@typekcz-nocobase-plugins/plugin-oidc-plus 1.0.3 → 1.0.4

package/dist/client/index.js

@@ -7,4 +7,4 @@
  * For more information, please refer to: https://www.nocobase.com/agreement.
  */
 
-!function(e,t){"object"==typeof exports&&"object"==typeof module?module.exports=t(require("react-i18next"),require("@nocobase/plugin-auth/client"),require("@nocobase/client"),require("antd"),require("@ant-design/icons"),require("@formily/react"),require("react-router-dom"),require("react"),require("@formily/antd-v5")):"function"==typeof define&&define.amd?define("@typekcz-nocobase-plugins/plugin-oidc-plus",["react-i18next","@nocobase/plugin-auth/client","@nocobase/client","antd","@ant-design/icons","@formily/react","react-router-dom","react","@formily/antd-v5"],t):"object"==typeof exports?exports["@typekcz-nocobase-plugins/plugin-oidc-plus"]=t(require("react-i18next"),require("@nocobase/plugin-auth/client"),require("@nocobase/client"),require("antd"),require("@ant-design/icons"),require("@formily/react"),require("react-router-dom"),require("react"),require("@formily/antd-v5")):e["@typekcz-nocobase-plugins/plugin-oidc-plus"]=t(e["react-i18next"],e["@nocobase/plugin-auth/client"],e["@nocobase/client"],e.antd,e["@ant-design/icons"],e["@formily/react"],e["react-router-dom"],e.react,e["@formily/antd-v5"])}(self,function(e,t,r,o,n,i,a,c,u){return function(){"use strict";var l={482:function(e){e.exports=n},632:function(e){e.exports=u},505:function(e){e.exports=i},772:function(e){e.exports=r},689:function(e){e.exports=t},721:function(e){e.exports=o},156:function(e){e.exports=c},238:function(t){t.exports=e},128:function(e){e.exports=a}},p={};function s(e){var t=p[e];if(void 0!==t)return t.exports;var r=p[e]={exports:{}};return l[e](r,r.exports,s),r.exports}s.n=function(e){var t=e&&e.__esModule?function(){return e.default}:function(){return e};return s.d(t,{a:t}),t},s.d=function(e,t){for(var r in t)s.o(t,r)&&!s.o(e,r)&&Object.defineProperty(e,r,{enumerable:!0,get:t[r]})},s.o=function(e,t){return Object.prototype.hasOwnProperty.call(e,t)},s.r=function(e){"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(e,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(e,"__esModule",{value:!0})};var d={};s.r(d),s.d(d,{PluginOIDCClient:function(){return N},default:function(){return L}});var f=s("772"),m=s("689"),y=s.n(m),b="tnp_oidc_plus_logout",v=s("482"),h=s("721"),x=s("156"),g=s.n(x),S=s("238"),I="oidc";function w(e){return f.i18n.t(e,{ns:I})}function T(){return(0,S.useTranslation)(I)}var P=s("128");function F(e){for(var t=1;t<arguments.length;t++){var r=arguments[t];for(var o in r)e[o]=r[o]}return e}var k=function e(t,r){function o(e,o,n){if("undefined"!=typeof document){"number"==typeof(n=F({},r,n)).expires&&(n.expires=new Date(Date.now()+864e5*n.expires)),n.expires&&(n.expires=n.expires.toUTCString()),e=encodeURIComponent(e).replace(/%(2[346B]|5E|60|7C)/g,decodeURIComponent).replace(/[()]/g,escape);var i="";for(var a in n){if(!n[a])continue;if(i+="; "+a,!0!==n[a])i+="="+n[a].split(";")[0]}return document.cookie=e+"="+t.write(o,e)+i}}return Object.create({set:o,get:function(e){if("undefined"!=typeof document&&(!arguments.length||!!e)){for(var r=document.cookie?document.cookie.split("; "):[],o={},n=0;n<r.length;n++){var i=r[n].split("="),a=i.slice(1).join("=");try{var c=decodeURIComponent(i[0]);if(o[c]=t.read(a,c),e===c)break}catch(e){}}return e?o[e]:o}},remove:function(e,t){o(e,"",F({},t,{expires:-1}))},withAttributes:function(t){return e(this.converter,F({},this.attributes,t))},withConverter:function(t){return e(F({},this.converter,t),this.attributes)}},{attributes:{value:Object.freeze(r)},converter:{value:Object.freeze(t)}})}({read:function(e){return'"'===e[0]&&(e=e.slice(1,-1)),e.replace(/(%[\dA-F]{2})+/gi,decodeURIComponent)},write:function(e){return encodeURIComponent(e).replace(/%(2[346BF]|3[AC-F]|40|5[BDE]|60|7[BCD])/g,decodeURIComponent)}},{path:"/"});function C(e,t,r,o,n,i,a){try{var c=e[i](a),u=c.value}catch(e){r(e);return}c.done?t(u):Promise.resolve(u).then(o,n)}function O(){var e,t,r=(e=["\n        display: flex;\n      "],!t&&(t=e.slice(0)),Object.freeze(Object.defineProperties(e,{raw:{value:Object.freeze(t)}})));return O=function(){return r},r}var E=function(e){var t,r,o=e.authenticator,n=T().t,i=(0,f.useAPIClient)(),a=new URLSearchParams((0,P.useLocation)().search),c=a.get("redirect");var u=(r=(t=function(){var e,t,r;return function(e,t){var r,o,n,i,a={label:0,sent:function(){if(1&n[0])throw n[1];return n[1]},trys:[],ops:[]};return i={next:c(0),throw:c(1),return:c(2)},"function"==typeof Symbol&&(i[Symbol.iterator]=function(){return this}),i;function c(i){return function(c){return function(i){if(r)throw TypeError("Generator is already executing.");for(;a;)try{if(r=1,o&&(n=2&i[0]?o.return:i[0]?o.throw||((n=o.return)&&n.call(o),0):o.next)&&!(n=n.call(o,i[1])).done)return n;switch(o=0,n&&(i=[2&i[0],n.value]),i[0]){case 0:case 1:n=i;break;case 4:return a.label++,{value:i[1],done:!1};case 5:a.label++,o=i[1],i=[0];continue;case 7:i=a.ops.pop(),a.trys.pop();continue;default:if(!(n=(n=a.trys).length>0&&n[n.length-1])&&(6===i[0]||2===i[0])){a=0;continue}if(3===i[0]&&(!n||i[1]>n[0]&&i[1]<n[3])){a.label=i[1];break}if(6===i[0]&&a.label<n[1]){a.label=n[1],n=i;break}if(n&&a.label<n[2]){a.label=n[2],a.ops.push(i);break}n[2]&&a.ops.pop(),a.trys.pop();continue}i=t.call(e,a)}catch(e){i=[6,e],o=0}finally{r=n=0}if(5&i[0])throw i[1];return{value:i[0]?i[1]:void 0,done:!0}}([i,c])}}}(this,function(n){switch(n.label){case 0:return[4,i.request({method:"post",url:"oidc:getAuthUrl",headers:{"X-Authenticator":o.name},data:{redirect:c}})];case 1:return r=null==(t=n.sent())?void 0:null===(e=t.data)||void 0===e?void 0:e.data,window.location.replace(r),[2]}})},function(){var e=this,r=arguments;return new Promise(function(o,n){var i=t.apply(e,r);function a(e){C(i,o,n,a,c,"next",e)}function c(e){C(i,o,n,a,c,"throw",e)}a(void 0)})}),function(){return r.apply(this,arguments)});return(0,x.useEffect)(function(){var e=k.get(b);if(e){var t=new URL(e);t.searchParams.set("post_logout_redirect_uri",window.location.href),k.remove(b,{domain:window.location.hostname}),window.location.href=t.href}var