.github/workflows/deploy-snapshot.yml

-name: Deploy SNAPSHOT
+name: Deploy
 
 on: 
   push:
@@ -6,14 +6,29 @@ on:
     paths:
       - src/**
       - pom.xml
-  pull_request:
-    branches: [ dev ]
-    paths:
-      - src/**
-      - pom.xml
 
 jobs:
-  get-latest-tag:
+  test:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2.2.0
+      - name: Set up Java and Maven
+        uses: actions/setup-java@v2
+        with:
+          java-version: '8'
+          distribution: 'adopt'
+      - name: Cache m2 package
+        uses: actions/cache@v2
+        with:
+          path: ~/.m2/repository
+          key: ${{ runner.os }}-maven-${{ hashFiles('pom.xml') }}
+          restore-keys: |
+            ${{ runner.os }}-maven-
+      - run: mvn test
+
+  deploy-snapshot:
+    needs: test
+    if: ${{ success() }}
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v2.2.0
@@ -32,13 +47,19 @@ jobs:
           key: ${{ runner.os }}-maven-${{ hashFiles('pom.xml') }}
           restore-keys: |
             ${{ runner.os }}-maven-
-      - name: get current project version to set env.VERSION
-        run: echo "VERSION=`mvn help:evaluate -Dexpression=project.version -q -DforceStdout`" >> $GITHUB_ENV
-      - name: set snapshot version
-        if: ${{ !endsWith( env.VERSION , '-SNAPSHOT') }} 
-        run: mvn versions:set -DnewVersion=${{ env.VERSION }}-SNAPSHOT
+      - name: setting snapshot version
+        run: |
+          import xml.etree.ElementTree as ET
+          tree = ET.parse("pom.xml")
+          version = tree.find("{http://maven.apache.org/POM/4.0.0}version")
+          print(version.text + "-SNAPSHOT")
+          if version.text.endswith("-SNAPSHOT") == False:
+            tree.find("{http://maven.apache.org/POM/4.0.0}version").text = version.text + "-SNAPSHOT"
+            ET.register_namespace("", "http://maven.apache.org/POM/4.0.0")
+            tree.write("pom.xml", "utf-8", True)
+        shell: python
       - name: deploy snapshot to ossrh repository
-        run: mvn -B deploy -P snapshot
+        run: mvn -B deploy -P snapshot -DskipTests
         env:
           MAVEN_USERNAME: ${{ secrets.OSSRH_USERNAME }}
           MAVEN_PASSWORD: ${{ secrets.OSSRH_TOKEN }}

.github/workflows/test-pr.yml

+name: test pull_request
+
+on: 
+  pull_request:
+    paths:
+      - src/**
+      - pom.xml
+
+jobs:
+  test:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2.2.0
+      - name: Set up Java and Maven
+        uses: actions/setup-java@v2
+        with:
+          java-version: '8'
+          distribution: 'adopt'
+      - name: Cache m2 package
+        uses: actions/cache@v2
+        with:
+          path: ~/.m2/repository
+          key: ${{ runner.os }}-maven-${{ hashFiles('pom.xml') }}
+          restore-keys: |
+            ${{ runner.os }}-maven-
+      - run: mvn test

CHANGELOGS.md

+## 1.16.4
+
+### 2021/9/22
+
+- 合并 PR 
+  - [Github #134](https://github.com/justauth/JustAuth/pull/134)
+  - [Github #133](https://github.com/justauth/JustAuth/pull/133)
+  - [Github #132](https://github.com/justauth/JustAuth/pull/132)
+  - [Github #131](https://github.com/justauth/JustAuth/pull/131)
+- 添加微软中国(世纪华联)第三方登录，新增微软方式登录的redirectUri校验。[Gitee PR #28](https://gitee.com/yadong.zhang/JustAuth/pulls/28)
+- 升级第三方的依赖
+  -  simple-http > 1.0.5 
+  -  lombok > 1.18.20
+  -  junit > 4.13.2
+  -  fastjson > 1.2.78
+  -  alipay-sdk > 4.16.38.ALL
+
 ## 1.16.3
 
 ### 2021/8/15

README.md

@@ -218,7 +218,11 @@ AuthRequest authRequest = AuthRequestBuilder.builder()
 
 ## JustAuth 的用户
 有很多公司、组织和个人把 JustAuth 用于学习、研究、生产环境和商业产品中，包括（但不限于）：
-![](docs/users/4ca0177c.png)
+
+[![](docs/users/col.png)](https://www.mochiwang.com "给作者提供云写作的一个工具")![](docs/users/bjgyol.png)![](docs/users/foresealife.png)![](docs/users/sevnce.png)
+
+![](docs/users/bladex.png)![](docs/users/gun.png)![](docs/users/sika.jpg)![](docs/users/maxkey.png)![](docs/users/shiroaction.png)![](docs/users/xkcoding.png)
+
 
 
 怎么没有我？[登记](https://gitee.com/yadong.zhang/JustAuth/issues/IZ2T7)

bin/version.txt

-1.16.3
+1.16.4

pom.xml

@@ -6,7 +6,7 @@
 
   <groupId>me.zhyd.oauth</groupId>
   <artifactId>JustAuth</artifactId>
-  <version>1.16.3</version>
+  <version>1.16.4</version>
 
   <name>JustAuth</name>
   <url>https://gitee.com/yadong.zhang/JustAuth</url>
@@ -57,11 +57,11 @@
     <maven-surefire-version>2.20</maven-surefire-version>
     <maven-gpg-version>1.6</maven-gpg-version>
     <maven.test.skip>false</maven.test.skip>
-    <simple-http.version>1.0.3</simple-http.version>
-    <lombok-version>1.18.10</lombok-version>
-    <junit-version>4.13.1</junit-version>
-    <fastjson-version>1.2.76</fastjson-version>
-    <alipay-sdk-version>4.8.10.ALL</alipay-sdk-version>
+    <simple-http.version>1.0.5</simple-http.version>
+    <lombok-version>1.18.20</lombok-version>
+    <junit-version>4.13.2</junit-version>
+    <fastjson-version>1.2.78</fastjson-version>
+    <alipay-sdk-version>4.16.38.ALL</alipay-sdk-version>
     <jacoco-version>0.8.2</jacoco-version>
   </properties>
 

src/main/java/me/zhyd/oauth/config/AuthConfig.java

@@ -38,7 +38,10 @@ public class AuthConfig {
     /**
      * 支付宝公钥：当选择支付宝登录时，该值可用
      * 对应“RSA2(SHA256)密钥”中的“支付宝公钥”
+     *
+     * @deprecated 请使用AuthAlipayRequest的构造方法设置"alipayPublicKey"
      */
+    @Deprecated
     private String alipayPublicKey;
 
     /**

src/main/java/me/zhyd/oauth/config/AuthDefaultSource.java

@@ -515,6 +515,33 @@ public enum AuthDefaultSource implements AuthSource {
             return AuthMicrosoftRequest.class;
         }
     },
+    /**
+     * 微软中国(世纪互联)
+     */
+    MICROSOFT_CN {
+        @Override
+        public String authorize() {
+            return "https://login.partner.microsoftonline.cn/common/oauth2/v2.0/authorize";
+        }
+
+        @Override
+        public String accessToken() {
+            return "https://login.partner.microsoftonline.cn/common/oauth2/v2.0/token";
+        }
+
+        @Override
+        public String userInfo() {
+            return "https://microsoftgraph.chinacloudapi.cn/v1.0/me";
+        }
+
+        @Override
+        public String refresh() {
+            return "https://login.partner.microsoftonline.cn/common/oauth2/v2.0/token";
+        }
+
+        @Override
+        public Class<? extends AuthDefaultRequest> getTargetClass() { return AuthMicrosoftCnRequest.class; }
+    },
     /**
      * 小米
      */

src/main/java/me/zhyd/oauth/request/AbstractAuthDingtalkRequest.java

@@ -43,7 +43,7 @@ public abstract class AbstractAuthDingtalkRequest extends AuthDefaultRequest {
         String code = authToken.getAccessCode();
         JSONObject param = new JSONObject();
         param.put("tmp_auth_code", code);
-        String response = new HttpUtils(config.getHttpConfig()).post(userInfoUrl(authToken), param.toJSONString());
+        String response = new HttpUtils(config.getHttpConfig()).post(userInfoUrl(authToken), param.toJSONString()).getBody();
         JSONObject object = JSON.parseObject(response);
         if (object.getIntValue("errcode") != 0) {
             throw new AuthException(object.getString("errmsg"));

