@cloudbase/auth 2.25.0 → 2.25.2

package/src/index.ts

@@ -12,6 +12,8 @@ import {
   EVENTS,
   AUTH_STATE_CHANGED_TYPE,
   OAUTH_TYPE,
+  weappJwtDecodeAll,
+  AuthError,
 } from '@cloudbase/oauth'
 import { useAuthAdapter } from './adapter'
 import {
@@ -25,7 +27,41 @@ import {
   adapterForWxMp,
   useDefaultAdapter,
 } from './utilities'
-import { SbaseApi } from './sbaseApi'
+import { saveToBrowserSession, getBrowserSession, removeBrowserSession, addUrlSearch } from './utils'
+import { utils } from '@cloudbase/utilities'
+import {
+  CommonRes,
+  DeleteMeReq,
+  GetClaimsRes,
+  GetUserIdentitiesRes,
+  GetUserRes,
+  LinkIdentityReq,
+  LinkIdentityRes,
+  OnAuthStateChangeCallback,
+  ReauthenticateRes,
+  ResendReq,
+  ResendRes,
+  ResetPasswordForEmailRes,
+  ResetPasswordForOldReq,
+  SetSessionReq,
+  SignInAnonymouslyReq,
+  SignInOAuthRes,
+  SignInRes,
+  SignInWithIdTokenReq,
+  SignInWithOAuthReq,
+  SignInWithOtpReq,
+  SignInWithOtpRes,
+  SignInWithPasswordReq,
+  SignUpRes,
+  UnlinkIdentityReq,
+  UpdateUserAttributes,
+  UpdateUserReq,
+  UpdateUserWithVerificationRes,
+  VerifyOAuthReq,
+  VerifyOtpReq,
+} from './type'
+
+const isBrowser = () => typeof window !== 'undefined' && typeof document !== 'undefined'
 
 export type {
   SignInRes,
@@ -78,7 +114,6 @@ interface UserInfo {
   created_from?: string
 }
 
-
 const onCredentialsError = eventBus => (params) => {
   eventBus.fire(EVENTS.LOGIN_STATE_CHANGED, { ...params, eventType: LOGIN_STATE_CHANGED_TYPE.CREDENTIALS_ERROR })
 }
@@ -327,13 +362,22 @@ export class LoginState implements ILoginState {
   }
 }
 
-class Auth extends SbaseApi {
+class Auth {
+  readonly config: ICloudbaseAuthConfig
+  oauthInstance: CloudbaseOAuth
+  readonly cache: ICloudbaseCache
+  private listeners: Map<string, Set<OnAuthStateChangeCallback>> = new Map()
+  private hasListenerSetUp = false
+
   constructor(config: ICloudbaseAuthConfig & {
     cache: ICloudbaseCache
     request?: ICloudbaseRequest
     runtime?: string
   },) {
-    super(config)
+    this.config = config
+    this.oauthInstance = config.oauthInstance
+    this.cache = config.cache
+    this.init()
     this.setAccessKey()
   }
 
@@ -1407,6 +1451,1224 @@ class Auth extends SbaseApi {
       }
     }
   }
+
+  // ========== SbaseApi methods merged below ==========
+
+  /**
+   * https://supabase.com/docs/reference/javascript/auth-signinanonymously
+   * Sign in a user anonymously.
+   * const { data, error } = await auth.signInAnonymously();
+   * @param params
+   * @returns  Promise<SignInRes>
+   */
+  async signInAnonymously(params: SignInAnonymouslyReq): Promise<SignInRes> {
+    try {
+      await this.oauthInstance.authApi.signInAnonymously(params)
+      const loginState = await this.createLoginState()
+
+      const { data: { session } = {} } = await this.getSession()
+
+      // loginState返回是为了兼容v2版本
+      return { ...(loginState as any), data: { user: session.user, session }, error: null }
+    } catch (error) {
+      return { data: {}, error: new AuthError(error) }
+    }
+  }
+
+  /**
+   * https://supabase.com/docs/reference/javascript/auth-signup
+   * Sign up a new user with email or phone using a one-time password (OTP). If the account not exist, a new account will be created.