r=a.get("authenticator"),i=a.get("error");if(r===o.name){if(i){h.message.error(n(i));return}}}),g().createElement(h.Space,{direction:"vertical",className:(0,f.css)(O())},g().createElement(h.Button,{shape:"round",block:!0,icon:g().createElement(v.LoginOutlined,null),onClick:u},n(o.title)))},j=s("632"),R=s("505"),q={type:"object",properties:{public:{type:"object",properties:{autoSignup:{"x-decorator":"FormItem",type:"boolean",title:'{{t("Sign up automatically when the user does not exist")}}',"x-component":"Checkbox",default:!0}}},oidc:{type:"object",properties:{collapse:{type:"void","x-component":"FormTab",properties:{basic:{type:"void","x-component":"FormTab.TabPane","x-component-props":{tab:w("Basic configuration")},properties:{issuer:{type:"string",title:'{{t("Issuer")}}',"x-component":"Input","x-decorator":"FormItem",required:!0},clientId:{type:"string",title:'{{t("Client ID")}}',"x-component":"Input","x-decorator":"FormItem",required:!0},clientSecret:{type:"string",title:'{{t("Client Secret")}}',"x-component":"Input","x-decorator":"FormItem",required:!0},scope:{type:"string",title:'{{t("scope")}}',"x-component":"Input","x-decorator":"FormItem","x-decorator-props":{tooltip:'{{t("Default: openid profile email")}}'}},idTokenSignedResponseAlg:{type:"string",title:'{{t("id_token signed response algorithm")}}',"x-component":"Select","x-decorator":"FormItem",enum:[{label:"HS256",value:"HS256"},{label:"HS384",value:"HS384"},{label:"HS512",value:"HS512"},{label:"RS256",value:"RS256"},{label:"RS384",value:"RS384"},{label:"RS512",value:"RS512"},{label:"ES256",value:"ES256"},{label:"ES384",value:"ES384"},{label:"ES512",value:"ES512"},{label:"PS256",value:"PS256"},{label:"PS384",value:"PS384"},{label:"PS512",value:"PS512"}]}}},mapping:{type:"void","x-component":"FormTab.TabPane","x-component-props":{tab:w("Field mapping")},properties:{fieldMap:{title:'{{t("Field Map")}}',type:"array","x-decorator":"FormItem","x-component":"ArrayItems",items:{type:"object","x-decorator":"ArrayItems.Item",properties:{space:{type:"void","x-component":"Space",properties:{source:{type:"string","x-decorator":"FormItem","x-component":"Input","x-component-props":{placeholder:'{{t("source")}}'}},target:{type:"string","x-decorator":"FormItem","x-component":"Input","x-component-props":{placeholder:'{{t("target")}}'}},remove:{type:"void","x-decorator":"FormItem","x-component":"ArrayItems.Remove"}}}}},properties:{add:{type:"void",title:"Add","x-component":"ArrayItems.Addition"}}},userBindField:{type:"string",title:'{{t("Use this field to bind the user")}}',"x-component":"Select","x-decorator":"FormItem",default:"email",enum:[{label:w("Email"),value:"email"},{label:w("Username"),value:"username"}],required:!0}}},advanced:{type:"void","x-component":"FormTab.TabPane","x-component-props":{tab:w("Advanced configuration")},properties:{logout:{type:"boolean",title:'{{t("RP-initiated logout")}}',"x-component":"Checkbox","x-decorator":"FormItem","x-decorator-props":{tooltip:'{{t("Performs logout on the issuer (uses end_session_endpoint in the issuer configuration)")}}'}},http:{type:"boolean",title:'{{t("HTTP")}}',"x-component":"Checkbox","x-decorator":"FormItem","x-decorator-props":{tooltip:'{{t("Check if NocoBase is running on HTTP protocol")}}'}},port:{type:"number",title:'{{t("Port")}}',"x-component":"InputNumber","x-decorator":"FormItem","x-decorator-props":{tooltip:'{{t("The port number of the NocoBase service if it is not 80 or 443")}}'},"x-component-props":{style:{width:"15%",minWidth:"100px"}}},stateToken:{type:"string",title:'{{t("State token")}}',"x-component":"Input","x-decorator":"FormItem",description:w("The state token helps prevent CSRF attacks. It's recommended to leave it blank for automatic random generation.")},exchangeBodyKeys:{type:"array",title:'{{t("Pass parameters in the authorization code grant exchange")}}',"x-decorator":"FormItem","x-component":"ArrayItems",default:[{paramName:"",optionsKey:"clientId"},{paramName:"",optionsKey:"clientSecret"}],items:{type:"object","x-decorator":"ArrayItems.Item",properties:{space:{type:"void","x-component":"Space",properties:{enabled:{type:"boolean","x-decorator":"FormItem","x-component":"Checkbox"},optionsKey:{type:"string","x-decorator":"FormItem","x-decorator-props":{style:{width:"100px"}},"x-component":"Select","x-read-pretty":!0,enum:[{label:w("Client ID"),value:"clientId"},{label:w("Client Secret"),value:"clientSecret"}]},paramName:{type:"string","x-decorator":"FormItem","x-component":"Input","x-component-props":{placeholder:'{{t("Parameter name")}}'}}}}}}},userInfoMethod:{type:"string",title:'{{t("Method to call the user info endpoint")}}',"x- decorator":"FormItem","x-component":"Radio.Group",default:"GET",enum:[{label:"GET",value:"GET"},{label:"POST",value:"POST"}],"x-reactions":[{dependencies:[".accessTokenVia"],when:'{{$deps[0] === "query"}}',fulfill:{state:{value:"GET"}}},{dependencies:[".accessTokenVia"],when:'{{$deps[0] === "body"}}',fulfill:{state:{value:"POST"}}}]},accessTokenVia:{type:"string",title:'{{t("Where to put the access token when calling the user info endpoint")}}',"x- decorator":"FormItem","x-component":"Radio.Group",default:"header",enum:[{label:w("Header"),value:"header"},{label:w("Body (Use with POST method)"),value:"body"},{label:w("Query parameters (Use with GET method)"),value:"query"}]}}}}}}},usage:{type:"void","x-component":"Usage"}}},A=(0,R.observer)(function(){var e=T().t,t=(0,f.useApp)(),r=(0,x.useMemo)(function(){return t.getApiUrl("oidc:redirect")},[t]),o=function(t){navigator.clipboard.writeText(t),h.message.success(e("Copied"))};return g().createElement(h.Card,{title:e("Usage"),type:"inner"},g().createElement(f.FormItem,{label:e("Redirect URL")},g().createElement(f.Input,{value:r,disabled:!0,addonBefore:g().createElement(v.CopyOutlined,{onClick:function(){return o(r)}})})))},{displayName:"Usage"}),_=function(){var e=T().t;return g().createElement(f.SchemaComponent,{scope:{t:e},components:{Usage:A,ArrayItems:j.ArrayItems,Space:h.Space,FormTab:j.FormTab},schema:q})};function U(e,t,r,o,n,i,a){try{var c=e[i](a),u=c.value}catch(e){r(e);return}c.done?t(u):Promise.resolve(u).then(o,n)}function B(e,t,r){return(B=z()?Reflect.construct:function(e,t,r){var o=[null];o.push.apply(o,t);var n=new(Function.bind.apply(e,o));return r&&G(n,r.prototype),n}).apply(null,arguments)}function M(e,t){for(var r=0;r<t.length;r++){var o=t[r];o.enumerable=o.enumerable||!1,o.configurable=!0,"value"in o&&(o.writable=!0),Object.defineProperty(e,o.key,o)}}function D(e){return(D=Object.setPrototypeOf?Object.getPrototypeOf:function(e){return e.