@cloudbase/auth 2.26.0 → 2.26.2

package/src/index.ts

@@ -14,6 +14,7 @@ import {
   weAppJwtDecodeAll,
   AuthError,
   authModels,
+  DEFAULT_NODE_ACCESS_SCOPE,
 } from '@cloudbase/oauth'
 import { useAuthAdapter } from './adapter'
 import {
@@ -28,6 +29,13 @@ import {
   useDefaultAdapter,
 } from './utilities'
 import { saveToBrowserSession, getBrowserSession, removeBrowserSession, addUrlSearch } from './utils'
+import {
+  AuthV1Compat,
+  WeixinAuthProvider,
+  CustomAuthProvider,
+  AnonymousAuthProvider,
+  applyUserV1Compat,
+} from './v1-compat'
 import { utils } from '@cloudbase/utilities'
 import {
   CommonRes,
@@ -58,6 +66,7 @@ import {
   UpdateUserReq,
   UpdateUserWithVerificationRes,
   VerifyOAuthReq,
+  VerifyOAuthRes,
   VerifyOtpReq,
 } from './type'
 
@@ -327,6 +336,10 @@ export class User implements IUser {
     })
   }
 }
+
+// 应用 v1 兼容方法到 User 类
+applyUserV1Compat(User)
+
 interface ILoginStateOptions extends IUserOptions {
   envId: string
 }
@@ -362,18 +375,21 @@ export class LoginState implements ILoginState {
   }
 }
 
-class Auth {
-  readonly config: ICloudbaseAuthConfig
+interface IAuthConfig extends ICloudbaseAuthConfig {
+  cache: ICloudbaseCache
+  request?: ICloudbaseRequest
+  runtime?: string
+}
+
+class Auth extends AuthV1Compat {
+  readonly config: IAuthConfig
   oauthInstance: CloudbaseOAuth
   readonly cache: ICloudbaseCache
   private listeners: Map<string, Set<OnAuthStateChangeCallback>> = new Map()
   private hasListenerSetUp = false
 
-  constructor(config: ICloudbaseAuthConfig & {
-    cache: ICloudbaseCache
-    request?: ICloudbaseRequest
-    runtime?: string
-  },) {
+  constructor(config: IAuthConfig) {
+    super()
     this.config = config
     this.oauthInstance = config.oauthInstance
     this.cache = config.cache
@@ -381,996 +397,971 @@ class Auth {
     this.setAccessKey()
   }
 
-  /**
-   * 绑定手机号
-   * @param phoneNumber
-   * @param phoneCode
-   */
-  @catchErrorsDecorator({
-    title: '绑定手机号失败',
-    messages: [
-      '请确认以下各项：',
-      '  1 - 调用 auth().bindPhoneNumber() 的语法或参数是否正确',
-      '  2 - 当前环境是否开通了短信验证码登录',
-      `如果问题依然存在，建议到官方问答社区提问或寻找帮助：${COMMUNITY_SITE_URL}`,
-    ],
-  })
-  public async bindPhoneNumber(params: authModels.BindPhoneRequest) {
-    return this.oauthInstance.authApi.editContact(params)
-  }
+  // ========== new auth api methods merged below ==========
 
   /**
-   * 解绑三方绑定
-   * @param loginType
+   * https://supabase.com/docs/reference/javascript/auth-signinanonymously
+   * Sign in a user anonymously.
+   * const { data, error } = await auth.signInAnonymously();
+   * @param params
+   * @returns  Promise<SignInRes>
    */
-  @catchErrorsDecorator({
-    title: '解除三方绑定失败',
-    messages: [
-      '请确认以下各项：',
-      '  1 - 调用 auth().unbindProvider() 的语法或参数是否正确',
-      '  2 - 当前账户是否已经与此登录方式解绑',
-      `如果问题依然存在，建议到官方问答社区提问或寻找帮助：${COMMUNITY_SITE_URL}`,
-    ],
-  })
-  public async unbindProvider(params: authModels.UnbindProviderRequest): Promise<void> {
-    return this.oauthInstance.authApi.unbindProvider(params)
+  async signInAnonymously(params: SignInAnonymouslyReq): Promise<SignInRes> {
+    try {
+      await this.oauthInstance.authApi.signInAnonymously(params)
+      const loginState = await this.createLoginState()
+
+      const { data: { session } = {} } = await this.getSession()
+
+      // loginState返回是为了兼容v2版本
+      return { ...(loginState as any), data: { user: session.user, session }, error: null }
+    } catch (error) {
+      return { data: {}, error: new AuthError(error) }
+    }
   }
 
   /**
-   * 更新邮箱地址
-   * @param email
-   * @param sudo_token
-   * @param verification_token
+   * https://supabase.com/docs/reference/javascript/auth-signup
+   * Sign up a new user with email or phone using a one-time password (OTP). If the account not exist, a new account will be created.
+   * @param params
+   * @returns Promise<SignUpRes>
    */
-  @catchErrorsDecorator({
-    title: '绑定邮箱地址失败',
-    messages: [
-      '请确认以下各项：',
-      '  1 - 调用 auth().bindEmail() 的语法或参数是否正确',
-      '  2 - 当前环境是否开通了邮箱密码登录',
-      `如果问题依然存在，建议到官方问答社区提问或寻找帮助：${COMMUNITY_SITE_URL}`,
-    ],
-  })
-  public bindEmail(params: authModels.BindEmailRequest) {
-    return this.oauthInstance.authApi.editContact(params)
+  async signUp(params: authModels.SignUpRequest & { phone?: string }): Promise<SignUpRes> {
+    if (params.phone_number || params.verification_code || params.verification_token || params.provider_token) {
+      params.phone_number = this.formatPhone(params.phone_number)
+      await this.oauthInstance.authApi.signUp(params)
+      return this.createLoginState() as any
+    }
+    try {
+      // 参数校验：email或phone必填其一
+      this.validateAtLeastOne(params, [['email'], ['phone']], 'You must provide either an email or phone number')
+
+      // 第一步：发送验证码并存储 verificationInfo
+      const verificationInfo = await this.getVerification(params.email ? { email: params.email } : { phone_number: this.formatPhone(params.phone) },)
+
+      return {
+        data: {
+          // 第二步：等待用户输入验证码（通过 Promise 包装用户输入事件）
+          verifyOtp: async ({ token, messageId = verificationInfo.verification_id }): Promise<SignInRes> => {
+            try {
+              // 第三步：待用户输入完验证码之后，验证短信验证码
+              const verificationTokenRes = await this.verify({
+                verification_id: messageId || verificationInfo.verification_id,
+                verification_code: token,
+              })
+
+              // 第四步：注册并登录或直接登录
+              // 如果用户已经存在，直接登录
+              if (verificationInfo.is_user) {
+                await this.signIn({
+                  username: params.email || this.formatPhone(params.phone),
+                  verification_token: verificationTokenRes.verification_token,
+                })
+              } else {
+                // 如果用户不存在，注册用户
+                const data = JSON.parse(JSON.stringify(params))
+                delete data.email
+                delete data.phone
+
+                await this.oauthInstance.authApi.signUp({
+                  ...data,
+                  ...(params.email ? { email: params.email } : { phone_number: this.formatPhone(params.phone) }),
+                  verification_token: verificationTokenRes.verification_token,
+                  verification_code: token,
+                })
+                await this.createLoginState()
+              }
+
+              const { data: { session } = {} } = await this.getSession()
+
+              return { data: { user: session.user, session }, error: null }
+            } catch (error) {
+              return { data: {}, error: new AuthError(error) }
+            }
+          },
+        },
+        error: null,
+      }
+    } catch (error) {
+      return { data: {}, error: new AuthError(error) }
+    }
   }
 
   /**
-   * verify
-   * @param {authModels.VerifyRequest} params
-   * @returns {Promise<authModels.VerifyResponse>}
-   * @memberof User
+   * https://supabase.com/docs/reference/javascript/auth-signout
+   * const result = await auth.signOut();
+   *
+   * @param params
    */
-  @catchErrorsDecorator({
-    title: '验证码验证失败',
-    messages: [
-      '请确认以下各项：',
-      '  1 - 调用 auth().verify() 的语法或参数是否正确',
-      '  2 - 当前环境是否开通了手机验证码/邮箱登录',
-      `如果问题依然存在，建议到官方问答社区提问或寻找帮助：${COMMUNITY_SITE_URL}`,
-    ],
-  })
-  public async verify(params: authModels.VerifyRequest): Promise<authModels.VerifyResponse> {
-    return this.oauthInstance.authApi.verify(params)
+  async signOut(params?: authModels.SignoutRequest,): Promise<authModels.SignoutResponse & { data: Object; error: AuthError }> {
+    try {
+      const { userInfoKey } = this.cache.keys
+      const res = await this.oauthInstance.authApi.signOut(params)
+      await this.cache.removeStoreAsync(userInfoKey)
+      this.setAccessKey()
+
+      this.config.eventBus?.fire(EVENTS.LOGIN_STATE_CHANGED, { eventType: LOGIN_STATE_CHANGED_TYPE.SIGN_OUT })
+
+      this.config.eventBus?.fire(EVENTS.AUTH_STATE_CHANGED, { event: AUTH_STATE_CHANGED_TYPE.SIGNED_OUT })
+
+      // res返回是为了兼容v2版本
+      return { ...res, data: {}, error: null }
+    } catch (error) {
+      return { data: {}, error: new AuthError(error) }
+    }
   }
 
   /**
-   * 获取验证码
-   * @param {authModels.GetVerificationRequest} params
-   * @returns {Promise<authModels.GetVerificationResponse>}
-   * @memberof User
+   * https://supabase.com/docs/reference/javascript/auth-onauthstatechange
+   * Receive a notification every time an auth event happens.
+   * @param callback
+   * @returns Promise<{ data: { subscription: Subscription }, error: Error | null }>
    */
-  @catchErrorsDecorator({
-    title: '获取验证码失败',
-    messages: [
-      '请确认以下各项：',
-      '  1 - 调用 auth().getVerification() 的语法或参数是否正确',
-      '  2 - 当前环境是否开通了手机验证码/邮箱登录',
-      `如果问题依然存在，建议到官方问答社区提问或寻找帮助：${COMMUNITY_SITE_URL}`,
-    ],
-  })
-  public async getVerification(
-    params: authModels.GetVerificationRequest,
-    options?: { withCaptcha: boolean },
-  ): Promise<authModels.GetVerificationResponse> {
-    return this.oauthInstance.authApi.getVerification(params, options)
+  onAuthStateChange(callback: OnAuthStateChangeCallback) {
+    if (!this.hasListenerSetUp) {
+      this.setupListeners()
+      this.hasListenerSetUp = true
+    }
+
+    const id = Math.random().toString(36)
+
+    if (!this.listeners.has(id)) {
+      this.listeners.set(id, new Set())
+    }
+
+    this.listeners.get(id)!.add(callback)
+
+    // 返回 Subscription 对象
+    const subscription = {
+      id,
+      callback,
+      unsubscribe: () => {
+        const callbacks = this.listeners.get(id)
+        if (callbacks) {
+          callbacks.delete(callback)
+          if (callbacks.size === 0) {
+            this.listeners.delete(id)
+          }
+        }
+      },
+    }
+
+    return {
+      data: { subscription },
+    }
   }
 
   /**
-   * 获取当前登录的用户信息-同步
+   * https://supabase.com/docs/reference/javascript/auth-signinwithpassword
+   * Log in an existing user with an email and password or phone and password or username and password.
+   * @param params
+   * @returns Promise<SignInRes>
    */
-  get currentUser() {
-    if (this.cache.mode === 'async') {
-      // async storage的平台调用此API提示
-      printWarn(
-        ERRORS.INVALID_OPERATION,
-        'current platform\'s storage is asynchronous, please use getCurrentUser instead',
+  async signInWithPassword(params: SignInWithPasswordReq): Promise<SignInRes> {
+    try {
+      // 参数校验：username/email/phone三选一，password必填
+      this.validateAtLeastOne(
+        params,
+        [['username'], ['email'], ['phone']],
+        'You must provide either username, email, or phone',
       )
-      return
-    }
+      this.validateParams(params, {
+        password: { required: true, message: 'Password is required' },
+      })
 
-    const loginState = this.hasLoginState()
+      await this.signIn({
+        username: params.username || params.email || this.formatPhone(params.phone),
+        password: params.password,
+        ...(params.is_encrypt ? { isEncrypt: true, version: 'v2' } : {}),
+      })
+      const { data: { session } = {} } = await this.getSession()
 
-    if (loginState) {
-      return loginState.user || null
+      return { data: { user: session.user, session }, error: null }
+    } catch (error) {
+      const authError = new AuthError(error)
+      // 优化错误提示：登录失败时提供更友好的排查指引
+      if (authError.message?.includes('密码不正确') || authError.message?.includes('password')) {
+        console.warn('[CloudBase Auth] 登录失败提示：\n'
+          + '  1. 请确认用户名/邮箱/手机号是否正确\n'
+          + '  2. 请确认密码是否正确\n'
+          + '  3. 如果用户不存在，请先通过 auth.signUp() 注册用户，或在云开发控制台手动创建用户\n'
+          + '  4. 确认当前环境已开启对应的登录方式（控制台 → 环境 → 登录授权）',)
+      }
+      return { data: {}, error: authError }
     }
-    return null
   }
 
   /**
-   * 获取当前登录的用户信息-异步
+   * https://supabase.com/docs/reference/javascript/auth-signinwithidtoken
+   * 第三方平台登录。如果用户不存在，会根据云开发平台-登录方式中对应身份源的登录模式配置，判断是否自动注册
+   * @param params
+   * @returns Promise<SignInRes>
    */
-  @catchErrorsDecorator({
-    title: '获取用户信息失败',
-    messages: [
-      '请确认以下各项：',
-      '  1 - 调用 auth().getCurrentUser() 的语法或参数是否正确',
-      `如果问题依然存在，建议到官方问答社区提问或寻找帮助：${COMMUNITY_SITE_URL}`,
-    ],
-  })
-  public async getCurrentUser(): Promise<(authModels.UserInfo & Partial<User>) | null> {
-    const loginState = await this.getLoginState()
-    if (loginState) {
-      const userInfo = loginState.user.getLocalUserInfo() as authModels.UserInfo
-      await loginState.user.checkLocalInfoAsync()
-      return { ...loginState.user, ...userInfo } as unknown as authModels.UserInfo & Partial<User>
+  async signInWithIdToken(params: SignInWithIdTokenReq): Promise<SignInRes> {
+    try {
+      // 参数校验：token必填
+      this.validateParams(params, {
+        token: { required: true, message: 'Token is required' },
+      })
+
+      await this.signInWithProvider({
+        provider_token: params.token,
+      })
+      const { data: { session } = {} } = await this.getSession()
+
+      return { data: { user: session.user, session }, error: null }
+    } catch (error) {
+      return { data: {}, error: new AuthError(error) }
     }
-    return null
   }
 
-  // /**
-  //  * 匿名登录
-  //  * @returns {Promise<LoginState>}
-  //  * @memberof Auth
-  //  */
-  // @catchErrorsDecorator({
-  //   title: '匿名登录失败',
-  //   messages: [
-  //     '请确认以下各项：',
-  //     '  1 - 当前环境是否开启了匿名登录',
-  //     '  2 - 调用 auth().signInAnonymously() 的语法或参数是否正确',
-  //     `如果问题依然存在，建议到官方问答社区提问或寻找帮助：${COMMUNITY_SITE_URL}`,
-  //   ],
-  // })
-  // public async signInAnonymously(data: {
-  //   provider_token?: string
-  // } = {},): Promise<LoginState> {
-  // await this.oauthInstance.authApi.signInAnonymously(data)
-  // return this.createLoginState()
-  // }
-
   /**
-   * 匿名登录
-   * @returns {Promise<LoginState>}
-   * @memberof Auth
+   * https://supabase.com/docs/reference/javascript/auth-signinwithotp
+   * Log in a user using a one-time password (OTP).
+   * @param params
+   * @returns Promise<SignInWithOtpRes>
    */
-  @catchErrorsDecorator({
-    title: '小程序匿名登录失败',
-    messages: [
-      '请确认以下各项：',
-      '  1 - 当前环境是否开启了匿名登录',
-      '  2 - 调用 auth().signInAnonymouslyInWx() 的语法或参数是否正确',
-      `如果问题依然存在，建议到官方问答社区提问或寻找帮助：${COMMUNITY_SITE_URL}`,
-    ],
-  })
-  public async signInAnonymouslyInWx({
-    useWxCloud,
-  }: {
-    useWxCloud?: boolean
-  } = {}): Promise<LoginState> {
-    if (!adapterForWxMp.isMatch()) {
-      throw Error('wx api undefined')
+  async signInWithOtp(params: SignInWithOtpReq): Promise<SignInWithOtpRes> {
+    if (params.options?.shouldCreateUser === undefined || !!params.options?.shouldCreateUser) {
+      return this.signUp({
+        email: params.email,
+        phone: params.phone,
+      })
     }
-    const wxInfo = wx.getAccountInfoSync().miniProgram
-
-    const mainFunc = async (code) => {
-      let result: authModels.GrantProviderTokenResponse | undefined = undefined
-      let credentials: Credentials | undefined = undefined
-
-      try {
-        result = await this.oauthInstance.authApi.grantProviderToken(
-          {
-            provider_id: wxInfo?.appId,
-            provider_code: code,
-            provider_params: {
-              provider_code_type: 'open_id',
-              appid: wxInfo?.appId,
-            },
-          },
-          useWxCloud,
-        )
 
-        if ((result as any)?.error_code || !result.provider_token) {
-          throw result
-        }
+    try {
+      // 参数校验：email或phone必填其一
+      this.validateAtLeastOne(params, [['email'], ['phone']], 'You must provide either an email or phone number')
 
