feat: fix normal users blocked from /product-store (#5195)

README.md

@@ -1,5 +1,5 @@
 <h1 align="center" style="border-bottom: none;">📦⚡️ Casdoor</h1>
-<h3 align="center">An open-source UI-first Identity and Access Management (IAM) / Single-Sign-On (SSO) platform with web UI supporting OAuth 2.0, OIDC, SAML, CAS, LDAP, SCIM, WebAuthn, TOTP, MFA and RADIUS</h3>
+<h3 align="center">An open-source AI-first Identity and Access Management (IAM) /AI MCP gateway and auth server with web UI supporting MCP, A2A, OAuth 2.1, OIDC, SAML, CAS, LDAP, SCIM, WebAuthn, TOTP, MFA, Face ID, Google Workspace, Azure AD</h3>
 <p align="center">
   <a href="#badge">
     <img alt="semantic-release" src="https://img.shields.io/badge/%20%20%F0%9F%93%A6%F0%9F%9A%80-semantic--release-e10079.svg">

authz/authz.go

@@ -68,6 +68,7 @@ p, *, *, POST, /api/upload-users, *, *
 p, *, *, GET, /api/get-resources, *, *
 p, *, *, GET, /api/get-records, *, *
 p, *, *, GET, /api/get-product, *, *
+p, *, *, GET, /api/get-products, *, *
 p, *, *, GET, /api/get-order, *, *
 p, *, *, GET, /api/get-orders, *, *
 p, *, *, GET, /api/get-user-orders, *, *

certificate/account.go

@@ -0,0 +1,107 @@
+// Copyright 2021 The casbin Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package certificate
+
+import (
+	"crypto"
+
+	"github.com/casbin/lego/v4/acme"
+	"github.com/casbin/lego/v4/certcrypto"
+	"github.com/casbin/lego/v4/lego"
+	"github.com/casbin/lego/v4/registration"
+	"github.com/casdoor/casdoor/proxy"
+)
+
+type Account struct {
+	Email        string
+	Registration *registration.Resource
+	Key          crypto.PrivateKey
+}
+
+/** Implementation of the registration.User interface **/
+
+// GetEmail returns the email address for the account.
+func (a *Account) GetEmail() string {
+	return a.Email
+}
+
+// GetPrivateKey returns the private RSA account key.
+func (a *Account) GetPrivateKey() crypto.PrivateKey {
+	return a.Key
+}
+
+// GetRegistration returns the server registration.
+func (a *Account) GetRegistration() *registration.Resource {
+	return a.Registration
+}
+
+func getLegoClientAndAccount(email string, privateKey string, devMode bool) (*lego.Client, *Account, error) {
+	key, err := decodeEccKey(privateKey)
+	if err != nil {
+		return nil, nil, err
+	}
+	account := &Account{
+		Email: email,
+		Key:   key,
+	}
+
+	config := lego.NewConfig(account)
+	if devMode {
+		config.CADirURL = lego.LEDirectoryStaging
+	} else {
+		config.CADirURL = lego.LEDirectoryProduction
+	}
+
+	config.Certificate.KeyType = certcrypto.RSA2048
+	config.HTTPClient = proxy.ProxyHttpClient
+
+	client, err := lego.NewClient(config)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	return client, account, err
+}
+
+// GetAcmeClient Incoming an email ,a privatekey and a Boolean value that controls the opening of the test environment
+// When this function is started for the first time, it will initialize the account-related configuration,
+// After initializing the configuration, It will try to obtain an account based on the private key,
+// if it fails, it will create an account based on the private key.
+// This account will be used during the running of the program
+func GetAcmeClient(email string, privateKey string, devMode bool) (*lego.Client, error) {
+	// Create a user. New accounts need an email and private key to start.
+	client, account, err := getLegoClientAndAccount(email, privateKey, devMode)
+
+	// try to obtain an account based on the private key
+	account.Registration, err = client.Registration.ResolveAccountByKey()
+	if err != nil {
+		acmeError, ok := err.(*acme.ProblemDetails)
+		if !ok {
+			return nil, err
+		}
+
+		if acmeError.Type != "urn:ietf:params:acme:error:accountDoesNotExist" {
+			return nil, acmeError
+		}
+
+		// Failed to get account, so create an account based on the private key.
+		account.Registration, err = client.Registration.Register(registration.RegisterOptions{TermsOfServiceAgreed: true})
+		if err != nil {
+			return nil, err
+		}
+	}
+
+	return client, nil
+}

certificate/account_test.go

@@ -0,0 +1,47 @@
+// Copyright 2021 The casbin Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+//go:build !skipCi
+// +build !skipCi
+
+package certificate
+
+import (
+	"testing"
+
+	"github.com/beego/beego/v2/server/web"
+	"github.com/casdoor/casdoor/proxy"
+	"github.com/casdoor/casdoor/util"
+	"github.com/stretchr/testify/assert"
+)
+
+func TestGetClient(t *testing.T) {
+	err := web.LoadAppConfig("ini", "../conf/app.conf")
+	if err != nil {
+		panic(err)
+	}
+
+	proxy.InitHttpClient()
+
+	eccKey := util.ReadStringFromPath("acme_account.key")
+	println(eccKey)
+
+	client, err := GetAcmeClient("acme2@casbin.org", eccKey, false)
+	assert.Nil(t, err)
+	pem, key, err := ObtainCertificateAli(client, "casbin.com", accessKeyId, accessKeySecret)
+	assert.Nil(t, err)
+	println(pem)
+	println()
+	println(key)
+}

certificate/conf.go

@@ -0,0 +1,20 @@
+// Copyright 2021 The casbin Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package certificate
+
+var (
+	accessKeyId     = ""
+	accessKeySecret = ""
+)

certificate/dns.go

@@ -0,0 +1,151 @@
+// Copyright 2021 The casbin Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package certificate
+
+import (
+	"fmt"
+	"time"
+
+	"github.com/casbin/lego/v4/certificate"
+	"github.com/casbin/lego/v4/challenge/dns01"
+	"github.com/casbin/lego/v4/cmd"
+	"github.com/casbin/lego/v4/lego"
+	"github.com/casbin/lego/v4/providers/dns/alidns"
+	"github.com/casbin/lego/v4/providers/dns/godaddy"
+)
+
+type AliConf struct {
+	Domains       []string // The domain names for which you want to apply for a certificate
+	AccessKey     string   // Aliyun account's AccessKey, if this is not empty, Secret is required.
+	Secret        string
+	RAMRole       string // Use Ramrole to control aliyun account
+	SecurityToken string // Optional
+	Path          string // The path to store cert file
+	Timeout       int    // Maximum waiting time for certificate application, in minutes
+}
+
+type GodaddyConf struct {
+	Domains   []string // The domain names for which you want to apply for a certificate
+	APIKey    string   // GoDaddy account's API Key
+	APISecret string
+	Path      string // The path to store cert file
+	Timeout   int    // Maximum waiting time for certificate application, in minutes
+}
+
+// getCert Verify domain ownership, then obtain a certificate, and finally store it locally.
+// Need to pass in an AliConf struct, some parameters are required, other parameters can be left blank
+func getAliCert(client *lego.Client, conf AliConf) (string, string, error) {
+	if conf.Timeout <= 0 {
+		conf.Timeout = 3
+	}
+
+	config := alidns.NewDefaultConfig()
+	config.PropagationTimeout = time.Duration(conf.Timeout) * time.Minute
+	config.APIKey = conf.AccessKey
+	config.SecretKey = conf.Secret
+	config.RAMRole = conf.RAMRole
+	config.SecurityToken = conf.SecurityToken
+
+	dnsProvider, err := alidns.NewDNSProvider(config)
+	if err != nil {
+		return "", "", err
+	}
+
+	// Choose a local DNS service provider to increase the authentication speed
+	servers := []string{"223.5.5.5:53"}
+	err = client.Challenge.SetDNS01Provider(dnsProvider, dns01.CondOption(len(servers) > 0, dns01.AddRecursiveNameservers(dns01.ParseNameservers(servers))), dns01.DisableCompletePropagationRequirement())
+	if err != nil {
+		return "", "", err
+	}
+
+	// Obtain the certificate
+	request := certificate.ObtainRequest{
+		Domains: conf.Domains,
+		Bundle:  true,
+	}
+	cert, err := client.Certificate.Obtain(request)
+	if err != nil {
+		return "", "", err
+	}
+
+	return string(cert.Certificate), string(cert.PrivateKey), nil
+}
+
+func getGoDaddyCert(client *lego.Client, conf GodaddyConf) (string, string, error) {
+	if conf.Timeout <= 0 {
+		conf.Timeout = 3
+	}
+
+	config := godaddy.NewDefaultConfig()
+	config.PropagationTimeout = time.Duration(conf.Timeout) * time.Minute
+	config.PollingInterval = time.Duration(conf.Timeout) * time.Minute / 9
+	config.APIKey = conf.APIKey
+	config.APISecret = conf.APISecret
+
+	dnsProvider, err := godaddy.NewDNSProvider(config)
+	if err != nil {
+		return "", "", err
+	}
+
+	// Choose a local DNS service provider to increase the authentication speed
+	servers := []string{"223.5.5.5:53"}
+	err = client.Challenge.SetDNS01Provider(dnsProvider, dns01.CondOption(len(servers) > 0, dns01.AddRecursiveNameservers(dns01.ParseNameservers(servers))), dns01.DisableCompletePropagationRequirement())
+	if err != nil {
+		return "", "", err
+	}
+
+	// Obtain the certificate
+	request := certificate.ObtainRequest{
+		Domains: conf.Domains,
+		Bundle:  true,
+	}
+	cert, err := client.Certificate.Obtain(request)
+	if err != nil {
+		return "", "", err
+	}
+
+	return string(cert.Certificate), string(cert.PrivateKey), nil
+}
+
+func ObtainCertificateAli(client *lego.Client, domain string, accessKey string, accessSecret string) (string, string, error) {
+	conf := AliConf{
+		Domains:       []string{fmt.Sprintf("*.%s", domain), domain},
+		AccessKey:     accessKey,
+		Secret:        accessSecret,
+		RAMRole:       "",
+		SecurityToken: "",
+		Path:          "",
+		Timeout:       3,
+	}
+	return getAliCert(client, conf)
+}
+
+func ObtainCertificateGoDaddy(client *lego.Client, domain string, accessKey string, accessSecret string) (string, string, error) {
+	conf := GodaddyConf{
+		Domains:   []string{fmt.Sprintf("*.%s", domain), domain},
+		APIKey:    accessKey,
+		APISecret: accessSecret,
+		Path:      "",
+		Timeout:   3,
+	}
+	return getGoDaddyCert(client, conf)
+}
+
+func SaveCert(path, filename string, cert *certificate.Resource) {
+	// Store the certificate file locally
+	certsStorage := cmd.NewCertificatesStorageLib(path, filename, true)
+	certsStorage.CreateRootFolder()
+	certsStorage.SaveResource(cert)
+}

certificate/ecc.go

@@ -0,0 +1,55 @@
+// Copyright 2021 The casbin Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package certificate
+
+import (
+	"crypto/ecdsa"
+	"crypto/elliptic"
+	"crypto/rand"
+	"crypto/x509"
+	"encoding/pem"
+	"fmt"
+)
+
+// generateEccKey generates a public and private key pair.(NIST P-256)
+func generateEccKey() (*ecdsa.PrivateKey, error) {
+	return ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
+}
+
+// encodeEccKey Return the input private key object as string type private key
+func encodeEccKey(privateKey *ecdsa.PrivateKey) (string, error) {
+	x509Encoded, err := x509.MarshalECPrivateKey(privateKey)
+	if err != nil {
+		return "", err
+	}
+
+	pemEncoded := pem.EncodeToMemory(&pem.Block{Type: "EC PRIVATE KEY", Bytes: x509Encoded})
+	return string(pemEncoded), nil
+}
+
+// decodeEccKey Return the entered private key string as a private key object that can be used
+func decodeEccKey(pemEncoded string) (*ecdsa.PrivateKey, error) {
+	block, _ := pem.Decode([]byte(pemEncoded))
+	if block == nil {
+		return nil, fmt.Errorf("invalid PEM-encoded EC private key")
+	}
+	x509Encoded := block.Bytes
+	privateKey, err := x509.ParseECPrivateKey(x509Encoded)
+	if err != nil {
+		return nil, err
+	}
+
+	return privateKey, nil
+}

certificate/ecc_test.go

@@ -0,0 +1,34 @@
+// Copyright 2021 The casbin Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+//go:build !skipCi
+// +build !skipCi
+
+package certificate
+
+import (
+	"testing"
+
+	"github.com/casdoor/casdoor/util"
+	"github.com/stretchr/testify/assert"
+)
+
+func TestGenerateEccKey(t *testing.T) {
+	eccKey, err := generateEccKey()
+	assert.Nil(t, err)
+	eccKeyStr, err := encodeEccKey(eccKey)
+	assert.Nil(t, err)
+	println(eccKeyStr)
+	util.WriteStringToPath(eccKeyStr, "acme_account.key")
+}

controllers/account.go

@@ -323,6 +323,17 @@ func (c *ApiController) Signup() {
 
 	// If OAuth parameters are present, generate OAuth code and return it
 	if clientId != "" && responseType == ResponseTypeCode {
+		consentRequired, err := object.CheckConsentRequired(user, application, scope)
+		if err != nil {
+			c.ResponseError(err.Error())
+			return
+		}
+
+		if consentRequired {
+			c.ResponseOk(map[string]bool{"required": true})
+			return
+		}
+
 		code, err := object.GetOAuthCode(userId, clientId, "", "password", responseType, redirectUri, scope, state, nonce, codeChallenge, "", c.Ctx.Request.Host, c.GetAcceptLanguage())
 		if err != nil {
 			c.ResponseError(err.Error(), nil)
@@ -364,18 +375,11 @@ func (c *ApiController) Logout() {
 
 		c.ClearUserSession()
 		c.ClearTokenSession()
-		owner, username, err := util.GetOwnerAndNameFromIdWithError(user)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-		_, err = object.DeleteSessionId(util.GetSessionId(owner, username, object.CasdoorApplication), c.Ctx.Input.CruSession.SessionID(context.Background()))
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
 
-		util.LogInfo(c.Ctx, "API: [%s] logged out", user)
+		if err := c.deleteUserSession(user); err != nil {
+			c.ResponseError(err.Error())
+			return
+		}
 
 		application := c.GetSessionApplication()
 		if application == nil || application.Name == "app-built-in" || application.HomepageUrl == "" {
@@ -415,21 +419,13 @@ func (c *ApiController) Logout() {
 
 		c.ClearUserSession()
 		c.ClearTokenSession()
+
 		// TODO https://github.com/casdoor/casdoor/pull/1494#discussion_r1095675265
-		owner, username, err := util.GetOwnerAndNameFromIdWithError(user)
-		if err != nil {
+		if err := c.deleteUserSession(user); err != nil {
 			c.ResponseError(err.Error())
 			return
 		}
 
-		_, err = object.DeleteSessionId(util.GetSessionId(owner, username, object.CasdoorApplication), c.Ctx.Input.CruSession.SessionID(context.Background()))
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		util.LogInfo(c.Ctx, "API: [%s] logged out", user)
-
 		if redirectUri == "" {
 			c.ResponseOk()
 			return
@@ -766,3 +762,24 @@ func (c *ApiController) GetCaptcha() {
 
 	c.ResponseOk(Captcha{Type: "none"})
 }
+
+func (c *ApiController) deleteUserSession(user string) error {
+	owner, username, err := util.GetOwnerAndNameFromIdWithError(user)
+	if err != nil {
+		return err
+	}
+
+	// Casdoor session ID derived from owner, username, and application
+	sessionId := util.GetSessionId(owner, username, object.CasdoorApplication)
+
+	// Explicitly get the Beego session ID from the context
+	beegoSessionId := c.Ctx.Input.CruSession.SessionID(context.Background())
+
+	_, err = object.DeleteSessionId(sessionId, beegoSessionId)
+	if err != nil {
+		return err
+	}
+
+	util.LogInfo(c.Ctx, "API: [%s] logged out", user)
+	return nil
+}

controllers/auth.go

@@ -167,6 +167,19 @@ func (c *ApiController) HandleLoggedIn(application *object.Application, user *ob
 			c.ResponseError(c.T("auth:Challenge method should be S256"))
 			return
 		}
+
+		consentRequired, err := object.CheckConsentRequired(user, application, scope)
+		if err != nil {
+			c.ResponseError(err.Error())
+			return
+		}
+
+		if consentRequired {
+			resp = &Response{Status: "ok", Data: map[string]bool{"required": true}}
+			resp.Data3 = user.NeedUpdatePassword
+			return
+		}
+
 		code, err := object.GetOAuthCode(userId, clientId, form.Provider, form.SigninMethod, responseType, redirectUri, scope, state, nonce, codeChallenge, resource, c.Ctx.Request.Host, c.GetAcceptLanguage())
 		if err != nil {
 			c.ResponseError(err.Error(), nil)
@@ -185,10 +198,14 @@ func (c *ApiController) HandleLoggedIn(application *object.Application, user *ob
 		} else {
 			scope := c.Ctx.Input.Query("scope")
 			nonce := c.Ctx.Input.Query("nonce")
-			token, _ := object.GetTokenByUser(application, user, scope, nonce, c.Ctx.Request.Host)
-			resp = tokenToResponse(token)
+			if !object.IsScopeValid(scope, application) {
+				resp = &Response{Status: "error", Msg: "error: invalid_scope", Data: ""}
+			} else {
+				token, _ := object.GetTokenByUser(application, user, scope, nonce, c.Ctx.Request.Host)
+				resp = tokenToResponse(token)
 
-			resp.Data3 = user.NeedUpdatePassword
+				resp.Data3 = user.NeedUpdatePassword
+			}
 		}
 	} else if form.Type == ResponseTypeDevice {
 		authCache, ok := object.DeviceAuthMap.LoadAndDelete(form.UserCode)
@@ -739,7 +756,11 @@ func (c *ApiController) Login() {
 			}
 		} else if provider.Category == "OAuth" || provider.Category == "Web3" {
 			// OAuth
-			idpInfo := object.FromProviderToIdpInfo(c.Ctx, provider)
+			idpInfo, err := object.FromProviderToIdpInfo(c.Ctx, provider)
+			if err != nil {
+				c.ResponseError(err.Error())
+				return
+			}
 			idpInfo.CodeVerifier = authForm.CodeVerifier
 			var idProvider idp.IdProvider
 			idProvider, err = idp.GetIdProvider(idpInfo, authForm.RedirectUri)
@@ -950,11 +971,13 @@ func (c *ApiController) Login() {
 						RegisterSource:    fmt.Sprintf("%s/%s", application.Organization, application.Name),
 					}
 
-					// Set group from invitation code if available, otherwise use provider's signup group
+					// Set group from invitation code if available, otherwise use provider's signup group or application's default group
 					if invitation != nil && invitation.SignupGroup != "" {
 						user.Groups = []string{invitation.SignupGroup}
 					} else if providerItem.SignupGroup != "" {
 						user.Groups = []string{providerItem.SignupGroup}
+					} else if application.DefaultGroup != "" {
+						user.Groups = []string{application.DefaultGroup}
 					}
 
 					var affected bool

controllers/cert.go

@@ -183,3 +183,40 @@ func (c *ApiController) DeleteCert() {
 	c.Data["json"] = wrapActionResponse(object.DeleteCert(&cert))
 	c.ServeJSON()
 }
+
+// UpdateCertDomainExpire
+// @Title UpdateCertDomainExpire
+// @Tag Cert API
+// @Description update cert domain expire time
+// @Param   id     query   string  true        "The ID of the cert"
+// @Success 200 {object} controllers.Response The Response object
+// @router /update-cert-domain-expire [post]
+func (c *ApiController) UpdateCertDomainExpire() {
+	if _, ok := c.RequireSignedIn(); !ok {
+		return
+	}
+
+	id := c.Ctx.Input.Query("id")
+	cert, err := object.GetCert(id)
+	if err != nil {
+		c.ResponseError(err.Error())
+		return
+	}
+
+	domainExpireTime, err := object.GetDomainExpireTime(cert.Name)
+	if err != nil {
+		c.ResponseError(err.Error())
+		return
+	}
+
+	if domainExpireTime == "" {
+		c.ResponseError("Failed to determine domain expiration time for domain " + cert.Name +
+			". Please verify that the domain is valid, publicly resolvable, and has a retrievable expiration date, " +
+			"or update the domain expiration time manually.")
+		return
+	}
+	cert.DomainExpireTime = domainExpireTime
+
+	c.Data["json"] = wrapActionResponse(object.UpdateCert(id, cert))
+	c.ServeJSON()
+}

controllers/consent.go

@@ -0,0 +1,226 @@
+// Copyright 2026 The Casdoor Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package controllers
+
+import (
+	"encoding/json"
+
+	"github.com/casdoor/casdoor/object"
+)
+
+// RevokeConsent revokes a consent record
+// @Title RevokeConsent
+// @Tag Consent API
+// @Description revoke a consent record
+// @Param body body object.ConsentRecord true "The consent object"
+// @Success 200 {object} controllers.Response The Response object
+// @router /revoke-consent [post]
+func (c *ApiController) RevokeConsent() {
+	userId := c.GetSessionUsername()
+	if userId == "" {
+		c.ResponseError(c.T("general:Please login first"))
+		return
+	}
+
+	var consent object.ConsentRecord
+	err := json.Unmarshal(c.Ctx.Input.RequestBody, &consent)
+	if err != nil {
+		c.ResponseError(err.Error())
+		return
+	}
+
+	// Validate that consent.Application is not empty
+	if consent.Application == "" {
+		c.ResponseError(c.T("general:Application cannot be empty"))
+		return
+	}
+
+	// Validate that GrantedScopes is not empty when scope-specific revoke is requested
+	if len(consent.GrantedScopes) == 0 {
+		c.ResponseError(c.T("general:Granted scopes cannot be empty"))
+		return
+	}
+
+	userObj, err := object.GetUser(userId)
+	if err != nil {
+		c.ResponseError(err.Error())
+		return
+	}
+	if userObj == nil {
+		c.ResponseError(c.T("general:The user doesn't exist"))
+		return
+	}
+
+	newScopes := []object.ConsentRecord{}
+	for _, record := range userObj.ApplicationScopes {
+		if record.Application != consent.Application {
+			// skip other applications
+			newScopes = append(newScopes, record)
+			continue
+		}
+		// revoke specified scopes
+		revokeSet := make(map[string]bool)
+		for _, s := range consent.GrantedScopes {
+			revokeSet[s] = true
+		}
+		remaining := []string{}
+		for _, s := range record.GrantedScopes {
+			if !revokeSet[s] {
+				remaining = append(remaining, s)
+			}
+		}
+		if len(remaining) > 0 {
+			// still have remaining scopes, keep the record and update
+			record.GrantedScopes = remaining
+			newScopes = append(newScopes, record)
+		}
+		// otherwise the application authorization is revoked, delete the whole record
+	}
+	userObj.ApplicationScopes = newScopes
+	success, err := object.UpdateUser(userObj.GetId(), userObj, nil, false)
+	if err != nil {
+		c.ResponseError(err.Error())
+		return
+	}
+	c.ResponseOk(success)
+}
+
+// GrantConsent grants consent for an OAuth application and returns authorization code
+// @Title GrantConsent
+// @Tag Consent API
+// @Description grant consent for an OAuth application and get authorization code
+// @Param body body object.ConsentRecord true "The consent object with OAuth parameters"
+// @Success 200 {object} controllers.Response The Response object
+// @router /grant-consent [post]
+func (c *ApiController) GrantConsent() {
+	userId := c.GetSessionUsername()
+	if userId == "" {
+		c.ResponseError(c.T("general:Please login first"))
+		return
+	}
+
+	var request struct {
+		Application  string   `json:"application"`
+		Scopes       []string `json:"grantedScopes"`
+		ClientId     string   `json:"clientId"`
+		Provider     string   `json:"provider"`
+		SigninMethod string   `json:"signinMethod"`
+		ResponseType string   `json:"responseType"`
+		RedirectUri  string   `json:"redirectUri"`
+		Scope        string   `json:"scope"`
+		State        string   `json:"state"`
+		Nonce        string   `json:"nonce"`
+		Challenge    string   `json:"challenge"`
+		Resource     string   `json:"resource"`
+	}
+
+	err := json.Unmarshal(c.Ctx.Input.RequestBody, &request)
+	if err != nil {
+		c.ResponseError(err.Error())
+		return
+	}
+
+	// Validate application by clientId
+	application, err := object.GetApplicationByClientId(request.ClientId)
+	if err != nil {
+		c.ResponseError(err.Error())
+		return
+	}
+	if application == nil {
+		c.ResponseError(c.T("general:Invalid client_id"))
+		return
+	}
+
+	// Verify that request.Application matches the application's actual ID
+	if request.Application != application.GetId() {
+		c.ResponseError(c.T("general:Invalid application"))
+		return
+	}
+
+	// Update user's ApplicationScopes
+	userObj, err := object.GetUser(userId)
+	if err != nil {
+		c.ResponseError(err.Error())
+		return
+	}
+	if userObj == nil {
+		c.ResponseError(c.T("general:User not found"))
+		return
+	}
+
+	appId := application.GetId()
+	found := false
+	// Insert new scope into existing applicationScopes
+	for i, record := range userObj.ApplicationScopes {
+		if record.Application == appId {
+			existing := make(map[string]bool)
+			for _, s := range userObj.ApplicationScopes[i].GrantedScopes {
+				existing[s] = true
+			}
+			for _, s := range request.Scopes {
+				if !existing[s] {
+					userObj.ApplicationScopes[i].GrantedScopes = append(userObj.ApplicationScopes[i].GrantedScopes, s)
+					existing[s] = true
+				}
+			}
+			found = true
+			break
+		}
+	}
+	// create a new applicationScopes if not found
+	if !found {
+		uniqueScopes := []string{}
+		existing := make(map[string]bool)
+		for _, s := range request.Scopes {
+			if !existing[s] {
+				uniqueScopes = append(uniqueScopes, s)
+				existing[s] = true
+			}
+		}
+		userObj.ApplicationScopes = append(userObj.ApplicationScopes, object.ConsentRecord{
+			Application:   appId,
+			GrantedScopes: uniqueScopes,
+		})
+	}
+
+	_, err = object.UpdateUser(userObj.GetId(), userObj, []string{"application_scopes"}, false)
+	if err != nil {
+		c.ResponseError(err.Error())
+		return
+	}
+
+	// Now get the OAuth code
+	code, err := object.GetOAuthCode(
+		userId,
+		request.ClientId,
+		request.Provider,
+		request.SigninMethod,
+		request.ResponseType,
+		request.RedirectUri,
+		request.Scope,
+		request.State,
+		request.Nonce,
+		request.Challenge,
+		request.Resource,
+		c.Ctx.Request.Host,
+		c.GetAcceptLanguage(),
+	)
+	if err != nil {
+		c.ResponseError(err.Error())
+		return
+	}
+
+	c.ResponseOk(code.Code)
+}

controllers/token.go

@@ -162,6 +162,9 @@ func (c *ApiController) DeleteToken() {
 func (c *ApiController) GetOAuthToken() {
 	clientId := c.Ctx.Input.Query("client_id")
 	clientSecret := c.Ctx.Input.Query("client_secret")
+	assertion := c.Ctx.Input.Query("assertion")
+	clientAssertion := c.Ctx.Input.Query("client_assertion")
+	clientAssertionType := c.Ctx.Input.Query("client_assertion_type")
 	grantType := c.Ctx.Input.Query("grant_type")
 	code := c.Ctx.Input.Query("code")
 	verifier := c.Ctx.Input.Query("code_verifier")
@@ -193,6 +196,12 @@ func (c *ApiController) GetOAuthToken() {
 			if clientSecret == "" {
 				clientSecret = tokenRequest.ClientSecret
 			}
+			if clientAssertion == "" {
+				clientAssertion = tokenRequest.ClientAssertion
+			}
+			if clientAssertionType == "" {
+				clientAssertionType = tokenRequest.ClientAssertionType
+			}
 			if grantType == "" {
 				grantType = tokenRequest.GrantType
 			}
@@ -235,9 +244,13 @@ func (c *ApiController) GetOAuthToken() {
 			if resource == "" {
 				resource = tokenRequest.Resource
 			}
+			if assertion == "" {
+				assertion = tokenRequest.Assertion
+			}
 		}
 	}
 
+	host := c.Ctx.Request.Host
 	if deviceCode != "" {
 		deviceAuthCache, ok := object.DeviceAuthMap.Load(deviceCode)
 		if !ok {
@@ -278,8 +291,7 @@ func (c *ApiController) GetOAuthToken() {
 		username = deviceAuthCacheCast.UserName
 	}
 
-	host := c.Ctx.Request.Host
-	token, err := object.GetOAuthToken(grantType, clientId, clientSecret, code, verifier, scope, nonce, username, password, host, refreshToken, tag, avatar, c.GetAcceptLanguage(), subjectToken, subjectTokenType, audience, resource)
+	token, err := object.GetOAuthToken(grantType, clientId, clientSecret, code, verifier, scope, nonce, username, password, host, refreshToken, tag, avatar, c.GetAcceptLanguage(), subjectToken, subjectTokenType, assertion, clientAssertion, clientAssertionType, audience, resource)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
@@ -323,7 +335,12 @@ func (c *ApiController) RefreshToken() {
 		}
 	}
 
-	refreshToken2, err := object.RefreshToken(grantType, refreshToken, scope, clientId, clientSecret, host)
+	ok, application, clientId, _, err := c.ValidateOAuth(true)
+	if err != nil || !ok {
+		return
+	}
+
+	refreshToken2, err := object.RefreshToken(application, grantType, refreshToken, scope, clientId, clientSecret, host)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
@@ -334,14 +351,79 @@ func (c *ApiController) RefreshToken() {
 	c.ServeJSON()
 }
 
-func (c *ApiController) ResponseTokenError(errorMsg string) {
+func (c *ApiController) ResponseTokenError(errorMsg string, errorDescription string) {
 	c.Data["json"] = &object.TokenError{
-		Error: errorMsg,
+		Error:            errorMsg,
+		ErrorDescription: errorDescription,
 	}
 	c.SetTokenErrorHttpStatus()
 	c.ServeJSON()
 }
 
