icyux / bili-auth Goto Github PK
View Code? Open in Web Editor NEW第三方哔哩哔哩 OAuth 2.0 API,基于私信鉴权 | Third-party Bilibili OAuth 2.0 API
Home Page: https://bili-auth.icyu.me:41259
License: Apache License 2.0
第三方哔哩哔哩 OAuth 2.0 API,基于私信鉴权 | Third-party Bilibili OAuth 2.0 API
Home Page: https://bili-auth.icyu.me:41259
License: Apache License 2.0
注意到当前项目使用sqlite3作为数据库,并且在main.py中写死了
实际上我希望数据库的连接希望可以在config.toml中定义
如题,希望可以有Dockerfile,并且通过github action push到 docker hub,如果可以的话,我可以提供PR来添加这个功能
哔哩哔哩鉴权使用的是 Cookie 中的 SESSDATA
字段,其中含有一个数字大概率是 Unix 时间戳。最近发现, Cookie 失效时间远远早于此时间戳规定的有效期(约半年)。
在抓取登录请求时发现 API 返回了一个名为 refresh_token
的字段,由此推测是近期更改了鉴权机制设计,SESSDATA
作为临时 Token,使用 refresh_token
作为刷新令牌。
后续考虑研究 refresh_token
机制并且在 bili-auth 中模拟,以避免令牌失效。
display browser and OS info extracted from user-agent
.
在鉴权流程中隐藏右上角的登录按钮,尤其是移动端,以免误触后给用户带来困惑。
一年前由于要开展年报活动,需要b站的鉴权,参考您的思路编写了一个oauth的实现和前端实现.
今天偶然再次翻阅到这个项目,想谈一谈实践中出现的问题和解决方案。
https://message.bilibili.com/#/whisper/mid${botUid}
)的体验是不佳的。第一,用户可能没有在浏览器登录B站;其次,B站在移动端没有对该界面进行适配,操作体验不佳。我们的改进方案是,前端通过UA判断客户端类型,在移动端采用URL Scheme跳转打开该用户的主页(即bilibili://space/${botUid}
),实际体验效果良好。noreferrer
属性即可。我们在去年的年报活动中,oauth服务经过了1w次以上的调用,工作良好。事实证明普通用户也能够理解并使用这种第三方的鉴权项目。
Fetching user info function has been implemented in "base.js", and equivalent code in "authorize.js" and "verify.js" should be removed.
redirect URL should be matched with the specified beginning, just like what GitHub does.
能否尝试接入直播间弹幕[库](https://github.com/xfgryujk/blivedm)代替私信获取,需要发送随机字符串以鉴权
Originally posted by @7est in #6 (comment)
调用B站 API 获取用户基本信息时,将结果缓存下来,再加上有效期,下次请求时直接返回缓存信息即可。
获取缓存用户信息的 API 应设计为需要鉴权。用户可以凭验证请求的令牌查询此用户对应的用户信息,第四方应用可使用有效的应用凭据查询已授权此应用的用户对应信息。除此之外的请求均拒绝。
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.