✨ 完善支付宝认证

eiam-authentication/eiam-authentication-alipay/src/main/java/cn/topiam/employee/authentication/alipay/AlipayIdpOAuth2Config.java

@@ -33,10 +33,23 @@ import jakarta.validation.constraints.NotBlank;
 @Data
 @EqualsAndHashCode(callSuper = true)
 public class AlipayIdpOAuth2Config extends IdentityProviderConfig {
+
     /**
      * 商户ID
      */
     @NotBlank(message = "商户ID不能为空")
     private String appId;
 
+    /**
+     * 应用私钥
+     */
+    @NotBlank(message = "应用私钥")
+    private String appPrivateKey;
+
+    /**
+     * 支付宝公钥
+     */
+    @NotBlank(message = "支付宝公钥")
+    private String alipayPublicKey;
+
 }

eiam-authentication/eiam-authentication-alipay/src/main/java/cn/topiam/employee/authentication/alipay/client/AlipayClient.java

@@ -0,0 +1,195 @@
+/*
+ * eiam-authentication-alipay - Employee Identity and Access Management
+ * Copyright © 2022-Present Jinan Yuanchuang Network Technology Co., Ltd. (support@topiam.cn)
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+package cn.topiam.employee.authentication.alipay.client;
+
+import java.util.Map;
+
+import com.aliyun.tea.*;
+
+/**
+ *
+ * @author TopIAM
+ * Created by support@topiam.cn on  2023/8/25 22:26
+ */
+public class AlipayClient {
+
+    public com.alipay.easysdk.kernel.Client kernel;
+
+    public AlipayClient(com.alipay.easysdk.kernel.Client kernel) {
+        this.kernel = kernel;
+    }
+
+    /**
+     * 获取token
+     *
+     * @param code {@link String}
+     * @return {@link AlipaySystemOauthTokenResponse}
+     * @throws Exception Exception
+     */
+    public AlipaySystemOauthTokenResponse getOauthToken(String code) throws Exception {
+        java.util.Map<String, Object> runtime = getRuntime();
+        TeaRequest request = null;
+        long now = System.currentTimeMillis();
+        int retryTimes = 0;
+        while (Tea.allowRetry((java.util.Map<String, Object>) runtime.get("retry"), retryTimes,
+            now)) {
+            if (retryTimes > 0) {
+                int backoffTime = Tea.getBackoffTime(runtime.get("backoff"), retryTimes);
+                if (backoffTime > 0) {
+                    Tea.sleep(backoffTime);
+                }
+            }
+            retryTimes = retryTimes + 1;
+            try {
+                java.util.Map<String, String> systemParams = TeaConverter.buildMap(
+                    new TeaPair("method", "alipay.system.oauth.token"),
+                    new TeaPair("app_id", kernel.getConfig("appId")),
+                    new TeaPair("timestamp", kernel.getTimestamp()), new TeaPair("format", "json"),
+                    new TeaPair("charset", "UTF-8"),
+                    new TeaPair("sign_type", kernel.getConfig("signType")),
+                    new TeaPair("app_cert_sn", kernel.getMerchantCertSN()),
+                    new TeaPair("alipay_root_cert_sn", kernel.getAlipayRootCertSN()));
+                java.util.Map<String, Object> bizParams = new java.util.HashMap<>();
+                java.util.Map<String, String> textParams = TeaConverter.buildMap(
+                    new TeaPair("grant_type", "authorization_code"), new TeaPair("code", code));
+                request = getRequest(systemParams, bizParams, textParams);
+                TeaResponse response = Tea.doAction(request, runtime);
+
+                java.util.Map<String, Object> respMap = kernel.readAsJson(response,
+                    "alipay.system.oauth.token");
+                if (kernel.isCertMode()) {
+                    if (kernel.verify(respMap,
+                        kernel.extractAlipayPublicKey(kernel.getAlipayCertSN(respMap)))) {
+                        return TeaModel.toModel(kernel.toRespModel(respMap),
+                            new AlipaySystemOauthTokenResponse());
+                    }
+
+                } else {
+                    if (kernel.verify(respMap, kernel.getConfig("alipayPublicKey"))) {
+                        return TeaModel.toModel(kernel.toRespModel(respMap),
+                            new AlipaySystemOauthTokenResponse());
+                    }
+
+                }
+
+                throw new TeaException(
+                    TeaConverter.buildMap(new TeaPair("message", "验签失败，请检查支付宝公钥设置是否正确。")));
+            } catch (Exception e) {
+                if (Tea.isRetryable(e)) {
+                    continue;
+                }
+                throw new RuntimeException(e);
+            }
+        }
+
+        throw new TeaUnretryableException(request);
+    }
+
+    /**
+     * 获取用户信息
+     *
+     * @param authToken {@link String}
+     * @return {@link AlipaySystemOauthTokenResponse}
+     * @throws Exception Exception
+     */
+    public AlipaySystemUserInfoShareResponse getUserInfo(String authToken) throws Exception {
+        java.util.Map<String, Object> runtime = getRuntime();
+
+        TeaRequest request = null;
+        long now = System.currentTimeMillis();
+        int retryTimes = 0;
+        while (Tea.allowRetry((java.util.Map<String, Object>) runtime.get("retry"), retryTimes,
+            now)) {
+            if (retryTimes > 0) {
+                int backoffTime = Tea.getBackoffTime(runtime.get("backoff"), retryTimes);
+                if (backoffTime > 0) {
+                    Tea.sleep(backoffTime);
+                }
+            }
+            retryTimes = retryTimes + 1;
+            try {
+                java.util.Map<String, String> systemParams = TeaConverter.buildMap(
+                    new TeaPair("method", "alipay.user.info.share"),
+                    new TeaPair("app_id", kernel.getConfig("appId")),
+                    new TeaPair("timestamp", kernel.getTimestamp()), new TeaPair("format", "json"),
+                    new TeaPair("charset", "UTF-8"),
+                    new TeaPair("sign_type", kernel.getConfig("signType")),
+                    new TeaPair("app_cert_sn", kernel.getMerchantCertSN()),
+                    new TeaPair("alipay_root_cert_sn", kernel.getAlipayRootCertSN()));
+                java.util.Map<String, Object> bizParams = new java.util.HashMap<>();
+                java.util.Map<String, String> textParams = TeaConverter
+                    .buildMap(new TeaPair("auth_token", authToken));
+                request = getRequest(systemParams, bizParams, textParams);
+                TeaResponse response = Tea.doAction(request, runtime);
+
+                java.util.Map<String, Object> respMap = kernel.readAsJson(response,
+                    "alipay.user.info.share");
+                if (kernel.isCertMode()) {
+                    if (kernel.verify(respMap,
+                        kernel.extractAlipayPublicKey(kernel.getAlipayCertSN(respMap)))) {
+                        return TeaModel.toModel(kernel.toRespModel(respMap),
+                            new AlipaySystemUserInfoShareResponse());
+                    }
+
+                } else {
+                    if (kernel.verify(respMap, kernel.getConfig("alipayPublicKey"))) {
+                        return TeaModel.toModel(kernel.toRespModel(respMap),
+                            new AlipaySystemUserInfoShareResponse());
+                    }
+
+                }
+
+                throw new TeaException(
+                    TeaConverter.buildMap(new TeaPair("message", "验签失败，请检查支付宝公钥设置是否正确。")));
+            } catch (Exception e) {
+                if (Tea.isRetryable(e)) {
+                    continue;
+                }
+                throw new RuntimeException(e);
+            }
+        }
+
+        throw new TeaUnretryableException(request);
+    }
+
+    private TeaRequest getRequest(Map<String, String> systemParams, Map<String, Object> bizParams,
+                                  Map<String, String> textParams) throws Exception {
+        TeaRequest request = new TeaRequest();
+
+        request.protocol = kernel.getConfig("protocol");
+        request.method = "POST";
+        request.pathname = "/gateway.do";
+        request.headers = TeaConverter.buildMap(
+            new TeaPair("host", kernel.getConfig("gatewayHost")),
+            new TeaPair("content-type", "application/x-www-form-urlencoded;charset=utf-8"));
+        request.query = kernel.sortMap(TeaConverter.merge(
+            String.class, TeaConverter.buildMap(new TeaPair("sign", kernel.sign(systemParams,
+                bizParams, textParams, kernel.getConfig("merchantPrivateKey")))),
+            systemParams, textParams));
+        request.body = Tea.toReadable(kernel.toUrlEncodedRequestBody(bizParams));
+        return request;
+    }
+
+    private java.util.Map<String, Object> getRuntime() throws Exception {
+        return TeaConverter.buildMap(new TeaPair("ignoreSSL", kernel.getConfig("ignoreSSL")),
+            new TeaPair("httpProxy", kernel.getConfig("httpProxy")),
+            new TeaPair("connectTimeout", 15000), new TeaPair("readTimeout", 15000),
+            new TeaPair("retry", TeaConverter.buildMap(new TeaPair("maxAttempts", 0))));
+    }
+
+}