+   * @param params
+   * @returns Promise<SignUpRes>
+   */
+  async signUp(params: authModels.SignUpRequest): Promise<SignUpRes> {
+    if (params.phone_number || params.verification_code || params.verification_token || params.provider_token) {
+      await this.oauthInstance.authApi.signUp(params)
+      return this.createLoginState() as any
+    }
+    try {
+      // 参数校验：email或phone必填其一
+      this.validateAtLeastOne(params, [['email'], ['phone']], 'You must provide either an email or phone number')
+
+      // 第一步：发送验证码并存储 verificationInfo
+      const verificationInfo = await this.getVerification(params.email ? { email: params.email } : { phone_number: this.formatPhone(params.phone) },)
+
+      return {
+        data: {
+          // 第二步：等待用户输入验证码（通过 Promise 包装用户输入事件）
+          verifyOtp: async ({ token, messageId = verificationInfo.verification_id }): Promise<SignInRes> => {
+            try {
+              // 第三步：待用户输入完验证码之后，验证短信验证码
+              const verificationTokenRes = await this.verify({
+                verification_id: messageId || verificationInfo.verification_id,
+                verification_code: token,
+              })
+
+              // 第四步：注册并登录或直接登录
+              // 如果用户已经存在，直接登录
+              if (verificationInfo.is_user) {
+                await this.signIn({
+                  username: params.email || this.formatPhone(params.phone),
+                  verification_token: verificationTokenRes.verification_token,
+                })
+              } else {
+                // 如果用户不存在，注册用户
+                const data = JSON.parse(JSON.stringify(params))
+                delete data.email
+                delete data.phone
+
+                await this.oauthInstance.authApi.signUp({
+                  ...data,
+                  ...(params.email ? { email: params.email } : { phone_number: this.formatPhone(params.phone) }),
+                  verification_token: verificationTokenRes.verification_token,
+                  verification_code: token,
+                })
+                await this.createLoginState()
+              }
+
+              const { data: { session } = {} } = await this.getSession()
+
+              return { data: { user: session.user, session }, error: null }
+            } catch (error) {
+              return { data: {}, error: new AuthError(error) }
+            }
+          },
+        },
+        error: null,
+      }
+    } catch (error) {
+      return { data: {}, error: new AuthError(error) }
+    }
+  }
+
+  /**
+   * https://supabase.com/docs/reference/javascript/auth-signout
+   * const result = await auth.signOut();
+   *
+   * @param params
+   */
+  async signOut(params?: authModels.SignoutRequest): Promise<void | authModels.SignoutReponse> {
+    try {
+      const { userInfoKey } = this.cache.keys
+      const res = await this.oauthInstance.authApi.signOut(params)
+      await this.cache.removeStoreAsync(userInfoKey)
+      this.setAccessKey()
+
+      this.config.eventBus?.fire(EVENTS.LOGIN_STATE_CHANGED, { eventType: LOGIN_STATE_CHANGED_TYPE.SIGN_OUT })
+
+      this.config.eventBus?.fire(EVENTS.AUTH_STATE_CHANGED, { event: AUTH_STATE_CHANGED_TYPE.SIGNED_OUT })
+
+      // res返回是为了兼容v2版本
+      return { ...res, data: {}, error: null }
+    } catch (error) {
+      return { data: {}, error: new AuthError(error) }
+    }
+  }
+
+  /**
+   * https://supabase.com/docs/reference/javascript/auth-onauthstatechange
+   * Receive a notification every time an auth event happens.
+   * @param callback
+   * @returns Promise<{ data: { subscription: Subscription }, error: Error | null }>
+   */
+  onAuthStateChange(callback: OnAuthStateChangeCallback) {
+    if (!this.hasListenerSetUp) {
+      this.setupListeners()
+      this.hasListenerSetUp = true
+    }
+
+    const id = Math.random().toString(36)
+
+    if (!this.listeners.has(id)) {
+      this.listeners.set(id, new Set())
+    }
+
+    this.listeners.get(id)!.add(callback)
+
+    // 返回 Subscription 对象
+    const subscription = {
+      id,
+      callback,
+      unsubscribe: () => {
+        const callbacks = this.listeners.get(id)
+        if (callbacks) {
+          callbacks.delete(callback)
+          if (callbacks.size === 0) {
+            this.listeners.delete(id)
+          }
+        }
+      },
+    }
+
+    return {
+      data: { subscription },
+    }
+  }
+
+  /**
+   * https://supabase.com/docs/reference/javascript/auth-signinwithpassword
+   * Log in an existing user with an email and password or phone and password or username and password.
+   * @param params
+   * @returns Promise<SignInRes>
+   */
+  async signInWithPassword(params: SignInWithPasswordReq): Promise<SignInRes> {
+    try {
+      // 参数校验：username/email/phone三选一，password必填
+      this.validateAtLeastOne(
+        params,
+        [['username'], ['email'], ['phone']],
+        'You must provide either username, email, or phone',
+      )
+      this.validateParams(params, {
+        password: { required: true, message: 'Password is required' },
+      })
+
+      await this.signIn({
+        username: params.username || params.email || this.formatPhone(params.phone),
+        password: params.password,
+        ...(params.is_encrypt ? { isEncrypt: true, version: 'v2' } : {}),
+      })
+      const { data: { session } = {} } = await this.getSession()
+
+      return { data: { user: session.user, session }, error: null }
+    } catch (error) {
+      return { data: {}, error: new AuthError(error) }
+    }
+  }
+
+  /**
+   * https://supabase.com/docs/reference/javascript/auth-signinwithidtoken
+   * 第三方平台登录。如果用户不存在，会根据云开发平台-登录方式中对应身份源的登录模式配置，判断是否自动注册
+   * @param params
+   * @returns Promise<SignInRes>
+   */
+  async signInWithIdToken(params: SignInWithIdTokenReq): Promise<SignInRes> {
+    try {
+      // 参数校验：token必填
+      this.validateParams(params, {
+        token: { required: true, message: 'Token is required' },
+      })
+
+      await this.signInWithProvider({
+        provider_token: params.token,
+      })
+      const { data: { session } = {} } = await this.getSession()
+
+      return { data: { user: session.user, session }, error: null }
+    } catch (error) {
+      return { data: {}, error: new AuthError(error) }
+    }
+  }
+
+  /**
+   * https://supabase.com/docs/reference/javascript/auth-signinwithotp
+   * Log in a user using a one-time password (OTP).