-        credentials = await this.oauthInstance.authApi.signInAnonymously(
-          { provider_token: result.provider_token },
-          useWxCloud,
-        )
+      // 第一步：发送验证码并存储 verificationInfo
+      const verificationInfo = await this.getVerification(params.email ? { email: params.email } : { phone_number: this.formatPhone(params.phone) },)
 
-        if ((credentials as any)?.error_code) {
-          throw credentials
-        }
-      } catch (error) {
-        throw error
+      return {
+        data: {
+          user: null,
+          session: null,
+          // 第二步：等待用户输入验证码（通过 Promise 包装用户输入事件）
+          verifyOtp: async ({ token, messageId = verificationInfo.verification_id }): Promise<SignInRes> => this.verifyOtp({
+            email: params.email,
+            phone: params.phone,
+            token,
+            messageId,
+          }),
+        },
+        error: null,
       }
+    } catch (error) {
+      return { data: {}, error: new AuthError(error) }
     }
-
-    await new Promise((resolve, reject) => {
-      wx.login({
-        success: async (res: { code: string }) => {
-          try {
-            await mainFunc(res.code)
-            resolve(true)
-          } catch (error) {
-            reject(error)
-          }
-        },
-        fail: (res: any) => {
-          const error = new Error(res?.errMsg)
-          ;(error as any).code = res?.errno
-          reject(error)
-        },
-      })
-    })
-
-    return this.createLoginState(undefined, { asyncRefreshUser: true })
   }
 
   /**
-   * 小程序绑定OpenID
-   * @returns {Promise<LoginState>}
-   * @memberof Auth
+   * 校验第三方平台授权登录回调
+   * @param params
+   * @returns Promise<SignInRes>
    */
-  @catchErrorsDecorator({
-    title: '小程序绑定OpenID失败',
-    messages: [
-      '请确认以下各项：',
-      '  1 - 当前环境是否开启了小程序openId静默登录',
-      '  2 - 调用 auth().bindOpenId() 的语法或参数是否正确',
-      `如果问题依然存在，建议到官方问答社区提问或寻找帮助：${COMMUNITY_SITE_URL}`,
-    ],
-  })
-  public async bindOpenId(): Promise<void> {
-    if (!adapterForWxMp.isMatch()) {
-      throw Error('wx api undefined')
-    }
-    const wxInfo = wx.getAccountInfoSync().miniProgram
+  async verifyOAuth(params?: VerifyOAuthReq): Promise<VerifyOAuthRes> {
+    const data: any = {}
+    try {
+      // 回调至 provider_redirect_uri 地址（url query中携带 授权code，state等参数），此时检查 state 是否符合预期（如 自己设置的 wx_open)
+      const code = params?.code || utils.getQuery('code')
+      const state = params?.state || utils.getQuery('state')
 
-    const mainFunc = async (code) => {
-      let result: authModels.GrantProviderTokenResponse | undefined = undefined
+      // 参数校验：code和state必填
+      if (!code) {
+        return { data: {}, error: new AuthError({ message: 'Code is required' }) }
+      }
 
-      try {
-        result = await this.oauthInstance.authApi.grantProviderToken({
-          provider_id: wxInfo?.appId,
-          provider_code: code,
-          provider_params: {
-            provider_code_type: 'open_id',
-            appid: wxInfo?.appId,
-          },
-        })
+      if (!state) {
+        return { data: {}, error: new AuthError({ message: 'State is required' }) }
+      }
 
-        if ((result as any)?.error_code || !result.provider_token) {
-          throw result
-        }
+      const cacheData = getBrowserSession(state)
+      data.type = cacheData?.type
 
-        await this.oauthInstance.authApi.bindWithProvider({ provider_token: result.provider_token })
-      } catch (error) {
-        throw error
+      const provider = params?.provider || cacheData?.provider || utils.getQuery('provider')
+
+      if (!provider) {
+        return { data, error: new AuthError({ message: 'Provider is required' }) }
       }
-    }
 
-    await new Promise((resolve, reject) => {
-      wx.login({
-        success: async (res: { code: string }) => {
-          try {
-            await mainFunc(res.code)
-            resolve(true)
-          } catch (error) {
-            reject(error)
-          }
-        },
-        fail: (res: any) => {
-          const error = new Error(res?.errMsg)
-          ;(error as any).code = res?.errno
-          reject(error)
-        },
+      // state符合预期，则获取该三方平台token
+      const { provider_token: token } = await this.grantProviderToken({
+        provider_id: provider,
+        provider_redirect_uri: location.origin + location.pathname, // 指定三方平台跳回的 url 地址
+        provider_code: code, // 第三方平台跳转回页面时，url param 中携带的 code 参数
       })
-    })
 
-    return
+      let res: VerifyOAuthRes
+
+      if (cacheData.type === OAUTH_TYPE.BIND_IDENTITY) {
+        res = await this.oauthInstance.authApi.toBindIdentity({ provider_token: token, provider, fireEvent: true })
+      } else {
+        // 通过 provider_token 仅登录或登录并注册（与云开发平台-登录方式-身份源登录模式配置有关）
+        res = await this.signInWithIdToken({
+          token,
+        })
+        res.data = { ...data, ...res.data }
+      }
+
+      const localSearch = new URLSearchParams(location?.search)
+      localSearch.delete('code')
+      localSearch.delete('state')
+      res.data.redirectUrl = addUrlSearch(
+        cacheData?.search === undefined ? `?${localSearch.toString()}` : cacheData?.search,
+        cacheData?.hash || location.hash,
+      )
+      removeBrowserSession(state)
+
+      return res
+    } catch (error) {
+      return { data, error: new AuthError(error) }
+    }
   }
 
   /**
-   * 小程序unionId静默登录
-   * @returns {Promise<LoginState>}
-   * @memberof Auth
+   * https://supabase.com/docs/reference/javascript/auth-signinwithoauth
+   * 生成第三方平台授权 Uri （如微信二维码扫码授权网页）
+   * @param params
+   * @returns Promise<SignInOAuthRes>
    */
-  @catchErrorsDecorator({
-    title: '小程序unionId静默登录失败',
-    messages: [
-      '请确认以下各项：',
-      '  1 - 当前环境是否开启了小程序unionId静默登录',
-      '  2 - 调用 auth().signInWithUnionId() 的语法或参数是否正确',
-      `如果问题依然存在，建议到官方问答社区提问或寻找帮助：${COMMUNITY_SITE_URL}`,
-    ],
-  })
-  public async signInWithUnionId(): Promise<LoginState> {
-    if (!adapterForWxMp.isMatch()) {
-      throw Error('wx api undefined')
-    }
+  async signInWithOAuth(params: SignInWithOAuthReq): Promise<SignInOAuthRes> {
     try {
-      await new Promise((resolve, reject) => {
-        const wxInfo = wx.getAccountInfoSync().miniProgram
-        wx.login({
-          success: async (res: { code: string }) => {
-            const providerId = wxInfo?.appId
-            try {
-              const result = await this.oauthInstance.authApi.grantProviderToken({
-                provider_code: res.code,
-                provider_id: providerId,
-                provider_params: {
-                  provider_code_type: 'union_id',
-                  appid: wxInfo?.appId,
-                },
-              })
+      // 参数校验：provider必填
+      this.validateParams(params, {
+        provider: { required: true, message: 'Provider is required' },
+      })
 
-              const { provider_token: providerToken } = result
+      const href = params.options?.redirectTo || location.href
 
-              if (!providerToken) {
-                reject(result)
-                return
-              }
+      const urlObject = new URL(href)
 
-              const signInRes = await this.oauthInstance.authApi.signInWithProvider({
-                provider_id: providerId,
-                provider_token: providerToken,
-              })
+      const provider_redirect_uri = urlObject.origin + urlObject.pathname
 
-              if ((signInRes as any)?.error_code) {
-                reject(signInRes)
-                return
-              }
-              resolve(true)
-            } catch (error) {
-              reject(error)
-            }
-          },
-          fail: (res: any) => {
-            const error = new Error(res?.errMsg)
-            ;(error as any).code = res?.errno
-            reject(error)
-          },
+      const state = params.options?.state || `prd-${params.provider}-${Math.random().toString(36)
+        .slice(2)}`
+
+      const { uri } = await this.genProviderRedirectUri({
+        provider_id: params.provider,
+        provider_redirect_uri,
+        state,
+      })
+
+      // 对 URL 进行解码
+      const decodedUri = decodeURIComponent(uri)
+
+      // 合并额外的查询参数
+      let finalUri = decodedUri
+
+      if (params.options?.queryParams) {
+        const url = new URL(decodedUri)
+        Object.entries(params.options.queryParams).forEach(([key, value]) => {
+          url.searchParams.set(key, value)
         })
+        finalUri = url.toString()
+      }
+
+      saveToBrowserSession(state, {
+        provider: params.provider,
+        search: urlObject.search,
+        hash: urlObject.hash,
+        type: params.options?.type || OAUTH_TYPE.SIGN_IN,
       })
+
+      if (isBrowser() && !params.options?.skipBrowserRedirect) {
+        window.location.assign(finalUri)
+      }
+
+      return { data: { url: finalUri, provider: params.provider }, error: null }
     } catch (error) {
-      throw error
+      return { data: {}, error: new AuthError(error) }
     }
+  }
 
-    return this.createLoginState()
+  // https://supabase.com/docs/reference/javascript/auth-getclaims
+  async getClaims(): Promise<GetClaimsRes> {
+    try {
+      const { accessToken } = await this.getAccessToken()
+      const parsedToken = weAppJwtDecodeAll(accessToken)
+      return { data: parsedToken, error: null }
+    } catch (error) {
+      return { data: {}, error: new AuthError(error) }
+    }
   }
 
   /**
-   * 小程序手机号授权登录，目前只支持全托管手机号授权登录
-   * @returns {Promise<LoginState>}
-   * @memberof Auth
+   * https://supabase.com/docs/reference/javascript/auth-resetpasswordforemail
+   * 通过 email 或手机号重置密码
+   * @param emailOrPhone 邮箱或手机号
+   * @returns Promise<ResetPasswordForEmailRes>
    */
-  // @catchErrorsDecorator({
-  //   title: '小程序手机号授权登录失败',
-  //   messages: [
-  //     '请确认以下各项：',
-  //     '  1 - 当前环境是否开启了小程序手机号授权登录',
-  //     '  2 - 调用 auth().signInWithPhoneAuth() 的语法或参数是否正确',
-  //     `如果问题依然存在，建议到官方问答社区提问或寻找帮助：${COMMUNITY_SITE_URL}`,
-  //   ],
-  // })
-  // public async signInWithPhoneAuth({ phoneCode = '' }): Promise<LoginState> {
-  //   if (!adapterForWxMp.isMatch()) {
-  //     throw Error('wx api undefined')
-  //   }
-  //   const wxInfo = wx.getAccountInfoSync().miniProgram
-  //   const providerInfo = {
-  //     provider_params: { provider_code_type: 'phone' },
-  //     provider_id: wxInfo.appId,
-  //   }
-
-  //   const { code } = await wx.login()
-  //   ;(providerInfo as any).provider_code = code
-
-  //   try {
-  //     let providerToken = await this.oauthInstance.authApi.grantProviderToken(providerInfo)
-  //     if (providerToken.error_code) {
-  //       throw providerToken
-  //     }
-
-  //     providerToken = await this.oauthInstance.authApi.patchProviderToken({
-  //       provider_token: providerToken.provider_token,
-  //       provider_id: wxInfo.appId,
-  //       provider_params: {
-  //         code: phoneCode,
-  //         provider_code_type: 'phone',
-  //       },
-  //     })
-  //     if (providerToken.error_code) {
-  //       throw providerToken
-  //     }
-
-  //     const signInRes = await this.oauthInstance.authApi.signInWithProvider({
-  //       provider_token: providerToken.provider_token,
-  //     })
-
-  //     if ((signInRes as any)?.error_code) {
-  //       throw signInRes
-  //     }
-  //   } catch (error) {
-  //     throw error
-  //   }
+  async resetPasswordForEmail(
+    emailOrPhone: string,
+    options?: { redirectTo?: string },
+  ): Promise<ResetPasswordForEmailRes> {
+    try {
+      // 参数校验：emailOrPhone必填
+      this.validateParams(
+        { emailOrPhone },
+        {
+          emailOrPhone: { required: true, message: 'Email or phone is required' },
+        },
+      )
 
-  //   return this.createLoginState()
-  // }
+      const { redirectTo } = options || {}
 
-  /**
-   * 小程序短信验证码登陆
-   * @returns {Promise<LoginState>}
-   * @memberof Auth
-   */
-  @catchErrorsDecorator({
-    title: '短信验证码登陆',
-    messages: [
-      '请确认以下各项：',
-      '  1 - 当前环境是否开启了小程序短信验证码登陆',
-      '  2 - 调用 auth().signInWithSms() 的语法或参数是否正确',
-      `如果问题依然存在，建议到官方问答社区提问或寻找帮助：${COMMUNITY_SITE_URL}`,
-    ],
-  })
-  public async signInWithSms({
-    verificationInfo = { verification_id: '', is_user: false },
-    verificationCode = '',
-    phoneNum = '',
-    bindInfo = undefined,
-  }): Promise<LoginState> {
-    try {
-      return this.signInWithUsername({
-        verificationInfo,
-        verificationCode,
-        bindInfo,
-        username: phoneNum,
-        loginType: 'sms',
-      })
+      // 判断是邮箱还是手机号
+      const isEmail = emailOrPhone.includes('@')
+      let verificationParams: { email?: string; phone_number?: string }
+
+      if (isEmail) {
+        verificationParams = { email: emailOrPhone }
+      } else {
+        // 正规化手机号
+        const formattedPhone = this.formatPhone(emailOrPhone)
+        verificationParams = { phone_number: formattedPhone }
+      }
+
+      // 第一步：发送验证码并存储 verificationInfo
+      const verificationInfo = await this.getVerification(verificationParams)
+
+      return {
+        data: {
+          // 第二步：等待用户输入验证码（通过 Promise 包装用户输入事件）
+          updateUser: async (attributes: UpdateUserAttributes): Promise<SignInRes> => {
+            this.validateParams(attributes, {
+              nonce: { required: true, message: 'Nonce is required' },
+              password: { required: true, message: 'Password is required' },
+            })
+            try {
+              // 第三步：待用户输入完验证码之后，验证验证码
+              const verificationTokenRes = await this.verify({
+                verification_id: verificationInfo.verification_id,
+                verification_code: attributes.nonce,
+              })
+
+              await this.oauthInstance.authApi.resetPassword({
+                email: isEmail ? emailOrPhone : undefined,
+                phone_number: !isEmail ? emailOrPhone : undefined,
+                new_password: attributes.password,
+                verification_token: verificationTokenRes.verification_token,
+              })
+
+              this.config.eventBus?.fire(EVENTS.AUTH_STATE_CHANGED, {
+                event: AUTH_STATE_CHANGED_TYPE.PASSWORD_RECOVERY,
+              })
+
+              const res = await this.signInWithPassword({
+                email: isEmail ? emailOrPhone : undefined,
+                phone: !isEmail ? emailOrPhone : undefined,
+                password: attributes.password,
+              })
+
+              if (redirectTo && isBrowser()) {
+                window.location.assign(redirectTo)
+              }
+
+              return res
+            } catch (error) {
+              return { data: {}, error: new AuthError(error) }
+            }
+          },
+        },
+        error: null,
+      }
     } catch (error) {
-      throw error
+      return { data: {}, error: new AuthError(error) }
     }
   }
 
   /**
-   * 邮箱验证码登陆
-   * @returns {Promise<LoginState>}
-   * @memberof Auth
+   * 通过旧密码重置密码
+   * @param new_password
+   * @param old_password
+   * @returns
    */
-  @catchErrorsDecorator({
-    title: '邮箱验证码登陆',
-    messages: [
-      '请确认以下各项：',
-      '  1 - 当前环境是否开启了邮箱登陆',
-      '  2 - 调用 auth().signInWithEmail() 的语法或参数是否正确',
-      `如果问题依然存在，建议到官方问答社区提问或寻找帮助：${COMMUNITY_SITE_URL}`,
-    ],
-  })
-  public async signInWithEmail({
-    verificationInfo = { verification_id: '', is_user: false },
-    verificationCode = '',
-    bindInfo = undefined,
-    email = '',
-  }): Promise<LoginState> {
+  async resetPasswordForOld(params: ResetPasswordForOldReq) {
     try {
-      return this.signInWithUsername({
-        verificationInfo,
-        verificationCode,
-        bindInfo,
-        username: email,
-        loginType: 'email',
+      await this.oauthInstance.authApi.updatePasswordByOld({
+        old_password: params.old_password,
+        new_password: params.new_password,
       })
+
+      const { data: { session } = {} } = await this.getSession()
+
+      return { data: { user: session.user, session }, error: null }
     } catch (error) {
-      throw error
+      return { data: {}, error: new AuthError(error) }
     }
   }
 
