diff --git a/api/controllers/console/auth/oauth.py b/api/controllers/console/auth/oauth.py index fc91db3d4..1bb217fc1 100644 --- a/api/controllers/console/auth/oauth.py +++ b/api/controllers/console/auth/oauth.py @@ -25,6 +25,8 @@ from services.feature_service import FeatureService from .. import api +logger = logging.getLogger(__name__) + def get_oauth_providers(): with current_app.app_context(): @@ -74,12 +76,27 @@ class OAuthCallback(Resource): code = request.args.get("code") state = request.args.get("state") + # Fallback: some providers may return tokens directly in query (implicit/hybrid flow) + token_from_query: Optional[str] = None + if not code: + token_from_query = request.args.get("access_token") + if token_from_query: + logger.warning( + "oauth.callback_no_code_but_token", + extra={ + "provider": provider, + "full_url": request.url, + "note": "Using access_token from query as fallback. Prefer Authorization Code flow.", + }, + ) + else: + return {"error": "Missing authorization code"}, 400 invite_token = None if state: invite_token = state try: - token = oauth_provider.get_access_token(code) + token = token_from_query or oauth_provider.get_access_token(code) # type: ignore[arg-type] user_info = oauth_provider.get_user_info(token) except requests.exceptions.RequestException as e: error_text = e.response.text if e.response else str(e) diff --git a/api/libs/oauth.py b/api/libs/oauth.py index 1483d90b8..4c83f6901 100644 --- a/api/libs/oauth.py +++ b/api/libs/oauth.py @@ -1,5 +1,4 @@ import json -import logging # 二开部分,针对oa登录报错问题,记录返回的code import urllib.parse from dataclasses import dataclass from typing import Optional @@ -278,6 +277,9 @@ class OaOAuth(OAuth): }) auth = None + if not code: + return "" + response = requests.post(token_url, data=data, headers=headers, auth=auth) response.encoding = "utf-8" if response.status_code != 200: @@ -297,11 +299,13 @@ class OaOAuth(OAuth): config = auto2_conf.get('config') endpoints = self._resolve_endpoints(config) headers = {"Authorization": f"Bearer {token}"} - response = requests.get(endpoints.get('userinfo_url'), headers=headers) + userinfo_url = endpoints.get('userinfo_url') + response = requests.get(userinfo_url, headers=headers) response.raise_for_status() return response.json() def _transform_user_info(self, raw_info: dict) -> OAuthUserInfo: + # 检查 raw_info 是否为空或为 None auto2_conf = self.get_auto2_conf() if not raw_info or not isinstance(raw_info, dict) or auto2_conf.get('integration') is None: diff --git a/docker/docker-compose.dify-plus.yaml b/docker/docker-compose.dify-plus.yaml index 0cbe19975..7f14828e6 100644 --- a/docker/docker-compose.dify-plus.yaml +++ b/docker/docker-compose.dify-plus.yaml @@ -474,6 +474,7 @@ services: INNER_API_KEY_FOR_PLUGIN: ${PLUGIN_DIFY_INNER_API_KEY:-QaHbTe77CtuXmsfyhR7+vRjI/+XbV1AaFy691iy+kGDv2Jvy0/eAh8Y1} FULL_CODE_EXECUTION_ENDPOINT: ${FULL_CODE_EXECUTION_ENDPOINT:-http://sandbox-full:8194} ALLOW_REGISTER: ${ALLOW_REGISTER:-True} + CONSOLE_API_URL: ${CONSOLE_API_URL:-http://127.0.0.1} depends_on: - db - redis @@ -539,8 +540,8 @@ services: image: ccr.ccs.tencentyun.com/yfgaia/dify-plus-web:1.2.0 restart: always environment: - CONSOLE_API_URL: ${CONSOLE_API_URL:-} - APP_API_URL: ${APP_API_URL:-} + CONSOLE_API_URL: ${CONSOLE_API_URL:-http://127.0.0.1} + APP_API_URL: ${APP_API_URL:-http://127.0.0.1} SENTRY_DSN: ${WEB_SENTRY_DSN:-} NEXT_TELEMETRY_DISABLED: ${NEXT_TELEMETRY_DISABLED:-0} TEXT_GENERATION_TIMEOUT_MS: ${TEXT_GENERATION_TIMEOUT_MS:-60000}