src/main/java/me/zhyd/oauth/request/AbstractAuthMicrosoftRequest.java

+package me.zhyd.oauth.request;
+
+import com.alibaba.fastjson.JSONObject;
+import com.xkcoding.http.support.HttpHeader;
+import com.xkcoding.http.util.MapUtil;
+import me.zhyd.oauth.cache.AuthStateCache;
+import me.zhyd.oauth.config.AuthConfig;
+import me.zhyd.oauth.config.AuthSource;
+import me.zhyd.oauth.enums.AuthResponseStatus;
+import me.zhyd.oauth.enums.AuthUserGender;
+import me.zhyd.oauth.enums.scope.AuthMicrosoftScope;
+import me.zhyd.oauth.exception.AuthException;
+import me.zhyd.oauth.model.AuthCallback;
+import me.zhyd.oauth.model.AuthResponse;
+import me.zhyd.oauth.model.AuthToken;
+import me.zhyd.oauth.model.AuthUser;
+import me.zhyd.oauth.utils.AuthScopeUtils;
+import me.zhyd.oauth.utils.HttpUtils;
+import me.zhyd.oauth.utils.UrlBuilder;
+
+import java.util.Map;
+
+/**
+ * 微软登录抽象类,负责处理使用微软国际和微软中国账号登录第三方网站的登录方式
+ *
+ * @author mroldx (xzfqq5201314@gmail.com)
+ * @since 1.16.4
+ */
+public abstract class AbstractAuthMicrosoftRequest extends AuthDefaultRequest {
+
+    public AbstractAuthMicrosoftRequest(AuthConfig config, AuthSource source) {
+        super(config, source);
+    }
+
+
+    public AbstractAuthMicrosoftRequest(AuthConfig config, AuthSource source, AuthStateCache authStateCache) {
+        super(config, source, authStateCache);
+    }
+
+    @Override
+    protected AuthToken getAccessToken(AuthCallback authCallback) {
+        return getToken(accessTokenUrl(authCallback.getCode()));
+    }
+
+    /**
+     * 获取token，适用于获取access_token和刷新token
+     *
+     * @param accessTokenUrl 实际请求token的地址
+     * @return token对象
+     */
+    private AuthToken getToken(String accessTokenUrl) {
+        HttpHeader httpHeader = new HttpHeader();
+
+        Map<String, String> form = MapUtil.parseStringToMap(accessTokenUrl, false);
+
+        String response = new HttpUtils(config.getHttpConfig()).post(accessTokenUrl, form, httpHeader, false).getBody();
+        JSONObject accessTokenObject = JSONObject.parseObject(response);
+
+        this.checkResponse(accessTokenObject);
+
+        return AuthToken.builder()
+            .accessToken(accessTokenObject.getString("access_token"))
+            .expireIn(accessTokenObject.getIntValue("expires_in"))
+            .scope(accessTokenObject.getString("scope"))
+            .tokenType(accessTokenObject.getString("token_type"))
+            .refreshToken(accessTokenObject.getString("refresh_token"))
+            .build();
+    }
+
+    /**
+     * 检查响应内容是否正确
+     *
+     * @param object 请求响应内容
+     */
+    private void checkResponse(JSONObject object) {
+        if (object.containsKey("error")) {
+            throw new AuthException(object.getString("error_description"));
+        }
+    }
+
+    @Override
+    protected AuthUser getUserInfo(AuthToken authToken) {
+        String token = authToken.getAccessToken();
+        String tokenType = authToken.getTokenType();
+        String jwt = tokenType + " " + token;
+
+        HttpHeader httpHeader = new HttpHeader();
+        httpHeader.add("Authorization", jwt);
+
+        String userInfo = new HttpUtils(config.getHttpConfig()).get(userInfoUrl(authToken), null, httpHeader, false).getBody();
+        JSONObject object = JSONObject.parseObject(userInfo);
+        this.checkResponse(object);
+        return AuthUser.builder()
+            .rawUserInfo(object)
+            .uuid(object.getString("id"))
+            .username(object.getString("userPrincipalName"))
+            .nickname(object.getString("displayName"))
+            .location(object.getString("officeLocation"))
+            .email(object.getString("mail"))
+            .gender(AuthUserGender.UNKNOWN)
+            .token(authToken)
+            .source(source.toString())
+            .build();
+    }
+
+    /**
+     * 刷新access token （续期）
+     *
+     * @param authToken 登录成功后返回的Token信息
+     * @return AuthResponse
+     */
+    @Override
+    public AuthResponse refresh(AuthToken authToken) {
+        return AuthResponse.builder()
+            .code(AuthResponseStatus.SUCCESS.getCode())
+            .data(getToken(refreshTokenUrl(authToken.getRefreshToken())))
+            .build();
+    }
+
+    /**
+     * 返回带{@code state}参数的授权url，授权回调时会带上这个{@code state}
+     *
+     * @param state state 验证授权流程的参数，可以防止csrf
+     * @return 返回授权地址
+     * @since 1.9.3
+     */
+    @Override
+    public String authorize(String state) {
+        return UrlBuilder.fromBaseUrl(super.authorize(state))
+            .queryParam("response_mode", "query")
+            .queryParam("scope", this.getScopes(" ", true, AuthScopeUtils.getDefaultScopes(AuthMicrosoftScope.values())))
+            .build();
+    }
+
+    /**
+     * 返回获取accessToken的url
+     *
+     * @param code 授权code
+     * @return 返回获取accessToken的url
+     */
+    @Override
+    protected String accessTokenUrl(String code) {
+        return UrlBuilder.fromBaseUrl(source.accessToken())
+            .queryParam("code", code)
+            .queryParam("client_id", config.getClientId())
+            .queryParam("client_secret", config.getClientSecret())
+            .queryParam("grant_type", "authorization_code")
+            .queryParam("scope", this.getScopes(" ", true, AuthScopeUtils.getDefaultScopes(AuthMicrosoftScope.values())))
+            .queryParam("redirect_uri", config.getRedirectUri())
+            .build();
+    }
+
+    /**
+     * 返回获取userInfo的url
+     *
+     * @param authToken 用户授权后的token
+     * @return 返回获取userInfo的url
+     */
+    @Override
+    protected String userInfoUrl(AuthToken authToken) {
+        return UrlBuilder.fromBaseUrl(source.userInfo()).build();
+    }
+
+    /**
+     * 返回获取accessToken的url
+     *
+     * @param refreshToken 用户授权后的token
+     * @return 返回获取accessToken的url
+     */
+    @Override
+    protected String refreshTokenUrl(String refreshToken) {
+        return UrlBuilder.fromBaseUrl(source.refresh())
+            .queryParam("client_id", config.getClientId())
+            .queryParam("client_secret", config.getClientSecret())
+            .queryParam("refresh_token", refreshToken)
+            .queryParam("grant_type", "refresh_token")
+            .queryParam("scope", this.getScopes(" ", true, AuthScopeUtils.getDefaultScopes(AuthMicrosoftScope.values())))
+            .queryParam("redirect_uri", config.getRedirectUri())
+            .build();
+    }
+}

src/main/java/me/zhyd/oauth/request/AbstractAuthWeChatEnterpriseRequest.java

@@ -130,7 +130,7 @@ public abstract class AbstractAuthWeChatEnterpriseRequest extends AuthDefaultReq
             .queryParam("access_token", accessToken)
             .queryParam("userid", userId)
             .build();
-        return new HttpUtils(config.getHttpConfig()).get(userDetailUrl);
+        return new HttpUtils(config.getHttpConfig()).get(userDetailUrl).getBody();
     }
 
 }

src/main/java/me/zhyd/oauth/request/AuthAlipayRequest.java

@@ -18,6 +18,8 @@ import me.zhyd.oauth.model.AuthCallback;
 import me.zhyd.oauth.model.AuthResponse;
 import me.zhyd.oauth.model.AuthToken;
 import me.zhyd.oauth.model.AuthUser;
+import me.zhyd.oauth.utils.AuthChecker;
+import me.zhyd.oauth.utils.GlobalAuthUtils;
 import me.zhyd.oauth.utils.StringUtils;
 import me.zhyd.oauth.utils.UrlBuilder;
 
@@ -31,31 +33,115 @@ import java.net.InetSocketAddress;
  */
 public class AuthAlipayRequest extends AuthDefaultRequest {
 
-    private AlipayClient alipayClient;
+    /**
+     * 支付宝公钥：当选择支付宝登录时，该值可用
+     * 对应“RSA2(SHA256)密钥”中的“支付宝公钥”
+     */
+    private final String alipayPublicKey;
+
+    private final AlipayClient alipayClient;
 
+    /**
+     * @see AuthAlipayRequest#AuthAlipayRequest(me.zhyd.oauth.config.AuthConfig, java.lang.String)
+     * @deprecated 请使用带有"alipayPublicKey"参数的构造方法
+     */
+    @Deprecated
     public AuthAlipayRequest(AuthConfig config) {
-        super(config, AuthDefaultSource.ALIPAY);
-        this.alipayClient = new DefaultAlipayClient(AuthDefaultSource.ALIPAY.accessToken(), config.getClientId(), config.getClientSecret(), "json", "UTF-8", config
-            .getAlipayPublicKey(), "RSA2");
+        this(config, (String) null);
     }
 
+    /**
+     * @see AuthAlipayRequest#AuthAlipayRequest(me.zhyd.oauth.config.AuthConfig, java.lang.String, me.zhyd.oauth.cache.AuthStateCache)
+     * @deprecated 请使用带有"alipayPublicKey"参数的构造方法
+     */
+    @Deprecated
     public AuthAlipayRequest(AuthConfig config, AuthStateCache authStateCache) {
+        this(config, null, authStateCache);
+    }
+
+    /**
+     * @see AuthAlipayRequest#AuthAlipayRequest(me.zhyd.oauth.config.AuthConfig, java.lang.String, me.zhyd.oauth.cache.AuthStateCache, java.lang.String, java.lang.Integer)
+     * @deprecated 请使用带有"alipayPublicKey"参数的构造方法
+     */
+    @Deprecated
+    public AuthAlipayRequest(AuthConfig config, AuthStateCache authStateCache, String proxyHost, Integer proxyPort) {
+        this(config, null, authStateCache, proxyHost, proxyPort);
+    }
+
+    /**
+     * 构造方法，需要设置"alipayPublicKey"
+     *
+     * @param config          公共的OAuth配置
+     * @param alipayPublicKey 支付宝公钥
+     * @see AuthAlipayRequest#AuthAlipayRequest(me.zhyd.oauth.config.AuthConfig)
+     */
+    public AuthAlipayRequest(AuthConfig config, String alipayPublicKey) {
+        super(config, AuthDefaultSource.ALIPAY);
+        this.alipayPublicKey = determineAlipayPublicKey(alipayPublicKey, config);
+        this.alipayClient = new DefaultAlipayClient(AuthDefaultSource.ALIPAY.accessToken(), config.getClientId(), config.getClientSecret(), "json", "UTF-8", alipayPublicKey, "RSA2");
+        check(config);
+    }
+
+    /**
+     * 构造方法，需要设置"alipayPublicKey"
+     *
+     * @param config          公共的OAuth配置
+     * @param alipayPublicKey 支付宝公钥
+     * @see AuthAlipayRequest#AuthAlipayRequest(me.zhyd.oauth.config.AuthConfig, me.zhyd.oauth.cache.AuthStateCache)
+     */
+    public AuthAlipayRequest(AuthConfig config, String alipayPublicKey, AuthStateCache authStateCache) {
         super(config, AuthDefaultSource.ALIPAY, authStateCache);
+        this.alipayPublicKey = determineAlipayPublicKey(alipayPublicKey, config);
         if (config.getHttpConfig() != null && config.getHttpConfig().getProxy() != null
             && config.getHttpConfig().getProxy().address() instanceof InetSocketAddress) {
             InetSocketAddress address = (InetSocketAddress) config.getHttpConfig().getProxy().address();
             this.alipayClient = new DefaultAlipayClient(AuthDefaultSource.ALIPAY.accessToken(), config.getClientId(), config.getClientSecret(),
-                "json", "UTF-8", config.getAlipayPublicKey(), "RSA2", address.getHostName(), address.getPort());
+                "json", "UTF-8", alipayPublicKey, "RSA2", address.getHostName(), address.getPort());
         } else {
             this.alipayClient = new DefaultAlipayClient(AuthDefaultSource.ALIPAY.accessToken(), config.getClientId(), config.getClientSecret(),
-                "json", "UTF-8", config.getAlipayPublicKey(), "RSA2");
+                "json", "UTF-8", alipayPublicKey, "RSA2");
         }
+        check(config);
     }
 