eiam-authentication/eiam-authentication-alipay/src/main/java/cn/topiam/employee/authentication/alipay/client/AlipaySystemOauthTokenResponse.java

@@ -0,0 +1,73 @@
+/*
+ * eiam-authentication-alipay - Employee Identity and Access Management
+ * Copyright © 2022-Present Jinan Yuanchuang Network Technology Co., Ltd. (support@topiam.cn)
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+package cn.topiam.employee.authentication.alipay.client;
+
+import com.aliyun.tea.*;
+
+import lombok.Getter;
+import lombok.Setter;
+
+/**
+ *
+ * @author TopIAM
+ * Created by support@topiam.cn on  2023/8/25 22:26
+ */
+@Getter
+@Setter
+public class AlipaySystemOauthTokenResponse extends TeaModel {
+    @NameInMap("http_body")
+    @Validation(required = true)
+    public String httpBody;
+
+    @NameInMap("code")
+    @Validation(required = true)
+    public String code;
+
+    @NameInMap("msg")
+    @Validation(required = true)
+    public String msg;
+
+    @NameInMap("sub_code")
+    @Validation(required = true)
+    public String subCode;
+
+    @NameInMap("sub_msg")
+    @Validation(required = true)
+    public String subMsg;
+
+    @NameInMap("open_id")
+    @Validation(required = true)
+    public String openId;
+
+    @NameInMap("access_token")
+    @Validation(required = true)
+    public String accessToken;
+
+    @NameInMap("expires_in")
+    @Validation(required = true)
+    public Long   expiresIn;
+
+    @NameInMap("refresh_token")
+    @Validation(required = true)
+    public String refreshToken;
+
+    @NameInMap("re_expires_in")
+    @Validation(required = true)
+    public Long   reExpiresIn;
+
+}

eiam-authentication/eiam-authentication-alipay/src/main/java/cn/topiam/employee/authentication/alipay/client/AlipaySystemUserInfoShareResponse.java

@@ -0,0 +1,79 @@
+/*
+ * eiam-authentication-alipay - Employee Identity and Access Management
+ * Copyright © 2022-Present Jinan Yuanchuang Network Technology Co., Ltd. (support@topiam.cn)
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+package cn.topiam.employee.authentication.alipay.client;
+
+import com.aliyun.tea.NameInMap;
+import com.aliyun.tea.TeaModel;
+import com.aliyun.tea.Validation;
+
+import lombok.Getter;
+import lombok.Setter;
+
+/**
+ *
+ * @author TopIAM
+ * Created by support@topiam.cn on  2023/8/25 22:26
+ */
+@Getter
+@Setter
+public class AlipaySystemUserInfoShareResponse extends TeaModel {
+    @NameInMap("http_body")
+    @Validation(required = true)
+    public String httpBody;
+
+    @NameInMap("code")
+    @Validation(required = true)
+    public String code;
+
+    @NameInMap("msg")
+    @Validation(required = true)
+    public String msg;
+
+    @NameInMap("sub_code")
+    @Validation(required = true)
+    public String subCode;
+
+    @NameInMap("sub_msg")
+    @Validation(required = true)
+    public String subMsg;
+
+    @NameInMap("user_id")
+    @Validation(required = true)
+    public String userId;
+
+    @NameInMap("avatar")
+    @Validation(required = true)
+    public String avatar;
+
+    @NameInMap("city")
+    @Validation(required = true)
+    public Long   city;
+
+    @NameInMap("nick_name")
+    @Validation(required = true)
+    public String nickName;
+
+    @NameInMap("province")
+    @Validation(required = true)
+    public Long   province;
+
+    @NameInMap("gender")
+    @Validation(required = true)
+    public Long   gender;
+
+}

eiam-authentication/eiam-authentication-alipay/src/main/java/cn/topiam/employee/authentication/alipay/configurer/AlipayAuthenticationConfigurer.java

