hdygxsj opened a new issue, #16472: URL: https://github.com/apache/dolphinscheduler/issues/16472
### Search before asking - [X] I had searched in the [DSIP](https://github.com/apache/dolphinscheduler/issues/14102) and found no similar DSIP. ### Motivation DS, as a scheduling platform, is typically deployed on the company's intranet and used by the company's developers. Therefore, users often need to integrate with their company’s internal authentication center. However, the OAuth protocols of these internal authentication centers may vary from company to company, and there might be unique methods for fetching user information. Thus, I believe that DS needs to provide a way for users to integrate with their company’s internal OAuth authentication center. ### Design Detail Most users use the authorization code mode of OAuth2, and currently ds only implements the authorization code mode, so this reconstruction is only for the authorization code mode, and it can continue to expand if necessary in the future. Google's authorization code mode authentication process is as follows.  Different providers may have some differences when obtaining tokens through authorization codes, especially the interfaces used to obtain user information. The main difference lies in the packaging of the request body, such as some providers require the authorization code to be spliced on the url, some providers require in the request body. On the other hand, some providers require to use the post method to obtain user information, some use the get method. And finally, the return body of the user information interface is also very different. - [ ] Introduce the oauth2 plugin module. Define the OAuth2Client api for authorization code login and the corresponding OAuthClient factory in the plugin ```java public interface OAuth2AuthorizeCodeClient { /** * The user login with an authorization code and retrieves user information to generate a user in DS. */ OAuthUserInfo getUserInfo(String authorizationCode); } /** Factory of {@link OAuth2AuthorizeCodeClient} */ public interface OAuth2ClientFactory { /** * OAuth2 provider name */ String provider(); /** * Create oauth client */ OAuth2AuthorizeCodeClient createAuthorizeCodeClient(OAuth2ClientProperties oAuth2ClientProperties); } ``` - [ ] Add default implementations for the OAuth plugin, such as GitHub, Gitee, Google, etc. - [ ] Modify /redirect/login/oauth2 to load the corresponding provider plugin via SPI and complete the login process by obtaining the token and user information through the authorization code. ### Compatibility, Deprecation, and Migration Plan The redirect/login/oauth2 interface needs to be modified, and without any other modification or compatibility issues ### Test Plan Since OAuth2 needs to connect with third-party websites, I have no experience in how to add IT test the provider of OAuth2. If there is any good suggestion, I will implement it. ### Code of Conduct - [X] I agree to follow this project's [Code of Conduct](https://www.apache.org/foundation/policies/conduct) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