-    public AuthAlipayRequest(AuthConfig config, AuthStateCache authStateCache, String proxyHost, Integer proxyPort) {
+    /**
+     * 构造方法，需要设置"alipayPublicKey"
+     *
+     * @param config          公共的OAuth配置
+     * @param alipayPublicKey 支付宝公钥
+     * @see AuthAlipayRequest#AuthAlipayRequest(me.zhyd.oauth.config.AuthConfig, me.zhyd.oauth.cache.AuthStateCache, java.lang.String, java.lang.Integer)
+     */
+    public AuthAlipayRequest(AuthConfig config, String alipayPublicKey, AuthStateCache authStateCache, String proxyHost, Integer proxyPort) {
         super(config, AuthDefaultSource.ALIPAY, authStateCache);
+        this.alipayPublicKey = determineAlipayPublicKey(alipayPublicKey, config);
         this.alipayClient = new DefaultAlipayClient(AuthDefaultSource.ALIPAY.accessToken(), config.getClientId(), config.getClientSecret(),
-            "json", "UTF-8", config.getAlipayPublicKey(), "RSA2", proxyHost, proxyPort);
+            "json", "UTF-8", alipayPublicKey, "RSA2", proxyHost, proxyPort);
+        check(config);
+    }
+
+    private String determineAlipayPublicKey(String alipayPublicKey, AuthConfig config) {
+        return alipayPublicKey != null ? alipayPublicKey : config.getAlipayPublicKey();
+    }
+
+    protected void check(AuthConfig config) {
+        AuthChecker.checkConfig(config, AuthDefaultSource.ALIPAY);
+
+        if (!StringUtils.isNotEmpty(alipayPublicKey)) {
+            throw new AuthException(AuthResponseStatus.PARAMETER_INCOMPLETE, AuthDefaultSource.ALIPAY);
+        }
+
+        // 支付宝在创建回调地址时，不允许使用localhost或者127.0.0.1
+        if (GlobalAuthUtils.isLocalHost(config.getRedirectUri())) {
+            // The redirect uri of alipay is forbidden to use localhost or 127.0.0.1
+            throw new AuthException(AuthResponseStatus.ILLEGAL_REDIRECT_URI, AuthDefaultSource.ALIPAY);
+        }
+    }
+
+    @Override
+    protected void checkCode(AuthCallback authCallback) {
+        if (StringUtils.isEmpty(authCallback.getAuth_code())) {
+            throw new AuthException(AuthResponseStatus.ILLEGAL_CODE, source);
+        }
     }
 
     @Override

src/main/java/me/zhyd/oauth/request/AuthAmazonRequest.java

@@ -111,7 +111,7 @@ public class AuthAmazonRequest extends AuthDefaultRequest {
         HttpHeader httpHeader = new HttpHeader();
         httpHeader.add("Host", "api.amazon.com");
         httpHeader.add(Constants.CONTENT_TYPE, "application/x-www-form-urlencoded;charset=UTF-8");
-        String response = new HttpUtils(config.getHttpConfig()).post(url, param, httpHeader, false);
+        String response = new HttpUtils(config.getHttpConfig()).post(url, param, httpHeader, false).getBody();
         JSONObject jsonObject = JSONObject.parseObject(response);
         this.checkResponse(jsonObject);
         return AuthToken.builder()
@@ -147,7 +147,7 @@ public class AuthAmazonRequest extends AuthDefaultRequest {
         HttpHeader httpHeader = new HttpHeader();
         httpHeader.add("Host", "api.amazon.com");
         httpHeader.add("Authorization", "bearer " + accessToken);
-        String userInfo = new HttpUtils(config.getHttpConfig()).get(this.source.userInfo(), new HashMap<>(0), httpHeader, false);
+        String userInfo = new HttpUtils(config.getHttpConfig()).get(this.source.userInfo(), new HashMap<>(0), httpHeader, false).getBody();
         JSONObject jsonObject = JSONObject.parseObject(userInfo);
         this.checkResponse(jsonObject);
 
@@ -164,7 +164,7 @@ public class AuthAmazonRequest extends AuthDefaultRequest {
     }
 
     private void checkToken(String accessToken) {
-        String tokenInfo = new HttpUtils(config.getHttpConfig()).get("https://api.amazon.com/auth/o2/tokeninfo?access_token=" + UrlUtil.urlEncode(accessToken));
+        String tokenInfo = new HttpUtils(config.getHttpConfig()).get("https://api.amazon.com/auth/o2/tokeninfo?access_token=" + UrlUtil.urlEncode(accessToken)).getBody();
         JSONObject jsonObject = JSONObject.parseObject(tokenInfo);
         if (!config.getClientId().equals(jsonObject.getString("aud"))) {
             throw new AuthException(AuthResponseStatus.ILLEGAL_TOKEN);

src/main/java/me/zhyd/oauth/request/AuthBaiduRequest.java

@@ -88,7 +88,7 @@ public class AuthBaiduRequest extends AuthDefaultRequest {
             .queryParam("client_id", this.config.getClientId())
             .queryParam("client_secret", this.config.getClientSecret())
             .build();
-        String response = new HttpUtils(config.getHttpConfig()).get(refreshUrl);
+        String response = new HttpUtils(config.getHttpConfig()).get(refreshUrl).getBody();
         return AuthResponse.builder()
             .code(AuthResponseStatus.SUCCESS.getCode())
             .data(this.getAuthToken(response))

src/main/java/me/zhyd/oauth/request/AuthDefaultRequest.java

@@ -72,7 +72,7 @@ public abstract class AuthDefaultRequest implements AuthRequest {
     @Override
     public AuthResponse login(AuthCallback authCallback) {
         try {
-            AuthChecker.checkCode(source, authCallback);
+            checkCode(authCallback);
             if (!config.isIgnoreCheckState()) {
                 AuthChecker.checkState(authCallback.getState(), source, authStateCache);
             }
@@ -86,6 +86,10 @@ public abstract class AuthDefaultRequest implements AuthRequest {
         }
     }
 
+    protected void checkCode(AuthCallback authCallback) {
+        AuthChecker.checkCode(source, authCallback);
+    }
+
     /**
      * 处理{@link AuthDefaultRequest#login(AuthCallback)} 发生异常的情况，统一响应参数
      *
@@ -211,7 +215,7 @@ public abstract class AuthDefaultRequest implements AuthRequest {
      * @return Response
      */
     protected String doPostAuthorizationCode(String code) {
-        return new HttpUtils(config.getHttpConfig()).post(accessTokenUrl(code));
+        return new HttpUtils(config.getHttpConfig()).post(accessTokenUrl(code)).getBody();
     }
 
     /**
@@ -221,7 +225,7 @@ public abstract class AuthDefaultRequest implements AuthRequest {
      * @return Response
      */
     protected String doGetAuthorizationCode(String code) {
-        return new HttpUtils(config.getHttpConfig()).get(accessTokenUrl(code));
+        return new HttpUtils(config.getHttpConfig()).get(accessTokenUrl(code)).getBody();
     }
 
     /**
@@ -232,7 +236,7 @@ public abstract class AuthDefaultRequest implements AuthRequest {
      */
     @Deprecated
     protected String doPostUserInfo(AuthToken authToken) {
-        return new HttpUtils(config.getHttpConfig()).post(userInfoUrl(authToken));
+        return new HttpUtils(config.getHttpConfig()).post(userInfoUrl(authToken)).getBody();
     }
 
     /**
@@ -242,7 +246,7 @@ public abstract class AuthDefaultRequest implements AuthRequest {
      * @return Response
      */
     protected String doGetUserInfo(AuthToken authToken) {
-        return new HttpUtils(config.getHttpConfig()).get(userInfoUrl(authToken));
+        return new HttpUtils(config.getHttpConfig()).get(userInfoUrl(authToken)).getBody();
     }
 
     /**
@@ -253,7 +257,7 @@ public abstract class AuthDefaultRequest implements AuthRequest {
      */
     @Deprecated
     protected String doPostRevoke(AuthToken authToken) {
-        return new HttpUtils(config.getHttpConfig()).post(revokeUrl(authToken));
+        return new HttpUtils(config.getHttpConfig()).post(revokeUrl(authToken)).getBody();
     }
 
     /**
@@ -263,7 +267,7 @@ public abstract class AuthDefaultRequest implements AuthRequest {
      * @return Response
      */
     protected String doGetRevoke(AuthToken authToken) {
-        return new HttpUtils(config.getHttpConfig()).get(revokeUrl(authToken));
+        return new HttpUtils(config.getHttpConfig()).get(revokeUrl(authToken)).getBody();
     }
 
     /**

src/main/java/me/zhyd/oauth/request/AuthDouyinRequest.java

@@ -87,7 +87,7 @@ public class AuthDouyinRequest extends AuthDefaultRequest {
      * @return token对象
      */
     private AuthToken getToken(String accessTokenUrl) {
-        String response = new HttpUtils(config.getHttpConfig()).post(accessTokenUrl);
+        String response = new HttpUtils(config.getHttpConfig()).post(accessTokenUrl).getBody();
         JSONObject object = JSONObject.parseObject(response);
         this.checkResponse(object);
         JSONObject dataObj = object.getJSONObject("data");

src/main/java/me/zhyd/oauth/request/AuthElemeRequest.java

@@ -52,7 +52,7 @@ public class AuthElemeRequest extends AuthDefaultRequest {
         form.put("grant_type", "authorization_code");
 
         HttpHeader httpHeader = this.buildHeader(CONTENT_TYPE_FORM, this.getRequestId(), true);
-        String response = new HttpUtils(config.getHttpConfig()).post(source.accessToken(), form, httpHeader, false);
+        String response = new HttpUtils(config.getHttpConfig()).post(source.accessToken(), form, httpHeader, false).getBody();
         JSONObject object = JSONObject.parseObject(response);
 
         this.checkResponse(object);
@@ -91,7 +91,7 @@ public class AuthElemeRequest extends AuthDefaultRequest {
         paramsMap.put("signature", signature);
 
         HttpHeader httpHeader = this.buildHeader(CONTENT_TYPE_JSON, requestId, false);
-        String response = new HttpUtils(config.getHttpConfig()).post(source.userInfo(), JSONObject.toJSONString(paramsMap), httpHeader);
+        String response = new HttpUtils(config.getHttpConfig()).post(source.userInfo(), JSONObject.toJSONString(paramsMap), httpHeader).getBody();
 
