[Python] 企业内部应用接入钉钉登录,端内免登录+浏览器授权登录

Python 为企业网站应用接入钉钉鉴权,实现钉钉客户端内自动免登授权,浏览器中手动钉钉授权登录两种逻辑。

操作步骤

  1. 企业内部获得 开发者权限,没有的话先申请。

  2. 访问 钉钉开放平台-应用开发 创建一个 企业内部应用-钉钉应用

  3. 打开应用详情页,获取 Client IDClient SecretCorpId 备用,获取方式如下图所示。

  4. 编写代码,搭建相应服务(见下方示例代码)


示例代码(以Flask作为后端):

- templates/auth.html
html 复制代码
<!DOCTYPE html>
<html lang="zh">
<head>
    <meta charset="UTF-8">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <title>auth</title>
    <script src="https://g.alicdn.com/dingding/dingtalk-jsapi/3.0.25/dingtalk.open.js"></script>
    <script>
        // 检查是否在钉钉环境中
        function isDingTalk() {
            return /DingTalk/.test(navigator.userAgent);
        }

        if (isDingTalk()) {
            dd.ready(function () {
                dd.runtime.permission.requestAuthCode({
                    corpId: "dingxxxxxxxxxx", // 企业id
                    onSuccess: function (info) {
                        console.log(info);
                        location.href = "/demo/oauth_redirect?code=" + info.code + "&url=" + location.href;
                    }
                });
            });
        } else {
            location.href = "/demo/oauth_redirect?url=" + location.href;
        }
    </script>
</head>
<body>
</body>
</html>
  • 需修改:corpId: "dingxxxxxxxxxx" 替换为真实的CorpId
  • 代码逻辑:若在钉钉端内,则借助钉钉免登码完成登录。反之,则跳转钉钉授权页面进行授权登录(授权页面重定向由后端控制,当然直接写在前端也可以)
- app.py
python 复制代码
# -*- coding: utf-8 -*-
# Author: 薄荷你玩
import glob
import html
import json
import os
import random
import re
import time
import traceback
from datetime import datetime
from typing import List, Union
from flask import Flask, request, jsonify, Response, render_template, make_response, session
from utils import dingtalk_api

app = Flask(__name__, static_folder='static')

# 设置一个密钥用于加密会话数据
app.secret_key = '123456'

@app.after_request
def add_cors_headers(response):
    response.headers['Access-Control-Allow-Origin'] = '*'  # 允许所有来源的跨域请求
    response.headers['Access-Control-Allow-Methods'] = 'GET, POST, OPTIONS'  # 允许的 HTTP 方法
    response.headers['Access-Control-Allow-Headers'] = '*'  # 允许的请求头
    return response

@app.route("/demo")
def demo():
    if 'user' in session:
        return render_template('index.html', user=session['user'])
	    # <span style="float: right; display: flex;  align-items: center; gap: 5px;">你好,{{user.name}} <img src="{{user.avatar}}" width="25"/></span>
    return render_template('auth.html')

@app.route("/demo/oauth_redirect")
def demo_oauth_redirect():
    code = request.args.get("code")
    url = request.args.get("url")
    if not code:
        # 重定向到钉钉授权登录页
        redirect_uri = url.split("demo")[0] + "demo/oauth-web"
        client_id = "dingyyyyyyyyyy"  # Client ID
        return app.redirect(f"https://login.dingtalk.com/oauth2/auth?redirect_uri={redirect_uri}&response_type=code&client_id={client_id}&scope=openid&state={url}&prompt=consent")
    else:
        user_info = dingtalk_api.x_get_user_info_by_app_code(code)
        if user_info['success']:
            session['user'] = user_info['data']
            return app.redirect(url)
        else:
            return user_info["msg"]

@app.route("/demo/oauth-web")
def demo_oauth_web():
    """ 钉钉回调URL,配置到钉钉开发平台 """
    code = request.args.get("code")
    state = request.args.get("state")
    user_info = dingtalk_api.x_get_user_info_by_web_code(code)
    if user_info['success']:
        session['user'] = user_info['data']
        return app.redirect(state)
    return user_info["msg"]

@app.errorhandler(500)
def internal_server_error(error):
    # 获取完整的 traceback 信息
    traceback_info = traceback.format_exc()

    # 返回具体的错误内容和完整的 traceback
    response = result_map(500, False, str(error), traceback_info)
    return jsonify(response), 500

if __name__ == '__main__':
    app.run(host="0.0.0.0", port=5000)
  • 需修改:client_id = "dingyyyyyyyyyy" 替换为真实的Client ID
- utils/dingtalk_api.py
python 复制代码
# -*- coding: utf-8 -*-
# Author: 薄荷你玩
# Date: 2025/04/07

import requests

DINGTALK_DOMAIN = "https://api.dingtalk.com"
CorpId = "dingxxxxxxxxxx"  # 企业ID
ClientId = "dingyyyyyyyyyy"  # Client ID
ClientSecret = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"  # Client Secret


def user_info(name, avatar, unionid):
    return {
        "success": True,
        "data": {
            "name": name,
            "avatar": avatar,
            "unionid": unionid
        }
    }