@@ -17,8 +17,11 @@
  */
 package cn.topiam.employee.authentication.alipay.configurer;
 
+import org.springframework.http.HttpMethod;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer;
+import org.springframework.security.oauth2.client.web.OAuth2AuthorizationRequestRedirectFilter;
+import org.springframework.security.oauth2.client.web.OAuth2LoginAuthenticationFilter;
 import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
 import org.springframework.security.web.util.matcher.OrRequestMatcher;
 import org.springframework.security.web.util.matcher.RequestMatcher;
@@ -29,6 +32,10 @@ import cn.topiam.employee.authentication.alipay.filter.AlipayLoginAuthentication
 import cn.topiam.employee.authentication.common.service.UserIdpService;
 import cn.topiam.employee.common.repository.authentication.IdentityProviderRepository;
 
+import lombok.NonNull;
+import lombok.Setter;
+import static cn.topiam.employee.support.security.util.HttpSecurityFilterOrderRegistrationUtils.putFilterBefore;
+
 /**
  * 认证配置
  *
@@ -37,6 +44,9 @@ import cn.topiam.employee.common.repository.authentication.IdentityProviderRepos
  */
 public class AlipayAuthenticationConfigurer extends
                                             AbstractAuthenticationFilterConfigurer<HttpSecurity, AlipayAuthenticationConfigurer, AlipayLoginAuthenticationFilter> {
+    @Setter
+    @NonNull
+    private String                           loginProcessingUrl = AlipayLoginAuthenticationFilter.DEFAULT_FILTER_PROCESSES_URI;
 
     private final IdentityProviderRepository identityProviderRepository;
     private final UserIdpService             userIdpService;
@@ -49,6 +59,24 @@ public class AlipayAuthenticationConfigurer extends
         this.userIdpService = userIdpService;
     }
 
+    @Override
+    public void init(HttpSecurity http) throws Exception {
+        //支付宝登录认证
+        this.setAuthenticationFilter(
+            new AlipayLoginAuthenticationFilter(userIdpService, identityProviderRepository));
+        putFilterBefore(http, this.getAuthenticationFilter(),
+            OAuth2LoginAuthenticationFilter.class);
+
+        //支付宝请求重定向
+        http.addFilterBefore(
+            new AlipayAuthorizationRequestRedirectFilter(identityProviderRepository),
+            OAuth2AuthorizationRequestRedirectFilter.class);
+
+        //登录处理地址
+        super.loginProcessingUrl(this.loginProcessingUrl);
+        super.init(http);
+    }
+
     /**
      * Create the {@link RequestMatcher} given a loginProcessingUrl
      *
@@ -58,7 +86,7 @@ public class AlipayAuthenticationConfigurer extends
      */
     @Override
     protected RequestMatcher createLoginProcessingUrlMatcher(String loginProcessingUrl) {
-        return new AntPathRequestMatcher(loginProcessingUrl);
+        return new AntPathRequestMatcher(loginProcessingUrl, HttpMethod.GET.name());
     }
 
     public RequestMatcher getRequestMatcher() {

eiam-authentication/eiam-authentication-alipay/src/main/java/cn/topiam/employee/authentication/alipay/constant/AlipayAuthenticationConstants.java

@@ -30,4 +30,9 @@ public class AlipayAuthenticationConstants {
     public static final String USER_INFO_SCOPE       = "auth_user";
 
     public static final String APP_ID                = "app_id";
+
+    public static final String AUTH_CODE             = "auth_code";
+
+    public static final String SUCCESS_CODE          = "200";
+
 }

eiam-authentication/eiam-authentication-alipay/src/main/java/cn/topiam/employee/authentication/alipay/filter/AlipayLoginAuthenticationFilter.java

@@ -18,25 +18,49 @@
 package cn.topiam.employee.authentication.alipay.filter;
 
 import java.io.IOException;
+import java.util.Map;
+import java.util.Objects;
+import java.util.UUID;
 
+import org.apache.commons.lang3.StringUtils;
 import org.springframework.http.HttpMethod;
-import org.springframework.security.authentication.AuthenticationServiceException;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.AuthenticationException;
+import org.springframework.security.oauth2.core.OAuth2AuthenticationException;
+import org.springframework.security.oauth2.core.OAuth2Error;
+import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest;
+import org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames;
 import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
 import org.springframework.security.web.util.matcher.RequestMatcher;
 
+import com.alibaba.fastjson2.JSONObject;
+import com.alipay.easysdk.kernel.Client;
+import com.alipay.easysdk.kernel.Config;
+import com.alipay.easysdk.kernel.Context;
+
+import cn.topiam.employee.authentication.alipay.AlipayIdpOAuth2Config;
+import cn.topiam.employee.authentication.alipay.client.AlipayClient;
+import cn.topiam.employee.authentication.alipay.client.AlipaySystemOauthTokenResponse;
+import cn.topiam.employee.authentication.alipay.client.AlipaySystemUserInfoShareResponse;
+import cn.topiam.employee.authentication.common.authentication.IdpUserDetails;
 import cn.topiam.employee.authentication.common.filter.AbstractIdpAuthenticationProcessingFilter;
 import cn.topiam.employee.authentication.common.service.UserIdpService;
+import cn.topiam.employee.common.entity.authn.IdentityProviderEntity;
 import cn.topiam.employee.common.repository.authentication.IdentityProviderRepository;
 import cn.topiam.employee.core.help.ServerHelp;
+import cn.topiam.employee.support.exception.TopIamException;
+import cn.topiam.employee.support.trace.TraceUtils;
 import cn.topiam.employee.support.util.HttpUrlUtils;
 
 import jakarta.servlet.ServletException;
 import jakarta.servlet.http.HttpServletRequest;
 import jakarta.servlet.http.HttpServletResponse;
+import static com.taobao.api.Constants.SDK_VERSION;
+
+import static cn.topiam.employee.authentication.alipay.constant.AlipayAuthenticationConstants.AUTH_CODE;
 import static cn.topiam.employee.authentication.common.IdentityProviderType.ALIPAY_OAUTH;
-import static cn.topiam.employee.authentication.common.constant.AuthenticationConstants.PROVIDER_CODE;
+import static cn.topiam.employee.authentication.common.constant.AuthenticationConstants.*;
+import static cn.topiam.employee.authentication.common.constant.AuthenticationConstants.INVALID_STATE_PARAMETER_ERROR_CODE;
 
