Skip to content

fix(123_open): fix token refresh #1121

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
xrgzs merged 1 commit into from
Aug 23, 2025
Merged

fix(123_open): fix token refresh #1121

xrgzs merged 1 commit into from
Aug 23, 2025

Conversation

@WangEdward
Copy link
Contributor

@WangEdward WangEdward commented Aug 21, 2025
edited
Loading

client_secret is required for oauth2 endpoint
let refresh_token determine the auth flow

docs: https://123yunpan.yuque.com/org-wiki-123yunpan-muaork/cr6ced/gammzlhe6k4qtwd9

@ILoveScratch2 ILoveScratch2 requested a review from Copilot August 21, 2025 06:37
Copilot AI reviewed Aug 21, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR fixes the token refresh mechanism in the 123_open driver by ensuring client_secret is included in OAuth2 endpoint requests as required by the API documentation.

  • Restructures the conditional logic to require both ClientID and ClientSecret before attempting token operations
  • Adds missing client_secret parameter to the refresh token request
  • Reorders the token acquisition flow to prioritize refresh token usage when available

Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.

@xrgzs xrgzs self-requested a review August 21, 2025 09:49
xrgzs
xrgzs requested changes Aug 21, 2025
View reviewed changes
@WangEdward WangEdward requested a review from xrgzs August 21, 2025 10:45
xrgzs
xrgzs reviewed Aug 21, 2025
View reviewed changes
Copy link
Member

@xrgzs xrgzs left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

OpenList 内,只需要提供两种就可以:

  1. Client ID + Client Secret:开发者接入
  2. Client ID + Refresh Token:第三方挂载应用接入(使用回调)

对于下面这两种,一般不会出现

  1. Client ID + Client Secret + Refresh Token
  2. Client ID + Client Secret + Code

因为第三方挂载应用接入的 Client Secret 通常不会公开,只会放到 OpenList-APIPages 上,而且一般申请不到,OpenListTeam不满足资质认证,不会主动对接

另外,第 2 种的 Refresh Token 也能一直刷新

因此,保留原始逻辑即可

@WangEdward
Copy link
Contributor Author

WangEdward commented Aug 22, 2025

@xrgzs 我理解,这个 pr 主要解决的问题是原来只要填写了 Client Secret 就无法进入第三方挂载应用接入的刷新逻辑(即使有填 Refresh Token),修改后用 Refresh Token 区分刷新逻辑比较可靠。

  1. Client ID + Refresh Token:第三方挂载应用接入(使用回调)

这个按照目前 123 的逻辑确实就是足够了

对于下面这两种,一般不会出现

  1. Client ID + Client Secret + Refresh Token

这个我认为无论是按照 123 的文档 还是 oauth 的文档 都有提到传递 Client Secret;并且按照一些通用的底层包 Go / Swift 都是如果有提供就传递 Client Secret,按照现在这个实现应该比较稳妥

xrgzs
xrgzs approved these changes Aug 22, 2025
View reviewed changes
Copy link
Member

@xrgzs xrgzs left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@xrgzs xrgzs merged commit a28d6d5 into OpenListTeam:main Aug 23, 2025
12 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@xrgzs xrgzs xrgzs approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@WangEdward @xrgzs