def get_user_token_by_web_code(code):
    """
    获取用户Token--access_token,根据web端钉钉授权code
    :param code:
    :return:
    """
    url = DINGTALK_DOMAIN + f"/v1.0/oauth2/userAccessToken"
    headers = {
        "Content-Type": "application/json"
    }
    data = {
        "clientId": ClientId,
        "clientSecret": ClientSecret,
        "code": code,
        "refreshToken": "",
        "grantType": "authorization_code"
    }

    response = requests.post(url, json=data, headers=headers)
    res = response.json()
    print(res)
    return res


def get_user_info_by_access_token(access_token):
    """
    获取用户通讯录个人信息
    :param access_token:
    :return:
    """
    url = DINGTALK_DOMAIN + f"/v1.0/contact/users/me"
    headers = {
        "Content-Type": "application/json",
        "x-acs-dingtalk-access-token": access_token
    }
    response = requests.get(url, headers=headers)
    res = response.json()
    print(res)
    return res


def x_get_user_info_by_web_code(code):
    res = get_user_token_by_web_code(code)
    if "accessToken" in res.keys():
        res = get_user_info_by_access_token(res["accessToken"])
        if "nick" in res.keys():
            return user_info(name=res['nick'], avatar=res['avatarUrl'], unionid=res['unionId'])
    return {"success": False, "msg": res}


# 钉钉企业内部免登
def get_access_token():
    url = DINGTALK_DOMAIN + f"/v1.0/oauth2/{CorpId}/token"
    headers = {
        "Content-Type": "application/json"
    }
    data = {
        "client_id": ClientId,
        "client_secret": ClientSecret,
        "grant_type": "client_credentials"
    }

    response = requests.post(url, json=data, headers=headers)
    res = response.json()
    print(res)
    return res


def get_user_id_by_code(access_token, code):
    """通过免登码获取用户userid(v2)"""
    url = f"https://oapi.dingtalk.com/topapi/v2/user/getuserinfo?access_token={access_token}"
    headers = {
        "Content-Type": "application/json"
    }
    data = {
        "code": code
    }

    response = requests.post(url, json=data, headers=headers)
    res = response.json()
    print(res)
    return res


def get_user_info_by_user_id(access_token, userid):
    """通过免登码获取用户userid(v2)"""
    url = f"https://oapi.dingtalk.com/topapi/v2/user/get?access_token={access_token}"
    headers = {
        "Content-Type": "application/json"
    }
    data = {
        "userid": userid
    }
    response = requests.post(url, json=data, headers=headers)
    res = response.json()
    print(res)
    return res


def x_get_user_info_by_app_code(code):
    access_token = get_access_token()['access_token']
    res = get_user_id_by_code(access_token, code)
    if "result" in res.keys():
        user_id = res["result"]["userid"]
        res = get_user_info_by_user_id(access_token, user_id)
        if "result" in res.keys():
            return user_info(name=res['result']['name'], avatar=res['result']['avatar'],
                             unionid=res['result']['unionid'])
    return {"success": False, "msg": res}


if __name__ == '__main__':
    # res = x_get_user_info_by_app_code("{钉钉端内-免登码}")
    res = x_get_user_info_by_web_code("{钉钉web授权码}")
    print(res)
  • 需修改:

    python 复制代码
    CorpId = "dingxxxxxxxxxx"  # 企业ID
    ClientId = "dingyyyyyyyyyy"  # Client ID
    ClientSecret = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"  # Client Secret

    替换为真实的ID或秘钥


  1. 配置回调域名,如下图所示,填写用户授权后的回调地址(如:http://192.168.2.1:5000/demo/oauth-web),实际使用中换成正式的服务域名。
  2. 配置完成后,钉钉内访问 /demo (如:http://192.168.2.1:5000/demo)即可自动登录(获取姓名和头像等信息);浏览器访问会自动跳转钉钉授权登录页面,授权后完成登录。
相关推荐
科技道人3 小时前
记录 默认置灰/禁用 app ‘Search Engine Selector‘ 的disable按钮
开发语言·前端·javascript
向日的葵0065 小时前
langchain的Tools教程(三)
python·langchain·tools
逝水无殇6 小时前
C# 异常处理详解
开发语言·后端·c#
言乐67 小时前
Python实现可运行解密游戏游戏框架
python·游戏·小程序·游戏程序·关卡设计
YUS云生7 小时前
Python学习笔记·第31天:FastAPI入门——路由、路径参数、查询参数与请求体
笔记·python·学习
玖玥拾7 小时前
C# 语言进阶(十五)C# 游戏服务端 MySQL 数据库
服务器·开发语言·网络·数据库·mysql·c#
智写-AI7 小时前
真实有效的免费降英文AI工具服务商
人工智能·python
铅笔侠_小龙虾8 小时前
Rust 学习目录
开发语言·学习·rust
yuhuofei20218 小时前
【Python入门】了解掌握Python中函数的基本使用
python
云泽8088 小时前
从零吃透 C++ 异常:抛出捕获、栈展开、异常重抛与编码规范详解
开发语言·c++·代码规范