 /**
  * 支付宝 登录过滤器
@@ -54,14 +78,12 @@ public class AlipayLoginAuthenticationFilter extends AbstractIdpAuthenticationPr
     /**
      * Creates a new instance
      *
-     * @param defaultFilterProcessesUrl  the {@link String}
      * @param userIdpService             {@link  UserIdpService}
      * @param identityProviderRepository {@link IdentityProviderRepository}
      */
-    protected AlipayLoginAuthenticationFilter(String defaultFilterProcessesUrl,
+    public AlipayLoginAuthenticationFilter(UserIdpService userIdpService,
-                                              UserIdpService userIdpService,
+                                           IdentityProviderRepository identityProviderRepository) {
-                                              IdentityProviderRepository identityProviderRepository) {
+        super(REQUEST_MATCHER, userIdpService, identityProviderRepository);
-        super(defaultFilterProcessesUrl, userIdpService, identityProviderRepository);
     }
 
     @Override
@@ -69,11 +91,76 @@ public class AlipayLoginAuthenticationFilter extends AbstractIdpAuthenticationPr
                                                 HttpServletResponse response) throws AuthenticationException,
                                                                               IOException,
                                                                               ServletException {
-        if (!REQUEST_MATCHER.matches(request)) {
+        OAuth2AuthorizationRequest authorizationRequest = getOauth2AuthorizationRequest(request,
-            throw new AuthenticationServiceException(
+            response);
-                "Authentication method not supported: " + request.getMethod());
+        TraceUtils.put(UUID.randomUUID().toString());
+        RequestMatcher.MatchResult matcher = REQUEST_MATCHER.matcher(request);
+        Map<String, String> variables = matcher.getVariables();
+        String providerCode = variables.get(PROVIDER_CODE);
+        String providerId = getIdentityProviderId(providerCode);
+        //code 支付宝为auth_code
+        String code = request.getParameter(AUTH_CODE);
+        if (StringUtils.isEmpty(code)) {
+            logger.error("支付宝登录 auth_code 参数不存在，认证失败");
+            OAuth2Error oauth2Error = new OAuth2Error(INVALID_CODE_PARAMETER_ERROR_CODE);
+            throw new OAuth2AuthenticationException(oauth2Error, oauth2Error.toString());
         }
-        return null;
+        // state
+        String state = request.getParameter(OAuth2ParameterNames.STATE);
+        if (StringUtils.isEmpty(state)) {
+            logger.error("支付宝登录 state 参数不存在，认证失败");
+            OAuth2Error oauth2Error = new OAuth2Error(INVALID_STATE_PARAMETER_ERROR_CODE);
+            throw new OAuth2AuthenticationException(oauth2Error, oauth2Error.toString());
+        }
+        //验证state
+        if (!authorizationRequest.getState().equals(state)) {
+            logger.error("支付宝登录 state 匹配不一致，认证失败");
+            OAuth2Error oauth2Error = new OAuth2Error(INVALID_STATE_PARAMETER_ERROR_CODE);
+            throw new OAuth2AuthenticationException(oauth2Error, oauth2Error.toString());
+        }
+        //获取身份提供商
+        IdentityProviderEntity provider = getIdentityProviderEntity(providerCode);
+        AlipayIdpOAuth2Config idpOauthConfig = JSONObject.parseObject(provider.getConfig(),
+            AlipayIdpOAuth2Config.class);
+        if (Objects.isNull(idpOauthConfig)) {
+            logger.error("未查询到支付宝登录配置");
+            //无效身份提供商
+            OAuth2Error oauth2Error = new OAuth2Error(INVALID_IDP_CONFIG);
+            throw new OAuth2AuthenticationException(oauth2Error, oauth2Error.toString());
+        }
+        try {
+            AlipayClient client = new AlipayClient(
+                new Client(new Context(getConfig(idpOauthConfig), SDK_VERSION)));
+            AlipaySystemOauthTokenResponse token = client.getOauthToken(code);
+            if (!StringUtils.isBlank(token.getCode())) {
+                logger.error("支付宝认证获取 access_token 失败: [" + token.getHttpBody() + "]");
+                throw new TopIamException(token.getSubMsg());
+            }
+            String accessToken = token.getAccessToken();
+            AlipaySystemUserInfoShareResponse userInfo = client.getUserInfo(accessToken);
+            if (!StringUtils.isBlank(userInfo.getCode())) {
+                logger.error("支付宝认证获取用户信息失败: [" + userInfo.getHttpBody() + "]");
+                throw new TopIamException(userInfo.getSubMsg());
+            }
+            //执行逻辑
+            IdpUserDetails idpUserDetails = IdpUserDetails.builder().openId(token.getOpenId())
+                .providerType(ALIPAY_OAUTH).providerCode(providerCode).providerId(providerId)
+                .avatarUrl(userInfo.getAvatar()).nickName(userInfo.getNickName()).build();
+            return attemptAuthentication(request, response, idpUserDetails);
+        } catch (Exception e) {
+            throw new RuntimeException(e);
+        }
+    }
+
+    public static Config getConfig(AlipayIdpOAuth2Config idpOauthConfig) {
+        Config config = new Config();
+        config.protocol = "https";
+        config.gatewayHost = "openapi.alipay.com";
+        config.appId = idpOauthConfig.getAppId();
+        config.signType = "RSA2";
+        config.alipayPublicKey = idpOauthConfig.getAlipayPublicKey();
+        config.merchantPrivateKey = idpOauthConfig.getAppPrivateKey();
+        return config;
     }
 
     public static String getLoginUrl(String providerId) {

eiam-console/src/main/console-fe/src/pages/authn/IdentityProvider/components/Config/AliPayOauthConfig.tsx

