Tai.Account.Extension.HttpApi
1.0.5
dotnet add package Tai.Account.Extension.HttpApi --version 1.0.5
NuGet\Install-Package Tai.Account.Extension.HttpApi -Version 1.0.5
This command is intended to be used within the Package Manager Console in Visual Studio, as it uses the NuGet module's version of Install-Package.
<PackageReference Include="Tai.Account.Extension.HttpApi" Version="1.0.5" />
For projects that support PackageReference, copy this XML node into the project file to reference the package.
<PackageVersion Include="Tai.Account.Extension.HttpApi" Version="1.0.5" />
<PackageReference Include="Tai.Account.Extension.HttpApi" />
For projects that support Central Package Management (CPM), copy this XML node into the solution Directory.Packages.props file to version the package.
paket add Tai.Account.Extension.HttpApi --version 1.0.5
The NuGet Team does not provide support for this client. Please contact its maintainers for support.
#r "nuget: Tai.Account.Extension.HttpApi, 1.0.5"
#r directive can be used in F# Interactive and Polyglot Notebooks. Copy this into the interactive tool or source code of the script to reference the package.
#:package Tai.Account.Extension.HttpApi@1.0.5
#:package directive can be used in C# file-based apps starting in .NET 10 preview 4. Copy this into a .cs file before any lines of code to reference the package.
#addin nuget:?package=Tai.Account.Extension.HttpApi&version=1.0.5
#tool nuget:?package=Tai.Account.Extension.HttpApi&version=1.0.5
The NuGet Team does not provide support for this client. Please contact its maintainers for support.
Tai.Account.Extension
ABP 可复用模块,为 OpenIddict 提供微信登录与短信验证码登录的扩展 Grant 类型。
特性
- 微信 PC 扫码登录 (
wechat_pc_qr) — 微信开放平台网站应用扫码登录 - 微信公众号 OAuth 登录 (
wechat_mp_oauth) — 公众号内 H5 网页授权登录 - 微信小程序登录 (
wechat_mini_program) — 小程序wx.login获取 code 登录 - 微信公众号扫码事件登录 (
wechat_mp_qr_event) — 公众号带参数二维码扫码/关注事件登录 - 手机短信验证码登录 (
phone_sms_code) — 通过 ABPISmsSender发送验证码登录(服务商无关) - 手机短信验证码找回密码 — 复用 ABP 默认
/api/account/reset-password,改用手机验证码颁发 reset token - 可配置的自动注册策略 — 未知微信 openid / 未注册手机号在登录时是否自动创建用户,默认关闭
- 多微信应用 UnionId 打通
- 验证码频率限制与过期控制
项目结构
src/
├── Tai.Account.Extension.Domain.Shared # 常量、Grant 类型名称、本地化
├── Tai.Account.Extension.Domain # 微信 API 客户端、短信服务、Setting 定义
├── Tai.Account.Extension.Application.Contracts # 应用服务接口与 DTO
├── Tai.Account.Extension.Application # 应用服务实现、ExtensionGrant 处理器
├── Tai.Account.Extension.HttpApi # API 控制器
└── Tai.Account.Extension.HttpApi.Client # C# HTTP 客户端代理
test/
├── Tai.Account.Extension.TestBase
├── Tai.Account.Extension.Domain.Tests
└── Tai.Account.Extension.Application.Tests
快速开始
1. 安装模块
将以下项目引用添加到宿主应用的对应层:
dotnet add package Tai.Account.Extension.Application
dotnet add package Tai.Account.Extension.HttpApi
# 仅需要客户端代理时
dotnet add package Tai.Account.Extension.HttpApi.Client
在宿主模块中添加 DependsOn:
[DependsOn(typeof(AccountExtensionApplicationModule))]
[DependsOn(typeof(AccountExtensionHttpApiModule))]
public class YourHostModule : AbpModule { }
2. 配置 Settings
通过 ABP Setting 系统(appsettings.json、数据库或 Setting Management
UI)配置以下项:
微信配置:
| Setting Key | 说明 |
|---|---|
AccountExtension.WeChat.PublicAccount.AppId |
公众号 AppId |
AccountExtension.WeChat.PublicAccount.AppSecret |
公众号 AppSecret |
AccountExtension.WeChat.OpenPlatform.AppId |
开放平台 AppId |
AccountExtension.WeChat.OpenPlatform.AppSecret |
开放平台 AppSecret |
AccountExtension.WeChat.MiniProgram.AppId |
小程序 AppId |
AccountExtension.WeChat.MiniProgram.AppSecret |
小程序 AppSecret |
AccountExtension.WeChat.QrEvent.TtlSeconds |
扫码事件二维码有效期(默认 120s) |
短信配置:
本模块不绑定具体短信服务商,依赖宿主注册的 Volo.Abp.Sms.ISmsSender
实现完成真实发送。发送时会向 SmsMessage.Properties 写入
TemplateCode 与 TemplateParam(JSON 字符串),由具体 ISmsSender
实现读取使用;SignName、AccessKey 等服务商凭据由该实现自行管理,不在本模块职责之内。
| Setting Key | 说明 |
|---|---|
AccountExtension.Sms.TemplateCode |
短信模板 Code(如阿里云 SMS_123456789),真实发送时必填 |
AccountExtension.Sms.TemplateParamCodeName |
模板中验证码变量名,用于构造 TemplateParam JSON(如模板 您的验证码是 ${code} 填 code),默认 code |
AccountExtension.Sms.CodeTtlSeconds |
验证码有效期(默认 300s) |
AccountExtension.Sms.RateLimitSeconds |
