@cloudbase/auth 3.0.0 → 3.0.2

package/src/index.ts

@@ -1,11 +1,20 @@
 import type { ICloudbase, ICloudbaseConfig, ICloudbasePlatformInfo } from '@cloudbase/types'
 import type { ICloudbaseCache } from '@cloudbase/types/cache'
 import type { ICloudbaseRequest } from '@cloudbase/types/request'
-import type { ICloudbaseAuthConfig, IUser, IUserInfo, ILoginState } from '@cloudbase/types/auth'
+import type { ICloudbaseAuthConfig, IUser, ILoginState } from '@cloudbase/types/auth'
 import type { ICloudbaseComponent } from '@cloudbase/types/component'
-import type { GrantProviderTokenResponse, ProviderSubType } from '@cloudbase/oauth/dist/cjs/auth/models'
-import type { authModels, AuthOptions, Credentials } from '@cloudbase/oauth'
-import { CloudbaseOAuth, AUTH_API_PREFIX } from '@cloudbase/oauth'
+import type { AuthOptions, Credentials } from '@cloudbase/oauth'
+import {
+  CloudbaseOAuth,
+  AUTH_API_PREFIX,
+  LOGIN_STATE_CHANGED_TYPE,
+  EVENTS,
+  AUTH_STATE_CHANGED_TYPE,
+  OAUTH_TYPE,
+  weAppJwtDecodeAll,
+  AuthError,
+  authModels,
+} from '@cloudbase/oauth'
 import { useAuthAdapter } from './adapter'
 import {
   printWarn,
@@ -18,23 +27,77 @@ import {
   adapterForWxMp,
   useDefaultAdapter,
 } from './utilities'
+import { saveToBrowserSession, getBrowserSession, removeBrowserSession, addUrlSearch } from './utils'
+import { utils } from '@cloudbase/utilities'
+import {
+  CommonRes,
+  DeleteMeReq,
+  GetClaimsRes,
+  GetUserIdentitiesRes,
+  GetUserRes,
+  LinkIdentityReq,
+  LinkIdentityRes,
+  OnAuthStateChangeCallback,
+  ReauthenticateRes,
+  ResendReq,
+  ResendRes,
+  ResetPasswordForEmailRes,
+  ResetPasswordForOldReq,
+  SetSessionReq,
+  SignInAnonymouslyReq,
+  SignInOAuthRes,
+  SignInRes,
+  SignInWithIdTokenReq,
+  SignInWithOAuthReq,
+  SignInWithOtpReq,
+  SignInWithOtpRes,
+  SignInWithPasswordReq,
+  SignUpRes,
+  UnlinkIdentityReq,
+  UpdateUserAttributes,
+  UpdateUserReq,
+  UpdateUserWithVerificationRes,
+  VerifyOAuthReq,
+  VerifyOtpReq,
+} from './type'
+
+const isBrowser = () => typeof window !== 'undefined' && typeof document !== 'undefined'
+
+export type {
+  SignInRes,
+  GetUserRes,
+  CommonRes,
+  SignInWithOtpRes,
+  SignInOAuthRes,
+  GetClaimsRes,
+  ResetPasswordForEmailRes,
+  GetUserIdentitiesRes,
+  LinkIdentityRes,
+  ReauthenticateRes,
+  ResendRes,
+  UpdateUserWithVerificationRes,
+  OnAuthStateChangeCallback,
+  SignInWithPasswordReq,
+  SignInWithIdTokenReq,
+  SignInWithOAuthReq,
+  VerifyOAuthReq,
+  VerifyOtpReq,
+  LinkIdentityReq,
+  UnlinkIdentityReq,
+  UpdateUserReq,
+  SignInWithOtpReq,
+  ResetPasswordForOldReq,
+  ResendReq,
+  SetSessionReq,
+  DeleteMeReq,
+  SignUpRes,
+} from './type'
 
 declare const cloudbase: ICloudbase
 declare const wx: any
 
 const COMPONENT_NAME = 'auth'
 
-const LOGIN_STATE_CHANGED_TYPE = {
-  SIGN_OUT: 'sign_out',
-  SIGN_IN: 'sign_in',
-  CREDENTIALS_ERROR: 'credentials_error',
-}
-
-const EVENTS = {
-  // 登录态改变后触发
-  LOGIN_STATE_CHANGED: 'loginStateChanged',
-}
-
 interface UserInfo {
   uid?: string
   gender?: string
@@ -51,9 +114,7 @@ interface UserInfo {
   created_from?: string
 }
 
-const eventBus = new CloudbaseEventEmitter()
-
-const onCredentialsError = (params) => {
+const onCredentialsError = eventBus => (params) => {
   eventBus.fire(EVENTS.LOGIN_STATE_CHANGED, { ...params, eventType: LOGIN_STATE_CHANGED_TYPE.CREDENTIALS_ERROR })
 }
 
@@ -62,14 +123,14 @@ interface IUserOptions {
   oauthInstance: CloudbaseOAuth
 }
 
-class User implements IUser {
+export class User implements IUser {
   public uid?: string
   public gender?: string
   public picture?: string
   public email?: string
   public emailVerified?: boolean
   public phoneNumber?: string
-  public username?: string
+  public username?: string // 用户名称，长度 5-24 位，支持字符中英文、数字、特殊字符（仅支持_-），不支持中文
   public name?: string
   public providers?: {
     id?: string
@@ -153,7 +214,7 @@ class User implements IUser {
 
   public async updateUserBasicInfo(params: authModels.ModifyUserBasicInfoRequest): Promise<void> {
     await this.oauthInstance.authApi.updateUserBasicInfo({ ...params })
-    this.setLocalUserInfo({ username: params.username })
+    await this.refresh()
   }
 
   /**
@@ -211,18 +272,31 @@ class User implements IUser {
       `如果问题依然存在，建议到官方问答社区提问或寻找帮助：${COMMUNITY_SITE_URL}`,
     ],
   })
-  public async refresh(params?: { version?: string; query?: any }): Promise<IUserInfo> {
+  public async refresh(params?: { version?: string; query?: any }): Promise<authModels.UserInfo> {
     const newUserInfo = await this.oauthInstance.authApi.getUserInfo(params)
+    if ((newUserInfo as any).code === 'INVALID_ACCESS_TOKEN') {
+      this.setLocalUserInfo({})
+      throw newUserInfo
+    }
     this.setLocalUserInfo(newUserInfo)
     return newUserInfo
   }
 
-  private getLocalUserInfo(key: string): string | boolean {
+  public getLocalUserInfo(key?: string): string | boolean | Record<string, any> {
     const { userInfoKey } = this.cache.keys
     const userInfo = this.cache.getStore(userInfoKey)
+
+    if (!key) return userInfo || {}
+
     return userInfo[key]
   }
 
+  public setLocalUserInfo(userInfo: any) {
+    const { userInfoKey } = this.cache.keys
+    this.cache.setStore(userInfoKey, userInfo)
+    this.setUserInfo()
+  }
+
   private async getLocalUserInfoAsync(key: string): Promise<string> {
     const { userInfoKey } = this.cache.keys
     const userInfo = await this.cache.getStoreAsync(userInfoKey)
@@ -247,16 +321,11 @@ class User implements IUser {
       'created_from',
       'providers',
       'username',
+      'created_at',
     ].forEach((infoKey) => {
       this[infoKey] = userInfo[infoKey]
     })
   }
-
-  private setLocalUserInfo(userInfo: any) {
-    const { userInfoKey } = this.cache.keys
-    this.cache.setStore(userInfoKey, userInfo)
-    this.setUserInfo()
-  }
 }
 interface ILoginStateOptions extends IUserOptions {
   envId: string
@@ -294,19 +363,22 @@ export class LoginState implements ILoginState {
 }
 
 class Auth {
-  private readonly config: ICloudbaseAuthConfig
-  private readonly cache: ICloudbaseCache
-
-  private oauthInstance: CloudbaseOAuth
-
-  constructor(config: ICloudbaseAuthConfig & { cache: ICloudbaseCache; request?: ICloudbaseRequest; runtime?: string },) {
+  readonly config: ICloudbaseAuthConfig
+  oauthInstance: CloudbaseOAuth
+  readonly cache: ICloudbaseCache
+  private listeners: Map<string, Set<OnAuthStateChangeCallback>> = new Map()
+  private hasListenerSetUp = false
+
+  constructor(config: ICloudbaseAuthConfig & {
+    cache: ICloudbaseCache
+    request?: ICloudbaseRequest
+    runtime?: string
+  },) {
     this.config = config
-    this.cache = config.cache
     this.oauthInstance = config.oauthInstance
-
-    if (config.publishable_key) {
-      this.createLoginState()
-    }
+    this.cache = config.cache
+    this.init()
+    this.setAccessKey()
   }
 
   /**
@@ -412,7 +484,7 @@ class Auth {
       // async storage的平台调用此API提示
       printWarn(
         ERRORS.INVALID_OPERATION,
-        'current platform\'s storage is asynchronous, please use getCurrentUser insteed',
+        'current platform\'s storage is asynchronous, please use getCurrentUser instead',
       )
       return
     }
@@ -436,35 +508,36 @@ class Auth {
       `如果问题依然存在，建议到官方问答社区提问或寻找帮助：${COMMUNITY_SITE_URL}`,
     ],
   })
-  public async getCurrentUser() {
+  public async getCurrentUser(): Promise<(authModels.UserInfo & Partial<User>) | null> {
     const loginState = await this.getLoginState()
     if (loginState) {
+      const userInfo = loginState.user.getLocalUserInfo() as authModels.UserInfo
       await loginState.user.checkLocalInfoAsync()
-      return loginState.user || null
+      return { ...loginState.user, ...userInfo } as unknown as authModels.UserInfo & Partial<User>
     }
     return null
   }
 