__proto__||Object.getPrototypeOf(e)})(e)}function G(e,t){return(G=Object.setPrototypeOf||function(e,t){return e.__proto__=t,e})(e,t)}function H(e){var t="function"==typeof Map?new Map:void 0;return(H=function(e){var r;if(null===e||(r=e,-1===Function.toString.call(r).indexOf("[native code]")))return e;if("function"!=typeof e)throw TypeError("Super expression must either be null or a function");if(void 0!==t){if(t.has(e))return t.get(e);t.set(e,o)}function o(){return B(e,arguments,D(this).constructor)}return o.prototype=Object.create(e.prototype,{constructor:{value:o,enumerable:!1,writable:!0,configurable:!0}}),G(o,e)})(e)}function z(){try{var e=!Boolean.prototype.valueOf.call(Reflect.construct(Boolean,[],function(){}))}catch(e){}return(z=function(){return!!e})()}var N=function(e){var t,r,o;function n(){var e,t,r;return!function(e,t){if(!(e instanceof t))throw TypeError("Cannot call a class as a function")}(this,n),e=this,t=n,r=arguments,t=D(t),function(e,t){return t&&("object"===function(e){return e&&"undefined"!=typeof Symbol&&e.constructor===Symbol?"symbol":typeof e}(t)||"function"==typeof t)?t:function(e){if(void 0===e)throw ReferenceError("this hasn't been initialised - super() hasn't been called");return e}(e)}(e,z()?Reflect.construct(t,r||[],D(e).constructor):t.apply(e,r))}return!function(e,t){if("function"!=typeof t&&null!==t)throw TypeError("Super expression must either be null or a function");e.prototype=Object.create(t&&t.prototype,{constructor:{value:e,writable:!0,configurable:!0}}),t&&G(e,t)}(n,e),t=n,r=[{key:"load",value:function(){var e,t=this;return(e=function(){return function(e,t){var r,o,n,i,a={label:0,sent:function(){if(1&n[0])throw n[1];return n[1]},trys:[],ops:[]};return i={next:c(0),throw:c(1),return:c(2)},"function"==typeof Symbol&&(i[Symbol.iterator]=function(){return this}),i;function c(i){return function(c){return function(i){if(r)throw TypeError("Generator is already executing.");for(;a;)try{if(r=1,o&&(n=2&i[0]?o.return:i[0]?o.throw||((n=o.return)&&n.call(o),0):o.next)&&!(n=n.call(o,i[1])).done)return n;switch(o=0,n&&(i=[2&i[0],n.value]),i[0]){case 0:case 1:n=i;break;case 4:return a.label++,{value:i[1],done:!1};case 5:a.label++,o=i[1],i=[0];continue;case 7:i=a.ops.pop(),a.trys.pop();continue;default:if(!(n=(n=a.trys).length>0&&n[n.length-1])&&(6===i[0]||2===i[0])){a=0;continue}if(3===i[0]&&(!n||i[1]>n[0]&&i[1]<n[3])){a.label=i[1];break}if(6===i[0]&&a.label<n[1]){a.label=n[1],n=i;break}if(n&&a.label<n[2]){a.label=n[2],a.ops.push(i);break}n[2]&&a.ops.pop(),a.trys.pop();continue}i=t.call(e,a)}catch(e){i=[6,e],o=0}finally{r=n=0}if(5&i[0])throw i[1];return{value:i[0]?i[1]:void 0,done:!0}}([i,c])}}}(this,function(e){return t.app.pm.get(y()).registerType("OIDC+",{components:{SignInButton:E,AdminSettingsForm:_}}),[2]})},function(){var t=this,r=arguments;return new Promise(function(o,n){var i=e.apply(t,r);function a(e){U(i,o,n,a,c,"next",e)}function c(e){U(i,o,n,a,c,"throw",e)}a(void 0)})})()}}],M(t.prototype,r),n}(H(f.Plugin)),L=N;return d}()});
+!function(e,t){"object"==typeof exports&&"object"==typeof module?module.exports=t(require("react-i18next"),require("@nocobase/plugin-auth/client"),require("@nocobase/client"),require("react-router-dom"),require("react"),require("@formily/antd-v5"),require("@formily/react"),require("@ant-design/icons"),require("antd")):"function"==typeof define&&define.amd?define("@typekcz-nocobase-plugins/plugin-oidc-plus",["react-i18next","@nocobase/plugin-auth/client","@nocobase/client","react-router-dom","react","@formily/antd-v5","@formily/react","@ant-design/icons","antd"],t):"object"==typeof exports?exports["@typekcz-nocobase-plugins/plugin-oidc-plus"]=t(require("react-i18next"),require("@nocobase/plugin-auth/client"),require("@nocobase/client"),require("react-router-dom"),require("react"),require("@formily/antd-v5"),require("@formily/react"),require("@ant-design/icons"),require("antd")):e["@typekcz-nocobase-plugins/plugin-oidc-plus"]=t(e["react-i18next"],e["@nocobase/plugin-auth/client"],e["@nocobase/client"],e["react-router-dom"],e.react,e["@formily/antd-v5"],e["@formily/react"],e["@ant-design/icons"],e.antd)}(self,function(e,t,r,o,n,i,a,c,u){return function(){"use strict";var l={482:function(e){e.exports=c},632:function(e){e.exports=i},505:function(e){e.exports=a},772:function(e){e.exports=r},689:function(e){e.exports=t},721:function(e){e.exports=u},156:function(e){e.exports=n},238:function(t){t.exports=e},128:function(e){e.exports=o}},p={};function s(e){var t=p[e];if(void 0!==t)return t.exports;var r=p[e]={exports:{}};return l[e](r,r.exports,s),r.exports}s.n=function(e){var t=e&&e.__esModule?function(){return e.default}:function(){return e};return s.d(t,{a:t}),t},s.d=function(e,t){for(var r in t)s.o(t,r)&&!s.o(e,r)&&Object.defineProperty(e,r,{enumerable:!0,get:t[r]})},s.o=function(e,t){return Object.prototype.hasOwnProperty.call(e,t)},s.r=function(e){"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(e,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(e,"__esModule",{value:!0})};var d={};return!function(){s.r(d),s.d(d,{default:function(){return R},PluginOIDCClient:function(){return j}});var e=s(772),t=s(689),r=s.n(t),o="tnp_oidc_plus_logout",n=s(482),i=s(721),a=s(156),c=s.n(a),u=s(238),l="oidc";function p(t){return e.i18n.t(t,{ns:l})}function f(){return(0,u.useTranslation)(l)}var m=s(128);function y(e){for(var t=1;t<arguments.length;t++){var r=arguments[t];for(var o in r)e[o]=r[o]}return e}var b=function e(t,r){function o(e,o,n){if("undefined"!=typeof document){"number"==typeof(n=y({},r,n)).expires&&(n.expires=new Date(Date.now()+864e5*n.expires)),n.expires&&(n.expires=n.expires.toUTCString()),e=encodeURIComponent(e).replace(/%(2[346B]|5E|60|7C)/g,decodeURIComponent).replace(/[()]/g,escape);var i="";for(var a in n)n[a]&&(i+="; "+a,!0!==n[a]&&(i+="="+n[a].split(";")[0]));return document.cookie=e+"="+t.write(o,e)+i}}return Object.create({set:o,get:function(e){if("undefined"!