         JSONObject object = JSONObject.parseObject(response);
 
@@ -123,7 +123,7 @@ public class AuthElemeRequest extends AuthDefaultRequest {
         form.put("grant_type", "refresh_token");
 
         HttpHeader httpHeader = this.buildHeader(CONTENT_TYPE_FORM, this.getRequestId(), true);
-        String response = new HttpUtils(config.getHttpConfig()).post(source.refresh(), form, httpHeader, false);
+        String response = new HttpUtils(config.getHttpConfig()).post(source.refresh(), form, httpHeader, false).getBody();
 
         JSONObject object = JSONObject.parseObject(response);
 

src/main/java/me/zhyd/oauth/request/AuthFeishuRequest.java

@@ -56,7 +56,7 @@ public class AuthFeishuRequest extends AuthDefaultRequest {
         requestObject.put("app_id", config.getClientId());
         requestObject.put("app_secret", config.getClientSecret());
         String response = new HttpUtils(config.getHttpConfig()).post(url, requestObject.toJSONString(), new HttpHeader()
-            .add("Content-Type", "application/json"));
+            .add("Content-Type", "application/json")).getBody();
         JSONObject jsonObject = JSON.parseObject(response);
         this.checkResponse(jsonObject);
         String appAccessToken = jsonObject.getString("app_access_token");
@@ -80,7 +80,7 @@ public class AuthFeishuRequest extends AuthDefaultRequest {
         String accessToken = authToken.getAccessToken();
         String response = new HttpUtils(config.getHttpConfig()).get(source.userInfo(), null, new HttpHeader()
             .add("Content-Type", "application/json")
-            .add("Authorization", "Bearer " + accessToken), false);
+            .add("Authorization", "Bearer " + accessToken), false).getBody();
         JSONObject object = JSON.parseObject(response);
         this.checkResponse(object);
         JSONObject data = object.getJSONObject("data");
@@ -112,7 +112,7 @@ public class AuthFeishuRequest extends AuthDefaultRequest {
 
     private AuthToken getToken(JSONObject param, String url) {
         String response = new HttpUtils(config.getHttpConfig()).post(url, param.toJSONString(), new HttpHeader()
-            .add("Content-Type", "application/json"));
+            .add("Content-Type", "application/json")).getBody();
         JSONObject jsonObject = JSON.parseObject(response);
         this.checkResponse(jsonObject);
         JSONObject data = jsonObject.getJSONObject("data");

src/main/java/me/zhyd/oauth/request/AuthGithubRequest.java

@@ -52,7 +52,7 @@ public class AuthGithubRequest extends AuthDefaultRequest {
     protected AuthUser getUserInfo(AuthToken authToken) {
         HttpHeader header = new HttpHeader();
         header.add("Authorization", "token " + authToken.getAccessToken());
-        String response = new HttpUtils(config.getHttpConfig()).get(UrlBuilder.fromBaseUrl(source.userInfo()).build(), null, header, false);
+        String response = new HttpUtils(config.getHttpConfig()).get(UrlBuilder.fromBaseUrl(source.userInfo()).build(), null, header, false).getBody();
         JSONObject object = JSONObject.parseObject(response);
 
         this.checkResponse(object.containsKey("error"), object.getString("error_description"));

src/main/java/me/zhyd/oauth/request/AuthGoogleRequest.java

@@ -50,7 +50,7 @@ public class AuthGoogleRequest extends AuthDefaultRequest {
     protected AuthUser getUserInfo(AuthToken authToken) {
         HttpHeader httpHeader = new HttpHeader();
         httpHeader.add("Authorization", "Bearer " + authToken.getAccessToken());
-        String userInfo = new HttpUtils(config.getHttpConfig()).post(userInfoUrl(authToken), null, httpHeader);
+        String userInfo = new HttpUtils(config.getHttpConfig()).post(userInfoUrl(authToken), null, httpHeader).getBody();
         JSONObject object = JSONObject.parseObject(userInfo);
         this.checkResponse(object);
         return AuthUser.builder()

src/main/java/me/zhyd/oauth/request/AuthHuaweiRequest.java

@@ -54,7 +54,7 @@ public class AuthHuaweiRequest extends AuthDefaultRequest {
         form.put("client_secret", config.getClientSecret());
         form.put("redirect_uri", config.getRedirectUri());
 
-        String response = new HttpUtils(config.getHttpConfig()).post(source.accessToken(), form, false);
+        String response = new HttpUtils(config.getHttpConfig()).post(source.accessToken(), form, false).getBody();
         return getAuthToken(response);
     }
 
@@ -73,7 +73,7 @@ public class AuthHuaweiRequest extends AuthDefaultRequest {
         form.put("nsp_fmt", "JS");
         form.put("nsp_svc", "OpenUP.User.getInfo");
 
-        String response = new HttpUtils(config.getHttpConfig()).post(source.userInfo(), form, false);
+        String response = new HttpUtils(config.getHttpConfig()).post(source.userInfo(), form, false).getBody();
         JSONObject object = JSONObject.parseObject(response);
 
         this.checkResponse(object);
@@ -106,7 +106,7 @@ public class AuthHuaweiRequest extends AuthDefaultRequest {
         form.put("refresh_token", authToken.getRefreshToken());
         form.put("grant_type", "refresh_token");
 
-        String response = new HttpUtils(config.getHttpConfig()).post(source.refresh(), form, false);
+        String response = new HttpUtils(config.getHttpConfig()).post(source.refresh(), form, false).getBody();
         return AuthResponse.builder().code(SUCCESS.getCode()).data(getAuthToken(response)).build();
     }
 

src/main/java/me/zhyd/oauth/request/AuthJdRequest.java

@@ -46,7 +46,7 @@ public class AuthJdRequest extends AuthDefaultRequest {
         params.put("app_secret", config.getClientSecret());
         params.put("grant_type", "authorization_code");
         params.put("code", authCallback.getCode());
-        String response = new HttpUtils(config.getHttpConfig()).post(source.accessToken(), params, false);
+        String response = new HttpUtils(config.getHttpConfig()).post(source.accessToken(), params, false).getBody();
         JSONObject object = JSONObject.parseObject(response);
 
         this.checkResponse(object);
@@ -70,7 +70,7 @@ public class AuthJdRequest extends AuthDefaultRequest {
             .queryParam("timestamp", LocalDateTime.now().format(DateTimeFormatter.ofPattern("yyyy-MM-dd HH:mm:ss")))
             .queryParam("v", "2.0");
         urlBuilder.queryParam("sign", GlobalAuthUtils.generateJdSignature(config.getClientSecret(), urlBuilder.getReadOnlyParams()));
-        String response = new HttpUtils(config.getHttpConfig()).post(urlBuilder.build(true));
+        String response = new HttpUtils(config.getHttpConfig()).post(urlBuilder.build(true)).getBody();
         JSONObject object = JSONObject.parseObject(response);
 
         this.checkResponse(object);
@@ -109,7 +109,7 @@ public class AuthJdRequest extends AuthDefaultRequest {
         params.put("app_secret", config.getClientSecret());
         params.put("grant_type", "refresh_token");
         params.put("refresh_token", oldToken.getRefreshToken());
-        String response = new HttpUtils(config.getHttpConfig()).post(source.refresh(), params, false);
+        String response = new HttpUtils(config.getHttpConfig()).post(source.refresh(), params, false).getBody();
         JSONObject object = JSONObject.parseObject(response);
 
         this.checkResponse(object);

src/main/java/me/zhyd/oauth/request/AuthKujialeRequest.java

@@ -76,7 +76,7 @@ public class AuthKujialeRequest extends AuthDefaultRequest {
         String response = new HttpUtils(config.getHttpConfig()).get(UrlBuilder.fromBaseUrl(source.userInfo())
             .queryParam("access_token", authToken.getAccessToken())
             .queryParam("open_id", openId)
-            .build());
+            .build()).getBody();
         JSONObject object = JSONObject.parseObject(response);
         if (!"0".equals(object.getString("c"))) {
             throw new AuthException(object.getString("m"));
@@ -103,14 +103,14 @@ public class AuthKujialeRequest extends AuthDefaultRequest {
     private String getOpenId(AuthToken authToken) {
         String response = new HttpUtils(config.getHttpConfig()).get(UrlBuilder.fromBaseUrl("https://oauth.kujiale.com/oauth2/auth/user")
             .queryParam("access_token", authToken.getAccessToken())
-            .build());
+            .build()).getBody();
         JSONObject accessTokenObject = checkResponse(response);
         return accessTokenObject.getString("d");
     }
 
     @Override
     public AuthResponse refresh(AuthToken authToken) {
-        String response = new HttpUtils(config.getHttpConfig()).post(refreshTokenUrl(authToken.getRefreshToken()));
+        String response = new HttpUtils(config.getHttpConfig()).post(refreshTokenUrl(authToken.getRefreshToken())).getBody();
         return AuthResponse.builder().code(AuthResponseStatus.SUCCESS.getCode()).data(getAuthToken(response)).build();
     }
 }