   /**
-   * 设置获取自定义登录 ticket 函数
-   * @param {authModels.GetCustomSignTicketFn} getTickFn
-   * @memberof Auth
-   */
-  public setCustomSignFunc(getTickFn: authModels.GetCustomSignTicketFn): void {
-    this.oauthInstance.authApi.setCustomSignFunc(getTickFn)
-  }
-
-  /**
-   *
-   * @returns {Promise<LoginState>}
-   * @memberof Auth
+   * https://supabase.com/docs/reference/javascript/auth-verifyotp
+   * Log in a user given a User supplied OTP and verificationId received through mobile or email.
+   * @param params
+   * @returns Promise<SignInRes>
    */
-  // @catchErrorsDecorator({
-  //   title: '自定义登录失败',
-  //   messages: [
-  //     '请确认以下各项：',
-  //     '  1 - 当前环境是否开启了自定义登录',
-  //     '  2 - 调用 auth().signInWithCustomTicket() 的语法或参数是否正确',
-  //     '  3 - ticket 是否归属于当前环境',
-  //     '  4 - 创建 ticket 的自定义登录私钥是否过期',
-  //     `如果问题依然存在，建议到官方问答社区提问或寻找帮助：${COMMUNITY_SITE_URL}`,
-  //   ],
-  // })
-  // public async signInWithCustomTicket(): Promise<LoginState> {
-  //   await this.oauthInstance.authApi.signInWithCustomTicket()
-  //   return this.createLoginState()
-  // }
+  async verifyOtp(params: VerifyOtpReq): Promise<SignInRes> {
+    try {
+      const { type } = params
+      // 参数校验：token和verificationInfo必填
+      this.validateParams(params, {
+        token: { required: true, message: 'Token is required' },
+        messageId: { required: true, message: 'messageId is required' },
+      })
 
-  /**
-   *
-   * @param {authModels.SignInRequest} params
-   * @returns {Promise<LoginState>}
-   * @memberof Auth
-   */
-  public async signIn(params: authModels.SignInRequest): Promise<LoginState> {
-    await this.oauthInstance.authApi.signIn(params)
-    return this.createLoginState(params)
-  }
+      if (['phone_change', 'email_change'].includes(type)) {
+        await this.verify({
+          verification_id: params.messageId,
+          verification_code: params.token,
+        })
+      } else {
+        await this.signInWithUsername({
+          verificationInfo: { verification_id: params.messageId, is_user: true },
+          verificationCode: params.token,
+          username: params.email || this.formatPhone(params.phone) || '',
+          loginType: params.email ? 'email' : 'phone',
+        })
+      }
 
-  // /**
-  //  *
-  //  * @param {authModels.SignUpRequest} params
-  //  * @returns {Promise<LoginState>}
-  //  * @memberof Auth
-  //  */
-  // @catchErrorsDecorator({
-  //   title: '注册失败',
-  //   messages: [
-  //     '请确认以下各项：',
-  //     '  1 - 当前环境是否开启了指定登录方式',
-  //     '  2 - 调用 auth().signUp() 的语法或参数是否正确',
-  //     `如果问题依然存在，建议到官方问答社区提问或寻找帮助：${COMMUNITY_SITE_URL}`,
-  //   ],
-  // })
-  // public async signUp(params: authModels.SignUpRequest): Promise<any> {
-  //   await this.oauthInstance.authApi.signUp(params)
-  //   return this.createLoginState()
-  // }
+      const { data: { session } = {} } = await this.getSession()
 
-  /**
-   * 设置密码
-   * @param {authModels.SetPasswordRequest} params
-   * @returns {Promise<void>}
-   * @memberof Auth
-   */
-  public async setPassword(params: authModels.SetPasswordRequest): Promise<void> {
-    return this.oauthInstance.authApi.setPassword(params)
+      return { data: { user: session.user, session }, error: null }
+    } catch (error) {
+      return { data: {}, error: new AuthError(error) }
+    }
   }
 
   /**
-   * 检测用户名是否已经占用
-   * @param username
+   * https://supabase.com/docs/reference/javascript/auth-getSession
+   * Returns the session, refreshing it if necessary.
+   * @returns Promise<SignInRes>
    */
-  @catchErrorsDecorator({
-    title: '获取用户是否被占用失败',
-    messages: [
-      '请确认以下各项：',
-      '  1 - 调用 auth().isUsernameRegistered() 的语法或参数是否正确',
-      `如果问题依然存在，建议到官方问答社区提问或寻找帮助：${COMMUNITY_SITE_URL}`,
-    ],
-  })
-  public async isUsernameRegistered(username: string): Promise<boolean> {
-    if (typeof username !== 'string') {
-      throwError(ERRORS.INVALID_PARAMS, 'username must be a string')
-    }
+  async getSession(): Promise<SignInRes> {
+    try {
+      const credentials: Credentials = await this.oauthInstance.oauth2client.getCredentials()
 
-    const { exist } = await this.oauthInstance.authApi.checkIfUserExist({ username })
-    return exist
+      if (!credentials || credentials.scope === 'accessKey') {
+        return { data: { session: null }, error: null }
+      }
+
+      const { data: { user } = {} } = await this.getUser()
+
+      return { data: { session: { ...credentials, user }, user }, error: null }
+    } catch (error) {
+      return { data: {}, error: new AuthError(error) }
+    }
   }
 
   /**
-   * 获取本地登录态-同步
+   * https://supabase.com/docs/reference/javascript/auth-refreshsession
+   * 无论过期状态如何，都返回一个新的会话
+   * @param refresh_token
+   * @returns Promise<SignInRes>
    */
-  public hasLoginState(): LoginState | null {
-    if (this.cache.mode === 'async') {
-      // async storage的平台调用此API提示
-      printWarn(
-        ERRORS.INVALID_OPERATION,
-        'current platform\'s storage is asynchronous, please use getLoginState instead',
-      )
-      return
-    }
+  async refreshSession(refresh_token?: string): Promise<SignInRes> {
+    try {
+      const credentials: Credentials = await this.oauthInstance.oauth2client.localCredentials.getCredentials()
+      credentials.refresh_token = refresh_token || credentials.refresh_token
+      const newTokens = await this.oauthInstance.oauth2client.refreshToken(credentials)
+      const { data: { user } = {} } = await this.getUser()
 
-    const oauthLoginState = this.oauthInstance?.authApi.hasLoginStateSync()
-    if (oauthLoginState) {
-      const loginState = new LoginState({
-        envId: this.config.env,
-        cache: this.cache,
-        oauthInstance: this.oauthInstance,
-      })
-      return loginState
+      return { data: { user, session: { ...newTokens, user } }, error: null }
+    } catch (error) {
+      return { data: {}, error: new AuthError(error) }
     }
-    return null
   }
 
   /**
-   * 获取本地登录态-异步
-   * 此API为兼容异步storage的平台
+   * https://supabase.com/docs/reference/javascript/auth-getuser
+   * 如果存在现有会话，则获取当前用户详细信息
+   * @returns Promise<GetUserRes>
    */
-  @catchErrorsDecorator({
-    title: '获取本地登录态失败',
-    messages: [
-      '请确认以下各项：',
-      '  1 - 调用 auth().getLoginState() 的语法或参数是否正确',
-      `如果问题依然存在，建议到官方问答社区提问或寻找帮助：${COMMUNITY_SITE_URL}`,
-    ],
-  })
-  public async getLoginState() {
-    let oauthLoginState = null
-
+  async getUser(): Promise<GetUserRes> {
     try {
-      oauthLoginState = await this.oauthInstance.authApi.getLoginState()
+      const user = this.convertToUser(await this.getCurrentUser())
+      return { data: { user }, error: null }
     } catch (error) {
-      return null
-    }
-
-    if (oauthLoginState) {
-      const loginState = new LoginState({
-        envId: this.config.env,
-        cache: this.cache,
-        oauthInstance: this.oauthInstance,
-      })
-      return loginState
+      return { data: {}, error: new AuthError(error) }
     }
-
-    return null
-  }
-
-  @catchErrorsDecorator({
-    title: '获取用户信息失败',
-    messages: [
-      '请确认以下各项：',
-      '  1 - 是否已登录',
-      '  2 - 调用 auth().getUserInfo() 的语法或参数是否正确',
-      `如果问题依然存在，建议到官方问答社区提问或寻找帮助：${COMMUNITY_SITE_URL}`,
-    ],
-  })
-  public async getUserInfo(): Promise<(authModels.UserInfo & Partial<User>) | null> {
-    return this.getCurrentUser()
   }
 
-  @catchErrorsDecorator({
-    title: '获取微搭插件用户信息失败',
-    messages: [
-      '请确认以下各项：',
-      '  1 - 是否已登录',
-      '  2 - 调用 auth().getWedaUserInfo() 的语法或参数是否正确',
-      `如果问题依然存在，建议到官方问答社区提问或寻找帮助：${COMMUNITY_SITE_URL}`,
-    ],
-  })
-  public async getWedaUserInfo(): Promise<any> {
-    return this.oauthInstance.authApi.getWedaUserInfo()
-  }
+  /**
+   * 刷新用户信息
+   * @returns Promise<CommonRes>
+   */
+  async refreshUser(): Promise<CommonRes> {
+    try {
+      await this.currentUser.refresh()
 
-  public async updateUserBasicInfo(params: authModels.ModifyUserBasicInfoRequest) {
-    const loginState = await this.getLoginState()
-    if (loginState) {
-      await (loginState.user as User).updateUserBasicInfo(params)
+      const { data: { session } = {} } = await this.getSession()
+      return { data: { user: session.user, session }, error: null }
+    } catch (error) {
+      return { data: {}, error: new AuthError(error) }
     }
-    return
   }
 
   /**
-   * getAuthHeader 兼容处理
-   * 返回空对象
+   * https://supabase.com/docs/reference/javascript/auth-updateuser
+   * 更新用户信息
+   * @param params
+   * @returns Promise<GetUserRes | UpdateUserWithVerificationRes>
    */
-  public getAuthHeader(): {} {
-    console.error('Auth.getAuthHeader API 已废弃')
-    return {}
-  }
+  async updateUser(params: UpdateUserReq): Promise<GetUserRes | UpdateUserWithVerificationRes> {
+    try {
+      // 参数校验：至少有一个更新字段被提供
+      const hasValue = Object.keys(params).some(key => params[key] !== undefined && params[key] !== null && params[key] !== '',)
+      if (!hasValue) {
+        throw new AuthError({ message: 'At least one field must be provided for update' })
+      }
 
-  /**
-   * 为已有账户绑第三方账户
-   * @param {authModels.BindWithProviderRequest} params
-   * @returns {Promise<void>}
-   * @memberof Auth
-   */
-  @catchErrorsDecorator({
-    title: '绑定第三方登录方式失败',
-    messages: [
-      '请确认以下各项：',
-      '  1 - 调用 auth().bindWithProvider() 的语法或参数是否正确',
-      '  2 - 此账户是否已经绑定此第三方',
-      `如果问题依然存在，建议到官方问答社区提问或寻找帮助：${COMMUNITY_SITE_URL}`,
-    ],
-  })
-  public async bindWithProvider(params: authModels.BindWithProviderRequest): Promise<void> {
-    return this.oauthInstance.authApi.bindWithProvider(params)
-  }
-
-  /**
-   * 查询用户
-   * @param {authModels.QueryUserProfileRequest} appended_params
-   * @returns {Promise<authModels.UserProfile>}
-   * @memberof Auth
-   */
-  public async queryUser(queryObj: authModels.QueryUserProfileRequest): Promise<authModels.QueryUserProfileResponse> {
-    return this.oauthInstance.authApi.queryUserProfile(queryObj)
-  }
+      const { email, phone, ...restParams } = params
 
-  public async getAccessToken() {
-    const oauthAccessTokenRes = await this.oauthInstance.oauth2client.getAccessToken()
-    return {
-      accessToken: oauthAccessTokenRes,
-      env: this.config.env,
-    }
-  }
+      // 检查是否需要更新 email 或 phone
+      const needsEmailVerification = email !== undefined
+      const needsPhoneVerification = phone !== undefined
 
-  public async grantProviderToken(params: authModels.GrantProviderTokenRequest,): Promise<authModels.GrantProviderTokenResponse> {
-    return this.oauthInstance.authApi.grantProviderToken(params)
-  }
+      let extraRes = {}
 
-  public async patchProviderToken(params: authModels.PatchProviderTokenRequest,): Promise<authModels.PatchProviderTokenResponse> {
-    return this.oauthInstance.authApi.patchProviderToken(params)
-  }
+      if (needsEmailVerification || needsPhoneVerification) {
+        // 需要发送验证码
+        let verificationParams: { email?: string; phone_number?: string }
+        let verificationType: 'email_change' | 'phone_change'
 
-  public async signInWithProvider(params: authModels.SignInWithProviderRequest): Promise<LoginState> {
-    await this.oauthInstance.authApi.signInWithProvider(params)
-    return this.createLoginState(params)
-  }
+        if (needsEmailVerification) {
+          verificationParams = { email: params.email }
+          verificationType = 'email_change'
+        } else {
+          // 正规化手机号
+          const formattedPhone = this.formatPhone(params.phone)
+          verificationParams = { phone_number: formattedPhone }
+          verificationType = 'phone_change'
+        }
 
-  public async signInWithWechat(params: any = {}) {
-    await this.oauthInstance.authApi.signInWithWechat(params)
-    return this.createLoginState(params)
-  }
+        // 发送验证码
+        const verificationInfo = await this.getVerification(verificationParams)
 
-  public async grantToken(params: authModels.GrantTokenRequest): Promise<LoginState> {
-    await this.oauthInstance.authApi.grantToken(params)
-    return this.createLoginState()
-  }
+        Object.keys(restParams).length > 0 && (await this.updateUserBasicInfo(restParams))
 
-  public async genProviderRedirectUri(params: authModels.GenProviderRedirectUriRequest,): Promise<authModels.GenProviderRedirectUriResponse> {
-    return this.oauthInstance.authApi.genProviderRedirectUri(params)
-  }
+        extraRes = {
+          messageId: verificationInfo.verification_id,
+          verifyOtp: async (verifyParams: { email?: string; phone?: string; token: string }): Promise<GetUserRes> => {
+            try {
+              if (verifyParams.email && params.email === verifyParams.email) {
+                // 验证码验证
+                await this.verifyOtp({
+                  type: 'email_change',
+                  email: params.email,
+                  token: verifyParams.token,
+                  messageId: verificationInfo.verification_id,
+                })
+                await this.updateUserBasicInfo({ email: params.email })
+              } else if (verifyParams.phone && params.phone === verifyParams.phone) {
+                // 验证码验证
+                await this.verifyOtp({
+                  type: 'phone_change',
+                  phone: params.phone,
+                  token: verifyParams.token,
+                  messageId: verificationInfo.verification_id,
+                })
+                await this.updateUserBasicInfo({ phone: this.formatPhone(params.phone) })
+              } else {
+                await this.verifyOtp({
+                  type: verificationType,
+                  email: needsEmailVerification ? params.email : undefined,
+                  phone: !needsEmailVerification ? params.phone : undefined,
+                  token: verifyParams.token,
+                  messageId: verificationInfo.verification_id,
+                })
+                // 验证成功后更新用户信息
+                await this.updateUserBasicInfo(params)
+              }
 
-  public async resetPassword(params: authModels.ResetPasswordRequest): Promise<void> {
-    return this.oauthInstance.authApi.resetPassword(params)
-  }
+              const {
+                data: { user },
+              } = await this.getUser()
+              this.config.eventBus?.fire(EVENTS.AUTH_STATE_CHANGED, { event: AUTH_STATE_CHANGED_TYPE.USER_UPDATED })
 
-  public async deviceAuthorize(params: authModels.DeviceAuthorizeRequest): Promise<authModels.DeviceAuthorizeResponse> {
-    return this.oauthInstance.authApi.deviceAuthorize(params)
-  }
+              return { data: { user }, error: null }
+            } catch (error) {
+              return { data: {}, error: new AuthError(error) }
+            }
+          },
+        }
+      } else {
+        // 不需要验证，直接更新
+        await this.updateUserBasicInfo(params)
+      }
+      const {
+        data: { user },
+      } = await this.getUser()
+      this.config.eventBus?.fire(EVENTS.AUTH_STATE_CHANGED, { event: AUTH_STATE_CHANGED_TYPE.USER_UPDATED })
 
-  public async sudo(params: authModels.SudoRequest): Promise<authModels.SudoResponse> {
-    return this.oauthInstance.authApi.sudo(params)
+      return { data: { user, ...extraRes }, error: null }
+    } catch (error) {
+      return { data: {}, error: new AuthError(error) }
+    }
   }
 
-  public async deleteMe(params: authModels.WithSudoRequest): Promise<authModels.UserProfile> {
-    return this.oauthInstance.authApi.deleteMe(params)
-  }
+  /**
+   * https://supabase.com/docs/reference/javascript/auth-getuseridentities
+   * 获取所有身份源
+   * @returns Promise<GetUserIdentitiesRes>
+   */
+  async getUserIdentities(): Promise<GetUserIdentitiesRes> {
+    try {
+      const providers = await this.oauthInstance.authApi.getProviders()
 
-  public async getProviders(): Promise<authModels.ProvidersResponse> {
-    return this.oauthInstance.authApi.getProviders()
+      return {
+        data: {
+          identities: providers?.data?.filter(v => !!v.bind) as unknown as GetUserIdentitiesRes['data']['identities'],
+        },
+        error: null,
+      }
+    } catch (error) {
+      return { data: {}, error: new AuthError(error) }
+    }
   }
 
-  public async loginScope(): Promise<string> {
-    return this.oauthInstance.authApi.loginScope()
-  }
+  /**
+   * https://supabase.com/docs/reference/javascript/auth-linkidentity
+   * 绑定身份源到当前用户
+   * @param params
+   * @returns Promise<LinkIdentityRes>
+   */
+  async linkIdentity(params: LinkIdentityReq): Promise<LinkIdentityRes> {
+    try {
+      // 参数校验：provider必填
+      this.validateParams(params, {
+        provider: { required: true, message: 'Provider is required' },
+      })
 
-  public async loginGroups(): Promise<string[]> {
-    return this.oauthInstance.authApi.loginGroups()
-  }
+      await this.signInWithOAuth({
+        provider: params.provider,
+        options: {
+          type: OAUTH_TYPE.BIND_IDENTITY,
+        },
+      })
 