=typeof document&&(!arguments.length||e)){for(var r=document.cookie?document.cookie.split("; "):[],o={},n=0;n<r.length;n++){var i=r[n].split("="),a=i.slice(1).join("=");try{var c=decodeURIComponent(i[0]);if(o[c]=t.read(a,c),e===c)break}catch(e){}}return e?o[e]:o}},remove:function(e,t){o(e,"",y({},t,{expires:-1}))},withAttributes:function(t){return e(this.converter,y({},this.attributes,t))},withConverter:function(t){return e(y({},this.converter,t),this.attributes)}},{attributes:{value:Object.freeze(r)},converter:{value:Object.freeze(t)}})}({read:function(e){return'"'===e[0]&&(e=e.slice(1,-1)),e.replace(/(%[\dA-F]{2})+/gi,decodeURIComponent)},write:function(e){return encodeURIComponent(e).replace(/%(2[346BF]|3[AC-F]|40|5[BDE]|60|7[BCD])/g,decodeURIComponent)}},{path:"/"});function v(e,t,r,o,n,i,a){try{var c=e[i](a),u=c.value}catch(e){r(e);return}c.done?t(u):Promise.resolve(u).then(o,n)}function h(){var e,t,r=(e=["\n        display: flex;\n      "],t||(t=e.slice(0)),Object.freeze(Object.defineProperties(e,{raw:{value:Object.freeze(t)}})));return h=function(){return r},r}var x=function(t){var r,u,l=t.authenticator,p=f().t,s=(0,e.useAPIClient)(),d=new URLSearchParams((0,m.useLocation)().search),y=d.get("redirect"),x=(r=function(){var e,t,r;return function(e,t){var r,o,n,i,a={label:0,sent:function(){if(1&n[0])throw n[1];return n[1]},trys:[],ops:[]};return i={next:c(0),throw:c(1),return:c(2)},"function"==typeof Symbol&&(i[Symbol.iterator]=function(){return this}),i;function c(i){return function(c){var u=[i,c];if(r)throw TypeError("Generator is already executing.");for(;a;)try{if(r=1,o&&(n=2&u[0]?o.return:u[0]?o.throw||((n=o.return)&&n.call(o),0):o.next)&&!(n=n.call(o,u[1])).done)return n;switch(o=0,n&&(u=[2&u[0],n.value]),u[0]){case 0:case 1:n=u;break;case 4:return a.label++,{value:u[1],done:!1};case 5:a.label++,o=u[1],u=[0];continue;case 7:u=a.ops.pop(),a.trys.pop();continue;default:if(!(n=(n=a.trys).length>0&&n[n.length-1])&&(6===u[0]||2===u[0])){a=0;continue}if(3===u[0]&&(!n||u[1]>n[0]&&u[1]<n[3])){a.label=u[1];break}if(6===u[0]&&a.label<n[1]){a.label=n[1],n=u;break}if(n&&a.label<n[2]){a.label=n[2],a.ops.push(u);break}n[2]&&a.ops.pop(),a.trys.pop();continue}u=t.call(e,a)}catch(e){u=[6,e],o=0}finally{r=n=0}if(5&u[0])throw u[1];return{value:u[0]?u[1]:void 0,done:!0}}}}(this,function(o){switch(o.label){case 0:return[4,s.request({method:"post",url:"oidc:getAuthUrl",headers:{"X-Authenticator":l.name},data:{redirect:y}})];case 1:return r=null==(t=o.sent())||null==(e=t.data)?void 0:e.data,window.location.replace(r),[2]}})},u=function(){var e=this,t=arguments;return new Promise(function(o,n){var i=r.apply(e,t);function a(e){v(i,o,n,a,c,"next",e)}function c(e){v(i,o,n,a,c,"throw",e)}a(void 0)})},function(){return u.apply(this,arguments)});return(0,a.useEffect)(function(){var e=b.get(o);if(e){var t=new URL(e);t.searchParams.set("post_logout_redirect_uri",window.location.href),b.remove(o,{domain:window.location.hostname}),window.location.href=t.href}var r=d.get("authenticator"),n=d.get("error");if(r===l.name&&n)return void i.message.error(p(n))}),c().createElement(i.Space,{direction:"vertical",className:(0,e.css)(h())},c().createElement(i.Button,{shape:"round",block:!0,icon:c().createElement(n.LoginOutlined,null),onClick:x},p(l.title)))},g=s(632),S=s(505),I={type:"object",properties:{public:{type:"object",properties:{autoSignup:{"x-decorator":"FormItem",type:"boolean",title:'{{t("Sign up automatically when the user does not exist")}}',"x-component":"Checkbox",default:!0}}},oidc:{type:"object",properties:{collapse:{type:"void","x-component":"FormTab",properties:{basic:{type:"void","x-component":"FormTab.TabPane","x-component-props":{tab:p("Basic configuration")},properties:{issuer:{type:"string",title:'{{t("Issuer")}}',"x-component":"Input","x-decorator":"FormItem",required:!0},clientId:{type:"string",title:'{{t("Client ID")}}',"x-component":"Input","x-decorator":"FormItem",required:!0},clientSecret:{type:"string",title:'{{t("Client Secret")}}',"x-component":"Input","x-decorator":"FormItem",required:!0},scope:{type:"string",title:'{{t("scope")}}',"x-component":"Input","x-decorator":"FormItem","x-decorator-props":{tooltip:'{{t("Default: openid profile email")}}'}},idTokenSignedResponseAlg:{type:"string",title:'{{t("id_token signed response algorithm")}}',"x-component":"Select","x-decorator":"FormItem",enum:[{label:"HS256",value:"HS256"},{label:"HS384",value:"HS384"},{label:"HS512",value:"HS512"},{label:"RS256",value:"RS256"},{label:"RS384",value:"RS384"},{label:"RS512",value:"RS512"},{label:"ES256",value:"ES256"},{label:"ES384",value:"ES384"},{label:"ES512",value:"ES512"},{label:"PS256",value:"PS256"},{label:"PS384",value:"PS384"},{label:"PS512",value:"PS512"}]}}},mapping:{type:"void","x-component":"FormTab.TabPane","x-component-props":{tab:p("Field mapping")},properties:{fieldMap:{title:'{{t("Field Map")}}',type:"array","x-decorator":"FormItem","x-component":"ArrayItems",items:{type:"object","x-decorator":"ArrayItems.Item",properties:{space:{type:"void","x-component":"Space",properties:{source:{type:"string","x-decorator":"FormItem","x-component":"Input","x-component-props":{placeholder:'{{t("source")}}'}},target:{type:"string","x-decorator":"FormItem","x-component":"Input","x-component-props":{placeholder:'{{t("target")}}'}},remove:{type:"void","x-decorator":"FormItem","x-component":"ArrayItems.Remove"}}}}},properties:{add:{type:"void",title:"Add","x-component":"ArrayItems.Addition"}}},userBindField:{type:"string",title:'{{t("Use this field to bind the user")}}',"x-component":"Select","x-decorator":"FormItem",default:"email",enum:[{label:p("Email"),value:"email"},{label:p("Username"),value:"username"}],required:!0}}},advanced:{type:"void","x-component":"FormTab.TabPane","x-component-props":{tab:p("Advanced configuration")},properties:{logout:{type:"boolean",title:'{{t("RP-initiated logout")}}',"x-component":"Checkbox","x-decorator":"FormItem","x-decorator-props":{tooltip:'{{t("Performs logout on the issuer (uses end_session_endpoint in the issuer configuration)")}}'}},http:{type:"boolean",title:'{{t("HTTP")}}',"x-component":"Checkbox","x-decorator":"FormItem","x-decorator-props":{tooltip:'{{t("Check if NocoBase is running on HTTP protocol")}}'}},port:{type:"number",title:'{{t("Port")}}',"x-component":"InputNumber","x-decorator":"FormItem","x-decorator-props":{tooltip:'{{t("The port number of the NocoBase service if it is not 80 or 443")}}'},"x-component-props":{style:{width:"15%",minWidth:"100px"}}},stateToken:{type:"string",title:'{{t("State token")}}',"x-component":"Input","x-decorator":"FormItem",description:p("The state token helps prevent CSRF attacks. It's recommended to leave it blank for automatic random generation.")