src/main/java/me/zhyd/oauth/request/AuthLineRequest.java

@@ -43,7 +43,7 @@ public class AuthLineRequest extends AuthDefaultRequest {
         params.put("redirect_uri", config.getRedirectUri());
         params.put("client_id", config.getClientId());
         params.put("client_secret", config.getClientSecret());
-        String response = new HttpUtils(config.getHttpConfig()).post(source.accessToken(), params, false);
+        String response = new HttpUtils(config.getHttpConfig()).post(source.accessToken(), params, false).getBody();
         JSONObject accessTokenObject = JSONObject.parseObject(response);
         return AuthToken.builder()
             .accessToken(accessTokenObject.getString("access_token"))
@@ -59,7 +59,7 @@ public class AuthLineRequest extends AuthDefaultRequest {
     protected AuthUser getUserInfo(AuthToken authToken) {
         String userInfo = new HttpUtils(config.getHttpConfig()).get(source.userInfo(), null, new HttpHeader()
             .add("Content-Type", "application/x-www-form-urlencoded")
-            .add("Authorization", "Bearer ".concat(authToken.getAccessToken())), false);
+            .add("Authorization", "Bearer ".concat(authToken.getAccessToken())), false).getBody();
         JSONObject object = JSONObject.parseObject(userInfo);
         return AuthUser.builder()
             .rawUserInfo(object)
@@ -80,7 +80,7 @@ public class AuthLineRequest extends AuthDefaultRequest {
         params.put("access_token", authToken.getAccessToken());
         params.put("client_id", config.getClientId());
         params.put("client_secret", config.getClientSecret());
-        String userInfo = new HttpUtils(config.getHttpConfig()).post(source.revoke(), params, false);
+        String userInfo = new HttpUtils(config.getHttpConfig()).post(source.revoke(), params, false).getBody();
         JSONObject object = JSONObject.parseObject(userInfo);
         // 返回1表示取消授权成功，否则失败
         AuthResponseStatus status = object.getBooleanValue("revoked") ? AuthResponseStatus.SUCCESS : AuthResponseStatus.FAILURE;
@@ -94,7 +94,7 @@ public class AuthLineRequest extends AuthDefaultRequest {
         params.put("refresh_token", oldToken.getRefreshToken());
         params.put("client_id", config.getClientId());
         params.put("client_secret", config.getClientSecret());
-        String response = new HttpUtils(config.getHttpConfig()).post(source.accessToken(), params, false);
+        String response = new HttpUtils(config.getHttpConfig()).post(source.accessToken(), params, false).getBody();
         JSONObject accessTokenObject = JSONObject.parseObject(response);
         return AuthResponse.builder()
             .code(AuthResponseStatus.SUCCESS.getCode())

src/main/java/me/zhyd/oauth/request/AuthLinkedinRequest.java

@@ -48,7 +48,7 @@ public class AuthLinkedinRequest extends AuthDefaultRequest {
         httpHeader.add("Connection", "Keep-Alive");
         httpHeader.add("Authorization", "Bearer " + accessToken);
 
-        String response = new HttpUtils(config.getHttpConfig()).get(userInfoUrl(authToken), null, httpHeader, false);
+        String response = new HttpUtils(config.getHttpConfig()).get(userInfoUrl(authToken), null, httpHeader, false).getBody();
         JSONObject userInfoObject = JSONObject.parseObject(response);
 
         this.checkResponse(userInfoObject);
@@ -138,7 +138,9 @@ public class AuthLinkedinRequest extends AuthDefaultRequest {
         httpHeader.add("Connection", "Keep-Alive");
         httpHeader.add("Authorization", "Bearer " + accessToken);
 
-        String emailResponse = new HttpUtils(config.getHttpConfig()).get("https://api.linkedin.com/v2/emailAddress?q=members&projection=(elements*(handle~))", null, httpHeader, false);
+        String emailResponse = new HttpUtils(config.getHttpConfig())
+            .get("https://api.linkedin.com/v2/emailAddress?q=members&projection=(elements*(handle~))", null, httpHeader, false)
+            .getBody();
         JSONObject emailObj = JSONObject.parseObject(emailResponse);
 
         this.checkResponse(emailObj);
@@ -178,7 +180,7 @@ public class AuthLinkedinRequest extends AuthDefaultRequest {
         httpHeader.add("Host", "www.linkedin.com");
         httpHeader.add(Constants.CONTENT_TYPE, "application/x-www-form-urlencoded");
 
-        String response = new HttpUtils(config.getHttpConfig()).post(accessTokenUrl, null, httpHeader);
+        String response = new HttpUtils(config.getHttpConfig()).post(accessTokenUrl, null, httpHeader).getBody();
         JSONObject accessTokenObject = JSONObject.parseObject(response);
 
         this.checkResponse(accessTokenObject);

src/main/java/me/zhyd/oauth/request/AuthMeituanRequest.java

@@ -41,7 +41,7 @@ public class AuthMeituanRequest extends AuthDefaultRequest {
         form.put("code", authCallback.getCode());
         form.put("grant_type", "authorization_code");
 
-        String response = new HttpUtils(config.getHttpConfig()).post(source.accessToken(), form, false);
+        String response = new HttpUtils(config.getHttpConfig()).post(source.accessToken(), form, false).getBody();
         JSONObject object = JSONObject.parseObject(response);
 
         this.checkResponse(object);
@@ -60,7 +60,7 @@ public class AuthMeituanRequest extends AuthDefaultRequest {
         form.put("secret", config.getClientSecret());
         form.put("access_token", authToken.getAccessToken());
 
-        String response = new HttpUtils(config.getHttpConfig()).post(source.userInfo(), form, false);
+        String response = new HttpUtils(config.getHttpConfig()).post(source.userInfo(), form, false).getBody();
         JSONObject object = JSONObject.parseObject(response);
 
         this.checkResponse(object);
@@ -85,7 +85,7 @@ public class AuthMeituanRequest extends AuthDefaultRequest {
         form.put("refresh_token", oldToken.getRefreshToken());
         form.put("grant_type", "refresh_token");
 
-        String response = new HttpUtils(config.getHttpConfig()).post(source.refresh(), form, false);
+        String response = new HttpUtils(config.getHttpConfig()).post(source.refresh(), form, false).getBody();
         JSONObject object = JSONObject.parseObject(response);
 
         this.checkResponse(object);

src/main/java/me/zhyd/oauth/request/AuthMiRequest.java

@@ -43,7 +43,7 @@ public class AuthMiRequest extends AuthDefaultRequest {
     }
 
     private AuthToken getToken(String accessTokenUrl) {
-        String response = new HttpUtils(config.getHttpConfig()).get(accessTokenUrl);
+        String response = new HttpUtils(config.getHttpConfig()).get(accessTokenUrl).getBody();
         String jsonStr = response.replace(PREFIX, Constants.EMPTY);
         JSONObject accessTokenObject = JSONObject.parseObject(jsonStr);
 
@@ -91,7 +91,7 @@ public class AuthMiRequest extends AuthDefaultRequest {
         String emailPhoneUrl = MessageFormat.format("{0}?clientId={1}&token={2}", "https://open.account.xiaomi.com/user/phoneAndEmail", config
             .getClientId(), authToken.getAccessToken());
 
-        String emailResponse = new HttpUtils(config.getHttpConfig()).get(emailPhoneUrl);
+        String emailResponse = new HttpUtils(config.getHttpConfig()).get(emailPhoneUrl).getBody();
         JSONObject userEmailPhone = JSONObject.parseObject(emailResponse);
         if (!"error".equalsIgnoreCase(userEmailPhone.getString("result"))) {
             JSONObject emailPhone = userEmailPhone.getJSONObject("data");

src/main/java/me/zhyd/oauth/request/AuthMicrosoftCnRequest.java

+package me.zhyd.oauth.request;
+
+import me.zhyd.oauth.cache.AuthStateCache;
+import me.zhyd.oauth.config.AuthConfig;
+import me.zhyd.oauth.config.AuthDefaultSource;
+
+/**
+ * 微软中国登录(世纪华联)
+ *
+ * @author mroldx (xzfqq5201314@gmail.com)
+ * @since 1.16.4
+ */
+public class AuthMicrosoftCnRequest extends AbstractAuthMicrosoftRequest {
+
+    public AuthMicrosoftCnRequest(AuthConfig config) {
+        super(config, AuthDefaultSource.MICROSOFT_CN);
+    }
+
+    public AuthMicrosoftCnRequest(AuthConfig config, AuthStateCache authStateCache) {
+        super(config, AuthDefaultSource.MICROSOFT_CN, authStateCache);
+    }
+
+}

src/main/java/me/zhyd/oauth/request/AuthMicrosoftRequest.java

 package me.zhyd.oauth.request;
 
-import com.alibaba.fastjson.JSONObject;
-import com.xkcoding.http.support.HttpHeader;
-import com.xkcoding.http.util.MapUtil;
 import me.zhyd.oauth.cache.AuthStateCache;
 import me.zhyd.oauth.config.AuthConfig;
 import me.zhyd.oauth.config.AuthDefaultSource;
-import me.zhyd.oauth.enums.AuthResponseStatus;
-import me.zhyd.oauth.enums.AuthUserGender;
-import me.zhyd.oauth.enums.scope.AuthMicrosoftScope;
-import me.zhyd.oauth.exception.AuthException;
-import me.zhyd.oauth.model.AuthCallback;
-import me.zhyd.oauth.model.AuthResponse;
-import me.zhyd.oauth.model.AuthToken;
-import me.zhyd.oauth.model.AuthUser;
-import me.zhyd.oauth.utils.AuthScopeUtils;
-import me.zhyd.oauth.utils.HttpUtils;
-import me.zhyd.oauth.utils.UrlBuilder;
-
-import java.util.Map;
 
 /**
  * 微软登录
  *
  * @author yangkai.shen (https://xkcoding.com)
+ * @update:2021-08-24  mroldx (xzfqq5201314@gmail.com)
  * @since 1.5.0
  */
-public class AuthMicrosoftRequest extends AuthDefaultRequest {
+public class AuthMicrosoftRequest extends AbstractAuthMicrosoftRequest {
+
     public AuthMicrosoftRequest(AuthConfig config) {
         super(config, AuthDefaultSource.MICROSOFT);
     }
@@ -35,145 +21,4 @@ public class AuthMicrosoftRequest extends AuthDefaultRequest {
         super(config, AuthDefaultSource.MICROSOFT, authStateCache);
     }
 