-  public async onLoginStateChanged(callback: Function) {
-    this.config.eventBus?.on(EVENTS.LOGIN_STATE_CHANGED, async (params) => {
-      // getLoginState会重复触发getCredentials，导致死循环，所以getCredentials出错不再出发getLoginState
-      const loginState = params?.data?.eventType !== LOGIN_STATE_CHANGED_TYPE.CREDENTIALS_ERROR ? await this.getLoginState() : {}
-      callback.call(this, { ...params, ...loginState })
-    })
-    // 立刻执行一次回调
-    const loginState = await this.getLoginState()
-    callback.call(this, loginState)
+      return { data: { provider: params.provider }, error: null }
+    } catch (error) {
+      return { data: {}, error: new AuthError(error) }
+    }
   }
 
   /**
-   * 强制刷新token
+   * https://supabase.com/docs/reference/javascript/auth-unlinkidentity
+   * 解绑身份源
    * @param params
-   * @returns
+   * @returns Promise<CommonRes>
    */
-  public async refreshTokenForce(params: { version?: string }): Promise<Credentials> {
-    return this.oauthInstance.authApi.refreshTokenForce(params)
-  }
+  async unlinkIdentity(params: UnlinkIdentityReq): Promise<CommonRes> {
+    try {
+      // 参数校验：provider必填
+      this.validateParams(params, {
+        provider: { required: true, message: 'Provider is required' },
+      })
 
-  /**
-   * 获取身份信息
-   * @returns
-   */
-  public async getCredentials(): Promise<Credentials> {
-    return this.oauthInstance.authApi.getCredentials()
-  }
-  /**
-   * 写入身份信息
-   */
-  public async setCredentials(credentials: Credentials) {
-    await this.oauthInstance.oauth2client.setCredentials(credentials)
-  }
+      await this.oauthInstance.authApi.unbindProvider({ provider_id: params.provider })
 
-  @catchErrorsDecorator({
-    title: '获取身份源类型',
-    messages: [
-      '请确认以下各项：',
-      '  1 - 调用 auth().getProviderSubType() 的语法或参数是否正确',
-      `如果问题依然存在，建议到官方问答社区提问或寻找帮助：${COMMUNITY_SITE_URL}`,
-    ],
-  })
-  public async getProviderSubType(): Promise<authModels.ProviderSubType> {
-    return this.oauthInstance.authApi.getProviderSubType()
+      return { data: {}, error: null }
+    } catch (error) {
+      return { data: {}, error: new AuthError(error) }
+    }
   }
 
-  public async createCaptchaData(params: { state: string; redirect_uri?: string }) {
-    return this.oauthInstance.authApi.createCaptchaData(params)
-  }
+  /**
+   * https://supabase.com/docs/reference/javascript/auth-reauthentication
+   * 重新认证
+   * @returns Promise<ReauthenticateRes>
+   */
+  async reauthenticate(): Promise<ReauthenticateRes> {
+    try {
+      const {
+        data: { user },
+      } = await this.getUser()
 
-  public async verifyCaptchaData(params: { token: string; key: string }) {
-    return this.oauthInstance.authApi.verifyCaptchaData(params)
-  }
+      this.validateAtLeastOne(user, [['email', 'phone']], 'You must provide either an email or phone number')
+      const userInfo = user.email ? { email: user.email } : { phone_number: this.formatPhone(user.phone) }
 
-  public async getMiniProgramQrCode(params: authModels.GetMiniProgramQrCodeRequest,): Promise<authModels.GetMiniProgramQrCodeResponse> {
-    return this.oauthInstance.authApi.getMiniProgramCode(params)
-  }
+      // 第一步：发送验证码并存储 verificationInfo
+      const verificationInfo = await this.getVerification(userInfo)
 
-  public async getMiniProgramQrCodeStatus(params: authModels.GetMiniProgramQrCodeStatusRequest,): Promise<authModels.GetMiniProgramQrCodeStatusResponse> {
-    return this.oauthInstance.authApi.getMiniProgramQrCodeStatus(params)
-  }
+      return {
+        data: {
+          // 第二步：等待用户输入验证码（通过 Promise 包装用户输入事件）
+          updateUser: async (attributes: UpdateUserAttributes): Promise<SignInRes> => {
+            this.validateParams(attributes, {
+              nonce: { required: true, message: 'Nonce is required' },
+            })
+            try {
+              if (attributes.password) {
+                // 第三步：待用户输入完验证码之后，验证验证码
+                const verificationTokenRes = await this.verify({
+                  verification_id: verificationInfo.verification_id,
+                  verification_code: attributes.nonce,
+                })
 
-  public async modifyPassword(params: authModels.ModifyUserBasicInfoRequest): Promise<void> {
-    return this.oauthInstance.authApi.modifyPassword(params)
-  }
+                // 第四步：获取 sudo_token
+                const sudoRes = await this.oauthInstance.authApi.sudo({
+                  verification_token: verificationTokenRes.verification_token,
+                })
 
-  public async modifyPasswordWithoutLogin(params: authModels.ModifyPasswordWithoutLoginRequest): Promise<void> {
-    return this.oauthInstance.authApi.modifyPasswordWithoutLogin(params)
-  }
+                await this.oauthInstance.authApi.setPassword({
+                  new_password: attributes.password,
+                  sudo_token: sudoRes.sudo_token,
+                })
+              } else {
+                await this.signInWithUsername({
+                  verificationInfo,
+                  verificationCode: attributes.nonce,
+                  ...userInfo,
+                  loginType: userInfo.email ? 'email' : 'phone',
+                })
+              }
 
-  public async getUserBehaviorLog(params: authModels.GetUserBehaviorLog): Promise<authModels.GetUserBehaviorLogRes> {
-    return this.oauthInstance.authApi.getUserBehaviorLog(params)
+              const { data: { session } = {} } = await this.getSession()
+
+              return { data: { user: session.user, session }, error: null }
+            } catch (error) {
+              return { data: {}, error: new AuthError(error) }
+            }
+          },
+        },
+        error: null,
+      }
+    } catch (error) {
+      return { data: {}, error: new AuthError(error) }
+    }
   }
 
   /**
-   * sms/email 验证码登录/注册，逻辑一致收敛
+   * https://supabase.com/docs/reference/javascript/auth-resend
+   * 重新发送验证码
+   * @param params
+   * @returns Promise<ResendRes>
    */
-  public async signInWithUsername({
-    verificationInfo = { verification_id: '', is_user: false },
-    verificationCode = '',
-    username: rawUsername = '',
-    bindInfo = undefined,
-    loginType = '',
-  }: {
-    verificationInfo?: authModels.GetVerificationResponse
-    verificationCode?: string
-    username?: string
-    bindInfo?: any
-    loginType?: string
-  }): Promise<LoginState> {
+  async resend(params: ResendReq): Promise<ResendRes> {
     try {
-      // 1. 验证验证码
-      const verifyRes = await this.oauthInstance.authApi.verify({
-        verification_id: verificationInfo.verification_id,
-        verification_code: verificationCode,
-      })
+      // 参数校验：email或phone必填其一
+      this.validateAtLeastOne(params, [['email'], ['phone']], 'You must provide either an email or phone number')
 
-      if ((verifyRes as any)?.error_code) {
-        throw verifyRes
+      const target = params.type === 'signup' ? 'ANY' : 'USER'
+      const data: { email?: string; phone_number?: string; target: 'USER' | 'ANY' } = { target }
+      if ('email' in params) {
+        data.email = params.email
       }
 
-      // eslint-disable-next-line @typescript-eslint/naming-convention
-      const { verification_token } = verifyRes
+      if ('phone' in params) {
+        data.phone_number = this.formatPhone(params.phone)
+      }
 
-      // 手机登录参数
-      let username = /^\+\d{1,3}\s+/.test(rawUsername) ? rawUsername : `+86 ${rawUsername}`
-      let signUpParam: any = { phone_number: username }
+      // 重新发送验证码
+      const { verification_id: verificationId } = await this.oauthInstance.authApi.getVerification(data)
 
-      // 邮箱登录参数
-      if (loginType === 'email') {
-        username = rawUsername
-        signUpParam = { email: username }
+      return {
+        data: { messageId: verificationId },
+        error: null,
       }
+    } catch (error: any) {
+      return {
+        data: {},
+        error: new AuthError(error),
+      }
+    }
+  }
 
-      // 2. 根据是否已经是用户，分别走登录或注册逻辑
-      if (verificationInfo.is_user) {
-        // 私有化环境或者自定义应用走v1版本的老逻辑
-        const signInRes = await this.oauthInstance.authApi.signIn({
-          username,
-          verification_token,
-        })
-
-        if ((signInRes as any)?.error_code) {
-          throw signInRes
-        }
+  /**
+   * https://supabase.com/docs/reference/javascript/auth-setsession
+   * 使用access_token和refresh_token来设置会话
+   * @param params
+   * @returns Promise<SignInRes>
+   */
+  async setSession(params: SetSessionReq): Promise<SignInRes> {
+    try {
+      this.validateParams(params, {
+        access_token: { required: true, message: 'Access token is required' },
+        refresh_token: { required: true, message: 'Refresh token is required' },
+      })
 
-        if (bindInfo) {
-          const bindRes = await this.oauthInstance.authApi.bindWithProvider({
-            provider_token: (bindInfo as any)?.providerToken,
-          })
+      await this.oauthInstance.oauth2client.refreshToken(params, { throwError: true })
 
-          if ((bindRes as any)?.error_code) {
-            throw bindRes
-          }
-        }
-      } else {
-        // 自定义应用走signUp逻辑
-        const signUpRes = await this.oauthInstance.authApi.signUp({
-          ...signUpParam,
-          verification_token,
-          provider_token: (bindInfo as any)?.providerId,
-        })
+      const { data: { session } = {} } = await this.getSession()
 
-        if ((signUpRes as any)?.error_code) {
-          throw signUpRes
-        }
-      }
+      this.config.eventBus?.fire(EVENTS.AUTH_STATE_CHANGED, { event: AUTH_STATE_CHANGED_TYPE.SIGNED_IN })
 
-      return this.createLoginState()
+      return { data: { user: session.user, session }, error: null }
     } catch (error) {
-      throw error
+      return { data: {}, error: new AuthError(error) }
     }
   }
 
-  async createLoginState(
-    params?: { version?: string; query?: any },
-    options?: { asyncRefreshUser?: boolean; userInfo?: any },
-  ): Promise<LoginState> {
-    const loginState = new LoginState({
-      envId: this.config.env,
-      cache: this.cache,
-      oauthInstance: this.oauthInstance,
-    })
+  // https://supabase.com/docs/reference/javascript/auth-exchangecodeforsession
+  async exchangeCodeForSession() {
+    //
+  }
 
-    await loginState.checkLocalStateAsync()
+  /**
+   * 删除当前用户
+   * @param params
+   * @returns
+   */
+  async deleteUser(params: DeleteMeReq): Promise<CommonRes> {
+    try {
+      this.validateParams(params, {
+        password: { required: true, message: 'Password is required' },
+      })
 
-    if (options?.userInfo) {
-      loginState.user.setLocalUserInfo(options.userInfo)
-    } else {
-      if (options?.asyncRefreshUser) {
-        loginState.user.refresh(params)
-      } else {
-        await loginState.user.refresh(params)
-      }
-    }
+      const { sudo_token } = await this.oauthInstance.authApi.sudo(params)
 
-    this.config.eventBus?.fire(EVENTS.LOGIN_STATE_CHANGED, { eventType: LOGIN_STATE_CHANGED_TYPE.SIGN_IN })
+      await this.oauthInstance.authApi.deleteMe({ sudo_token })
 
-    this.config.eventBus?.fire(EVENTS.AUTH_STATE_CHANGED, { event: AUTH_STATE_CHANGED_TYPE.SIGNED_IN })
-    return loginState
+      return { data: {}, error: null }
+    } catch (error) {
+      return { data: {}, error: new AuthError(error) }
+    }
   }
 
-  async setAccessKey() {
-    if (this.config.accessKey) {
-      try {
-        this.oauthInstance.oauth2client.setAccessKeyCredentials({
-          access_token: this.config.accessKey,
-          token_type: 'Bearer',
-          scope: 'accessKey',
-          expires_at: new Date(+new Date() + +new Date()),
-          expires_in: +new Date() + +new Date(),
-        })
-      } catch (error) {
-        console.warn('accessKey error: ', error)
+  /**
+   * 跳转系统默认登录页
+   * @returns {Promise<authModels.ToDefaultLoginPage>}
+   * @memberof Auth
+   */
+  async toDefaultLoginPage(params: authModels.ToDefaultLoginPage = {}): Promise<CommonRes> {
+    try {
+      const configVersion = params.config_version || 'env'
+      const query = Object.keys(params.query || {})
+        .map(key => `${key}=${params.query[key]}`)
+        .join('&')
+
+      if (adapterForWxMp.isMatch()) {
+        wx.navigateTo({ url: `/packages/$wd_system/pages/login/index${query ? `?${query}` : ''}` })
+      } else {
+        const redirectUri = params.redirect_uri || window.location.href
+        const urlObj = new URL(redirectUri)
+        const loginPage = `${urlObj.origin}/__auth/?app_id=${params.app_id || ''}&env_id=${this.config.env}&client_id=${
+          this.config.clientId || this.config.env
+        }&config_version=${configVersion}&redirect_uri=${encodeURIComponent(redirectUri)}${query ? `&${query}` : ''}`
+        window.location.href = loginPage
       }
+      return { data: {}, error: null }
+    } catch (error) {
+      return { data: {}, error: new AuthError(error) }
     }
   }
 
-  // ========== new auth api methods merged below ==========
-
   /**
-   * https://supabase.com/docs/reference/javascript/auth-signinanonymously
-   * Sign in a user anonymously.
-   * const { data, error } = await auth.signInAnonymously();
-   * @param params
-   * @returns  Promise<SignInRes>
+   * 自定义登录
+   * @param getTickFn () => Promise<string>, 获取自定义登录 ticket 的函数
+   * @returns
    */
-  async signInAnonymously(params: SignInAnonymouslyReq): Promise<SignInRes> {
+  async signInWithCustomTicket(getTickFn?: authModels.GetCustomSignTicketFn): Promise<SignInRes> {
+    if (getTickFn) {
+      this.setCustomSignFunc(getTickFn)
+    }
+
     try {
-      await this.oauthInstance.authApi.signInAnonymously(params)
+      await this.oauthInstance.authApi.signInWithCustomTicket()
       const loginState = await this.createLoginState()
 
       const { data: { session } = {} } = await this.getSession()
@@ -1383,1075 +1374,1090 @@ class Auth {
   }
 
   /**
-   * https://supabase.com/docs/reference/javascript/auth-signup
-   * Sign up a new user with email or phone using a one-time password (OTP). If the account not exist, a new account will be created.
+   * 小程序openId静默登录
    * @param params
-   * @returns Promise<SignUpRes>
+   * @returns Promise<SignInRes>
    */
-  async signUp(params: authModels.SignUpRequest & { phone?: string }): Promise<SignUpRes> {
-    if (params.phone_number || params.verification_code || params.verification_token || params.provider_token) {
-      await this.oauthInstance.authApi.signUp(params)
-      return this.createLoginState() as any
-    }
-    try {
-      // 参数校验：email或phone必填其一
-      this.validateAtLeastOne(params, [['email'], ['phone']], 'You must provide either an email or phone number')
-
-      // 第一步：发送验证码并存储 verificationInfo
-      const verificationInfo = await this.getVerification(params.email ? { email: params.email } : { phone_number: this.formatPhone(params.phone) },)
+  async signInWithOpenId({ useWxCloud = true } = {}): Promise<SignInRes> {
+    if (!adapterForWxMp.isMatch()) {
+      throw Error('wx api undefined')
+    }
+    const wxInfo = wx.getAccountInfoSync().miniProgram
 
-      return {
-        data: {
-          // 第二步：等待用户输入验证码（通过 Promise 包装用户输入事件）
-          verifyOtp: async ({ token, messageId = verificationInfo.verification_id }): Promise<SignInRes> => {
-            try {
-              // 第三步：待用户输入完验证码之后，验证短信验证码
-              const verificationTokenRes = await this.verify({
-                verification_id: messageId || verificationInfo.verification_id,
-                verification_code: token,
-              })
+    const mainFunc = async (code) => {
+      let result: authModels.GrantProviderTokenResponse | undefined = undefined
+      let credentials: Credentials | undefined = undefined
 
-              // 第四步：注册并登录或直接登录
-              // 如果用户已经存在，直接登录
-              if (verificationInfo.is_user) {
-                await this.signIn({
-                  username: params.email || this.formatPhone(params.phone),
-                  verification_token: verificationTokenRes.verification_token,
-                })
-              } else {
-                // 如果用户不存在，注册用户
-                const data = JSON.parse(JSON.stringify(params))
-                delete data.email
-                delete data.phone
+      try {
+        result = await this.oauthInstance.authApi.grantProviderToken(
+          {
+            provider_id: wxInfo?.appId,
+            provider_code: code,
+            provider_params: {
+              provider_code_type: 'open_id',
+              appid: wxInfo?.appId,
+            },
+          },
+          useWxCloud,
+        )
 
-                await this.oauthInstance.authApi.signUp({
-                  ...data,
-                  ...(params.email ? { email: params.email } : { phone_number: this.formatPhone(params.phone) }),
-                  verification_token: verificationTokenRes.verification_token,
-                  verification_code: token,
-                })
-                await this.createLoginState()
-              }
+        if ((result as any)?.error_code || !result.provider_token) {
+          throw result
+        }
 
-              const { data: { session } = {} } = await this.getSession()
+        credentials = await this.oauthInstance.authApi.signInWithProvider(
+          { provider_token: result.provider_token },
+          useWxCloud,
+        )
 