@@ -0,0 +1,79 @@
+/*
+ * eiam-console - Employee Identity and Access Management
+ * Copyright © 2022-Present Jinan Yuanchuang Network Technology Co., Ltd. (support@topiam.cn)
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+import { ProFormText } from '@ant-design/pro-components';
+import CallbackUrl from './CallbackUrl';
+import { useIntl } from '@umijs/max';
+
+/**
+ * AliPay Oauth 登录
+ *
+ * @constructor
+ */
+const QqOauthConfig = (props: { isCreate: boolean }) => {
+  const { isCreate } = props;
+  const intl = useIntl();
+
+  return (
+    <>
+      <ProFormText
+        name={['config', 'appId']}
+        label={intl.formatMessage({
+          id: 'pages.authn.identity_provider.config.alipay_oauth.app_id',
+        })}
+        rules={[{ required: true }]}
+        fieldProps={{ autoComplete: 'off' }}
+        placeholder={intl.formatMessage({
+          id: 'pages.authn.identity_provider.config.alipay_oauth.app_id.placeholder',
+        })}
+        extra={intl.formatMessage({
+          id: 'pages.authn.identity_provider.config.alipay_oauth.app_id.extra',
+        })}
+      />
+      <ProFormText.Password
+        rules={[{ required: true }]}
+        name={['config', 'appPrivateKey']}
+        label={intl.formatMessage({
+          id: 'pages.authn.identity_provider.config.alipay_oauth.app_private_key',
+        })}
+        placeholder={intl.formatMessage({
+          id: 'pages.authn.identity_provider.config.alipay_oauth.app_private_key.placeholder',
+        })}
+        extra={intl.formatMessage({
+          id: 'pages.authn.identity_provider.config.alipay_oauth.app_private_key.extra',
+        })}
+        fieldProps={{ autoComplete: 'off' }}
+      />
+      <ProFormText.Password
+        rules={[{ required: true }]}
+        name={['config', 'alipayPublicKey']}
+        label={intl.formatMessage({
+          id: 'pages.authn.identity_provider.config.alipay_oauth.alipay_public_key',
+        })}
+        placeholder={intl.formatMessage({
+          id: 'pages.authn.identity_provider.config.alipay_oauth.alipay_public_key.placeholder',
+        })}
+        extra={intl.formatMessage({
+          id: 'pages.authn.identity_provider.config.alipay_oauth.alipay_public_key.extra',
+        })}
+        fieldProps={{ autoComplete: 'off' }}
+      />
+      {!isCreate && <CallbackUrl />}
+    </>
+  );
+};
+export default QqOauthConfig;

eiam-console/src/main/console-fe/src/pages/authn/IdentityProvider/components/Config/Config.tsx

@@ -26,6 +26,7 @@ import WeWorkScanCode from './WeWorkScanCodeConfig';
 import GithubOauthConfig from './GithubOauthConfig';
 import GiteeOauthConfig from './GiteeOauthConfig';
 import { useIntl } from '@umijs/max';
+import AliPayOauthConfig from '@/pages/authn/IdentityProvider/components/Config/AliPayOauthConfig';
 
 /**
  * Config
@@ -43,10 +44,11 @@ const Config = (props: { type: IdentityProviderType | string; isCreate?: boolean
       {type === IdentityProviderType.wechatwork_qr && <WeWorkScanCode isCreate={isCreate} />}
       {type === IdentityProviderType.dingtalk_qr && <DingTalkScanCode isCreate={isCreate} />}
       {type === IdentityProviderType.dingtalk_oauth && <DingTalkOauthConfig isCreate={isCreate} />}
-      {type === IdentityProviderType.qq && <QqOauthConfig isCreate={isCreate} />}
+      {type === IdentityProviderType.qq_oauth && <QqOauthConfig isCreate={isCreate} />}
       {type === IdentityProviderType.feishu_oauth && <FeiShuScanCodeConfig isCreate={isCreate} />}
-      {type === IdentityProviderType.gitee && <GiteeOauthConfig isCreate={isCreate} />}
+      {type === IdentityProviderType.gitee_oauth && <GiteeOauthConfig isCreate={isCreate} />}
-      {type === IdentityProviderType.github && <GithubOauthConfig isCreate={isCreate} />}
+      {type === IdentityProviderType.github_oauth && <GithubOauthConfig isCreate={isCreate} />}
+      {type === IdentityProviderType.alipay_oauth && <AliPayOauthConfig isCreate={isCreate} />}
       <ProFormSwitch
         name={['displayed']}
         extra={intl.formatMessage({

eiam-console/src/main/console-fe/src/pages/authn/IdentityProvider/components/Config/GiteeOauthConfig.tsx

@@ -32,20 +32,30 @@ const GiteeOauthConfig = (props: { isCreate: boolean }) => {
     <>
       <ProFormText
         name={['config', 'clientId']}
-        label="ClientId"
+        label={intl.formatMessage({
+          id: 'pages.authn.identity_provider.config.gitee_oauth.client_id',
+        })}
         rules={[{ required: true }]}
         fieldProps={{ autoComplete: 'off' }}
         placeholder={intl.formatMessage({
           id: 'pages.authn.identity_provider.config.gitee_oauth.client_id.placeholder',
         })}
+        extra={intl.formatMessage({
+          id: 'pages.authn.identity_provider.config.gitee_oauth.client_id.extra',
+        })}
       />
       <ProFormText.Password
         rules={[{ required: true }]}
         name={['config', 'clientSecret']}
-        label="ClientSecret"
+        label={intl.formatMessage({
+          id: 'pages.authn.identity_provider.config.gitee_oauth.client_secret',
+        })}
         placeholder={intl.formatMessage({
           id: 'pages.authn.identity_provider.config.gitee_oauth.client_secret.placeholder',
         })}
+        extra={intl.formatMessage({
+          id: 'pages.authn.identity_provider.config.gitee_oauth.client_secret.extra',
+        })}
         fieldProps={{ autoComplete: 'off' }}
       />
       {!isCreate && <CallbackUrl />}

eiam-console/src/main/console-fe/src/pages/authn/IdentityProvider/components/Config/GithubOauthConfig.tsx