-    @Override
-    protected AuthToken getAccessToken(AuthCallback authCallback) {
-        return getToken(accessTokenUrl(authCallback.getCode()));
-    }
-
-    /**
-     * 获取token，适用于获取access_token和刷新token
-     *
-     * @param accessTokenUrl 实际请求token的地址
-     * @return token对象
-     */
-    private AuthToken getToken(String accessTokenUrl) {
-        HttpHeader httpHeader = new HttpHeader();
-
-        Map<String, String> form = MapUtil.parseStringToMap(accessTokenUrl, false);
-
-        String response = new HttpUtils(config.getHttpConfig()).post(accessTokenUrl, form, httpHeader, false);
-        JSONObject accessTokenObject = JSONObject.parseObject(response);
-
-        this.checkResponse(accessTokenObject);
-
-        return AuthToken.builder()
-            .accessToken(accessTokenObject.getString("access_token"))
-            .expireIn(accessTokenObject.getIntValue("expires_in"))
-            .scope(accessTokenObject.getString("scope"))
-            .tokenType(accessTokenObject.getString("token_type"))
-            .refreshToken(accessTokenObject.getString("refresh_token"))
-            .build();
-    }
-
-    /**
-     * 检查响应内容是否正确
-     *
-     * @param object 请求响应内容
-     */
-    private void checkResponse(JSONObject object) {
-        if (object.containsKey("error")) {
-            throw new AuthException(object.getString("error_description"));
-        }
-    }
-
-    @Override
-    protected AuthUser getUserInfo(AuthToken authToken) {
-        String token = authToken.getAccessToken();
-        String tokenType = authToken.getTokenType();
-        String jwt = tokenType + " " + token;
-
-        HttpHeader httpHeader = new HttpHeader();
-        httpHeader.add("Authorization", jwt);
-
-        String userInfo = new HttpUtils(config.getHttpConfig()).get(userInfoUrl(authToken), null, httpHeader, false);
-        JSONObject object = JSONObject.parseObject(userInfo);
-        this.checkResponse(object);
-        return AuthUser.builder()
-            .rawUserInfo(object)
-            .uuid(object.getString("id"))
-            .username(object.getString("userPrincipalName"))
-            .nickname(object.getString("displayName"))
-            .location(object.getString("officeLocation"))
-            .email(object.getString("mail"))
-            .gender(AuthUserGender.UNKNOWN)
-            .token(authToken)
-            .source(source.toString())
-            .build();
-    }
-
-    /**
-     * 刷新access token （续期）
-     *
-     * @param authToken 登录成功后返回的Token信息
-     * @return AuthResponse
-     */
-    @Override
-    public AuthResponse refresh(AuthToken authToken) {
-        return AuthResponse.builder()
-            .code(AuthResponseStatus.SUCCESS.getCode())
-            .data(getToken(refreshTokenUrl(authToken.getRefreshToken())))
-            .build();
-    }
-
-    /**
-     * 返回带{@code state}参数的授权url，授权回调时会带上这个{@code state}
-     *
-     * @param state state 验证授权流程的参数，可以防止csrf
-     * @return 返回授权地址
-     * @since 1.9.3
-     */
-    @Override
-    public String authorize(String state) {
-        return UrlBuilder.fromBaseUrl(super.authorize(state))
-            .queryParam("response_mode", "query")
-            .queryParam("scope", this.getScopes(" ", true, AuthScopeUtils.getDefaultScopes(AuthMicrosoftScope.values())))
-            .build();
-    }
-
-    /**
-     * 返回获取accessToken的url
-     *
-     * @param code 授权code
-     * @return 返回获取accessToken的url
-     */
-    @Override
-    protected String accessTokenUrl(String code) {
-        return UrlBuilder.fromBaseUrl(source.accessToken())
-            .queryParam("code", code)
-            .queryParam("client_id", config.getClientId())
-            .queryParam("client_secret", config.getClientSecret())
-            .queryParam("grant_type", "authorization_code")
-            .queryParam("scope", this.getScopes(" ", true, AuthScopeUtils.getDefaultScopes(AuthMicrosoftScope.values())))
-            .queryParam("redirect_uri", config.getRedirectUri())
-            .build();
-    }
-
-    /**
-     * 返回获取userInfo的url
-     *
-     * @param authToken 用户授权后的token
-     * @return 返回获取userInfo的url
-     */
-    @Override
-    protected String userInfoUrl(AuthToken authToken) {
-        return UrlBuilder.fromBaseUrl(source.userInfo()).build();
-    }
-
-    /**
-     * 返回获取accessToken的url
-     *
-     * @param refreshToken 用户授权后的token
-     * @return 返回获取accessToken的url
-     */
-    @Override
-    protected String refreshTokenUrl(String refreshToken) {
-        return UrlBuilder.fromBaseUrl(source.refresh())
-            .queryParam("client_id", config.getClientId())
-            .queryParam("client_secret", config.getClientSecret())
-            .queryParam("refresh_token", refreshToken)
-            .queryParam("grant_type", "refresh_token")
-            .queryParam("scope", this.getScopes(" ", true, AuthScopeUtils.getDefaultScopes(AuthMicrosoftScope.values())))
-            .queryParam("redirect_uri", config.getRedirectUri())
-            .build();
-    }
 }

src/main/java/me/zhyd/oauth/request/AuthOktaRequest.java

@@ -50,7 +50,7 @@ public class AuthOktaRequest extends AuthDefaultRequest {
             .add("accept", "application/json")
             .add("content-type", "application/x-www-form-urlencoded")
             .add("Authorization", "Basic " + Base64Utils.encode(config.getClientId().concat(":").concat(config.getClientSecret())));
-        String response = new HttpUtils(config.getHttpConfig()).post(tokenUrl, null, header, false);
+        String response = new HttpUtils(config.getHttpConfig()).post(tokenUrl, null, header, false).getBody();
         JSONObject accessTokenObject = JSONObject.parseObject(response);
         this.checkResponse(accessTokenObject);
         return AuthToken.builder()
@@ -82,7 +82,7 @@ public class AuthOktaRequest extends AuthDefaultRequest {
     protected AuthUser getUserInfo(AuthToken authToken) {
         HttpHeader header = new HttpHeader()
             .add("Authorization", "Bearer " + authToken.getAccessToken());
-        String response = new HttpUtils(config.getHttpConfig()).post(userInfoUrl(authToken), null, header, false);
+        String response = new HttpUtils(config.getHttpConfig()).post(userInfoUrl(authToken), null, header, false).getBody();
         JSONObject object = JSONObject.parseObject(response);
         this.checkResponse(object);
         JSONObject address = object.getJSONObject("address");

src/main/java/me/zhyd/oauth/request/AuthPinterestRequest.java

@@ -50,7 +50,7 @@ public class AuthPinterestRequest extends AuthDefaultRequest {
     protected AuthUser getUserInfo(AuthToken authToken) {
         String userinfoUrl = userInfoUrl(authToken);
         // TODO: 是否需要 .setFollowRedirects(true)
-        String response = new HttpUtils(config.getHttpConfig()).get(userinfoUrl);
+        String response = new HttpUtils(config.getHttpConfig()).get(userinfoUrl).getBody();
         JSONObject object = JSONObject.parseObject(response);
         this.checkResponse(object);
         JSONObject userObj = object.getJSONObject("data");

src/main/java/me/zhyd/oauth/request/AuthProginnRequest.java

@@ -41,7 +41,7 @@ public class AuthProginnRequest extends AuthDefaultRequest {
         params.put("client_secret", config.getClientSecret());
         params.put("grant_type", "authorization_code");
         params.put("redirect_uri", config.getRedirectUri());
-        String response = new HttpUtils(config.getHttpConfig()).post(AuthDefaultSource.PROGINN.accessToken(), params, false);
+        String response = new HttpUtils(config.getHttpConfig()).post(AuthDefaultSource.PROGINN.accessToken(), params, false).getBody();
         JSONObject accessTokenObject = JSONObject.parseObject(response);
         this.checkResponse(accessTokenObject);
         return AuthToken.builder()

src/main/java/me/zhyd/oauth/request/AuthQqRequest.java

@@ -40,7 +40,7 @@ public class AuthQqRequest extends AuthDefaultRequest {
 
     @Override
     public AuthResponse refresh(AuthToken authToken) {
-        String response = new HttpUtils(config.getHttpConfig()).get(refreshTokenUrl(authToken.getRefreshToken()));
+        String response = new HttpUtils(config.getHttpConfig()).get(refreshTokenUrl(authToken.getRefreshToken())).getBody();
         return AuthResponse.builder().code(AuthResponseStatus.SUCCESS.getCode()).data(getAuthToken(response)).build();
     }
 
@@ -82,7 +82,7 @@ public class AuthQqRequest extends AuthDefaultRequest {
         String response = new HttpUtils(config.getHttpConfig()).get(UrlBuilder.fromBaseUrl("https://graph.qq.com/oauth2.0/me")
             .queryParam("access_token", authToken.getAccessToken())
             .queryParam("unionid", config.isUnionId() ? 1 : 0)
-            .build());
+            .build()).getBody();
         String removePrefix = response.replace("callback(", "");
         String removeSuffix = removePrefix.replace(");", "");
         String openId = removeSuffix.trim();

src/main/java/me/zhyd/oauth/request/AuthRenrenRequest.java

@@ -68,7 +68,7 @@ public class AuthRenrenRequest extends AuthDefaultRequest {
     }
 
     private AuthToken getToken(String url) {
-        String response = new HttpUtils(config.getHttpConfig()).post(url);
+        String response = new HttpUtils(config.getHttpConfig()).post(url).getBody();
         JSONObject jsonObject = JSONObject.parseObject(response);
         if (jsonObject.containsKey("error")) {
             throw new AuthException("Failed to get token from Renren: " + jsonObject);

src/main/java/me/zhyd/oauth/request/AuthSlackRequest.java

@@ -38,7 +38,8 @@ public class AuthSlackRequest extends AuthDefaultRequest {
     protected AuthToken getAccessToken(AuthCallback authCallback) {
         HttpHeader header = new HttpHeader()
             .add("Content-Type", "application/x-www-form-urlencoded");
-        String response = new HttpUtils(config.getHttpConfig()).get(accessTokenUrl(authCallback.getCode()), null, header, false);
+        String response = new HttpUtils(config.getHttpConfig())
+            .get(accessTokenUrl(authCallback.getCode()), null, header, false).getBody();
         JSONObject accessTokenObject = JSONObject.parseObject(response);
         this.checkResponse(accessTokenObject);
         return AuthToken.builder()
@@ -54,7 +55,8 @@ public class AuthSlackRequest extends AuthDefaultRequest {
         HttpHeader header = new HttpHeader()
             .add("Content-Type", "application/x-www-form-urlencoded")
             .add("Authorization", "Bearer ".concat(authToken.getAccessToken()));
-        String userInfo = new HttpUtils(config.getHttpConfig()).get(userInfoUrl(authToken), null, header, false);
+        String userInfo = new HttpUtils(config.getHttpConfig())
+            .get(userInfoUrl(authToken), null, header, false).getBody();
         JSONObject object = JSONObject.parseObject(userInfo);
         this.checkResponse(object);
         JSONObject user = object.getJSONObject("user");
@@ -77,7 +79,8 @@ public class AuthSlackRequest extends AuthDefaultRequest {
         HttpHeader header = new HttpHeader()
             .add("Content-Type", "application/x-www-form-urlencoded")
             .add("Authorization", "Bearer ".concat(authToken.getAccessToken()));
-        String userInfo = new HttpUtils(config.getHttpConfig()).get(source.revoke(), null, header, false);
+        String userInfo = new HttpUtils(config.getHttpConfig())
+            .get(source.revoke(), null, header, false).getBody();
         JSONObject object = JSONObject.parseObject(userInfo);
         this.checkResponse(object);
         // 返回1表示取消授权成功，否则失败

src/main/java/me/zhyd/oauth/request/AuthStackOverflowRequest.java

@@ -42,7 +42,7 @@ public class AuthStackOverflowRequest extends AuthDefaultRequest {
         Map<String, String> form = MapUtil.parseStringToMap(accessTokenUrl, false);
         HttpHeader httpHeader = new HttpHeader();
         httpHeader.add(Constants.CONTENT_TYPE, "application/x-www-form-urlencoded");
-        String response = new HttpUtils(config.getHttpConfig()).post(accessTokenUrl, form, httpHeader, false);
+        String response = new HttpUtils(config.getHttpConfig()).post(accessTokenUrl, form, httpHeader, false).getBody();
 
