Operation.Success",
  "requestId": "1662014149034$463a0625-928e-3951-d004-2bd553d9da51",
  "data": {
    "fId": "64075566080ea2757ada330861adc94a7HjhIK08J25"
  }
}

1.3. 提交新密码

当用户验证通过,并拿到 forgotPasswordId 后,调用本接口来设置一个新密码。

接口地址

Request URI: POST /api/bff/v1.2/developer/ciam/forgot_password/update_pwd

Content-Type: application/json

请求参数

参数名

类型

必填

内容说明

newPassword

stirng

用户输入的新密码

fId

stirng

流程 ID,由上一步接口返回

返回参数

{
  "success": true,
  "code": "Operation.Success",
  "message": "Operation.Success",
  "requestId": "1662014236325$ffee369b-f927-abdf-0585-48c2a5c69506",
  "data": null
}
  • 本页导读 (0)
文档反馈