@@ -32,7 +32,9 @@ const QqOauthConfig = (props: { isCreate: boolean }) => {
     <>
       <ProFormText
         name={['config', 'clientId']}
-        label="CilentId"
+        label={intl.formatMessage({
+          id: 'pages.authn.identity_provider.config.github_oauth.client_id',
+        })}
         rules={[{ required: true }]}
         fieldProps={{ autoComplete: 'off' }}
         placeholder={intl.formatMessage({
@@ -45,7 +47,9 @@ const QqOauthConfig = (props: { isCreate: boolean }) => {
       <ProFormText.Password
         rules={[{ required: true }]}
         name={['config', 'clientSecret']}
-        label="ClientSecret"
+        label={intl.formatMessage({
+          id: 'pages.authn.identity_provider.config.github_oauth.client_secret',
+        })}
         placeholder={intl.formatMessage({
           id: 'pages.authn.identity_provider.config.github_oauth.client_secret.placeholder',
         })}

eiam-console/src/main/console-fe/src/pages/authn/IdentityProvider/components/CreateModal/CreateModal.tsx

@@ -116,19 +116,25 @@ export default (props: CreateDrawerProps) => {
                   }),
                 },
                 {
-                  value: IdentityProviderType.qq,
+                  value: IdentityProviderType.qq_oauth,
                   label: intl.formatMessage({
                     id: 'pages.authn.identity_provider.create_modal.form.type.qq',
                   }),
                 },
                 {
-                  value: IdentityProviderType.github,
+                  value: IdentityProviderType.alipay_oauth,
+                  label: intl.formatMessage({
+                    id: 'pages.authn.identity_provider.create_modal.form.type.alipay_oauth',
+                  }),
+                },
+                {
+                  value: IdentityProviderType.github_oauth,
                   label: intl.formatMessage({
                     id: 'pages.authn.identity_provider.create_modal.form.type.github',
                   }),
                 },
                 {
-                  value: IdentityProviderType.gitee,
+                  value: IdentityProviderType.gitee_oauth,
                   label: intl.formatMessage({
                     id: 'pages.authn.identity_provider.create_modal.form.type.gitee',
                   }),

eiam-console/src/main/console-fe/src/pages/authn/IdentityProvider/constant.ts

@@ -34,10 +34,11 @@ export enum IdentityProviderType {
   dingtalk_oauth = 'dingtalk_oauth',
   ldap = 'ldap',
   //社交
-  qq = 'qq_oauth',
+  qq_oauth = 'qq_oauth',
-  gitee = 'gitee_oauth',
+  gitee_oauth = 'gitee_oauth',
   wechat_qr = 'wechat_qr',
-  github = 'github_oauth',
+  github_oauth = 'github_oauth',
+  alipay_oauth = 'alipay_oauth',
 }
 
 /**
@@ -48,11 +49,11 @@ export const EXIST_CALLBACK = [
   IdentityProviderType.dingtalk_qr,
   IdentityProviderType.dingtalk_oauth,
   IdentityProviderType.wechat_qr,
-  IdentityProviderType.qq,
+  IdentityProviderType.qq_oauth,
   IdentityProviderType.feishu_oauth,
   IdentityProviderType.feishu_oauth,
-  IdentityProviderType.gitee,
+  IdentityProviderType.gitee_oauth,
-  IdentityProviderType.github,
+  IdentityProviderType.github_oauth,
 ];
 
 export const DRAWER_FORM_ITEM_LAYOUT = {

eiam-console/src/main/console-fe/src/pages/authn/IdentityProvider/locales/zh-CN.ts