-              return { data: { user: session.user, session }, error: null }
-            } catch (error) {
-              return { data: {}, error: new AuthError(error) }
-            }
-          },
-        },
-        error: null,
+        if ((credentials as any)?.error_code) {
+          throw credentials
+        }
+      } catch (error) {
+        throw error
       }
-    } catch (error) {
-      return { data: {}, error: new AuthError(error) }
+      await this.oauthInstance.oauth2client.setCredentials(credentials as Credentials)
     }
-  }
 
-  /**
-   * https://supabase.com/docs/reference/javascript/auth-signout
-   * const result = await auth.signOut();
-   *
-   * @param params
-   */
-  async signOut(params?: authModels.SignoutRequest,): Promise<authModels.SignoutResponse & { data: Object; error: AuthError }> {
     try {
-      const { userInfoKey } = this.cache.keys
-      const res = await this.oauthInstance.authApi.signOut(params)
-      await this.cache.removeStoreAsync(userInfoKey)
-      this.setAccessKey()
+      await new Promise((resolve, reject) => {
+        wx.login({
+          success: async (res: { code: string }) => {
+            try {
+              await mainFunc(res.code)
+              resolve(true)
+            } catch (error) {
+              reject(error)
+            }
+          },
+          fail: (res: any) => {
+            const error = new Error(res?.errMsg)
+            ;(error as any).code = res?.errno
+            reject(error)
+          },
+        })
+      })
 
-      this.config.eventBus?.fire(EVENTS.LOGIN_STATE_CHANGED, { eventType: LOGIN_STATE_CHANGED_TYPE.SIGN_OUT })
+      const loginState = await this.createLoginState()
 
-      this.config.eventBus?.fire(EVENTS.AUTH_STATE_CHANGED, { event: AUTH_STATE_CHANGED_TYPE.SIGNED_OUT })
+      const { data: { session } = {} } = await this.getSession()
 
-      // res返回是为了兼容v2版本
-      return { ...res, data: {}, error: null }
+      // loginState返回是为了兼容v2版本
+      return { ...(loginState as any), data: { user: session.user, session }, error: null }
     } catch (error) {
       return { data: {}, error: new AuthError(error) }
     }
   }
 
   /**
-   * https://supabase.com/docs/reference/javascript/auth-onauthstatechange
-   * Receive a notification every time an auth event happens.
-   * @param callback
-   * @returns Promise<{ data: { subscription: Subscription }, error: Error | null }>
+   * 小程序手机号授权登录
+   * @param params
+   * @returns Promise<SignInRes>
    */
-  onAuthStateChange(callback: OnAuthStateChangeCallback) {
-    if (!this.hasListenerSetUp) {
-      this.setupListeners()
-      this.hasListenerSetUp = true
-    }
-
-    const id = Math.random().toString(36)
-
-    if (!this.listeners.has(id)) {
-      this.listeners.set(id, new Set())
+  // async signInWithPhoneAuth({ phoneCode = '', useWxCloud = false }): Promise<SignInRes> {
+  async signInWithPhoneAuth({ phoneCode = '' }): Promise<SignInRes> {
+    // if (!adapterForWxMp.isMatch()) {
+    //   return { data: {}, error: new AuthError({ message: 'wx api undefined' }) }
+    // }
+    // const wxInfo = wx.getAccountInfoSync().miniProgram
+    // const providerInfo = {
+    //   provider_params: { provider_code_type: 'phone', code: phoneCode, appid: wxInfo.appId },
+    //   provider_id: wxInfo.appId,
+    // }
+
+    // const { code } = await wx.login()
+    // ;(providerInfo as any).provider_code = code
+
+    // try {
+    //   const providerToken = await this.oauthInstance.authApi.grantProviderToken(providerInfo, useWxCloud)
+    //   if (providerToken.error_code) {
+    //     throw providerToken
+    //   }
+
+    //   const signInRes = await this.oauthInstance.authApi.signInWithProvider({
+    //     provider_token: providerToken.provider_token,
+    //   }, useWxCloud)
+
+    //   if ((signInRes as any)?.error_code) {
+    //     throw signInRes
+    //   }
+    // } catch (error) {
+    //   return { data: {}, error: new AuthError(error) }
+    // }
+
+    // const loginState = await this.createLoginState()
+
+    // const { data: { session } = {} } = await this.getSession()
+
+    // // loginState返回是为了兼容v2版本
+    // return { ...(loginState as any), data: { user: session.user, session }, error: null }
+    if (!adapterForWxMp.isMatch()) {
+      return { data: {}, error: new AuthError({ message: 'wx api undefined' }) }
     }
-
-    this.listeners.get(id)!.add(callback)
-
-    // 返回 Subscription 对象
-    const subscription = {
-      id,
-      callback,
-      unsubscribe: () => {
-        const callbacks = this.listeners.get(id)
-        if (callbacks) {
-          callbacks.delete(callback)
-          if (callbacks.size === 0) {
-            this.listeners.delete(id)
-          }
-        }
-      },
+    const wxInfo = wx.getAccountInfoSync().miniProgram
+    const providerInfo = {
+      provider_params: { provider_code_type: 'phone' },
+      provider_id: wxInfo.appId,
     }
 
-    return {
-      data: { subscription },
-    }
-  }
+    const { code } = await wx.login()
+    ;(providerInfo as any).provider_code = code
 
-  /**
-   * https://supabase.com/docs/reference/javascript/auth-signinwithpassword
-   * Log in an existing user with an email and password or phone and password or username and password.
-   * @param params
-   * @returns Promise<SignInRes>
-   */
-  async signInWithPassword(params: SignInWithPasswordReq): Promise<SignInRes> {
     try {
-      // 参数校验：username/email/phone三选一，password必填
-      this.validateAtLeastOne(
-        params,
-        [['username'], ['email'], ['phone']],
-        'You must provide either username, email, or phone',
-      )
-      this.validateParams(params, {
-        password: { required: true, message: 'Password is required' },
+      let providerToken = await this.oauthInstance.authApi.grantProviderToken(providerInfo)
+      if (providerToken.error_code) {
+        throw providerToken
+      }
+
+      providerToken = await this.oauthInstance.authApi.patchProviderToken({
+        provider_token: providerToken.provider_token,
+        provider_id: wxInfo.appId,
+        provider_params: {
+          code: phoneCode,
+          provider_code_type: 'phone',
+        },
       })
+      if (providerToken.error_code) {
+        throw providerToken
+      }
 
-      await this.signIn({
-        username: params.username || params.email || this.formatPhone(params.phone),
-        password: params.password,
-        ...(params.is_encrypt ? { isEncrypt: true, version: 'v2' } : {}),
+      const signInRes = await this.oauthInstance.authApi.signInWithProvider({
+        provider_token: providerToken.provider_token,
       })
-      const { data: { session } = {} } = await this.getSession()
 
-      return { data: { user: session.user, session }, error: null }
+      if ((signInRes as any)?.error_code) {
+        throw signInRes
+      }
     } catch (error) {
       return { data: {}, error: new AuthError(error) }
     }
-  }
 
-  /**
-   * https://supabase.com/docs/reference/javascript/auth-signinwithidtoken
-   * 第三方平台登录。如果用户不存在，会根据云开发平台-登录方式中对应身份源的登录模式配置，判断是否自动注册
-   * @param params
-   * @returns Promise<SignInRes>
-   */
-  async signInWithIdToken(params: SignInWithIdTokenReq): Promise<SignInRes> {
-    try {
-      // 参数校验：token必填
-      this.validateParams(params, {
-        token: { required: true, message: 'Token is required' },
-      })
+    const loginState = await this.createLoginState()
 
-      await this.signInWithProvider({
-        provider_token: params.token,
-      })
-      const { data: { session } = {} } = await this.getSession()
+    const { data: { session } = {} } = await this.getSession()
 
-      return { data: { user: session.user, session }, error: null }
-    } catch (error) {
-      return { data: {}, error: new AuthError(error) }
-    }
+    // loginState返回是为了兼容v2版本
+    return { ...(loginState as any), data: { user: session.user, session }, error: null }
   }
 
   /**
-   * https://supabase.com/docs/reference/javascript/auth-signinwithotp
-   * Log in a user using a one-time password (OTP).
-   * @param params
-   * @returns Promise<SignInWithOtpRes>
+   * 绑定手机号
+   * @param phoneNumber
+   * @param phoneCode
    */
-  async signInWithOtp(params: SignInWithOtpReq): Promise<SignInWithOtpRes> {
-    if (params.options?.shouldCreateUser === undefined || !!params.options?.shouldCreateUser) {
-      return this.signUp({
-        email: params.email,
-        phone: params.phone,
-      })
-    }
+  @catchErrorsDecorator({
+    title: '绑定手机号失败',
+    messages: [
+      '请确认以下各项：',
+      '  1 - 调用 auth().bindPhoneNumber() 的语法或参数是否正确',
+      '  2 - 当前环境是否开通了短信验证码登录',
+      `如果问题依然存在，建议到官方问答社区提问或寻找帮助：${COMMUNITY_SITE_URL}`,
+    ],
+  })
+  public async bindPhoneNumber(params: authModels.BindPhoneRequest) {
+    return this.oauthInstance.authApi.editContact(params)
+  }
 
-    try {
-      // 参数校验：email或phone必填其一
-      this.validateAtLeastOne(params, [['email'], ['phone']], 'You must provide either an email or phone number')
-
-      // 第一步：发送验证码并存储 verificationInfo
-      const verificationInfo = await this.getVerification(params.email ? { email: params.email } : { phone_number: this.formatPhone(params.phone) },)
-
-      return {
-        data: {
-          user: null,
-          session: null,
-          // 第二步：等待用户输入验证码（通过 Promise 包装用户输入事件）
-          verifyOtp: async ({ token, messageId = verificationInfo.verification_id }): Promise<SignInRes> => this.verifyOtp({
-            email: params.email,
-            phone: params.phone,
-            token,
-            messageId,
-          }),
-        },
-        error: null,
-      }
-    } catch (error) {
-      return { data: {}, error: new AuthError(error) }
-    }
+  /**
+   * 解绑三方绑定
+   * @param loginType
+   */
+  @catchErrorsDecorator({
+    title: '解除三方绑定失败',
+    messages: [
+      '请确认以下各项：',
+      '  1 - 调用 auth().unbindProvider() 的语法或参数是否正确',
+      '  2 - 当前账户是否已经与此登录方式解绑',
+      `如果问题依然存在，建议到官方问答社区提问或寻找帮助：${COMMUNITY_SITE_URL}`,
+    ],
+  })
+  public async unbindProvider(params: authModels.UnbindProviderRequest): Promise<void> {
+    return this.oauthInstance.authApi.unbindProvider(params)
   }
 
   /**
-   * 校验第三方平台授权登录回调
-   * @param params
-   * @returns Promise<SignInRes>
+   * 更新邮箱地址
+   * @param email
+   * @param sudo_token
+   * @param verification_token
    */
-  async verifyOAuth(params?: VerifyOAuthReq): Promise<SignInRes | LinkIdentityRes> {
-    const data: any = {}
-    try {
-      // 回调至 provider_redirect_uri 地址（url query中携带 授权code，state等参数），此时检查 state 是否符合预期（如 自己设置的 wx_open)
-      const code = params?.code || utils.getQuery('code')
-      const state = params?.state || utils.getQuery('state')
-
-      // 参数校验：code和state必填
-      if (!code) {
-        return { data: {}, error: new AuthError({ message: 'Code is required' }) }
-      }
-
-      if (!state) {
-        return { data: {}, error: new AuthError({ message: 'State is required' }) }
-      }
-
-      const cacheData = getBrowserSession(state)
-      data.type = cacheData?.type
-
-      const provider = params?.provider || cacheData?.provider || utils.getQuery('provider')
-
-      if (!provider) {
-        return { data, error: new AuthError({ message: 'Provider is required' }) }
-      }
-
-      // state符合预期，则获取该三方平台token
-      const { provider_token: token } = await this.grantProviderToken({
-        provider_id: provider,
-        provider_redirect_uri: location.origin + location.pathname, // 指定三方平台跳回的 url 地址
-        provider_code: code, // 第三方平台跳转回页面时，url param 中携带的 code 参数
-      })
+  @catchErrorsDecorator({
+    title: '绑定邮箱地址失败',
+    messages: [
+      '请确认以下各项：',
+      '  1 - 调用 auth().bindEmail() 的语法或参数是否正确',
+      '  2 - 当前环境是否开通了邮箱密码登录',
+      `如果问题依然存在，建议到官方问答社区提问或寻找帮助：${COMMUNITY_SITE_URL}`,
+    ],
+  })
+  public bindEmail(params: authModels.BindEmailRequest) {
+    return this.oauthInstance.authApi.editContact(params)
+  }
 
-      let res: SignInRes | LinkIdentityRes
+  /**
+   * verify
+   * @param {authModels.VerifyRequest} params
+   * @returns {Promise<authModels.VerifyResponse>}
+   * @memberof User
+   */
+  @catchErrorsDecorator({
+    title: '验证码验证失败',
+    messages: [
+      '请确认以下各项：',
+      '  1 - 调用 auth().verify() 的语法或参数是否正确',
+      '  2 - 当前环境是否开通了手机验证码/邮箱登录',
+      `如果问题依然存在，建议到官方问答社区提问或寻找帮助：${COMMUNITY_SITE_URL}`,
+    ],
+  })
+  public async verify(params: authModels.VerifyRequest): Promise<authModels.VerifyResponse> {
+    return this.oauthInstance.authApi.verify(params)
+  }
 
-      if (cacheData.type === OAUTH_TYPE.BIND_IDENTITY) {
-        res = await this.oauthInstance.authApi.toBindIdentity({ provider_token: token, provider, fireEvent: true })
-      } else {
-        // 通过 provider_token 仅登录或登录并注册（与云开发平台-登录方式-身份源登录模式配置有关）
-        res = await this.signInWithIdToken({
-          token,
-        })
-        res.data = { ...data, ...res.data }
-      }
+  /**
+   * 获取验证码
+   * @param {authModels.GetVerificationRequest} params
+   * @returns {Promise<authModels.GetVerificationResponse>}
+   * @memberof User
+   */
+  @catchErrorsDecorator({
+    title: '获取验证码失败',
+    messages: [
+      '请确认以下各项：',
+      '  1 - 调用 auth().getVerification() 的语法或参数是否正确',
+      '  2 - 当前环境是否开通了手机验证码/邮箱登录',
+      `如果问题依然存在，建议到官方问答社区提问或寻找帮助：${COMMUNITY_SITE_URL}`,
+    ],
+  })
+  public async getVerification(
+    params: authModels.GetVerificationRequest,
+    options?: { withCaptcha: boolean },
+  ): Promise<authModels.GetVerificationResponse> {
+    if (params.phone_number) {
+      params.phone_number = this.formatPhone(params.phone_number)
+    }
+    return this.oauthInstance.authApi.getVerification(params, options)
+  }
 
-      const localSearch = new URLSearchParams(location?.search)
-      localSearch.delete('code')
-      localSearch.delete('state')
-      addUrlSearch(
-        cacheData?.search === undefined ? `?${localSearch.toString()}` : cacheData?.search,
-        cacheData?.hash || location.hash,
+  /**
+   * 获取当前登录的用户信息-同步
+   */
+  get currentUser() {
+    if (this.cache.mode === 'async') {
+      // async storage的平台调用此API提示
+      printWarn(
+        ERRORS.INVALID_OPERATION,
+        'current platform\'s storage is asynchronous, please use getCurrentUser instead',
       )
-      removeBrowserSession(state)
+      return
+    }
 
-      return res
-    } catch (error) {
-      return { data, error: new AuthError(error) }
+    const loginState = this.hasLoginState()
+
+    if (loginState) {
+      return loginState.user || null
     }
+    return null
   }
 
   /**
-   * https://supabase.com/docs/reference/javascript/auth-signinwithoauth
-   * 生成第三方平台授权 Uri （如微信二维码扫码授权网页）
-   * @param params
-   * @returns Promise<SignInOAuthRes>
+   * 获取当前登录的用户信息-异步
    */
-  async signInWithOAuth(params: SignInWithOAuthReq): Promise<SignInOAuthRes> {
-    try {
-      // 参数校验：provider必填
-      this.validateParams(params, {
-        provider: { required: true, message: 'Provider is required' },
-      })
-
-      const href = params.options?.redirectTo || location.href
-
-      const urlObject = new URL(href)
+  @catchErrorsDecorator({
+    title: '获取用户信息失败',
+    messages: [
+      '请确认以下各项：',
+      '  1 - 调用 auth().getCurrentUser() 的语法或参数是否正确',
+      `如果问题依然存在，建议到官方问答社区提问或寻找帮助：${COMMUNITY_SITE_URL}`,
+    ],
+  })
+  public async getCurrentUser(): Promise<(authModels.UserInfo & Partial<User>) | null> {
+    const loginState = await this.getLoginState()
+    if (loginState) {
+      const userInfo = loginState.user.getLocalUserInfo() as authModels.UserInfo
+      await loginState.user.checkLocalInfoAsync()
+      return { ...loginState.user, ...userInfo } as unknown as authModels.UserInfo & Partial<User>
+    }
+    return null
+  }
 
-      const provider_redirect_uri = urlObject.origin + urlObject.pathname
+  /**
+   * 匿名登录
+   * @returns {Promise<LoginState>}
+   * @memberof Auth
+   */
+  @catchErrorsDecorator({
+    title: '小程序匿名登录失败',
+    messages: [
+      '请确认以下各项：',
+      '  1 - 当前环境是否开启了匿名登录',
+      '  2 - 调用 auth().signInAnonymouslyInWx() 的语法或参数是否正确',
+      `如果问题依然存在，建议到官方问答社区提问或寻找帮助：${COMMUNITY_SITE_URL}`,
+    ],
+  })
+  public async signInAnonymouslyInWx({
+    useWxCloud,
+  }: {
+    useWxCloud?: boolean
+  } = {}): Promise<LoginState> {
+    if (!adapterForWxMp.isMatch()) {
+      throw Error('wx api undefined')
+    }
+    const wxInfo = wx.getAccountInfoSync().miniProgram
 