发送频率限制(默认 60s) |
AccountExtension.Sms.CodeLength |
验证码长度(默认 6 位) |
AccountExtension.Sms.TestModeEnabled |
短信测试模式;开启后跳过真实发送、验证码统一为固定值;生产环境会被服务端强制忽略。默认 false |
AccountExtension.Sms.TestModeFixedCode |
测试模式下使用的固定验证码,默认 123456 |
自动注册配置:
| Setting Key | 说明 |
|---|---|
AccountExtension.AutoRegister.ExternalLoginEnabled |
微信等外部登录遇到未绑定账号时是否自动注册(默认 false) |
AccountExtension.AutoRegister.PhoneEnabled |
手机短信登录遇到未注册手机号时是否自动注册(默认 false) |
默认行为(安全优先):当以上两个开关为
false时,未注册用户无法通过相应渠道登录, 颁发 Token 会返回 OpenIddict 标准错误invalid_grant,error_description分别为AccountExtension:PhoneNotRegistered/AccountExtension:ExternalLoginNotRegistered。 前端可据此引导用户走标准注册流程。
3. 注册 OpenIddict 允许的 Grant Type
在宿主的 OpenIddict 配置中,确保允许自定义 Grant Type(模块已自动注册,无需额外配置)。
如需限定特定客户端可用的 Grant Type,在 OpenIddict 客户端种子数据中添加:
await CreateClientAsync(
"your-client-id",
grantTypes: new[]
{
OpenIddictConstants.GrantTypes.Password,
OpenIddictConstants.GrantTypes.RefreshToken,
"wechat_pc_qr",
"wechat_mp_oauth",
"wechat_mini_program",
"wechat_mp_qr_event",
"phone_sms_code"
}
);
前端集成
短信验证码登录
# 1. 发送验证码
POST /api/account-extension/sms/send-code
{ "phoneNumber": "13800138000" }
# 2. 请求 Token
POST /connect/token
Content-Type: application/x-www-form-urlencoded
grant_type=phone_sms_code
&client_id=your-client-id
&phone_number=13800138000
&code=123456
&scope=openid offline_access
手机短信验证码找回密码
# 1. 发送找回密码验证码(/会校验手机号是否已注册)
POST /api/account-extension/password-reset/send-sms-code
{ "phoneNumber": "13800138000" }
# 2. 验证验证码,换取 ABP 密码重置 token
POST /api/account-extension/password-reset/verify-sms-code
{ "phoneNumber": "13800138000", "code": "123456" }
→ { "userId": "xxx", "resetToken": "xxx" }
# 3. 调用 ABP 默认端点完成密码重置(未做任何改动)
POST /api/account/reset-password
{ "userId": "xxx", "resetToken": "xxx", "password": "NewPass@123" }
说明:短信验证码仅用于换取一次性
resetToken,真正的密码重置仍由 ABPIdentityUserManager.ResetPasswordAsync执行,token 具备密码学签名与有效期。
微信小程序登录
POST /connect/token
Content-Type: application/x-www-form-urlencoded
grant_type=wechat_mini_program
&client_id=your-client-id
&code=wx.login()返回的code
&scope=openid offline_access
微信 PC 扫码登录
POST /connect/token
Content-Type: application/x-www-form-urlencoded
grant_type=wechat_pc_qr
&client_id=your-client-id
&code=微信回调返回的code
&scope=openid offline_access
微信公众号 OAuth 登录
POST /connect/token
Content-Type: application/x-www-form-urlencoded
grant_type=wechat_mp_oauth
&client_id=your-client-id
&code=网页授权回调的code
&scope=openid offline_access
微信公众号扫码事件登录
# 1. 获取带参数二维码
POST /api/account-extension/wechat/qr-login
# 2. 轮询扫码结果
GET /api/account-extension/wechat/qr-poll?sceneId=xxx
# 3. 扫码成功后请求 Token
POST /connect/token
Content-Type: application/x-www-form-urlencoded
grant_type=wechat_mp_qr_event
&client_id=your-client-id
&scene_id=xxx
&scope=openid offline_access
微信事件回调:需将
GET/POST /api/account-extension/wechat/mp-event配置为公众号的服务器 URL。
技术栈
- .NET 10 / ABP 10.3
- OpenIddict Extension Grants
- ABP
Volo.Abp.Sms.ISmsSender(服务商无关,短信发送由宿主注册的实现负责) - ABP Distributed Cache(验证码 & 扫码事件状态)
Roadmap
- 微信 UnionId 多应用账号合并策略优化
- 手机号一键登录(运营商本机号校验)
- 登录日志与审计事件
- 微信公众号模板消息通知
Nuget
dotnet pack Tai.Account.Extension.slnx --configuration Release --output nupkgs
dotnet nuget push "nupkgs/*.nupkg" --api-key YOUR_API_KEY --source https://api.nuget.org/v3/index.json --skip-duplicate
```bash
## License
MIT
| Product | Versions Compatible and additional computed target framework versions. |
|---|---|
| .NET | net10.0 is compatible. net10.0-android was computed. net10.0-browser was computed. net10.0-ios was computed. net10.0-maccatalyst was computed. net10.0-macos was computed. net10.0-tvos was computed. net10.0-windows was computed. |
Compatible target framework(s)
Included target framework(s) (in package)
Learn more about Target Frameworks and .NET Standard.
-
net10.0
- Tai.Account.Extension.Application.Contracts (>= 1.0.5)
- Tai.Account.Extension.Domain (>= 1.0.5)
- Volo.Abp.AspNetCore.Mvc (>= 10.3.0)
- Volo.Abp.Caching (>= 10.3.0)
NuGet packages
This package is not used by any NuGet packages.
GitHub repositories
This package is not used by any popular GitHub repositories.