},exchangeBodyKeys:{type:"array",title:'{{t("Pass parameters in the authorization code grant exchange")}}',"x-decorator":"FormItem","x-component":"ArrayItems",default:[{paramName:"",optionsKey:"clientId"},{paramName:"",optionsKey:"clientSecret"}],items:{type:"object","x-decorator":"ArrayItems.Item",properties:{space:{type:"void","x-component":"Space",properties:{enabled:{type:"boolean","x-decorator":"FormItem","x-component":"Checkbox"},optionsKey:{type:"string","x-decorator":"FormItem","x-decorator-props":{style:{width:"100px"}},"x-component":"Select","x-read-pretty":!0,enum:[{label:p("Client ID"),value:"clientId"},{label:p("Client Secret"),value:"clientSecret"}]},paramName:{type:"string","x-decorator":"FormItem","x-component":"Input","x-component-props":{placeholder:'{{t("Parameter name")}}'}}}}}}},userInfoMethod:{type:"string",title:'{{t("Method to call the user info endpoint")}}',"x- decorator":"FormItem","x-component":"Radio.Group",default:"GET",enum:[{label:"GET",value:"GET"},{label:"POST",value:"POST"}],"x-reactions":[{dependencies:[".accessTokenVia"],when:'{{$deps[0] === "query"}}',fulfill:{state:{value:"GET"}}},{dependencies:[".accessTokenVia"],when:'{{$deps[0] === "body"}}',fulfill:{state:{value:"POST"}}}]},accessTokenVia:{type:"string",title:'{{t("Where to put the access token when calling the user info endpoint")}}',"x- decorator":"FormItem","x-component":"Radio.Group",default:"header",enum:[{label:p("Header"),value:"header"},{label:p("Body (Use with POST method)"),value:"body"},{label:p("Query parameters (Use with GET method)"),value:"query"}]}}}}}}},usage:{type:"void","x-component":"Usage"}}},w=(0,S.observer)(function(){var t=f().t,r=(0,e.useApp)(),o=(0,a.useMemo)(function(){return r.getApiUrl("oidc:redirect")},[r]),u=function(e){navigator.clipboard.writeText(e),i.message.success(t("Copied"))};return c().createElement(i.Card,{title:t("Usage"),type:"inner"},c().createElement(e.FormItem,{label:t("Redirect URL")},c().createElement(e.Input,{value:o,disabled:!0,addonBefore:c().createElement(n.CopyOutlined,{onClick:function(){return u(o)}})})))},{displayName:"Usage"}),T=function(){var t=f().t;return c().createElement(e.SchemaComponent,{scope:{t:t},components:{Usage:w,ArrayItems:g.ArrayItems,Space:i.Space,FormTab:g.FormTab},schema:I})};function P(e,t,r,o,n,i,a){try{var c=e[i](a),u=c.value}catch(e){r(e);return}c.done?t(u):Promise.resolve(u).then(o,n)}function F(e,t,r){return(F=E()?Reflect.construct:function(e,t,r){var o=[null];o.push.apply(o,t);var n=new(Function.bind.apply(e,o));return r&&C(n,r.prototype),n}).apply(null,arguments)}function k(e){return(k=Object.setPrototypeOf?Object.getPrototypeOf:function(e){return e.__proto__||Object.getPrototypeOf(e)})(e)}function C(e,t){return(C=Object.setPrototypeOf||function(e,t){return e.__proto__=t,e})(e,t)}function O(e){var t="function"==typeof Map?new Map:void 0;return(O=function(e){if(null===e||-1===Function.toString.call(e).indexOf("[native code]"))return e;if("function"!=typeof e)throw TypeError("Super expression must either be null or a function");if(void 0!==t){if(t.has(e))return t.get(e);t.set(e,r)}function r(){return F(e,arguments,k(this).constructor)}return r.prototype=Object.create(e.prototype,{constructor:{value:r,enumerable:!1,writable:!0,configurable:!0}}),C(r,e)})(e)}function E(){try{var e=!Boolean.prototype.valueOf.call(Reflect.construct(Boolean,[],function(){}))}catch(e){}return(E=function(){return!!e})()}var j=function(e){var t;if("function"!=typeof e&&null!==e)throw TypeError("Super expression must either be null or a function");function o(){var e,t;if(!(this instanceof o))throw TypeError("Cannot call a class as a function");return e=o,t=arguments,e=k(e),function(e,t){var r;if(t&&("object"==((r=t)&&"undefined"!=typeof Symbol&&r.constructor===Symbol?"symbol":typeof r)||"function"==typeof t))return t;if(void 0===e)throw ReferenceError("this hasn't been initialised - super() hasn't been called");return e}(this,E()?Reflect.construct(e,t||[],k(this).constructor):e.apply(this,t))}return o.prototype=Object.create(e&&e.prototype,{constructor:{value:o,writable:!0,configurable:!0}}),e&&C(o,e),t=[{key:"load",value:function(){var e,t=this;return(e=function(){return function(e,t){var r,o,n,i,a={label:0,sent:function(){if(1&n[0])throw n[1];return n[1]},trys:[],ops:[]};return i={next:c(0),throw:c(1),return:c(2)},"function"==typeof Symbol&&(i[Symbol.iterator]=function(){return this}),i;function c(i){return function(c){var u=[i,c];if(r)throw TypeError("Generator is already executing.");for(;a;)try{if(r=1,o&&(n=2&u[0]?o.return:u[0]?o.throw||((n=o.return)&&n.call(o),0):o.next)&&!(n=n.call(o,u[1])).done)return n;switch(o=0,n&&(u=[2&u[0],n.value]),u[0]){case 0:case 1:n=u;break;case 4:return a.label++,{value:u[1],done:!1};case 5:a.label++,o=u[1],u=[0];continue;case 7:u=a.ops.pop(),a.trys.pop();continue;default:if(!(n=(n=a.trys).length>0&&n[n.length-1])&&(6===u[0]||2===u[0])){a=0;continue}if(3===u[0]&&(!n||u[1]>n[0]&&u[1]<n[3])){a.label=u[1];break}if(6===u[0]&&a.label<n[1]){a.label=n[1],n=u;break}if(n&&a.label<n[2]){a.label=n[2],a.ops.push(u);break}n[2]&&a.ops.pop(),a.trys.pop();continue}u=t.call(e,a)}catch(e){u=[6,e],o=0}finally{r=n=0}if(5&u[0])throw u[1];return{value:u[0]?u[1]:void 0,done:!0}}}}(this,function(e){return t.app.pm.get(r()).registerType("OIDC+",{components:{SignInButton:x,AdminSettingsForm:T}}),[2]})},function(){var t=this,r=arguments;return new Promise(function(o,n){var i=e.apply(t,r);function a(e){P(i,o,n,a,c,"next",e)}function c(e){P(i,o,n,a,c,"throw",e)}a(void 0)})})()}}],function(e,t){for(var r=0;r<t.length;r++){var o=t[r];o.enumerable=o.enumerable||!1,o.configurable=!0,"value"in o&&(o.writable=!0),Object.defineProperty(e,o.key,o)}}(o.prototype,t),o}(O(e.Plugin)),R=j}(),d}()});