+   * @param params
+   * @returns Promise<SignInWithOtpRes>
+   */
+  async signInWithOtp(params: SignInWithOtpReq): Promise<SignInWithOtpRes> {
+    try {
+      // 参数校验：email或phone必填其一
+      this.validateAtLeastOne(params, [['email'], ['phone']], 'You must provide either an email or phone number')
+
+      // 第一步：发送验证码并存储 verificationInfo
+      const verificationInfo = await this.getVerification(params.email ? { email: params.email } : { phone_number: this.formatPhone(params.phone) },)
+
+      return {
+        data: {
+          user: null,
+          session: null,
+          // 第二步：等待用户输入验证码（通过 Promise 包装用户输入事件）
+          verifyOtp: async ({ token, messageId = verificationInfo.verification_id }): Promise<SignInRes> => this.verifyOtp({
+            email: params.email,
+            phone: params.phone,
+            token,
+            messageId,
+          }),
+        },
+        error: null,
+      }
+    } catch (error) {
+      return { data: {}, error: new AuthError(error) }
+    }
+  }
+
+  /**
+   * 校验第三方平台授权登录回调
+   * @param params
+   * @returns Promise<SignInRes>
+   */
+  async verifyOAuth(params?: VerifyOAuthReq): Promise<SignInRes | LinkIdentityRes> {
+    const data: any = {}
+    try {
+      // 回调至 provider_redirect_uri 地址（url query中携带 授权code，state等参数），此时检查 state 是否符合预期（如 自己设置的 wx_open)
+      const code = params?.code || utils.getQuery('code')
+      const state = params?.state || utils.getQuery('state')
+
+      // 参数校验：code和state必填
+      if (!code) {
+        return { data: {}, error: new AuthError({ message: 'Code is required' }) }
+      }
+
+      if (!state) {
+        return { data: {}, error: new AuthError({ message: 'State is required' }) }
+      }
+
+      const cacheData = getBrowserSession(state)
+      data.type = cacheData?.type
+
+      const provider = params?.provider || cacheData?.provider || utils.getQuery('provider')
+
+      if (!provider) {
+        return { data, error: new AuthError({ message: 'Provider is required' }) }
+      }
+
+      // state符合预期，则获取该三方平台token
+      const { provider_token: token } = await this.grantProviderToken({
+        provider_id: provider,
+        provider_redirect_uri: location.origin + location.pathname, // 指定三方平台跳回的 url 地址
+        provider_code: code, // 第三方平台跳转回页面时，url param 中携带的 code 参数
+      })
+
+      let res: SignInRes | LinkIdentityRes
+
+      if (cacheData.type === OAUTH_TYPE.BIND_IDENTITY) {
+        res = await this.oauthInstance.authApi.toBindIdentity({ provider_token: token, provider, fireEvent: true })
+      } else {
+        // 通过 provider_token 仅登录或登录并注册（与云开发平台-登录方式-身份源登录模式配置有关）
+        res = await this.signInWithIdToken({
+          token,
+        })
+        res.data = { ...data, ...res.data }
+      }
+
+      const localSearch = new URLSearchParams(location?.search)
+      localSearch.delete('code')
+      localSearch.delete('state')
+      addUrlSearch(
+        cacheData?.search === undefined ? `?${localSearch.toString()}` : cacheData?.search,
+        cacheData?.hash || location.hash,
+      )
+      removeBrowserSession(state)
+
+      return res
+    } catch (error) {
+      return { data, error: new AuthError(error) }
+    }
+  }
+
+  /**
+   * https://supabase.com/docs/reference/javascript/auth-signinwithoauth
+   * 生成第三方平台授权 Uri （如微信二维码扫码授权网页）
+   * @param params
+   * @returns Promise<SignInOAuthRes>
+   */
+  async signInWithOAuth(params: SignInWithOAuthReq): Promise<SignInOAuthRes> {
+    try {
+      // 参数校验：provider必填
+      this.validateParams(params, {
+        provider: { required: true, message: 'Provider is required' },
+      })
+
+      const href = params.options?.redirectTo || location.href
+
+      const urlObject = new URL(href)
+
+      const provider_redirect_uri = urlObject.origin + urlObject.pathname
+
+      const state = params.options?.state || `prd-${params.provider}-${Math.random().toString(36)
+        .slice(2)}`
+
+      const { uri } = await this.genProviderRedirectUri({
+        provider_id: params.provider,
+        provider_redirect_uri,
+        state,
+      })
+
+      // 对 URL 进行解码
+      const decodedUri = decodeURIComponent(uri)
+
+      // 合并额外的查询参数
+      let finalUri = decodedUri
+
+      if (params.options?.queryParams) {
+        const url = new URL(decodedUri)
+        Object.entries(params.options.queryParams).forEach(([key, value]) => {
+          url.searchParams.set(key, value)
+        })
+        finalUri = url.toString()
+      }
+
+      saveToBrowserSession(state, {
+        provider: params.provider,
+        search: urlObject.search,
+        hash: urlObject.hash,
+        type: params.options?.type || OAUTH_TYPE.SIGN_IN,
+      })
+
+      if (isBrowser() && !params.options?.skipBrowserRedirect) {
+        window.location.assign(finalUri)
+      }
+
+      return { data: { url: finalUri, provider: params.provider }, error: null }
+    } catch (error) {
+      return { data: {}, error: new AuthError(error) }
+    }
+  }
+
+  // https://supabase.com/docs/reference/javascript/auth-signinwithsso
+  async signInWithSSO() {
+    //
+  }
+
+  // https://supabase.com/docs/reference/javascript/auth-signinwithweb3
+  async signInWithWeb3() {
+    //
+  }
+
+  // https://supabase.com/docs/reference/javascript/auth-getclaims