-  /**
-   * 匿名登录
-   * @returns {Promise<LoginState>}
-   * @memberof Auth
-   */
-  @catchErrorsDecorator({
-    title: '匿名登录失败',
-    messages: [
-      '请确认以下各项：',
-      '  1 - 当前环境是否开启了匿名登录',
-      '  2 - 调用 auth().signInAnonymously() 的语法或参数是否正确',
-      `如果问题依然存在，建议到官方问答社区提问或寻找帮助：${COMMUNITY_SITE_URL}`,
-    ],
-  })
-  public async signInAnonymously(data: {
-    provider_token?: string
-  } = {},): Promise<LoginState> {
-    await this.oauthInstance.authApi.signInAnonymously(data)
-    return this.createLoginState()
-  }
+  // /**
+  //  * 匿名登录
+  //  * @returns {Promise<LoginState>}
+  //  * @memberof Auth
+  //  */
+  // @catchErrorsDecorator({
+  //   title: '匿名登录失败',
+  //   messages: [
+  //     '请确认以下各项：',
+  //     '  1 - 当前环境是否开启了匿名登录',
+  //     '  2 - 调用 auth().signInAnonymously() 的语法或参数是否正确',
+  //     `如果问题依然存在，建议到官方问答社区提问或寻找帮助：${COMMUNITY_SITE_URL}`,
+  //   ],
+  // })
+  // public async signInAnonymously(data: {
+  //   provider_token?: string
+  // } = {},): Promise<LoginState> {
+  // await this.oauthInstance.authApi.signInAnonymously(data)
+  // return this.createLoginState()
+  // }
 
   /**
    * 匿名登录
@@ -491,7 +564,7 @@ class Auth {
     const wxInfo = wx.getAccountInfoSync().miniProgram
 
     const mainFunc = async (code) => {
-      let result: GrantProviderTokenResponse | undefined = undefined
+      let result: authModels.GrantProviderTokenResponse | undefined = undefined
       let credentials: Credentials | undefined = undefined
 
       try {
@@ -566,7 +639,7 @@ class Auth {
     const wxInfo = wx.getAccountInfoSync().miniProgram
 
     const mainFunc = async (code) => {
-      let result: GrantProviderTokenResponse | undefined = undefined
+      let result: authModels.GrantProviderTokenResponse | undefined = undefined
 
       try {
         result = await this.oauthInstance.authApi.grantProviderToken({
@@ -609,82 +682,6 @@ class Auth {
     return
   }
 
-  /**
-   * 小程序openId静默登录
-   * @returns {Promise<LoginState>}
-   * @memberof Auth
-   */
-  @catchErrorsDecorator({
-    title: '小程序openId静默登录失败',
-    messages: [
-      '请确认以下各项：',
-      '  1 - 当前环境是否开启了小程序openId静默登录',
-      '  2 - 调用 auth().signInWithOpenId() 的语法或参数是否正确',
-      `如果问题依然存在，建议到官方问答社区提问或寻找帮助：${COMMUNITY_SITE_URL}`,
-    ],
-  })
-  public async signInWithOpenId({ useWxCloud = true } = {}): Promise<LoginState> {
-    if (!adapterForWxMp.isMatch()) {
-      throw Error('wx api undefined')
-    }
-    const wxInfo = wx.getAccountInfoSync().miniProgram
-
-    const mainFunc = async (code) => {
-      let result: GrantProviderTokenResponse | undefined = undefined
-      let credentials: Credentials | undefined = undefined
-
-      try {
-        result = await this.oauthInstance.authApi.grantProviderToken(
-          {
-            provider_id: wxInfo?.appId,
-            provider_code: code,
-            provider_params: {
-              provider_code_type: 'open_id',
-              appid: wxInfo?.appId,
-            },
-          },
-          useWxCloud,
-        )
-
-        if ((result as any)?.error_code || !result.provider_token) {
-          throw result
-        }
-
-        credentials = await this.oauthInstance.authApi.signInWithProvider(
-          { provider_token: result.provider_token },
-          useWxCloud,
-        )
-
-        if ((credentials as any)?.error_code) {
-          throw credentials
-        }
-      } catch (error) {
-        throw error
-      }
-      await this.oauthInstance.oauth2client.setCredentials(credentials as Credentials)
-    }
-
-    await new Promise((resolve, reject) => {
-      wx.login({
-        success: async (res: { code: string }) => {
-          try {
-            await mainFunc(res.code)
-            resolve(true)
-          } catch (error) {
-            reject(error)
-          }
-        },
-        fail: (res: any) => {
-          const error = new Error(res?.errMsg)
-          ;(error as any).code = res?.errno
-          reject(error)
-        },
-      })
-    })
-
-    return this.createLoginState()
-  }
-
   /**
    * 小程序unionId静默登录
    * @returns {Promise<LoginState>}
@@ -755,63 +752,63 @@ class Auth {
   }
 
   /**
-   * 小程序手机号授权登录
+   * 小程序手机号授权登录，目前只支持全托管手机号授权登录
    * @returns {Promise<LoginState>}
    * @memberof Auth
    */
-  @catchErrorsDecorator({
-    title: '小程序手机号授权登录失败',
-    messages: [
-      '请确认以下各项：',
-      '  1 - 当前环境是否开启了小程序手机号授权登录',
-      '  2 - 调用 auth().signInWithPhoneAuth() 的语法或参数是否正确',
-      `如果问题依然存在，建议到官方问答社区提问或寻找帮助：${COMMUNITY_SITE_URL}`,
-    ],
-  })
-  public async signInWithPhoneAuth({ phoneCode = '' }): Promise<LoginState> {
-    if (!adapterForWxMp.isMatch()) {
-      throw Error('wx api undefined')
-    }
-    const wxInfo = wx.getAccountInfoSync().miniProgram
-    const providerInfo = {
-      provider_params: { provider_code_type: 'phone' },
-      provider_id: wxInfo.appId,
-    }
-
-    const { code } = await wx.login()
-    ;(providerInfo as any).provider_code = code
-
-    try {
-      let providerToken = await this.oauthInstance.authApi.grantProviderToken(providerInfo)
-      if (providerToken.error_code) {
-        throw providerToken
-      }
-
-      providerToken = await this.oauthInstance.authApi.patchProviderToken({
-        provider_token: providerToken.provider_token,
-        provider_id: wxInfo.appId,
-        provider_params: {
-          code: phoneCode,
-          provider_code_type: 'phone',
-        },
-      })
-      if (providerToken.error_code) {
-        throw providerToken
-      }
-
-      const signInRes = await this.oauthInstance.authApi.signInWithProvider({
-        provider_token: providerToken.provider_token,
-      })
-
-      if ((signInRes as any)?.error_code) {
-        throw signInRes
-      }
-    } catch (error) {
-      throw error
-    }
-
-    return this.createLoginState()
-  }
+  // @catchErrorsDecorator({
+  //   title: '小程序手机号授权登录失败',
+  //   messages: [
+  //     '请确认以下各项：',
+  //     '  1 - 当前环境是否开启了小程序手机号授权登录',
+  //     '  2 - 调用 auth().signInWithPhoneAuth() 的语法或参数是否正确',
+  //     `如果问题依然存在，建议到官方问答社区提问或寻找帮助：${COMMUNITY_SITE_URL}`,
+  //   ],
+  // })
+  // public async signInWithPhoneAuth({ phoneCode = '' }): Promise<LoginState> {
+  //   if (!adapterForWxMp.isMatch()) {
+  //     throw Error('wx api undefined')
+  //   }
+  //   const wxInfo = wx.getAccountInfoSync().miniProgram
+  //   const providerInfo = {
+  //     provider_params: { provider_code_type: 'phone' },
+  //     provider_id: wxInfo.appId,
+  //   }
+
+  //   const { code } = await wx.login()
+  //   ;(providerInfo as any).provider_code = code
+
+  //   try {
+  //     let providerToken = await this.oauthInstance.authApi.grantProviderToken(providerInfo)
+  //     if (providerToken.error_code) {
+  //       throw providerToken
+  //     }
+
+  //     providerToken = await this.oauthInstance.authApi.patchProviderToken({
+  //       provider_token: providerToken.provider_token,
+  //       provider_id: wxInfo.appId,
+  //       provider_params: {
+  //         code: phoneCode,
+  //         provider_code_type: 'phone',
+  //       },
+  //     })
+  //     if (providerToken.error_code) {
+  //       throw providerToken
+  //     }
+
+  //     const signInRes = await this.oauthInstance.authApi.signInWithProvider({
+  //       provider_token: providerToken.provider_token,
+  //     })
+
+  //     if ((signInRes as any)?.error_code) {
+  //       throw signInRes
+  //     }
+  //   } catch (error) {
+  //     throw error
+  //   }
+
+  //   return this.createLoginState()
+  // }
 
   /**
    * 小程序短信验证码登陆
@@ -893,21 +890,21 @@ class Auth {
    * @returns {Promise<LoginState>}
    * @memberof Auth
    */
-  @catchErrorsDecorator({
-    title: '自定义登录失败',
-    messages: [
-      '请确认以下各项：',
-      '  1 - 当前环境是否开启了自定义登录',
-      '  2 - 调用 auth().signInWithCustomTicket() 的语法或参数是否正确',
-      '  3 - ticket 是否归属于当前环境',
-      '  4 - 创建 ticket 的自定义登录私钥是否过期',
-      `如果问题依然存在，建议到官方问答社区提问或寻找帮助：${COMMUNITY_SITE_URL}`,
-    ],
-  })
-  public async signInWithCustomTicket(): Promise<LoginState> {
-    await this.oauthInstance.authApi.signInWithCustomTicket()
-    return this.createLoginState()
-  }
+  // @catchErrorsDecorator({
+  //   title: '自定义登录失败',
+  //   messages: [
+  //     '请确认以下各项：',
+  //     '  1 - 当前环境是否开启了自定义登录',
+  //     '  2 - 调用 auth().signInWithCustomTicket() 的语法或参数是否正确',
+  //     '  3 - ticket 是否归属于当前环境',
+  //     '  4 - 创建 ticket 的自定义登录私钥是否过期',
+  //     `如果问题依然存在，建议到官方问答社区提问或寻找帮助：${COMMUNITY_SITE_URL}`,
+  //   ],
+  // })
+  // public async signInWithCustomTicket(): Promise<LoginState> {
+  //   await this.oauthInstance.authApi.signInWithCustomTicket()
+  //   return this.createLoginState()
+  // }
 