         JSONObject accessTokenObject = JSONObject.parseObject(response);
         this.checkResponse(accessTokenObject);
@@ -60,7 +60,7 @@ public class AuthStackOverflowRequest extends AuthDefaultRequest {
             .queryParam("site", "stackoverflow")
             .queryParam("key", this.config.getStackOverflowKey())
             .build();
-        String response = new HttpUtils(config.getHttpConfig()).get(userInfoUrl);
+        String response = new HttpUtils(config.getHttpConfig()).get(userInfoUrl).getBody();
         JSONObject object = JSONObject.parseObject(response);
         this.checkResponse(object);
         JSONObject userObj = object.getJSONArray("items").getJSONObject(0);

src/main/java/me/zhyd/oauth/request/AuthTaobaoRequest.java

@@ -81,7 +81,7 @@ public class AuthTaobaoRequest extends AuthDefaultRequest {
     @Override
     public AuthResponse refresh(AuthToken oldToken) {
         String tokenUrl = refreshTokenUrl(oldToken.getRefreshToken());
-        String response = new HttpUtils(config.getHttpConfig()).post(tokenUrl);
+        String response = new HttpUtils(config.getHttpConfig()).post(tokenUrl).getBody();
         JSONObject accessTokenObject = JSONObject.parseObject(response);
         return AuthResponse.builder()
             .code(AuthResponseStatus.SUCCESS.getCode())

src/main/java/me/zhyd/oauth/request/AuthTeambitionRequest.java

@@ -45,7 +45,7 @@ public class AuthTeambitionRequest extends AuthDefaultRequest {
         form.put("code", authCallback.getCode());
         form.put("grant_type", "code");
 
-        String response = new HttpUtils(config.getHttpConfig()).post(source.accessToken(), form, false);
+        String response = new HttpUtils(config.getHttpConfig()).post(source.accessToken(), form, false).getBody();
         JSONObject accessTokenObject = JSONObject.parseObject(response);
 
         this.checkResponse(accessTokenObject);
@@ -63,7 +63,8 @@ public class AuthTeambitionRequest extends AuthDefaultRequest {
         HttpHeader httpHeader = new HttpHeader();
         httpHeader.add("Authorization", "OAuth2 " + accessToken);
 
-        String response = new HttpUtils(config.getHttpConfig()).get(source.userInfo(), null, httpHeader, false);
+        String response = new HttpUtils(config.getHttpConfig())
+            .get(source.userInfo(), null, httpHeader, false).getBody();
         JSONObject object = JSONObject.parseObject(response);
 
         this.checkResponse(object);
@@ -93,7 +94,7 @@ public class AuthTeambitionRequest extends AuthDefaultRequest {
         Map<String, String> form = new HashMap<>(4);
         form.put("_userId", uid);
         form.put("refresh_token", refreshToken);
-        String response = new HttpUtils(config.getHttpConfig()).post(source.refresh(), form, false);
+        String response = new HttpUtils(config.getHttpConfig()).post(source.refresh(), form, false).getBody();
         JSONObject refreshTokenObject = JSONObject.parseObject(response);
 
         this.checkResponse(refreshTokenObject);

src/main/java/me/zhyd/oauth/request/AuthTwitterRequest.java

@@ -72,7 +72,7 @@ public class AuthTwitterRequest extends AuthDefaultRequest {
         httpHeader.add("User-Agent", "themattharris' HTTP Client");
         httpHeader.add("Host", "api.twitter.com");
         httpHeader.add("Accept", "*/*");
-        String requestToken = new HttpUtils(config.getHttpConfig()).post(baseUrl, null, httpHeader);
+        String requestToken = new HttpUtils(config.getHttpConfig()).post(baseUrl, null, httpHeader).getBody();
 
         Map<String, String> res = MapUtil.parseStringToMap(requestToken, false);
 
@@ -104,7 +104,7 @@ public class AuthTwitterRequest extends AuthDefaultRequest {
 
         Map<String, String> form = new HashMap<>(3);
         form.put("oauth_verifier", authCallback.getOauth_verifier());
-        String response = new HttpUtils(config.getHttpConfig()).post(source.accessToken(), form, httpHeader, false);
+        String response = new HttpUtils(config.getHttpConfig()).post(source.accessToken(), form, httpHeader, false).getBody();
 
         Map<String, String> requestToken = MapUtil.parseStringToMap(response, false);
 
@@ -132,7 +132,8 @@ public class AuthTwitterRequest extends AuthDefaultRequest {
 
         HttpHeader httpHeader = new HttpHeader();
         httpHeader.add("Authorization", header);
-        String response = new HttpUtils(config.getHttpConfig()).get(userInfoUrl(authToken), null, httpHeader, false);
+        String response = new HttpUtils(config.getHttpConfig())
+            .get(userInfoUrl(authToken), null, httpHeader, false).getBody();
         JSONObject userInfo = JSONObject.parseObject(response);
 
         return AuthUser.builder()

src/main/java/me/zhyd/oauth/request/AuthWeChatEnterpriseThirdQrcodeRequest.java

@@ -75,7 +75,7 @@ public class AuthWeChatEnterpriseThirdQrcodeRequest extends AbstractAuthWeChatEn
         JSONObject data = new JSONObject();
         data.put("corpid", config.getClientId());
         data.put("provider_secret", config.getClientSecret());
-        return new HttpUtils(config.getHttpConfig()).post(accessTokenUrl(code), data.toJSONString());
+        return new HttpUtils(config.getHttpConfig()).post(accessTokenUrl(code), data.toJSONString()).getBody();
     }
 
     /**
@@ -96,13 +96,15 @@ public class AuthWeChatEnterpriseThirdQrcodeRequest extends AbstractAuthWeChatEn
             .build();
     }
 
+    @Override
     protected String doGetUserInfo(AuthToken authToken) {
         JSONObject data = new JSONObject();
         data.put("auth_code", authToken.getCode());
         return new HttpUtils(config.getHttpConfig())
-            .post(userInfoUrl(authToken), data.toJSONString());
+            .post(userInfoUrl(authToken), data.toJSONString()).getBody();
     }
 
+    @Override
     protected String userInfoUrl(AuthToken authToken) {
         return UrlBuilder.fromBaseUrl(source.userInfo())
             .queryParam("access_token", authToken.getAccessToken()).

src/main/java/me/zhyd/oauth/request/AuthWeChatMpRequest.java

@@ -97,7 +97,7 @@ public class AuthWeChatMpRequest extends AuthDefaultRequest {
      * @return token对象
      */
     private AuthToken getToken(String accessTokenUrl) {
-        String response = new HttpUtils(config.getHttpConfig()).get(accessTokenUrl);
+        String response = new HttpUtils(config.getHttpConfig()).get(accessTokenUrl).getBody();
         JSONObject accessTokenObject = JSONObject.parseObject(response);
 
         this.checkResponse(accessTokenObject);

src/main/java/me/zhyd/oauth/request/AuthWeChatOpenRequest.java

@@ -94,7 +94,7 @@ public class AuthWeChatOpenRequest extends AuthDefaultRequest {
      * @return token对象
      */
     private AuthToken getToken(String accessTokenUrl) {
-        String response = new HttpUtils(config.getHttpConfig()).get(accessTokenUrl);
+        String response = new HttpUtils(config.getHttpConfig()).get(accessTokenUrl).getBody();
         JSONObject accessTokenObject = JSONObject.parseObject(response);
 
         this.checkResponse(accessTokenObject);

src/main/java/me/zhyd/oauth/request/AuthWeiboRequest.java

@@ -56,7 +56,8 @@ public class AuthWeiboRequest extends AuthDefaultRequest {
         HttpHeader httpHeader = new HttpHeader();
         httpHeader.add("Authorization", "OAuth2 " + oauthParam);
         httpHeader.add("API-RemoteIP", IpUtils.getLocalIp());
-        String userInfo = new HttpUtils(config.getHttpConfig()).get(userInfoUrl(authToken), null, httpHeader, false);
+        String userInfo = new HttpUtils(config.getHttpConfig())
+            .get(userInfoUrl(authToken), null, httpHeader, false).getBody();
         JSONObject object = JSONObject.parseObject(userInfo);
         if (object.containsKey("error")) {
             throw new AuthException(object.getString("error"));

src/main/java/me/zhyd/oauth/request/AuthXmlyRequest.java

@@ -50,7 +50,7 @@ public class AuthXmlyRequest extends AuthDefaultRequest {
         map.put("device_id", config.getDeviceId());
         map.put("grant_type", "authorization_code");
         map.put("redirect_uri", config.getRedirectUri());
-        String response = HttpUtil.post(source.accessToken(), map, true);
+        String response = HttpUtil.post(source.accessToken(), map, true).getBody();
         JSONObject accessTokenObject = JSONObject.parseObject(response);
         this.checkResponse(accessTokenObject);
 
