Skip to content

Commit

Permalink
docs: Added a reminder for supporting only Alibaba Cloud Captcha 1.0. (
Browse files Browse the repository at this point in the history
…#584)

* docs: Added a reminder for supporting only Alibaba Cloud Captcha 1.0.

* fix: Fix non-standard writing in the public-api.md document.

* fix: Change the example links in public-api.md to inline code style.
  • Loading branch information
HGZ-20 authored Dec 9, 2023
1 parent 524d685 commit 5260f44
Show file tree
Hide file tree
Showing 2 changed files with 55 additions and 51 deletions.
100 changes: 49 additions & 51 deletions docs/basic/public-api.md
Original file line number Diff line number Diff line change
Expand Up @@ -25,83 +25,81 @@ The application can get the access token for the Casdoor user at the end of OAut

The below examples shows how to call `GetOAuthToken()` function in Go via casdoor-go-sdk.


```go
func (c *ApiController) Signin() {
code := c.Input().Get("code")
state := c.Input().Get("state")

token, err := casdoorsdk.GetOAuthToken(code, state)
if err != nil {
c.ResponseError(err.Error())
return
}

claims, err := casdoorsdk.ParseJwtToken(token.AccessToken)
if err != nil {
c.ResponseError(err.Error())
return
}

if !claims.IsAdmin {
claims.Type = "chat-user"
}

err = c.addInitialChat(&claims.User)
if err != nil {
c.ResponseError(err.Error())
return
}

claims.AccessToken = token.AccessToken
c.SetSessionClaims(claims)

c.ResponseOk(claims)
code := c.Input().Get("code")
state := c.Input().Get("state")

token, err := casdoorsdk.GetOAuthToken(code, state)
if err != nil {
c.ResponseError(err.Error())
return
}

claims, err := casdoorsdk.ParseJwtToken(token.AccessToken)
if err != nil {
c.ResponseError(err.Error())
return
}

if !claims.IsAdmin {
claims.Type = "chat-user"
}

err = c.addInitialChat(&claims.User)
if err != nil {
c.ResponseError(err.Error())
return
}

claims.AccessToken = token.AccessToken
c.SetSessionClaims(claims)

c.ResponseOk(claims)
}
```

All granted access tokens can also be accessed via the web UI by an admin user in the Tokens page. For example, visit: https://door.casdoor.com/tokens for the demo site.
All granted access tokens can also be accessed via the web UI by an admin user in the Tokens page. For example, visit: <https://door.casdoor.com/tokens> for the demo site.

#### How to authenticate?

1. HTTP `GET` parameter, the URL format is:

```
/page?access_token=<The access token>"
```
```shell
/page?access_token=<The access token>
```

Demo site example: https://door.casdoor.com/api/get-global-providers?access_token=eyJhbGciOiJSUzI1NiIs...
Demo site example: `https://door.casdoor.com/api/get-global-providers?access_token=eyJhbGciOiJSUzI1NiIs`

2. HTTP Bearer token, the HTTP header format is:

```
Authorization: Bearer <The access token>
```
```shell
Authorization: Bearer <The access token>
```

### 2. By `Client ID` and `Client secret`

#### How to get the client ID and secret?

The application edit page (e.g., https://door.casdoor.com/applications/casbin/app-vue-python-example) will show the client ID and secret for an application. This authentication is useful when you want to call the API as a "machine", "application" or a "service" instead of a user. The permissions for the API calls will be the same as the application (aka the admin of the organization).
The application edit page (e.g., <https://door.casdoor.com/applications/casbin/app-vue-python-example>) will show the client ID and secret for an application. This authentication is useful when you want to call the API as a "machine", "application" or a "service" instead of a user. The permissions for the API calls will be the same as the application (aka the admin of the organization).

The below examples shows how to call `GetOAuthToken()` function in Go via casdoor-go-sdk.
#### How to authenticate?
1. HTTP `GET` parameter, the URL format is:
```
/page?clientId=<The client ID>&clientSecret=<the client secret>"
```

Demo site example: https://door.casdoor.com/api/get-global-providers?clientId=294b09fbc17f95daf2fe&clientSecret=dd8982f7046ccba1bbd7851d5c1ece4e52bf039d
```shell
/page?clientId=<The client ID>&clientSecret=<the client secret>
```

Demo site example: `https://door.casdoor.com/api/get-global-providers?clientId=294b09fbc17f95daf2fe&clientSecret=dd8982f7046ccba1bbd7851d5c1ece4e52bf039d`

2. [HTTP Basic Authentication](https://en.wikipedia.org/wiki/Basic_access_authentication), the HTTP header format is:

```
Authorization: Basic <The Base64 encoding of client ID and client secret joined by a single colon ":">
```
```shell
Authorization: Basic <The Base64 encoding of client ID and client secret joined by a single colon ":">
```

If you are not familiar with the Base64 encoding, you can use a library to do that because `HTTP Basic Authentication` is a popular standard supported by many places.

Expand All @@ -123,8 +121,8 @@ We can use the username and password for a Casdoor user to call `Casdoor Public
1. HTTP `GET` parameter, the URL format is:
```
/page?username=<The user's organization name>/<The user name>&password=<the user's password>"
```
```shell
/page?username=<The user's organization name>/<The user name>&password=<the user's password>"
```
Demo site example: https://door.casdoor.com/api/get-global-providers?username=built-in/admin&password=123
Demo site example: `https://door.casdoor.com/api/get-global-providers?username=built-in/admin&password=123`
6 changes: 6 additions & 0 deletions docs/provider/captcha/aliyunCaptcha.md
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,12 @@ authors: [Resulte]

Alibaba Cloud Captcha is a captcha service provided by Alibaba Cloud. It offers two ways to verify captcha: "Sliding Validation" and "Intelligent Validation". You can find more details about it in this [link](https://help.aliyun.com/product/28308.html).

:::info

Currently, only [Alibaba Cloud Captcha 1.0](https://help.aliyun.com/zh/captcha/captcha1-0) is supported. [Alibaba Cloud Captcha 2.0](https://help.aliyun.com/zh/captcha) is currently in the public testing phase, so there are no plans for adaptation in the near term.

:::

## Add Captcha Configuration in Alibaba Cloud

To add the Captcha configuration, log in to the [Alibaba Cloud management console](https://account.aliyun.com/), search for and go to the Captcha Service. Then, click on **Confirm Open** to enable the Captcha Service.
Expand Down

0 comments on commit 5260f44

Please sign in to comment.