   /**
    *
@@ -920,25 +917,25 @@ class Auth {
     return this.createLoginState(params)
   }
 
-  /**
-   *
-   * @param {authModels.SignUpRequest} params
-   * @returns {Promise<LoginState>}
-   * @memberof Auth
-   */
-  @catchErrorsDecorator({
-    title: '注册失败',
-    messages: [
-      '请确认以下各项：',
-      '  1 - 当前环境是否开启了指定登录方式',
-      '  2 - 调用 auth().signUp() 的语法或参数是否正确',
-      `如果问题依然存在，建议到官方问答社区提问或寻找帮助：${COMMUNITY_SITE_URL}`,
-    ],
-  })
-  public async signUp(params: authModels.SignUpRequest): Promise<LoginState> {
-    await this.oauthInstance.authApi.signUp(params)
-    return this.createLoginState()
-  }
+  // /**
+  //  *
+  //  * @param {authModels.SignUpRequest} params
+  //  * @returns {Promise<LoginState>}
+  //  * @memberof Auth
+  //  */
+  // @catchErrorsDecorator({
+  //   title: '注册失败',
+  //   messages: [
+  //     '请确认以下各项：',
+  //     '  1 - 当前环境是否开启了指定登录方式',
+  //     '  2 - 调用 auth().signUp() 的语法或参数是否正确',
+  //     `如果问题依然存在，建议到官方问答社区提问或寻找帮助：${COMMUNITY_SITE_URL}`,
+  //   ],
+  // })
+  // public async signUp(params: authModels.SignUpRequest): Promise<any> {
+  //   await this.oauthInstance.authApi.signUp(params)
+  //   return this.createLoginState()
+  // }
 
   /**
    * 设置密码
@@ -971,26 +968,6 @@ class Auth {
     return exist
   }
 
-  /**
-   * 登出
-   */
-  @catchErrorsDecorator({
-    title: '用户登出失败',
-    messages: [
-      '请确认以下各项：',
-      '  1 - 调用 auth().signOut() 的语法或参数是否正确',
-      '  2 - 当前用户是否为匿名登录（匿名登录不支持signOut）',
-      `如果问题依然存在，建议到官方问答社区提问或寻找帮助：${COMMUNITY_SITE_URL}`,
-    ],
-  })
-  public async signOut(params?: authModels.SignoutRequest): Promise<void | authModels.SignoutReponse> {
-    const { userInfoKey } = this.cache.keys
-    const res = await this.oauthInstance.authApi.signOut(params)
-    await this.cache.removeStoreAsync(userInfoKey)
-    eventBus.fire(EVENTS.LOGIN_STATE_CHANGED, { eventType: LOGIN_STATE_CHANGED_TYPE.SIGN_OUT })
-    return res
-  }
-
   /**
    * 获取本地登录态-同步
    */
@@ -999,7 +976,7 @@ class Auth {
       // async storage的平台调用此API提示
       printWarn(
         ERRORS.INVALID_OPERATION,
-        'current platform\'s storage is asynchronous, please use getLoginState insteed',
+        'current platform\'s storage is asynchronous, please use getLoginState instead',
       )
       return
     }
@@ -1058,8 +1035,8 @@ class Auth {
       `如果问题依然存在，建议到官方问答社区提问或寻找帮助：${COMMUNITY_SITE_URL}`,
     ],
   })
-  public async getUserInfo(params?: { version?: string }): Promise<IUserInfo> {
-    return this.oauthInstance.authApi.getUserInfo(params)
+  public async getUserInfo(): Promise<(authModels.UserInfo & Partial<User>) | null> {
+    return this.getCurrentUser()
   }
 
   @catchErrorsDecorator({
@@ -1185,7 +1162,7 @@ class Auth {
   }
 
   public async onLoginStateChanged(callback: Function) {
-    eventBus.on(EVENTS.LOGIN_STATE_CHANGED, async (params) => {
+    this.config.eventBus?.on(EVENTS.LOGIN_STATE_CHANGED, async (params) => {
       // getLoginState会重复触发getCredentials，导致死循环，所以getCredentials出错不再出发getLoginState
       const loginState = params?.data?.eventType !== LOGIN_STATE_CHANGED_TYPE.CREDENTIALS_ERROR ? await this.getLoginState() : {}
       callback.call(this, { ...params, ...loginState })
@@ -1226,7 +1203,7 @@ class Auth {
       `如果问题依然存在，建议到官方问答社区提问或寻找帮助：${COMMUNITY_SITE_URL}`,
     ],
   })
-  public async getProviderSubType(): Promise<ProviderSubType> {
+  public async getProviderSubType(): Promise<authModels.ProviderSubType> {
     return this.oauthInstance.authApi.getProviderSubType()
   }
 
@@ -1258,55 +1235,21 @@ class Auth {
     return this.oauthInstance.authApi.getUserBehaviorLog(params)
   }
 
-  /**
-   * 跳转系统默认登录页
-   * @returns {Promise<authModels.ToDefaultLoginPage>}
-   * @memberof Auth
-   */
-  public async toDefaultLoginPage(params: authModels.ToDefaultLoginPage = {}): Promise<void> {
-    const configVersion = params.config_version || 'env'
-
-    if (adapterForWxMp.isMatch()) {
-      wx.navigateTo({ url: '/packages/$wd_system/pages/login/index' })
-    } else {
-      const redirectUri = params.redirect_uri || window.location.href
-      const urlObj = new URL(redirectUri)
-      const loginPage = `${urlObj.origin}/__auth/?app_id=${params.app_id || ''}&env_id=${this.config.env}&client_id=${
-        this.config.clientId
-      }&config_version=${configVersion}&redirect_uri=${encodeURIComponent(redirectUri)}`
-      window.location.href = loginPage
-    }
-  }
-
-  private async createLoginState(
-    params?: { version?: string; query?: any },
-    options?: { asyncRefreshUser?: boolean },
-  ): Promise<LoginState> {
-    const loginState = new LoginState({
-      envId: this.config.env,
-      cache: this.cache,
-      oauthInstance: this.oauthInstance,
-    })
-
-    await loginState.checkLocalStateAsync()
-    if (options?.asyncRefreshUser) {
-      loginState.user.refresh(params)
-    } else {
-      await loginState.user.refresh(params)
-    }
-    eventBus.fire(EVENTS.LOGIN_STATE_CHANGED, { eventType: LOGIN_STATE_CHANGED_TYPE.SIGN_IN })
-    return loginState
-  }
-
   /**
    * sms/email 验证码登录/注册，逻辑一致收敛
    */
-  private async signInWithUsername({
+  public async signInWithUsername({
     verificationInfo = { verification_id: '', is_user: false },
     verificationCode = '',
     username: rawUsername = '',
     bindInfo = undefined,
     loginType = '',
+  }: {
+    verificationInfo?: authModels.GetVerificationResponse
+    verificationCode?: string
+    username?: string
+    bindInfo?: any
+    loginType?: string
   }): Promise<LoginState> {
     try {
       // 1. 验证验证码
@@ -1319,10 +1262,11 @@ class Auth {
         throw verifyRes
       }
 
+      // eslint-disable-next-line @typescript-eslint/naming-convention
       const { verification_token } = verifyRes
 
       // 手机登录参数
-      let username = `+86 ${rawUsername}`
+      let username = /^\+\d{1,3}\s+/.test(rawUsername) ? rawUsername : `+86 ${rawUsername}`
       let signUpParam: any = { phone_number: username }
 
       // 邮箱登录参数
@@ -1370,37 +1314,1296 @@ class Auth {
       throw error
     }
   }
-}
 
-type TInitAuthOptions = Pick<ICloudbaseAuthConfig, 'region' | 'persistence' | 'i18n' | 'publishable_key'> & Partial<AuthOptions>
+  async createLoginState(
+    params?: { version?: string; query?: any },
+    options?: { asyncRefreshUser?: boolean; userInfo?: any },
+  ): Promise<LoginState> {
+    const loginState = new LoginState({
+      envId: this.config.env,
+      cache: this.cache,
+      oauthInstance: this.oauthInstance,
+    })
+
+    await loginState.checkLocalStateAsync()
 
-export function generateAuthInstance(
-  config: TInitAuthOptions,
-  options?: {
-    clientId: ICloudbaseConfig['clientId']
-    env: ICloudbaseConfig['env']
-    apiOrigin: string
-    cache?: ICloudbaseCache
-    platform?: ICloudbase['platform']
-    app?: ICloudbase
-    debug?: ICloudbaseAuthConfig['debug']
-  },
-) {
-  const { region = 'ap-shanghai', i18n, publishable_key } = config
-  const platform = options?.platform || (useDefaultAdapter() as ICloudbasePlatformInfo)
-  const { runtime, adapter } = platform
+    if (options?.userInfo) {
+      loginState.user.setLocalUserInfo(options.userInfo)
+    } else {
+      if (options?.asyncRefreshUser) {
+        loginState.user.refresh(params)
+      } else {
+        await loginState.user.refresh(params)
+      }
+    }
 
-  const { env, clientId, debug, cache, app: cloudbase } = options || {}
-  let { apiOrigin } = options || {}
-  if (!apiOrigin) {
-    apiOrigin = `https://${env}.${region}.tcb-api.tencentcloudapi.com`
+    this.config.eventBus?.fire(EVENTS.LOGIN_STATE_CHANGED, { eventType: LOGIN_STATE_CHANGED_TYPE.SIGN_IN })
+
+    this.config.eventBus?.fire(EVENTS.AUTH_STATE_CHANGED, { event: AUTH_STATE_CHANGED_TYPE.SIGNED_IN })
+    return loginState
   }
 