+  async getClaims(): Promise<GetClaimsRes> {
+    try {
+      const { accessToken } = await this.getAccessToken()
+      const parsedToken = weappJwtDecodeAll(accessToken)
+      return { data: parsedToken, error: null }
+    } catch (error) {
+      return { data: {}, error: new AuthError(error) }
+    }
+  }
+
+  /**
+   * https://supabase.com/docs/reference/javascript/auth-resetpasswordforemail
+   * 通过 email 或手机号重置密码
+   * @param emailOrPhone 邮箱或手机号
+   * @returns Promise<ResetPasswordForEmailRes>
+   */
+  async resetPasswordForEmail(
+    emailOrPhone: string,
+    options?: { redirectTo?: string },
+  ): Promise<ResetPasswordForEmailRes> {
+    try {
+      // 参数校验：emailOrPhone必填
+      this.validateParams(
+        { emailOrPhone },
+        {
+          emailOrPhone: { required: true, message: 'Email or phone is required' },
+        },
+      )
+
+      const { redirectTo } = options || {}
+
+      // 判断是邮箱还是手机号
+      const isEmail = emailOrPhone.includes('@')
+      let verificationParams: { email?: string; phone_number?: string }
+
+      if (isEmail) {
+        verificationParams = { email: emailOrPhone }
+      } else {
+        // 正规化手机号
+        const formattedPhone = this.formatPhone(emailOrPhone)
+        verificationParams = { phone_number: formattedPhone }
+      }
+
+      // 第一步：发送验证码并存储 verificationInfo
+      const verificationInfo = await this.getVerification(verificationParams)
+
+      return {
+        data: {
+          // 第二步：等待用户输入验证码（通过 Promise 包装用户输入事件）
+          updateUser: async (attributes: UpdateUserAttributes): Promise<SignInRes> => {
+            this.validateParams(attributes, {
+              nonce: { required: true, message: 'Nonce is required' },
+              password: { required: true, message: 'Password is required' },
+            })
+            try {
+              // 第三步：待用户输入完验证码之后，验证验证码
+              const verificationTokenRes = await this.verify({
+                verification_id: verificationInfo.verification_id,
+                verification_code: attributes.nonce,
+              })
+
+              await this.oauthInstance.authApi.resetPassword({
+                email: isEmail ? emailOrPhone : undefined,
+                phone: !isEmail ? emailOrPhone : undefined,
+                new_password: attributes.password,
+                verification_token: verificationTokenRes.verification_token,
+              })
+
+              this.config.eventBus?.fire(EVENTS.AUTH_STATE_CHANGED, { event: AUTH_STATE_CHANGED_TYPE.PASSWORD_RECOVERY })
+
+              const res = await this.signInWithPassword({
+                email: isEmail ? emailOrPhone : undefined,
+                phone: !isEmail ? emailOrPhone : undefined,
+                password: attributes.password,
+              })
+
+              if (redirectTo && isBrowser()) {
+                window.location.assign(redirectTo)
+              }
+
+              return res
+            } catch (error) {
+              return { data: {}, error: new AuthError(error) }
+            }
+          },
+        },
+        error: null,
+      }
+    } catch (error) {
+      return { data: {}, error: new AuthError(error) }
+    }
+  }
+
+  /**
+   * 通过旧密码重置密码
+   * @param new_password
+   * @param old_password
+   * @returns
+   */
+  async resetPasswordForOld(params: ResetPasswordForOldReq) {
+    try {
+      await this.oauthInstance.authApi.updatePasswordByOld({
+        old_password: params.old_password,
+        new_password: params.new_password,
+      })
+
+      const { data: { session } = {} } = await this.getSession()
+
+      return { data: { user: session.user, session }, error: null }
+    } catch (error) {
+      return { data: {}, error: new AuthError(error) }
+    }
+  }
+
+  /**
+   * https://supabase.com/docs/reference/javascript/auth-verifyotp
+   * Log in a user given a User supplied OTP and verificationId received through mobile or email.
+   * @param params
+   * @returns Promise<SignInRes>
+   */
+  async verifyOtp(params: VerifyOtpReq): Promise<SignInRes> {
+    try {
+      const { type } = params
+      // 参数校验：token和verificationInfo必填
+      this.validateParams(params, {
+        token: { required: true, message: 'Token is required' },
+        messageId: { required: true, message: 'messageId is required' },
+      })
+
+      if (['phone_change', 'email_change'].includes(type)) {
+        await this.verify({
+          verification_id: params.messageId,
+          verification_code: params.token,
+        })
+      } else {
+        await this.signInWithUsername({
+          verificationInfo: { verification_id: params.messageId, is_user: true },
+          verificationCode: params.token,
+          username: params.email || this.formatPhone(params.phone) || '',
+          loginType: params.email ? 'email' : 'phone',
+        })
+      }
+
+      const { data: { session } = {} } = await this.getSession()
+
+      return { data: { user: session.user, session }, error: null }
+    } catch (error) {
+      return { data: {}, error: new AuthError(error) }
+    }
+  }
+
+  /**
+   * https://supabase.com/docs/reference/javascript/auth-getSession
+   * Returns the session, refreshing it if necessary.
