During the OAuth login process, Volcano Engine supports OAuth authentication in the authorization code mode, which requires obtaining the authorization code through the authorization endpoint of the enterprise identity system, obtaining the AccessToken through the Token endpoint, and obtaining user information through the UserInfo endpoint.

Obtaining the authorization code is returned through the URL parameter, and the interface standards for obtaining AccessToken and user information are as follows:

Access_token API Standard #

Response example

{ 
     "access_token": "", 
     "token_type": "Bearer", 
     "refresh_token": "", 
     "expire_in": 3600 
 }

User_info API Standard #

Response example

{ 
    "user": { 
        "name": "" 
    } 
}

• Note that user_info return results based on the JSON structure. The format returned affects the configuration of user mapping rules when configuring the Oauth identity provider in access control.
  • If the return format of the user_info is a multi-layer JSON structure, and the enterprise employee information field (for example, the name field) that needs to be mapped is in the inner layer, refer to the above example, then the user mapping rule can be user.name.
    
  • If the return format of the user_info is a single-layer JSON structure, and the enterprise employee information field (for example, the name field) that needs to be mapped is in the outermost layer, then the name can be taken from the user mapping rule.