-  const commonOpts = {
-    env,
+  async setAccessKey() {
+    if (this.config.accessKey) {
+      try {
+        this.oauthInstance.oauth2client.setAccessKeyCredentials({
+          access_token: this.config.accessKey,
+          token_type: 'Bearer',
+          scope: 'accessKey',
+          expires_at: new Date(+new Date() + +new Date()),
+          expires_in: +new Date() + +new Date(),
+        })
+      } catch (error) {
+        console.warn('accessKey error: ', error)
+      }
+    }
+  }
+
+  // ========== new auth api methods merged below ==========
+
+  /**
+   * https://supabase.com/docs/reference/javascript/auth-signinanonymously
+   * Sign in a user anonymously.
+   * const { data, error } = await auth.signInAnonymously();
+   * @param params
+   * @returns  Promise<SignInRes>
+   */
+  async signInAnonymously(params: SignInAnonymouslyReq): Promise<SignInRes> {
+    try {
+      await this.oauthInstance.authApi.signInAnonymously(params)
+      const loginState = await this.createLoginState()
+
+      const { data: { session } = {} } = await this.getSession()
+
+      // loginState返回是为了兼容v2版本
+      return { ...(loginState as any), data: { user: session.user, session }, error: null }
+    } catch (error) {
+      return { data: {}, error: new AuthError(error) }
+    }
+  }
+
+  /**
+   * https://supabase.com/docs/reference/javascript/auth-signup
+   * Sign up a new user with email or phone using a one-time password (OTP). If the account not exist, a new account will be created.
+   * @param params
+   * @returns Promise<SignUpRes>
+   */
+  async signUp(params: authModels.SignUpRequest & { phone?: string }): Promise<SignUpRes> {
+    if (params.phone_number || params.verification_code || params.verification_token || params.provider_token) {
+      await this.oauthInstance.authApi.signUp(params)
+      return this.createLoginState() as any
+    }
+    try {
+      // 参数校验：email或phone必填其一
+      this.validateAtLeastOne(params, [['email'], ['phone']], 'You must provide either an email or phone number')
+
+      // 第一步：发送验证码并存储 verificationInfo
+      const verificationInfo = await this.getVerification(params.email ? { email: params.email } : { phone_number: this.formatPhone(params.phone) },)
+
+      return {
+        data: {
+          // 第二步：等待用户输入验证码（通过 Promise 包装用户输入事件）
+          verifyOtp: async ({ token, messageId = verificationInfo.verification_id }): Promise<SignInRes> => {
+            try {
+              // 第三步：待用户输入完验证码之后，验证短信验证码
+              const verificationTokenRes = await this.verify({
+                verification_id: messageId || verificationInfo.verification_id,
+                verification_code: token,
+              })
+
+              // 第四步：注册并登录或直接登录
+              // 如果用户已经存在，直接登录
+              if (verificationInfo.is_user) {
+                await this.signIn({
+                  username: params.email || this.formatPhone(params.phone),
+                  verification_token: verificationTokenRes.verification_token,
+                })
+              } else {
+                // 如果用户不存在，注册用户
+                const data = JSON.parse(JSON.stringify(params))
+                delete data.email
+                delete data.phone
+
+                await this.oauthInstance.authApi.signUp({
+                  ...data,
+                  ...(params.email ? { email: params.email } : { phone_number: this.formatPhone(params.phone) }),
+                  verification_token: verificationTokenRes.verification_token,
+                  verification_code: token,
+                })
+                await this.createLoginState()
+              }
+
+              const { data: { session } = {} } = await this.getSession()
+
+              return { data: { user: session.user, session }, error: null }
+            } catch (error) {
+              return { data: {}, error: new AuthError(error) }
+            }
+          },
+        },
+        error: null,
+      }
+    } catch (error) {
+      return { data: {}, error: new AuthError(error) }
+    }
+  }
+
+  /**
+   * https://supabase.com/docs/reference/javascript/auth-signout
+   * const result = await auth.signOut();
+   *
+   * @param params
+   */
+  async signOut(params?: authModels.SignoutRequest,): Promise<authModels.SignoutResponse & { data: Object; error: AuthError }> {
+    try {
+      const { userInfoKey } = this.cache.keys
+      const res = await this.oauthInstance.authApi.signOut(params)
+      await this.cache.removeStoreAsync(userInfoKey)
+      this.setAccessKey()
+
+      this.config.eventBus?.fire(EVENTS.LOGIN_STATE_CHANGED, { eventType: LOGIN_STATE_CHANGED_TYPE.SIGN_OUT })
+
+      this.config.eventBus?.fire(EVENTS.AUTH_STATE_CHANGED, { event: AUTH_STATE_CHANGED_TYPE.SIGNED_OUT })
+
+      // res返回是为了兼容v2版本
+      return { ...res, data: {}, error: null }
+    } catch (error) {
+      return { data: {}, error: new AuthError(error) }
+    }
+  }
+
+  /**
+   * https://supabase.com/docs/reference/javascript/auth-onauthstatechange
+   * Receive a notification every time an auth event happens.
+   * @param callback
+   * @returns Promise<{ data: { subscription: Subscription }, error: Error | null }>
+   */
+  onAuthStateChange(callback: OnAuthStateChangeCallback) {
+    if (!this.hasListenerSetUp) {
+      this.setupListeners()
+      this.hasListenerSetUp = true
+    }
+
+    const id = Math.random().toString(36)
+
+    if (!this.listeners.has(id)) {
+      this.listeners.set(id, new Set())
+    }
+
+    this.listeners.get(id)!.add(callback)
+
+    // 返回 Subscription 对象
+    const subscription = {
+      id,
+      callback,
+      unsubscribe: () => {
+        const callbacks = this.listeners.get(id)
+        if (callbacks) {
+          callbacks.delete(callback)
+          if (callbacks.size === 0) {
+            this.listeners.delete(id)
+          }
+        }
+      },
+    }
+
+    return {
+      data: { subscription },
+    }
+  }
+
+  /**
+   * https://supabase.com/docs/reference/javascript/auth-signinwithpassword
+   * Log in an existing user with an email and password or phone and password or username and password.
+   * @param params
+   * @returns Promise<SignInRes>
+   */
+  async signInWithPassword(params: SignInWithPasswordReq): Promise<SignInRes> {
+    try {
+      // 参数校验：username/email/phone三选一，password必填
+      this.validateAtLeastOne(
+        params,
+        [['username'], ['email'], ['phone']],
+        'You must provide either username, email, or phone',
+      )
+      this.validateParams(params, {
+        password: { required: true, message: 'Password is required' },
+      })
+
+      await this.signIn({
+        username: params.username || params.email || this.formatPhone(params.phone),
+        password: params.password,
+        ...(params.is_encrypt ? { isEncrypt: true, version: 'v2' } : {}),
+      })
+      const { data: { session } = {} } = await this.getSession()
+
+      return { data: { user: session.user, session }, error: null }
+    } catch (error) {
+      return { data: {}, error: new AuthError(error) }
+    }
+  }
+
+  /**
+   * https://supabase.com/docs/reference/javascript/auth-signinwithidtoken
+   * 第三方平台登录。如果用户不存在，会根据云开发平台-登录方式中对应身份源的登录模式配置，判断是否自动注册
+   * @param params
+   * @returns Promise<SignInRes>
+   */
+  async signInWithIdToken(params: SignInWithIdTokenReq): Promise<SignInRes> {
+    try {
+      // 参数校验：token必填
+      this.validateParams(params, {
+        token: { required: true, message: 'Token is required' },
+      })
+
+      await this.signInWithProvider({
+        provider_token: params.token,
+      })
+      const { data: { session } = {} } = await this.getSession()
+
+      return { data: { user: session.user, session }, error: null }
+    } catch (error) {
+      return { data: {}, error: new AuthError(error) }
+    }
+  }
+
+  /**
+   * https://supabase.com/docs/reference/javascript/auth-signinwithotp
+   * Log in a user using a one-time password (OTP).
+   * @param params
+   * @returns Promise<SignInWithOtpRes>
+   */
+  async signInWithOtp(params: SignInWithOtpReq): Promise<SignInWithOtpRes> {
+    try {
+      // 参数校验：email或phone必填其一
+      this.validateAtLeastOne(params, [['email'], ['phone']], 'You must provide either an email or phone number')
+
+      // 第一步：发送验证码并存储 verificationInfo
+      const verificationInfo = await this.getVerification(params.email ? { email: params.email } : { phone_number: this.formatPhone(params.phone) },)
+
+      return {
+        data: {
+          user: null,
+          session: null,
+          // 第二步：等待用户输入验证码（通过 Promise 包装用户输入事件）
+          verifyOtp: async ({ token, messageId = verificationInfo.verification_id }): Promise<SignInRes> => this.verifyOtp({
+            email: params.email,
+            phone: params.phone,
+            token,
+            messageId,
+          }),
+        },
+        error: null,
+      }
+    } catch (error) {
+      return { data: {}, error: new AuthError(error) }
+    }
+  }
+
+  /**
+   * 校验第三方平台授权登录回调
+   * @param params
+   * @returns Promise<SignInRes>
+   */
+  async verifyOAuth(params?: VerifyOAuthReq): Promise<SignInRes | LinkIdentityRes> {
+    const data: any = {}
+    try {
+      // 回调至 provider_redirect_uri 地址（url query中携带 授权code，state等参数），此时检查 state 是否符合预期（如 自己设置的 wx_open)
+      const code = params?.code || utils.getQuery('code')
+      const state = params?.state || utils.getQuery('state')
+
+      // 参数校验：code和state必填
+      if (!code) {
+        return { data: {}, error: new AuthError({ message: 'Code is required' }) }
+      }
+
+      if (!state) {
+        return { data: {}, error: new AuthError({ message: 'State is required' }) }
+      }
+
+      const cacheData = getBrowserSession(state)
+      data.type = cacheData?.type
+
+      const provider = params?.provider || cacheData?.provider || utils.getQuery('provider')
+
+      if (!provider) {
+        return { data, error: new AuthError({ message: 'Provider is required' }) }
+      }
+
+      // state符合预期，则获取该三方平台token
+      const { provider_token: token } = await this.grantProviderToken({
+        provider_id: provider,
+        provider_redirect_uri: location.origin + location.pathname, // 指定三方平台跳回的 url 地址
+        provider_code: code, // 第三方平台跳转回页面时，url param 中携带的 code 参数
+      })
+
+      let res: SignInRes | LinkIdentityRes
+
+      if (cacheData.type === OAUTH_TYPE.BIND_IDENTITY) {
+        res = await this.oauthInstance.authApi.toBindIdentity({ provider_token: token, provider, fireEvent: true })
+      } else {
+        // 通过 provider_token 仅登录或登录并注册（与云开发平台-登录方式-身份源登录模式配置有关）
+        res = await this.signInWithIdToken({
+          token,
+        })
+        res.data = { ...data, ...res.data }
+      }
+
+      const localSearch = new URLSearchParams(location?.search)
+      localSearch.delete('code')
+      localSearch.delete('state')
+      addUrlSearch(
+        cacheData?.search === undefined ? `?${localSearch.toString()}` : cacheData?.search,
+        cacheData?.hash || location.hash,
+      )
+      removeBrowserSession(state)
+
+      return res
+    } catch (error) {
+      return { data, error: new AuthError(error) }
+    }
+  }
+
+  /**
+   * https://supabase.com/docs/reference/javascript/auth-signinwithoauth
+   * 生成第三方平台授权 Uri （如微信二维码扫码授权网页）
+   * @param params
+   * @returns Promise<SignInOAuthRes>
+   */
+  async signInWithOAuth(params: SignInWithOAuthReq): Promise<SignInOAuthRes> {
+    try {
+      // 参数校验：provider必填
+      this.validateParams(params, {
+        provider: { required: true, message: 'Provider is required' },
+      })
+
+      const href = params.options?.redirectTo || location.href
+
+      const urlObject = new URL(href)
+
+      const provider_redirect_uri = urlObject.origin + urlObject.pathname
+
+      const state = params.options?.state || `prd-${params.provider}-${Math.random().toString(36)
+        .slice(2)}`
+
+      const { uri } = await this.genProviderRedirectUri({
+        provider_id: params.provider,
+        provider_redirect_uri,
+        state,
+      })
+
+      // 对 URL 进行解码
+      const decodedUri = decodeURIComponent(uri)
+
+      // 合并额外的查询参数
+      let finalUri = decodedUri
+
+      if (params.options?.queryParams) {
+        const url = new URL(decodedUri)
+        Object.entries(params.options.queryParams).forEach(([key, value]) => {
+          url.searchParams.set(key, value)
+        })
+        finalUri = url.toString()
+      }
+
+      saveToBrowserSession(state, {
+        provider: params.provider,
+        search: urlObject.search,
+        hash: urlObject.hash,
+        type: params.options?.type || OAUTH_TYPE.SIGN_IN,
+      })
+
+      if (isBrowser() && !params.options?.skipBrowserRedirect) {
+        window.location.assign(finalUri)
+      }
+
+      return { data: { url: finalUri, provider: params.provider }, error: null }
+    } catch (error) {
+      return { data: {}, error: new AuthError(error) }
+    }
+  }
+
+  // https://supabase.com/docs/reference/javascript/auth-getclaims
+  async getClaims(): Promise<GetClaimsRes> {
+    try {
+      const { accessToken } = await this.getAccessToken()
+      const parsedToken = weAppJwtDecodeAll(accessToken)
+      return { data: parsedToken, error: null }
+    } catch (error) {
+      return { data: {}, error: new AuthError(error) }
+    }
+  }
+
+  /**
+   * https://supabase.com/docs/reference/javascript/auth-resetpasswordforemail
+   * 通过 email 或手机号重置密码
+   * @param emailOrPhone 邮箱或手机号
+   * @returns Promise<ResetPasswordForEmailRes>
+   */
+  async resetPasswordForEmail(
+    emailOrPhone: string,
+    options?: { redirectTo?: string },
+  ): Promise<ResetPasswordForEmailRes> {
+    try {
+      // 参数校验：emailOrPhone必填
+      this.validateParams(
+        { emailOrPhone },
+        {
+          emailOrPhone: { required: true, message: 'Email or phone is required' },
+        },
+      )
+
+      const { redirectTo } = options || {}
+
+      // 判断是邮箱还是手机号
+      const isEmail = emailOrPhone.includes('@')
+      let verificationParams: { email?: string; phone_number?: string }
+
+      if (isEmail) {
+        verificationParams = { email: emailOrPhone }