+func (c *ApiController) ValidateOAuth(ignoreValidSecret bool) (ok bool, application *object.Application, clientId, clientSecret string, err error) {
+	reqClientId := c.Ctx.Input.Query("client_id")
+	reqClientSecret := c.Ctx.Input.Query("client_secret")
+	clientAssertion := c.Ctx.Input.Query("client_assertion")
+	clientAssertionType := c.Ctx.Input.Query("client_assertion_type")
+
+	if reqClientId == "" && clientAssertionType == "" {
+		var tokenRequest TokenRequest
+		if err := json.Unmarshal(c.Ctx.Input.RequestBody, &tokenRequest); err == nil {
+			reqClientId = tokenRequest.ClientId
+			reqClientSecret = tokenRequest.ClientSecret
+			clientAssertion = tokenRequest.ClientAssertion
+			clientAssertionType = tokenRequest.ClientAssertionType
+		}
+	}
+
+	if clientAssertionType == "urn:ietf:params:oauth:client-assertion-type:jwt-bearer" {
+		ok, application, err = object.ValidateClientAssertion(clientAssertion, c.Ctx.Request.Host)
+		if err != nil {
+			c.ResponseTokenError(object.InvalidClient, err.Error())
+			return
+		}
+
+		if !ok || application == nil {
+			c.ResponseTokenError(object.InvalidClient, "client_assertion is invalid")
+			return
+		}
+
+		clientSecret = application.ClientSecret
+		clientId = application.ClientId
+		ok = true
+		return
+	}
+
+	if reqClientId == "" && reqClientSecret == "" {
+		clientId, clientSecret, ok = c.Ctx.Request.BasicAuth()
+		if !ok {
+			clientId = c.Ctx.Input.Query("client_id")
+			clientSecret = c.Ctx.Input.Query("client_secret")
+			if clientId == "" || clientSecret == "" {
+				c.ResponseTokenError(object.InvalidRequest, "")
+				return
+			}
+		}
+	} else {
+		clientId = reqClientId
+		clientSecret = reqClientSecret
+	}
+
+	application, err = object.GetApplicationByClientId(clientId)
+	if err != nil {
+		c.ResponseTokenError(object.InvalidClient, err.Error())
+		return
+	}
+
+	if application == nil || (application.ClientSecret != clientSecret && !ignoreValidSecret) {
+		c.ResponseTokenError(object.InvalidClient, c.T("token:Invalid application or wrong clientSecret"))
+		return
+	}
+
+	ok = true
+	return
+}
+
 // IntrospectToken
 // @Title IntrospectToken
 // @Tag Login API
@@ -349,7 +431,7 @@ func (c *ApiController) ResponseTokenError(errorMsg string) {
 // parameter representing an OAuth 2.0 token and returns a JSON document
 // representing the meta information surrounding the
 // token, including whether this token is currently active.
-// This endpoint only support Basic Authorization.
+// This endpoint support Basic Authorization and authorization defined in RFC 7523.
 //
 // @Param token formData string true "access_token's value or refresh_token's value"
 // @Param token_type_hint formData string true "the token type access_token or refresh_token"
@@ -359,24 +441,9 @@ func (c *ApiController) ResponseTokenError(errorMsg string) {
 // @router /login/oauth/introspect [post]
 func (c *ApiController) IntrospectToken() {
 	tokenValue := c.Ctx.Input.Query("token")
-	clientId, clientSecret, ok := c.Ctx.Request.BasicAuth()
-	if !ok {
-		clientId = c.Ctx.Input.Query("client_id")
-		clientSecret = c.Ctx.Input.Query("client_secret")
-		if clientId == "" || clientSecret == "" {
-			c.ResponseTokenError(object.InvalidRequest)
-			return
-		}
-	}
 
-	application, err := object.GetApplicationByClientId(clientId)
-	if err != nil {
-		c.ResponseTokenError(err.Error())
-		return
-	}
-
-	if application == nil || application.ClientSecret != clientSecret {
-		c.ResponseTokenError(c.T("token:Invalid application or wrong clientSecret"))
+	ok, application, clientId, _, err := c.ValidateOAuth(false)
+	if err != nil || !ok {
 		return
 	}
 
@@ -390,7 +457,7 @@ func (c *ApiController) IntrospectToken() {
 	if tokenTypeHint != "" {
 		token, err = object.GetTokenByTokenValue(tokenValue, tokenTypeHint)
 		if err != nil {
-			c.ResponseTokenError(err.Error())
+			c.ResponseTokenError(object.InvalidRequest, err.Error())
 			return
 		}
 		if token == nil || token.ExpiresIn <= 0 {
@@ -467,7 +534,7 @@ func (c *ApiController) IntrospectToken() {
 	if tokenTypeHint == "" {
 		token, err = object.GetTokenByTokenValue(tokenValue, introspectionResponse.TokenType)
 		if err != nil {
-			c.ResponseTokenError(err.Error())
+			c.ResponseTokenError(object.InvalidRequest, err.Error())
 			return
 		}
 		if token == nil || token.ExpiresIn <= 0 {
@@ -479,7 +546,7 @@ func (c *ApiController) IntrospectToken() {
 	if token != nil {
 		application, err = object.GetApplication(fmt.Sprintf("%s/%s", token.Owner, token.Application))
 		if err != nil {
-			c.ResponseTokenError(err.Error())
+			c.ResponseTokenError(object.InvalidClient, err.Error())
 			return
 		}
 		if application == nil {

controllers/types.go

@@ -15,20 +15,23 @@
 package controllers
 
 type TokenRequest struct {
-	ClientId         string `json:"client_id"`
-	ClientSecret     string `json:"client_secret"`
-	GrantType        string `json:"grant_type"`
-	Code             string `json:"code"`
-	Verifier         string `json:"code_verifier"`
-	Scope            string `json:"scope"`
-	Nonce            string `json:"nonce"`
-	Username         string `json:"username"`
-	Password         string `json:"password"`
-	Tag              string `json:"tag"`
-	Avatar           string `json:"avatar"`
-	RefreshToken     string `json:"refresh_token"`
-	SubjectToken     string `json:"subject_token"`
-	SubjectTokenType string `json:"subject_token_type"`
-	Audience         string `json:"audience"`
-	Resource         string `json:"resource"` // RFC 8707 Resource Indicator
+	Assertion           string `json:"assertion"`
+	ClientId            string `json:"client_id"`
+	ClientSecret        string `json:"client_secret"`
+	ClientAssertion     string `json:"client_assertion"`
+	ClientAssertionType string `json:"client_assertion_type"`
+	GrantType           string `json:"grant_type"`
+	Code                string `json:"code"`
+	Verifier            string `json:"code_verifier"`
+	Scope               string `json:"scope"`
+	Nonce               string `json:"nonce"`
+	Username            string `json:"username"`
+	Password            string `json:"password"`
+	Tag                 string `json:"tag"`
+	Avatar              string `json:"avatar"`
+	RefreshToken        string `json:"refresh_token"`
+	SubjectToken        string `json:"subject_token"`
+	SubjectTokenType    string `json:"subject_token_type"`
+	Audience            string `json:"audience"`
+	Resource            string `json:"resource"` // RFC 8707 Resource Indicator
 }

email/provider.go

@@ -19,13 +19,16 @@ type EmailProvider interface {
 }
 
 func GetEmailProvider(typ string, clientId string, clientSecret string, host string, port int, sslMode string, endpoint string, method string, httpHeaders map[string]string, bodyMapping map[string]string, contentType string, enableProxy bool) EmailProvider {
-	if typ == "Azure ACS" {
+	switch typ {
+	case "Azure ACS":
 		return NewAzureACSEmailProvider(clientSecret, host)
-	} else if typ == "Custom HTTP Email" {
+	case "Custom HTTP Email":
 		return NewHttpEmailProvider(endpoint, method, httpHeaders, bodyMapping, contentType)
-	} else if typ == "SendGrid" {
+	case "SendGrid":
 		return NewSendgridEmailProvider(clientSecret, host, endpoint)
-	} else {
+	case "Resend":
+		return NewResendEmailProvider(clientSecret)
+	default:
 		return NewSmtpEmailProvider(clientId, clientSecret, host, port, typ, sslMode, enableProxy)
 	}
 }

email/resend.go

@@ -0,0 +1,48 @@
+// Copyright 2026 The Casdoor Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//	http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package email
+
+import (
+	"fmt"
+
+	"github.com/resend/resend-go/v3"
+)
+
+type ResendEmailProvider struct {
+	Client *resend.Client
+}
+
+func NewResendEmailProvider(apiKey string) *ResendEmailProvider {
+	client := resend.NewClient(apiKey)
+	client.UserAgent += " Casdoor"
+	return &ResendEmailProvider{Client: client}
+}
+
+func (s *ResendEmailProvider) Send(fromAddress string, fromName string, toAddresses []string, subject string, content string) error {
+	from := fromAddress
+	if fromName != "" {
+		from = fmt.Sprintf("%s <%s>", fromName, fromAddress)
+	}
+	params := &resend.SendEmailRequest{
+		From:    from,
+		To:      toAddresses,
+		Subject: subject,
+		Html:    content,
+	}
+	if _, err := s.Client.Emails.Send(params); err != nil {
+		return err
+	}
+	return nil
+}

go.mod

@@ -22,6 +22,7 @@ require (
 	github.com/beego/beego/v2 v2.3.8
 	github.com/beevik/etree v1.1.0
 	github.com/casbin/casbin/v2 v2.77.2
+	github.com/casbin/lego/v4 v4.5.4
 	github.com/casdoor/go-sms-sender v0.25.0
 	github.com/casdoor/gomail/v2 v2.2.0
 	github.com/casdoor/ldapserver v1.2.0
@@ -47,6 +48,8 @@ require (
 	github.com/json-iterator/go v1.1.12
 	github.com/lestrrat-go/jwx v1.2.29
 	github.com/lib/pq v1.10.9
+	github.com/likexian/whois v1.15.1
+	github.com/likexian/whois-parser v1.24.9
 	github.com/lor00x/goldap v0.0.0-20180618054307-a546dffdd1a3
 	github.com/markbates/goth v1.82.0
 	github.com/microsoft/go-mssqldb v1.9.0
@@ -57,6 +60,7 @@ require (
 	github.com/prometheus/client_golang v1.19.0
 	github.com/prometheus/client_model v0.6.0
 	github.com/qiangmzsx/string-adapter/v2 v2.1.0
+	github.com/resend/resend-go/v3 v3.1.0
 	github.com/robfig/cron/v3 v3.0.1
 	github.com/russellhaering/gosaml2 v0.9.0
 	github.com/russellhaering/goxmldsig v1.2.0
@@ -129,6 +133,7 @@ require (
 	github.com/clbanning/mxj/v2 v2.7.0 // indirect
 	github.com/cloudflare/circl v1.6.1 // indirect
 	github.com/cncf/xds/go v0.0.0-20240905190251-b4127c9b8d78 // indirect
+	github.com/cpuguy83/go-md2man/v2 v2.0.0 // indirect
 	github.com/cschomburg/go-pushbullet v0.0.0-20171206132031-67759df45fbb // indirect
 	github.com/cyphar/filepath-securejoin v0.4.1 // indirect
 	github.com/davecgh/go-spew v1.1.1 // indirect
@@ -188,6 +193,7 @@ require (
 	github.com/lestrrat-go/httpcc v1.0.1 // indirect
 	github.com/lestrrat-go/iter v1.0.2 // indirect
 	github.com/lestrrat-go/option v1.0.1 // indirect
+	github.com/likexian/gokit v0.25.13 // indirect
 	github.com/line/line-bot-sdk-go v7.8.0+incompatible // indirect
 	github.com/lufia/plan9stats v0.0.0-20211012122336-39d0f177ccd0 // indirect
 	github.com/markbates/going v1.0.0 // indirect
@@ -195,6 +201,7 @@ require (
 	github.com/mattn/go-colorable v0.1.13 // indirect
 	github.com/mattn/go-ieproxy v0.0.1 // indirect
 	github.com/mattn/go-isatty v0.0.20 // indirect
+	github.com/miekg/dns v1.1.43 // indirect
 	github.com/mileusna/viber v1.0.1 // indirect
 	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
 	github.com/modern-go/reflect2 v1.0.2 // indirect
@@ -211,14 +218,17 @@ require (
 	github.com/prometheus/common v0.48.0 // indirect
 	github.com/prometheus/procfs v0.12.0 // indirect
 	github.com/qiniu/go-sdk/v7 v7.12.1 // indirect
+	github.com/rainycape/memcache v0.0.0-20150622160815-1031fa0ce2f2 // indirect
 	github.com/redis/go-redis/v9 v9.5.5 // indirect
 	github.com/remyoudompheng/bigfft v0.0.0-20200410134404-eec4a21b6bb0 // indirect
 	github.com/rs/zerolog v1.33.0 // indirect
+	github.com/russross/blackfriday/v2 v2.0.1 // indirect
 	github.com/scim2/filter-parser/v2 v2.2.0 // indirect
 	github.com/sendgrid/rest v2.6.9+incompatible // indirect
 	github.com/sergi/go-diff v1.3.2-0.20230802210424-5b0b94c5c0d3 // indirect
 	github.com/shiena/ansicolor v0.0.0-20200904210342-c7312218db18 // indirect
 	github.com/shopspring/decimal v0.0.0-20180709203117-cd690d0c9e24 // indirect
+	github.com/shurcooL/sanitized_anchor_name v1.0.0 // indirect
 	github.com/siddontang/go v0.0.0-20180604090527-bdc77568d726 // indirect
 	github.com/sirupsen/logrus v1.9.3 // indirect
 	github.com/skeema/knownhosts v1.3.1 // indirect
@@ -238,6 +248,7 @@ require (
 	github.com/tklauser/numcpus v0.10.0 // indirect
 	github.com/twilio/twilio-go v1.13.0 // indirect
 	github.com/ucloud/ucloud-sdk-go v0.22.5 // indirect
+	github.com/urfave/cli v1.22.5 // indirect
 	github.com/utahta/go-linenotify v0.5.0 // indirect
 	github.com/volcengine/volc-sdk-golang v1.0.117 // indirect
 	github.com/x448/float16 v0.8.4 // indirect
@@ -272,6 +283,7 @@ require (
 	gopkg.in/alexcesaro/quotedprintable.v3 v3.0.0-20150716171945-2caba252f4dc // indirect
 	gopkg.in/ini.v1 v1.67.0 // indirect
 	gopkg.in/natefinch/lumberjack.v2 v2.2.1 // indirect
+	gopkg.in/square/go-jose.v2 v2.6.0 // indirect
 	gopkg.in/warnings.v0 v0.1.2 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 	lukechampine.com/uint128 v1.2.0 // indirect

go.sum

@@ -778,6 +778,7 @@ github.com/alibabacloud-go/tea-xml v1.1.1/go.mod h1:Rq08vgCcCAjHyRi/M7xlHKUykZCE
 github.com/alibabacloud-go/tea-xml v1.1.2/go.mod h1:Rq08vgCcCAjHyRi/M7xlHKUykZCEtyBy9+DPF6GgEu8=
 github.com/alibabacloud-go/tea-xml v1.1.3 h1:7LYnm+JbOq2B+T/B0fHC4Ies4/FofC4zHzYtqw7dgt0=
 github.com/alibabacloud-go/tea-xml v1.1.3/go.mod h1:Rq08vgCcCAjHyRi/M7xlHKUykZCEtyBy9+DPF6GgEu8=
+github.com/aliyun/alibaba-cloud-sdk-go v1.61.1183/go.mod h1:pUKYbK5JQ+1Dfxk80P0qxGqe5dkxDoabbZS7zOcouyA=
 github.com/aliyun/alibaba-cloud-sdk-go v1.63.107 h1:qagvUyrgOnBIlVRQWOyCZGVKUIYbMBdGdJ104vBpRFU=
 github.com/aliyun/alibaba-cloud-sdk-go v1.63.107/go.mod h1:SOSDHfe1kX91v3W5QiBsWSLqeLxImobbMX1mxrFHsVQ=
 github.com/aliyun/aliyun-oss-go-sdk v2.2.2+incompatible h1:9gWa46nstkJ9miBReJcN8Gq34cBFbzSpQZVVT9N09TM=
@@ -850,6 +851,8 @@ github.com/casbin/casbin/v2 v2.28.3/go.mod h1:vByNa/Fchek0KZUgG5wEsl7iFsiviAYKRt
 github.com/casbin/casbin/v2 v2.37.0/go.mod h1:vByNa/Fchek0KZUgG5wEsl7iFsiviAYKRtgrQfcJqHg=
 github.com/casbin/casbin/v2 v2.77.2 h1:yQinn/w9x8AswiwqwtrXz93VU48R1aYTXdHEx4RI3jM=
 github.com/casbin/casbin/v2 v2.77.2/go.mod h1:mzGx0hYW9/ksOSpw3wNjk3NRAroq5VMFYUQ6G43iGPk=
+github.com/casbin/lego/v4 v4.5.4 h1:WdVEj1A5KmKZheNuFNLF/5+UUkpXLt9mEOrLX3E81Vo=
+github.com/casbin/lego/v4 v4.5.4/go.mod h1:JjTyJgN5pyrDPcg3+aAM1NtFQIXl8zDgsoSS1TnVpJ8=
 github.com/casdoor/casdoor-go-sdk v0.50.0 h1:bUYbz/MzJuWfLKJbJM0+U0YpYewAur+THp5TKnufWZM=
 github.com/casdoor/casdoor-go-sdk v0.50.0/go.mod h1:cMnkCQJgMYpgAlgEx8reSt1AVaDIQLcJ1zk5pzBaz+4=
 github.com/casdoor/go-sms-sender v0.25.0 h1:eF4cOCSbjVg7+0uLlJQnna/FQ0BWW+Fp/x4cXhzQu1Y=
@@ -911,6 +914,8 @@ github.com/coreos/go-semver v0.3.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3Ee
 github.com/coreos/go-systemd/v22 v22.3.2/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc=
 github.com/coreos/go-systemd/v22 v22.5.0/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc=
 github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU=
+github.com/cpuguy83/go-md2man/v2 v2.0.0 h1:EoUDS0afbrsXAZ9YQ9jdu/mZ2sXgT1/2yyNng4PGlyM=
+github.com/cpuguy83/go-md2man/v2 v2.0.0/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU=
 github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
 github.com/cschomburg/go-pushbullet v0.0.0-20171206132031-67759df45fbb h1:7X9nrm+LNWdxzQOiCjy0G51rNUxbH35IDHCjAMvogyM=
 github.com/cschomburg/go-pushbullet v0.0.0-20171206132031-67759df45fbb/go.mod h1:RfQ9wji3fjcSEsQ+uFCtIh3+BXgcZum8Kt3JxvzYzlk=
@@ -1308,6 +1313,7 @@ github.com/jcmturner/gokrb5/v8 v8.4.2/go.mod h1:sb+Xq/fTY5yktf/VxLsE3wlfPqQjp0aW
 github.com/jcmturner/rpc/v2 v2.0.3/go.mod h1:VUJYCIDm3PVOEHw8sgt091/20OJjskO/YJki3ELg/Hc=
 github.com/jinzhu/configor v1.2.1 h1:OKk9dsR8i6HPOCZR8BcMtcEImAFjIhbJFZNyn5GCZko=
 github.com/jinzhu/configor v1.2.1/go.mod h1:nX89/MOmDba7ZX7GCyU/VIaQ2Ar2aizBl2d3JLF/rDc=
+github.com/jmespath/go-jmespath v0.0.0-20180206201540-c2b33e8439af/go.mod h1:Nht3zPeWKUH0NzdCt2Blrr5ys8VGpn0CEB0cQHVjt7k=
 github.com/jmespath/go-jmespath v0.4.0 h1:BEgLn5cpjn8UN1mAw4NjwDrS35OdebyEtFe+9YPoQUg=
 github.com/jmespath/go-jmespath v0.4.0/go.mod h1:T8mJZnbsbmF+m6zOOFylbeCJqk5+pHWvzYPziyZiYoo=
 github.com/jmespath/go-jmespath/internal/testify v1.5.1 h1:shLQSRRSCCPj3f2gpwzGwWFoC7ycTf1rcQZHOlsJ6N8=
@@ -1321,7 +1327,9 @@ github.com/jonboulle/clockwork v0.2.2/go.mod h1:Pkfl5aHPm1nk2H9h0bjmnJD/BcgbGXUB
 github.com/jordan-wright/email v4.0.1-0.20210109023952-943e75fe5223+incompatible h1:jdpOPRN1zP63Td1hDQbZW73xKmzDvZHzVdNYxhnTMDA=
 github.com/jordan-wright/email v4.0.1-0.20210109023952-943e75fe5223+incompatible/go.mod h1:1c7szIrayyPPB/987hsnvNzLushdWf4o/79s3P08L8A=
 github.com/jpillora/backoff v1.0.0/go.mod h1:J/6gKK9jxlEcS3zixgDgUAsiuZ7yrSoa/FX5e0EB2j4=
+github.com/json-iterator/go v1.1.5/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU=
 github.com/json-iterator/go v1.1.6/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU=
+github.com/json-iterator/go v1.1.7/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4=
 github.com/json-iterator/go v1.1.9/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4=
 github.com/json-iterator/go v1.1.10/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4=
 github.com/json-iterator/go v1.1.11/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4=
@@ -1390,6 +1398,12 @@ github.com/lib/pq v1.7.0/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o=
 github.com/lib/pq v1.8.0/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o=
 github.com/lib/pq v1.10.9 h1:YXG7RB+JIjhP29X+OtkiDnYaXQwpS4JEWq7dtCCRUEw=
 github.com/lib/pq v1.10.9/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o=
+github.com/likexian/gokit v0.25.13 h1:p2Uw3+6fGG53CwdU2Dz0T6bOycdb2+bAFAa3ymwWVkM=
+github.com/likexian/gokit v0.25.13/go.mod h1:qQhEWFBEfqLCO3/vOEo2EDKd+EycekVtUK4tex+l2H4=
+github.com/likexian/whois v1.15.1 h1:6vTMI8n9s1eJdmcO4R9h1x99aQWIZZX1CD3am68gApU=
+github.com/likexian/whois v1.15.1/go.mod h1:/nxmQ6YXvLz+qTxC/QFtEJNAt0zLuRxJrKiWpBJX8X0=
+github.com/likexian/whois-parser v1.24.9 h1:BT6fzO3lj3F07yzVv0YXoaj+K4Ush0/cF+Yp6tvJJgk=
+github.com/likexian/whois-parser v1.24.9/go.mod h1:b6STMHHDaSKbd4PzGrP50wWE5NzeBUETa/hT9gI0G9I=
 github.com/line/line-bot-sdk-go v7.8.0+incompatible h1:Uf9/OxV0zCVfqyvwZPH8CrdiHXXmMRa/L91G3btQblQ=
 github.com/line/line-bot-sdk-go v7.8.0+incompatible/go.mod h1:0RjLjJEAU/3GIcHkC3av6O4jInAbt25nnZVmOFUgDBg=
 github.com/localtunnel/go-localtunnel v0.0.0-20170326223115-8a804488f275 h1:IZycmTpoUtQK3PD60UYBwjaCUHUP7cML494ao9/O8+Q=
@@ -1434,6 +1448,7 @@ github.com/microsoft/go-mssqldb v1.9.0 h1:5Vq+u2f4LDujJNeZn62Z4kBDEC9MjLv0ukRzOu
 github.com/microsoft/go-mssqldb v1.9.0/go.mod h1:GBbW9ASTiDC+mpgWDGKdm3FnFLTUsLYN3iFL90lQ+PA=
 github.com/miekg/dns v1.0.14/go.mod h1:W1PPwlIAgtquWBMBEV9nkV9Cazfe8ScdGz/Lj7v3Nrg=
 github.com/miekg/dns v1.1.26/go.mod h1:bPDLeHnStXmXAq1m/Ch/hvfNHr14JKNPMBo3VZKjuso=
+github.com/miekg/dns v1.1.43 h1:JKfpVSCB84vrAmHzyrsxB5NAr5kLoMXZArPSw7Qlgyg=
 github.com/miekg/dns v1.1.43/go.mod h1:+evo5L0630/F6ca/Z9+GAqzhjGyn8/c+TBaOyfEl0V4=
 github.com/mileusna/viber v1.0.1 h1:gWB6/lKoWYVxkH0Jb8jRnGIRZ/9DEM7RBZRJHRfdYWs=
 github.com/mileusna/viber v1.0.1/go.mod h1:Pxu/iPMnYjnHgu+bEp3SiKWHWmlf/kDp/yOX8XUdYrQ=
@@ -1572,12 +1587,16 @@ github.com/qiniu/dyn v1.3.0/go.mod h1:E8oERcm8TtwJiZvkQPbcAh0RL8jO1G0VXJMW3FAWdk
 github.com/qiniu/go-sdk/v7 v7.12.1 h1:FZG5dhs2MZBV/mHVhmHnsgsQ+j1gSE0RqIoA2WwEDwY=
 github.com/qiniu/go-sdk/v7 v7.12.1/go.mod h1:btsaOc8CA3hdVloULfFdDgDc+g4f3TDZEFsDY0BLE+w=
 github.com/qiniu/x v1.10.5/go.mod h1:03Ni9tj+N2h2aKnAz+6N0Xfl8FwMEDRC2PAlxekASDs=
+github.com/rainycape/memcache v0.0.0-20150622160815-1031fa0ce2f2 h1:dq90+d51/hQRaHEqRAsQ1rE/pC1GUS4sc2rCbbFsAIY=
+github.com/rainycape/memcache v0.0.0-20150622160815-1031fa0ce2f2/go.mod h1:7tZKcyumwBO6qip7RNQ5r77yrssm9bfCowcLEBcU5IA=
 github.com/rcrowley/go-metrics v0.0.0-20181016184325-3113b8401b8a/go.mod h1:bCqnVzQkZxMG4s8nGwiZ5l3QUCyqpo9Y+/ZMZ9VjZe4=
 github.com/rcrowley/go-metrics v0.0.0-20201227073835-cf1acfcdf475/go.mod h1:bCqnVzQkZxMG4s8nGwiZ5l3QUCyqpo9Y+/ZMZ9VjZe4=
 github.com/redis/go-redis/v9 v9.5.5 h1:51VEyMF8eOO+NUHFm8fpg+IOc1xFuFOhxs3R+kPu1FM=
 github.com/redis/go-redis/v9 v9.5.5/go.mod h1:hdY0cQFCN4fnSYT6TkisLufl/4W5UIXyv0b/CLO2V2M=
 github.com/remyoudompheng/bigfft v0.0.0-20200410134404-eec4a21b6bb0 h1:OdAsTTz6OkFY5QxjkYwrChwuRruF69c169dPK26NUlk=
 github.com/remyoudompheng/bigfft v0.0.0-20200410134404-eec4a21b6bb0/go.mod h1:qqbHyh8v60DhA7CoWK5oRCqLrMHRGoxYCSS9EjAz6Eo=
+github.com/resend/resend-go/v3 v3.1.0 h1:bJpU5gYCDcczLdhCo37oy9mOmdtSVlOzM6IfWX9zhMw=
+github.com/resend/resend-go/v3 v3.1.0/go.mod h1:iI7VA0NoGjWvsNii5iNC5Dy0llsI3HncXPejhniYzwE=
 github.com/robfig/cron/v3 v3.0.1 h1:WdRxkvbJztn8LMz/QEvLN5sBU+xKpSqwwUO1Pjr4qDs=
 github.com/robfig/cron/v3 v3.0.1/go.mod h1:eQICP3HwyT7UooqI/z+Ov+PtYAWygg1TEWWzGIFLtro=
 github.com/rogpeppe/fastuuid v1.2.0/go.mod h1:jVj6XXZzXRy/MSR5jhDC/2q6DgLz+nrA6LYCDYWNEvQ=
@@ -1595,6 +1614,7 @@ github.com/russellhaering/gosaml2 v0.9.0 h1:CNMnH42z/GirrKjdmNrSS6bAAs47F9bPdl4P
 github.com/russellhaering/gosaml2 v0.9.0/go.mod h1:byViER/1YPUa0Puj9ROZblpoq2jsE7h/CJmitzX0geU=
 github.com/russellhaering/goxmldsig v1.2.0 h1:Y6GTTc9Un5hCxSzVz4UIWQ/zuVwDvzJk80guqzwx6Vg=
 github.com/russellhaering/goxmldsig v1.2.0/go.mod h1:gM4MDENBQf7M+V824SGfyIUVFWydB7n0KkEubVJl+Tw=
+github.com/russross/blackfriday/v2 v2.0.1 h1:lPqVAte+HuHNfhJ/0LC98ESWRz8afy9tM/0RK8m9o+Q=
 github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
 github.com/ruudk/golang-pdf417 v0.0.0-20181029194003-1af4ab5afa58/go.mod h1:6lfFZQK844Gfx8o5WFuvpxWRwnSoipWe/p622j1v06w=
 github.com/ruudk/golang-pdf417 v0.0.0-20201230142125-a7e3863a1245/go.mod h1:pQAZKsJ8yyVxGRWYNEm9oFB8ieLgKFnamEyDmSA0BRk=
@@ -1616,6 +1636,7 @@ github.com/shirou/gopsutil/v4 v4.25.9 h1:JImNpf6gCVhKgZhtaAHJ0serfFGtlfIlSC08eaK
 github.com/shirou/gopsutil/v4 v4.25.9/go.mod h1:gxIxoC+7nQRwUl/xNhutXlD8lq+jxTgpIkEf3rADHL8=
 github.com/shopspring/decimal v0.0.0-20180709203117-cd690d0c9e24 h1:pntxY8Ary0t43dCZ5dqY4YTJCObLY1kIXl0uzMv+7DE=
 github.com/shopspring/decimal v0.0.0-20180709203117-cd690d0c9e24/go.mod h1:M+9NzErvs504Cn4c5DxATwIqPbtswREoFCre64PpcG4=
+github.com/shurcooL/sanitized_anchor_name v1.0.0 h1:PdmoCO6wvbs+7yrJyMORt4/BmY5IYyJwS/kOiWx8mHo=
 github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc=
 github.com/siddontang/go v0.0.0-20180604090527-bdc77568d726 h1:xT+JlYxNGqyT+XcU8iUrN18JYed2TvG9yN5ULG2jATM=
 github.com/siddontang/go v0.0.0-20180604090527-bdc77568d726/go.mod h1:3yhqj7WBBfRhbBlzyOC3gUxftwsU0u8gqevxwIHQpMw=
@@ -1636,7 +1657,9 @@ github.com/skeema/knownhosts v1.3.1/go.mod h1:r7KTdC8l4uxWRyK2TpQZ/1o5HaSzh06ePQ
 github.com/slack-go/slack v0.15.0 h1:LE2lj2y9vqqiOf+qIIy0GvEoxgF1N5yLGZffmEZykt0=
 github.com/slack-go/slack v0.15.0/go.mod h1:hlGi5oXA+Gt+yWTPP0plCdRKmjsDxecdHxYQdlMQKOw=
 github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d/go.mod h1:OnSkiWE9lh6wB0YB77sQom3nweQdgAjqCqsofrRNTgc=
+github.com/smartystreets/assertions v1.0.1/go.mod h1:kHHU4qYBaI3q23Pp3VPrmWhuIUrLW/7eUrw0BU5VaoM=
 github.com/smartystreets/assertions v1.1.0/go.mod h1:tcbTF8ujkAEcZ8TElKY+i30BzYlVhC/LOxJk7iOWnoo=
+github.com/smartystreets/goconvey v0.0.0-20190330032615-68dc04aab96a/go.mod h1:syvi0/a8iFYH4r/RixwvyeAJjdLS9QV7WQ/tjFTllLA=
 github.com/smartystreets/goconvey v1.6.4/go.mod h1:syvi0/a8iFYH4r/RixwvyeAJjdLS9QV7WQ/tjFTllLA=
 github.com/sony/gobreaker v0.4.1/go.mod h1:ZKptC7FHNvhBz7dN2LGjPVBz2sZJmc0/PkyDJOjmxWY=
 github.com/sony/sonyflake v1.0.0 h1:MpU6Ro7tfXwgn2l5eluf9xQvQJDROTBImNCfRXn/YeM=
@@ -1653,6 +1676,7 @@ github.com/streadway/handy v0.0.0-20200128134331-0f66f006fb2e/go.mod h1:qNTQ5P5J
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/objx v0.2.0/go.mod h1:qt09Ya8vawLte6SNmTgCsAVtYtaKzEcn8ATUoHMkEqE=
+github.com/stretchr/objx v0.3.0/go.mod h1:qt09Ya8vawLte6SNmTgCsAVtYtaKzEcn8ATUoHMkEqE=
 github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=
 github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo=
 github.com/stretchr/objx v0.5.2 h1:xuMeJ0Sdp5ZMRXx/aWO6RZxdr3beISkG5/G/aIRr3pY=
@@ -1712,6 +1736,8 @@ github.com/uber/jaeger-lib v2.4.1+incompatible h1:td4jdvLcExb4cBISKIpHuGoVXh+dVK
 github.com/uber/jaeger-lib v2.4.1+incompatible/go.mod h1:ComeNDZlWwrWnDv8aPp0Ba6+uUTzImX/AauajbLI56U=
 github.com/ucloud/ucloud-sdk-go v0.22.5 h1:GIltVwMDUqQj4iPL/emsZAMhEYWjLTwZqpOxdkdDrM8=
 github.com/ucloud/ucloud-sdk-go v0.22.5/go.mod h1:dyLmFHmUfgb4RZKYQP9IArlvQ2pxzFthfhwxRzOEPIw=
+github.com/urfave/cli v1.22.5 h1:lNq9sAHXK2qfdI8W+GRItjCEkI+2oR4d+MEHy1CKXoU=
+github.com/urfave/cli v1.22.5/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0=
 github.com/urfave/cli/v2 v2.3.0/go.mod h1:LJmUH05zAU44vOAcrfzZQKsZbVcdbOG8rtL3/XcUArI=
 github.com/utahta/go-linenotify v0.5.0 h1:E1tJaB/XhqRY/iz203FD0MaHm10DjQPOq5/Mem2A3Gs=
 github.com/utahta/go-linenotify v0.5.0/go.mod h1:KsvBXil2wx+ByaCR0e+IZKTbp4pDesc7yjzRigLf6pE=
@@ -2632,13 +2658,17 @@ gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EV
 gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI=
 gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys=
 gopkg.in/gcfg.v1 v1.2.3/go.mod h1:yesOnuUOFQAhST5vPY4nbZsb/huCgGGXlipJsBn0b3o=
+gopkg.in/ini.v1 v1.42.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
 gopkg.in/ini.v1 v1.56.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
+gopkg.in/ini.v1 v1.62.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
 gopkg.in/ini.v1 v1.66.6/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
 gopkg.in/ini.v1 v1.67.0 h1:Dgnx+6+nfE+IfzjUEISNeydPJh9AXNNsWbGP9KzCsOA=
 gopkg.in/ini.v1 v1.67.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
 gopkg.in/natefinch/lumberjack.v2 v2.0.0/go.mod h1:l0ndWWf7gzL7RNwBG7wST/UCcT4T24xpD6X8LsfU/+k=
 gopkg.in/natefinch/lumberjack.v2 v2.2.1 h1:bBRl1b0OH9s/DuPhuXpNl+VtCaJXFZ5/uEFST95x9zc=
 gopkg.in/natefinch/lumberjack.v2 v2.2.1/go.mod h1:YD8tP3GAjkrDg1eZH7EGmyESg/lsYskCTPBJVb9jqSc=
+gopkg.in/square/go-jose.v2 v2.6.0 h1:NGk74WTnPKBNUhNzQX7PYcTLUjoq7mzKk2OKbvwk2iI=
+gopkg.in/square/go-jose.v2 v2.6.0/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI=
 gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 h1:uRGJdciOHaEIrze2W8Q3AKkepLTh2hOroT7a+7czfdQ=
 gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWDmTeBkI65Dw0HsyUHuEVlX15mw=
 gopkg.in/warnings.v0 v0.1.2 h1:wFXVbFY8DY5/xOe1ECiWdKCzZlxgshcYVNkBHstARME=

i18n/util.go

@@ -98,15 +98,22 @@ func Translate(language string, errorText string) string {
 	if langMap[language] == nil {
 		file, err := f.ReadFile(fmt.Sprintf("locales/%s/data.json", language))
 		if err != nil {
-			return fmt.Sprintf("Translate error: the language \"%s\" is not supported, err = %s", language, err.Error())
+			originalLanguage := language
+			language = "en"
+			file, err = f.ReadFile(fmt.Sprintf("locales/%s/data.json", language))
+			if err != nil {
+				return fmt.Sprintf("Translate error: the language \"%s\" is not supported, err = %s", originalLanguage, err.Error())
+			}
 		}
 
