Welcome
Getting Started
How to Guides
Application vs Blocklet
Create Blocklet
Compose Blocklets
Develop Blocklet
User and Passport
Communicate with DID Wallet
Blocklet Storage
Using Blocklet Preferences
Using Blocklet Logger
Add PWA Integration to Blocklet
Build blocklet for profit [deprecated]
Bundle your blocklet
Manage Blocklet Versions
Publish your blocklet to the world
Deploy your blocklet
Read/Write blockchain in blocklet
Operation your blocklet
Reference Guides
DID Connect
blocklet.yml
blocklet.js
Blocklet SDK (Node.js)
Blocklet SDK (Browser)
Blocklet Service
Blocklet CLI
Blocklet Server CLI
Blocklet UI
Blocklet GitHub Actions
Blocklet Studio
Blocklet Manager
Security
Performance
Developer Best Practices.
Known Issues or Limitations
Setup Blocklet Server
WebHooks
OAuth Server
Access Key
MCP Servers
Conceptual Guides
Frequently Asked Questions
OAuth Server
Overview#
Blocklet Service can function as an OAuth server, supporting the standard OAuth 2.0 authorization code grant. It provides unified authentication and authorization services for third-party applications (such as Grafana). The process is similar to that of GitHub or Google's OAuth and is compatible with OpenID Connect.
Features:
- OAuth 2.0 Authorization Code Grant Flow
- Retrieving Basic User Information with OpenID Connect
- Integrates with services supporting Generic OAuth, such as Grafana
- Customizable Authorization Pages and Scope Management
Authorization Overview#
- Users choose to log in via OAuth in third-party applications
- The application redirects the user to the local OAuth Server for authentication and authorization.
- After the user grants authorization, the OAuth Server redirects to the application with an authorization code.
- The application uses the authorization code to obtain an access token
- The application retrieves user information using the access token to complete login.
Authorization Process Details#
User Authorization#
Third-party applications will redirect users to the following URL:
GET https://your-oauth-server/oauth/authorize
?client_id=YOUR_CLIENT_ID
&redirect_uri=YOUR_REDIRECT_URI
&scope=openid%20profile%20email
&state=RANDOM_STRING
&response_type=codeArgument Description:
- client_id: The application's client ID
- redirect_uri: Callback URL; this must match the registered URL.
- scope: The requested permissions
- state: To prevent CSRF attacks, generate this value randomly.
- response_type: Must be `code
User Consent#
After the user logs in and grants authorization, the OAuth Server redirects to the `redirect_uri`, including the `code` and `state` parameters:
GET YOUR_REDIRECT_URI?code=AUTH_CODE&state=RANDOM_STRINGToken Exchange for Applications#
Retrieve an access token using the authorization code:
POST https://your-oauth-server/oauth/token
Content-Type: application/x-www-form-urlencoded
client_id=YOUR_CLIENT_ID
&client_secret=YOUR_CLIENT_SECRET
&code=AUTH_CODE
&grant_type=authorization_code
&redirect_uri=YOUR_REDIRECT_URIReturns:
{
"access_token": "ACCESS_TOKEN",
"token_type": "bearer",
"expires_in": 3600,
"refresh_token": "REFRESH_TOKEN",
"scope": "openid profile email"
}Retrieve User Information#
Retrieve user information with an access token:
GET https://your-oauth-server/oauth/userinfo
Authorization: Bearer ACCESS_TOKEN{
"sub": "user_id",
"name": "用户名",
"email": "邮箱"
}