-      const state = params.options?.state || `prd-${params.provider}-${Math.random().toString(36)
-        .slice(2)}`
+    const mainFunc = async (code) => {
+      let result: authModels.GrantProviderTokenResponse | undefined = undefined
+      let credentials: Credentials | undefined = undefined
 
-      const { uri } = await this.genProviderRedirectUri({
-        provider_id: params.provider,
-        provider_redirect_uri,
-        state,
-      })
+      try {
+        result = await this.oauthInstance.authApi.grantProviderToken(
+          {
+            provider_id: wxInfo?.appId,
+            provider_code: code,
+            provider_params: {
+              provider_code_type: 'open_id',
+              appid: wxInfo?.appId,
+            },
+          },
+          useWxCloud,
+        )
 
-      // 对 URL 进行解码
-      const decodedUri = decodeURIComponent(uri)
+        if ((result as any)?.error_code || !result.provider_token) {
+          throw result
+        }
 
-      // 合并额外的查询参数
-      let finalUri = decodedUri
+        credentials = await this.oauthInstance.authApi.signInAnonymously(
+          { provider_token: result.provider_token },
+          useWxCloud,
+        )
 
-      if (params.options?.queryParams) {
-        const url = new URL(decodedUri)
-        Object.entries(params.options.queryParams).forEach(([key, value]) => {
-          url.searchParams.set(key, value)
-        })
-        finalUri = url.toString()
+        if ((credentials as any)?.error_code) {
+          throw credentials
+        }
+      } catch (error) {
+        throw error
       }
+    }
 
-      saveToBrowserSession(state, {
-        provider: params.provider,
-        search: urlObject.search,
-        hash: urlObject.hash,
-        type: params.options?.type || OAUTH_TYPE.SIGN_IN,
+    await new Promise((resolve, reject) => {
+      wx.login({
+        success: async (res: { code: string }) => {
+          try {
+            await mainFunc(res.code)
+            resolve(true)
+          } catch (error) {
+            reject(error)
+          }
+        },
+        fail: (res: any) => {
+          const error = new Error(res?.errMsg)
+          ;(error as any).code = res?.errno
+          reject(error)
+        },
       })
+    })
 
-      if (isBrowser() && !params.options?.skipBrowserRedirect) {
-        window.location.assign(finalUri)
-      }
-
-      return { data: { url: finalUri, provider: params.provider }, error: null }
-    } catch (error) {
-      return { data: {}, error: new AuthError(error) }
-    }
-  }
-
-  // https://supabase.com/docs/reference/javascript/auth-getclaims
-  async getClaims(): Promise<GetClaimsRes> {
-    try {
-      const { accessToken } = await this.getAccessToken()
-      const parsedToken = weAppJwtDecodeAll(accessToken)
-      return { data: parsedToken, error: null }
-    } catch (error) {
-      return { data: {}, error: new AuthError(error) }
-    }
+    return this.createLoginState(undefined, { asyncRefreshUser: true })
   }
 
   /**
-   * https://supabase.com/docs/reference/javascript/auth-resetpasswordforemail
-   * 通过 email 或手机号重置密码
-   * @param emailOrPhone 邮箱或手机号
-   * @returns Promise<ResetPasswordForEmailRes>
+   * 小程序绑定OpenID
+   * @returns {Promise<LoginState>}
+   * @memberof Auth
    */
-  async resetPasswordForEmail(
-    emailOrPhone: string,
-    options?: { redirectTo?: string },
-  ): Promise<ResetPasswordForEmailRes> {
-    try {
-      // 参数校验：emailOrPhone必填
-      this.validateParams(
-        { emailOrPhone },
-        {
-          emailOrPhone: { required: true, message: 'Email or phone is required' },
-        },
-      )
+  @catchErrorsDecorator({
+    title: '小程序绑定OpenID失败',
+    messages: [
+      '请确认以下各项：',
+      '  1 - 当前环境是否开启了小程序openId静默登录',
+      '  2 - 调用 auth().bindOpenId() 的语法或参数是否正确',
+      `如果问题依然存在，建议到官方问答社区提问或寻找帮助：${COMMUNITY_SITE_URL}`,
+    ],
+  })
+  public async bindOpenId(): Promise<void> {
+    if (!adapterForWxMp.isMatch()) {
+      throw Error('wx api undefined')
+    }
+    const wxInfo = wx.getAccountInfoSync().miniProgram
 
-      const { redirectTo } = options || {}
+    const mainFunc = async (code) => {
+      let result: authModels.GrantProviderTokenResponse | undefined = undefined
 
-      // 判断是邮箱还是手机号
-      const isEmail = emailOrPhone.includes('@')
-      let verificationParams: { email?: string; phone_number?: string }
+      try {
+        result = await this.oauthInstance.authApi.grantProviderToken({
+          provider_id: wxInfo?.appId,
+          provider_code: code,
+          provider_params: {
+            provider_code_type: 'open_id',
+            appid: wxInfo?.appId,
+          },
+        })
 
-      if (isEmail) {
-        verificationParams = { email: emailOrPhone }
-      } else {
-        // 正规化手机号
-        const formattedPhone = this.formatPhone(emailOrPhone)
-        verificationParams = { phone_number: formattedPhone }
+        if ((result as any)?.error_code || !result.provider_token) {
+          throw result
+        }
+
+        await this.oauthInstance.authApi.bindWithProvider({ provider_token: result.provider_token })
+      } catch (error) {
+        throw error
       }
+    }
 
-      // 第一步：发送验证码并存储 verificationInfo
-      const verificationInfo = await this.getVerification(verificationParams)
+    await new Promise((resolve, reject) => {
+      wx.login({
+        success: async (res: { code: string }) => {
+          try {
+            await mainFunc(res.code)
+            resolve(true)
+          } catch (error) {
+            reject(error)
+          }
+        },
+        fail: (res: any) => {
+          const error = new Error(res?.errMsg)
+          ;(error as any).code = res?.errno
+          reject(error)
+        },
+      })
+    })
 
-      return {
-        data: {
-          // 第二步：等待用户输入验证码（通过 Promise 包装用户输入事件）
-          updateUser: async (attributes: UpdateUserAttributes): Promise<SignInRes> => {
-            this.validateParams(attributes, {
-              nonce: { required: true, message: 'Nonce is required' },
-              password: { required: true, message: 'Password is required' },
-            })
+    return
+  }
+
+  /**
+   * 小程序unionId静默登录
+   * @returns {Promise<LoginState>}
+   * @memberof Auth
+   */
+  @catchErrorsDecorator({
+    title: '小程序unionId静默登录失败',
+    messages: [
+      '请确认以下各项：',
+      '  1 - 当前环境是否开启了小程序unionId静默登录',
+      '  2 - 调用 auth().signInWithUnionId() 的语法或参数是否正确',
+      `如果问题依然存在，建议到官方问答社区提问或寻找帮助：${COMMUNITY_SITE_URL}`,
+    ],
+  })
+  public async signInWithUnionId(): Promise<LoginState> {
+    if (!adapterForWxMp.isMatch()) {
+      throw Error('wx api undefined')
+    }
+    try {
+      await new Promise((resolve, reject) => {
+        const wxInfo = wx.getAccountInfoSync().miniProgram
+        wx.login({
+          success: async (res: { code: string }) => {
+            const providerId = wxInfo?.appId
             try {
-              // 第三步：待用户输入完验证码之后，验证验证码
-              const verificationTokenRes = await this.verify({
-                verification_id: verificationInfo.verification_id,
-                verification_code: attributes.nonce,
+              const result = await this.oauthInstance.authApi.grantProviderToken({
+                provider_code: res.code,
+                provider_id: providerId,
+                provider_params: {
+                  provider_code_type: 'union_id',
+                  appid: wxInfo?.appId,
+                },
               })
 
-              await this.oauthInstance.authApi.resetPassword({
-                email: isEmail ? emailOrPhone : undefined,
-                phone_number: !isEmail ? emailOrPhone : undefined,
-                new_password: attributes.password,
-                verification_token: verificationTokenRes.verification_token,
-              })
+              const { provider_token: providerToken } = result
 
-              this.config.eventBus?.fire(EVENTS.AUTH_STATE_CHANGED, {
-                event: AUTH_STATE_CHANGED_TYPE.PASSWORD_RECOVERY,
-              })
+              if (!providerToken) {
+                reject(result)
+                return
+              }
 
-              const res = await this.signInWithPassword({
-                email: isEmail ? emailOrPhone : undefined,
-                phone: !isEmail ? emailOrPhone : undefined,
-                password: attributes.password,
+              const signInRes = await this.oauthInstance.authApi.signInWithProvider({
+                provider_id: providerId,
+                provider_token: providerToken,
               })
 
-              if (redirectTo && isBrowser()) {
-                window.location.assign(redirectTo)
+              if ((signInRes as any)?.error_code) {
+                reject(signInRes)
+                return
               }
-
-              return res
+              resolve(true)
             } catch (error) {
-              return { data: {}, error: new AuthError(error) }
+              reject(error)
             }
           },
-        },
-        error: null,
-      }
+          fail: (res: any) => {
+            const error = new Error(res?.errMsg)
+            ;(error as any).code = res?.errno
+            reject(error)
+          },
+        })
+      })
     } catch (error) {
-      return { data: {}, error: new AuthError(error) }
+      throw error
     }
+
+    return this.createLoginState()
   }
 
   /**
-   * 通过旧密码重置密码
-   * @param new_password
-   * @param old_password
-   * @returns
+   * 小程序短信验证码登陆
+   * @returns {Promise<LoginState>}
+   * @memberof Auth
    */
-  async resetPasswordForOld(params: ResetPasswordForOldReq) {
+  @catchErrorsDecorator({
+    title: '短信验证码登陆',
+    messages: [
+      '请确认以下各项：',
+      '  1 - 当前环境是否开启了小程序短信验证码登陆',
+      '  2 - 调用 auth().signInWithSms() 的语法或参数是否正确',
+      `如果问题依然存在，建议到官方问答社区提问或寻找帮助：${COMMUNITY_SITE_URL}`,
+    ],
+  })
+  public async signInWithSms({
+    verificationInfo = { verification_id: '', is_user: false },
+    verificationCode = '',
+    phoneNum = '',
+    bindInfo = undefined,
+  }): Promise<LoginState> {
     try {
-      await this.oauthInstance.authApi.updatePasswordByOld({
-        old_password: params.old_password,
-        new_password: params.new_password,
+      return this.signInWithUsername({
+        verificationInfo,
+        verificationCode,
+        bindInfo,
+        username: phoneNum,
+        loginType: 'sms',
       })
-
-      const { data: { session } = {} } = await this.getSession()
-
-      return { data: { user: session.user, session }, error: null }
     } catch (error) {
-      return { data: {}, error: new AuthError(error) }
+      throw error
     }
   }
 
   /**
-   * https://supabase.com/docs/reference/javascript/auth-verifyotp
-   * Log in a user given a User supplied OTP and verificationId received through mobile or email.
-   * @param params
-   * @returns Promise<SignInRes>
+   * 邮箱验证码登陆
+   * @returns {Promise<LoginState>}
+   * @memberof Auth
    */
-  async verifyOtp(params: VerifyOtpReq): Promise<SignInRes> {
+  @catchErrorsDecorator({
+    title: '邮箱验证码登陆',
+    messages: [
+      '请确认以下各项：',
+      '  1 - 当前环境是否开启了邮箱登陆',
+      '  2 - 调用 auth().signInWithEmail() 的语法或参数是否正确',
+      `如果问题依然存在，建议到官方问答社区提问或寻找帮助：${COMMUNITY_SITE_URL}`,
+    ],
+  })
+  public async signInWithEmail({
+    verificationInfo = { verification_id: '', is_user: false },
+    verificationCode = '',
+    bindInfo = undefined,
+    email = '',
+  }): Promise<LoginState> {
     try {
-      const { type } = params
-      // 参数校验：token和verificationInfo必填
-      this.validateParams(params, {
-        token: { required: true, message: 'Token is required' },
-        messageId: { required: true, message: 'messageId is required' },
+      return this.signInWithUsername({
+        verificationInfo,
+        verificationCode,
+        bindInfo,
+        username: email,
+        loginType: 'email',
       })
-
-      if (['phone_change', 'email_change'].includes(type)) {
-        await this.verify({
-          verification_id: params.messageId,
-          verification_code: params.token,
-        })
-      } else {
-        await this.signInWithUsername({
-          verificationInfo: { verification_id: params.messageId, is_user: true },
-          verificationCode: params.token,
-          username: params.email || this.formatPhone(params.phone) || '',
-          loginType: params.email ? 'email' : 'phone',
-        })
-      }
-
-      const { data: { session } = {} } = await this.getSession()
-
-      return { data: { user: session.user, session }, error: null }
     } catch (error) {
-      return { data: {}, error: new AuthError(error) }
+      throw error
     }
   }
 
   /**
-   * https://supabase.com/docs/reference/javascript/auth-getSession
-   * Returns the session, refreshing it if necessary.
-   * @returns Promise<SignInRes>
+   * 设置获取自定义登录 ticket 函数
+   * @param {authModels.GetCustomSignTicketFn} getTickFn
+   * @memberof Auth
    */
-  async getSession(): Promise<SignInRes> {
-    try {
-      const credentials: Credentials = await this.oauthInstance.oauth2client.getCredentials()
+  public setCustomSignFunc(getTickFn: authModels.GetCustomSignTicketFn): void {
+    this.oauthInstance.authApi.setCustomSignFunc(getTickFn)
+  }
 
-      if (!credentials || credentials.scope === 'accessKey') {
-        return { data: { session: null }, error: null }
-      }
+  /**
+   *
+   * @returns {Promise<LoginState>}
+   * @memberof Auth
+   */
+  // @catchErrorsDecorator({
+  //   title: '自定义登录失败',
+  //   messages: [
+  //     '请确认以下各项：',
+  //     '  1 - 当前环境是否开启了自定义登录',
+  //     '  2 - 调用 auth().signInWithCustomTicket() 的语法或参数是否正确',
+  //     '  3 - ticket 是否归属于当前环境',
+  //     '  4 - 创建 ticket 的自定义登录私钥是否过期',
+  //     `如果问题依然存在，建议到官方问答社区提问或寻找帮助：${COMMUNITY_SITE_URL}`,
+  //   ],
+  // })
+  // public async signInWithCustomTicket(): Promise<LoginState> {
+  //   await this.oauthInstance.authApi.signInWithCustomTicket()
+  //   return this.createLoginState()
+  // }
 
-      const { data: { user } = {} } = await this.getUser()
+  /**
+   *
+   * @param {authModels.SignInRequest} params
+   * @returns {Promise<LoginState>}
+   * @memberof Auth
+   */
+  public async signIn(params: authModels.SignInRequest): Promise<LoginState> {
+    await this.oauthInstance.authApi.signIn(params)
+    return this.createLoginState(params)
+  }
 
-      return { data: { session: { ...credentials, user }, user }, error: null }
-    } catch (error) {
-      return { data: {}, error: new AuthError(error) }
+  // /**
+  //  *
+  //  * @param {authModels.SignUpRequest} params
+  //  * @returns {Promise<LoginState>}
+  //  * @memberof Auth
+  //  */
+  // @catchErrorsDecorator({
+  //   title: '注册失败',
+  //   messages: [
+  //     '请确认以下各项：',
+  //     '  1 - 当前环境是否开启了指定登录方式',
+  //     '  2 - 调用 auth().signUp() 的语法或参数是否正确',
+  //     `如果问题依然存在，建议到官方问答社区提问或寻找帮助：${COMMUNITY_SITE_URL}`,
+  //   ],
+  // })
+  // public async signUp(params: authModels.SignUpRequest): Promise<any> {
+  //   await this.oauthInstance.authApi.signUp(params)
+  //   return this.createLoginState()
+  // }
+
+  /**
+   * 设置密码
+   * @param {authModels.SetPasswordRequest} params
+   * @returns {Promise<void>}
+   * @memberof Auth
+   */
+  public async setPassword(params: authModels.SetPasswordRequest): Promise<void> {
+    return this.oauthInstance.authApi.setPassword(params)
+  }
+
+  /**
+   * 检测用户名是否已经占用
+   * @param username
+   */
+  @catchErrorsDecorator({
+    title: '获取用户是否被占用失败',
+    messages: [
+      '请确认以下各项：',
+      '  1 - 调用 auth().isUsernameRegistered() 的语法或参数是否正确',
+      `如果问题依然存在，建议到官方问答社区提问或寻找帮助：${COMMUNITY_SITE_URL}`,
+    ],
+  })
+  public async isUsernameRegistered(username: string): Promise<boolean> {
+    if (typeof username !== 'string') {
+      throwError(ERRORS.INVALID_PARAMS, 'username must be a string')
     }
+
+    const { exist } = await this.oauthInstance.authApi.checkIfUserExist({ username })
+    return exist
   }
 
   /**
-   * https://supabase.com/docs/reference/javascript/auth-refreshsession
-   * 无论过期状态如何，都返回一个新的会话
-   * @param refresh_token
-   * @returns Promise<SignInRes>
+   * 获取本地登录态-同步
    */
-  async refreshSession(refresh_token?: string): Promise<SignInRes> {
-    try {
-      const credentials: Credentials = await this.oauthInstance.oauth2client.localCredentials.getCredentials()
-      credentials.refresh_token = refresh_token || credentials.refresh_token
-      const newTokens = await this.oauthInstance.oauth2client.refreshToken(credentials)
-      const { data: { user } = {} } = await this.getUser()
+  public hasLoginState(): LoginState | null {
+    if (this.cache.mode === 'async') {
+      // async storage的平台调用此API提示
+      printWarn(
+        ERRORS.INVALID_OPERATION,
+        'current platform\'s storage is asynchronous, please use getLoginState instead',
+      )
+      return
+    }
 