+   * @returns Promise<SignInRes>
+   */
+  async getSession(): Promise<SignInRes> {
+    try {
+      const credentials: Credentials = await this.oauthInstance.oauth2client.getCredentials()
+
+      if (!credentials || credentials.scope === 'accessKey') {
+        return { data: { session: null }, error: null }
+      }
+
+      const { data: { user } = {} } = await this.getUser()
+
+      return { data: { session: { ...credentials, user }, user }, error: null }
+    } catch (error) {
+      return { data: {}, error: new AuthError(error) }
+    }
+  }
+
+  /**
+   * https://supabase.com/docs/reference/javascript/auth-refreshsession
+   * 无论过期状态如何，都返回一个新的会话
+   * @param refresh_token
+   * @returns Promise<SignInRes>
+   */
+  async refreshSession(refresh_token?: string): Promise<SignInRes> {
+    try {
+      const credentials: Credentials = await this.oauthInstance.oauth2client.localCredentials.getCredentials()
+      credentials.refresh_token = refresh_token || credentials.refresh_token
+      const newTokens = await this.oauthInstance.oauth2client.refreshToken(credentials)
+      const { data: { user } = {} } = await this.getUser()
+
+      return { data: { user, session: { ...newTokens, user } }, error: null }
+    } catch (error) {
+      return { data: {}, error: new AuthError(error) }
+    }
+  }
+
+  /**
+   * https://supabase.com/docs/reference/javascript/auth-getuser
+   * 如果存在现有会话，则获取当前用户详细信息
+   * @returns Promise<GetUserRes>
+   */
+  async getUser(): Promise<GetUserRes> {
+    try {
+      const user = this.convertToUser(await this.getUserInfo())
+      return { data: { user }, error: null }
+    } catch (error) {
+      return { data: {}, error: new AuthError(error) }
+    }
+  }
+
+  /**
+   * 刷新用户信息
+   * @returns Promise<CommonRes>
+   */
+  async refreshUser(): Promise<CommonRes> {
+    try {
+      await this.currentUser.refresh()
+
+      const { data: { session } = {} } = await this.getSession()
+      return { data: { user: session.user, session }, error: null }
+    } catch (error) {
+      return { data: {}, error: new AuthError(error) }
+    }
+  }
+
+  /**
+   * https://supabase.com/docs/reference/javascript/auth-updateuser
+   * 更新用户信息
+   * @param params
+   * @returns Promise<GetUserRes | UpdateUserWithVerificationRes>
+   */
+  async updateUser(params: UpdateUserReq): Promise<GetUserRes | UpdateUserWithVerificationRes> {
+    try {
+      // 参数校验：至少有一个更新字段被提供
+      const hasValue = Object.keys(params).some(key => params[key] !== undefined && params[key] !== null && params[key] !== '',)
+      if (!hasValue) {
+        throw new AuthError({ message: 'At least one field must be provided for update' })
+      }
+
+      const { email, phone, ...restParams } = params
+
+      // 检查是否需要更新 email 或 phone
+      const needsEmailVerification = email !== undefined
+      const needsPhoneVerification = phone !== undefined
+
+      let extraRes = {}
+
+      if (needsEmailVerification || needsPhoneVerification) {
+        // 需要发送验证码
+        let verificationParams: { email?: string; phone_number?: string }
+        let verificationType: 'email_change' | 'phone_change'
+
+        if (needsEmailVerification) {
+          verificationParams = { email: params.email }
+          verificationType = 'email_change'
+        } else {
+          // 正规化手机号
+          const formattedPhone = this.formatPhone(params.phone)
+          verificationParams = { phone_number: formattedPhone }
+          verificationType = 'phone_change'
+        }
+
+        // 发送验证码
+        const verificationInfo = await this.getVerification(verificationParams)
+
+        Object.keys(restParams).length > 0 && await this.updateUserBasicInfo(restParams)
+
+        extraRes = {
+          messageId: verificationInfo.verification_id,
+          verifyOtp: async (verifyParams: { email?: string; phone?: string; token: string }): Promise<GetUserRes> => {
+            try {
+              if (verifyParams.email && params.email === verifyParams.email) {
+                // 验证码验证
+                await this.verifyOtp({
+                  type: 'email_change',
+                  email: params.email,
+                  token: verifyParams.token,
+                  messageId: verificationInfo.verification_id,
+                })
+                await this.updateUserBasicInfo({ email: params.email })
+              } else if (verifyParams.phone && params.phone === verifyParams.phone) {
+                // 验证码验证
+                await this.verifyOtp({
+                  type: 'phone_change',
+                  phone: params.phone,
+                  token: verifyParams.token,
+                  messageId: verificationInfo.verification_id,
+                })
+                await this.updateUserBasicInfo({ phone: this.formatPhone(params.phone) })
+              } else {
+                await this.verifyOtp({
+                  type: verificationType,
+                  email: needsEmailVerification ? params.email : undefined,
+                  phone: !needsEmailVerification ? params.phone : undefined,
+                  token: verifyParams.token,
+                  messageId: verificationInfo.verification_id,
+                })
+                // 验证成功后更新用户信息
+                await this.updateUserBasicInfo(params)
+              }
+
+              const {
+                data: { user },
+              } = await this.getUser()
+              this.config.eventBus?.fire(EVENTS.AUTH_STATE_CHANGED, { event: AUTH_STATE_CHANGED_TYPE.USER_UPDATED })
+
+              return { data: { user }, error: null }
+            } catch (error) {
+              return { data: {}, error: new AuthError(error) }
+            }
+          },
+        }
+      } else {
+        // 不需要验证，直接更新
