fix: 修正oauth2.0登录失败问题

2026-06-04 10:14:00 +08:00 · 2025-08-11 01:52:15 +08:00
parent c60932ea69
commit dc179ce1f4
3 changed files with 27 additions and 5 deletions
@@ -25,6 +25,8 @@ from services.feature_service import FeatureService

 from .. import api

+logger = logging.getLogger(__name__)
+

 def get_oauth_providers():
    with current_app.app_context():
@@ -74,12 +76,27 @@ class OAuthCallback(Resource):

        code = request.args.get("code")
        state = request.args.get("state")
+        # Fallback: some providers may return tokens directly in query (implicit/hybrid flow)
+        token_from_query: Optional[str] = None
+        if not code:
+            token_from_query = request.args.get("access_token")
+            if token_from_query:
+                logger.warning(
+                    "oauth.callback_no_code_but_token",
+                    extra={
+                        "provider": provider,
+                        "full_url": request.url,
+                        "note": "Using access_token from query as fallback. Prefer Authorization Code flow.",
+                    },
+                )
+            else:
+                return {"error": "Missing authorization code"}, 400
        invite_token = None
        if state:
            invite_token = state

        try:
-            token = oauth_provider.get_access_token(code)
+            token = token_from_query or oauth_provider.get_access_token(code)  # type: ignore[arg-type]
            user_info = oauth_provider.get_user_info(token)
        except requests.exceptions.RequestException as e:
            error_text = e.response.text if e.response else str(e)
@@ -1,5 +1,4 @@
 import json
-import logging  # 二开部分，针对oa登录报错问题，记录返回的code
 import urllib.parse
 from dataclasses import dataclass
 from typing import Optional
@@ -278,6 +277,9 @@ class OaOAuth(OAuth):
            })
            auth = None

+        if not code:
+            return ""
+
        response = requests.post(token_url, data=data, headers=headers, auth=auth)
        response.encoding = "utf-8"
        if response.status_code != 200:
@@ -297,11 +299,13 @@ class OaOAuth(OAuth):
        config = auto2_conf.get('config')
        endpoints = self._resolve_endpoints(config)
        headers = {"Authorization": f"Bearer {token}"}
-        response = requests.get(endpoints.get('userinfo_url'), headers=headers)
+        userinfo_url = endpoints.get('userinfo_url')
+        response = requests.get(userinfo_url, headers=headers)
        response.raise_for_status()
        return response.json()

    def _transform_user_info(self, raw_info: dict) -> OAuthUserInfo:
+        
        # 检查 raw_info 是否为空或为 None
        auto2_conf = self.get_auto2_conf()
        if not raw_info or not isinstance(raw_info, dict) or auto2_conf.get('integration') is None:
@@ -474,6 +474,7 @@ services:
      INNER_API_KEY_FOR_PLUGIN: ${PLUGIN_DIFY_INNER_API_KEY:-QaHbTe77CtuXmsfyhR7+vRjI/+XbV1AaFy691iy+kGDv2Jvy0/eAh8Y1}
      FULL_CODE_EXECUTION_ENDPOINT: ${FULL_CODE_EXECUTION_ENDPOINT:-http://sandbox-full:8194}
      ALLOW_REGISTER: ${ALLOW_REGISTER:-True}
+      CONSOLE_API_URL: ${CONSOLE_API_URL:-http://127.0.0.1}
    depends_on:
      - db
      - redis
@@ -539,8 +540,8 @@ services:
    image: ccr.ccs.tencentyun.com/yfgaia/dify-plus-web:1.2.0
    restart: always
    environment:
-      CONSOLE_API_URL: ${CONSOLE_API_URL:-}
-      APP_API_URL: ${APP_API_URL:-}
+      CONSOLE_API_URL: ${CONSOLE_API_URL:-http://127.0.0.1}
+      APP_API_URL: ${APP_API_URL:-http://127.0.0.1}
      SENTRY_DSN: ${WEB_SENTRY_DSN:-}
      NEXT_TELEMETRY_DISABLED: ${NEXT_TELEMETRY_DISABLED:-0}
      TEXT_GENERATION_TIMEOUT_MS: ${TEXT_GENERATION_TIMEOUT_MS:-60000}