@@ -36,10 +36,11 @@ export default {
   'pages.authn.identity_provider.create_modal.form.type': '创建认证源',
   'pages.authn.identity_provider.create_modal.form.type.placeholder': '请选择认证提供商',
   'pages.authn.identity_provider.create_modal.form.type.rule.0.message': '请选择认证提供商',
-  'pages.authn.identity_provider.create_modal.form.type.wechat_qr': '微信开放平台扫码认证',
+  'pages.authn.identity_provider.create_modal.form.type.wechat_qr': '微信扫码认证',
   'pages.authn.identity_provider.create_modal.form.type.qq': 'QQ认证',
   'pages.authn.identity_provider.create_modal.form.type.gitee': 'Gitee认证',
-  'pages.authn.identity_provider.create_modal.form.type.github': 'Github认证',
+  'pages.authn.identity_provider.create_modal.form.type.github': 'GitHub认证',
+  'pages.authn.identity_provider.create_modal.form.type.alipay_oauth': '支付宝认证',
   'pages.authn.identity_provider.create_modal.form.type.dingtalk_oauth': '钉钉认证',
   'pages.authn.identity_provider.create_modal.form.type.dingtalk_qr': '钉钉扫码认证',
   'pages.authn.identity_provider.create_modal.form.type.feishu_oauth': '飞书认证',
@@ -59,8 +60,38 @@ export default {
     '在飞书开放平台，开发者后台 -> 企业自建应用，创建企业自建应用',
   'pages.authn.identity_provider.config.qq_oauth.app_id.placeholder': '请填写AppId',
   'pages.authn.identity_provider.config.qq_oauth.app_secret.placeholder': '请填写AppKey',
+  'pages.authn.identity_provider.config.gitee_oauth.client_id': '客户端ID',
   'pages.authn.identity_provider.config.gitee_oauth.client_id.placeholder': '请填写ClientId',
-  'pages.authn.identity_provider.config.gitee_oauth.client_secret.placeholder': '请填写ClientSecret',
+  'pages.authn.identity_provider.config.gitee_oauth.client_secret': '客户端秘钥',
+  'pages.authn.identity_provider.config.gitee_oauth.client_secret.placeholder':
+    '请填写ClientSecret',
+  'pages.authn.identity_provider.config.gitee_oauth.client_id.extra': 'Gitee应用的Client ID',
+  'pages.authn.identity_provider.config.gitee_oauth.client_secret.extra':
+    'Gitee应用生成的Client secret',
+  'pages.authn.identity_provider.config.github_oauth.client_id':
+      '客户端ID',
+  'pages.authn.identity_provider.config.github_oauth.client_id.placeholder': '请填写Client ID',
+  'pages.authn.identity_provider.config.github_oauth.client_secret':
+      '客户端秘钥',
+  'pages.authn.identity_provider.config.github_oauth.client_secret.placeholder':
+    '请填写Client Secret',
+  'pages.authn.identity_provider.config.github_oauth.client_id.extra': 'GitHub应用的Client ID',
+  'pages.authn.identity_provider.config.github_oauth.client_secret.extra':
+    'GitHub应用生成的Client secret',
+
+  'pages.authn.identity_provider.config.alipay_oauth.app_id': '应用ID',
+  'pages.authn.identity_provider.config.alipay_oauth.app_id.placeholder': '请填写应用ID',
+  'pages.authn.identity_provider.config.alipay_oauth.app_id.extra': 'xxxxxxxxx',
+  'pages.authn.identity_provider.config.alipay_oauth.app_id.placeholder.extra': 'xxxxxxx',
+  'pages.authn.identity_provider.config.alipay_oauth.app_private_key': '应用私钥',
+  'pages.authn.identity_provider.config.alipay_oauth.app_private_key.placeholder':
+    '请填写应用私钥',
+  'pages.authn.identity_provider.config.alipay_oauth.app_private_key.extra': 'xxxxxxxxxxx',
+  'pages.authn.identity_provider.config.alipay_oauth.alipay_public_key': '支付宝公钥',
+  'pages.authn.identity_provider.config.alipay_oauth.alipay_public_key.placeholder':
+    '请填写支付宝公钥',
+  'pages.authn.identity_provider.config.alipay_oauth.alipay_public_key.extra': 'xxxxxxxxxxxxx',
+
   'pages.authn.identity_provider.config.wechat_scan_code.app_id.extra':
     '微信扫码登录开发申请获取的AppId',
   'pages.authn.identity_provider.config.wechat_scan_code.app_id.placeholder': '请填写获取的AppId',
@@ -80,8 +111,4 @@ export default {
   'pages.authn.identity_provider.config.wework_scan_code.app_secret.placeholder':
     '请输入获取的Secret',
   'pages.authn.identity_provider.add-success-content': '请复制以下链接访问门户端',
-  'pages.authn.identity_provider.config.github_oauth.client_id.placeholder': '请填写Client ID',
-  'pages.authn.identity_provider.config.github_oauth.client_secret.placeholder': '请填写Client Secret',
-  'pages.authn.identity_provider.config.github_oauth.client_id.extra': 'GitHub应用的Client ID',
-  'pages.authn.identity_provider.config.github_oauth.client_secret.extra': 'GitHub应用生成的Client secret',
 };

eiam-console/src/main/java/cn/topiam/employee/console/converter/authn/IdentityProviderConverter.java

@@ -33,6 +33,7 @@ import com.fasterxml.jackson.databind.ObjectMapper;
 import com.querydsl.core.types.ExpressionUtils;
 import com.querydsl.core.types.Predicate;
 
+import cn.topiam.employee.authentication.alipay.AlipayIdpOAuth2Config;
 import cn.topiam.employee.authentication.common.IdentityProviderCategory;
 import cn.topiam.employee.authentication.common.IdentityProviderType;
 import cn.topiam.employee.authentication.common.config.IdentityProviderConfig;
@@ -249,7 +250,7 @@ public interface IdentityProviderConverter {
             //钉钉扫码
         } else if (type.equals(DINGTALK_QR.value())) {
             identityProviderConfig = config.to(DingTalkIdpScanCodeConfig.class);
-            //钉钉Oauth
+            //钉钉OAuth
         } else if (type.equals(DINGTALK_OAUTH.value())) {
             identityProviderConfig = config.to(DingTalkIdpOauthConfig.class);
             //企业微信扫码
@@ -271,7 +272,7 @@ public interface IdentityProviderConverter {
         }
         //支付宝认证
         else if (type.equals(ALIPAY_OAUTH.value())) {
-            identityProviderConfig = config.to(GiteeIdpOAuth2Config.class);
+            identityProviderConfig = config.to(AlipayIdpOAuth2Config.class);
         } else {
             throw new TopIamException("不支持此身份提供商");
         }

eiam-portal/src/main/java/cn/topiam/employee/portal/configuration/security/IdpRedirectParameterMatcher.java

@@ -17,15 +17,15 @@
  */
 package cn.topiam.employee.portal.configuration.security;
 
-import cn.topiam.employee.authentication.alipay.filter.AlipayAuthorizationRequestRedirectFilter;
-import cn.topiam.employee.authentication.gitee.filter.GiteeAuthorizationRequestRedirectFilter;
-import cn.topiam.employee.authentication.github.filter.GithubOAuth2AuthorizationRequestRedirectFilter;
 import org.springframework.security.web.util.matcher.OrRequestMatcher;
 import org.springframework.security.web.util.matcher.RequestMatcher;
 
+import cn.topiam.employee.authentication.alipay.filter.AlipayAuthorizationRequestRedirectFilter;
 import cn.topiam.employee.authentication.dingtalk.filter.DingtalkOAuth2AuthorizationRequestRedirectFilter;
 import cn.topiam.employee.authentication.dingtalk.filter.DingtalkScanCodeAuthorizationRequestGetFilter;
 import cn.topiam.employee.authentication.feishu.filter.FeiShuAuthorizationRequestRedirectFilter;
+import cn.topiam.employee.authentication.gitee.filter.GiteeAuthorizationRequestRedirectFilter;
+import cn.topiam.employee.authentication.github.filter.GithubOAuth2AuthorizationRequestRedirectFilter;
 import cn.topiam.employee.authentication.qq.filter.QqOAuth2AuthorizationRequestRedirectFilter;
 import cn.topiam.employee.authentication.wechat.filter.WeChatScanCodeAuthorizationRequestRedirectFilter;
 import cn.topiam.employee.authentication.wechatwork.filter.WeChatWorkScanCodeAuthorizationRequestRedirectFilter;

eiam-portal/src/main/java/cn/topiam/employee/portal/configuration/security/PortalSecurityConfiguration.java