+      } else {
+        // 正规化手机号
+        const formattedPhone = this.formatPhone(emailOrPhone)
+        verificationParams = { phone_number: formattedPhone }
+      }
+
+      // 第一步：发送验证码并存储 verificationInfo
+      const verificationInfo = await this.getVerification(verificationParams)
+
+      return {
+        data: {
+          // 第二步：等待用户输入验证码（通过 Promise 包装用户输入事件）
+          updateUser: async (attributes: UpdateUserAttributes): Promise<SignInRes> => {
+            this.validateParams(attributes, {
+              nonce: { required: true, message: 'Nonce is required' },
+              password: { required: true, message: 'Password is required' },
+            })
+            try {
+              // 第三步：待用户输入完验证码之后，验证验证码
+              const verificationTokenRes = await this.verify({
+                verification_id: verificationInfo.verification_id,
+                verification_code: attributes.nonce,
+              })
+
+              await this.oauthInstance.authApi.resetPassword({
+                email: isEmail ? emailOrPhone : undefined,
+                phone_number: !isEmail ? emailOrPhone : undefined,
+                new_password: attributes.password,
+                verification_token: verificationTokenRes.verification_token,
+              })
+
+              this.config.eventBus?.fire(EVENTS.AUTH_STATE_CHANGED, {
+                event: AUTH_STATE_CHANGED_TYPE.PASSWORD_RECOVERY,
+              })
+
+              const res = await this.signInWithPassword({
+                email: isEmail ? emailOrPhone : undefined,
+                phone: !isEmail ? emailOrPhone : undefined,
+                password: attributes.password,
+              })
+
+              if (redirectTo && isBrowser()) {
+                window.location.assign(redirectTo)
+              }
+
+              return res
+            } catch (error) {
+              return { data: {}, error: new AuthError(error) }
+            }
+          },
+        },
+        error: null,
+      }
+    } catch (error) {
+      return { data: {}, error: new AuthError(error) }
+    }
+  }
+
+  /**
+   * 通过旧密码重置密码
+   * @param new_password
+   * @param old_password
+   * @returns
+   */
+  async resetPasswordForOld(params: ResetPasswordForOldReq) {
+    try {
+      await this.oauthInstance.authApi.updatePasswordByOld({
+        old_password: params.old_password,
+        new_password: params.new_password,
+      })
+
+      const { data: { session } = {} } = await this.getSession()
+
+      return { data: { user: session.user, session }, error: null }
+    } catch (error) {
+      return { data: {}, error: new AuthError(error) }
+    }
+  }
+
+  /**
+   * https://supabase.com/docs/reference/javascript/auth-verifyotp
+   * Log in a user given a User supplied OTP and verificationId received through mobile or email.
+   * @param params
+   * @returns Promise<SignInRes>
+   */
+  async verifyOtp(params: VerifyOtpReq): Promise<SignInRes> {
+    try {
+      const { type } = params
+      // 参数校验：token和verificationInfo必填
+      this.validateParams(params, {
+        token: { required: true, message: 'Token is required' },
+        messageId: { required: true, message: 'messageId is required' },
+      })
+
+      if (['phone_change', 'email_change'].includes(type)) {
+        await this.verify({
+          verification_id: params.messageId,
+          verification_code: params.token,
+        })
+      } else {
+        await this.signInWithUsername({
+          verificationInfo: { verification_id: params.messageId, is_user: true },
+          verificationCode: params.token,
+          username: params.email || this.formatPhone(params.phone) || '',
+          loginType: params.email ? 'email' : 'phone',
+        })
+      }
+
+      const { data: { session } = {} } = await this.getSession()
+
+      return { data: { user: session.user, session }, error: null }
+    } catch (error) {
+      return { data: {}, error: new AuthError(error) }
+    }
+  }
+
+  /**
+   * https://supabase.com/docs/reference/javascript/auth-getSession
+   * Returns the session, refreshing it if necessary.
+   * @returns Promise<SignInRes>
+   */
+  async getSession(): Promise<SignInRes> {
+    try {
+      const credentials: Credentials = await this.oauthInstance.oauth2client.getCredentials()
+
+      if (!credentials || credentials.scope === 'accessKey') {
+        return { data: { session: null }, error: null }
+      }
+
+      const { data: { user } = {} } = await this.getUser()
+
+      return { data: { session: { ...credentials, user }, user }, error: null }
+    } catch (error) {
+      return { data: {}, error: new AuthError(error) }
+    }
+  }
+
+  /**
+   * https://supabase.com/docs/reference/javascript/auth-refreshsession
+   * 无论过期状态如何，都返回一个新的会话
+   * @param refresh_token
+   * @returns Promise<SignInRes>
+   */
+  async refreshSession(refresh_token?: string): Promise<SignInRes> {
+    try {
+      const credentials: Credentials = await this.oauthInstance.oauth2client.localCredentials.getCredentials()
+      credentials.refresh_token = refresh_token || credentials.refresh_token
+      const newTokens = await this.oauthInstance.oauth2client.refreshToken(credentials)
+      const { data: { user } = {} } = await this.getUser()
+
+      return { data: { user, session: { ...newTokens, user } }, error: null }
+    } catch (error) {
+      return { data: {}, error: new AuthError(error) }
+    }
+  }
+
+  /**
+   * https://supabase.com/docs/reference/javascript/auth-getuser
+   * 如果存在现有会话，则获取当前用户详细信息
+   * @returns Promise<GetUserRes>
+   */
+  async getUser(): Promise<GetUserRes> {
+    try {
+      const user = this.convertToUser(await this.getUserInfo())
+      return { data: { user }, error: null }
+    } catch (error) {
+      return { data: {}, error: new AuthError(error) }
+    }
+  }
+
+  /**
+   * 刷新用户信息
+   * @returns Promise<CommonRes>
+   */
+  async refreshUser(): Promise<CommonRes> {
+    try {
+      await this.currentUser.refresh()
+
+      const { data: { session } = {} } = await this.getSession()
+      return { data: { user: session.user, session }, error: null }
+    } catch (error) {
+      return { data: {}, error: new AuthError(error) }
+    }
+  }
+
+  /**
+   * https://supabase.com/docs/reference/javascript/auth-updateuser
+   * 更新用户信息
+   * @param params
+   * @returns Promise<GetUserRes | UpdateUserWithVerificationRes>
+   */
+  async updateUser(params: UpdateUserReq): Promise<GetUserRes | UpdateUserWithVerificationRes> {
+    try {
+      // 参数校验：至少有一个更新字段被提供
+      const hasValue = Object.keys(params).some(key => params[key] !== undefined && params[key] !== null && params[key] !== '',)
+      if (!hasValue) {
+        throw new AuthError({ message: 'At least one field must be provided for update' })
+      }
+
+      const { email, phone, ...restParams } = params
+
+      // 检查是否需要更新 email 或 phone
+      const needsEmailVerification = email !== undefined
+      const needsPhoneVerification = phone !== undefined
+
+      let extraRes = {}
+
+      if (needsEmailVerification || needsPhoneVerification) {
+        // 需要发送验证码
+        let verificationParams: { email?: string; phone_number?: string }
+        let verificationType: 'email_change' | 'phone_change'
+
+        if (needsEmailVerification) {
+          verificationParams = { email: params.email }
+          verificationType = 'email_change'
+        } else {
+          // 正规化手机号
+          const formattedPhone = this.formatPhone(params.phone)
+          verificationParams = { phone_number: formattedPhone }
+          verificationType = 'phone_change'
+        }
+
+        // 发送验证码
+        const verificationInfo = await this.getVerification(verificationParams)
+
+        Object.keys(restParams).length > 0 && (await this.updateUserBasicInfo(restParams))
+
+        extraRes = {
+          messageId: verificationInfo.verification_id,
+          verifyOtp: async (verifyParams: { email?: string; phone?: string; token: string }): Promise<GetUserRes> => {
+            try {
+              if (verifyParams.email && params.email === verifyParams.email) {
+                // 验证码验证
+                await this.verifyOtp({
+                  type: 'email_change',
+                  email: params.email,
+                  token: verifyParams.token,
+                  messageId: verificationInfo.verification_id,
+                })
+                await this.updateUserBasicInfo({ email: params.email })
+              } else if (verifyParams.phone && params.phone === verifyParams.phone) {
+                // 验证码验证
+                await this.verifyOtp({
+                  type: 'phone_change',
+                  phone: params.phone,
+                  token: verifyParams.token,
+                  messageId: verificationInfo.verification_id,
+                })
+                await this.updateUserBasicInfo({ phone: this.formatPhone(params.phone) })
+              } else {
+                await this.verifyOtp({
+                  type: verificationType,
+                  email: needsEmailVerification ? params.email : undefined,
+                  phone: !needsEmailVerification ? params.phone : undefined,
+                  token: verifyParams.token,
+                  messageId: verificationInfo.verification_id,
+                })
+                // 验证成功后更新用户信息
+                await this.updateUserBasicInfo(params)
+              }
+
+              const {
+                data: { user },
+              } = await this.getUser()
+              this.config.eventBus?.fire(EVENTS.AUTH_STATE_CHANGED, { event: AUTH_STATE_CHANGED_TYPE.USER_UPDATED })
+
+              return { data: { user }, error: null }
+            } catch (error) {
+              return { data: {}, error: new AuthError(error) }
+            }
+          },
+        }
+      } else {
+        // 不需要验证，直接更新
+        await this.updateUserBasicInfo(params)
+      }
+      const {
+        data: { user },
+      } = await this.getUser()
+      this.config.eventBus?.fire(EVENTS.AUTH_STATE_CHANGED, { event: AUTH_STATE_CHANGED_TYPE.USER_UPDATED })
+
+      return { data: { user, ...extraRes }, error: null }
+    } catch (error) {
+      return { data: {}, error: new AuthError(error) }
+    }
+  }
+
+  /**
+   * https://supabase.com/docs/reference/javascript/auth-getuseridentities
+   * 获取所有身份源
+   * @returns Promise<GetUserIdentitiesRes>
+   */
+  async getUserIdentities(): Promise<GetUserIdentitiesRes> {
+    try {
+      const providers = await this.oauthInstance.authApi.getProviders()
+
+      return { data: { identities: providers?.data?.filter(v => !!v.bind) as unknown as GetUserIdentitiesRes['data']['identities'] }, error: null }
+    } catch (error) {
+      return { data: {}, error: new AuthError(error) }
+    }
+  }
+
+  /**
+   * https://supabase.com/docs/reference/javascript/auth-linkidentity
+   * 绑定身份源到当前用户
+   * @param params
+   * @returns Promise<LinkIdentityRes>
+   */
+  async linkIdentity(params: LinkIdentityReq): Promise<LinkIdentityRes> {
+    try {
+      // 参数校验：provider必填
+      this.validateParams(params, {
+        provider: { required: true, message: 'Provider is required' },
+      })
+
+      await this.signInWithOAuth({
+        provider: params.provider,
+        options: {
+          type: OAUTH_TYPE.BIND_IDENTITY,
+        },
+      })
+
+      return { data: { provider: params.provider }, error: null }
+    } catch (error) {
+      return { data: {}, error: new AuthError(error) }
+    }
+  }
+
+  /**
+   * https://supabase.com/docs/reference/javascript/auth-unlinkidentity
+   * 解绑身份源
+   * @param params
+   * @returns Promise<CommonRes>
+   */
+  async unlinkIdentity(params: UnlinkIdentityReq): Promise<CommonRes> {
+    try {
+      // 参数校验：provider必填
+      this.validateParams(params, {
+        provider: { required: true, message: 'Provider is required' },
+      })
+
+      await this.oauthInstance.authApi.unbindProvider({ provider_id: params.provider })
+
+      return { data: {}, error: null }
+    } catch (error) {
+      return { data: {}, error: new AuthError(error) }
+    }
+  }
+
+  /**
+   * https://supabase.com/docs/reference/javascript/auth-reauthentication
+   * 重新认证
+   * @returns Promise<ReauthenticateRes>
+   */
+  async reauthenticate(): Promise<ReauthenticateRes> {
+    try {
+      const {
+        data: { user },
+      } = await this.getUser()
+
+      this.validateAtLeastOne(user, [['email', 'phone']], 'You must provide either an email or phone number')
+      const userInfo = user.email ? { email: user.email } : { phone_number: this.formatPhone(user.phone) }
+
+      // 第一步：发送验证码并存储 verificationInfo
+      const verificationInfo = await this.getVerification(userInfo)
+
+      return {
+        data: {
+          // 第二步：等待用户输入验证码（通过 Promise 包装用户输入事件）
+          updateUser: async (attributes: UpdateUserAttributes): Promise<SignInRes> => {
+            this.validateParams(attributes, {
+              nonce: { required: true, message: 'Nonce is required' },
+            })
+            try {
+              if (attributes.password) {
+                // 第三步：待用户输入完验证码之后，验证验证码
+                const verificationTokenRes = await this.verify({
+                  verification_id: verificationInfo.verification_id,
+                  verification_code: attributes.nonce,
+                })
+
+                // 第四步：获取 sudo_token
+                const sudoRes = await this.oauthInstance.authApi.sudo({
+                  verification_token: verificationTokenRes.verification_token,
+                })
+
+                await this.oauthInstance.authApi.setPassword({
+                  new_password: attributes.password,
+                  sudo_token: sudoRes.sudo_token,
+                })
+              } else {
+                await this.signInWithUsername({
+                  verificationInfo,
+                  verificationCode: attributes.nonce,
+                  ...userInfo,
+                  loginType: userInfo.email ? 'email' : 'phone',
+                })
+              }
+
+              const { data: { session } = {} } = await this.getSession()
+