-		data := I18nData{}
-		err = util.JsonToStruct(string(file), &data)
-		if err != nil {
-			panic(err)
+		if langMap[language] == nil {
+			data := I18nData{}
+			err = util.JsonToStruct(string(file), &data)
+			if err != nil {
+				panic(err)
+			}
+			langMap[language] = data
 		}
-		langMap[language] = data
 	}
 
 	res := langMap[language][tokens[0]][tokens[1]]

idp/alipay.go

@@ -264,27 +264,31 @@ func rsaSignWithRSA256(signContent string, privateKey string) (string, error) {
 
 // privateKey in database is a string, format it to PEM style
 func formatPrivateKey(privateKey string) string {
-	// each line length is 64
-	preFmtPrivateKey := ""
-	for i := 0; ; {
-		if i+64 <= len(privateKey) {
-			preFmtPrivateKey = preFmtPrivateKey + privateKey[i:i+64] + "\n"
-			i += 64
-		} else {
-			preFmtPrivateKey = preFmtPrivateKey + privateKey[i:]
-			break
+	// Check if the key is already in PEM format
+	if strings.HasPrefix(privateKey, "-----BEGIN PRIVATE KEY-----") ||
+		strings.HasPrefix(privateKey, "-----BEGIN RSA PRIVATE KEY-----") {
+		// Key is already in PEM format, return as is
+		return privateKey
+	}
+
+	// Remove any whitespace from the key
+	privateKey = strings.ReplaceAll(privateKey, "\n", "")
+	privateKey = strings.ReplaceAll(privateKey, "\r", "")
+	privateKey = strings.ReplaceAll(privateKey, " ", "")
+
+	// Format the key with line breaks every 64 characters using strings.Builder
+	var builder strings.Builder
+	for i := 0; i < len(privateKey); i += 64 {
+		end := i + 64
+		if end > len(privateKey) {
+			end = len(privateKey)
+		}
+		builder.WriteString(privateKey[i:end])
+		if end < len(privateKey) {
+			builder.WriteString("\n")
 		}
 	}
-	privateKey = strings.Trim(preFmtPrivateKey, "\n")
 
 	// add pkcs#8 BEGIN and END
-	PemBegin := "-----BEGIN PRIVATE KEY-----\n"
-	PemEnd := "\n-----END PRIVATE KEY-----"
-	if !strings.HasPrefix(privateKey, PemBegin) {
-		privateKey = PemBegin + privateKey
-	}
-	if !strings.HasSuffix(privateKey, PemEnd) {
-		privateKey = privateKey + PemEnd
-	}
-	return privateKey
+	return "-----BEGIN PRIVATE KEY-----\n" + builder.String() + "\n-----END PRIVATE KEY-----"
 }

init_data.json.template

@@ -67,6 +67,8 @@
         {"name": "ID", "visible": true, "viewRule": "Public", "modifyRule": "Immutable"},
         {"name": "Name", "visible": true, "viewRule": "Public", "modifyRule": "Admin"},
         {"name": "Display name", "visible": true, "viewRule": "Public", "modifyRule": "Self"},
+        {"name": "First name", "visible": true, "viewRule": "Public", "modifyRule": "Self"},
+        {"name": "Last name", "visible": true, "viewRule": "Public", "modifyRule": "Self"},
         {"name": "Avatar", "visible": true, "viewRule": "Public", "modifyRule": "Self"},
         {"name": "User type", "visible": true, "viewRule": "Public", "modifyRule": "Admin"},
         {"name": "Password", "visible": true, "viewRule": "Self", "modifyRule": "Self"},
@@ -81,6 +83,7 @@
         {"name": "Title", "visible": true, "viewRule": "Public", "modifyRule": "Self"},
         {"name": "ID card type", "visible": true, "viewRule": "Public", "modifyRule": "Self"},
         {"name": "ID card", "visible": true, "viewRule": "Public", "modifyRule": "Self"},
+        {"name": "ID card info", "visible": true, "viewRule": "Self", "modifyRule": "Self"},
         {"name": "Real name", "visible": true, "viewRule": "Public", "modifyRule": "Self"},
         {"name": "ID verification", "visible": true, "viewRule": "Self", "modifyRule": "Self"},
         {"name": "Homepage", "visible": true, "viewRule": "Public", "modifyRule": "Self"},
@@ -101,6 +104,7 @@
         {"name": "Signup application", "visible": true, "viewRule": "Public", "modifyRule": "Admin"},
         {"name": "Register type", "visible": true, "viewRule": "Public", "modifyRule": "Admin"},
         {"name": "Register source", "visible": true, "viewRule": "Public", "modifyRule": "Admin"},
+        {"name": "API key", "visible": true, "viewRule": "Self", "modifyRule": "Self"},
         {"name": "Roles", "visible": true, "viewRule": "Public", "modifyRule": "Immutable"},
         {"name": "Permissions", "visible": true, "viewRule": "Public", "modifyRule": "Immutable"},
         {"name": "Groups", "visible": true, "viewRule": "Public", "modifyRule": "Admin"},
@@ -110,9 +114,14 @@
         {"name": "Is forbidden", "visible": true, "viewRule": "Admin", "modifyRule": "Admin"},
         {"name": "Is deleted", "visible": true, "viewRule": "Admin", "modifyRule": "Admin"},
         {"name": "Multi-factor authentication", "visible": true, "viewRule": "Self", "modifyRule": "Self"},
+        {"name": "MFA items", "visible": true, "viewRule": "Self", "modifyRule": "Self"},
         {"name": "WebAuthn credentials", "visible": true, "viewRule": "Self", "modifyRule": "Self"},
+        {"name": "Last change password time", "visible": true, "viewRule": "Admin", "modifyRule": "Admin"},
         {"name": "Managed accounts", "visible": true, "viewRule": "Self", "modifyRule": "Self"},
-        {"name": "MFA accounts", "visible": true, "viewRule": "Self", "modifyRule": "Self"}
+        {"name": "Face ID", "visible": true, "viewRule": "Self", "modifyRule": "Self"},
+        {"name": "MFA accounts", "visible": true, "viewRule": "Self", "modifyRule": "Self"},
+        {"name": "Need update password", "visible": true, "viewRule": "Admin", "modifyRule": "Admin"},
+        {"name": "IP whitelist", "visible": true, "viewRule": "Admin", "modifyRule": "Admin"}
       ]
     }
   ],

mcp/auth.go

@@ -15,6 +15,7 @@
 package mcp
 
 import (
+	"strings"
 	"time"
 
 	"github.com/casdoor/casdoor/object"
@@ -120,3 +121,58 @@ func (c *McpController) GetAcceptLanguage() string {
 	}
 	return language
 }
+
+// GetTokenFromRequest extracts the Bearer token from the Authorization header
+func (c *McpController) GetTokenFromRequest() string {
+	authHeader := c.Ctx.Request.Header.Get("Authorization")
+	if authHeader == "" {
+		return ""
+	}
+
+	// Extract Bearer token
+	parts := strings.SplitN(authHeader, " ", 2)
+	if len(parts) != 2 || !strings.EqualFold(parts[0], "Bearer") {
+		return ""
+	}
+
+	return parts[1]
+}
+
+// GetClaimsFromToken parses and validates the JWT token and returns the claims
+// Returns nil if no token is present or if token is invalid
+func (c *McpController) GetClaimsFromToken() *object.Claims {
+	tokenString := c.GetTokenFromRequest()
+	if tokenString == "" {
+		return nil
+	}
+
+	// Try to find the application for this token
+	// For MCP, we'll try to parse using the first available application's certificate
+	// In a production scenario, you might want to use a specific MCP application
+	token, err := object.GetTokenByAccessToken(tokenString)
+	if err != nil || token == nil {
+		return nil
+	}
+
+	application, err := object.GetApplication(token.Application)
+	if err != nil || application == nil {
+		return nil
+	}
+
+	claims, err := object.ParseJwtTokenByApplication(tokenString, application)
+	if err != nil {
+		return nil
+	}
+
+	return claims
+}
+
+// GetScopesFromClaims extracts the scopes from JWT claims and returns them as a slice
+func GetScopesFromClaims(claims *object.Claims) []string {
+	if claims == nil || claims.Scope == "" {
+		return []string{}
+	}
+
+	// Scopes are space-separated in OAuth 2.0
+	return strings.Split(claims.Scope, " ")
+}

mcp/base.go

@@ -268,7 +268,160 @@ func (c *McpController) handlePing(req McpRequest) {
 }
 
 func (c *McpController) handleToolsList(req McpRequest) {
-	tools := []McpTool{
+	allTools := c.getAllTools()
+
+	// Get JWT claims from the request
+	claims := c.GetClaimsFromToken()
+
+	// If no token is present, check session authentication
+	if claims == nil {
+		username := c.GetSessionUsername()
+		// If user is authenticated via session, return all tools (backward compatibility)
+		if username != "" {
+			result := McpListToolsResult{
+				Tools: allTools,
+			}
+			c.McpResponseOk(req.ID, result)
+			return
+		}
+
+		// Unauthenticated request - return all tools for discovery
+		// This allows clients to see what tools are available before authenticating
+		result := McpListToolsResult{
+			Tools: allTools,
+		}
+		c.McpResponseOk(req.ID, result)
+		return
+	}
+
+	// Token-based authentication - filter tools by scopes
+	grantedScopes := GetScopesFromClaims(claims)
+	allowedTools := GetToolsForScopes(grantedScopes, BuiltinScopes)
+
+	// Filter tools based on allowed scopes
+	var filteredTools []McpTool
+	for _, tool := range allTools {
+		if allowedTools[tool.Name] {
+			filteredTools = append(filteredTools, tool)
+		}
+	}
+
+	result := McpListToolsResult{
+		Tools: filteredTools,
+	}
+
+	c.McpResponseOk(req.ID, result)
+}
+
+func (c *McpController) handleToolsCall(req McpRequest) {
+	var params McpCallToolParams
+	err := json.Unmarshal(req.Params, &params)
+	if err != nil {
+		c.sendInvalidParamsError(req.ID, err.Error())
+		return
+	}
+
+	// Check scope-tool permission
+	if !c.checkToolPermission(req.ID, params.Name) {
+		return // Error already sent by checkToolPermission
+	}
+
+	// Route to the appropriate tool handler
+	switch params.Name {
+	case "get_applications":
+		var args GetApplicationsArgs
+		if err := json.Unmarshal(params.Arguments, &args); err != nil {
+			c.sendInvalidParamsError(req.ID, err.Error())
+			return
+		}
+		c.handleGetApplicationsTool(req.ID, args)
+	case "get_application":
+		var args GetApplicationArgs
+		if err := json.Unmarshal(params.Arguments, &args); err != nil {
+			c.sendInvalidParamsError(req.ID, err.Error())
+			return
+		}
+		c.handleGetApplicationTool(req.ID, args)
+	case "add_application":
+		var args AddApplicationArgs
+		if err := json.Unmarshal(params.Arguments, &args); err != nil {
+			c.sendInvalidParamsError(req.ID, err.Error())
+			return
+		}
+		c.handleAddApplicationTool(req.ID, args)
+	case "update_application":
+		var args UpdateApplicationArgs
+		if err := json.Unmarshal(params.Arguments, &args); err != nil {
+			c.sendInvalidParamsError(req.ID, err.Error())
+			return
+		}
+		c.handleUpdateApplicationTool(req.ID, args)
+	case "delete_application":
+		var args DeleteApplicationArgs
+		if err := json.Unmarshal(params.Arguments, &args); err != nil {
+			c.sendInvalidParamsError(req.ID, err.Error())
+			return
+		}
+		c.handleDeleteApplicationTool(req.ID, args)
+	default:
+		c.McpResponseError(req.ID, -32602, "Invalid tool name", fmt.Sprintf("Tool '%s' not found", params.Name))
+	}
+}
+
+// checkToolPermission validates that the current token has the required scope for the tool
+// Returns false and sends an error response if permission is denied
+func (c *McpController) checkToolPermission(id interface{}, toolName string) bool {
+	// Get JWT claims from the request
+	claims := c.GetClaimsFromToken()
+
+	// If no token is present, check if the user is authenticated via session
+	if claims == nil {
+		username := c.GetSessionUsername()
+		// If user is authenticated via session (e.g., session cookie), allow access
+		// This maintains backward compatibility with existing session-based auth
+		if username != "" {
+			return true
+		}
+
+		// No authentication present - deny access
+		c.sendInsufficientScopeError(id, toolName, []string{})
+		return false
+	}
+
+	// Extract scopes from claims
+	grantedScopes := GetScopesFromClaims(claims)
+
+	// Get allowed tools for the granted scopes
+	allowedTools := GetToolsForScopes(grantedScopes, BuiltinScopes)
+
+	// Check if the requested tool is allowed
+	if !allowedTools[toolName] {
+		c.sendInsufficientScopeError(id, toolName, grantedScopes)
+		return false
+	}
+
+	return true
+}
+
+// sendInsufficientScopeError sends an error response for insufficient scope
+func (c *McpController) sendInsufficientScopeError(id interface{}, toolName string, grantedScopes []string) {
+	// Find required scope for this tool
+	requiredScope := GetRequiredScopeForTool(toolName, BuiltinScopes)
+
+	errorData := map[string]interface{}{
+		"tool":           toolName,
+		"granted_scopes": grantedScopes,
+	}
+	if requiredScope != "" {
+		errorData["required_scope"] = requiredScope
+	}
+
+	c.McpResponseError(id, -32001, "insufficient_scope", errorData)
+}
+
+// getAllTools returns all available MCP tools
+func (c *McpController) getAllTools() []McpTool {
+	return []McpTool{
 		{
 			Name:        "get_applications",
 			Description: "Get all applications for a specific owner",
@@ -344,60 +497,4 @@ func (c *McpController) handleToolsList(req McpRequest) {
 			},
 		},
 	}
-
-	result := McpListToolsResult{
-		Tools: tools,
-	}
-
-	c.McpResponseOk(req.ID, result)
-}
-
-func (c *McpController) handleToolsCall(req McpRequest) {
-	var params McpCallToolParams
-	err := json.Unmarshal(req.Params, &params)
-	if err != nil {
-		c.sendInvalidParamsError(req.ID, err.Error())
-		return
-	}
-
-	// Route to the appropriate tool handler
-	switch params.Name {
-	case "get_applications":
-		var args GetApplicationsArgs
-		if err := json.Unmarshal(params.Arguments, &args); err != nil {
-			c.sendInvalidParamsError(req.ID, err.Error())
-			return
-		}
-		c.handleGetApplicationsTool(req.ID, args)
-	case "get_application":
-		var args GetApplicationArgs
-		if err := json.Unmarshal(params.Arguments, &args); err != nil {
-			c.sendInvalidParamsError(req.ID, err.Error())
-			return
-		}
-		c.handleGetApplicationTool(req.ID, args)
-	case "add_application":
-		var args AddApplicationArgs
-		if err := json.Unmarshal(params.Arguments, &args); err != nil {
-			c.sendInvalidParamsError(req.ID, err.Error())
-			return
-		}
-		c.handleAddApplicationTool(req.ID, args)
-	case "update_application":
-		var args UpdateApplicationArgs
-		if err := json.Unmarshal(params.Arguments, &args); err != nil {
-			c.sendInvalidParamsError(req.ID, err.Error())
-			return
-		}
-		c.handleUpdateApplicationTool(req.ID, args)
-	case "delete_application":
-		var args DeleteApplicationArgs
-		if err := json.Unmarshal(params.Arguments, &args); err != nil {
-			c.sendInvalidParamsError(req.ID, err.Error())
-			return
-		}
-		c.handleDeleteApplicationTool(req.ID, args)
-	default:
-		c.McpResponseError(req.ID, -32602, "Invalid tool name", fmt.Sprintf("Tool '%s' not found", params.Name))
-	}
 }

mcp/permission.go

@@ -0,0 +1,158 @@
+// Copyright 2026 The Casdoor Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package mcp
+
+import (
+	"github.com/casdoor/casdoor/object"
+)
+
+// BuiltinScopes defines the default scope-to-tool mappings for Casdoor's MCP server
+var BuiltinScopes = []*object.ScopeItem{
+	{
+		Name:        "application:read",
+		DisplayName: "Read Applications",
+		Description: "View application list and details",
+		Tools:       []string{"get_applications", "get_application"},
+	},
+	{
+		Name:        "application:write",
+		DisplayName: "Manage Applications",
+		Description: "Create, update, and delete applications",
+		Tools:       []string{"add_application", "update_application", "delete_application"},
+	},
+	{
+		Name:        "user:read",
+		DisplayName: "Read Users",
+		Description: "View user list and details",
+		Tools:       []string{"get_users", "get_user"},
+	},
+	{
+		Name:        "user:write",
+		DisplayName: "Manage Users",
+		Description: "Create, update, and delete users",
+		Tools:       []string{"add_user", "update_user", "delete_user"},
+	},
+	{
+		Name:        "organization:read",
+		DisplayName: "Read Organizations",
+		Description: "View organization list and details",
+		Tools:       []string{"get_organizations", "get_organization"},
+	},
+	{
+		Name:        "organization:write",
+		DisplayName: "Manage Organizations",
+		Description: "Create, update, and delete organizations",
+		Tools:       []string{"add_organization", "update_organization", "delete_organization"},
+	},
+	{
+		Name:        "permission:read",
+		DisplayName: "Read Permissions",
+		Description: "View permission list and details",
+		Tools:       []string{"get_permissions", "get_permission"},
+	},
+	{
+		Name:        "permission:write",
+		DisplayName: "Manage Permissions",
+		Description: "Create, update, and delete permissions",
+		Tools:       []string{"add_permission", "update_permission", "delete_permission"},
+	},
+	{
+		Name:        "role:read",
+		DisplayName: "Read Roles",
+		Description: "View role list and details",
+		Tools:       []string{"get_roles", "get_role"},
+	},
+	{
+		Name:        "role:write",
+		DisplayName: "Manage Roles",
+		Description: "Create, update, and delete roles",
+		Tools:       []string{"add_role", "update_role", "delete_role"},
+	},
+	{
+		Name:        "provider:read",
+		DisplayName: "Read Providers",
+		Description: "View provider list and details",
+		Tools:       []string{"get_providers", "get_provider"},
+	},
+	{
+		Name:        "provider:write",
+		DisplayName: "Manage Providers",
+		Description: "Create, update, and delete providers",
+		Tools:       []string{"add_provider", "update_provider", "delete_provider"},
+	},
+	{
+		Name:        "token:read",
+		DisplayName: "Read Tokens",
+		Description: "View token list and details",
+		Tools:       []string{"get_tokens", "get_token"},
+	},
+	{
+		Name:        "token:write",
+		DisplayName: "Manage Tokens",
+		Description: "Delete tokens",
+		Tools:       []string{"delete_token"},
+	},
+}
+
+// ConvenienceScopes defines alias scopes that expand to multiple resource scopes
+var ConvenienceScopes = map[string][]string{
+	"read":  {"application:read", "user:read", "organization:read", "permission:read", "role:read", "provider:read", "token:read"},
+	"write": {"application:write", "user:write", "organization:write", "permission:write", "role:write", "provider:write", "token:write"},
+	"admin": {"application:read", "application:write", "user:read", "user:write", "organization:read", "organization:write", "permission:read", "permission:write", "role:read", "role:write", "provider:read", "provider:write", "token:read", "token:write"},
+}
+
+// GetToolsForScopes returns a map of tools allowed by the given scopes
+// The grantedScopes are the scopes present in the token
+// The registry contains the scope-to-tool mappings (either BuiltinScopes or Application.Scopes)
+func GetToolsForScopes(grantedScopes []string, registry []*object.ScopeItem) map[string]bool {
+	allowed := make(map[string]bool)
+
+	// Expand convenience scopes first
+	expandedScopes := make([]string, 0)
+	for _, scopeName := range grantedScopes {
+		if expansion, isConvenience := ConvenienceScopes[scopeName]; isConvenience {
+			expandedScopes = append(expandedScopes, expansion...)
+		} else {
+			expandedScopes = append(expandedScopes, scopeName)
+		}
+	}
+
+	// Map scopes to tools
+	for _, scopeName := range expandedScopes {
+		for _, item := range registry {
+			if item.Name == scopeName {
+				for _, tool := range item.Tools {
+					allowed[tool] = true
+				}
+				break
+			}
+		}
+	}
+
+	return allowed
+}
+
+// GetRequiredScopeForTool returns the first scope that provides access to the given tool
+// Returns an empty string if no scope is found for the tool
+func GetRequiredScopeForTool(toolName string, registry []*object.ScopeItem) string {
+	for _, scopeItem := range registry {
+		for _, tool := range scopeItem.Tools {
+			if tool == toolName {
+				return scopeItem.Name
+			}
+		}
+	}
+	return ""
+}

object/application.go

@@ -68,9 +68,10 @@ type JwtItem struct {
 }
 
 type ScopeItem struct {
-	Name        string `json:"name"`
-	DisplayName string `json:"displayName"`
-	Description string `json:"description"`
+	Name        string   `json:"name"`
+	DisplayName string   `json:"displayName"`
+	Description string   `json:"description"`
+	Tools       []string `json:"tools"` // MCP tools allowed by this scope
 }
 
 type Application struct {
@@ -124,6 +125,7 @@ type Application struct {
 
 	ClientId                string     `xorm:"varchar(100)" json:"clientId"`
 	ClientSecret            string     `xorm:"varchar(100)" json:"clientSecret"`
+	ClientCert              string     `xorm:"varchar(100)" json:"clientCert"`
 	RedirectUris            []string   `xorm:"varchar(1000)" json:"redirectUris"`
 	ForcedRedirectOrigin    string     `xorm:"varchar(100)" json:"forcedRedirectOrigin"`
 	TokenFormat             string     `xorm:"varchar(100)" json:"tokenFormat"`
@@ -153,6 +155,15 @@ type Application struct {
 	FailedSigninLimit      int `json:"failedSigninLimit"`
 	FailedSigninFrozenTime int `json:"failedSigninFrozenTime"`
 	CodeResendTimeout      int `json:"codeResendTimeout"`
+
+	CustomScopes []*ScopeDescription `xorm:"mediumtext" json:"customScopes"`
+
+	// Reverse proxy fields
+	Domain       string   `xorm:"varchar(100)" json:"domain"`
+	OtherDomains []string `xorm:"varchar(1000)" json:"otherDomains"`
+	UpstreamHost string   `xorm:"varchar(100)" json:"upstreamHost"`
+	SslMode      string   `xorm:"varchar(100)" json:"sslMode"`
+	SslCert      string   `xorm:"varchar(100)" json:"sslCert"`
 }
 
 func GetApplicationCount(owner, field, value string) (int64, error) {
@@ -737,6 +748,11 @@ func UpdateApplication(id string, application *Application, isGlobalAdmin bool,
 		return false, err
 	}
 
+	err = validateCustomScopes(application.CustomScopes, lang)
+	if err != nil {
+		return false, err
+	}
+
 	for _, providerItem := range application.Providers {
 		providerItem.Provider = nil
 	}
@@ -792,6 +808,11 @@ func AddApplication(application *Application) (bool, error) {
 		return false, err
 	}
 
+	err = validateCustomScopes(application.CustomScopes, "en")
+	if err != nil {
+		return false, err
+	}
+
 	for _, providerItem := range application.Providers {
 		providerItem.Provider = nil
 	}

object/cert.go

@@ -17,6 +17,7 @@ package object
 import (
 	"fmt"
 
+	"github.com/casdoor/casdoor/certificate"
 	"github.com/casdoor/casdoor/util"
 	"github.com/xorm-io/core"
 )
@@ -33,6 +34,13 @@ type Cert struct {
 	BitSize         int    `json:"bitSize"`
 	ExpireInYears   int    `json:"expireInYears"`
 
+	ExpireTime       string `xorm:"varchar(100)" json:"expireTime"`
+	DomainExpireTime string `xorm:"varchar(100)" json:"domainExpireTime"`
+	Provider         string `xorm:"varchar(100)" json:"provider"`
+	Account          string `xorm:"varchar(100)" json:"account"`
+	AccessKey        string `xorm:"varchar(100)" json:"accessKey"`
+	AccessSecret     string `xorm:"varchar(100)" json:"accessSecret"`
+
 	Certificate string `xorm:"mediumtext" json:"certificate"`
 	PrivateKey  string `xorm:"mediumtext" json:"privateKey"`
 }
@@ -224,6 +232,20 @@ func (p *Cert) populateContent() error {
 		return nil
 	}
 
+	if p.Type == "SSL" {
+		if p.Certificate != "" {
+			expireTime, err := util.GetCertExpireTime(p.Certificate)
+			if err != nil {
+				return err
+			}
+
+			p.ExpireTime = expireTime
+		} else {
+			p.ExpireTime = ""
+		}
+		return nil
+	}
+
 	if len(p.CryptoAlgorithm) < 3 {
 		err := fmt.Errorf("populateContent() error, unsupported crypto algorithm: %s", p.CryptoAlgorithm)
 		return err
@@ -258,6 +280,42 @@ func (p *Cert) populateContent() error {
 	return nil
 }
 