package/dist/externalVersion.js

@@ -8,16 +8,16 @@
  */
 
 module.exports = {
-  "@ant-design/icons": "5.2.6",
-  "@nocobase/client": "1.5.20",
-  "antd": "5.12.8",
+  "@ant-design/icons": "5.6.1",
+  "@nocobase/client": "1.8.23",
+  "antd": "5.24.2",
   "react": "18.2.0",
-  "react-router-dom": "6.21.0",
-  "@nocobase/plugin-auth": "1.5.20",
-  "@formily/antd-v5": "1.1.9",
+  "react-router-dom": "6.28.1",
+  "@nocobase/plugin-auth": "1.8.23",
+  "@formily/antd-v5": "1.2.3",
   "@formily/react": "2.3.0",
-  "@nocobase/auth": "1.5.20",
-  "@nocobase/server": "1.5.20",
+  "@nocobase/auth": "1.8.23",
+  "@nocobase/server": "1.8.23",
   "react-i18next": "11.18.6",
-  "@nocobase/actions": "1.5.20"
+  "@nocobase/actions": "1.8.23"
 };

package/package.json

@@ -2,7 +2,7 @@
   "name": "@typekcz-nocobase-plugins/plugin-oidc-plus",
   "displayName": "Auth: OIDC Plus",
   "description": "OIDC (OpenID Connect) authentication with extra features.",
-  "version": "1.0.3",
+  "version": "1.0.4",
   "license": "AGPL-3.0",
   "main": "dist/server/index.js",
   "devDependencies": {

package/src/client/OIDCButton.tsx

@@ -0,0 +1,70 @@
+import { LoginOutlined } from '@ant-design/icons';
+import { css, useAPIClient } from '@nocobase/client';
+import { Button, Space, message } from 'antd';
+import React, { useEffect } from 'react';
+import { useOidcTranslation } from './locale';
+import { useLocation } from 'react-router-dom';
+import { Authenticator } from '@nocobase/plugin-auth/client';
+import Cookies from 'js-cookie';
+import { logoutCookieName } from '../constants';
+
+export interface OIDCProvider {
+  clientId: string;
+  title: string;
+}
+
+export const OIDCButton = ({ authenticator }: { authenticator: Authenticator }) => {
+  const { t } = useOidcTranslation();
+  const api = useAPIClient();
+  const location = useLocation();
+  const params = new URLSearchParams(location.search);
+  const redirect = params.get('redirect');
+
+  const login = async () => {
+    const response = await api.request({
+      method: 'post',
+      url: 'oidc:getAuthUrl',
+      headers: {
+        'X-Authenticator': authenticator.name,
+      },
+      data: {
+        redirect,
+      },
+    });
+
+    const authUrl = response?.data?.data;
+    window.location.replace(authUrl);
+  };
+
+  useEffect(() => {
+    const logoutUrl = Cookies.get(logoutCookieName);
+    if (logoutUrl) {
+      const logoutUrlObj = new URL(logoutUrl);
+      logoutUrlObj.searchParams.set('post_logout_redirect_uri', window.location.href);
+      Cookies.remove(logoutCookieName, { domain: window.location.hostname });
+      window.location.href = logoutUrlObj.href;
+    }
+    const name = params.get('authenticator');
+    const error = params.get('error');
+    if (name !== authenticator.name) {
+      return;
+    }
+    if (error) {
+      message.error(t(error));
+      return;
+    }
+  });
+
+  return (
+    <Space
+      direction="vertical"
+      className={css`
+        display: flex;
+      `}
+    >
+      <Button shape="round" block icon={<LoginOutlined />} onClick={login}>
+        {t(authenticator.title)}
+      </Button>
+    </Space>
+  );
+};