+              return { data: { user: session.user, session }, error: null }
+            } catch (error) {
+              return { data: {}, error: new AuthError(error) }
+            }
+          },
+        },
+        error: null,
+      }
+    } catch (error) {
+      return { data: {}, error: new AuthError(error) }
+    }
+  }
+
+  /**
+   * https://supabase.com/docs/reference/javascript/auth-resend
+   * 重新发送验证码
+   * @param params
+   * @returns Promise<ResendRes>
+   */
+  async resend(params: ResendReq): Promise<ResendRes> {
+    try {
+      // 参数校验：email或phone必填其一
+      this.validateAtLeastOne(params, [['email'], ['phone']], 'You must provide either an email or phone number')
+
+      const target = params.type === 'signup' ? 'ANY' : 'USER'
+      const data: { email?: string; phone_number?: string; target: 'USER' | 'ANY' } = { target }
+      if ('email' in params) {
+        data.email = params.email
+      }
+
+      if ('phone' in params) {
+        data.phone_number = this.formatPhone(params.phone)
+      }
+
+      // 重新发送验证码
+      const { verification_id: verificationId } = await this.oauthInstance.authApi.getVerification(data)
+
+      return {
+        data: { messageId: verificationId },
+        error: null,
+      }
+    } catch (error: any) {
+      return {
+        data: {},
+        error: new AuthError(error),
+      }
+    }
+  }
+
+  /**
+   * https://supabase.com/docs/reference/javascript/auth-setsession
+   * 使用access_token和refresh_token来设置会话
+   * @param params
+   * @returns Promise<SignInRes>
+   */
+  async setSession(params: SetSessionReq): Promise<SignInRes> {
+    try {
+      this.validateParams(params, {
+        access_token: { required: true, message: 'Access token is required' },
+        refresh_token: { required: true, message: 'Refresh token is required' },
+      })
+
+      await this.oauthInstance.oauth2client.refreshToken(params, { throwError: true })
+
+      const { data: { session } = {} } = await this.getSession()
+
+      this.config.eventBus?.fire(EVENTS.AUTH_STATE_CHANGED, { event: AUTH_STATE_CHANGED_TYPE.SIGNED_IN })
+
+      return { data: { user: session.user, session }, error: null }
+    } catch (error) {
+      return { data: {}, error: new AuthError(error) }
+    }
+  }
+
+  // https://supabase.com/docs/reference/javascript/auth-exchangecodeforsession
+  async exchangeCodeForSession() {
+    //
+  }
+
+  /**
+   * 删除当前用户
+   * @param params
+   * @returns
+   */
+  async deleteUser(params: DeleteMeReq): Promise<CommonRes> {
+    try {
+      this.validateParams(params, {
+        password: { required: true, message: 'Password is required' },
+      })
+
+      const { sudo_token } = await this.oauthInstance.authApi.sudo(params)
+
+      await this.oauthInstance.authApi.deleteMe({ sudo_token })
+
+      return { data: {}, error: null }
+    } catch (error) {
+      return { data: {}, error: new AuthError(error) }
+    }
+  }
+
+  /**
+   * 跳转系统默认登录页
+   * @returns {Promise<authModels.ToDefaultLoginPage>}
+   * @memberof Auth
+   */
+  async toDefaultLoginPage(params: authModels.ToDefaultLoginPage = {}): Promise<CommonRes> {
+    try {
+      const configVersion = params.config_version || 'env'
+      const query = Object.keys(params.query || {})
+        .map(key => `${key}=${params.query[key]}`)
+        .join('&')
+
+      if (adapterForWxMp.isMatch()) {
+        wx.navigateTo({ url: `/packages/$wd_system/pages/login/index${query ? `?${query}` : ''}` })
+      } else {
+        const redirectUri = params.redirect_uri || window.location.href
+        const urlObj = new URL(redirectUri)
+        const loginPage = `${urlObj.origin}/__auth/?app_id=${params.app_id || ''}&env_id=${this.config.env}&client_id=${
+          this.config.clientId || this.config.env
+        }&config_version=${configVersion}&redirect_uri=${encodeURIComponent(redirectUri)}${query ? `&${query}` : ''}`
+        window.location.href = loginPage
+      }
+      return { data: {}, error: null }
+    } catch (error) {
+      return { data: {}, error: new AuthError(error) }
+    }
+  }
+
+  /**
+   * 自定义登录
+   * @param getTickFn () => Promise<string>, 获取自定义登录 ticket 的函数
+   * @returns
+   */
+  async signInWithCustomTicket(getTickFn?: authModels.GetCustomSignTicketFn): Promise<SignInRes> {
+    if (getTickFn) {
+      this.setCustomSignFunc(getTickFn)
+    }
+
+    try {
+      await this.oauthInstance.authApi.signInWithCustomTicket()
+      const loginState = await this.createLoginState()
+
+      const { data: { session } = {} } = await this.getSession()
+
+      // loginState返回是为了兼容v2版本
+      return { ...(loginState as any), data: { user: session.user, session }, error: null }
+    } catch (error) {
+      return { data: {}, error: new AuthError(error) }
+    }
+  }
+
+  /**
+   * 小程序openId静默登录
+   * @param params
+   * @returns Promise<SignInRes>
+   */
+  async signInWithOpenId({ useWxCloud = true } = {}): Promise<SignInRes> {
+    if (!adapterForWxMp.isMatch()) {
+      throw Error('wx api undefined')
+    }
+    const wxInfo = wx.getAccountInfoSync().miniProgram
+
+    const mainFunc = async (code) => {
+      let result: authModels.GrantProviderTokenResponse | undefined = undefined
+      let credentials: Credentials | undefined = undefined
+
+      try {
+        result = await this.oauthInstance.authApi.grantProviderToken(
+          {
+            provider_id: wxInfo?.appId,
+            provider_code: code,
+            provider_params: {
+              provider_code_type: 'open_id',
+              appid: wxInfo?.appId,
+            },
+          },
+          useWxCloud,
+        )
+
+        if ((result as any)?.error_code || !result.provider_token) {
+          throw result
+        }
+
+        credentials = await this.oauthInstance.authApi.signInWithProvider(
+          { provider_token: result.provider_token },
+          useWxCloud,
+        )
+
+        if ((credentials as any)?.error_code) {
+          throw credentials
+        }
+      } catch (error) {
+        throw error
+      }
+      await this.oauthInstance.oauth2client.setCredentials(credentials as Credentials)
+    }
+
+    try {
+      await new Promise((resolve, reject) => {
+        wx.login({
+          success: async (res: { code: string }) => {
+            try {
+              await mainFunc(res.code)
+              resolve(true)
+            } catch (error) {
+              reject(error)
+            }
+          },
+          fail: (res: any) => {
+            const error = new Error(res?.errMsg)
+            ;(error as any).code = res?.errno
+            reject(error)
+          },
+        })
+      })
+
+      const loginState = await this.createLoginState()
+
+      const { data: { session } = {} } = await this.getSession()
+
+      // loginState返回是为了兼容v2版本
+      return { ...(loginState as any), data: { user: session.user, session }, error: null }
+    } catch (error) {
+      return { data: {}, error: new AuthError(error) }
+    }
+  }
+
+  /**
+   * 小程序手机号授权登录，目前只支持全托管手机号授权登录
+   * @param params
+   * @returns Promise<SignInRes>
+   */
+  async signInWithPhoneAuth({ phoneCode = '' }): Promise<SignInRes> {
+    if (!adapterForWxMp.isMatch()) {
+      return { data: {}, error: new AuthError({ message: 'wx api undefined' }) }
+    }
+    const wxInfo = wx.getAccountInfoSync().miniProgram
+    const providerInfo = {
+      provider_params: { provider_code_type: 'phone' },
+      provider_id: wxInfo.appId,
+    }
+
+    const { code } = await wx.login()
+    ;(providerInfo as any).provider_code = code
+
+    try {
+      let providerToken = await this.oauthInstance.authApi.grantProviderToken(providerInfo)
+      if (providerToken.error_code) {
+        throw providerToken
+      }
+
+      providerToken = await this.oauthInstance.authApi.patchProviderToken({
+        provider_token: providerToken.provider_token,
+        provider_id: wxInfo.appId,
+        provider_params: {
+          code: phoneCode,
+          provider_code_type: 'phone',
+        },
+      })
+      if (providerToken.error_code) {
+        throw providerToken
+      }
+
+      const signInRes = await this.oauthInstance.authApi.signInWithProvider({
+        provider_token: providerToken.provider_token,
+      })
+
+      if ((signInRes as any)?.error_code) {
+        throw signInRes
+      }
+    } catch (error) {
+      return { data: {}, error: new AuthError(error) }
+    }
+
+    const loginState = await this.createLoginState()
+
+    const { data: { session } = {} } = await this.getSession()
+
+    // loginState返回是为了兼容v2版本
+    return { ...(loginState as any), data: { user: session.user, session }, error: null }
+  }
+
+  private formatPhone(phone: string) {
+    if (!/\s+/.test(phone) && /^\+\d{1,3}\d+/.test(phone)) {
+      return phone.replace(/^(\+\d{1,2})(\d+)$/, '$1 $2')
+    }
+    return /^\+\d{1,3}\s+/.test(phone) ? phone : `+86 ${phone}`
+  }
+
+  private notifyListeners(event, session, info): OnAuthStateChangeCallback {
+    this.listeners.forEach((callbacks) => {
+      callbacks.forEach((callback) => {
+        try {
+          callback(event, session, info)
+        } catch (error) {
+          console.error('Error in auth state change callback:', error)
+        }
+      })
+    })
+    return
+  }
+
+  private setupListeners() {
+    this.config.eventBus?.on(EVENTS.AUTH_STATE_CHANGED, async (params) => {
+      const event = params?.data?.event
+      const info = params?.data?.info
+      const {
+        data: { session },
+      } = await this.getSession()
+
+      this.notifyListeners(event, session, info)
+    })
+  }
+
+  private convertToUser(userInfo: authModels.UserInfo & Partial<User>) {
+    if (!userInfo) return null
+
+    // 优先使用 userInfo 中的数据（V3 API）
+    const email = userInfo?.email || ''
+    const phone = userInfo?.phone_number || ''
+    const userId = userInfo?.sub || userInfo?.uid || ''
+
+    return {
+      id: userId,
+      aud: 'authenticated',
+      role: userInfo.groups?.map?.(group => (typeof group === 'string' ? group : group.id)),
+      email: email || '',
+      email_confirmed_at: userInfo?.email_verified ? userInfo.created_at : userInfo.created_at,
+      phone,
+      phone_confirmed_at: phone ? userInfo.created_at : undefined,
+      confirmed_at: userInfo.created_at,
+      last_sign_in_at: (userInfo as any).last_sign_in_at,
+      app_metadata: {
+        provider: userInfo.loginType?.toLowerCase() || 'cloudbase',
+        providers: [userInfo.loginType?.toLowerCase() || 'cloudbase'],
+      },
+      user_metadata: {
+        // V3 API 用户信息
+        name: userInfo?.name,
+        picture: userInfo?.picture,
+        username: userInfo?.username, // 用户名称，长度 5-24 位，支持字符中英文、数字、特殊字符（仅支持_-），不支持中文
+        gender: userInfo?.gender,
+        locale: userInfo?.locale,
+        // V2 API 兼容（使用 any 避免类型错误）
+        uid: userInfo.uid,
+        nickName: userInfo.nickName,
+        avatarUrl: userInfo.avatarUrl || userInfo.picture,
+        location: userInfo.location,
+        hasPassword: userInfo.hasPassword,
+      },
+      identities:
+        userInfo?.providers?.map(p => ({
+          id: p.id || '',
+          identity_id: p.id || '',
+          user_id: userId,
+          identity_data: {
+            provider_id: p.id,
+            provider_user_id: p.provider_user_id,
+            name: p.name,
+          },
+          provider: p.id || 'cloudbase',
+          created_at: userInfo.created_at,
+          updated_at: userInfo.updated_at,
+          last_sign_in_at: (userInfo as any).last_sign_in_at,
+        })) || [],
+      created_at: userInfo.created_at,
+      updated_at: userInfo.updated_at,
+      is_anonymous: userInfo.name === 'anonymous',
+    }
+  }
+
+  /**
+   * 参数校验辅助方法
+   */
+  private validateParams(params: any, rules: { [key: string]: { required?: boolean; message: string } }): void {
+    for (const [key, rule] of Object.entries(rules)) {
+      if (rule.required && (params?.[key] === undefined || params?.[key] === null || params?.[key] === '')) {
+        throw new AuthError({ message: rule.message })
+      }
+    }
+  }
+
+  /**
+   * 校验必填参数组（至少有一个参数必须有值）
+   */
+  private validateAtLeastOne(params: any, fieldGroups: string[][], message: string): void {
+    const hasValue = fieldGroups.some(group => group.some(field => params?.[field] !== undefined && params?.[field] !== null && params?.[field] !== ''),)
+
+    if (!hasValue) {
+      throw new AuthError({ message })
+    }
+  }
+
+  private async init(): Promise<{ error: Error | null }> {
+    try {
+      const credentials: Credentials = await this.oauthInstance.oauth2client.localCredentials.getCredentials()
+      if (credentials) {
+        this.config.eventBus?.fire(EVENTS.AUTH_STATE_CHANGED, { event: AUTH_STATE_CHANGED_TYPE.INITIAL_SESSION })
+      }
+    } catch (error) {
+      // Ignore errors when checking for existing credentials
+    }
+
+    return { error: null }
+  }
+}
+
+type TInitAuthOptions = Pick<ICloudbaseAuthConfig, 'region' | 'persistence' | 'i18n' | 'accessKey' | 'useWxCloud'> &
+Partial<AuthOptions> & {
+  detectSessionInUrl?: boolean
+}
+
+export function generateAuthInstance(
+  config: TInitAuthOptions & { sdkVersion?: string },
+  options?: {
+    clientId: ICloudbaseConfig['clientId']
+    env: ICloudbaseConfig['env']
+    apiOrigin: string
+    cache?: ICloudbaseCache
+    platform?: ICloudbase['platform']
+    app?: ICloudbase
+    debug?: ICloudbaseAuthConfig['debug']
+    detectSessionInUrl?: ICloudbaseAuthConfig['detectSessionInUrl']
+  },
+) {
+  const { region = 'ap-shanghai', i18n, accessKey, useWxCloud } = config
+  const platform = options?.platform || (useDefaultAdapter.bind(options)() as ICloudbasePlatformInfo)
+  const { runtime, adapter } = platform
+
+  const { env, clientId, debug, cache, app: cloudbase } = options || {}
+  let { apiOrigin } = options || {}
+  if (!apiOrigin) {
+    apiOrigin = `https://${env}.${region}.tcb-api.tencentcloudapi.com`
+  }
+
+  const commonOpts = {
+    env,
     clientId,
     i18n,
-    publishable_key,
+    accessKey,
+    useWxCloud,
+    eventBus: new CloudbaseEventEmitter(),
   }
 