+func RenewCert(cert *Cert) (bool, error) {
+	useProxy := false
+	if cert.Provider == "GoDaddy" {
+		useProxy = true
+	}
+
+	client, err := GetAcmeClient(useProxy)
+	if err != nil {
+		return false, err
+	}
+
+	var certStr, privateKey string
+	if cert.Provider == "Aliyun" {
+		certStr, privateKey, err = certificate.ObtainCertificateAli(client, cert.Name, cert.AccessKey, cert.AccessSecret)
+	} else if cert.Provider == "GoDaddy" {
+		certStr, privateKey, err = certificate.ObtainCertificateGoDaddy(client, cert.Name, cert.AccessKey, cert.AccessSecret)
+	} else {
+		return false, fmt.Errorf("unknown provider: %s", cert.Provider)
+	}
+
+	if err != nil {
+		return false, err
+	}
+
+	expireTime, err := util.GetCertExpireTime(certStr)
+	if err != nil {
+		return false, err
+	}
+
+	cert.ExpireTime = expireTime
+	cert.Certificate = certStr
+	cert.PrivateKey = privateKey
+
+	return UpdateCert(cert.GetId(), cert)
+}
+
 func getCertByApplication(application *Application) (*Cert, error) {
 	if application.Cert != "" {
 		return getCertByName(application.Cert)

object/cert_whois.go

@@ -0,0 +1,75 @@
+// Copyright 2023 The casbin Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package object
+
+import (
+	"strings"
+	"time"
+
+	"github.com/casdoor/casdoor/util"
+	"github.com/likexian/whois"
+	whoisparser "github.com/likexian/whois-parser"
+)
+
+func getDomainExpireTime(domainName string) (string, error) {
+	domainName, err := util.GetBaseDomain(domainName)
+	if err != nil {
+		return "", err
+	}
+
+	server := ""
+	if strings.HasSuffix(domainName, ".com") || strings.HasSuffix(domainName, ".net") {
+		server = "whois.verisign-grs.com"
+	} else if strings.HasSuffix(domainName, ".org") {
+		server = "whois.pir.org"
+	} else if strings.HasSuffix(domainName, ".io") {
+		server = "whois.nic.io"
+	} else if strings.HasSuffix(domainName, ".co") {
+		server = "whois.nic.co"
+	} else if strings.HasSuffix(domainName, ".cn") {
+		server = "whois.cnnic.cn"
+	} else if strings.HasSuffix(domainName, ".run") {
+		server = "whois.nic.run"
+	} else {
+		server = "grs-whois.hichina.com" // com, net, cc, tv
+	}
+
+	client := whois.NewClient()
+	//if server != "whois.cnnic.cn" && server != "grs-whois.hichina.com" {
+	//	dialer := proxy.GetProxyDialer()
+	//	if dialer != nil {
+	//		client.SetDialer(dialer)
+	//	}
+	//}
+
+	data, err := client.Whois(domainName, server)
+	if err != nil {
+		if !strings.HasSuffix(domainName, ".run") || data == "" {
+			return "", err
+		}
+	}
+
+	whoisInfo, err := whoisparser.Parse(data)
+	if err != nil {
+		return "", err
+	}
+
+	res := whoisInfo.Domain.ExpirationDateInTime.Local().Format(time.RFC3339)
+	return res, nil
+}
+
+func GetDomainExpireTime(domainName string) (string, error) {
+	return getDomainExpireTime(domainName)
+}

object/init.go

@@ -53,6 +53,8 @@ func getBuiltInAccountItems() []*AccountItem {
 		{Name: "ID", Visible: true, ViewRule: "Public", ModifyRule: "Immutable"},
 		{Name: "Name", Visible: true, ViewRule: "Public", ModifyRule: "Admin"},
 		{Name: "Display name", Visible: true, ViewRule: "Public", ModifyRule: "Self"},
+		{Name: "First name", Visible: true, ViewRule: "Public", ModifyRule: "Self"},
+		{Name: "Last name", Visible: true, ViewRule: "Public", ModifyRule: "Self"},
 		{Name: "Avatar", Visible: true, ViewRule: "Public", ModifyRule: "Self"},
 		{Name: "User type", Visible: true, ViewRule: "Public", ModifyRule: "Admin"},
 		{Name: "Password", Visible: true, ViewRule: "Self", ModifyRule: "Self"},
@@ -67,6 +69,7 @@ func getBuiltInAccountItems() []*AccountItem {
 		{Name: "Title", Visible: true, ViewRule: "Public", ModifyRule: "Self"},
 		{Name: "ID card type", Visible: true, ViewRule: "Public", ModifyRule: "Self"},
 		{Name: "ID card", Visible: true, ViewRule: "Public", ModifyRule: "Self"},
+		{Name: "ID card info", Visible: true, ViewRule: "Self", ModifyRule: "Self"},
 		{Name: "Real name", Visible: true, ViewRule: "Public", ModifyRule: "Self"},
 		{Name: "ID verification", Visible: true, ViewRule: "Self", ModifyRule: "Self"},
 		{Name: "Homepage", Visible: true, ViewRule: "Public", ModifyRule: "Self"},
@@ -87,18 +90,25 @@ func getBuiltInAccountItems() []*AccountItem {
 		{Name: "Signup application", Visible: true, ViewRule: "Public", ModifyRule: "Admin"},
 		{Name: "Register type", Visible: true, ViewRule: "Public", ModifyRule: "Admin"},
 		{Name: "Register source", Visible: true, ViewRule: "Public", ModifyRule: "Admin"},
+		{Name: "API key", Visible: true, ViewRule: "Self", ModifyRule: "Self"},
 		{Name: "Roles", Visible: true, ViewRule: "Public", ModifyRule: "Immutable"},
 		{Name: "Permissions", Visible: true, ViewRule: "Public", ModifyRule: "Immutable"},
 		{Name: "Groups", Visible: true, ViewRule: "Public", ModifyRule: "Admin"},
+		{Name: "Consents", Visible: true, ViewRule: "Self", ModifyRule: "Self"},
 		{Name: "3rd-party logins", Visible: true, ViewRule: "Self", ModifyRule: "Self"},
 		{Name: "Properties", Visible: true, ViewRule: "Admin", ModifyRule: "Admin"},
 		{Name: "Is admin", Visible: true, ViewRule: "Admin", ModifyRule: "Admin"},
 		{Name: "Is forbidden", Visible: true, ViewRule: "Admin", ModifyRule: "Admin"},
 		{Name: "Is deleted", Visible: true, ViewRule: "Admin", ModifyRule: "Admin"},
 		{Name: "Multi-factor authentication", Visible: true, ViewRule: "Self", ModifyRule: "Self"},
+		{Name: "MFA items", Visible: true, ViewRule: "Self", ModifyRule: "Self"},
 		{Name: "WebAuthn credentials", Visible: true, ViewRule: "Self", ModifyRule: "Self"},
+		{Name: "Last change password time", Visible: true, ViewRule: "Admin", ModifyRule: "Admin"},
 		{Name: "Managed accounts", Visible: true, ViewRule: "Self", ModifyRule: "Self"},
+		{Name: "Face ID", Visible: true, ViewRule: "Self", ModifyRule: "Self"},
 		{Name: "MFA accounts", Visible: true, ViewRule: "Self", ModifyRule: "Self"},
+		{Name: "Need update password", Visible: true, ViewRule: "Admin", ModifyRule: "Admin"},
+		{Name: "IP whitelist", Visible: true, ViewRule: "Admin", ModifyRule: "Admin"},
 	}
 }
 

object/ormer.go

@@ -62,6 +62,12 @@ func InitFlag() {
 	configPath = *configPathPtr
 	exportData = *exportDataPtr
 	exportFilePath = *exportFilePathPtr
+
+	// Load beego config from the specified config path
+	err := web.LoadAppConfig("ini", configPath)
+	if err != nil {
+		panic(fmt.Sprintf("failed to load config from %s: %v", configPath, err))
+	}
 }
 
 func ShouldExportData() bool {

object/payment.go

@@ -33,6 +33,8 @@ type Payment struct {
 	// Product Info
 	Products            []string `xorm:"varchar(1000)" json:"products"`
 	ProductsDisplayName string   `xorm:"varchar(1000)" json:"productsDisplayName"`
+	ProductName         string   `xorm:"varchar(1000)" json:"productName"`
+	ProductDisplayName  string   `xorm:"varchar(1000)" json:"productDisplayName"`
 	Detail              string   `xorm:"varchar(255)" json:"detail"`
 	Currency            string   `xorm:"varchar(100)" json:"currency"`
 	Price               float64  `json:"price"`
@@ -303,7 +305,7 @@ func NotifyPayment(body []byte, owner string, paymentName string, lang string) (
 		order.Message = "Payment successful"
 		order.UpdateTime = util.GetCurrentTime()
 	} else if payment.State == pp.PaymentStateError {
-		order.State = "PaymentFailed"
+		order.State = "Failed"
 		order.Message = payment.Message
 		order.UpdateTime = util.GetCurrentTime()
 	} else if payment.State == pp.PaymentStateCanceled {

object/provider.go

@@ -564,7 +564,7 @@ func providerChangeTrigger(oldName string, newName string) error {
 	return session.Commit()
 }
 
-func FromProviderToIdpInfo(ctx *context.Context, provider *Provider) *idp.ProviderInfo {
+func FromProviderToIdpInfo(ctx *context.Context, provider *Provider) (*idp.ProviderInfo, error) {
 	providerInfo := &idp.ProviderInfo{
 		Type:          provider.Type,
 		SubType:       provider.SubType,
@@ -588,9 +588,19 @@ func FromProviderToIdpInfo(ctx *context.Context, provider *Provider) *idp.Provid
 		}
 	} else if provider.Type == "ADFS" || provider.Type == "AzureAD" || provider.Type == "AzureADB2C" || provider.Type == "Casdoor" || provider.Type == "Okta" {
 		providerInfo.HostUrl = provider.Domain
+	} else if provider.Type == "Alipay" && provider.Cert != "" {
+		// For Alipay with certificate mode, load private key from certificate
+		cert, err := GetCert(util.GetId(provider.Owner, provider.Cert))
+		if err != nil {
+			return nil, fmt.Errorf("failed to load certificate for Alipay provider %s: %w", provider.Name, err)
+		}
+		if cert == nil {
+			return nil, fmt.Errorf("certificate not found for Alipay provider %s", provider.Name)
+		}
+		providerInfo.ClientSecret = cert.PrivateKey
 	}
 
-	return providerInfo
+	return providerInfo, nil
 }
 
 func GetIdvProviderFromProvider(provider *Provider) idv.IdvProvider {

object/site_cert_account.go

@@ -0,0 +1,103 @@
+// Copyright 2023 The casbin Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package object
+
+import (
+	"fmt"
+
+	"github.com/casbin/lego/v4/acme"
+	"github.com/casbin/lego/v4/certcrypto"
+	"github.com/casbin/lego/v4/lego"
+	"github.com/casbin/lego/v4/registration"
+	"github.com/casdoor/casdoor/certificate"
+	"github.com/casdoor/casdoor/conf"
+	"github.com/casdoor/casdoor/proxy"
+)
+
+func getLegoClientAndAccount(email string, privateKey string, devMode bool, useProxy bool) (*lego.Client, *certificate.Account, error) {
+	eccKey, err := decodeEccKey(privateKey)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	account := &certificate.Account{
+		Email: email,
+		Key:   eccKey,
+	}
+
+	config := lego.NewConfig(account)
+	if devMode {
+		config.CADirURL = lego.LEDirectoryStaging
+	} else {
+		config.CADirURL = lego.LEDirectoryProduction
+	}
+
+	config.Certificate.KeyType = certcrypto.RSA2048
+
+	if useProxy {
+		config.HTTPClient = proxy.ProxyHttpClient
+	} else {
+		config.HTTPClient = proxy.DefaultHttpClient
+	}
+
+	client, err := lego.NewClient(config)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	return client, account, nil
+}
+
+func getAcmeClient(email string, privateKey string, devMode bool, useProxy bool) (*lego.Client, error) {
+	// Create a user. New accounts need an email and private key to start.
+	client, account, err := getLegoClientAndAccount(email, privateKey, devMode, useProxy)
+	if err != nil {
+		return nil, err
+	}
+
+	// try to obtain an account based on the private key
+	account.Registration, err = client.Registration.ResolveAccountByKey()
+	if err != nil {
+		acmeError, ok := err.(*acme.ProblemDetails)
+		if !ok {
+			return nil, err
+		}
+
+		if acmeError.Type != "urn:ietf:params:acme:error:accountDoesNotExist" {
+			return nil, err
+		}
+
+		// Failed to get account, so create an account based on the private key.
+		account.Registration, err = client.Registration.Register(registration.RegisterOptions{TermsOfServiceAgreed: true})
+		if err != nil {
+			return nil, err
+		}
+	}
+
+	return client, nil
+}
+
+func GetAcmeClient(useProxy bool) (*lego.Client, error) {
+	acmeEmail := conf.GetConfigString("acmeEmail")
+	acmePrivateKey := conf.GetConfigString("acmePrivateKey")
+	if acmeEmail == "" {
+		return nil, fmt.Errorf("acmeEmail should not be empty")
+	}
+	if acmePrivateKey == "" {
+		return nil, fmt.Errorf("acmePrivateKey should not be empty")
+	}
+
+	return getAcmeClient(acmeEmail, acmePrivateKey, false, useProxy)
+}

object/site_cert_ecc.go

@@ -0,0 +1,59 @@
+// Copyright 2023 The casbin Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package object
+
+import (
+	"crypto/ecdsa"
+	"crypto/elliptic"
+	"crypto/rand"
+	"crypto/x509"
+	"encoding/pem"
+	"fmt"
+	"strings"
+)
+
+// generateEccKey generates a public and private key pair.(NIST P-256)
+func generateEccKey() *ecdsa.PrivateKey {
+	privateKey, _ := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
+	return privateKey
+}
+
+// encodeEccKey Return the input private key object as string type private key
+func encodeEccKey(privateKey *ecdsa.PrivateKey) string {
+	x509Encoded, err := x509.MarshalECPrivateKey(privateKey)
+	if err != nil {
+		panic(err)
+	}
+
+	pemEncoded := pem.EncodeToMemory(&pem.Block{Type: "EC PRIVATE KEY", Bytes: x509Encoded})
+	return string(pemEncoded)
+}
+
+// decodeEccKey Return the entered private key string as a private key object that can be used
+func decodeEccKey(pemEncoded string) (*ecdsa.PrivateKey, error) {
+	pemEncoded = strings.ReplaceAll(pemEncoded, "\\n", "\n")
+	block, _ := pem.Decode([]byte(pemEncoded))
+	if block == nil {
+		return nil, fmt.Errorf("decodeEccKey() error, block should not be nil")
+	}
+
+	x509Encoded := block.Bytes
+	privateKey, err := x509.ParseECPrivateKey(x509Encoded)
+	if err != nil {
+		return nil, err
+	}
+
+	return privateKey, nil
+}

object/sms.go

@@ -15,8 +15,10 @@
 package object
 
 import (
+	"strconv"
 	"strings"
 
+	"github.com/casdoor/casdoor/conf"
 	sender "github.com/casdoor/go-sms-sender"
 )
 
@@ -61,6 +63,13 @@ func SendSms(provider *Provider, content string, phoneNumbers ...string) error {
 		params["0"] = content
 	} else {
 		params["code"] = content
+		if provider.Type == "Alibaba Cloud PNVS SMS" {
+			timeoutInMinutes, err := conf.GetConfigInt64("verificationCodeTimeout")
+			if err != nil || timeoutInMinutes <= 0 {
+				timeoutInMinutes = 10
+			}
+			params["min"] = strconv.FormatInt(timeoutInMinutes, 10)
+		}
 	}
 
 	err = client.SendMessage(params, phoneNumbers...)

object/syncer_dingtalk.go

@@ -406,27 +406,61 @@ func (p *DingtalkSyncerProvider) getDingtalkUsers() ([]*OriginalUser, error) {
 	return originalUsers, nil
 }
 
+// getDingtalkUserFieldValue extracts a field value from DingtalkUser by field name
+func (p *DingtalkSyncerProvider) getDingtalkUserFieldValue(dingtalkUser *DingtalkUser, fieldName string) string {
+	switch fieldName {
+	case "userid":
+		return dingtalkUser.UserId
+	case "unionid":
+		return dingtalkUser.UnionId
+	case "name":
+		return dingtalkUser.Name
+	case "email":
+		return dingtalkUser.Email
+	case "mobile":
+		return dingtalkUser.Mobile
+	case "avatar":
+		return dingtalkUser.Avatar
+	case "title":
+		return dingtalkUser.Position
+	case "job_number":
+		return dingtalkUser.JobNumber
+	case "active":
+		// Invert the boolean because active=true means NOT forbidden
+		return util.BoolToString(!dingtalkUser.Active)
+	default:
+		return ""
+	}
+}
+
 // dingtalkUserToOriginalUser converts DingTalk user to Casdoor OriginalUser
 func (p *DingtalkSyncerProvider) dingtalkUserToOriginalUser(dingtalkUser *DingtalkUser) *OriginalUser {
-	// Use unionid as name to be consistent with OAuth provider
-	// Fallback to userId if unionid is not available
-	userName := dingtalkUser.UserId
-	if dingtalkUser.UnionId != "" {
-		userName = dingtalkUser.UnionId
+	user := &OriginalUser{
+		Address:    []string{},
+		Properties: map[string]string{},
+		Groups:     []string{},
+		DingTalk:   dingtalkUser.UserId, // Link DingTalk provider account
 	}
 
-	user := &OriginalUser{
-		Id:          dingtalkUser.UserId,
-		Name:        userName,
-		DisplayName: dingtalkUser.Name,
-		Email:       dingtalkUser.Email,
-		Phone:       dingtalkUser.Mobile,
-		Avatar:      dingtalkUser.Avatar,
-		Title:       dingtalkUser.Position,
-		Address:     []string{},
-		Properties:  map[string]string{},
-		Groups:      []string{},
-		DingTalk:    dingtalkUser.UserId, // Link DingTalk provider account
+	// Apply TableColumns mapping if configured
+	if len(p.Syncer.TableColumns) > 0 {
+		for _, tableColumn := range p.Syncer.TableColumns {
+			value := p.getDingtalkUserFieldValue(dingtalkUser, tableColumn.Name)
+			p.Syncer.setUserByKeyValue(user, tableColumn.CasdoorName, value)
+		}
+	} else {
+		// Fallback to default mapping for backward compatibility
+		user.Id = dingtalkUser.UserId
+		user.Name = dingtalkUser.UserId
+		if dingtalkUser.UnionId != "" {
+			user.Name = dingtalkUser.UnionId
+		}
+		user.DisplayName = dingtalkUser.Name
+		user.Email = dingtalkUser.Email
+		user.Phone = dingtalkUser.Mobile
+		user.Avatar = dingtalkUser.Avatar
+		user.Title = dingtalkUser.Position
+		user.IsForbidden = !dingtalkUser.Active
 	}
 
 	// Add department IDs to Groups field
@@ -434,9 +468,6 @@ func (p *DingtalkSyncerProvider) dingtalkUserToOriginalUser(dingtalkUser *Dingta
 		user.Groups = append(user.Groups, fmt.Sprintf("%d", deptId))
 	}
 
-	// Set IsForbidden based on active status (active=false means user is forbidden)
-	user.IsForbidden = !dingtalkUser.Active
-
 	// Set CreatedTime to current time if not set
 	if user.CreatedTime == "" {
 		user.CreatedTime = util.GetCurrentTime()

object/token_jwt.go

@@ -660,6 +660,15 @@ func generateJwtToken(application *Application, user *User, provider string, sig
 	return tokenString, refreshTokenString, name, err
 }
 
+func ParseJwtTokenWithoutValidation(token string) (*jwt.Token, error) {
+	t, _, err := jwt.NewParser().ParseUnverified(token, &Claims{})
+	if err != nil {
+		return nil, err
+	}
+
+	return t, nil
+}
+
 func ParseJwtToken(token string, cert *Cert) (*Claims, error) {
 	t, err := jwt.ParseWithClaims(token, &Claims{}, func(token *jwt.Token) (interface{}, error) {
 		var (

object/token_oauth.go

@@ -19,6 +19,7 @@ import (
 	"encoding/base64"
 	"fmt"
 	"net/url"
+	"slices"
 	"strings"
 	"sync"
 	"time"
@@ -154,6 +155,10 @@ func CheckOAuthLogin(clientId string, responseType string, redirectUri string, s
 		return fmt.Sprintf(i18n.Translate(lang, "token:Redirect URI: %s doesn't exist in the allowed Redirect URI list"), redirectUri), application, nil
 	}
 
+	if !IsScopeValid(scope, application) {
+		return i18n.Translate(lang, "token:Invalid scope"), application, nil
+	}
+
 	// Mask application for /api/get-app-login
 	application.ClientSecret = ""
 	return "", application, nil
@@ -240,10 +245,33 @@ func GetOAuthCode(userId string, clientId string, provider string, signinMethod
 	}, nil
 }
 
-func GetOAuthToken(grantType string, clientId string, clientSecret string, code string, verifier string, scope string, nonce string, username string, password string, host string, refreshToken string, tag string, avatar string, lang string, subjectToken string, subjectTokenType string, audience string, resource string) (interface{}, error) {
-	application, err := GetApplicationByClientId(clientId)
-	if err != nil {
-		return nil, err
+func GetOAuthToken(grantType string, clientId string, clientSecret string, code string, verifier string, scope string, nonce string, username string, password string, host string, refreshToken string, tag string, avatar string, lang string, subjectToken string, subjectTokenType string, assertion string, clientAssertion string, clientAssertionType string, audience string, resource string) (interface{}, error) {
+	var (
+		application *Application
+		err         error
+		ok          bool
+	)
+
+	if clientAssertionType == "urn:ietf:params:oauth:client-assertion-type:jwt-bearer" {
+		ok, application, err = ValidateClientAssertion(clientAssertion, host)
+		if err != nil {
+			return nil, err
+		}
+
+		if !ok || application == nil {
+			return &TokenError{
+				Error:            InvalidClient,
+				ErrorDescription: "client_assertion is invalid",
+			}, nil
+		}
+
+		clientSecret = application.ClientSecret
+		clientId = application.ClientId
+	} else {
+		application, err = GetApplicationByClientId(clientId)
+		if err != nil {
+			return nil, err
+		}
 	}
 
 	if application == nil {
@@ -273,12 +301,14 @@ func GetOAuthToken(grantType string, clientId string, clientSecret string, code
 		token, tokenError, err = GetClientCredentialsToken(application, clientSecret, scope, host)
 	case "token", "id_token": // Implicit Grant
 		token, tokenError, err = GetImplicitToken(application, username, scope, nonce, host)
+	case "urn:ietf:params:oauth:grant-type:jwt-bearer":
+		token, tokenError, err = GetJwtBearerToken(application, assertion, scope, nonce, host)
 	case "urn:ietf:params:oauth:grant-type:device_code":
 		token, tokenError, err = GetImplicitToken(application, username, scope, nonce, host)
 	case "urn:ietf:params:oauth:grant-type:token-exchange": // Token Exchange Grant (RFC 8693)
 		token, tokenError, err = GetTokenExchangeToken(application, clientSecret, subjectToken, subjectTokenType, audience, scope, host)
 	case "refresh_token":
-		refreshToken2, err := RefreshToken(grantType, refreshToken, scope, clientId, clientSecret, host)
+		refreshToken2, err := RefreshToken(application, grantType, refreshToken, scope, clientId, clientSecret, host)
 		if err != nil {
 			return nil, err
 		}
@@ -320,7 +350,7 @@ func GetOAuthToken(grantType string, clientId string, clientSecret string, code
 	return tokenWrapper, nil
 }
 
-func RefreshToken(grantType string, refreshToken string, scope string, clientId string, clientSecret string, host string) (interface{}, error) {
+func RefreshToken(application *Application, grantType string, refreshToken string, scope string, clientId string, clientSecret string, host string) (interface{}, error) {
 	// check parameters
 	if grantType != "refresh_token" {
 		return &TokenError{
@@ -328,16 +358,20 @@ func RefreshToken(grantType string, refreshToken string, scope string, clientId
 			ErrorDescription: "grant_type should be refresh_token",
 		}, nil
 	}
-	application, err := GetApplicationByClientId(clientId)
-	if err != nil {
-		return nil, err
-	}
 
+	var err error
 	if application == nil {
-		return &TokenError{
-			Error:            InvalidClient,
-			ErrorDescription: "client_id is invalid",
-		}, nil
+		application, err = GetApplicationByClientId(clientId)
+		if err != nil {
+			return nil, err
+		}
+
+		if application == nil {
+			return &TokenError{
+				Error:            InvalidClient,
+				ErrorDescription: "client_id is invalid",
+			}, nil
+		}
 	}
 
 	if clientSecret != "" && application.ClientSecret != clientSecret {
@@ -486,6 +520,28 @@ func IsGrantTypeValid(method string, grantTypes []string) bool {
 	return false
 }
 
+// IsScopeValid checks whether all space-separated scopes in the scope string
+// are defined in the application's Scopes list.
+// If the application has no defined scopes, every scope is considered valid
+// (backward-compatible behaviour).
+func IsScopeValid(scope string, application *Application) bool {
+	if len(application.Scopes) == 0 || scope == "" {
+		return true
+	}
+
+	allowed := make(map[string]bool, len(application.Scopes))
+	for _, s := range application.Scopes {
+		allowed[s.Name] = true
+	}
+
+	for _, s := range strings.Fields(scope) {
+		if !allowed[s] {
+			return false
+		}
+	}
+	return true
+}
+
 // createGuestUserToken creates a new guest user and returns a token for them
 func createGuestUserToken(application *Application, clientSecret string, verifier string) (*Token, *TokenError, error) {
 	// Verify client secret if provided
@@ -526,12 +582,19 @@ func createGuestUserToken(application *Application, clientSecret string, verifie
 		}, nil
 	}
 
+	// Generate a unique user ID within the confines of the application
+	newUserId, idErr := GenerateIdForNewUser(application)
+	if idErr != nil {
+		// If we fail to generate a unique user ID, we can fallback to a random ID
+		newUserId = util.GenerateId()
+	}
+
 	// Create the guest user
 	guestUser := &User{
 		Owner:             application.Organization,
 		Name:              guestUsername,
 		CreatedTime:       util.GetCurrentTime(),
-		Id:                util.GenerateId(),
+		Id:                newUserId,
 		Type:              "normal-user",
 		Password:          guestPassword,
 		Tag:               "guest-user",
@@ -715,6 +778,13 @@ func GetAuthorizationCodeToken(application *Application, clientSecret string, co
 // GetPasswordToken
 // Resource Owner Password Credentials flow
 func GetPasswordToken(application *Application, username string, password string, scope string, host string) (*Token, *TokenError, error) {
+	if !IsScopeValid(scope, application) {
+		return nil, &TokenError{
+			Error:            InvalidScope,
+			ErrorDescription: "the requested scope is invalid or not defined in the application",
+		}, nil
+	}
+
 	user, err := GetUserByFields(application.Organization, username)
 	if err != nil {
 		return nil, nil, err
@@ -796,6 +866,12 @@ func GetClientCredentialsToken(application *Application, clientSecret string, sc
 			ErrorDescription: "client_secret is invalid",
 		}, nil
 	}
+	if !IsScopeValid(scope, application) {
+		return nil, &TokenError{
+			Error:            InvalidScope,
+			ErrorDescription: "the requested scope is invalid or not defined in the application",
+		}, nil
+	}
 	nullUser := &User{
 		Owner: application.Owner,
 		Id:    application.GetId(),
@@ -835,6 +911,13 @@ func GetClientCredentialsToken(application *Application, clientSecret string, sc
 // GetImplicitToken
 // Implicit flow
 func GetImplicitToken(application *Application, username string, scope string, nonce string, host string) (*Token, *TokenError, error) {
+	if !IsScopeValid(scope, application) {
+		return nil, &TokenError{
+			Error:            InvalidScope,
+			ErrorDescription: "the requested scope is invalid or not defined in the application",
+		}, nil
+	}
+
 	user, err := GetUserByFields(application.Organization, username)
 	if err != nil {
 		return nil, nil, err
@@ -859,6 +942,84 @@ func GetImplicitToken(application *Application, username string, scope string, n
 	return token, nil, nil
 }
 
+// GetJwtBearerToken
+// RFC 7523
+func GetJwtBearerToken(application *Application, assertion string, scope string, nonce string, host string) (*Token, *TokenError, error) {
+	ok, claims, err := ValidateJwtAssertion(assertion, application, host)
+	if err != nil || !ok {
+		if err != nil {
+			return nil, &TokenError{
+				Error:            InvalidGrant,
+				ErrorDescription: err.Error(),
+			}, err
+		}
+
+		return nil, &TokenError{
+			Error:            InvalidGrant,
+			ErrorDescription: fmt.Sprintf("assertion (JWT) is invalid for application: [%s]", application.GetId()),
+		}, nil
+	}
+
+	return GetImplicitToken(application, claims.Subject, scope, nonce, host)
+}
+
+func ValidateJwtAssertion(clientAssertion string, application *Application, host string) (bool, *Claims, error) {
+	_, originBackend := getOriginFromHost(host)
+
+	clientCert, err := getCert(application.Owner, application.ClientCert)
+	if err != nil {
+		return false, nil, err
+	}
+	if clientCert == nil {
+		return false, nil, fmt.Errorf("client certificate is not configured for application: [%s]", application.GetId())
+	}
+
+	claims, err := ParseJwtToken(clientAssertion, clientCert)
+	if err != nil {
+		return false, nil, err
+	}
+
+	if !slices.Contains(application.RedirectUris, claims.Issuer) {
+		return false, nil, nil
+	}
+
+	if !slices.Contains(claims.Audience, fmt.Sprintf("%s/api/login/oauth/access_token", originBackend)) {
+		return false, nil, nil
+	}
+
+	return true, claims, nil
+}
+
+func ValidateClientAssertion(clientAssertion string, host string) (bool, *Application, error) {
+	token, err := ParseJwtTokenWithoutValidation(clientAssertion)
+	if err != nil {
+		return false, nil, err
+	}
+
+	clientId, err := token.Claims.GetSubject()
+	if err != nil {
+		return false, nil, err
+	}
+
+	application, err := GetApplicationByClientId(clientId)
+	if err != nil {
+		return false, nil, err
+	}
+	if application == nil {
+		return false, nil, fmt.Errorf("application not found for client: [%s]", clientId)
+	}
+
+	ok, _, err := ValidateJwtAssertion(clientAssertion, application, host)
+	if err != nil {
+		return false, application, err
+	}
+	if !ok {
+		return false, application, nil
+	}
+
+	return true, application, nil
+}
+
 // GetTokenByUser
 // Implicit flow
 func GetTokenByUser(application *Application, user *User, scope string, nonce string, host string) (*Token, error) {
@@ -946,9 +1107,16 @@ func GetWechatMiniProgramToken(application *Application, code string, host strin
 			name = fmt.Sprintf("wechat-%s", openId)
 		}
 
+		// Generate a unique user ID within the confines of the application
+		newUserId, idErr := GenerateIdForNewUser(application)
+		if idErr != nil {
+			// If we fail to generate a unique user ID, we can fallback to a random ID
+			newUserId = util.GenerateId()
+		}
+
 		user = &User{
 			Owner:             application.Organization,
-			Id:                util.GenerateId(),
+			Id:                newUserId,
 			Name:              name,
 			Avatar:            avatar,
 			SignupApplication: application.Name,

object/user.go

@@ -180,6 +180,7 @@ type User struct {
 	Spotify         string `xorm:"spotify varchar(100)" json:"spotify"`
 	Strava          string `xorm:"strava varchar(100)" json:"strava"`
 	Stripe          string `xorm:"stripe varchar(100)" json:"stripe"`
+	Telegram        string `xorm:"telegram varchar(100)" json:"telegram"`
 	TikTok          string `xorm:"tiktok varchar(100)" json:"tiktok"`
 	Tumblr          string `xorm:"tumblr varchar(100)" json:"tumblr"`
 	Twitch          string `xorm:"twitch varchar(100)" json:"twitch"`
@@ -241,6 +242,7 @@ type User struct {
 	MfaRememberDeadline string           `xorm:"varchar(100)" json:"mfaRememberDeadline"`
 	NeedUpdatePassword  bool             `json:"needUpdatePassword"`
 	IpWhitelist         string           `xorm:"varchar(200)" json:"ipWhitelist"`
+	ApplicationScopes   []ConsentRecord  `xorm:"mediumtext" json:"applicationScopes"`
 }
 
 type Userinfo struct {
@@ -860,17 +862,17 @@ func UpdateUser(id string, user *User, columns []string, isAdmin bool) (bool, er
 	if len(columns) == 0 {
 		columns = []string{
 			"owner", "display_name", "avatar", "first_name", "last_name",
-			"location", "address", "country_code", "region", "language", "affiliation", "title", "id_card_type", "id_card", "homepage", "bio", "tag", "language", "gender", "birthday", "education", "score", "karma", "ranking", "signup_application",
-			"is_admin", "is_forbidden", "is_deleted", "hash", "is_default_avatar", "properties", "webauthnCredentials", "managedAccounts", "face_ids", "mfaAccounts",
-			"signin_wrong_times", "last_change_password_time", "last_signin_wrong_time", "groups", "access_key", "access_secret", "mfa_phone_enabled", "mfa_email_enabled", "email_verified",
+			"location", "address", "addresses", "country_code", "region", "language", "affiliation", "title", "id_card_type", "id_card", "homepage", "bio", "tag", "language", "gender", "birthday", "education", "score", "karma", "ranking", "signup_application", "register_type", "register_source",
+			"is_admin", "is_forbidden", "is_deleted", "hash", "is_default_avatar", "properties", "webauthnCredentials", "mfa_items", "last_change_password_time", "managedAccounts", "face_ids", "mfaAccounts",
+			"signin_wrong_times", "last_signin_wrong_time", "groups", "access_key", "access_secret", "mfa_phone_enabled", "mfa_email_enabled", "email_verified",
 			"github", "google", "qq", "wechat", "facebook", "dingtalk", "weibo", "gitee", "linkedin", "wecom", "lark", "gitlab", "adfs",
 			"baidu", "alipay", "casdoor", "infoflow", "apple", "azuread", "azureadb2c", "slack", "steam", "bilibili", "okta", "douyin", "kwai", "line", "amazon",
 			"auth0", "battlenet", "bitbucket", "box", "cloudfoundry", "dailymotion", "deezer", "digitalocean", "discord", "dropbox",
 			"eveonline", "fitbit", "gitea", "heroku", "influxcloud", "instagram", "intercom", "kakao", "lastfm", "mailru", "meetup",
 			"microsoftonline", "naver", "nextcloud", "onedrive", "oura", "patreon", "paypal", "salesforce", "shopify", "soundcloud",
-			"spotify", "strava", "stripe", "type", "tiktok", "tumblr", "twitch", "twitter", "typetalk", "uber", "vk", "wepay", "xero", "yahoo",
-			"yammer", "yandex", "zoom", "custom", "need_update_password", "ip_whitelist", "mfa_items", "mfa_remember_deadline",
-			"cart",
+			"spotify", "strava", "stripe", "type", "telegram", "tiktok", "tumblr", "twitch", "twitter", "typetalk", "uber", "vk", "wepay", "xero", "yahoo",
+			"yammer", "yandex", "zoom", "custom", "need_update_password", "ip_whitelist", "mfa_remember_deadline",
+			"cart", "application_scopes",
 		}
 	}
 	if isAdmin {
@@ -954,6 +956,13 @@ func UpdateUserForAllFields(id string, user *User) (bool, error) {
 
 	user.UpdatedTime = util.GetCurrentTime()
 