package/src/client/Options.tsx

@@ -0,0 +1,359 @@
+import { CopyOutlined } from '@ant-design/icons';
+import { ArrayItems, FormTab } from '@formily/antd-v5';
+import { observer } from '@formily/react';
+import { FormItem, Input, SchemaComponent, useApp } from '@nocobase/client';
+import { Card, Space, message } from 'antd';
+import React, { useMemo } from 'react';
+import { lang, useOidcTranslation } from './locale';
+
+const schema = {
+  type: 'object',
+  properties: {
+    public: {
+      type: 'object',
+      properties: {
+        autoSignup: {
+          'x-decorator': 'FormItem',
+          type: 'boolean',
+          title: '{{t("Sign up automatically when the user does not exist")}}',
+          'x-component': 'Checkbox',
+          default: true,
+        },
+      },
+    },
+    oidc: {
+      type: 'object',
+      properties: {
+        collapse: {
+          type: 'void',
+          'x-component': 'FormTab',
+          properties: {
+            basic: {
+              type: 'void',
+              'x-component': 'FormTab.TabPane',
+              'x-component-props': {
+                tab: lang('Basic configuration'),
+              },
+              properties: {
+                issuer: {
+                  type: 'string',
+                  title: '{{t("Issuer")}}',
+                  'x-component': 'Input',
+                  'x-decorator': 'FormItem',
+                  required: true,
+                },
+                clientId: {
+                  type: 'string',
+                  title: '{{t("Client ID")}}',
+                  'x-component': 'Input',
+                  'x-decorator': 'FormItem',
+                  required: true,
+                },
+                clientSecret: {
+                  type: 'string',
+                  title: '{{t("Client Secret")}}',
+                  'x-component': 'Input',
+                  'x-decorator': 'FormItem',
+                  required: true,
+                },
+                scope: {
+                  type: 'string',
+                  title: '{{t("scope")}}',
+                  'x-component': 'Input',
+                  'x-decorator': 'FormItem',
+                  'x-decorator-props': {
+                    tooltip: '{{t("Default: openid profile email")}}',
+                  },
+                },
+                idTokenSignedResponseAlg: {
+                  type: 'string',
+                  title: '{{t("id_token signed response algorithm")}}',
+                  'x-component': 'Select',
+                  'x-decorator': 'FormItem',
+                  enum: [
+                    { label: 'HS256', value: 'HS256' },
+                    { label: 'HS384', value: 'HS384' },
+                    { label: 'HS512', value: 'HS512' },
+                    { label: 'RS256', value: 'RS256' },
+                    { label: 'RS384', value: 'RS384' },
+                    { label: 'RS512', value: 'RS512' },
+                    { label: 'ES256', value: 'ES256' },
+                    { label: 'ES384', value: 'ES384' },
+                    { label: 'ES512', value: 'ES512' },
+                    { label: 'PS256', value: 'PS256' },
+                    { label: 'PS384', value: 'PS384' },
+                    { label: 'PS512', value: 'PS512' },
+                  ],
+                },
+              },
+            },
+            mapping: {
+              type: 'void',
+              'x-component': 'FormTab.TabPane',
+              'x-component-props': {
+                tab: lang('Field mapping'),
+              },
+              properties: {
+                fieldMap: {
+                  title: '{{t("Field Map")}}',
+                  type: 'array',
+                  'x-decorator': 'FormItem',
+                  'x-component': 'ArrayItems',
+                  items: {
+                    type: 'object',
+                    'x-decorator': 'ArrayItems.Item',
+                    properties: {
+                      space: {
+                        type: 'void',
+                        'x-component': 'Space',
+                        properties: {
+                          source: {
+                            type: 'string',
+                            'x-decorator': 'FormItem',
+                            'x-component': 'Input',
+                            'x-component-props': {
+                              placeholder: '{{t("source")}}',
+                            },
+                          },
+                          target: {
+                            type: 'string',
+                            'x-decorator': 'FormItem',
+                            'x-component': 'Input',
+                            'x-component-props': {
+                              placeholder: '{{t("target")}}',
+                            },
+                          },
+                          remove: {
+                            type: 'void',
+                            'x-decorator': 'FormItem',
+                            'x-component': 'ArrayItems.Remove',
+                          },
+                        },
+                      },
+                    },
+                  },
+                  properties: {
+                    add: {
+                      type: 'void',
+                      title: 'Add',
+                      'x-component': 'ArrayItems.Addition',
+                    },
+                  },
+                },
+                userBindField: {
+                  type: 'string',
+                  title: '{{t("Use this field to bind the user")}}',
+                  'x-component': 'Select',
+                  'x-decorator': 'FormItem',
+                  default: 'email',
+                  enum: [
+                    { label: lang('Email'), value: 'email' },
+                    { label: lang('Username'), value: 'username' },
+                  ],
+                  required: true,
+                },
+              },
+            },
+            advanced: {
+              type: 'void',
+              'x-component': 'FormTab.TabPane',
+              'x-component-props': {
+                tab: lang('Advanced configuration'),
+              },
+              properties: {
+                logout: {
+                  type: 'boolean',
+                  title: '{{t("RP-initiated logout")}}',
+                  'x-component': 'Checkbox',
+                  'x-decorator': 'FormItem',
+                  'x-decorator-props': {
+                    tooltip:
+                      '{{t("Performs logout on the issuer (uses end_session_endpoint in the issuer configuration)")}}',
+                  },
+                },
+                http: {
+                  type: 'boolean',
+                  title: '{{t("HTTP")}}',
+                  'x-component': 'Checkbox',
+                  'x-decorator': 'FormItem',
+                  'x-decorator-props': {
+                    tooltip: '{{t("Check if NocoBase is running on HTTP protocol")}}',
+                  },
+                },
+                port: {
+                  type: 'number',
+                  title: '{{t("Port")}}',
+                  'x-component': 'InputNumber',
+                  'x-decorator': 'FormItem',
+                  'x-decorator-props': {
+                    tooltip: '{{t("The port number of the NocoBase service if it is not 80 or 443")}}',
+                  },
+                  'x-component-props': {
+                    style: {
+                      width: '15%',
+                      minWidth: '100px',
+                    },
+                  },
+                },
+                stateToken: {
+                  type: 'string',
+                  title: '{{t("State token")}}',
+                  'x-component': 'Input',
+                  'x-decorator': 'FormItem',
+                  description: lang(
+                    "The state token helps prevent CSRF attacks. It's recommended to leave it blank for automatic random generation.",
+                  ),
+                },
+                exchangeBodyKeys: {
+                  type: 'array',
+                  title: '{{t("Pass parameters in the authorization code grant exchange")}}',
+                  'x-decorator': 'FormItem',
+                  'x-component': 'ArrayItems',
+                  default: [
+                    { paramName: '', optionsKey: 'clientId' },
+                    {
+                      paramName: '',
+                      optionsKey: 'clientSecret',
+                    },
+                  ],
+                  items: {
+                    type: 'object',
+                    'x-decorator': 'ArrayItems.Item',
+                    properties: {
+                      space: {
+                        type: 'void',
+                        'x-component': 'Space',
+                        properties: {
+                          enabled: {
+                            type: 'boolean',
+                            'x-decorator': 'FormItem',
+                            'x-component': 'Checkbox',
+                          },
+                          optionsKey: {
+                            type: 'string',
+                            'x-decorator': 'FormItem',
+                            'x-decorator-props': {
+                              style: {
+                                width: '100px',
+                              },
+                            },
+                            'x-component': 'Select',
+                            'x-read-pretty': true,
+                            enum: [
+                              { label: lang('Client ID'), value: 'clientId' },
+                              { label: lang('Client Secret'), value: 'clientSecret' },
+                            ],
+                          },
+                          paramName: {
+                            type: 'string',
+                            'x-decorator': 'FormItem',
+                            'x-component': 'Input',
+                            'x-component-props': {
+                              placeholder: '{{t("Parameter name")}}',
+                            },
+                          },
+                        },
+                      },
+                    },
+                  },
+                },
+                userInfoMethod: {
+                  type: 'string',
+                  title: '{{t("Method to call the user info endpoint")}}',
+                  'x- decorator': 'FormItem',
+                  'x-component': 'Radio.Group',
+                  default: 'GET',
+                  enum: [
+                    {
+                      label: 'GET',
+                      value: 'GET',
+                    },
+                    {
+                      label: 'POST',
+                      value: 'POST',
+                    },
+                  ],
+                  'x-reactions': [
+                    {
+                      dependencies: ['.accessTokenVia'],
+                      when: '{{$deps[0] === "query"}}',
+                      fulfill: {
+                        state: {
+                          value: 'GET',
+                        },
+                      },
+                    },
+                    {
+                      dependencies: ['.accessTokenVia'],
+                      when: '{{$deps[0] === "body"}}',
+                      fulfill: {
+                        state: {
+                          value: 'POST',
+                        },
+                      },
+                    },
+                  ],
+                },
+                accessTokenVia: {
+                  type: 'string',
+                  title: '{{t("Where to put the access token when calling the user info endpoint")}}',
+                  'x- decorator': 'FormItem',
+                  'x-component': 'Radio.Group',
+                  default: 'header',
+                  enum: [
+                    {
+                      label: lang('Header'),
+                      value: 'header',
+                    },
+                    {
+                      label: lang('Body (Use with POST method)'),
+                      value: 'body',
+                    },
+                    {
+                      label: lang('Query parameters (Use with GET method)'),
+                      value: 'query',
+                    },
+                  ],
+                },
+              },
+            },
+          },
+        },
+      },
+    },
+    usage: {
+      type: 'void',
+      'x-component': 'Usage',
+    },
+  },
+};
+
+const Usage = observer(
+  () => {
+    const { t } = useOidcTranslation();
+    const app = useApp();
+
+    const url = useMemo(() => {
+      return app.getApiUrl('oidc:redirect');
+    }, [app]);
+
+    const copy = (text: string) => {
+      navigator.clipboard.writeText(text);
+      message.success(t('Copied'));
+    };
+
+    return (
+      <Card title={t('Usage')} type="inner">
+        <FormItem label={t('Redirect URL')}>
+          <Input value={url} disabled={true} addonBefore={<CopyOutlined onClick={() => copy(url)} />} />
+        </FormItem>
+      </Card>
+    );
+  },
+  { displayName: 'Usage' },
+);
+
+export const Options = () => {
+  const { t } = useOidcTranslation();
+  return <SchemaComponent scope={{ t }} components={{ Usage, ArrayItems, Space, FormTab }} schema={schema} />;
+};