   const oauthInstance = new CloudbaseOAuth(useAuthAdapter({
@@ -1415,8 +2618,10 @@ export function generateAuthInstance(
     captchaOptions: config?.captchaOptions,
     wxCloud: config?.wxCloud,
     adapter,
-    onCredentialsError,
-    headers: config.headers || {},
+    onCredentialsError: onCredentialsError(commonOpts.eventBus),
+    headers: { 'X-SDK-Version': `@cloudbase/js-sdk/${config.sdkVersion}`, ...(config.headers || {}) },
+    detectSessionInUrl: config.detectSessionInUrl,
+    debug,
   }),)
 
   const authInstance = new Auth({
@@ -1425,8 +2630,7 @@ export function generateAuthInstance(
     persistence: config.persistence,
     debug,
     cache:
-      cache
-      || new CloudbaseCache({
+      cache || new CloudbaseCache({
         persistence: config.persistence,
         keys: { userInfoKey: `user_info_${env}` },
         platformInfo: platform,
@@ -1436,53 +2640,92 @@ export function generateAuthInstance(
     oauthInstance,
   })
 
+  // Initialize session with user info callback
+  // This handles OAuth callback URL detection and creates login state atomically
+  oauthInstance.initializeSession(async (data, error) => {
+    if (!data) return
+
+    if (data.type === OAUTH_TYPE.SIGN_IN) {
+      if (error) {
+        commonOpts.eventBus.fire(EVENTS.AUTH_STATE_CHANGED, {
+          event: AUTH_STATE_CHANGED_TYPE.SIGNED_IN,
+          info: { ...data, error },
+        })
+      } else if (data.user) {
+        // 使用已获取的 user 信息创建 LoginState，复用 createLoginState 逻辑
+        // 但跳过 refresh() 避免再次请求 API 导致死锁
+        authInstance.createLoginState({}, { userInfo: data.user })
+      }
+    } else if (data.type === OAUTH_TYPE.BIND_IDENTITY) {
+      commonOpts.eventBus.fire(EVENTS.AUTH_STATE_CHANGED, {
+        event: AUTH_STATE_CHANGED_TYPE.BIND_IDENTITY,
+        info: { ...data, error },
+      })
+    }
+  })
+
   return { authInstance, oauthInstance }
 }
 