+	if len(user.Groups) > 0 {
+		_, err = userEnforcer.UpdateGroupsForUser(user.GetId(), user.Groups)
+		if err != nil {
+			return false, err
+		}
+	}
+
 	affected, err := ormer.Engine.ID(core.PK{owner, name}).AllCols().Update(user)
 	if err != nil {
 		return false, err

object/user_scope.go

@@ -0,0 +1,119 @@
+// Copyright 2026 The Casdoor Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package object
+
+import (
+	"fmt"
+	"strings"
+
+	"github.com/casdoor/casdoor/i18n"
+)
+
+// ConsentRecord represents the data for OAuth consent API requests/responses
+type ConsentRecord struct {
+	// owner/name
+	Application   string   `json:"application"`
+	GrantedScopes []string `json:"grantedScopes"`
+}
+
+// ScopeDescription represents a human-readable description of an OAuth scope
+type ScopeDescription struct {
+	Scope       string `json:"scope"`
+	DisplayName string `json:"displayName"`
+	Description string `json:"description"`
+}
+
+// parseScopes converts a space-separated scope string to a slice
+func parseScopes(scopeStr string) []string {
+	if scopeStr == "" {
+		return []string{}
+	}
+	scopes := strings.Split(scopeStr, " ")
+	var result []string
+	for _, scope := range scopes {
+		trimmed := strings.TrimSpace(scope)
+		if trimmed != "" {
+			result = append(result, trimmed)
+		}
+	}
+	return result
+}
+
+// CheckConsentRequired checks if user consent is required for the OAuth flow
+func CheckConsentRequired(userObj *User, application *Application, scopeStr string) (bool, error) {
+	// Skip consent when no custom scopes are configured
+	if len(application.CustomScopes) == 0 {
+		return false, nil
+	}
+
+	// Once policy: check if consent already granted
+	requestedScopes := parseScopes(scopeStr)
+	appId := application.GetId()
+
+	// Filter requestedScopes to only include scopes defined in application.CustomScopes
+	customScopesMap := make(map[string]bool)
+	for _, customScope := range application.CustomScopes {
+		if customScope.Scope != "" {
+			customScopesMap[customScope.Scope] = true
+		}
+	}
+
+	validRequestedScopes := []string{}
+	for _, scope := range requestedScopes {
+		if customScopesMap[scope] {
+			validRequestedScopes = append(validRequestedScopes, scope)
+		}
+	}
+
+	// If no valid requested scopes, no consent required
+	if len(validRequestedScopes) == 0 {
+		return false, nil
+	}
+
+	for _, record := range userObj.ApplicationScopes {
+		if record.Application == appId {
+			// Check if grantedScopes contains all validRequestedScopes
+			grantedMap := make(map[string]bool)
+			for _, scope := range record.GrantedScopes {
+				grantedMap[scope] = true
+			}
+
+			allGranted := true
+			for _, scope := range validRequestedScopes {
+				if !grantedMap[scope] {
+					allGranted = false
+					break
+				}
+			}
+
+			if allGranted {
+				// Consent already granted for all valid requested scopes
+				return false, nil
+			}
+		}
+	}
+
+	// Consent required
+	return true, nil
+}
+
+func validateCustomScopes(customScopes []*ScopeDescription, lang string) error {
+	for _, scope := range customScopes {
+		if scope == nil || strings.TrimSpace(scope.Scope) == "" {
+			return fmt.Errorf("%s: custom scope name", i18n.Translate(lang, "general:Missing parameter"))
+		}
+	}
+	return nil
+}

pp/dummy.go

@@ -39,7 +39,7 @@ func (pp *DummyPaymentProvider) Pay(r *PayReq) (*PayResp, error) {
 	orderInfo := DummyOrderInfo{
 		Price:              r.Price,
 		Currency:           r.Currency,
-		ProductDisplayName: r.ProductDisplayName,
+		ProductDisplayName: "",
 	}
 	orderInfoBytes, err := json.Marshal(orderInfo)
 	if err != nil {

routers/router.go

@@ -132,6 +132,7 @@ func InitAPI() {
 	web.Router("/api/update-cert", &controllers.ApiController{}, "POST:UpdateCert")
 	web.Router("/api/add-cert", &controllers.ApiController{}, "POST:AddCert")
 	web.Router("/api/delete-cert", &controllers.ApiController{}, "POST:DeleteCert")
+	web.Router("/api/update-cert-domain-expire", &controllers.ApiController{}, "POST:UpdateCertDomainExpire")
 
 	web.Router("/api/get-roles", &controllers.ApiController{}, "GET:GetRoles")
 	web.Router("/api/get-role", &controllers.ApiController{}, "GET:GetRole")
@@ -319,6 +320,9 @@ func InitAPI() {
 	web.Router("/api/delete-mfa", &controllers.ApiController{}, "POST:DeleteMfa")
 	web.Router("/api/set-preferred-mfa", &controllers.ApiController{}, "POST:SetPreferredMfa")
 
+	web.Router("/api/grant-consent", &controllers.ApiController{}, "POST:GrantConsent")
+	web.Router("/api/revoke-consent", &controllers.ApiController{}, "POST:RevokeConsent")
+
 	web.Router("/.well-known/openid-configuration", &controllers.RootController{}, "GET:GetOidcDiscovery")
 	web.Router("/.well-known/:application/openid-configuration", &controllers.RootController{}, "GET:GetOidcDiscoveryByApplication")
 	web.Router("/.well-known/oauth-authorization-server", &controllers.RootController{}, "GET:GetOAuthServerMetadata")

routers/static_filter.go

@@ -89,6 +89,23 @@ func fastAutoSignin(ctx *context.Context) (string, error) {
 		return "", nil
 	}
 
+	user, err := object.GetUser(userId)
+	if err != nil {
+		return "", err
+	}
+	if user == nil {
+		return "", nil
+	}
+
+	consentRequired, err := object.CheckConsentRequired(user, application, scope)
+	if err != nil {
+		return "", err
+	}
+
+	if consentRequired {
+		return "", nil
+	}
+
 	code, err := object.GetOAuthCode(userId, clientId, "", "autoSignin", responseType, redirectUri, scope, state, nonce, codeChallenge, "", ctx.Request.Host, getAcceptLanguage(ctx))
 	if err != nil {
 		return "", err

util/cert.go

@@ -0,0 +1,50 @@
+// Copyright 2026 The Casdoor Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package util
+
+import (
+	"crypto/x509"
+	"encoding/pem"
+	"errors"
+	"fmt"
+	"time"
+
+	"golang.org/x/net/publicsuffix"
+)
+
+func GetCertExpireTime(s string) (string, error) {
+	block, _ := pem.Decode([]byte(s))
+	if block == nil {
+		return "", errors.New("getCertExpireTime() error, block should not be nil")
+	} else if block.Type != "CERTIFICATE" {
+		return "", fmt.Errorf("getCertExpireTime() error, block.Type should be \"CERTIFICATE\" instead of %s", block.Type)
+	}
+
+	certificate, err := x509.ParseCertificate(block.Bytes)
+	if err != nil {
+		return "", err
+	}
+
+	t := certificate.NotAfter
+	return t.Local().Format(time.RFC3339), nil
+}
+
+func GetBaseDomain(domain string) (string, error) {
+	// abc.com -> abc.com
+	// abc.com.it -> abc.com.it
+	// subdomain.abc.io -> abc.io
+	// subdomain.abc.org.us -> abc.org.us
+	return publicsuffix.EffectiveTLDPlusOne(domain)
+}

util/network.go

@@ -16,8 +16,18 @@ package util
 
 import (
 	"net"
+	"os"
 )
 
+func GetHostname() string {
+	name, err := os.Hostname()
+	if err != nil {
+		panic(err)
+	}
+
+	return name
+}
+
 func IsInternetIp(ip string) bool {
 	ipStr, _, err := net.SplitHostPort(ip)
 	if err != nil {

web/src/AdapterEditPage.js

@@ -158,7 +158,7 @@ class AdapterEditPage extends React.Component {
             <React.Fragment>
               <Row style={{marginTop: "20px"}} >
                 <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
-                  {Setting.getLabel(i18next.t("general:Type"), i18next.t("cert:Type - Tooltip"))} :
+                  {Setting.getLabel(i18next.t("general:Type"), i18next.t("general:Type - Tooltip"))} :
                 </Col>
                 <Col span={22} >
                   <Select virtual={false} disabled={Setting.builtInObject(this.state.adapter)} style={{width: "100%"}} value={this.state.adapter.type} onChange={(value => {

web/src/App.js

@@ -487,7 +487,7 @@ class App extends Component {
               : (
                 Conf.CustomFooter !== null ? Conf.CustomFooter : (
                   <React.Fragment>
-                  Powered by <a target="_blank" href="https://casdoor.org" rel="noreferrer"><img style={{paddingBottom: "3px"}} height={"20px"} alt={"Casdoor"} src={logo} /></a>
+                    Powered by <a target="_blank" href="https://casdoor.org" rel="noreferrer"><img style={{paddingBottom: "3px"}} height={"20px"} alt={"Casdoor"} src={logo} /></a>
                   </React.Fragment>
                 )
               )
@@ -539,15 +539,16 @@ class App extends Component {
 
   isEntryPages() {
     return window.location.pathname.startsWith("/signup") ||
-        window.location.pathname.startsWith("/login") ||
-        window.location.pathname.startsWith("/forget") ||
-        window.location.pathname.startsWith("/prompt") ||
-        window.location.pathname.startsWith("/result") ||
-        window.location.pathname.startsWith("/cas") ||
-        window.location.pathname.startsWith("/select-plan") ||
-        window.location.pathname.startsWith("/buy-plan") ||
-        window.location.pathname.startsWith("/qrcode") ||
-        window.location.pathname.startsWith("/captcha");
+      window.location.pathname.startsWith("/login") ||
+      window.location.pathname.startsWith("/forget") ||
+      window.location.pathname.startsWith("/prompt") ||
+      window.location.pathname.startsWith("/result") ||
+      window.location.pathname.startsWith("/cas") ||
+      window.location.pathname.startsWith("/select-plan") ||
+      window.location.pathname.startsWith("/buy-plan") ||
+      window.location.pathname.startsWith("/qrcode") ||
+      window.location.pathname.startsWith("/consent") ||
+      window.location.pathname.startsWith("/captcha");
   }
 
   onClick = ({key}) => {
@@ -656,7 +657,7 @@ class App extends Component {
                 menuVisible={this.state.menuVisible}
                 logo={this.state.logo}
                 onChangeTheme={this.setTheme}
-                onClick = {this.onClick}
+                onClick={this.onClick}
                 onfinish={() => {
                   this.setState({requiredEnableMfa: false});
                 }}

web/src/ApplicationEditPage.js

@@ -248,6 +248,33 @@ class ApplicationEditPage extends React.Component {
     return value;
   }
 
+  trimCustomScopes(customScopes) {
+    if (!Array.isArray(customScopes)) {
+      return [];
+    }
+    return customScopes.map((item) => {
+      const scope = (item?.scope || "").trim();
+      const displayName = (item?.displayName || "").trim();
+      const description = (item?.description || "").trim();
+      return {
+        ...item,
+        scope: scope,
+        displayName: displayName,
+        description: description,
+      };
+    });
+  }
+
+  validateCustomScopes(customScopes) {
+    const trimmed = this.trimCustomScopes(customScopes);
+    for (const item of trimmed) {
+      if (!item || !item.scope || item.scope === "") {
+        return {ok: false, scopes: trimmed};
+      }
+    }
+    return {ok: true, scopes: trimmed};
+  }
+
   updateApplicationField(key, value) {
     value = this.parseApplicationField(key, value);
     const application = this.state.application;
@@ -506,157 +533,6 @@ class ApplicationEditPage extends React.Component {
       )}
       {this.state.activeMenuKey === "authentication" && (
         <React.Fragment>
-          <Row style={{marginTop: "10px"}} >
-            <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 3}>
-              {Setting.getLabel(i18next.t("provider:Client ID"), i18next.t("provider:Client ID - Tooltip"))} :
-            </Col>
-            <Col span={21} >
-              <Input value={this.state.application.clientId} onChange={e => {
-                this.updateApplicationField("clientId", e.target.value);
-              }} />
-            </Col>
-          </Row>
-          <Row style={{marginTop: "10px"}} >
-            <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 3}>
-              {Setting.getLabel(i18next.t("provider:Client secret"), i18next.t("provider:Client secret - Tooltip"))} :
-            </Col>
-            <Col span={21} >
-              <Input value={this.state.application.clientSecret} onChange={e => {
-                this.updateApplicationField("clientSecret", e.target.value);
-              }} />
-            </Col>
-          </Row>
-          <Row style={{marginTop: "20px"}} >
-            <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 3}>
-              {Setting.getLabel(i18next.t("application:Redirect URLs"), i18next.t("application:Redirect URLs - Tooltip"))} :
-            </Col>
-            <Col span={21} >
-              <UrlTable
-                title={i18next.t("application:Redirect URLs")}
-                table={this.state.application.redirectUris}
-                onUpdateTable={(value) => {this.updateApplicationField("redirectUris", value);}}
-              />
-            </Col>
-          </Row>
-          <Row style={{marginTop: "20px"}} >
-            <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 3}>
-              {Setting.getLabel(i18next.t("application:Forced redirect origin"), i18next.t("general:Forced redirect origin - Tooltip"))} :
-            </Col>
-            <Col span={21} >
-              <Input prefix={<LinkOutlined />} value={this.state.application.forcedRedirectOrigin} onChange={e => {
-                this.updateApplicationField("forcedRedirectOrigin", e.target.value);
-              }} />
-            </Col>
-          </Row>
-          <Row style={{marginTop: "20px"}} >
-            <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 3}>
-              {Setting.getLabel(i18next.t("application:Grant types"), i18next.t("application:Grant types - Tooltip"))} :
-            </Col>
-            <Col span={21} >
-              <Select virtual={false} mode="multiple" style={{width: "100%"}}
-                value={this.state.application.grantTypes}
-                onChange={(value => {
-                  this.updateApplicationField("grantTypes", value);
-                })} >
-                {
-                  [
-                    {id: "authorization_code", name: "Authorization Code"},
-                    {id: "password", name: "Password"},
-                    {id: "client_credentials", name: "Client Credentials"},
-                    {id: "token", name: "Token"},
-                    {id: "id_token", name: "ID Token"},
-                    {id: "refresh_token", name: "Refresh Token"},
-                    {id: "urn:ietf:params:oauth:grant-type:device_code", name: "Device Code"},
-                  ].map((item, index) => <Option key={index} value={item.id}>{item.name}</Option>)
-                }
-              </Select>
-            </Col>
-          </Row>
-          {
-            (this.state.application.category === "Agent") ? (
-              <Row style={{marginTop: "20px"}} >
-                <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 3}>
-                  {Setting.getLabel(i18next.t("general:Scopes"), i18next.t("general:Scopes - Tooltip"))} :
-                </Col>
-                <Col span={21} >
-                  <ScopeTable
-                    title={i18next.t("general:Scopes")}
-                    table={this.state.application.scopes}
-                    onUpdateTable={(value) => {this.updateApplicationField("scopes", value);}}
-                  />
-                </Col>
-              </Row>
-            ) : null
-          }
-          <Row style={{marginTop: "20px"}} >
-            <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 3}>
-              {Setting.getLabel(i18next.t("application:Token format"), i18next.t("application:Token format - Tooltip"))} :
-            </Col>
-            <Col span={21} >
-              <Select virtual={false} style={{width: "100%"}} value={this.state.application.tokenFormat} onChange={(value => {this.updateApplicationField("tokenFormat", value);})}
-                options={["JWT", "JWT-Empty", "JWT-Custom", "JWT-Standard"].map((item) => Setting.getOption(item, item))}
-              />
-            </Col>
-          </Row>
-          <Row style={{marginTop: "20px"}} >
-            <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 3}>
-              {Setting.getLabel(i18next.t("application:Token signing method"), i18next.t("application:Token signing method - Tooltip"))} :
-            </Col>
-            <Col span={21} >
-              <Select virtual={false} style={{width: "100%"}} value={this.state.application.tokenSigningMethod === "" ? "RS256" : this.state.application.tokenSigningMethod} onChange={(value => {this.updateApplicationField("tokenSigningMethod", value);})}
-                options={["RS256", "RS512", "ES256", "ES512", "ES384"].map((item) => Setting.getOption(item, item))}
-              />
-            </Col>
-          </Row>
-          <Row style={{marginTop: "20px"}} >
-            <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 3}>
-              {Setting.getLabel(i18next.t("application:Token fields"), i18next.t("application:Token fields - Tooltip"))} :
-            </Col>
-            <Col span={21} >
-              <Select virtual={false} disabled={this.state.application.tokenFormat !== "JWT-Custom"} mode="tags" showSearch style={{width: "100%"}} value={this.state.application.tokenFields} onChange={(value => {this.updateApplicationField("tokenFields", value);})}>
-                <Option key={"signinMethod"} value={"signinMethod"}>{"SigninMethod"}</Option>
-                <Option key={"provider"} value={"provider"}>{"Provider"}</Option>
-                {
-                  [...Setting.getUserCommonFields(), "permissionNames"].map((item, index) => <Option key={index} value={item}>{item}</Option>)
-                }
-              </Select>
-            </Col>
-          </Row>
-          {
-            this.state.application.tokenFormat === "JWT-Custom" ? (<Row style={{marginTop: "20px"}} >
-              <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
-                {Setting.getLabel(i18next.t("general:Token attributes"), i18next.t("general:Token attributes - Tooltip"))} :
-              </Col>
-              <Col span={22} >
-                <TokenAttributeTable
-                  title={i18next.t("general:Token attributes")}
-                  table={this.state.application.tokenAttributes}
-                  application={this.state.application}
-                  onUpdateTable={(value) => {this.updateApplicationField("tokenAttributes", value);}}
-                />
-              </Col>
-            </Row>) : null
-          }
-          <Row style={{marginTop: "20px"}} >
-            <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 3}>
-              {Setting.getLabel(i18next.t("application:Token expire"), i18next.t("application:Token expire - Tooltip"))} :
-            </Col>
-            <Col span={21} >
-              <InputNumber style={{width: "150px"}} value={this.state.application.expireInHours} min={0.01} step={1} precision={2} addonAfter="Hours" onChange={value => {
-                this.updateApplicationField("expireInHours", value);
-              }} />
-            </Col>
-          </Row>
-          <Row style={{marginTop: "20px"}} >
-            <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 3}>
-              {Setting.getLabel(i18next.t("application:Refresh token expire"), i18next.t("application:Refresh token expire - Tooltip"))} :
-            </Col>
-            <Col span={21} >
-              <InputNumber style={{width: "150px"}} value={this.state.application.refreshExpireInHours} min={0.01} step={1} precision={2} addonAfter="Hours" onChange={value => {
-                this.updateApplicationField("refreshExpireInHours", value);
-              }} />
-            </Col>
-          </Row>
           <Row style={{marginTop: "20px"}} >
             <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 3}>
               {Setting.getLabel(i18next.t("application:Cookie expire"), i18next.t("application:Cookie expire - Tooltip"))} :
@@ -807,7 +683,167 @@ class ApplicationEditPage extends React.Component {
               }} />
             </Col>
           </Row>
+        </React.Fragment>
+      )}
+      {this.state.activeMenuKey === "oidc-oauth" && (
+        <React.Fragment>
+          <Row style={{marginTop: "10px"}} >
+            <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 3}>
+              {Setting.getLabel(i18next.t("provider:Client ID"), i18next.t("provider:Client ID - Tooltip"))} :
+            </Col>
+            <Col span={21} >
+              <Input value={this.state.application.clientId} onChange={e => {
+                this.updateApplicationField("clientId", e.target.value);
+              }} />
+            </Col>
+          </Row>
+          <Row style={{marginTop: "10px"}} >
+            <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 3}>
+              {Setting.getLabel(i18next.t("provider:Client secret"), i18next.t("provider:Client secret - Tooltip"))} :
+            </Col>
+            <Col span={21} >
+              <Input value={this.state.application.clientSecret} onChange={e => {
+                this.updateApplicationField("clientSecret", e.target.value);
+              }} />
+            </Col>
+          </Row>
           <Row style={{marginTop: "20px"}} >
+            <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 3}>
+              {Setting.getLabel(i18next.t("application:Redirect URLs"), i18next.t("application:Redirect URLs - Tooltip"))} :
+            </Col>
+            <Col span={21} >
+              <UrlTable
+                title={i18next.t("application:Redirect URLs")}
+                table={this.state.application.redirectUris}
+                onUpdateTable={(value) => {this.updateApplicationField("redirectUris", value);}}
+              />
+            </Col>
+          </Row>
+          <Row style={{marginTop: "20px"}} >
+            <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 3}>
+              {Setting.getLabel(i18next.t("application:Forced redirect origin"), i18next.t("general:Forced redirect origin - Tooltip"))} :
+            </Col>
+            <Col span={21} >
+              <Input prefix={<LinkOutlined />} value={this.state.application.forcedRedirectOrigin} onChange={e => {
+                this.updateApplicationField("forcedRedirectOrigin", e.target.value);
+              }} />
+            </Col>
+          </Row>
+          <Row style={{marginTop: "20px"}} >
+            <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 3}>
+              {Setting.getLabel(i18next.t("application:Grant types"), i18next.t("application:Grant types - Tooltip"))} :
+            </Col>
+            <Col span={21} >
+              <Select virtual={false} mode="multiple" style={{width: "100%"}}
+                value={this.state.application.grantTypes}
+                onChange={(value => {
+                  this.updateApplicationField("grantTypes", value);
+                })} >
+                {
+                  [
+                    {id: "authorization_code", name: "Authorization Code"},
+                    {id: "password", name: "Password"},
+                    {id: "client_credentials", name: "Client Credentials"},
+                    {id: "token", name: "Token"},
+                    {id: "id_token", name: "ID Token"},
+                    {id: "refresh_token", name: "Refresh Token"},
+                    {id: "urn:ietf:params:oauth:grant-type:device_code", name: "Device Code"},
+                    {id: "urn:ietf:params:oauth:grant-type:jwt-bearer", name: "JWT Bearer"},
+                  ].map((item, index) => <Option key={index} value={item.id}>{item.name}</Option>)
+                }
+              </Select>
+            </Col>
+          </Row>
+          {
+            (this.state.application.category === "Agent") ? (
+              <Row style={{marginTop: "20px"}} >
+                <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 3}>
+                  {Setting.getLabel(i18next.t("general:Scopes"), i18next.t("general:Scopes - Tooltip"))} :
+                </Col>
+                <Col span={21} >
+                  <ScopeTable
+                    title={i18next.t("general:Scopes")}
+                    table={this.state.application.scopes}
+                    onUpdateTable={(value) => {this.updateApplicationField("scopes", value);}}
+                  />
+                </Col>
+              </Row>
+            ) : null
+          }
+          <Row style={{marginTop: "20px"}} >
+            <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 3}>
+              {Setting.getLabel(i18next.t("application:Token format"), i18next.t("application:Token format - Tooltip"))} :
+            </Col>
+            <Col span={21} >
+              <Select virtual={false} style={{width: "100%"}} value={this.state.application.tokenFormat} onChange={(value => {this.updateApplicationField("tokenFormat", value);})}
+                options={["JWT", "JWT-Empty", "JWT-Custom", "JWT-Standard"].map((item) => Setting.getOption(item, item))}
+              />
+            </Col>
+          </Row>
+          <Row style={{marginTop: "20px"}} >
+            <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 3}>
+              {Setting.getLabel(i18next.t("application:Token signing method"), i18next.t("application:Token signing method - Tooltip"))} :
+            </Col>
+            <Col span={21} >
+              <Select virtual={false} style={{width: "100%"}} value={this.state.application.tokenSigningMethod === "" ? "RS256" : this.state.application.tokenSigningMethod} onChange={(value => {this.updateApplicationField("tokenSigningMethod", value);})}
+                options={["RS256", "RS512", "ES256", "ES512", "ES384"].map((item) => Setting.getOption(item, item))}
+              />
+            </Col>
+          </Row>
+          <Row style={{marginTop: "20px"}} >
+            <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 3}>
+              {Setting.getLabel(i18next.t("application:Token fields"), i18next.t("application:Token fields - Tooltip"))} :
+            </Col>
+            <Col span={21} >
+              <Select virtual={false} disabled={this.state.application.tokenFormat !== "JWT-Custom"} mode="tags" showSearch style={{width: "100%"}} value={this.state.application.tokenFields} onChange={(value => {this.updateApplicationField("tokenFields", value);})}>
+                <Option key={"signinMethod"} value={"signinMethod"}>{"SigninMethod"}</Option>
+                <Option key={"provider"} value={"provider"}>{"Provider"}</Option>
+                {
+                  [...Setting.getUserCommonFields(), "permissionNames"].map((item, index) => <Option key={index} value={item}>{item}</Option>)
+                }
+              </Select>
+            </Col>
+          </Row>
+          {
+            this.state.application.tokenFormat === "JWT-Custom" ? (<Row style={{marginTop: "20px"}} >
+              <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
+                {Setting.getLabel(i18next.t("general:Token attributes"), i18next.t("general:Token attributes - Tooltip"))} :
+              </Col>
+              <Col span={22} >
+                <TokenAttributeTable
+                  title={i18next.t("general:Token attributes")}
+                  table={this.state.application.tokenAttributes}
+                  application={this.state.application}
+                  onUpdateTable={(value) => {this.updateApplicationField("tokenAttributes", value);}}
+                />
+              </Col>
+            </Row>) : null
+          }
+          <Row style={{marginTop: "20px"}} >
+            <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 3}>
+              {Setting.getLabel(i18next.t("application:Token expire"), i18next.t("application:Token expire - Tooltip"))} :
+            </Col>
+            <Col span={21} >
+              <InputNumber style={{width: "150px"}} value={this.state.application.expireInHours} min={0.01} step={1} precision={2} addonAfter="Hours" onChange={value => {
+                this.updateApplicationField("expireInHours", value);
+              }} />
+            </Col>
+          </Row>
+          <Row style={{marginTop: "20px"}} >
+            <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 3}>
+              {Setting.getLabel(i18next.t("application:Refresh token expire"), i18next.t("application:Refresh token expire - Tooltip"))} :
+            </Col>
+            <Col span={21} >
+              <InputNumber style={{width: "150px"}} value={this.state.application.refreshExpireInHours} min={0.01} step={1} precision={2} addonAfter="Hours" onChange={value => {
+                this.updateApplicationField("refreshExpireInHours", value);
+              }} />
+            </Col>
+          </Row>
+        </React.Fragment>
+      )}
+      {this.state.activeMenuKey === "saml" && (
+        <React.Fragment>
+          <Row style={{marginTop: "10px"}} >
             <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 3}>
               {Setting.getLabel(i18next.t("application:SAML reply URL"), i18next.t("application:Redirect URL (Assertion Consumer Service POST Binding URL) - Tooltip"))} :
             </Col>
@@ -1308,7 +1344,7 @@ class ApplicationEditPage extends React.Component {
         <React.Fragment>
           <Row style={{marginTop: "20px"}} >
             <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 3}>
-              {Setting.getLabel(i18next.t("general:Cert"), i18next.t("general:Cert - Tooltip"))} :
+              {Setting.getLabel(i18next.t("application:Token cert"), i18next.t("application:Token cert - Tooltip"))} :
             </Col>
             <Col span={21} >
               <Select virtual={false} style={{width: "100%"}} value={this.state.application.cert} onChange={(value => {this.updateApplicationField("cert", value);})}>
@@ -1318,6 +1354,18 @@ class ApplicationEditPage extends React.Component {
               </Select>
             </Col>
           </Row>
+          <Row style={{marginTop: "20px"}} >
+            <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 3}>
+              {Setting.getLabel(i18next.t("application:Client cert"), i18next.t("application:Client cert - Tooltip"))} :
+            </Col>
+            <Col span={21} >
+              <Select virtual={false} style={{width: "100%"}} value={this.state.application.clientCert} onChange={(value => {this.updateApplicationField("clientCert", value);})}>
+                {
+                  this.state.certs.map((cert, index) => <Option key={index} value={cert.name}>{cert.name}</Option>)
+                }
+              </Select>
+            </Col>
+          </Row>
           <Row style={{marginTop: "20px"}} >
             <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 3}>
               {Setting.getLabel(i18next.t("application:Failed signin limit"), i18next.t("application:Failed signin limit - Tooltip"))} :
@@ -1353,7 +1401,7 @@ class ApplicationEditPage extends React.Component {
               {Setting.getLabel(i18next.t("general:IP whitelist"), i18next.t("general:IP whitelist - Tooltip"))} :
             </Col>
             <Col span={21} >
-              <Input placeholder = {this.state.application.organizationObj?.ipWhitelist} value={this.state.application.ipWhitelist} onChange={e => {
+              <Input placeholder={this.state.application.organizationObj?.ipWhitelist} value={this.state.application.ipWhitelist} onChange={e => {
                 this.updateApplicationField("ipWhitelist", e.target.value);
               }} />
             </Col>
@@ -1373,6 +1421,68 @@ class ApplicationEditPage extends React.Component {
             </Col>
           </Row>
         </React.Fragment>
+      )}
+      {this.state.activeMenuKey === "reverse-proxy" && (
+        <React.Fragment>
+          <Row style={{marginTop: "20px"}} >
+            <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 3}>
+              {Setting.getLabel(i18next.t("provider:Domain"), i18next.t("provider:Domain - Tooltip"))} :
+            </Col>
+            <Col span={21} >
+              <Input value={this.state.application.domain} placeholder="e.g., blog.example.com" onChange={e => {
+                this.updateApplicationField("domain", e.target.value);
+              }} />
+            </Col>
+          </Row>
+          <Row style={{marginTop: "20px"}} >
+            <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 3}>
+              {Setting.getLabel(i18next.t("application:Other domains"), i18next.t("application:Other domains - Tooltip"))} :
+            </Col>
+            <Col span={21} >
+              <UrlTable
+                title={i18next.t("application:Other domains")}
+                table={this.state.application.otherDomains}
+                onUpdateTable={(value) => {this.updateApplicationField("otherDomains", value);}}
+              />
+            </Col>
+          </Row>
+          <Row style={{marginTop: "20px"}} >
+            <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 3}>
+              {Setting.getLabel(i18next.t("application:Upstream host"), i18next.t("application:Upstream host - Tooltip"))} :
+            </Col>
+            <Col span={21} >
+              <Input value={this.state.application.upstreamHost} placeholder="e.g., localhost:8080 or 192.168.1.100:3000" onChange={e => {
+                this.updateApplicationField("upstreamHost", e.target.value);
+              }} />
+            </Col>
+          </Row>
+          <Row style={{marginTop: "20px"}} >
+            <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 3}>
+              {Setting.getLabel(i18next.t("provider:SSL mode"), i18next.t("provider:SSL mode - Tooltip"))} :
+            </Col>
+            <Col span={21} >
+              <Select virtual={false} style={{width: "100%"}} value={this.state.application.sslMode} onChange={(value => {this.updateApplicationField("sslMode", value);})}>
+                <Option value="">{i18next.t("general:None")}</Option>
+                <Option value="HTTP">HTTP</Option>
+                <Option value="HTTPS and HTTP">HTTPS and HTTP</Option>
+                <Option value="HTTPS Only">HTTPS Only</Option>
+              </Select>
+            </Col>
+          </Row>
+          <Row style={{marginTop: "20px"}} >
+            <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 3}>
+              {Setting.getLabel(i18next.t("application:SSL cert"), i18next.t("application:SSL cert - Tooltip"))} :
+            </Col>
+            <Col span={21} >
+              <Select virtual={false} style={{width: "100%"}} value={this.state.application.sslCert} onChange={(value => {this.updateApplicationField("sslCert", value);})}>
+                <Option value="">{i18next.t("general:None")}</Option>
+                {
+                  this.state.certs.map((cert, index) => <Option key={index} value={cert.name}>{cert.name}</Option>)
+                }
+              </Select>
+            </Col>
+          </Row>
+        </React.Fragment>
       )}</>;
   }
 
