feat: add WeChat OAuth provider support #2114
Open
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
What kind of change does this PR introduce?
Feature - New WeChat OAuth provider support
What is the current behavior?
The authentication service currently supports various external OAuth providers, but WeChat OAuth integration was missing. WeChat is a popular social platform in China that uses a different OAuth flow compared to standard providers like Google or GitHub.
What is the new behavior?
This PR adds comprehensive WeChat OAuth provider support with the following features:
WeChat OAuth Authorization Flow: Implements the complete WeChat OAuth 2.0 flow including authorization and token exchange
User Identity Handling: Since WeChat doesn't provide email addresses, the system generates synthetic emails using the format {openid}@wechat.local
UnionID Support: Handles WeChat's unique UnionID feature for cross-app user identification
Comprehensive Test Coverage: Includes extensive test cases covering:
Standard signup flow
Disabled signup scenarios (with and without existing users)
Invite token validation
User ban handling
Token error scenarios
WeChat-specific metadata handling (openid, unionid, avatar, etc.)
Key Implementation Details:
Uses openid as the primary identifier since WeChat doesn't provide emails
Stores WeChat-specific metadata including unionid, openid, nickname, and avatar
Properly handles WeChat's API endpoints (/sns/oauth2/access_token and /sns/userinfo)
Implements proper error handling for WeChat API responses
Additional context
This implementation follows WeChat's official OAuth 2.0 documentation and handles the unique aspects of WeChat's authentication system, such as:
Using appid instead of client_id
Supporting both openid (app-specific) and unionid (cross-app) identifiers
Handling WeChat's specific scope snsapi_login
Managing WeChat's user profile data structure
The test suite ensures robust coverage of all edge cases and error scenarios specific to WeChat OAuth integration.
ref https://developers.weixin.qq.com/doc/oplatform/en/Website_App/WeChat_Login/Wechat_Login.html