+const NAMESPACE = 'auth'
+
 const component: ICloudbaseComponent = {
   name: COMPONENT_NAME,
-  namespace: 'auth',
-  entity(config: TInitAuthOptions = {
-    region: '',
-    persistence: 'local',
-    apiPath: AUTH_API_PREFIX,
-  },) {
-    if (this.authInstance) {
-      printWarn(ERRORS.INVALID_OPERATION, 'every cloudbase instance should has only one auth object')
-      return this.authInstance
-    }
-    const { adapter } = this.platform
-    // 如不明确指定persistence则优先取各平台adapter首选，其次localStorage
-    const newPersistence = config.persistence || adapter.primaryStorage
-    if (newPersistence && newPersistence !== this.config.persistence) {
-      this.updateConfig({ persistence: newPersistence })
-    }
-
-    const { authInstance, oauthInstance } = generateAuthInstance(
-      {
-        wxCloud: this.config.wxCloud,
-        storage: this.config.storage,
-        ...config,
-        persistence: this.config.persistence,
-        i18n: this.config.i18n,
-        publishable_key: this.config.publishable_key,
-      },
-      {
-        env: this.config.env,
-        clientId: this.config.clientId,
-        apiOrigin: this.request.getBaseEndPoint(),
-        platform: this.platform,
-        cache: this.cache,
-        app: this,
-        debug: this.config.debug,
-      },
-    )
+  namespace: NAMESPACE,
+  entity(config?: TInitAuthOptions) {
+    const auth = function (config?: TInitAuthOptions) {
+      if (this.authInstance && !config) {
+        // printWarn(ERRORS.INVALID_OPERATION, 'every cloudbase instance should has only one auth object')
+        return this.authInstance
+      }
 
-    this.oauthInstance = oauthInstance
+      config = config || {
+        region: '',
+        persistence: 'local',
+        apiPath: AUTH_API_PREFIX,
+      }
+      const { adapter } = this.platform
+      // 如不明确指定persistence则优先取各平台adapter首选，其次localStorage
+      const newPersistence = config.persistence || adapter.primaryStorage
+      if (newPersistence && newPersistence !== this.config.persistence) {
+        this.updateConfig({ persistence: newPersistence })
+      }
 
-    this.authInstance = authInstance
+      const { authInstance, oauthInstance } = generateAuthInstance(
+        {
+          wxCloud: this.config.wxCloud,
+          storage: this.config.storage,
+          ...config,
+          persistence: this.config.persistence,
+          i18n: this.config.i18n,
+          accessKey: this.config.accessKey,
+          useWxCloud: this.config.useWxCloud,
+          sdkVersion: this.version,
+          detectSessionInUrl: this.config.auth?.detectSessionInUrl,
+        },
+        {
+          env: this.config.env,
+          clientId: this.config.clientId,
+          apiOrigin: this.request.getBaseEndPoint(this.config.endPointMode || 'CLOUD_API'),
+          platform: this.platform,
+          cache: this.cache,
+          app: this,
+          debug: this.config.debug,
+        },
+      )
+
+      this.oauthInstance = oauthInstance
+
+      this.authInstance = authInstance
+
+      return this.authInstance
+    }
 
-    return this.authInstance
+    const authProto = auth.call(this, config)
+    Object.assign(auth, authProto)
+    Object.setPrototypeOf(auth, Object.getPrototypeOf(authProto))
+    this[NAMESPACE] = auth
+    return auth
   },
 }