@@ -1390,7 +1500,7 @@ class ApplicationEditPage extends React.Component {
         <Layout style={{background: "inherit", height: "100%", overflow: "auto"}}>
           {
             this.state.menuMode === "horizontal" || !this.state.menuMode ? (
-              <Header style={{background: "inherit", padding: "0px", position: "sticky", top: 0}}>
+              <Header style={{background: "inherit", padding: "0px", position: "sticky", top: 0, height: 38, minHeight: 38}}>
                 <div className="demo-logo" />
                 <Tabs
                   onChange={(key) => {
@@ -1399,12 +1509,16 @@ class ApplicationEditPage extends React.Component {
                   }}
                   type="card"
                   activeKey={this.state.activeMenuKey}
+                  tabBarStyle={{marginBottom: 0}}
                   items={[
                     {label: i18next.t("application:Basic"), key: "basic"},
                     {label: i18next.t("application:Authentication"), key: "authentication"},
+                    {label: "OIDC/OAuth", key: "oidc-oauth"},
+                    {label: "SAML", key: "saml"},
                     {label: i18next.t("application:Providers"), key: "providers"},
                     {label: i18next.t("application:UI Customization"), key: "ui-customization"},
                     {label: i18next.t("application:Security"), key: "security"},
+                    {label: i18next.t("application:Reverse Proxy"), key: "reverse-proxy"},
                   ]}
                 />
               </Header>
@@ -1425,9 +1539,12 @@ class ApplicationEditPage extends React.Component {
                   >
                     <Menu.Item key="basic">{i18next.t("application:Basic")}</Menu.Item>
                     <Menu.Item key="authentication">{i18next.t("application:Authentication")}</Menu.Item>
+                    <Menu.Item key="oidc-oauth">OIDC/OAuth</Menu.Item>
+                    <Menu.Item key="saml">SAML</Menu.Item>
                     <Menu.Item key="providers">{i18next.t("application:Providers")}</Menu.Item>
                     <Menu.Item key="ui-customization">{i18next.t("application:UI Customization")}</Menu.Item>
                     <Menu.Item key="security">{i18next.t("application:Security")}</Menu.Item>
+                    <Menu.Item key="reverse-proxy">{i18next.t("application:Reverse Proxy")}</Menu.Item>
                   </Menu>
                 </Sider>) : null
             }
@@ -1483,11 +1600,11 @@ class ApplicationEditPage extends React.Component {
               {
                 Setting.isPasswordEnabled(this.state.application) ? (
                   <div className="loginBackground" style={{backgroundImage: `url(${this.state.application?.formBackgroundUrl})`, overflow: "auto"}}>
-                    <SignupPage application={this.state.application} preview = "auto" />
+                    <SignupPage application={this.state.application} preview="auto" />
                   </div>
                 ) : (
                   <div className="loginBackground" style={{backgroundImage: `url(${this.state.application?.formBackgroundUrl})`, overflow: "auto"}}>
-                    <LoginPage type={"login"} mode={"signup"} application={this.state.application} preview = "auto" />
+                    <LoginPage type={"login"} mode={"signup"} application={this.state.application} preview="auto" />
                   </div>
                 )
               }
@@ -1513,7 +1630,7 @@ class ApplicationEditPage extends React.Component {
           }}>
             <div style={{position: "relative", width: previewWidth, border: "1px solid rgb(217,217,217)", boxShadow: "10px 10px 5px #888888", overflow: "auto"}}>
               <div className="loginBackground" style={{backgroundImage: `url(${this.state.application?.formBackgroundUrl})`, overflow: "auto"}}>
-                <LoginPage type={"login"} mode={"signin"} application={this.state.application} preview = "auto" />
+                <LoginPage type={"login"} mode={"signin"} application={this.state.application} preview="auto" />
               </div>
               <div style={{overflow: "auto", ...maskStyle}} />
             </div>
@@ -1557,6 +1674,12 @@ class ApplicationEditPage extends React.Component {
     const application = Setting.deepCopy(this.state.application);
     application.providers = application.providers?.filter(provider => this.state.providers.map(provider => provider.name).includes(provider.name));
     application.signinMethods = application.signinMethods?.filter(signinMethod => ["Password", "Verification code", "WebAuthn", "LDAP", "Face ID", "WeChat"].includes(signinMethod.name));
+    const customScopeValidation = this.validateCustomScopes(application.customScopes);
+    application.customScopes = customScopeValidation.scopes;
+    if (!customScopeValidation.ok) {
+      Setting.showMessage("error", `${i18next.t("general:Name")}: ${i18next.t("provider:This field is required")}`);
+      return;
+    }
 
     ApplicationBackend.updateApplication("admin", this.state.applicationName, application)
       .then((res) => {

web/src/ApplicationListPage.js

@@ -190,19 +190,15 @@ class ApplicationListPage extends BaseListPage {
         sorter: true,
         ...this.getColumnSearchProps("category"),
         render: (text, record, index) => {
-          const category = text;
-          const tagColor = category === "Agent" ? "green" : "blue";
-          return (
-            <span style={{
-              padding: "4px 8px",
-              borderRadius: "4px",
-              backgroundColor: tagColor,
-              color: "white",
-              fontWeight: "500",
-            }}>
-              {category}
-            </span>
-          );
+          if (!text) {
+            text = "Default";
+          }
+
+          if (text === "Agent") {
+            return Setting.getTag("success", text);
+          } else {
+            return Setting.getTag("default", text);
+          }
         },
       },
       {

web/src/CertEditPage.js

@@ -81,6 +81,24 @@ class CertEditPage extends React.Component {
     value = this.parseCertField(key, value);
 
     const cert = this.state.cert;
+    const previousType = cert.type;
+    if (key === "type") {
+      if (value === "SSL") {
+        cert.cryptoAlgorithm = "RSA";
+        cert.certificate = "";
+        cert.privateKey = "";
+      } else if (previousType === "SSL" && value !== "SSL") {
+        // Clear SSL-specific sensitive and derived fields when leaving SSL type
+        cert.provider = "";
+        cert.account = "";
+        cert.accessKey = "";
+        cert.accessSecret = "";
+        cert.certificate = "";
+        cert.privateKey = "";
+        cert.expireTime = "";
+        cert.domainExpireTime = "";
+      }
+    }
     cert[key] = value;
     this.setState({
       cert: cert,
@@ -133,7 +151,7 @@ class CertEditPage extends React.Component {
         </Row>
         <Row style={{marginTop: "20px"}} >
           <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
-            {Setting.getLabel(i18next.t("provider:Scope"), i18next.t("cert:Scope - Tooltip"))} :
+            {Setting.getLabel(i18next.t("provider:Scope"), i18next.t("provider:Scope - Tooltip"))} :
           </Col>
           <Col span={22} >
             <Select virtual={false} style={{width: "100%"}} value={this.state.cert.scope} onChange={(value => {
@@ -149,7 +167,7 @@ class CertEditPage extends React.Component {
         </Row>
         <Row style={{marginTop: "20px"}} >
           <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
-            {Setting.getLabel(i18next.t("general:Type"), i18next.t("cert:Type - Tooltip"))} :
+            {Setting.getLabel(i18next.t("general:Type"), i18next.t("general:Type - Tooltip"))} :
           </Col>
           <Col span={22} >
             <Select virtual={false} style={{width: "100%"}} value={this.state.cert.type} onChange={(value => {
@@ -157,6 +175,7 @@ class CertEditPage extends React.Component {
             })}>
               {
                 [
+                  {id: "SSL", name: "SSL"},
                   {id: "x509", name: "x509"},
                   {id: "Payment", name: "Payment"},
                 ].map((item, index) => <Option key={index} value={item.id}>{item.name}</Option>)
@@ -184,7 +203,10 @@ class CertEditPage extends React.Component {
               this.updateCertField("privateKey", "");
             })}>
               {
-                [
+                (this.state.cert.type === "SSL" ? [
+                  {id: "RSA", name: "RSA"},
+                  {id: "ECC", name: "ECC"},
+                ] : [
                   {id: "RS256", name: "RS256 (RSA + SHA256)"},
                   {id: "RS384", name: "RS384 (RSA + SHA384)"},
                   {id: "RS512", name: "RS512 (RSA + SHA512)"},
@@ -194,13 +216,13 @@ class CertEditPage extends React.Component {
                   {id: "PS256", name: "PS256 (RSASSA-PSS using SHA256 and MGF1 with SHA256)"},
                   {id: "PS384", name: "PS384 (RSASSA-PSS using SHA384 and MGF1 with SHA384)"},
                   {id: "PS512", name: "PS512 (RSASSA-PSS using SHA512 and MGF1 with SHA512)"},
-                ].map((item, index) => <Option key={index} value={item.id}>{item.name}</Option>)
+                ]).map((item, index) => <Option key={index} value={item.id}>{item.name}</Option>)
               }
             </Select>
           </Col>
         </Row>
         {
-          this.state.cert.cryptoAlgorithm.startsWith("ES") ? null : (
+          this.state.cert.cryptoAlgorithm.startsWith("ES") || this.state.cert.type === "SSL" ? null : (
             <Row style={{marginTop: "20px"}} >
               <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
                 {Setting.getLabel(i18next.t("cert:Bit size"), i18next.t("cert:Bit size - Tooltip"))} :
@@ -219,16 +241,91 @@ class CertEditPage extends React.Component {
             </Row>
           )
         }
-        <Row style={{marginTop: "20px"}} >
-          <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
-            {Setting.getLabel(i18next.t("cert:Expire in years"), i18next.t("cert:Expire in years - Tooltip"))} :
-          </Col>
-          <Col span={22} >
-            <InputNumber value={this.state.cert.expireInYears} onChange={value => {
-              this.updateCertField("expireInYears", value);
-            }} />
-          </Col>
-        </Row>
+        {
+          this.state.cert.type === "SSL" ? null : (
+            <Row style={{marginTop: "20px"}} >
+              <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
+                {Setting.getLabel(i18next.t("cert:Expire in years"), i18next.t("cert:Expire in years - Tooltip"))} :
+              </Col>
+              <Col span={22} >
+                <InputNumber value={this.state.cert.expireInYears} onChange={value => {
+                  this.updateCertField("expireInYears", value);
+                }} />
+              </Col>
+            </Row>
+          )
+        }
+        {
+          this.state.cert.type === "SSL" ? (
+            <React.Fragment>
+              <Row style={{marginTop: "20px"}} >
+                <Col style={{marginTop: "5px"}} span={2}>
+                  {i18next.t("cert:Expire time")}:
+                </Col>
+                <Col span={22} >
+                  <Input disabled={true} value={Setting.getFormattedDate(this.state.cert.expireTime)} onChange={e => {
+                    this.updateCertField("expireTime", e.target.value);
+                  }} />
+                </Col>
+              </Row>
+              <Row style={{marginTop: "20px"}} >
+                <Col style={{marginTop: "5px"}} span={2}>
+                  {i18next.t("cert:Domain expire")}:
+                </Col>
+                <Col span={22} >
+                  <Input disabled={true} value={Setting.getFormattedDate(this.state.cert.domainExpireTime)} onChange={e => {
+                    this.updateCertField("domainExpireTime", e.target.value);
+                  }} />
+                </Col>
+              </Row>
+              <Row style={{marginTop: "20px"}} >
+                <Col style={{marginTop: "5px"}} span={2}>
+                  {i18next.t("cert:Provider")}:
+                </Col>
+                <Col span={22} >
+                  <Select virtual={false} style={{width: "100%"}} value={this.state.cert.provider} onChange={(value => {this.updateCertField("provider", value);})}>
+                    {
+                      [
+                        {id: "GoDaddy", name: "GoDaddy"},
+                        {id: "Aliyun", name: "Aliyun"},
+                      ].map((item, index) => <Option key={index} value={item.id}>{item.name}</Option>)
+                    }
+                  </Select>
+                </Col>
+              </Row>
+              <Row style={{marginTop: "20px"}} >
+                <Col style={{marginTop: "5px"}} span={2}>
+                  {i18next.t("cert:Account")}:
+                </Col>
+                <Col span={22} >
+                  <Input value={this.state.cert.account} onChange={e => {
+                    this.updateCertField("account", e.target.value);
+                  }} />
+                </Col>
+              </Row>
+              <Row style={{marginTop: "20px"}} >
+                <Col style={{marginTop: "5px"}} span={2}>
+                  {i18next.t("cert:Access key")}:
+                </Col>
+                <Col span={22} >
+                  <Input value={this.state.cert.accessKey} onChange={e => {
+                    this.updateCertField("accessKey", e.target.value);
+                  }} />
+                </Col>
+              </Row>
+              <Row style={{marginTop: "20px"}} >
+                <Col style={{marginTop: "5px"}} span={2}>
+                  {i18next.t("cert:Access secret")}:
+                </Col>
+                <Col span={22} >
+                  <Input.Password value={this.state.cert.accessSecret} onChange={e => {
+                    this.updateCertField("accessSecret", e.target.value);
+                  }} />
+                </Col>
+              </Row>
+            </React.Fragment>
+          ) : null
+        }
         <Row style={{marginTop: "20px"}} >
           <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
             {Setting.getLabel(i18next.t("cert:Certificate"), i18next.t("cert:Certificate - Tooltip"))} :

web/src/CertListPage.js

@@ -88,6 +88,28 @@ class CertListPage extends BaseListPage {
       });
   }
 
+  refreshCert(i) {
+    const cert = this.state.data[i];
+    CertBackend.refreshDomainExpire(cert.owner, cert.name)
+      .then((res) => {
+        if (res.status === "error") {
+          Setting.showMessage("error", `Failed to refresh domain expire: ${res.msg}`);
+        } else {
+          Setting.showMessage("success", "Domain expire refreshed successfully");
+          this.fetch({
+            pagination: {
+              ...this.state.pagination,
+              current: this.state.pagination.current > 1 && this.state.data.length === 1 ? this.state.pagination.current - 1 : this.state.pagination.current,
+            },
+          });
+        }
+      }
+      )
+      .catch(error => {
+        Setting.showMessage("error", `Domain expire failed to refresh: ${error}`);
+      });
+  }
+
   renderTable(certs) {
     const columns = [
       {
@@ -194,6 +216,12 @@ class CertListPage extends BaseListPage {
         render: (text, record, index) => {
           return (
             <div>
+              {
+                record.type === "SSL" ? (
+                  <Button disabled={!Setting.isAdminUser(this.props.account) && (record.owner !== this.props.account.owner)} style={{margin: "10px 10px 10px 0"}} type="default" onClick={() => this.refreshCert(index)}>{i18next.t("general:Refresh")}
+                  </Button>
+                ) : null
+              }
               <Button disabled={!Setting.isAdminUser(this.props.account) && (record.owner !== this.props.account.owner)} style={{marginTop: "10px", marginBottom: "10px", marginRight: "10px"}} type="primary" onClick={() => this.props.history.push(`/certs/${record.owner}/${record.name}`)}>{i18next.t("general:Edit")}</Button>
               <PopconfirmModal
                 disabled={!Setting.isAdminUser(this.props.account) && (record.owner !== this.props.account.owner)}

web/src/EntryPage.js

@@ -26,6 +26,7 @@ import LoginPage from "./auth/LoginPage";
 import SelfForgetPage from "./auth/SelfForgetPage";
 import ForgetPage from "./auth/ForgetPage";
 import PromptPage from "./auth/PromptPage";
+import ConsentPage from "./auth/ConsentPage";
 import ResultPage from "./auth/ResultPage";
 import CasLogout from "./auth/CasLogout";
 import {authConfig} from "./auth/Auth";
@@ -125,6 +126,7 @@ class EntryPage extends React.Component {
             <Route exact path="/forget/:applicationName" render={(props) => <ForgetPage {...this.props} account={this.props.account} application={this.state.application} onUpdateApplication={onUpdateApplication} {...props} />} />
             <Route exact path="/prompt" render={(props) => this.renderLoginIfNotLoggedIn(<PromptPage {...this.props} application={this.state.application} onUpdateApplication={onUpdateApplication} {...props} />)} />
             <Route exact path="/prompt/:applicationName" render={(props) => this.renderLoginIfNotLoggedIn(<PromptPage {...this.props} application={this.state.application} onUpdateApplication={onUpdateApplication} {...props} />)} />
+            <Route exact path="/consent/:applicationName" render={(props) => this.renderLoginIfNotLoggedIn(<ConsentPage {...this.props} application={this.state.application} onUpdateApplication={onUpdateApplication} {...props} />)} />
             <Route exact path="/result" render={(props) => this.renderHomeIfLoggedIn(<ResultPage {...this.props} application={this.state.application} onUpdateApplication={onUpdateApplication} {...props} />)} />
             <Route exact path="/result/:applicationName" render={(props) => this.renderHomeIfLoggedIn(<ResultPage {...this.props} application={this.state.application} onUpdateApplication={onUpdateApplication} {...props} />)} />
             <Route exact path="/cas/:owner/:casApplicationName/logout" render={(props) => this.renderHomeIfLoggedIn(<CasLogout {...this.props} application={this.state.application} onUpdateApplication={onUpdateApplication} {...props} />)} />

web/src/FormEditPage.js

@@ -93,7 +93,7 @@ class FormEditPage extends React.Component {
         </Row>
         <Row style={{marginTop: "20px"}}>
           <Col style={{marginTop: "5px"}} span={Setting.isMobile() ? 22 : 2}>
-            {Setting.getLabel(i18next.t("general:Type"), i18next.t("cert:Type - Tooltip"))} :
+            {Setting.getLabel(i18next.t("general:Type"), i18next.t("general:Type - Tooltip"))} :
           </Col>
           <Col span={22}>
             <Select

web/src/GroupEditPage.js

@@ -148,7 +148,7 @@ class GroupEditPage extends React.Component {
         </Row>
         <Row style={{marginTop: "20px"}} >
           <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
-            {Setting.getLabel(i18next.t("general:Type"), i18next.t("cert:Type - Tooltip"))} :
+            {Setting.getLabel(i18next.t("general:Type"), i18next.t("general:Type - Tooltip"))} :
           </Col>
           <Col span={22} >
             <Select style={{width: "100%"}}

web/src/ManagementPage.js

@@ -193,12 +193,12 @@ function ManagementPage(props) {
           {
             renderAvatar()
           }
-                     
-                     
+           
+           
           {Setting.isMobile() ? null : Setting.getShortText(Setting.getNameAtLeast(props.account.displayName), 30)} &nbsp; <DownOutlined />
-                    &nbsp;
-                    &nbsp;
-                    &nbsp;
+          &nbsp;
+          &nbsp;
+          &nbsp;
         </div>
       </Dropdown>
     );
@@ -252,15 +252,15 @@ function ManagementPage(props) {
           {renderRightDropdown()}
           {renderWidgets()}
           {Setting.isAdminUser(props.account) && (props.uri.indexOf("/trees") === -1) &&
-                        <OrganizationSelect
-                          initValue={Setting.getOrganization()}
-                          withAll={true}
-                          className="org-select"
-                          style={{display: Setting.isMobile() ? "none" : "flex"}}
-                          onChange={(value) => {
-                            Setting.setOrganization(value);
-                          }}
-                        />
+            <OrganizationSelect
+              initValue={Setting.getOrganization()}
+              withAll={true}
+              className="org-select"
+              style={{display: Setting.isMobile() ? "none" : "flex"}}
+              onChange={(value) => {
+                Setting.setOrganization(value);
+              }}
+            />
           }
         </React.Fragment>
       );
@@ -287,9 +287,9 @@ function ManagementPage(props) {
 
     !Setting.isMobile() ? res.push({
       label:
-            <Link to="/">
-              <img className="logo" src={logo ?? props.logo} alt="logo" />
-            </Link>,
+        <Link to="/">
+          <img className="logo" src={logo ?? props.logo} alt="logo" />
+        </Link>,
       disabled: true, key: "logo",
       style: {
         padding: 0,

web/src/OrderListPage.js

@@ -236,6 +236,13 @@ class OrderListPage extends BaseListPage {
         width: "120px",
         sorter: true,
         ...this.getColumnSearchProps("state"),
+        render: (text, record, index) => {
+          return (
+            <Tooltip title={record.message || ""}>
+              <span>{text}</span>
+            </Tooltip>
+          );
+        },
       },
       {
         title: i18next.t("general:Action"),
@@ -248,7 +255,7 @@ class OrderListPage extends BaseListPage {
           return (
             <div style={{display: "flex", flexWrap: "wrap", gap: "8px"}}>
               <Button onClick={() => this.props.history.push(`/orders/${record.owner}/${record.name}/pay`)}>
-                {record.state === "Created" ? i18next.t("order:Pay") : i18next.t("general:Detail")}
+                {(record.state === "Created" || record.state === "Failed") ? i18next.t("order:Pay") : i18next.t("general:Detail")}
               </Button>
               <Button danger onClick={() => this.cancelOrder(record)} disabled={record.state !== "Created" || !isAdmin}>
                 {i18next.t("general:Cancel")}

web/src/OrderPayPage.js

@@ -272,7 +272,7 @@ class OrderPayPage extends React.Component {
     const updateTimeMap = {
       Paid: i18next.t("order:Payment time"),
       Canceled: i18next.t("order:Cancel time"),
-      PaymentFailed: i18next.t("order:Payment failed time"),
+      Failed: i18next.t("order:Payment failed time"),
       Timeout: i18next.t("order:Timeout time"),
     };
     const updateTimeLabel = updateTimeMap[state] || i18next.t("general:Updated time");

web/src/OrganizationListPage.js

@@ -57,6 +57,8 @@ class OrganizationListPage extends BaseListPage {
         {name: "ID", visible: true, viewRule: "Public", modifyRule: "Immutable"},
         {name: "Name", visible: true, viewRule: "Public", modifyRule: "Admin"},
         {name: "Display name", visible: true, viewRule: "Public", modifyRule: "Self"},
+        {name: "First name", visible: true, viewRule: "Public", modifyRule: "Self"},
+        {name: "Last name", visible: true, viewRule: "Public", modifyRule: "Self"},
         {name: "Avatar", visible: true, viewRule: "Public", modifyRule: "Self"},
         {name: "User type", visible: true, viewRule: "Public", modifyRule: "Admin"},
         {name: "Password", visible: true, viewRule: "Self", modifyRule: "Self"},
@@ -66,6 +68,7 @@ class OrganizationListPage extends BaseListPage {
         {name: "Country/Region", visible: true, viewRule: "Public", modifyRule: "Self"},
         {name: "Location", visible: true, viewRule: "Public", modifyRule: "Self"},
         {name: "Address", visible: true, viewRule: "Public", modifyRule: "Self"},
+        {name: "Addresses", visible: true, viewRule: "Public", modifyRule: "Self"},
         {name: "Affiliation", visible: true, viewRule: "Public", modifyRule: "Self"},
         {name: "Title", visible: true, viewRule: "Public", modifyRule: "Self"},
         {name: "ID card type", visible: true, viewRule: "Public", modifyRule: "Self"},
@@ -86,6 +89,8 @@ class OrganizationListPage extends BaseListPage {
         {name: "Balance", visible: true, viewRule: "Public", modifyRule: "Admin"},
         {name: "Balance credit", visible: true, viewRule: "Public", modifyRule: "Admin"},
         {name: "Balance currency", visible: true, viewRule: "Public", modifyRule: "Admin"},
+        {name: "Cart", visible: true, viewRule: "Self", modifyRule: "Self"},
+        {name: "Transactions", visible: true, viewRule: "Self", modifyRule: "Self"},
         {name: "Signup application", visible: true, viewRule: "Public", modifyRule: "Admin"},
         {name: "Register type", visible: true, viewRule: "Public", modifyRule: "Admin"},
         {name: "Register source", visible: true, viewRule: "Public", modifyRule: "Admin"},
@@ -93,16 +98,22 @@ class OrganizationListPage extends BaseListPage {
         {name: "Groups", visible: true, viewRule: "Public", modifyRule: "Admin"},
         {name: "Roles", visible: true, viewRule: "Public", modifyRule: "Immutable"},
         {name: "Permissions", visible: true, viewRule: "Public", modifyRule: "Immutable"},
+        {name: "Consents", visible: true, viewRule: "Self", modifyRule: "Self"},
         {name: "3rd-party logins", visible: true, viewRule: "Self", modifyRule: "Self"},
         {name: "Properties", visible: false, viewRule: "Admin", modifyRule: "Admin"},
         {name: "Is online", visible: true, viewRule: "Admin", modifyRule: "Admin"},
         {name: "Is admin", visible: true, viewRule: "Admin", modifyRule: "Admin"},
         {name: "Is forbidden", visible: true, viewRule: "Admin", modifyRule: "Admin"},
         {name: "Is deleted", visible: true, viewRule: "Admin", modifyRule: "Admin"},
-        {Name: "Multi-factor authentication", Visible: true, ViewRule: "Self", ModifyRule: "Self"},
-        {Name: "WebAuthn credentials", Visible: true, ViewRule: "Self", ModifyRule: "Self"},
-        {Name: "Managed accounts", Visible: true, ViewRule: "Self", ModifyRule: "Self"},
-        {Name: "MFA accounts", Visible: true, ViewRule: "Self", ModifyRule: "Self"},
+        {name: "Multi-factor authentication", visible: true, viewRule: "Self", modifyRule: "Self"},
+        {name: "MFA items", visible: true, viewRule: "Self", modifyRule: "Self"},
+        {name: "WebAuthn credentials", visible: true, viewRule: "Self", modifyRule: "Self"},
+        {name: "Last change password time", visible: true, viewRule: "Admin", modifyRule: "Admin"},
+        {name: "Managed accounts", visible: true, viewRule: "Self", modifyRule: "Self"},
+        {name: "Face ID", visible: true, viewRule: "Self", modifyRule: "Self"},
+        {name: "MFA accounts", visible: true, viewRule: "Self", modifyRule: "Self"},
+        {name: "Need update password", visible: true, viewRule: "Admin", modifyRule: "Admin"},
+        {name: "IP whitelist", visible: true, viewRule: "Admin", modifyRule: "Admin"},
       ],
     };
   }

web/src/PaymentEditPage.js

@@ -18,7 +18,6 @@ import {InfoCircleTwoTone} from "@ant-design/icons";
 import * as PaymentBackend from "./backend/PaymentBackend";
 import * as Setting from "./Setting";
 import i18next from "i18next";
-import * as ProductBackend from "./backend/ProductBackend";
 
 const {Option} = Select;
 
@@ -30,7 +29,6 @@ class PaymentEditPage extends React.Component {
       organizationName: props.organizationName !== undefined ? props.organizationName : props.match.params.organizationName,
       paymentName: props.match.params.paymentName,
       payment: null,
-      products: [],
       isModalVisible: false,
       isInvoiceLoading: false,
       mode: props.location.mode !== undefined ? props.location.mode : "edit",
@@ -39,7 +37,6 @@ class PaymentEditPage extends React.Component {
 
   UNSAFE_componentWillMount() {
     this.getPayment();
-    this.getProducts();
   }
 
   getPayment() {
@@ -58,19 +55,6 @@ class PaymentEditPage extends React.Component {
       });
   }
 