+        await this.updateUserBasicInfo(params)
+      }
+      const {
+        data: { user },
+      } = await this.getUser()
+      this.config.eventBus?.fire(EVENTS.AUTH_STATE_CHANGED, { event: AUTH_STATE_CHANGED_TYPE.USER_UPDATED })
+
+      return { data: { user, ...extraRes }, error: null }
+    } catch (error) {
+      return { data: {}, error: new AuthError(error) }
+    }
+  }
+
+  /**
+   * https://supabase.com/docs/reference/javascript/auth-getuseridentities
+   * 获取所有身份源
+   * @returns Promise<GetUserIdentitiesRes>
+   */
+  async getUserIdentities(): Promise<GetUserIdentitiesRes> {
+    try {
+      const providers = await this.oauthInstance.authApi.getProviders()
+
+      return { data: { identities: providers?.data?.filter(v => !!v.bind) }, error: null }
+    } catch (error) {
+      return { data: {}, error: new AuthError(error) }
+    }
+  }
+
+  /**
+   * https://supabase.com/docs/reference/javascript/auth-linkidentity
+   * 绑定身份源到当前用户
+   * @param params
+   * @returns Promise<LinkIdentityRes>
+   */
+  async linkIdentity(params: LinkIdentityReq): Promise<LinkIdentityRes> {
+    try {
+      // 参数校验：provider必填
+      this.validateParams(params, {
+        provider: { required: true, message: 'Provider is required' },
+      })
+
+      await this.signInWithOAuth({
+        provider: params.provider,
+        options: {
+          type: OAUTH_TYPE.BIND_IDENTITY,
+        },
+      })
+
+      return { data: { provider: params.provider }, error: null }
+    } catch (error) {
+      return { data: {}, error: new AuthError(error) }
+    }
+  }
+
+  /**
+   * https://supabase.com/docs/reference/javascript/auth-unlinkidentity
+   * 解绑身份源
+   * @param params
+   * @returns Promise<CommonRes>
+   */
+  async unlinkIdentity(params: UnlinkIdentityReq): Promise<CommonRes> {
+    try {
+      // 参数校验：provider必填
+      this.validateParams(params, {
+        provider: { required: true, message: 'Provider is required' },
+      })
+
+      await this.oauthInstance.authApi.unbindProvider({ provider_id: params.provider })
+
+      return { data: {}, error: null }
+    } catch (error) {
+      return { data: {}, error: new AuthError(error) }
+    }
+  }
+
+  /**
+   * https://supabase.com/docs/reference/javascript/auth-reauthentication
+   * 重新认证
+   * @returns Promise<ReauthenticateRes>
+   */
+  async reauthenticate(): Promise<ReauthenticateRes> {
+    try {
+      const {
+        data: { user },
+      } = await this.getUser()
+
+      this.validateAtLeastOne(user, [['email', 'phone']], 'You must provide either an email or phone number')
+      const userInfo = user.email ? { email: user.email } : { phone_number: this.formatPhone(user.phone) }
+
+      // 第一步：发送验证码并存储 verificationInfo
+      const verificationInfo = await this.getVerification(userInfo)
+
+      return {
+        data: {
+          // 第二步：等待用户输入验证码（通过 Promise 包装用户输入事件）
+          updateUser: async (attributes: UpdateUserAttributes): Promise<SignInRes> => {
+            this.validateParams(attributes, {
+              nonce: { required: true, message: 'Nonce is required' },
+            })
+            try {
+              if (attributes.password) {
+                // 第三步：待用户输入完验证码之后，验证验证码
+                const verificationTokenRes = await this.verify({
+                  verification_id: verificationInfo.verification_id,
+                  verification_code: attributes.nonce,
+                })
+
+                // 第四步：获取 sudo_token
+                const sudoRes = await this.oauthInstance.authApi.sudo({
+                  verification_token: verificationTokenRes.verification_token,
+                })
+
+                await this.oauthInstance.authApi.setPassword({
+                  new_password: attributes.password,
+                  sudo_token: sudoRes.sudo_token,
+                })
+              } else {
+                await this.signInWithUsername({
+                  verificationInfo,
+                  verificationCode: attributes.nonce,
+                  ...userInfo,
+                  loginType: userInfo.email ? 'email' : 'phone',
+                })
+              }
+
+              const { data: { session } = {} } = await this.getSession()
+
+              return { data: { user: session.user, session }, error: null }
+            } catch (error) {
+              return { data: {}, error: new AuthError(error) }
+            }
+          },
+        },
+        error: null,
+      }
+    } catch (error) {
+      return { data: {}, error: new AuthError(error) }
+    }
+  }
+
+  /**
+   * https://supabase.com/docs/reference/javascript/auth-resend
+   * 重新发送验证码
+   * @param params
+   * @returns Promise<ResendRes>
+   */
+  async resend(params: ResendReq): Promise<ResendRes> {
+    try {
+      // 参数校验：email或phone必填其一
+      this.validateAtLeastOne(params, [['email'], ['phone']], 'You must provide either an email or phone number')
+
+      const target = params.type === 'signup' ? 'ANY' : 'USER'
+      const data: { email?: string; phone_number?: string; target: 'USER' | 'ANY' } = { target }
+      if ('email' in params) {
+        data.email = params.email
+      }
+
+      if ('phone' in params) {
+        data.phone_number = this.formatPhone(params.phone)
+      }
+
+      // 重新发送验证码
+      const { verification_id: verificationId } = await this.oauthInstance.authApi.getVerification(data)
+
+      return {
+        data: { messageId: verificationId },
+        error: null,
+      }
+    } catch (error: any) {
+      return {
+        data: {},
+        error: new AuthError(error),
+      }
+    }
+  }
+
+  /**
+   * https://supabase.com/docs/reference/javascript/auth-setsession
+   * 使用access_token和refresh_token来设置会话
+   * @param params