package/src/client/index.tsx

@@ -0,0 +1,19 @@
+import { Plugin } from '@nocobase/client';
+import AuthPlugin from '@nocobase/plugin-auth/client';
+import { authType } from '../constants';
+import { OIDCButton } from './OIDCButton';
+import { Options } from './Options';
+
+export class PluginOIDCClient extends Plugin {
+  async load() {
+    const auth = this.app.pm.get(AuthPlugin);
+    auth.registerType(authType, {
+      components: {
+        SignInButton: OIDCButton,
+        AdminSettingsForm: Options,
+      },
+    });
+  }
+}
+
+export default PluginOIDCClient;

package/src/client/locale/index.ts

@@ -0,0 +1,18 @@
+import { i18n } from '@nocobase/client';
+import { useTranslation } from 'react-i18next';
+
+export const NAMESPACE = 'oidc';
+
+// i18n.addResources('zh-CN', NAMESPACE, zhCN);
+// i18n.addResources('en-US', NAMESPACE, enUS);
+// i18n.addResources('ja-JP', NAMESPACE, jaJP);
+// i18n.addResources('ru-RU', NAMESPACE, ruRU);
+// i18n.addResources('tr-TR', NAMESPACE, trTR);
+
+export function lang(key: string) {
+  return i18n.t(key, { ns: NAMESPACE });
+}
+
+export function useOidcTranslation() {
+  return useTranslation(NAMESPACE);
+}

package/src/constants.ts

@@ -0,0 +1,7 @@
+// @ts-ignore
+import { name } from '../package.json';
+
+export const authType = 'OIDC+';
+export const cookieName = 'tnp_oidc_plus';
+export const logoutCookieName = 'tnp_oidc_plus_logout';
+export const namespace = name;

package/src/index.ts

@@ -0,0 +1,2 @@
+export * from './server';
+export { default } from './server';

package/src/locale/en-US.json

@@ -0,0 +1,40 @@
+{
+  "Enable": "Enable",
+  "Issuer": "Issuer",
+  "OIDC manager": "OIDC manager",
+  "OIDC Providers": "OIDC Providers",
+  "Provider name": "Name",
+  "Client id": "Client id",
+  "Client secret": "Client secret",
+  "Openid configuration": "Openid configuration",
+  "Authorization endpoint": "Authorization endpoint",
+  "Access token endpoint": "Access token endpoint",
+  "JWKS endpoint": "JWKS endpoint",
+  "Userinfo endpoint": "Userinfo endpoint",
+  "Redirect url": "Redirect url",
+  "Logout endpoint": "Logout endpoint",
+  "Id token sign alg": "Id token sign alg",
+  "Add provider": "Add",
+  "Edit provider": "Edit",
+  "Delete provider": "Delete",
+  "Sign in button name, which will be displayed on the sign in page": "Sign in button name, which will be displayed on the sign in page",
+  "Use this field to bind the user": "Use this field to bind the user",
+  "Sign up automatically when the user does not exist": "Sign up automatically when the user does not exist",
+  "Username must be 2-16 characters in length (excluding @.<>\"'/)": "Username must be 2-16 characters in length (excluding @.<>\"'/)",
+  "User not found": "User not found",
+  "Basic configuration": "Basic configuration",
+  "Field mapping": "Field mapping",
+  "Advanced configuration": "Advanced configuration",
+  "Usage": "Usage",
+  "Redirect URL": "Redirect URL",
+  "Check if NocoBase is running on HTTP protocol": "Check if NocoBase is running on HTTP protocol",
+  "The port number of the NocoBase service if it is not 80 or 443": "The port number of the NocoBase service if it is not 80 or 443",
+  "Pass parameters in the authorization code grant exchange": "Pass parameters in the authorization code grant exchange",
+  "Method to call the user info endpoint": "Method to call the user info endpoint",
+  "Where to put the access token when calling the user info endpoint": "Where to put the access token when calling the user info endpoint",
+  "Header": "Header",
+  "Body (Use with POST method)": "Body (Use with POST method)",
+  "Query parameters (Use with GET method)": "Query parameters (Use with GET method)",
+  "Parameter name": "Parameter name",
+  "The state token helps prevent CSRF attacks. It's recommended to leave it blank for automatic random generation.": "The state token helps prevent CSRF attacks. It's recommended to leave it blank for automatic random generation."
+}