-  getProducts() {
-    ProductBackend.getProducts(this.state.organizationName)
-      .then((res) => {
-        if (res.status === "ok") {
-          this.setState({
-            products: res.data,
-          });
-        } else {
-          Setting.showMessage("error", `Failed to get products: ${res.msg}`);
-        }
-      });
-  }
-
   goToViewOrder() {
     const payment = this.state.payment;
     if (payment && payment.order) {
@@ -232,7 +216,7 @@ class PaymentEditPage extends React.Component {
         </Row>
         <Row style={{marginTop: "20px"}} >
           <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
-            {Setting.getLabel(i18next.t("general:Type"), i18next.t("cert:Type - Tooltip"))} :
+            {Setting.getLabel(i18next.t("general:Type"), i18next.t("general:Type - Tooltip"))} :
           </Col>
           <Col span={22} >
             <Input disabled={true} value={this.state.payment.type} onChange={e => {
@@ -240,29 +224,6 @@ class PaymentEditPage extends React.Component {
             }} />
           </Col>
         </Row>
-        <Row style={{marginTop: "20px"}} >
-          <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
-            {Setting.getLabel(i18next.t("general:Products"), i18next.t("payment:Products - Tooltip"))} :
-          </Col>
-          <Col span={22} >
-            <Select
-              mode="multiple"
-              style={{width: "100%"}}
-              value={this.state.payment?.products || []}
-              disabled={isViewMode}
-              allowClear
-              options={(this.state.products || [])
-                .map((p) => ({
-                  label: Setting.getLanguageText(p?.displayName) || p?.name,
-                  value: p?.name,
-                }))
-                .filter((o) => o.value)}
-              onChange={(value) => {
-                this.updatePaymentField("products", value);
-              }}
-            />
-          </Col>
-        </Row>
         <Row style={{marginTop: "20px"}} >
           <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
             {Setting.getLabel(i18next.t("order:Price"), i18next.t("plan:Price - Tooltip"))} :

web/src/PaymentListPage.js

@@ -14,7 +14,7 @@
 
 import React from "react";
 import {Link} from "react-router-dom";
-import {Button, List, Table, Tooltip} from "antd";
+import {Button, Col, List, Row, Table, Tooltip} from "antd";
 import moment from "moment";
 import * as Setting from "./Setting";
 import * as PaymentBackend from "./backend/PaymentBackend";
@@ -195,21 +195,31 @@ class PaymentListPage extends BaseListPage {
                   paddingBottom: 8,
                 }}
                 renderItem={(productInfo, i) => {
-                  const price = productInfo.price * (productInfo.quantity || 1);
+                  const price = productInfo.price || 0;
+                  const number = productInfo.quantity || 1;
                   const currency = record.currency || "USD";
+                  const productName = productInfo.displayName || productInfo.name;
                   return (
                     <List.Item>
-                      <div style={{display: "inline"}}>
-                        <Tooltip placement="topLeft" title={i18next.t("general:Edit")}>
-                          <Button style={{marginRight: "5px"}} icon={<EditOutlined />} size="small" onClick={() => Setting.goToLinkSoft(this, `/products/${record.owner}/${productInfo.name}`)} />
-                        </Tooltip>
-                        <Link to={`/products/${record.owner}/${productInfo.name}`}>
-                          {productInfo.displayName || productInfo.name}
-                        </Link>
-                        <span style={{marginLeft: "8px", color: "#666"}}>
-                          {Setting.getPriceDisplay(price, currency)}
-                        </span>
-                      </div>
+                      <Row style={{width: "100%"}} wrap={false} gutter={[12, 0]}>
+                        <Col flex="auto" style={{minWidth: 0}}>
+                          <div style={{display: "flex", alignItems: "center", minWidth: 0}}>
+                            <Tooltip placement="topLeft" title={i18next.t("general:Edit")}>
+                              <Button style={{marginRight: "5px"}} icon={<EditOutlined />} size="small" onClick={() => Setting.goToLinkSoft(this, `/products/${record.owner}/${productInfo.name}`)} />
+                            </Tooltip>
+                            <Tooltip placement="topLeft" title={productName}>
+                              <Link to={`/products/${record.owner}/${productInfo.name}`} style={{display: "inline-block", maxWidth: "100%", minWidth: 0, overflow: "hidden", textOverflow: "ellipsis", whiteSpace: "nowrap"}}>
+                                {productName}
+                              </Link>
+                            </Tooltip>
+                          </div>
+                        </Col>
+                        <Col flex="none" style={{whiteSpace: "nowrap"}}>
+                          <span style={{color: "#666"}}>
+                            {Setting.getCurrencySymbol(currency)}{price} ({Setting.getCurrencyText(currency)}) × {number}
+                          </span>
+                        </Col>
+                      </Row>
                     </List.Item>
                   );
                 }}

web/src/PermissionEditPage.js

@@ -309,7 +309,7 @@ class PermissionEditPage extends React.Component {
                 }
                 const data = res.data.map((role) => Setting.getOption(`${role.owner}/${role.name}`, `${role.owner}/${role.name}`));
                 if (args?.[1] === 1 && Array.isArray(res?.data)) {
-                  // res.data = [{owner: i18next.t("organization:All"), name: "*"}, ...res.data];
+                  // res.data = [{owner: i18next.t("general:All"), name: "*"}, ...res.data];
                   res.data = [
                     Setting.getOption(i18next.t("general:All"), "*"),
                     ...data,

web/src/ProductEditPage.js

@@ -307,16 +307,6 @@ class ProductEditPage extends React.Component {
             </Select>
           </Col>
         </Row>
-        <Row style={{marginTop: "20px"}} >
-          <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
-            {Setting.getLabel(i18next.t("product:Return URL"), i18next.t("product:Return URL - Tooltip"))} :
-          </Col>
-          <Col span={22} >
-            <Input prefix={<LinkOutlined />} value={this.state.product.returnUrl} disabled={isViewMode} onChange={e => {
-              this.updateProductField("returnUrl", e.target.value);
-            }} />
-          </Col>
-        </Row>
         <Row style={{marginTop: "20px"}} >
           <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
             {Setting.getLabel(i18next.t("product:Success URL"), i18next.t("product:Success URL - Tooltip"))} :

web/src/ProviderListPage.js

@@ -139,7 +139,7 @@ class ProviderListPage extends BaseListPage {
         ...this.getColumnSearchProps("displayName"),
       },
       {
-        title: i18next.t("provider:Category"),
+        title: i18next.t("general:Category"),
         dataIndex: "category",
         key: "category",
         filterMultiple: false,

web/src/RecordListPage.js

@@ -137,7 +137,7 @@ class RecordListPage extends BaseListPage {
         title: i18next.t("record:Status code"),
         dataIndex: "statusCode",
         key: "statusCode",
-        width: "120px",
+        width: "140px",
         sorter: true,
         ...this.getColumnSearchProps("statusCode"),
       },

web/src/Setting.js

@@ -182,6 +182,10 @@ export const OtherProviderInfo = {
       logo: `${StaticBaseUrl}/img/social_default.png`,
       url: "https://casdoor.org/docs/provider/email/overview",
     },
+    "Resend": {
+      logo: `${StaticBaseUrl}/img/email_resend.png`,
+      url: "https://resend.com/",
+    },
   },
   Storage: {
     "Local File System": {
@@ -457,8 +461,8 @@ export const UserFields = ["owner", "name", "password", "display_name", "id", "t
   "is_admin", "homepage", "birthday", "gender", "password_type", "password_salt", "external_id", "avatar", "first_name", "last_name",
   "avatar_type", "permanent_avatar", "email_verified", "region", "location", "address",
   "affiliation", "title", "id_card_type", "id_card", "real_name", "is_verified", "bio", "tag", "language",
-  "education", "score", "karma", "ranking", "balance", "currency", "is_default_avatar", "is_online",
-  "is_forbidden", "is_deleted", "signup_application", "hash", "pre_hash", "access_key", "access_secret", "access_token",
+  "education", "score", "karma", "ranking", "balance", "balance_credit", "balance_currency", "currency", "is_default_avatar", "is_online",
+  "is_forbidden", "is_deleted", "signup_application", "register_type", "register_source", "hash", "pre_hash", "access_key", "access_secret", "access_token",
   "created_ip", "last_signin_time", "last_signin_ip", "github", "google", "qq", "wechat", "facebook", "dingtalk",
   "weibo", "gitee", "linkedin", "wecom", "lark", "gitlab", "adfs", "baidu", "alipay", "casdoor", "infoflow", "apple",
   "azuread", "azureadb2c", "slack", "steam", "bilibili", "okta", "douyin", "kwai", "line", "amazon", "auth0",
@@ -469,7 +473,7 @@ export const UserFields = ["owner", "name", "password", "display_name", "id", "t
   "wepay", "xero", "yahoo", "yammer", "yandex", "zoom", "metamask", "web3onboard", "custom", "webauthnCredentials",
   "preferred_mfa_type", "recovery_codes", "totp_secret", "mfa_phone_enabled", "mfa_email_enabled", "invitation",
   "invitation_code", "face_ids", "ldap", "properties", "roles", "permissions", "groups", "last_change_password_time",
-  "last_signin_wrong_time", "signin_wrong_times", "managedAccounts", "mfaAccounts", "need_update_password",
+  "last_signin_wrong_time", "signin_wrong_times", "managedAccounts", "mfaAccounts", "mfaItems", "need_update_password",
   "created_time", "updated_time", "deleted_time",
   "ip_whitelist"];
 
@@ -500,6 +504,7 @@ export const GetTranslatedUserItems = () => {
     {name: "Country/Region", label: i18next.t("user:Country/Region")},
     {name: "Location", label: i18next.t("user:Location")},
     {name: "Address", label: i18next.t("user:Address")},
+    {name: "Addresses", label: i18next.t("user:Addresses")},
     {name: "Affiliation", label: i18next.t("user:Affiliation")},
     {name: "Title", label: i18next.t("general:Title")},
     {name: "ID card type", label: i18next.t("user:ID card type")},
@@ -523,6 +528,8 @@ export const GetTranslatedUserItems = () => {
     {name: "Karma", label: i18next.t("user:Karma")},
     {name: "Ranking", label: i18next.t("user:Ranking")},
     {name: "Signup application", label: i18next.t("general:Signup application")},
+    {name: "Register type", label: i18next.t("user:Register type")},
+    {name: "Register source", label: i18next.t("user:Register source")},
     {name: "API key", label: i18next.t("general:API key")},
     {name: "Groups", label: i18next.t("general:Groups")},
     {name: "Roles", label: i18next.t("general:Roles")},
@@ -537,6 +544,7 @@ export const GetTranslatedUserItems = () => {
     {name: "IP whitelist", label: i18next.t("general:IP whitelist")},
     {name: "Multi-factor authentication", label: i18next.t("mfa:Multi-factor authentication")},
     {name: "WebAuthn credentials", label: i18next.t("user:WebAuthn credentials")},
+    {name: "Last change password time", label: i18next.t("user:Last change password time")},
     {name: "Managed accounts", label: i18next.t("user:Managed accounts")},
     {name: "Face ID", label: i18next.t("login:Face ID")},
     {name: "MFA accounts", label: i18next.t("user:MFA accounts")},
@@ -554,6 +562,8 @@ export function getUserColumns() {
       transField = "Country/Region";
     } else if (field === "mfaAccounts") {
       transField = "MFA accounts";
+    } else if (field === "mfaItems") {
+      transField = "MFA items";
     } else if (field === "face_ids") {
       transField = "Face ID";
     } else if (field === "managedAccounts") {
@@ -1291,6 +1301,7 @@ export function getProviderTypeOptions(category) {
         {id: "Azure ACS", name: "Azure ACS"},
         {id: "SendGrid", name: "SendGrid"},
         {id: "Custom HTTP Email", name: "Custom HTTP Email"},
+        {id: "Resend", name: "Resend"},
       ]
     );
   } else if (category === "SMS") {
@@ -2267,7 +2278,7 @@ export function getFormTypeItems(formType) {
       {name: "owner", label: "general:Organization", visible: true, width: "150"},
       {name: "createdTime", label: "general:Created time", visible: true, width: "180"},
       {name: "displayName", label: "general:Display name", visible: true, width: "150"},
-      {name: "category", label: "provider:Category", visible: true, width: "110"},
+      {name: "category", label: "general:Category", visible: true, width: "110"},
       {name: "type", label: "general:Type", visible: true, width: "110"},
       {name: "clientId", label: "provider:Client ID", visible: true, width: "100"},
       {name: "providerUrl", label: "provider:Provider URL", visible: true, width: "150"},

web/src/SyncerEditPage.js

@@ -389,6 +389,13 @@ class SyncerEditPage extends React.Component {
           "isHashed": true,
           "values": [],
         },
+        {
+          "name": "unionid",
+          "type": "string",
+          "casdoorName": "Name",
+          "isHashed": true,
+          "values": [],
+        },
         {
           "name": "name",
           "type": "string",
@@ -424,13 +431,6 @@ class SyncerEditPage extends React.Component {
           "isHashed": true,
           "values": [],
         },
-        {
-          "name": "job_number",
-          "type": "string",
-          "casdoorName": "Name",
-          "isHashed": true,
-          "values": [],
-        },
         {
           "name": "active",
           "type": "boolean",
@@ -826,7 +826,7 @@ class SyncerEditPage extends React.Component {
         </Row>
         <Row style={{marginTop: "20px"}} >
           <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
-            {Setting.getLabel(i18next.t("general:Type"), i18next.t("cert:Type - Tooltip"))} :
+            {Setting.getLabel(i18next.t("general:Type"), i18next.t("general:Type - Tooltip"))} :
           </Col>
           <Col span={22} >
             <Select virtual={false} style={{width: "100%"}} value={this.state.syncer.type} onChange={(value => {
@@ -878,7 +878,7 @@ class SyncerEditPage extends React.Component {
           this.state.syncer.databaseType !== "postgres" ? null : (
             <Row style={{marginTop: "20px"}} >
               <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
-                {Setting.getLabel(i18next.t("syncer:SSL mode"), i18next.t("syncer:SSL mode - Tooltip"))} :
+                {Setting.getLabel(i18next.t("provider:SSL mode"), i18next.t("provider:SSL mode - Tooltip"))} :
               </Col>
               <Col span={22} >
                 <Select virtual={false} style={{width: "100%"}} value={this.state.syncer.sslMode} onChange={(value => {this.updateSyncerField("sslMode", value);})}>

web/src/TokenEditPage.js

@@ -158,7 +158,7 @@ class TokenEditPage extends React.Component {
         </Row>
         <Row style={{marginTop: "20px"}} >
           <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
-            {Setting.getLabel(i18next.t("provider:Scope"), i18next.t("cert:Scope - Tooltip"))}
+            {Setting.getLabel(i18next.t("provider:Scope"), i18next.t("provider:Scope - Tooltip"))}
           </Col>
           <Col span={22} >
             <Input value={this.state.token.scope} onChange={e => {

web/src/TransactionEditPage.js

@@ -261,7 +261,7 @@ class TransactionEditPage extends React.Component {
         </Row>
         <Row style={{marginTop: "20px"}} >
           <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
-            {Setting.getLabel(i18next.t("provider:Category"), i18next.t("provider:Category - Tooltip"))} :
+            {Setting.getLabel(i18next.t("general:Category"), i18next.t("general:Category - Tooltip"))} :
           </Col>
           <Col span={22} >
             <Input disabled={true} value={this.state.transaction.category} />
@@ -269,7 +269,7 @@ class TransactionEditPage extends React.Component {
         </Row>
         <Row style={{marginTop: "20px"}} >
           <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
-            {Setting.getLabel(i18next.t("general:Type"), i18next.t("cert:Type - Tooltip"))} :
+            {Setting.getLabel(i18next.t("general:Type"), i18next.t("general:Type - Tooltip"))} :
           </Col>
           <Col span={22} >
             <Input disabled={true} value={this.state.transaction.type} onChange={e => {

web/src/UserEditPage.js

@@ -50,6 +50,7 @@ import MfaTable from "./table/MfaTable";
 import TransactionTable from "./table/TransactionTable";
 import CartTable from "./table/CartTable";
 import * as TransactionBackend from "./backend/TransactionBackend";
+import ConsentTable from "./table/ConsentTable";
 import {Content, Header} from "antd/es/layout/layout";
 import Sider from "antd/es/layout/Sider";
 
@@ -73,6 +74,7 @@ class UserEditPage extends React.Component {
       idCardInfo: ["ID card front", "ID card back", "ID card with person"],
       openFaceRecognitionModal: false,
       transactions: [],
+      consents: [],
       activeMenuKey: window.location.hash?.slice(1) || "",
       menuMode: "Horizontal",
     };
@@ -110,6 +112,7 @@ class UserEditPage extends React.Component {
         this.setState({
           user: res.data,
           multiFactorAuths: res.data?.multiFactorAuths ?? [],
+          consents: res.data?.applicationScopes ?? [],
           loading: false,
         });
 
@@ -274,7 +277,7 @@ class UserEditPage extends React.Component {
 
     // Fallback to comparing by owner and name
     return (this.state.user.owner === this.props.account.owner &&
-            this.state.user.name === this.props.account.name);
+      this.state.user.name === this.props.account.name);
   }
 
   isSelfOrAdmin() {
@@ -609,13 +612,20 @@ class UserEditPage extends React.Component {
       );
     } else if (accountItem.name === "Addresses") {
       return (
-        <AddressTable
-          title={i18next.t("user:Addresses")}
-          table={this.state.user.addresses}
-          onUpdateTable={(value) => {
-            this.updateUserField("addresses", value);
-          }}
-        />
+        <Row style={{marginTop: "20px"}} >
+          <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
+            {Setting.getLabel(i18next.t("user:Addresses"), i18next.t("user:Addresses"))} :
+          </Col>
+          <Col span={22} >
+            <AddressTable
+              title={i18next.t("user:Addresses")}
+              table={this.state.user.addresses}
+              onUpdateTable={(value) => {
+                this.updateUserField("addresses", value);
+              }}
+            />
+          </Col>
+        </Row>
       );
     } else if (accountItem.name === "Affiliation") {
       return (
@@ -880,7 +890,7 @@ class UserEditPage extends React.Component {
             {Setting.getLabel(i18next.t("general:Transactions"), i18next.t("general:Transactions"))} :
           </Col>
           <Col span={22}>
-            <TransactionTable transactions={this.state.transactions} hideTag={true} />
+            <TransactionTable title={i18next.t("general:Transactions")} transactions={this.state.transactions} hideTag={true} />
           </Col>
         </Row>
       );
@@ -1122,6 +1132,21 @@ class UserEditPage extends React.Component {
           />
         </Col>
       </Row>);
+    } else if (accountItem.name === "Consents") {
+      return (
+        <Row style={{marginTop: "20px"}}>
+          <Col style={{marginTop: "5px"}} span={Setting.isMobile() ? 22 : 2}>
+            {Setting.getLabel(i18next.t("consent:Consents"), i18next.t("consent:Consents - Tooltip"))} :
+          </Col>
+          <Col span={22}>
+            <ConsentTable
+              title={i18next.t("consent:Consents")}
+              table={this.state.consents}
+              onUpdateTable={() => this.getUser()}
+            />
+          </Col>
+        </Row>
+      );
     } else if (accountItem.name === "Multi-factor authentication") {
       return (
         !this.isSelfOrAdmin() ? null : (
@@ -1130,15 +1155,21 @@ class UserEditPage extends React.Component {
               {Setting.getLabel(i18next.t("mfa:Multi-factor authentication"), i18next.t("mfa:Multi-factor authentication - Tooltip "))} :
             </Col>
             <Col span={22} >
-              <Card size="small" title={i18next.t("mfa:Multi-factor methods")}
-                extra={this.state.multiFactorAuths?.some(mfaProps => mfaProps.enabled) ?
-                  <PopconfirmModal
-                    text={i18next.t("general:Disable")}
-                    title={i18next.t("general:Sure to disable") + "?"}
-                    onConfirm={() => this.deleteMfa()}
-                  /> : null
-                }>
+              <Card size="small" title={
+                <div>
+                  {i18next.t("mfa:Multi-factor methods")}&nbsp;&nbsp;&nbsp;&nbsp;
+                  {this.state.multiFactorAuths?.some(mfaProps => mfaProps.enabled) ?
+                    <PopconfirmModal
+                      text={i18next.t("general:Disable")}
+                      title={i18next.t("general:Sure to disable") + "?"}
+                      onConfirm={() => this.deleteMfa()}
+                      size="small"
+                    /> : null
+                  }
+                </div>
+              }>
                 <List
+                  size="small"
                   rowKey="mfaType"
                   itemLayout="horizontal"
                   dataSource={this.state.multiFactorAuths}

web/src/auth/ConsentPage.js

@@ -0,0 +1,260 @@
+// Copyright 2026 The Casdoor Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+import React from "react";
+import {Button, Card, List, Result, Space} from "antd";
+import {CheckOutlined, LockOutlined} from "@ant-design/icons";
+import * as ApplicationBackend from "../backend/ApplicationBackend";
+import * as ConsentBackend from "../backend/ConsentBackend";
+import * as Setting from "../Setting";
+import i18next from "i18next";
+import {withRouter} from "react-router-dom";
+import * as Util from "./Util";
+
+class ConsentPage extends React.Component {
+  constructor(props) {
+    super(props);
+    const params = new URLSearchParams(window.location.search);
+    this.state = {
+      applicationName: props.match?.params?.applicationName || params.get("application"),
+      scopeDescriptions: [],
+      granting: false,
+      oAuthParams: Util.getOAuthGetParameters(),
+    };
+  }
+
+  getApplicationObj() {
+    return this.props.application;
+  }
+
+  componentDidMount() {
+    this.getApplication();
+    this.loadScopeDescriptions();
+  }
+
+  componentDidUpdate(prevProps) {
+    if (this.props.application !== prevProps.application) {
+      this.loadScopeDescriptions();
+    }
+  }
+
+  getApplication() {
+    if (!this.state.applicationName) {
+      return;
+    }
+
+    ApplicationBackend.getApplication("admin", this.state.applicationName)
+      .then((res) => {
+        if (res.status === "error") {
+          Setting.showMessage("error", res.msg);
+          return;
+        }
+
+        this.props.onUpdateApplication(res.data);
+      });
+  }
+
+  loadScopeDescriptions() {
+    const {oAuthParams} = this.state;
+    const application = this.getApplicationObj();
+    if (!oAuthParams?.scope || !application) {
+      return;
+    }
+    // Check if urlPar scope is within application scopes
+    const scopes = oAuthParams.scope.split(" ").map(s => s.trim()).filter(Boolean);
+    const customScopes = application.customScopes || [];
+    const customScopesMap = {};
+    customScopes.forEach(s => {
+      if (s?.scope) {
+        customScopesMap[s.scope] = s;
+      }
+    });
+
+    const scopeDescriptions = scopes
+      .map(scope => {
+        const item = customScopesMap[scope];
+        if (item) {
+          return {
+            ...item,
+            displayName: item.displayName || item.scope,
+          };
+        }
+        return {
+          scope: scope,
+          displayName: scope,
+          description: i18next.t("consent:This scope is not defined in the application"),
+        };
+      })
+      .filter(Boolean);
+
+    this.setState({
+      scopeDescriptions: scopeDescriptions,
+    });
+  }
+
+  handleGrant() {
+    const {oAuthParams, scopeDescriptions} = this.state;
+    const application = this.getApplicationObj();
+
+    this.setState({granting: true});
+
+    const consent = {
+      owner: application.owner,
+      application: application.owner + "/" + application.name,
+      grantedScopes: scopeDescriptions.map(s => s.scope),
+    };
+
+    ConsentBackend.grantConsent(consent, oAuthParams)
+      .then((res) => {
+        if (res.status === "ok") {
+          // res.data contains the authorization code
+          const code = res.data;
+          const concatChar = oAuthParams?.redirectUri?.includes("?") ? "&" : "?";
+          const redirectUrl = `${oAuthParams.redirectUri}${concatChar}code=${code}&state=${oAuthParams.state}`;
+          Setting.goToLink(redirectUrl);
+        } else {
+          Setting.showMessage("error", res.msg);
+          this.setState({granting: false});
+        }
+      });
+  }
+
+  handleDeny() {
+    const {oAuthParams} = this.state;
+    const concatChar = oAuthParams?.redirectUri?.includes("?") ? "&" : "?";
+    Setting.goToLink(`${oAuthParams.redirectUri}${concatChar}error=access_denied&error_description=User denied consent&state=${oAuthParams.state}`);
+  }
+
+  render() {
+    const application = this.getApplicationObj();
+
+    if (application === undefined) {
+      return null;
+    }
+
+    if (!application) {
+      return (
+        <Result
+          status="error"
+          title={i18next.t("general:Invalid application")}
+        />
+      );
+    }
+
+    const {scopeDescriptions, granting} = this.state;
+    const isScopeEmpty = scopeDescriptions.length === 0;
+
+    return (
+      <div className="login-content">
+        <div className={Setting.isDarkTheme(this.props.themeAlgorithm) ? "login-panel-dark" : "login-panel"}>
+          <div className="login-form">
+            <Card
+              style={{
+                padding: "32px",
+                width: 450,
+                borderRadius: "12px",
+                boxShadow: "0 10px 25px rgba(0, 0, 0, 0.05)",
+                border: "1px solid #f0f0f0",
+              }}
+            >
+              <div style={{textAlign: "center", marginBottom: 24}}>
+                {application.logo && (
+                  <div style={{marginBottom: 16}}>
+                    <img
+                      src={application.logo}
+                      alt={application.displayName || application.name}
+                      style={{height: 56, objectFit: "contain"}}
+                    />
+                  </div>
+                )}
+                <h2 style={{margin: 0, fontWeight: 600, fontSize: "24px"}}>
+                  {i18next.t("consent:Authorization Request")}
+                </h2>
+              </div>
+
+              <div style={{marginBottom: 32}}>
+                <p style={{fontSize: 15, color: "#666", textAlign: "center", lineHeight: "1.6"}}>
+                  <span style={{fontWeight: 600, color: "#000"}}>{application.displayName || application.name}</span>
+                  {" "}{i18next.t("consent:wants to access your account")}
+                </p>
+                {application.homepageUrl && (
+                  <div style={{textAlign: "center", marginTop: 4}}>
+                    <a href={application.homepageUrl} target="_blank" rel="noopener noreferrer" style={{fontSize: 13, color: "#1890ff"}}>
+                      {application.homepageUrl}
+                    </a>
+                  </div>
+                )}
+              </div>
+
+              <div style={{marginBottom: 32}}>
+                <div style={{fontSize: 14, color: "#8c8c8c", marginBottom: 16}}>
+                  <LockOutlined style={{marginRight: 8}} /> {i18next.t("consent:This application is requesting")}
+                </div>
+                <div style={{display: "flex", justifyContent: "center"}}>
+                  <List
+                    size="small"
+                    dataSource={scopeDescriptions}
+                    style={{width: "100%"}}
+                    renderItem={item => (
+                      <List.Item style={{borderBottom: "none", width: "100%"}}>
+                        <div style={{display: "inline-grid", gridTemplateColumns: "16px auto", columnGap: 8, alignItems: "start"}}>
+                          <CheckOutlined style={{color: "#52c41a", fontSize: "14px", marginTop: "4px", justifySelf: "center"}} />
+                          <div style={{fontWeight: 500, fontSize: "14px", lineHeight: "22px"}}>{item.displayName || item.scope}</div>
+                        </div>
+                        <div style={{fontSize: "12px", color: "#8c8c8c", marginTop: 2}}>{item.description}</div>
+                      </List.Item>
+                    )}
+                  />
+                </div>
+              </div>
+
+              <div style={{textAlign: "center", marginBottom: 24}}>
+                <Space size={16}>
+                  <Button
+                    type="primary"
+                    size="large"
+                    shape="round"
+                    onClick={() => this.handleGrant()}
+                    loading={granting}
+                    disabled={granting || isScopeEmpty}
+                    style={{minWidth: 120, height: 44, fontWeight: 500}}
+                  >
+                    {i18next.t("consent:Allow")}
+                  </Button>
+                  <Button
+                    size="large"
+                    shape="round"
+                    onClick={() => this.handleDeny()}
+                    disabled={granting || isScopeEmpty}
+                    style={{minWidth: 120, height: 44, fontWeight: 500}}
+                  >
+                    {i18next.t("consent:Deny")}
+                  </Button>
+                </Space>
+              </div>
+
+              <div style={{padding: "16px", backgroundColor: "#fafafa", borderRadius: "8px", border: "1px solid #f0f0f0"}}>
+                <p style={{margin: 0, fontSize: 12, color: "#8c8c8c", textAlign: "center", lineHeight: "1.5"}}>
+                  {i18next.t("consent:By clicking Allow, you allow this app to use your information")}
+                </p>
+              </div>
+            </Card>
+          </div>
+        </div>
+      </div>
+    );
+  }
+}
+
+export default withRouter(ConsentPage);

web/src/auth/LoginPage.js

@@ -216,7 +216,7 @@ class LoginPage extends React.Component {
             this.setState({
               msg: res.msg,
             });
-            return ;
+            return;
           }
           this.onUpdateApplication(res.data);
         });
@@ -369,6 +369,13 @@ class LoginPage extends React.Component {
       return;
     }
 
+    // Check if consent is required
+    if (resp.data?.required === true) {
+      // Consent required, redirect to consent page
+      Setting.goToLinkSoft(ths, `/consent/${application.name}?${window.location.search.substring(1)}`);
+      return;
+    }
+
     if (Setting.hasPromptPage(application)) {
       AuthBackend.getAccount()
         .then((res) => {
@@ -1141,9 +1148,11 @@ class LoginPage extends React.Component {
       visible={this.state.openCaptchaModal}
       noModal={noModal}
       onUpdateToken={(captchaType, captchaToken, clientSecret) => {
-        this.setState({captchaValues: {
-          captchaType, captchaToken, clientSecret,
-        }});
+        this.setState({
+          captchaValues: {
+            captchaType, captchaToken, clientSecret,
+          },
+        });
       }}
       onOk={(captchaType, captchaToken, clientSecret) => {
         const values = this.state.values;

web/src/auth/Provider.js

@@ -44,20 +44,15 @@ function generateCodeChallenge(verifier) {
 }
 
 function storeCodeVerifier(state, verifier) {
-  localStorage.setItem("pkce_verifier", `${state}#${verifier}`);
+  localStorage.setItem(`pkce_verifier_${state}`, verifier);
 }
 
 export function getCodeVerifier(state) {
-  const verifierStore = localStorage.getItem("pkce_verifier");
-  const [storedState, verifier] = verifierStore ? verifierStore.split("#") : [null, null];
-  if (storedState !== state) {
-    return null;
-  }
-  return verifier;
+  return localStorage.getItem(`pkce_verifier_${state}`);
 }
 
 export function clearCodeVerifier(state) {
-  localStorage.removeItem("pkce_verifier");
+  localStorage.removeItem(`pkce_verifier_${state}`);
 }
 
 const authInfo = {
@@ -407,24 +402,27 @@ export function getProviderUrl(provider) {
   }
 }
 
-export function getProviderLogoWidget(provider) {
+export function getProviderLogoWidget(provider, options = {}) {
   if (provider === undefined) {
     return null;
   }
 
   const url = getProviderUrl(provider);
-  if (url !== "") {
+  const disableLink = options.disableLink === true;
+  const imgEl = <img width={36} height={36} src={Setting.getProviderLogoURL(provider)} alt={provider.displayName} />;
+
+  if (url !== "" && !disableLink) {
     return (
       <Tooltip title={provider.type}>
         <a target="_blank" rel="noreferrer" href={getProviderUrl(provider)}>
-          <img width={36} height={36} src={Setting.getProviderLogoURL(provider)} alt={provider.displayName} />
+          {imgEl}
         </a>
       </Tooltip>
     );
   } else {
     return (
       <Tooltip title={provider.type}>
-        <img width={36} height={36} src={Setting.getProviderLogoURL(provider)} alt={provider.displayName} />
+        {imgEl}
       </Tooltip>
     );
   }

web/src/auth/SignupPage.js

@@ -293,8 +293,17 @@ class SignupPage extends React.Component {
             return;
           }
 