-      return { data: { user, session: { ...newTokens, user } }, error: null }
-    } catch (error) {
-      return { data: {}, error: new AuthError(error) }
+    const oauthLoginState = this.oauthInstance?.authApi.hasLoginStateSync()
+    if (oauthLoginState) {
+      const loginState = new LoginState({
+        envId: this.config.env,
+        cache: this.cache,
+        oauthInstance: this.oauthInstance,
+      })
+      return loginState
     }
+    return null
   }
 
   /**
-   * https://supabase.com/docs/reference/javascript/auth-getuser
-   * 如果存在现有会话，则获取当前用户详细信息
-   * @returns Promise<GetUserRes>
+   * 获取本地登录态-异步
+   * 此API为兼容异步storage的平台
    */
-  async getUser(): Promise<GetUserRes> {
+  @catchErrorsDecorator({
+    title: '获取本地登录态失败',
+    messages: [
+      '请确认以下各项：',
+      '  1 - 调用 auth().getLoginState() 的语法或参数是否正确',
+      `如果问题依然存在，建议到官方问答社区提问或寻找帮助：${COMMUNITY_SITE_URL}`,
+    ],
+  })
+  public async getLoginState() {
+    let oauthLoginState = null
+
     try {
-      const user = this.convertToUser(await this.getUserInfo())
-      return { data: { user }, error: null }
+      oauthLoginState = await this.oauthInstance.authApi.getLoginState()
     } catch (error) {
-      return { data: {}, error: new AuthError(error) }
+      return null
     }
-  }
-
-  /**
-   * 刷新用户信息
-   * @returns Promise<CommonRes>
-   */
-  async refreshUser(): Promise<CommonRes> {
-    try {
-      await this.currentUser.refresh()
 
-      const { data: { session } = {} } = await this.getSession()
-      return { data: { user: session.user, session }, error: null }
-    } catch (error) {
-      return { data: {}, error: new AuthError(error) }
+    if (oauthLoginState) {
+      const loginState = new LoginState({
+        envId: this.config.env,
+        cache: this.cache,
+        oauthInstance: this.oauthInstance,
+      })
+      return loginState
     }
+
+    return null
   }
 
   /**
-   * https://supabase.com/docs/reference/javascript/auth-updateuser
-   * 更新用户信息
-   * @param params
-   * @returns Promise<GetUserRes | UpdateUserWithVerificationRes>
+   * @deprecated 使用 getCurrentUser 代替，因为与node-sdk方法名冲突
+   * @returns
    */
-  async updateUser(params: UpdateUserReq): Promise<GetUserRes | UpdateUserWithVerificationRes> {
-    try {
-      // 参数校验：至少有一个更新字段被提供
-      const hasValue = Object.keys(params).some(key => params[key] !== undefined && params[key] !== null && params[key] !== '',)
-      if (!hasValue) {
-        throw new AuthError({ message: 'At least one field must be provided for update' })
-      }
-
-      const { email, phone, ...restParams } = params
-
-      // 检查是否需要更新 email 或 phone
-      const needsEmailVerification = email !== undefined
-      const needsPhoneVerification = phone !== undefined
-
-      let extraRes = {}
-
-      if (needsEmailVerification || needsPhoneVerification) {
-        // 需要发送验证码
-        let verificationParams: { email?: string; phone_number?: string }
-        let verificationType: 'email_change' | 'phone_change'
-
-        if (needsEmailVerification) {
-          verificationParams = { email: params.email }
-          verificationType = 'email_change'
-        } else {
-          // 正规化手机号
-          const formattedPhone = this.formatPhone(params.phone)
-          verificationParams = { phone_number: formattedPhone }
-          verificationType = 'phone_change'
-        }
-
-        // 发送验证码
-        const verificationInfo = await this.getVerification(verificationParams)
-
-        Object.keys(restParams).length > 0 && (await this.updateUserBasicInfo(restParams))
-
-        extraRes = {
-          messageId: verificationInfo.verification_id,
-          verifyOtp: async (verifyParams: { email?: string; phone?: string; token: string }): Promise<GetUserRes> => {
-            try {
-              if (verifyParams.email && params.email === verifyParams.email) {
-                // 验证码验证
-                await this.verifyOtp({
-                  type: 'email_change',
-                  email: params.email,
-                  token: verifyParams.token,
-                  messageId: verificationInfo.verification_id,
-                })
-                await this.updateUserBasicInfo({ email: params.email })
-              } else if (verifyParams.phone && params.phone === verifyParams.phone) {
-                // 验证码验证
-                await this.verifyOtp({
-                  type: 'phone_change',
-                  phone: params.phone,
-                  token: verifyParams.token,
-                  messageId: verificationInfo.verification_id,
-                })
-                await this.updateUserBasicInfo({ phone: this.formatPhone(params.phone) })
-              } else {
-                await this.verifyOtp({
-                  type: verificationType,
-                  email: needsEmailVerification ? params.email : undefined,
-                  phone: !needsEmailVerification ? params.phone : undefined,
-                  token: verifyParams.token,
-                  messageId: verificationInfo.verification_id,
-                })
-                // 验证成功后更新用户信息
-                await this.updateUserBasicInfo(params)
-              }
-
-              const {
-                data: { user },
-              } = await this.getUser()
-              this.config.eventBus?.fire(EVENTS.AUTH_STATE_CHANGED, { event: AUTH_STATE_CHANGED_TYPE.USER_UPDATED })
+  @catchErrorsDecorator({
+    title: '获取用户信息失败',
+    messages: [
+      '请确认以下各项：',
+      '  1 - 是否已登录',
+      '  2 - 调用 auth().getUserInfo() 的语法或参数是否正确',
+      `如果问题依然存在，建议到官方问答社区提问或寻找帮助：${COMMUNITY_SITE_URL}`,
+    ],
+  })
+  public async getUserInfo(): Promise<(authModels.UserInfo & Partial<User>) | null> {
+    return this.getCurrentUser()
+  }
 
-              return { data: { user }, error: null }
-            } catch (error) {
-              return { data: {}, error: new AuthError(error) }
-            }
-          },
-        }
-      } else {
-        // 不需要验证，直接更新
-        await this.updateUserBasicInfo(params)
-      }
-      const {
-        data: { user },
-      } = await this.getUser()
-      this.config.eventBus?.fire(EVENTS.AUTH_STATE_CHANGED, { event: AUTH_STATE_CHANGED_TYPE.USER_UPDATED })
+  @catchErrorsDecorator({
+    title: '获取微搭插件用户信息失败',
+    messages: [
+      '请确认以下各项：',
+      '  1 - 是否已登录',
+      '  2 - 调用 auth().getWedaUserInfo() 的语法或参数是否正确',
+      `如果问题依然存在，建议到官方问答社区提问或寻找帮助：${COMMUNITY_SITE_URL}`,
+    ],
+  })
+  public async getWedaUserInfo(): Promise<any> {
+    return this.oauthInstance.authApi.getWedaUserInfo()
+  }
 
-      return { data: { user, ...extraRes }, error: null }
-    } catch (error) {
-      return { data: {}, error: new AuthError(error) }
+  public async updateUserBasicInfo(params: authModels.ModifyUserBasicInfoRequest) {
+    const loginState = await this.getLoginState()
+    if (loginState) {
+      await (loginState.user as User).updateUserBasicInfo(params)
     }
+    return
   }
 
   /**
-   * https://supabase.com/docs/reference/javascript/auth-getuseridentities
-   * 获取所有身份源
-   * @returns Promise<GetUserIdentitiesRes>
+   * getAuthHeader 兼容处理
+   * 返回空对象
    */
-  async getUserIdentities(): Promise<GetUserIdentitiesRes> {
-    try {
-      const providers = await this.oauthInstance.authApi.getProviders()
-
-      return { data: { identities: providers?.data?.filter(v => !!v.bind) as unknown as GetUserIdentitiesRes['data']['identities'] }, error: null }
-    } catch (error) {
-      return { data: {}, error: new AuthError(error) }
-    }
+  public getAuthHeader(): {} {
+    console.error('Auth.getAuthHeader API 已废弃')
+    return {}
   }
 
   /**
-   * https://supabase.com/docs/reference/javascript/auth-linkidentity
-   * 绑定身份源到当前用户
-   * @param params
-   * @returns Promise<LinkIdentityRes>
+   * 为已有账户绑第三方账户
+   * @param {authModels.BindWithProviderRequest} params
+   * @returns {Promise<void>}
+   * @memberof Auth
    */
-  async linkIdentity(params: LinkIdentityReq): Promise<LinkIdentityRes> {
-    try {
-      // 参数校验：provider必填
-      this.validateParams(params, {
-        provider: { required: true, message: 'Provider is required' },
-      })
-
-      await this.signInWithOAuth({
-        provider: params.provider,
-        options: {
-          type: OAUTH_TYPE.BIND_IDENTITY,
-        },
-      })
-
-      return { data: { provider: params.provider }, error: null }
-    } catch (error) {
-      return { data: {}, error: new AuthError(error) }
-    }
+  @catchErrorsDecorator({
+    title: '绑定第三方登录方式失败',
+    messages: [
+      '请确认以下各项：',
+      '  1 - 调用 auth().bindWithProvider() 的语法或参数是否正确',
+      '  2 - 此账户是否已经绑定此第三方',
+      `如果问题依然存在，建议到官方问答社区提问或寻找帮助：${COMMUNITY_SITE_URL}`,
+    ],
+  })
+  public async bindWithProvider(params: authModels.BindWithProviderRequest): Promise<void> {
+    return this.oauthInstance.authApi.bindWithProvider(params)
   }
 
   /**
-   * https://supabase.com/docs/reference/javascript/auth-unlinkidentity
-   * 解绑身份源
-   * @param params
-   * @returns Promise<CommonRes>
+   * 查询用户
+   * @param {authModels.QueryUserProfileRequest} appended_params
+   * @returns {Promise<authModels.UserProfile>}
+   * @memberof Auth
    */
-  async unlinkIdentity(params: UnlinkIdentityReq): Promise<CommonRes> {
-    try {
-      // 参数校验：provider必填
-      this.validateParams(params, {
-        provider: { required: true, message: 'Provider is required' },
-      })
-
-      await this.oauthInstance.authApi.unbindProvider({ provider_id: params.provider })
+  public async queryUser(queryObj: authModels.QueryUserProfileRequest): Promise<authModels.QueryUserProfileResponse> {
+    return this.oauthInstance.authApi.queryUserProfile(queryObj)
+  }
 
-      return { data: {}, error: null }
-    } catch (error) {
-      return { data: {}, error: new AuthError(error) }
+  public async getAccessToken() {
+    const oauthAccessTokenRes = await this.oauthInstance.oauth2client.getAccessToken()
+    return {
+      accessToken: oauthAccessTokenRes,
+      env: this.config.env,
     }
   }
 
-  /**
-   * https://supabase.com/docs/reference/javascript/auth-reauthentication
-   * 重新认证
-   * @returns Promise<ReauthenticateRes>
-   */
-  async reauthenticate(): Promise<ReauthenticateRes> {
-    try {
-      const {
-        data: { user },
-      } = await this.getUser()
-
-      this.validateAtLeastOne(user, [['email', 'phone']], 'You must provide either an email or phone number')
-      const userInfo = user.email ? { email: user.email } : { phone_number: this.formatPhone(user.phone) }
-
-      // 第一步：发送验证码并存储 verificationInfo
-      const verificationInfo = await this.getVerification(userInfo)
-
-      return {
-        data: {
-          // 第二步：等待用户输入验证码（通过 Promise 包装用户输入事件）
-          updateUser: async (attributes: UpdateUserAttributes): Promise<SignInRes> => {
-            this.validateParams(attributes, {
-              nonce: { required: true, message: 'Nonce is required' },
-            })
-            try {
-              if (attributes.password) {
-                // 第三步：待用户输入完验证码之后，验证验证码
-                const verificationTokenRes = await this.verify({
-                  verification_id: verificationInfo.verification_id,
-                  verification_code: attributes.nonce,
-                })
-
-                // 第四步：获取 sudo_token
-                const sudoRes = await this.oauthInstance.authApi.sudo({
-                  verification_token: verificationTokenRes.verification_token,
-                })
-
-                await this.oauthInstance.authApi.setPassword({
-                  new_password: attributes.password,
-                  sudo_token: sudoRes.sudo_token,
-                })
-              } else {
-                await this.signInWithUsername({
-                  verificationInfo,
-                  verificationCode: attributes.nonce,
-                  ...userInfo,
-                  loginType: userInfo.email ? 'email' : 'phone',
-                })
-              }
+  public async grantProviderToken(params: authModels.GrantProviderTokenRequest,): Promise<authModels.GrantProviderTokenResponse> {
+    return this.oauthInstance.authApi.grantProviderToken(params)
+  }
 
-              const { data: { session } = {} } = await this.getSession()
+  public async patchProviderToken(params: authModels.PatchProviderTokenRequest,): Promise<authModels.PatchProviderTokenResponse> {
+    return this.oauthInstance.authApi.patchProviderToken(params)
+  }
 
-              return { data: { user: session.user, session }, error: null }
-            } catch (error) {
-              return { data: {}, error: new AuthError(error) }
-            }
-          },
-        },
-        error: null,
-      }
-    } catch (error) {
-      return { data: {}, error: new AuthError(error) }
-    }
+  public async signInWithProvider(params: authModels.SignInWithProviderRequest): Promise<LoginState> {
+    await this.oauthInstance.authApi.signInWithProvider(params)
+    return this.createLoginState(params)
   }
 
-  /**
-   * https://supabase.com/docs/reference/javascript/auth-resend
-   * 重新发送验证码
-   * @param params
-   * @returns Promise<ResendRes>
-   */
-  async resend(params: ResendReq): Promise<ResendRes> {
-    try {
-      // 参数校验：email或phone必填其一
-      this.validateAtLeastOne(params, [['email'], ['phone']], 'You must provide either an email or phone number')
+  public async signInWithWechat(params: any = {}) {
+    await this.oauthInstance.authApi.signInWithWechat(params)
+    return this.createLoginState(params)
+  }
 
-      const target = params.type === 'signup' ? 'ANY' : 'USER'
-      const data: { email?: string; phone_number?: string; target: 'USER' | 'ANY' } = { target }
-      if ('email' in params) {
-        data.email = params.email
-      }
+  public async grantToken(params: authModels.GrantTokenRequest): Promise<LoginState> {
+    await this.oauthInstance.authApi.grantToken(params)
+    return this.createLoginState()
+  }
 
-      if ('phone' in params) {
-        data.phone_number = this.formatPhone(params.phone)
-      }
+  public async genProviderRedirectUri(params: authModels.GenProviderRedirectUriRequest,): Promise<authModels.GenProviderRedirectUriResponse> {
+    return this.oauthInstance.authApi.genProviderRedirectUri(params)
+  }
 
-      // 重新发送验证码
-      const { verification_id: verificationId } = await this.oauthInstance.authApi.getVerification(data)
+  public async resetPassword(params: authModels.ResetPasswordRequest): Promise<void> {
+    return this.oauthInstance.authApi.resetPassword(params)
+  }
 
-      return {
-        data: { messageId: verificationId },
-        error: null,
-      }
-    } catch (error: any) {
-      return {
-        data: {},
-        error: new AuthError(error),
-      }
-    }
+  public async deviceAuthorize(params: authModels.DeviceAuthorizeRequest): Promise<authModels.DeviceAuthorizeResponse> {
+    return this.oauthInstance.authApi.deviceAuthorize(params)
   }
 
-  /**
-   * https://supabase.com/docs/reference/javascript/auth-setsession
-   * 使用access_token和refresh_token来设置会话
-   * @param params
-   * @returns Promise<SignInRes>
-   */
-  async setSession(params: SetSessionReq): Promise<SignInRes> {
-    try {
-      this.validateParams(params, {
-        access_token: { required: true, message: 'Access token is required' },
-        refresh_token: { required: true, message: 'Refresh token is required' },
-      })
+  public async sudo(params: authModels.SudoRequest): Promise<authModels.SudoResponse> {
+    return this.oauthInstance.authApi.sudo(params)
+  }
 
-      await this.oauthInstance.oauth2client.refreshToken(params, { throwError: true })
+  public async deleteMe(params: authModels.WithSudoRequest): Promise<authModels.UserProfile> {
+    return this.oauthInstance.authApi.deleteMe(params)
+  }
 
-      const { data: { session } = {} } = await this.getSession()
+  public async getProviders(): Promise<authModels.ProvidersResponse> {
+    return this.oauthInstance.authApi.getProviders()
+  }
 
-      this.config.eventBus?.fire(EVENTS.AUTH_STATE_CHANGED, { event: AUTH_STATE_CHANGED_TYPE.SIGNED_IN })
+  public async loginScope(): Promise<string> {
+    return this.oauthInstance.authApi.loginScope()
+  }
 
-      return { data: { user: session.user, session }, error: null }
-    } catch (error) {
-      return { data: {}, error: new AuthError(error) }
-    }
+  public async loginGroups(): Promise<string[]> {
+    return this.oauthInstance.authApi.loginGroups()
   }
 
-  // https://supabase.com/docs/reference/javascript/auth-exchangecodeforsession
-  async exchangeCodeForSession() {
-    //
+  public async onLoginStateChanged(callback: Function) {
+    this.config.eventBus?.on(EVENTS.LOGIN_STATE_CHANGED, async (params) => {
+      // getLoginState会重复触发getCredentials，导致死循环，所以getCredentials出错不再出发getLoginState
+      const loginState = params?.data?.eventType !== LOGIN_STATE_CHANGED_TYPE.CREDENTIALS_ERROR ? await this.getLoginState() : {}
+      callback.call(this, { ...params, ...loginState })
+    })
+    // 立刻执行一次回调
+    const loginState = await this.getLoginState()
+    callback.call(this, loginState)
   }
 