+   * @returns Promise<SignInRes>
+   */
+  async setSession(params: SetSessionReq): Promise<SignInRes> {
+    try {
+      this.validateParams(params, {
+        access_token: { required: true, message: 'Access token is required' },
+        refresh_token: { required: true, message: 'Refresh token is required' },
+      })
+
+      await this.oauthInstance.oauth2client.refreshToken(params, { throwOnError: true })
+
+      const { data: { session } = {} } = await this.getSession()
+
+      this.config.eventBus?.fire(EVENTS.AUTH_STATE_CHANGED, { event: AUTH_STATE_CHANGED_TYPE.SIGNED_IN })
+
+      return { data: { user: session.user, session }, error: null }
+    } catch (error) {
+      return { data: {}, error: new AuthError(error) }
+    }
+  }
+
+  // https://supabase.com/docs/reference/javascript/auth-exchangecodeforsession
+  async exchangeCodeForSession() {
+    //
+  }
+
+  /**
+   * 删除当前用户
+   * @param params
+   * @returns
+   */
+  async deleteUser(params: DeleteMeReq): Promise<CommonRes> {
+    try {
+      this.validateParams(params, {
+        password: { required: true, message: 'Password is required' },
+      })
+
+      const { sudo_token } = await this.oauthInstance.authApi.sudo(params)
+
+      await this.oauthInstance.authApi.deleteMe({ sudo_token })
+
+      return { data: {}, error: null }
+    } catch (error) {
+      return { data: {}, error: new AuthError(error) }
+    }
+  }
+
+  /**
+   * 跳转系统默认登录页
+   * @returns {Promise<authModels.ToDefaultLoginPage>}
+   * @memberof Auth
+   */
+  async toDefaultLoginPage(params: authModels.ToDefaultLoginPage = {}): Promise<CommonRes> {
+    try {
+      const configVersion = params.config_version || 'env'
+      const query = Object.keys(params.query || {})
+        .map(key => `${key}=${params.query[key]}`)
+        .join('&')
+
+      if (adapterForWxMp.isMatch()) {
+        wx.navigateTo({ url: `/packages/$wd_system/pages/login/index${query ? `?${query}` : ''}` })
+      } else {
+        const redirectUri = params.redirect_uri || window.location.href
+        const urlObj = new URL(redirectUri)
+        const loginPage = `${urlObj.origin}/__auth/?app_id=${params.app_id || ''}&env_id=${this.config.env}&client_id=${
+          this.config.clientId || this.config.env
+        }&config_version=${configVersion}&redirect_uri=${encodeURIComponent(redirectUri)}${query ? `&${query}` : ''}`
+        window.location.href = loginPage
+      }
+      return { data: {}, error: null }
+    } catch (error) {
+      return { data: {}, error: new AuthError(error) }
+    }
+  }
+
+  /**
+   * 自定义登录
+   * @param getTickFn () => Promise<string>, 获取自定义登录 ticket 的函数
+   * @returns
+   */
+  async signInWithCustomTicket(getTickFn?: authModels.GetCustomSignTicketFn): Promise<SignInRes> {
+    if (getTickFn) {
+      this.setCustomSignFunc(getTickFn)
+    }
+
+    try {
+      await this.oauthInstance.authApi.signInWithCustomTicket()
+      const loginState = await this.createLoginState()
+
+      const { data: { session } = {} } = await this.getSession()
+
+      // loginState返回是为了兼容v2版本
+      return { ...(loginState as any), data: { user: session.user, session }, error: null }
+    } catch (error) {
+      return { data: {}, error: new AuthError(error) }
+    }
+  }
+
+  /**
+   * 小程序openId静默登录
+   * @param params
+   * @returns Promise<SignInRes>
+   */
+  async signInWithOpenId({ useWxCloud = true } = {}): Promise<SignInRes> {
+    if (!adapterForWxMp.isMatch()) {
+      throw Error('wx api undefined')
+    }
+    const wxInfo = wx.getAccountInfoSync().miniProgram
+
+    const mainFunc = async (code) => {
+      let result: authModels.GrantProviderTokenResponse | undefined = undefined
+      let credentials: Credentials | undefined = undefined
+
+      try {
+        result = await this.oauthInstance.authApi.grantProviderToken(
+          {
+            provider_id: wxInfo?.appId,
+            provider_code: code,
+            provider_params: {
+              provider_code_type: 'open_id',
+              appid: wxInfo?.appId,
+            },
+          },
+          useWxCloud,
+        )
+
+        if ((result as any)?.error_code || !result.provider_token) {
+          throw result
+        }
+
+        credentials = await this.oauthInstance.authApi.signInWithProvider(
+          { provider_token: result.provider_token },
+          useWxCloud,
+        )
+
+        if ((credentials as any)?.error_code) {
+          throw credentials
+        }
+      } catch (error) {
+        throw error
+      }
+      await this.oauthInstance.oauth2client.setCredentials(credentials as Credentials)
+    }
+
+    try {
+      await new Promise((resolve, reject) => {
+        wx.login({
+          success: async (res: { code: string }) => {
+            try {
+              await mainFunc(res.code)
+              resolve(true)
+            } catch (error) {
+              reject(error)
+            }
+          },
+          fail: (res: any) => {
+            const error = new Error(res?.errMsg)
+            ;(error as any).code = res?.errno
+            reject(error)
+          },
+        })
+      })
+
+      const loginState = await this.createLoginState()
+
+      const { data: { session } = {} } = await this.getSession()
+
+      // loginState返回是为了兼容v2版本
+      return { ...(loginState as any), data: { user: session.user, session }, error: null }
+    } catch (error) {
+      return { data: {}, error: new AuthError(error) }
+    }
+  }
+
+  /**
+   * 小程序手机号授权登录，目前只支持全托管手机号授权登录
+   * @param params
+   * @returns Promise<SignInRes>
+   */
+  async signInWithPhoneAuth({ phoneCode = '' }): Promise<SignInRes> {
+    if (!adapterForWxMp.isMatch()) {
+      return { data: {}, error: new AuthError({ message: 'wx api undefined' }) }