@@ -51,6 +51,7 @@ import com.fasterxml.jackson.annotation.JsonInclude;
 import com.fasterxml.jackson.databind.ObjectMapper;
 
 import cn.topiam.employee.audit.event.AuditEventPublish;
+import cn.topiam.employee.authentication.alipay.configurer.AlipayAuthenticationConfigurer;
 import cn.topiam.employee.authentication.common.configurer.IdpBindAuthenticationConfigurer;
 import cn.topiam.employee.authentication.common.jackjson.AuthenticationJacksonModule;
 import cn.topiam.employee.authentication.common.service.UserIdpService;
@@ -59,8 +60,8 @@ import cn.topiam.employee.authentication.dingtalk.configurer.DingtalkScanCodeAut
 import cn.topiam.employee.authentication.feishu.configurer.FeiShuScanCodeAuthenticationConfigurer;
 import cn.topiam.employee.authentication.gitee.configurer.GiteeAuthenticationConfigurer;
 import cn.topiam.employee.authentication.github.configurer.GithubOauthAuthenticationConfigurer;
-import cn.topiam.employee.authentication.otp.mail.MailOtpAuthenticationConfigurer;
+import cn.topiam.employee.authentication.otp.mail.configurer.MailOtpAuthenticationConfigurer;
-import cn.topiam.employee.authentication.otp.sms.SmsOtpAuthenticationConfigurer;
+import cn.topiam.employee.authentication.otp.sms.configurer.SmsOtpAuthenticationConfigurer;
 import cn.topiam.employee.authentication.qq.configurer.QqOauthAuthenticationConfigurer;
 import cn.topiam.employee.authentication.wechat.configurer.WeChatScanCodeAuthenticationConfigurer;
 import cn.topiam.employee.authentication.wechatwork.configurer.WeChatWorkScanCodeAuthenticationConfigurer;
@@ -90,14 +91,15 @@ import cn.topiam.employee.support.security.savedredirect.LoginRedirectParameterF
 import static org.springframework.http.HttpMethod.*;
 import static org.springframework.security.config.Customizer.withDefaults;
 
+import static cn.topiam.employee.authentication.alipay.configurer.AlipayAuthenticationConfigurer.alipayOauth;
 import static cn.topiam.employee.authentication.common.configurer.IdpBindAuthenticationConfigurer.idpBind;
 import static cn.topiam.employee.authentication.dingtalk.configurer.DingtalkOAuth2AuthenticationConfigurer.dingtalkOAuth2;
 import static cn.topiam.employee.authentication.dingtalk.configurer.DingtalkScanCodeAuthenticationConfigurer.dingtalkScanCode;
 import static cn.topiam.employee.authentication.feishu.configurer.FeiShuScanCodeAuthenticationConfigurer.feiShuScanCode;
 import static cn.topiam.employee.authentication.gitee.configurer.GiteeAuthenticationConfigurer.giteeOauth;
 import static cn.topiam.employee.authentication.github.configurer.GithubOauthAuthenticationConfigurer.github;
-import static cn.topiam.employee.authentication.otp.mail.MailOtpAuthenticationConfigurer.mailOtp;
+import static cn.topiam.employee.authentication.otp.mail.configurer.MailOtpAuthenticationConfigurer.mailOtp;
-import static cn.topiam.employee.authentication.otp.sms.SmsOtpAuthenticationConfigurer.smsOtp;
+import static cn.topiam.employee.authentication.otp.sms.configurer.SmsOtpAuthenticationConfigurer.smsOtp;
 import static cn.topiam.employee.authentication.qq.configurer.QqOauthAuthenticationConfigurer.qq;
 import static cn.topiam.employee.authentication.wechat.configurer.WeChatScanCodeAuthenticationConfigurer.weChatScanCode;
 import static cn.topiam.employee.authentication.wechatwork.configurer.WeChatWorkScanCodeAuthenticationConfigurer.weChatWorkScanCode;
@@ -217,7 +219,13 @@ public class PortalSecurityConfiguration extends AbstractSecurityConfiguration
         requestMatchers.add(giteeCode.getRequestMatcher());
         httpSecurity.apply(giteeCode);
 
-        //支付宝 todo
+        //支付宝
+        AlipayAuthenticationConfigurer alipayOauth = alipayOauth(identityProviderRepository, userIdpService)
+                .successHandler(successHandler)
+                .failureHandler(failureHandler)
+                .authenticationDetailsSource(authenticationDetailsSource);
+        requestMatchers.add(alipayOauth.getRequestMatcher());
+        httpSecurity.apply(alipayOauth);
 
         //RequestMatcher
         OrRequestMatcher requestMatcher = new OrRequestMatcher(requestMatchers);

eiam-portal/src/main/portal-fe/src/constants/index.tsx

@@ -37,6 +37,7 @@ export enum IDP_TYPE {
   QQ_OAUTH = 'qq_oauth',
   GITEE_OAUTH = 'gitee_oauth',
   GITHUB_OAUTH = 'github_oauth',
+  ALIPAY_OAUTH = 'alipay_oauth',
   WEIBO_OAUTH = 'weibo_oauth',
   WECHATWORK_QR = 'wechatwork_qr',
 }

eiam-portal/src/main/portal-fe/src/pages/Login/Login.tsx

@@ -214,6 +214,21 @@ const Login = () => {
     window.open(path, '_self');
   };
 
+  /**
+   * alipay
+   *
+   * @param id
+   */
+  const alipayOauthOnClick = (id: string) => {
+    const query = queryString.parse(history.location.search);
+    const { redirect_uri } = query as { redirect_uri: string };
+    let path = `/api/v1/authorization/alipay_oauth/${id}`;
+    if (redirect_uri) {
+      path = `${path}?redirect_uri=${redirect_uri}`;
+    }
+    window.open(path, '_self');
+  };
+
   /**
    * 提交
    *
@@ -518,6 +533,11 @@ const Login = () => {
                                                 githubOauthOnClick(value.code);
                                                 return;
                                               }
+                                              //支付宝，跳转页面
+                                              if (value.type === IDP_TYPE.ALIPAY_OAUTH) {
+                                                alipayOauthOnClick(value.code);
+                                                return;
+                                              }
                                               //其他方式，跳转页面
                                               else {
                                                 setCurrentProvider({