| name | auth-tool-cloudbase |
| description | Use CloudBase Auth tool to configure and manage authentication providers for web applications - enable/disable login methods (SMS, Email, WeChat Open Platform, Google, Anonymous, Username/password, OAuth, SAML, CAS, Dingding, etc.) and configure provider settings via MCP tools. |
| alwaysApply | false |
Overview
Configure CloudBase authentication providers: Anonymous, Username/Password, SMS, Email, WeChat, Google, and more.
Prerequisites: CloudBase environment ID (env)
Authentication Scenarios
1. Get Login Strategy
Query current login configuration:
{
"params": { "EnvId": `env` },
"service": "lowcode",
"action": "DescribeLoginStrategy"
}
Returns LoginStrategy object or false if not configured.
2. Anonymous Login
- Get
LoginStrategy(see Scenario 1) - Set
LoginStrategy.AnonymousLogin = true(on) orfalse(off) - Update:
{
"params": { "EnvId": `env`, ...LoginStrategy },
"service": "lowcode",
"action": "ModifyLoginStrategy"
}
3. Username/Password Login
- Get
LoginStrategy(see Scenario 1) - Set
LoginStrategy.UserNameLogin = true(on) orfalse(off) - Update:
{
"params": { "EnvId": `env`, ...LoginStrategy },
"service": "lowcode",
"action": "ModifyLoginStrategy"
}
4. SMS Login
- Get
LoginStrategy(see Scenario 1) - Modify:
- Turn on:
LoginStrategy.PhoneNumberLogin = true - Turn off:
LoginStrategy.PhoneNumberLogin = false - Config (optional):
LoginStrategy.SmsVerificationConfig = { Type: 'default', // 'default' or 'apis' Method: 'methodName', SmsDayLimit: 30 // -1 = unlimited }
- Turn on:
- Update:
{
"params": { "EnvId": `env`, ...LoginStrategy },
"service": "lowcode",
"action": "ModifyLoginStrategy"
}
5. Email Login
Turn on (Tencent Cloud email):
{
"params": {
"EnvId": `env`,
"Id": "email",
"On": "TRUE",
"EmailConfig": { "On": "TRUE", "SmtpConfig": {} }
},
"service": "tcb",
"action": "ModifyProvider"
}
Turn off:
{
"params": { "EnvId": `env`, "Id": "email", "On": "FALSE" },
"service": "tcb",
"action": "ModifyProvider"
}
Turn on (custom SMTP):
{
"params": {
"EnvId": `env`,
"Id": "email",
"On": "TRUE",
"EmailConfig": {
"On": "FALSE",
"SmtpConfig": {
"AccountPassword": "password",
"AccountUsername": "username",
"SecurityMode": "SSL",
"SenderAddress": "sender@example.com",
"ServerHost": "smtp.qq.com",
"ServerPort": 465
}
}
},
"service": "tcb",
"action": "ModifyProvider"
}
6. WeChat Login
- Get WeChat config:
{
"params": { "EnvId": `env` },
"service": "tcb",
"action": "GetProviders"
}
Filter by Id == "wx_open", save as WeChatProvider.
Get credentials from WeChat Open Platform:
AppIDAppSecret
Update:
{
"params": {
"EnvId": `env`,
"Id": "wx_open",
"On": "TRUE", // "FALSE" to disable
"Config": {
...WeChatProvider.Config,
ClientId: `AppID`,
ClientSecret: `AppSecret`
}
},
"service": "tcb",
"action": "ModifyProvider"
}
7. Google Login
- Get redirect URI:
{
"params": { "EnvId": `env` },
"service": "lowcode",
"action": "DescribeStaticDomain"
}
Save result.Data.StaticDomain as staticDomain.
Configure at Google Cloud Console:
- Create OAuth 2.0 Client ID
- Set redirect URI:
https://{staticDomain}/__auth/ - Get
Client IDandClient Secret
Enable:
{
"params": {
"EnvId": `env`,
"ProviderType": "OAUTH",
"Id": "google",
"On": "TRUE", // "FALSE" to disable
"Name": { "Message": "Google" },
"Description": { "Message": "" },
"Config": {
"ClientId": `Client ID`,
"ClientSecret": `Client Secret`,
"Scope": "email openid profile",
"AuthorizationEndpoint": "https://accounts.google.com/o/oauth2/v2/auth",
"TokenEndpoint": "https://oauth2.googleapis.com/token",
"UserinfoEndpoint": "https://www.googleapis.com/oauth2/v3/userinfo",
"TokenEndpointAuthMethod": "CLIENT_SECRET_BASIC",
"RequestParametersMap": {
"RegisterUserSyncScope": "syncEveryLogin",
"IsGoogle": "TRUE"
}
},
"Picture": "https://qcloudimg.tencent-cloud.cn/raw/f9131c00dcbcbccd5899a449d68da3ba.png",
"TransparentMode": "FALSE",
"ReuseUserId": "TRUE",
"AutoSignUpWithProviderUser": "TRUE"
},
"service": "tcb",
"action": "ModifyProvider"
}