+    }
+    const wxInfo = wx.getAccountInfoSync().miniProgram
+    const providerInfo = {
+      provider_params: { provider_code_type: 'phone' },
+      provider_id: wxInfo.appId,
+    }
+
+    const { code } = await wx.login()
+    ;(providerInfo as any).provider_code = code
+
+    try {
+      let providerToken = await this.oauthInstance.authApi.grantProviderToken(providerInfo)
+      if (providerToken.error_code) {
+        throw providerToken
+      }
+
+      providerToken = await this.oauthInstance.authApi.patchProviderToken({
+        provider_token: providerToken.provider_token,
+        provider_id: wxInfo.appId,
+        provider_params: {
+          code: phoneCode,
+          provider_code_type: 'phone',
+        },
+      })
+      if (providerToken.error_code) {
+        throw providerToken
+      }
+
+      const signInRes = await this.oauthInstance.authApi.signInWithProvider({
+        provider_token: providerToken.provider_token,
+      })
+
+      if ((signInRes as any)?.error_code) {
+        throw signInRes
+      }
+    } catch (error) {
+      return { data: {}, error: new AuthError(error) }
+    }
+
+    const loginState = await this.createLoginState()
+
+    const { data: { session } = {} } = await this.getSession()
+
+    // loginState返回是为了兼容v2版本
+    return { ...(loginState as any), data: { user: session.user, session }, error: null }
+  }
+
+  private formatPhone(phone: string) {
+    if (!/\s+/.test(phone) && /^\+\d{1,3}\d+/.test(phone)) {
+      return phone.replace(/^(\+\d{1,2})(\d+)$/, '$1 $2')
+    }
+    return /^\+\d{1,3}\s+/.test(phone) ? phone : `+86 ${phone}`
+  }
+
+  private notifyListeners(event, session, info): OnAuthStateChangeCallback {
+    this.listeners.forEach((callbacks) => {
+      callbacks.forEach((callback) => {
+        try {
+          callback(event, session, info)
+        } catch (error) {
+          console.error('Error in auth state change callback:', error)
+        }
+      })
+    })
+    return
+  }
+
+  private setupListeners() {
+    this.config.eventBus?.on(EVENTS.AUTH_STATE_CHANGED, async (params) => {
+      const event = params?.data?.event
+      const info = params?.data?.info
+      const {
+        data: { session },
+      } = await this.getSession()
+
+      this.notifyListeners(event, session, info)
+    })
+  }
+
+  private convertToUser(userInfo: authModels.UserInfo & Partial<User>) {
+    if (!userInfo) return null
+
+    // 优先使用 userInfo 中的数据（V3 API）
+    const email = userInfo?.email || ''
+    const phone = userInfo?.phone_number || ''
+    const userId = userInfo?.sub || userInfo?.uid || ''
+
+    return {
+      id: userId,
+      aud: 'authenticated',
+      role: userInfo.groups,
+      email: email || '',
+      email_confirmed_at: userInfo?.email_verified ? userInfo.created_at : userInfo.created_at,
+      phone,
+      phone_confirmed_at: phone ? userInfo.created_at : undefined,
+      confirmed_at: userInfo.created_at,
+      last_sign_in_at: userInfo.last_sign_in_at,
+      app_metadata: {
+        provider: userInfo.loginType?.toLowerCase() || 'cloudbase',
+        providers: [userInfo.loginType?.toLowerCase() || 'cloudbase'],
+      },
+      user_metadata: {
+        // V3 API 用户信息
+        name: userInfo?.name,
+        picture: userInfo?.picture,
+        username: userInfo?.username, // 用户名称，长度 5-24 位，支持字符中英文、数字、特殊字符（仅支持_-），不支持中文
+        gender: userInfo?.gender,
+        locale: userInfo?.locale,
+        // V2 API 兼容（使用 any 避免类型错误）
+        uid: userInfo.uid,
+        nickName: userInfo.nickName,
+        avatarUrl: userInfo.avatarUrl || userInfo.picture,
+        location: userInfo.location,
+        hasPassword: userInfo.hasPassword,
+      },
+      identities:
+        userInfo?.providers?.map(p => ({
+          id: p.id || '',
+          identity_id: p.id || '',
+          user_id: userId,
+          identity_data: {
+            provider_id: p.id,
+            provider_user_id: p.provider_user_id,
+            name: p.name,
+          },
+          provider: p.id || 'cloudbase',
+          created_at: userInfo.created_at,
+          updated_at: userInfo.updated_at,
+          last_sign_in_at: userInfo.last_sign_in_at,
+        })) || [],
+      created_at: userInfo.created_at,
+      updated_at: userInfo.updated_at,
+      is_anonymous: userInfo.name === 'anonymous',
+    }
+  }
+
+  /**
+   * 参数校验辅助方法
+   */
+  private validateParams(params: any, rules: { [key: string]: { required?: boolean; message: string } }): void {
+    for (const [key, rule] of Object.entries(rules)) {
+      if (rule.required && (params?.[key] === undefined || params?.[key] === null || params?.[key] === '')) {
+        throw new AuthError({ message: rule.message })
+      }
+    }
+  }
+
+  /**
+   * 校验必填参数组（至少有一个参数必须有值）
+   */
+  private validateAtLeastOne(params: any, fieldGroups: string[][], message: string): void {
+    const hasValue = fieldGroups.some(group => group.some(field => params?.[field] !== undefined && params?.[field] !== null && params?.[field] !== ''),)
+
+    if (!hasValue) {
+      throw new AuthError({ message })
+    }
+  }
+
+
+  private async init(): Promise<{ error: Error | null }> {
+    try {
+      const credentials: Credentials = await this.oauthInstance.oauth2client.localCredentials.getCredentials()
+      if (credentials) {
+        this.config.eventBus?.fire(EVENTS.AUTH_STATE_CHANGED, { event: AUTH_STATE_CHANGED_TYPE.INITIAL_SESSION })
+      }
+    } catch (error) {
+      // Ignore errors when checking for existing credentials
+    }
+
+    return { error: null }
+  }
 }
 
 type TInitAuthOptions = Pick<ICloudbaseAuthConfig, 'region' | 'persistence' | 'i18n' | 'accessKey' | 'useWxCloud'> &