   /**
-   * 删除当前用户
+   * 强制刷新token
    * @param params
    * @returns
    */
-  async deleteUser(params: DeleteMeReq): Promise<CommonRes> {
-    try {
-      this.validateParams(params, {
-        password: { required: true, message: 'Password is required' },
-      })
-
-      const { sudo_token } = await this.oauthInstance.authApi.sudo(params)
-
-      await this.oauthInstance.authApi.deleteMe({ sudo_token })
-
-      return { data: {}, error: null }
-    } catch (error) {
-      return { data: {}, error: new AuthError(error) }
-    }
+  public async refreshTokenForce(params: { version?: string }): Promise<Credentials> {
+    return this.oauthInstance.authApi.refreshTokenForce(params)
   }
 
   /**
-   * 跳转系统默认登录页
-   * @returns {Promise<authModels.ToDefaultLoginPage>}
-   * @memberof Auth
+   * 获取身份信息
+   * @returns
    */
-  async toDefaultLoginPage(params: authModels.ToDefaultLoginPage = {}): Promise<CommonRes> {
-    try {
-      const configVersion = params.config_version || 'env'
-      const query = Object.keys(params.query || {})
-        .map(key => `${key}=${params.query[key]}`)
-        .join('&')
+  public async getCredentials(): Promise<Credentials> {
+    return this.oauthInstance.authApi.getCredentials()
+  }
+  /**
+   * 写入身份信息
+   */
+  public async setCredentials(credentials: Credentials) {
+    await this.oauthInstance.oauth2client.setCredentials(credentials)
+  }
 
-      if (adapterForWxMp.isMatch()) {
-        wx.navigateTo({ url: `/packages/$wd_system/pages/login/index${query ? `?${query}` : ''}` })
-      } else {
-        const redirectUri = params.redirect_uri || window.location.href
-        const urlObj = new URL(redirectUri)
-        const loginPage = `${urlObj.origin}/__auth/?app_id=${params.app_id || ''}&env_id=${this.config.env}&client_id=${
-          this.config.clientId || this.config.env
-        }&config_version=${configVersion}&redirect_uri=${encodeURIComponent(redirectUri)}${query ? `&${query}` : ''}`
-        window.location.href = loginPage
-      }
-      return { data: {}, error: null }
-    } catch (error) {
-      return { data: {}, error: new AuthError(error) }
-    }
+  @catchErrorsDecorator({
+    title: '获取身份源类型',
+    messages: [
+      '请确认以下各项：',
+      '  1 - 调用 auth().getProviderSubType() 的语法或参数是否正确',
+      `如果问题依然存在，建议到官方问答社区提问或寻找帮助：${COMMUNITY_SITE_URL}`,
+    ],
+  })
+  public async getProviderSubType(): Promise<authModels.ProviderSubType> {
+    return this.oauthInstance.authApi.getProviderSubType()
+  }
+
+  public async createCaptchaData(params: { state: string; redirect_uri?: string }) {
+    return this.oauthInstance.authApi.createCaptchaData(params)
   }
 
-  /**
-   * 自定义登录
-   * @param getTickFn () => Promise<string>, 获取自定义登录 ticket 的函数
-   * @returns
-   */
-  async signInWithCustomTicket(getTickFn?: authModels.GetCustomSignTicketFn): Promise<SignInRes> {
-    if (getTickFn) {
-      this.setCustomSignFunc(getTickFn)
-    }
+  public async verifyCaptchaData(params: { token: string; key: string }) {
+    return this.oauthInstance.authApi.verifyCaptchaData(params)
+  }
 
-    try {
-      await this.oauthInstance.authApi.signInWithCustomTicket()
-      const loginState = await this.createLoginState()
+  public async getMiniProgramQrCode(params: authModels.GetMiniProgramQrCodeRequest,): Promise<authModels.GetMiniProgramQrCodeResponse> {
+    return this.oauthInstance.authApi.getMiniProgramCode(params)
+  }
 
-      const { data: { session } = {} } = await this.getSession()
+  public async getMiniProgramQrCodeStatus(params: authModels.GetMiniProgramQrCodeStatusRequest,): Promise<authModels.GetMiniProgramQrCodeStatusResponse> {
+    return this.oauthInstance.authApi.getMiniProgramQrCodeStatus(params)
+  }
 
-      // loginState返回是为了兼容v2版本
-      return { ...(loginState as any), data: { user: session.user, session }, error: null }
-    } catch (error) {
-      return { data: {}, error: new AuthError(error) }
-    }
+  public async modifyPassword(params: authModels.ModifyUserBasicInfoRequest): Promise<void> {
+    return this.oauthInstance.authApi.modifyPassword(params)
+  }
+
+  public async modifyPasswordWithoutLogin(params: authModels.ModifyPasswordWithoutLoginRequest): Promise<void> {
+    return this.oauthInstance.authApi.modifyPasswordWithoutLogin(params)
+  }
+
+  public async getUserBehaviorLog(params: authModels.GetUserBehaviorLog): Promise<authModels.GetUserBehaviorLogRes> {
+    return this.oauthInstance.authApi.getUserBehaviorLog(params)
   }
 
   /**
-   * 小程序openId静默登录
-   * @param params
-   * @returns Promise<SignInRes>
+   * sms/email 验证码登录/注册，逻辑一致收敛
    */
-  async signInWithOpenId({ useWxCloud = true } = {}): Promise<SignInRes> {
-    if (!adapterForWxMp.isMatch()) {
-      throw Error('wx api undefined')
-    }
-    const wxInfo = wx.getAccountInfoSync().miniProgram
-
-    const mainFunc = async (code) => {
-      let result: authModels.GrantProviderTokenResponse | undefined = undefined
-      let credentials: Credentials | undefined = undefined
+  public async signInWithUsername({
+    verificationInfo = { verification_id: '', is_user: false },
+    verificationCode = '',
+    username: rawUsername = '',
+    bindInfo = undefined,
+    loginType = '',
+  }: {
+    verificationInfo?: authModels.GetVerificationResponse
+    verificationCode?: string
+    username?: string
+    bindInfo?: any
+    loginType?: string
+  }): Promise<LoginState> {
+    try {
+      // 1. 验证验证码
+      const verifyRes = await this.oauthInstance.authApi.verify({
+        verification_id: verificationInfo.verification_id,
+        verification_code: verificationCode,
+      })
 
-      try {
-        result = await this.oauthInstance.authApi.grantProviderToken(
-          {
-            provider_id: wxInfo?.appId,
-            provider_code: code,
-            provider_params: {
-              provider_code_type: 'open_id',
-              appid: wxInfo?.appId,
-            },
-          },
-          useWxCloud,
-        )
+      if ((verifyRes as any)?.error_code) {
+        throw verifyRes
+      }
 
-        if ((result as any)?.error_code || !result.provider_token) {
-          throw result
-        }
+      // eslint-disable-next-line @typescript-eslint/naming-convention
+      const { verification_token } = verifyRes
 
-        credentials = await this.oauthInstance.authApi.signInWithProvider(
-          { provider_token: result.provider_token },
-          useWxCloud,
-        )
+      // 手机登录参数
+      let username = this.formatPhone(rawUsername)
+      let signUpParam: any = { phone_number: username }
 
-        if ((credentials as any)?.error_code) {
-          throw credentials
-        }
-      } catch (error) {
-        throw error
+      // 邮箱登录参数
+      if (loginType === 'email') {
+        username = rawUsername
+        signUpParam = { email: username }
       }
-      await this.oauthInstance.oauth2client.setCredentials(credentials as Credentials)
-    }
 
-    try {
-      await new Promise((resolve, reject) => {
-        wx.login({
-          success: async (res: { code: string }) => {
-            try {
-              await mainFunc(res.code)
-              resolve(true)
-            } catch (error) {
-              reject(error)
-            }
-          },
-          fail: (res: any) => {
-            const error = new Error(res?.errMsg)
-            ;(error as any).code = res?.errno
-            reject(error)
-          },
+      // 2. 根据是否已经是用户，分别走登录或注册逻辑
+      if (verificationInfo.is_user) {
+        // 私有化环境或者自定义应用走v1版本的老逻辑
+        const signInRes = await this.oauthInstance.authApi.signIn({
+          username,
+          verification_token,
         })
-      })
 
-      const loginState = await this.createLoginState()
+        if ((signInRes as any)?.error_code) {
+          throw signInRes
+        }
 
-      const { data: { session } = {} } = await this.getSession()
+        if (bindInfo) {
+          const bindRes = await this.oauthInstance.authApi.bindWithProvider({
+            provider_token: (bindInfo as any)?.providerToken,
+          })
 
-      // loginState返回是为了兼容v2版本
-      return { ...(loginState as any), data: { user: session.user, session }, error: null }
+          if ((bindRes as any)?.error_code) {
+            throw bindRes
+          }
+        }
+      } else {
+        // 自定义应用走signUp逻辑
+        const signUpRes = await this.oauthInstance.authApi.signUp({
+          ...signUpParam,
+          verification_token,
+          provider_token: (bindInfo as any)?.providerId,
+        })
+
+        if ((signUpRes as any)?.error_code) {
+          throw signUpRes
+        }
+      }
+
+      return this.createLoginState()
     } catch (error) {
-      return { data: {}, error: new AuthError(error) }
+      throw error
     }
   }
 
-  /**
-   * 小程序手机号授权登录，目前只支持全托管手机号授权登录
-   * @param params
-   * @returns Promise<SignInRes>
-   */
-  async signInWithPhoneAuth({ phoneCode = '' }): Promise<SignInRes> {
-    if (!adapterForWxMp.isMatch()) {
-      return { data: {}, error: new AuthError({ message: 'wx api undefined' }) }
-    }
-    const wxInfo = wx.getAccountInfoSync().miniProgram
-    const providerInfo = {
-      provider_params: { provider_code_type: 'phone' },
-      provider_id: wxInfo.appId,
-    }
+  async createLoginState(
+    params?: { version?: string; query?: any },
+    options?: { asyncRefreshUser?: boolean; userInfo?: any },
+  ): Promise<LoginState> {
+    const loginState = new LoginState({
+      envId: this.config.env,
+      cache: this.cache,
+      oauthInstance: this.oauthInstance,
+    })
 
-    const { code } = await wx.login()
-    ;(providerInfo as any).provider_code = code
+    await loginState.checkLocalStateAsync()
 
-    try {
-      let providerToken = await this.oauthInstance.authApi.grantProviderToken(providerInfo)
-      if (providerToken.error_code) {
-        throw providerToken
+    if (options?.userInfo) {
+      loginState.user.setLocalUserInfo(options.userInfo)
+    } else {
+      if (options?.asyncRefreshUser) {
+        loginState.user.refresh(params)
+      } else {
+        await loginState.user.refresh(params)
       }
+    }
 
-      providerToken = await this.oauthInstance.authApi.patchProviderToken({
-        provider_token: providerToken.provider_token,
-        provider_id: wxInfo.appId,
-        provider_params: {
-          code: phoneCode,
-          provider_code_type: 'phone',
-        },
-      })
-      if (providerToken.error_code) {
-        throw providerToken
-      }
+    this.config.eventBus?.fire(EVENTS.LOGIN_STATE_CHANGED, { eventType: LOGIN_STATE_CHANGED_TYPE.SIGN_IN })
 
-      const signInRes = await this.oauthInstance.authApi.signInWithProvider({
-        provider_token: providerToken.provider_token,
-      })
+    this.config.eventBus?.fire(EVENTS.AUTH_STATE_CHANGED, { event: AUTH_STATE_CHANGED_TYPE.SIGNED_IN })
+    return loginState
+  }
 
-      if ((signInRes as any)?.error_code) {
-        throw signInRes
-      }
-    } catch (error) {
-      return { data: {}, error: new AuthError(error) }
+  async setAccessKey() {
+    let accessToken = ''
+    let scope = ''
+    if (this.config.accessKey) {
+      accessToken = this.config.accessKey
+      scope = 'accessKey'
+    } else if (this.config.auth?.secretId && this.config.auth?.secretKey) {
+      accessToken = ''
+      scope = DEFAULT_NODE_ACCESS_SCOPE
     }
 
-    const loginState = await this.createLoginState()
-
-    const { data: { session } = {} } = await this.getSession()
+    if (!scope) {
+      return
+    }
 
-    // loginState返回是为了兼容v2版本
-    return { ...(loginState as any), data: { user: session.user, session }, error: null }
+    try {
+      this.oauthInstance.oauth2client.setAccessKeyCredentials({
+        access_token: accessToken,
+        token_type: 'Bearer',
+        scope,
+        expires_at: new Date(+new Date() + +new Date()),
+        expires_in: +new Date() + +new Date(),
+      })
+    } catch (error) {
+      console.warn('accessKey error: ', error)
+    }
   }
 
-  private formatPhone(phone: string) {
+  protected formatPhone(phone: string) {
     if (!/\s+/.test(phone) && /^\+\d{1,3}\d+/.test(phone)) {
       return phone.replace(/^(\+\d{1,2})(\d+)$/, '$1 $2')
     }
@@ -2576,7 +2582,10 @@ class Auth {
   }
 }
 
-type TInitAuthOptions = Pick<ICloudbaseAuthConfig, 'region' | 'persistence' | 'i18n' | 'accessKey' | 'useWxCloud'> &
+type TInitAuthOptions = Pick<
+ICloudbaseAuthConfig,
+'region' | 'persistence' | 'i18n' | 'accessKey' | 'useWxCloud' | 'auth'
+> &
 Partial<AuthOptions> & {
   detectSessionInUrl?: boolean
 }
@@ -2629,6 +2638,7 @@ export function generateAuthInstance(
     headers: { 'X-SDK-Version': `@cloudbase/js-sdk/${config.sdkVersion}`, ...(config.headers || {}) },
     detectSessionInUrl: config.detectSessionInUrl,
     debug,
+    auth: options.app?.config?.auth,
   }),)
 
   const authInstance = new Auth({
@@ -2645,6 +2655,7 @@ export function generateAuthInstance(
     runtime: runtime || 'web',
     _fromApp: cloudbase,
     oauthInstance,
+    auth: options.app?.config?.auth,
   })
 
   // Initialize session with user info callback
@@ -2676,6 +2687,51 @@ export function generateAuthInstance(
 
 const NAMESPACE = 'auth'
 
+/**
+ * 计算两个字符串之间的编辑距离（Levenshtein distance）
+ * 用于在用户调用不存在的 Auth 方法时，推荐最相似的方法名
+ */
+function levenshteinDistance(a: string, b: string): number {
+  const matrix: number[][] = []
+  for (let i = 0; i <= a.length; i++) {
+    matrix[i] = [i]
+  }
+  for (let j = 0; j <= b.length; j++) {
+    matrix[0][j] = j
+  }
+  for (let i = 1; i <= a.length; i++) {
+    for (let j = 1; j <= b.length; j++) {
+      const cost = a[i - 1].toLowerCase() === b[j - 1].toLowerCase() ? 0 : 1
+      matrix[i][j] = Math.min(
+        matrix[i - 1][j] + 1,
+        matrix[i][j - 1] + 1,
+        matrix[i - 1][j - 1] + cost,
+      )
+    }
+  }
+  return matrix[a.length][b.length]
+}
+
+/**
+ * 在方法列表中查找与目标名称最相似的方法
+ * @returns 最相似的方法名，如果没有足够相似的则返回 null
+ */
+function findSimilarMethod(target: string, methods: string[]): string | null {
+  let bestMatch: string | null = null
+  let bestDistance = Infinity
+
+  for (const method of methods) {
+    // 跳过私有方法和构造函数
+    if (method.startsWith('_') || method === 'constructor') continue
+    const distance = levenshteinDistance(target, method)
+    if (distance < bestDistance) {
+      bestDistance = distance
+      bestMatch = method
+    }
+  }
+  return bestMatch
+}
+
 const component: ICloudbaseComponent = {
   name: COMPONENT_NAME,
   namespace: NAMESPACE,
@@ -2731,8 +2787,30 @@ const component: ICloudbaseComponent = {
     const authProto = auth.call(this, config)
     Object.assign(auth, authProto)
     Object.setPrototypeOf(auth, Object.getPrototypeOf(authProto))
-    this[NAMESPACE] = auth
-    return auth
+
+    // 包装 Proxy，当用户调用不存在的方法时提供 "Did you mean?" 提示
+    const authWithHint = typeof Proxy !== 'undefined'
+      ? new Proxy(auth, {
+        get(target, prop, receiver) {
+          const value = Reflect.get(target, prop, receiver)
+          if (value !== undefined || typeof prop !== 'string') {
+            return value
+          }
+          // 查找最相似的方法名
+          const allKeys = Object.getOwnPropertyNames(Object.getPrototypeOf(target))
+            .concat(Object.keys(target))
+            .filter(k => typeof target[k] === 'function')
+          const suggestion = findSimilarMethod(prop, allKeys)
+          if (suggestion) {
+            console.warn(`[CloudBase Auth] auth.${prop} is not a function. Did you mean: auth.${suggestion}() ?`)
+          }
+          return value
+        },
+      })
+      : auth
+
+    this[NAMESPACE] = authWithHint
+    return authWithHint
   },
 }
 
@@ -2742,7 +2820,7 @@ try {
   cloudbase.registerComponent(component)
 } catch (e) {}
 
-export { UserInfo, Auth }
+export { UserInfo, Auth, WeixinAuthProvider, CustomAuthProvider, AnonymousAuthProvider }
 /**
  * @api 手动注册至cloudbase app
  */