Feishu Provider
Resources
- Feishu - Creating an OAuth App
- Feishu - Authorizing OAuth Apps
- Feishu - Configure your Feishu OAuth Apps
- Learn more about OAuth
Setup
Callback URL
https://example.com/api/auth/callback/feishuEnvironment Variables
FEISHU_CLIENT_ID
FEISHU_CLIENT_SECRETRegister Application
- Log in to the Developer Console
- Go to Feishu Open Platform.
- Sign in with your Feishu account.
- Create a New Application
- Click “Create App”.
- Choose Custom App (企业自建应用) if for internal use, or Marketplace App (商店应用) if it will be public.
- Fill in the app name, description, and icon.
- Enable Web App Feature
- In the app’s dashboard, go to App Features (应用功能).
- Enable Web App (网页应用) or Login & Authorization (登录与授权).
- Configure Redirect URI
- In Security Settings (安全设置), find Redirect URI (重定向URI).
- Add your app’s callback URL here (must be HTTPS).
- This must exactly match the redirect_uri you’ll use in OAuth requests.
- Get App Credentials
- Go to Credentials & Basic Info (凭证与基础信息).
- Copy the App ID (应用ID) and App Secret (应用密钥).
- These will be used for OAuth authorization and token exchange.
- (Optional) Configure Permissions
- If you need user profile, email, contacts, etc.:
- Go to Permissions & Scopes (权限管理).
- Select the required scopes (e.g., email, user_info).
- Without this step, your app may only get very limited info.
- (Optional) Release the App
- For internal apps: just toggle App Status to Enabled.
- For marketplace apps: submit a version for review under Version Management & Release (版本管理与发布).
Configuration
/auth.ts
import NextAuth from "next-auth"
import Feishu from "next-auth/providers/feishu"
export const { handlers, auth, signIn, signOut } = NextAuth({
providers: [
Feishu({
clientId: process.env.FEISHU_CLIENT_ID!,
clientSecret: process.env.FEISHU_CLIENT_SECRET!,
callbackUrl: `${process.env.NEXTAUTH_URL}/api/auth/callback/feishu`,
}),
],
})TypeScript Interface
The Feishu provider returns a comprehensive user profile with the following structure:
interface FeishuProfile {
/** The user's display name */
name: string;
/** The user's English name */
en_name: string;
/** The user's avatar URLs in different sizes */
avatar_url: string;
avatar_thumb: string;
avatar_middle: string;
avatar_big: string;
/** The user's Feishu-specific IDs */
open_id: string;
union_id: string;
/** The user's email addresses */
email: string;
enterprise_email: string;
/** The user's unique identifier */
user_id: string;
/** The user's mobile phone number */
mobile: string;
/** The tenant/organization key */
tenant_key: string;
/** The user's employee number */
employee_no: string;
}Notes
- The Feishu provider uses OAuth 2.0 with PKCE (Proof Key for Code Exchange) for enhanced security.
- The provider returns comprehensive user information including name, email, avatar URLs, and various Feishu-specific IDs.
- Make sure to configure the correct redirect URI in your Feishu application settings.
- The provider supports both personal and enterprise Feishu accounts.
- Endpoints used:
- Authorization:
https://accounts.feishu.cn/open-apis/authen/v1/authorize - Token:
https://open.feishu.cn/open-apis/authen/v2/oauth/token - User Info:
https://open.feishu.cn/open-apis/authen/v1/user_info
- Authorization:
- Error handling: The provider handles Feishu’s specific response format where
code: 0indicates success and non-zero values indicate errors.
:::tip
The Feishu provider comes with a default configuration. To override the defaults for your use case, check out customizing a built-in OAuth provider.
:::
:::info Disclaimer
If you think you found a bug in the default configuration, you can open an issue.
Auth.js strictly adheres to the specification and it cannot take responsibility for any deviation from the spec by the provider. You can open an issue, but if the problem is non-compliance with the spec, we might not pursue a resolution. You can ask for more help in Discussions.
:::