@@ -97,7 +97,7 @@ public class AuthXmlyRequest extends AuthDefaultRequest {
         map.put("pack_id", config.getPackId());
         map.put("access_token", authToken.getAccessToken());
         map.put("sig", GlobalAuthUtils.generateXmlySignature(map, config.getClientSecret()));
-        String rawUserInfo = HttpUtil.get(source.userInfo(), map, false);
+        String rawUserInfo = HttpUtil.get(source.userInfo(), map, false).getBody();
         JSONObject object = JSONObject.parseObject(rawUserInfo);
         checkResponse(object);
         return AuthUser.builder()

src/main/java/me/zhyd/oauth/utils/AuthChecker.java

@@ -27,9 +27,6 @@ public class AuthChecker {
     public static boolean isSupportedAuth(AuthConfig config, AuthSource source) {
         boolean isSupported = StringUtils.isNotEmpty(config.getClientId())
             && StringUtils.isNotEmpty(config.getClientSecret());
-        if (isSupported && AuthDefaultSource.ALIPAY == source) {
-            isSupported = StringUtils.isNotEmpty(config.getAlipayPublicKey());
-        }
         if (isSupported && AuthDefaultSource.STACK_OVERFLOW == source) {
             isSupported = StringUtils.isNotEmpty(config.getStackOverflowKey());
         }
@@ -71,9 +68,14 @@ public class AuthChecker {
             // Facebook's redirect uri must use the HTTPS protocol
             throw new AuthException(AuthResponseStatus.ILLEGAL_REDIRECT_URI, source);
         }
-        // 支付宝在创建回调地址时，不允许使用localhost或者127.0.0.1
-        if (AuthDefaultSource.ALIPAY == source && GlobalAuthUtils.isLocalHost(redirectUri)) {
-            // The redirect uri of alipay is forbidden to use localhost or 127.0.0.1
+        // 微软的回调地址必须为https的链接或者localhost,不允许使用http
+        if (AuthDefaultSource.MICROSOFT == source && !GlobalAuthUtils.isHttpsProtocolOrLocalHost(redirectUri)) {
+            // Microsoft's redirect uri must use the HTTPS or localhost
+            throw new AuthException(AuthResponseStatus.ILLEGAL_REDIRECT_URI, source);
+        }
+        // 微软中国的回调地址必须为https的链接或者localhost,不允许使用http
+        if (AuthDefaultSource.MICROSOFT_CN == source && !GlobalAuthUtils.isHttpsProtocolOrLocalHost(redirectUri)) {
+            // Microsoft's redirect uri must use the HTTPS or localhost
             throw new AuthException(AuthResponseStatus.ILLEGAL_REDIRECT_URI, source);
         }
     }
@@ -93,9 +95,7 @@ public class AuthChecker {
             return;
         }
         String code = callback.getCode();
-        if (source == AuthDefaultSource.ALIPAY) {
-            code = callback.getAuth_code();
-        } else if (source == AuthDefaultSource.HUAWEI) {
+        if (source == AuthDefaultSource.HUAWEI) {
             code = callback.getAuthorization_code();
         }
         if (StringUtils.isEmpty(code)) {

src/main/java/me/zhyd/oauth/utils/GlobalAuthUtils.java

@@ -175,6 +175,19 @@ public class GlobalAuthUtils {
         return StringUtils.isEmpty(url) || url.contains("127.0.0.1") || url.contains("localhost");
     }
 
+    /**
+     * 是否为https协议或本地主机（域名）
+     *
+     * @param url 待验证的url
+     * @return true: https协议或本地主机 false: 非https协议或本机主机
+     */
+    public static boolean isHttpsProtocolOrLocalHost(String url) {
+        if (StringUtils.isEmpty(url)) {
+            return false;
+        }
+        return isHttpsProtocol(url) || isLocalHost(url);
+    }
+
 
     /**
      * Generate nonce with given length

src/main/java/me/zhyd/oauth/utils/HttpUtils.java

@@ -3,17 +3,22 @@ package me.zhyd.oauth.utils;
 import com.xkcoding.http.HttpUtil;
 import com.xkcoding.http.config.HttpConfig;
 import com.xkcoding.http.support.HttpHeader;
+import com.xkcoding.http.support.SimpleHttpResponse;
+import me.zhyd.oauth.exception.AuthException;
 
 import java.util.Map;
 
 /**
  * HttpUtil 工具，统一处理 http 请求，方便对 simple-http 做定制
+ *
  * @author yadong.zhang (yadong.zhang0415(a)gmail.com)
  * @version 1.0.0
  * @since 1.0.0
  */
 public class HttpUtils {
 
+    private SimpleHttpResponse httpResponse;
+
     public HttpUtils(HttpConfig config) {
         HttpUtil.setConfig(config);
     }
@@ -26,10 +31,11 @@ public class HttpUtils {
      * GET 请求
      *
      * @param url URL
-     * @return 结果
+     * @return HttpUtils
      */
-    public String get(String url) {
-        return HttpUtil.get(url);
+    public HttpUtils get(String url) {
+        this.httpResponse = HttpUtil.get(url, null, null, false);
+        return this;
     }
 
     /**
@@ -39,20 +45,22 @@ public class HttpUtils {
      * @param params 参数
      * @param header 请求头
      * @param encode 是否需要 url encode
-     * @return 结果
+     * @return HttpUtils
      */
-    public String get(String url, Map<String, String> params, HttpHeader header, boolean encode) {
-        return HttpUtil.get(url, params, header, encode);
+    public HttpUtils get(String url, Map<String, String> params, HttpHeader header, boolean encode) {
+        this.httpResponse = HttpUtil.get(url, params, header, encode);
+        return this;
     }
 
     /**
      * POST 请求
      *
      * @param url URL
-     * @return 结果
+     * @return HttpUtils
      */
-    public String post(String url) {
-        return HttpUtil.post(url);
+    public HttpUtils post(String url) {
+        this.httpResponse = HttpUtil.post(url);
+        return this;
     }
 
     /**
@@ -60,10 +68,11 @@ public class HttpUtils {
      *
      * @param url  URL
      * @param data JSON 参数
-     * @return 结果
+     * @return HttpUtils
      */
-    public String post(String url, String data) {
-        return HttpUtil.post(url, data);
+    public HttpUtils post(String url, String data) {
+        this.httpResponse = HttpUtil.post(url, data);
+        return this;
     }
 
     /**
@@ -72,10 +81,11 @@ public class HttpUtils {
      * @param url    URL
      * @param data   JSON 参数
      * @param header 请求头
-     * @return 结果
+     * @return HttpUtils
      */
-    public String post(String url, String data, HttpHeader header) {
-        return HttpUtil.post(url, data, header);
+    public HttpUtils post(String url, String data, HttpHeader header) {
+        this.httpResponse = HttpUtil.post(url, data, header);
+        return this;
     }
 
     /**
@@ -84,10 +94,11 @@ public class HttpUtils {
      * @param url    URL
      * @param params form 参数
      * @param encode 是否需要 url encode
-     * @return 结果
+     * @return HttpUtils
      */
-    public String post(String url, Map<String, String> params, boolean encode) {
-        return HttpUtil.post(url, params, encode);
+    public HttpUtils post(String url, Map<String, String> params, boolean encode) {
+        this.httpResponse = HttpUtil.post(url, params, encode);
+        return this;
     }
 
     /**
@@ -97,9 +108,28 @@ public class HttpUtils {
      * @param params form 参数
      * @param header 请求头
      * @param encode 是否需要 url encode
-     * @return 结果
+     * @return HttpUtils
      */
-    public String post(String url, Map<String, String> params, HttpHeader header, boolean encode) {
-        return HttpUtil.post(url, params, header, encode);
+    public HttpUtils post(String url, Map<String, String> params, HttpHeader header, boolean encode) {
+        this.httpResponse = HttpUtil.post(url, params, header, encode);
+        return this;
+    }
+
+    private HttpUtils check() {
+        if (null == httpResponse) {
+            throw new AuthException("Invalid SimpleHttpResponse.");
+        }
+        if (!httpResponse.isSuccess()) {
+            throw new AuthException(httpResponse.getError());
+        }
+        return this;
+    }
+
+    public String getBody() {
+        return this.check().getHttpResponse().getBody();
+    }
+
+    public SimpleHttpResponse getHttpResponse() {
+        return httpResponse;
     }
 }

src/test/java/me/zhyd/oauth/AuthRequestBuilderTest.java

@@ -3,10 +3,7 @@ package me.zhyd.oauth;
 import me.zhyd.oauth.config.AuthConfig;
 import me.zhyd.oauth.config.AuthDefaultSource;
 import me.zhyd.oauth.config.AuthExtendSource;
-import me.zhyd.oauth.request.AuthExtendRequest;
-import me.zhyd.oauth.request.AuthGiteeRequest;
-import me.zhyd.oauth.request.AuthGithubRequest;
-import me.zhyd.oauth.request.AuthRequest;
+import me.zhyd.oauth.request.*;
 import me.zhyd.oauth.utils.AuthStateUtils;
 import org.junit.Assert;
 import org.junit.Test;
@@ -75,31 +72,39 @@ public class AuthRequestBuilderTest {
      */
     @Test
     public void build4() {
+        AuthConfig config = AuthConfig.builder()
+            .clientId("a")
+            .clientSecret("a")
+            .redirectUri("https://www.justauth.cn")
+            .authServerId("asd")
+            .agentId("asd")
+            .domainPrefix("asd")
+            .stackOverflowKey("asd")
+            .deviceId("asd")
+            .clientOsType(3)
+            .build();
+
         for (AuthDefaultSource value : AuthDefaultSource.values()) {
-            if (value == AuthDefaultSource.TWITTER) {
-                System.out.println(value.getTargetClass());
-                System.out.println("忽略 twitter");
-                continue;
+            switch (value) {
+                case TWITTER:
+                    System.out.println(value.getTargetClass());
+                    System.out.println("忽略 twitter");
+                    continue;
+                case ALIPAY: {
+                    // 单独给Alipay执行测试
+                    AuthRequest authRequest = new AuthAlipayRequest(config, "asd");
+                    System.out.println(value.getTargetClass());
+                    System.out.println(authRequest.authorize(AuthStateUtils.createState()));
+                    continue;
+                }
+                default:
+                    AuthRequest authRequest = AuthRequestBuilder.builder()
+                        .source(value.getName())
+                        .authConfig(config)
+                        .build();
+                    System.out.println(value.getTargetClass());
+                    System.out.println(authRequest.authorize(AuthStateUtils.createState()));
             }
-            AuthRequest authRequest = AuthRequestBuilder.builder()
-                .source(value.getName())
-                .authConfig(AuthConfig.builder()
-                    .clientId("a")
-                    .clientSecret("a")
-                    .redirectUri("https://www.justauth.cn")
-                    .alipayPublicKey("asd")
-                    .authServerId("asd")
-                    .agentId("asd")
-                    .domainPrefix("asd")
-                    .stackOverflowKey("asd")
-
-                    .deviceId("asd")
-                    .clientOsType(3)
-                    .build())
-                .build();
-            System.out.println(value.getTargetClass());
-            System.out.println(authRequest.authorize(AuthStateUtils.createState()));
         }
-
     }
 }