+          // Check if consent is required
+          if (oAuthParams && res.data && typeof res.data === "object" && res.data.required === true) {
+            // Consent required, redirect to consent page
+            Setting.goToLink(`/consent/${application.name}?${window.location.search.substring(1)}`);
+            return;
+          }
+
           // the user's id will be returned by `signup()`, if user signup by phone, the `username` in `values` is undefined.
-          values.username = res.data.split("/")[1];
+          if (typeof res.data === "string") {
+            values.username = res.data.split("/")[1];
+          }
           if (Setting.hasPromptPage(application) && (!values.plan || !values.pricing)) {
             AuthBackend.getAccount("")
               .then((res) => {

web/src/auth/Util.js

@@ -213,17 +213,19 @@ export async function WechatOfficialAccountModal(application, provider, method)
       }
 
       const t1 = setInterval(await getEvent, 1000, application, provider, res.data2, method);
-      {Modal.info({
-        title: i18next.t("provider:Please use WeChat to scan the QR code and follow the official account for sign in"),
-        content: (
-          <div style={{marginRight: "34px"}}>
-            <QRCode style={{padding: "20px", margin: "auto"}} bordered={false} value={res.data} size={230} />
-          </div>
-        ),
-        onOk() {
-          window.clearInterval(t1);
-        },
-      });}
+      {
+        Modal.info({
+          title: i18next.t("provider:Please use WeChat to scan the QR code and follow the official account for sign in"),
+          content: (
+            <div style={{marginRight: "34px"}}>
+              <QRCode style={{padding: "20px", margin: "auto"}} bordered={false} value={res.data} size={230} />
+            </div>
+          ),
+          onOk() {
+            window.clearInterval(t1);
+          },
+        });
+      }
     }
   );
 }

web/src/backend/CertBackend.js

@@ -79,3 +79,10 @@ export function deleteCert(cert) {
     },
   }).then(res => res.json());
 }
+
+export function refreshDomainExpire(owner, name) {
+  return fetch(`${Setting.ServerUrl}/api/update-cert-domain-expire?id=${owner}/${encodeURIComponent(name)}`, {
+    method: "POST",
+    credentials: "include",
+  }).then(res => res.json());
+}

web/src/backend/ConsentBackend.js

@@ -0,0 +1,50 @@
+// Copyright 2026 The Casdoor Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+import * as Setting from "../Setting";
+
+export function grantConsent(consent, oAuthParams) {
+  const request = {
+    ...consent,
+    clientId: oAuthParams.clientId,
+    provider: "",
+    signinMethod: "",
+    responseType: oAuthParams.responseType || "code",
+    redirectUri: oAuthParams.redirectUri,
+    scope: oAuthParams.scope,
+    state: oAuthParams.state,
+    nonce: oAuthParams.nonce || "",
+    challenge: oAuthParams.codeChallenge || "",
+    resource: "",
+  };
+  return fetch(`${Setting.ServerUrl}/api/grant-consent`, {
+    method: "POST",
+    credentials: "include",
+    body: JSON.stringify(request),
+    headers: {
+      "Accept-Language": Setting.getAcceptLanguage(),
+    },
+  }).then(res => res.json());
+}
+
+export function revokeConsent(consent) {
+  return fetch(`${Setting.ServerUrl}/api/revoke-consent`, {
+    method: "POST",
+    credentials: "include",
+    body: JSON.stringify(consent),
+    headers: {
+      "Accept-Language": Setting.getAcceptLanguage(),
+    },
+  }).then(res => res.json());
+}

web/src/basic/Dashboard.js

@@ -158,7 +158,7 @@ const Dashboard = (props) => {
         i18next.t("general:Adapters"),
         i18next.t("general:Enforcers"),
       ], top: "10%"},
-      grid: {left: "3%", right: "4%", bottom: "0", top: "25%", containLabel: true},
+      grid: {left: "3%", right: "4%", bottom: "0", top: "30%", containLabel: true},
       xAxis: {type: "category", boundaryGap: false, data: dateArray},
       yAxis: {type: "value"},
       series: [

web/src/common/select/RegionSelect.js

@@ -23,24 +23,24 @@ class RegionSelect extends React.Component {
     super(props);
     this.state = {
       classes: props,
-      value: "",
     };
   }
 
   onChange(e) {
     this.props.onChange(e);
-    this.setState({value: e});
   }
 
   render() {
+    const value = this.props.value !== undefined && this.props.value !== "" ? this.props.value : (this.props.defaultValue !== undefined && this.props.defaultValue !== "" ? this.props.defaultValue : undefined);
     return (
       <Select virtual={false}
+        size={this.props.size}
         showSearch
         optionFilterProp="label"
         style={{width: "100%"}}
-        defaultValue={this.props.defaultValue || undefined}
+        value={value}
         placeholder="Please select country/region"
-        onChange={(value => {this.onChange(value);})}
+        onChange={(val) => {this.onChange(val);}}
         filterOption={(input, option) => (option?.label ?? "").toLowerCase().includes(input.toLowerCase())}
         filterSort={(optionA, optionB) =>
           (optionA?.label ?? "").toLowerCase().localeCompare((optionB?.label ?? "").toLowerCase())

web/src/locales/de/data.json

@@ -70,6 +70,7 @@
     "Enable signin session - Tooltip": "Ob Casdoor eine Sitzung aufrechterhält, nachdem man sich von der Anwendung aus bei Casdoor angemeldet hat",
     "Enable signup": "Registrierung aktivieren",
     "Enable signup - Tooltip": "Ob Benutzern erlaubt werden soll, ein neues Konto zu registrieren",
+    "Existing Field": "Existing Field",
     "Failed signin frozen time": "Sperrzeit bei fehlgeschlagenem Login",
     "Failed signin frozen time - Tooltip": "Zeit, für die das Konto nach fehlgeschlagenen Anmeldeversuchen gesperrt wird",
     "Failed signin limit": "Limit für fehlgeschlagene Logins",
@@ -151,6 +152,7 @@
     "Signup items - Tooltip": "Elemente für Benutzer, die beim Registrieren neuer Konten ausgefüllt werden müssen - Hinweis",
     "Single Choice": "Einfachauswahl",
     "Small icon": "Kleines Symbol",
+    "Static Value": "Static Value",
     "String": "String",
     "Tags - Tooltip": "Nur Benutzer mit einem Tag, das in den Anwendungstags aufgeführt ist, können sich anmelden",
     "The application does not allow to sign up new account": "Die Anwendung erlaubt es nicht, ein neues Konto zu registrieren",
@@ -184,9 +186,7 @@
     "Expire in years - Tooltip": "Gültigkeitsdauer des Zertifikats in Jahren",
     "New Cert": "Neues Zertifikat",
     "Private key": "Private-Key",
-    "Private key - Tooltip": "Privater Schlüssel, der zum öffentlichen Schlüsselzertifikat gehört",
-    "Scope - Tooltip": "Nutzungsszenarien des Zertifikats",
-    "Type - Tooltip": "Art des Zertifikats"
+    "Private key - Tooltip": "Privater Schlüssel, der zum öffentlichen Schlüsselzertifikat gehört"
   },
   "code": {
     "Code you received": "Der Code, den Sie erhalten haben",
@@ -275,6 +275,7 @@
     "Applications that require authentication": "Anwendungen, die eine Authentifizierung erfordern",
     "Apps": "Anwendungen",
     "Authorization": "Autorisierung",
+    "Auto": "Auto",
     "Avatar": "Profilbild",
     "Avatar - Tooltip": "Öffentliches Avatarbild für den Benutzer",
     "Back": "Zurück",
@@ -283,6 +284,8 @@
     "Cancel": "Abbrechen",
     "Captcha": "Captcha",
     "Cart": "Warenkorb",
+    "Category": "Category",
+    "Category - Tooltip": "Category - Tooltip",
     "Cert": "Zertifikat",
     "Cert - Tooltip": "Das Public-Key-Zertifikat, das vom Client-SDK, das mit dieser Anwendung korrespondiert, verifiziert werden muss",
     "Certs": "Zertifikate",
@@ -476,6 +479,8 @@
     "SSH type - Tooltip": "Der Authentifizierungstyp für SSH-Verbindungen",
     "Save": "Speichern",
     "Save & Exit": "Speichern und verlassen",
+    "Scopes": "Scopes",
+    "Scopes - Tooltip": "Scopes - Tooltip",
     "Search": "Suchen",
     "Send": "Senden",
     "Session ID": "Session-ID",
@@ -530,6 +535,7 @@
     "Transactions": "Transaktionen",
     "True": "Wahr",
     "Type": "Typ",
+    "Type - Tooltip": "Type - Tooltip",
     "URL": "URL",
     "URL - Tooltip": "URL-Link",
     "Unknown application name": "Unbekannter Anwendungsname",
@@ -867,6 +873,8 @@
   },
   "plan": {
     "Edit Plan": "Plan bearbeiten",
+    "Is exclusive": "Is exclusive",
+    "Is exclusive - Tooltip": "Is exclusive - Tooltip",
     "New Plan": "Neuer Plan",
     "Period": "Zeitraum",
     "Period - Tooltip": "Zeitraum",
@@ -897,6 +905,7 @@
     "Amount": "Betrag",
     "Buy": "Kaufen",
     "Buy Product": "Produkt kaufen",
+    "Cart contains invalid products, please delete them before placing an order": "Cart contains invalid products, please delete them before placing an order",
     "Custom amount available": "Benutzerdefinierter Betrag verfügbar",
     "Custom price should be greater than zero": "Benutzerdefinierter Preis muss größer als null sein",
     "Detail - Tooltip": "Detail des Produkts",
@@ -909,9 +918,11 @@
     "Image": "Bild",
     "Image - Tooltip": "Bild des Produkts",
     "Information": "Information",
+    "Invalid product": "Invalid product",
     "Is recharge": "Ist Aufladung",
     "Is recharge - Tooltip": "Ob das Produkt zum Aufladen des Guthabens dient",
     "New Product": "Neues Produkt",
+    "No recharge options available": "No recharge options available",
     "Order created successfully": "Bestellung erfolgreich erstellt",
     "PayPal": "PayPal",
     "Payment cancelled": "Zahlung storniert",
@@ -924,12 +935,12 @@
     "Please select at least one payment provider": "Bitte wählen Sie mindestens einen Zahlungsanbieter aus",
     "Processing payment...": "Zahlung wird verarbeitet...",
     "Product list cannot be empty": "Produktliste darf nicht leer sein",
+    "Product not found or invalid": "Product not found or invalid",
     "Quantity": "Menge",
     "Quantity - Tooltip": "Menge des Produkts",
     "Recharge options": "Aufladeoptionen",
     "Recharge options - Tooltip": "Aufladeoptionen - Tooltip",
-    "Return URL": "Rückkeht-URL",
-    "Return URL - Tooltip": "URL für die Rückkehr nach einem erfolgreichen Kauf",
+    "Recharge products need to go to the product detail page to set custom amount": "Recharge products need to go to the product detail page to set custom amount",
     "SKU": "SKU",
     "Select amount": "Betrag auswählen",
     "Sold": "Verkauft",
@@ -972,8 +983,6 @@
     "Can signin": "Kann sich einloggen",
     "Can signup": "Kann sich registrieren",
     "Can unlink": "Entlinken möglich",
-    "Category": "Kategorie",
-    "Category - Tooltip": "Kennung zur Kategorisierung und Gruppierung von Elementen oder Inhalten, erleichtert Filterung und Verwaltung",
     "Channel No.": "Kanal Nr.",
     "Channel No. - Tooltip": "Eindeutige Nummer zur Identifizierung eines Kommunikations- oder Datenübertragungskanals, verwendet zur Unterscheidung verschiedener Übertragungswege",
     "Chat ID": "Chat-ID",
@@ -990,8 +999,6 @@
     "Content - Tooltip": "Spezifische Informationen oder Daten in Nachrichten, Benachrichtigungen oder Dokumenten",
     "DB test": "DB-Test",
     "DB test - Tooltip": "DB-Test - Tooltip",
-    "Disable SSL": "SSL deaktivieren",
-    "Disable SSL - Tooltip": "Ob die Deaktivierung des SSL-Protokolls bei der Kommunikation mit dem STMP-Server erfolgen soll",
     "Domain": "Domäne",
     "Domain - Tooltip": "Benutzerdefinierte Domain für Objektspeicher",
     "Edit Provider": "Provider bearbeiten",
@@ -1074,9 +1081,12 @@
     "SP ACS URL": "SP-ACS-URL",
     "SP ACS URL - Tooltip": "SP ACS URL",
     "SP Entity ID": "SP-Entitäts-ID",
+    "SSL mode": "SSL mode",
+    "SSL mode - Tooltip": "SSL mode - Tooltip",
     "Scene": "Szene",
     "Scene - Tooltip": "Spezifisches Geschäftsszenario, in dem die Funktion oder Operation angewendet wird, verwendet zur Anpassung der logischen Verarbeitung für verschiedene Szenarien",
     "Scope": "Umfang",
+    "Scope - Tooltip": "Scope - Tooltip",
     "Secret access key": "Secret-Access-Key",
     "Secret access key - Tooltip": "Privater Schlüssel, der mit dem Zugriffsschlüssel gepaart ist, verwendet zum Signieren sensibler Operationen zur Verbesserung der Zugriffssicherheit",
     "Secret key": "Secret-Key",
@@ -1238,6 +1248,9 @@
   },
   "syncer": {
     "API Token / Password": "API Token / Password",
+    "AWS Access Key ID": "AWS Access Key ID",
+    "AWS Region": "AWS Region",
+    "AWS Secret Access Key": "AWS Secret Access Key",
     "Admin Email": "Admin-E-Mail",
     "Affiliation table": "Zuordnungstabelle",
     "Affiliation table - Tooltip": "Datenbanktabellenname der Arbeitseinheit",
@@ -1269,8 +1282,6 @@
     "SSH password": "SSH-Passwort",
     "SSH port": "SSH-Port",
     "SSH user": "SSH-Benutzer",
-    "SSL mode": "SSL-Modus",
-    "SSL mode - Tooltip": "SSL-Modus",
     "Service account key": "Service-Account-Schlüssel",
     "Sync interval": "Synchronisierungsintervall",
     "Sync interval - Tooltip": "Einheit in Sekunden",

web/src/locales/en/data.json

@@ -70,6 +70,7 @@
     "Enable signin session - Tooltip": "Whether Casdoor maintains a session after logging into Casdoor from the application",
     "Enable signup": "Enable signup",
     "Enable signup - Tooltip": "Whether to allow users to register a new account",
+    "Existing Field": "Existing Field",
     "Failed signin frozen time": "Failed signin frozen time",
     "Failed signin frozen time - Tooltip": "Waiting time after exceeding the number of failed login attempts. Users can only log in again after the waiting time expires. Default value is 15 minutes. The set value must be a positive integer",
     "Failed signin limit": "Failed signin limit",
@@ -151,6 +152,7 @@
     "Signup items - Tooltip": "Items for users to fill in when registering new accounts",
     "Single Choice": "Single Choice",
     "Small icon": "Small icon",
+    "Static Value": "Static Value",
     "String": "String",
     "Tags - Tooltip": "Only users with the tag that is listed in the application tags can login",
     "The application does not allow to sign up new account": "The application does not allow to sign up new account",
@@ -184,9 +186,7 @@
     "Expire in years - Tooltip": "Validity period of the certificate, in years",
     "New Cert": "New Cert",
     "Private key": "Private key",
-    "Private key - Tooltip": "Private key corresponding to the public key certificate",
-    "Scope - Tooltip": "Usage scenarios of the certificate",
-    "Type - Tooltip": "Type of certificate"
+    "Private key - Tooltip": "Private key corresponding to the public key certificate"
   },
   "code": {
     "Code you received": "Code you received",
@@ -275,6 +275,7 @@
     "Applications that require authentication": "Applications that require authentication",
     "Apps": "Apps",
     "Authorization": "Authorization",
+    "Auto": "Auto",
     "Avatar": "Avatar",
     "Avatar - Tooltip": "Public avatar image for the user",
     "Back": "Back",
@@ -283,6 +284,8 @@
     "Cancel": "Cancel",
     "Captcha": "Captcha",
     "Cart": "Cart",
+    "Category": "Category",
+    "Category - Tooltip": "Category - Tooltip",
     "Cert": "Cert",
     "Cert - Tooltip": "The public key certificate that needs to be verified by the client SDK corresponding to this application",
     "Certs": "Certs",
@@ -476,6 +479,8 @@
     "SSH type - Tooltip": "The auth type of SSH connection",
     "Save": "Save",
     "Save & Exit": "Save & Exit",
+    "Scopes": "Scopes",
+    "Scopes - Tooltip": "Scopes - Tooltip",
     "Search": "Search",
     "Send": "Send",
     "Session ID": "Session ID",
@@ -530,6 +535,7 @@
     "Transactions": "Transactions",
     "True": "True",
     "Type": "Type",
+    "Type - Tooltip": "Type - Tooltip",
     "URL": "URL",
     "URL - Tooltip": "URL link",
     "Unknown application name": "Unknown application name",
@@ -867,6 +873,8 @@
   },
   "plan": {
     "Edit Plan": "Edit Plan",
+    "Is exclusive": "Is exclusive",
+    "Is exclusive - Tooltip": "Is exclusive - Tooltip",
     "New Plan": "New Plan",
     "Period": "Period",
     "Period - Tooltip": "Period for the plan",
@@ -897,6 +905,7 @@
     "Amount": "Amount",
     "Buy": "Buy",
     "Buy Product": "Buy Product",
+    "Cart contains invalid products, please delete them before placing an order": "Cart contains invalid products, please delete them before placing an order",
     "Custom amount available": "Custom amount available",
     "Custom price should be greater than zero": "Custom price should be greater than zero",
     "Detail - Tooltip": "Detail of product",
@@ -909,9 +918,11 @@
     "Image": "Image",
     "Image - Tooltip": "Image of product",
     "Information": "Information",
+    "Invalid product": "Invalid product",
     "Is recharge": "Is recharge",
     "Is recharge - Tooltip": "Whether the current product is to recharge balance",
     "New Product": "New Product",
+    "No recharge options available": "No recharge options available",
     "Order created successfully": "Order created successfully",
     "PayPal": "PayPal",
     "Payment cancelled": "Payment cancelled",
@@ -924,12 +935,12 @@
     "Please select at least one payment provider": "Please select at least one payment provider",
     "Processing payment...": "Processing payment...",
     "Product list cannot be empty": "Product list cannot be empty",
+    "Product not found or invalid": "Product not found or invalid",
     "Quantity": "Quantity",
     "Quantity - Tooltip": "Quantity of product",
     "Recharge options": "Recharge options",
     "Recharge options - Tooltip": "Preset recharge amounts",
-    "Return URL": "Return URL",
-    "Return URL - Tooltip": "URL to return to after successful purchase",
+    "Recharge products need to go to the product detail page to set custom amount": "Recharge products need to go to the product detail page to set custom amount",
     "SKU": "SKU",
     "Select amount": "Select amount",
     "Sold": "Sold",
@@ -972,8 +983,6 @@
     "Can signin": "Can signin",
     "Can signup": "Can signup",
     "Can unlink": "Can unlink",
-    "Category": "Category",
-    "Category - Tooltip": "Identifier for categorizing and grouping items or content, facilitating filtering and management",
     "Channel No.": "Channel No.",
     "Channel No. - Tooltip": "Unique number identifying a communication or data transmission channel, used to distinguish different transmission paths",
     "Chat ID": "Chat ID",
@@ -990,8 +999,6 @@
     "Content - Tooltip": "Specific information or data contained in messages, notifications, or documents",
     "DB test": "DB test",
     "DB test - Tooltip": "DB test - Tooltip",
-    "Disable SSL": "Disable SSL",
-    "Disable SSL - Tooltip": "Whether to disable SSL protocol when communicating with STMP server",
     "Domain": "Domain",
     "Domain - Tooltip": "Custom domain for object storage",
     "Edit Provider": "Edit Provider",
@@ -1074,9 +1081,12 @@
     "SP ACS URL": "SP ACS URL",
     "SP ACS URL - Tooltip": "SP ACS URL",
     "SP Entity ID": "SP Entity ID",
+    "SSL mode": "SSL mode",
+    "SSL mode - Tooltip": "SSL mode - Tooltip",
     "Scene": "Scene",
     "Scene - Tooltip": "Specific business scenario where the function or operation applies, used to adapt logic processing for different scenarios",
     "Scope": "Scope",
+    "Scope - Tooltip": "Scope - Tooltip",
     "Secret access key": "Secret access key",
     "Secret access key - Tooltip": "Private key paired with the access key, used for signing sensitive operations to enhance access security",
     "Secret key": "Secret key",
@@ -1238,6 +1248,9 @@
   },
   "syncer": {
     "API Token / Password": "API Token / Password",
+    "AWS Access Key ID": "AWS Access Key ID",
+    "AWS Region": "AWS Region",
+    "AWS Secret Access Key": "AWS Secret Access Key",
     "Admin Email": "Admin Email",
     "Affiliation table": "Affiliation table",
     "Affiliation table - Tooltip": "Database table name of the work unit",
@@ -1269,8 +1282,6 @@
     "SSH password": "SSH password",
     "SSH port": "SSH port",
     "SSH user": "SSH user",
-    "SSL mode": "SSL mode",
-    "SSL mode - Tooltip": "The SSL mode used when connecting to the database",
     "Service account key": "Service account key",
     "Sync interval": "Sync interval",
     "Sync interval - Tooltip": "Unit in seconds",

web/src/locales/es/data.json

@@ -70,6 +70,7 @@
     "Enable signin session - Tooltip": "Si Casdoor mantiene una sesión después de iniciar sesión en Casdoor desde la aplicación",
     "Enable signup": "Habilitar registro",
     "Enable signup - Tooltip": "Ya sea permitir que los usuarios registren una nueva cuenta",
+    "Existing Field": "Existing Field",
     "Failed signin frozen time": "Tiempo de congelación tras inicio fallido",
     "Failed signin frozen time - Tooltip": "Tiempo durante el cual la cuenta está congelada después de intentos fallidos de inicio de sesión",
     "Failed signin limit": "Límite de intentos fallidos de inicio",
@@ -134,7 +135,6 @@
     "SAML metadata": "Metadatos de SAML",
     "SAML metadata - Tooltip": "Los metadatos del protocolo SAML - Sugerencia",
     "SAML reply URL": "URL de respuesta SAML",
-    "SAML reply URL - Tooltip": "Personalizar el código HTML del panel lateral de la página de inicio de sesión - Sugerencia",
     "Security": "Seguridad",
     "Select": "Seleccionar",
     "Side panel HTML": "Panel lateral HTML",
@@ -152,6 +152,7 @@
     "Signup items - Tooltip": "Elementos para que los usuarios completen al registrar nuevas cuentas - Sugerencia",
     "Single Choice": "Opción única",
     "Small icon": "Icono pequeño",
+    "Static Value": "Static Value",
     "String": "Cadena",
     "Tags - Tooltip": "Solo los usuarios con la etiqueta que esté listada en las etiquetas de la aplicación pueden iniciar sesión - Sugerencia",
     "The application does not allow to sign up new account": "La aplicación no permite registrarse una cuenta nueva",
@@ -185,9 +186,7 @@
     "Expire in years - Tooltip": "Período de validez del certificado, en años",
     "New Cert": "Nuevo certificado",
     "Private key": "Clave privada",
-    "Private key - Tooltip": "Clave privada correspondiente al certificado de clave pública",
-    "Scope - Tooltip": "Escenarios de uso del certificado",
-    "Type - Tooltip": "Tipo de certificado"
+    "Private key - Tooltip": "Clave privada correspondiente al certificado de clave pública"
   },
   "code": {
     "Code you received": "Código que recibió",
@@ -276,6 +275,7 @@
     "Applications that require authentication": "Aplicaciones que requieren autenticación",
     "Apps": "Aplicaciones",
     "Authorization": "Autorización",
+    "Auto": "Auto",
     "Avatar": "Avatar",
     "Avatar - Tooltip": "Imagen de avatar pública para el usuario",
     "Back": "Atrás",
@@ -284,6 +284,8 @@
     "Cancel": "Cancelar",
     "Captcha": "Captcha",
     "Cart": "Carrito",
+    "Category": "Category",
+    "Category - Tooltip": "Category - Tooltip",
     "Cert": "Certificado",
     "Cert - Tooltip": "El certificado de clave pública que necesita ser verificado por el SDK del cliente correspondiente a esta aplicación",
     "Certs": "Certificaciones",
@@ -477,6 +479,8 @@
     "SSH type - Tooltip": "El tipo de autenticación de conexión SSH",
     "Save": "Guardar",
     "Save & Exit": "Guardar y salir",
+    "Scopes": "Scopes",
+    "Scopes - Tooltip": "Scopes - Tooltip",
     "Search": "Buscar",
     "Send": "Enviar",
     "Session ID": "ID de sesión",
@@ -531,6 +535,7 @@
     "Transactions": "Transacciones",
     "True": "Verdadero",
     "Type": "Tipo",
+    "Type - Tooltip": "Type - Tooltip",
     "URL": "URL",
     "URL - Tooltip": "Enlace de URL",
     "Unknown application name": "Nombre de aplicación desconocido",
@@ -868,6 +873,8 @@
   },
   "plan": {
     "Edit Plan": "Editar plan",
+    "Is exclusive": "Is exclusive",
+    "Is exclusive - Tooltip": "Is exclusive - Tooltip",
     "New Plan": "Nuevo plan",
     "Period": "Período",
     "Period - Tooltip": "Período",
@@ -898,6 +905,7 @@
     "Amount": "Importe",
     "Buy": "Comprar",
     "Buy Product": "Comprar producto",
+    "Cart contains invalid products, please delete them before placing an order": "Cart contains invalid products, please delete them before placing an order",
     "Custom amount available": "Importe personalizado disponible",
     "Custom price should be greater than zero": "El precio personalizado debe ser mayor que cero",
     "Detail - Tooltip": "Detalle del producto",
@@ -910,9 +918,11 @@
     "Image": "Imagen",
     "Image - Tooltip": "Imagen del producto",
     "Information": "Información",
+    "Invalid product": "Invalid product",
     "Is recharge": "Es recarga",
     "Is recharge - Tooltip": "Indica si el producto actual es para recargar saldo",
     "New Product": "Nuevo producto",
+    "No recharge options available": "No recharge options available",
     "Order created successfully": "Pedido creado con éxito",
     "PayPal": "PayPal",
     "Payment cancelled": "Pago cancelado",
@@ -925,12 +935,12 @@
     "Please select at least one payment provider": "Por favor, selecciona al menos un proveedor de pago",
     "Processing payment...": "Procesando el pago...",
     "Product list cannot be empty": "La lista de productos no puede estar vacía",
+    "Product not found or invalid": "Product not found or invalid",
     "Quantity": "Cantidad",
     "Quantity - Tooltip": "Cantidad de producto",
     "Recharge options": "Opciones de recarga",
     "Recharge options - Tooltip": "Opciones de recarga - Tooltip",
-    "Return URL": "URL de retorno",
-    "Return URL - Tooltip": "URL para regresar después de una compra exitosa",
+    "Recharge products need to go to the product detail page to set custom amount": "Recharge products need to go to the product detail page to set custom amount",
     "SKU": "SKU",
     "Select amount": "Seleccionar importe",
     "Sold": "Vendido",
@@ -973,8 +983,6 @@
     "Can signin": "¿Puedes iniciar sesión?",
     "Can signup": "Puede registrarse",
     "Can unlink": "Desvincular",
-    "Category": "Categoría",
-    "Category - Tooltip": "Identificador para categorizar y agrupar elementos o contenido, facilitando el filtrado y la gestión",
     "Channel No.": "Canal No.",
     "Channel No. - Tooltip": "Número único que identifica un canal de comunicación o transmisión de datos, utilizado para distinguir diferentes rutas de transmisión",
     "Chat ID": "ID de chat",
@@ -991,8 +999,6 @@
     "Content - Tooltip": "Contenido - Información adicional",
     "DB test": "Prueba de BD",
     "DB test - Tooltip": "Prueba de BD - Tooltip",
-    "Disable SSL": "Desactivar SSL",
-    "Disable SSL - Tooltip": "¿Hay que desactivar el protocolo SSL al comunicarse con el servidor STMP?",
     "Domain": "Dominio",
     "Domain - Tooltip": "Dominio personalizado para almacenamiento de objetos",
     "Edit Provider": "Editar proveedor",
@@ -1075,9 +1081,12 @@
     "SP ACS URL": "URL de ACS de SP",
     "SP ACS URL - Tooltip": "URL del ACS de SP",
     "SP Entity ID": "ID de entidad SP",
+    "SSL mode": "SSL mode",
+    "SSL mode - Tooltip": "SSL mode - Tooltip",
     "Scene": "Escena",
     "Scene - Tooltip": "Escena",
     "Scope": "Alcance",
+    "Scope - Tooltip": "Scope - Tooltip",
     "Secret access key": "Clave de acceso secreta",
     "Secret access key - Tooltip": "Clave de acceso secreta",
     "Secret key": "Clave secreta",
@@ -1239,6 +1248,9 @@
   },
   "syncer": {
     "API Token / Password": "Token API / Contraseña",
+    "AWS Access Key ID": "AWS Access Key ID",
+    "AWS Region": "AWS Region",
+    "AWS Secret Access Key": "AWS Secret Access Key",
     "Admin Email": "Correo del administrador",
     "Affiliation table": "Tabla de afiliación",
     "Affiliation table - Tooltip": "Nombre de la tabla de base de datos de la unidad de trabajo",
@@ -1270,8 +1282,6 @@
     "SSH password": "Contraseña SSH",
     "SSH port": "Puerto SSH",
     "SSH user": "Usuario SSH",
-    "SSL mode": "Modo SSL",
-    "SSL mode - Tooltip": "Modo SSL",
     "Service account key": "Clave de la cuenta de servicio",
     "Sync interval": "Intervalo de sincronización",
     "Sync interval - Tooltip": "Unidad en segundos",

web/src/locales/fr/data.json

@@ -70,6 +70,7 @@
     "Enable signin session - Tooltip": "Conserver une session après la connexion à Casdoor à partir de l'application",
     "Enable signup": "Activer l'inscription",
     "Enable signup - Tooltip": "Autoriser la création de nouveaux comptes",
+    "Existing Field": "Existing Field",
     "Failed signin frozen time": "Temps de blocage après échec de connexion",
     "Failed signin frozen time - Tooltip": "Durée pendant laquelle le compte est gelé après des tentatives de connexion échouées",
     "Failed signin limit": "Limite d'échecs de connexion",
@@ -151,6 +152,7 @@
     "Signup items - Tooltip": "Éléments à remplir par les utilisateurs lors de la création de nouveaux comptes - Info-bulle",
     "Single Choice": "Choix unique",
     "Small icon": "Petite icône",
+    "Static Value": "Static Value",
     "String": "String",
     "Tags - Tooltip": "Seuls les utilisateurs avec le tag listé dans les tags de l'application peuvent se connecter - Info-bulle",
     "The application does not allow to sign up new account": "L'application ne permet pas de créer un nouveau compte",
@@ -184,9 +186,7 @@
     "Expire in years - Tooltip": "Période de validité du certificat, en années",
     "New Cert": "Nouveau Certificat",
     "Private key": "Clé privée",
-    "Private key - Tooltip": "Clé privée correspondant au certificat de la clé publique",
-    "Scope - Tooltip": "Scénarios d'utilisation du certificat",
-    "Type - Tooltip": "Type de certificat"
+    "Private key - Tooltip": "Clé privée correspondant au certificat de la clé publique"
   },
   "code": {
     "Code you received": "Le code que vous avez reçu",
@@ -275,6 +275,7 @@
     "Applications that require authentication": "Applications qui nécessitent une authentification",
     "Apps": "Applications",
     "Authorization": "Autorisation",
+    "Auto": "Auto",
     "Avatar": "Avatar",
     "Avatar - Tooltip": "Image d'avatar publique pour le compte",
     "Back": "Retour",
@@ -283,6 +284,8 @@
     "Cancel": "Annuler",
     "Captcha": "Captcha",
     "Cart": "Panier",
+    "Category": "Category",
+    "Category - Tooltip": "Category - Tooltip",
     "Cert": "Certificat",
     "Cert - Tooltip": "La clé publique du certificat qui doit être vérifiée par le kit de développement client correspondant à cette application",
     "Certs": "Certificats",
@@ -476,6 +479,8 @@
     "SSH type - Tooltip": "Type d'authentification de connexion SSH",
     "Save": "Enregistrer",
     "Save & Exit": "Enregistrer et quitter",
+    "Scopes": "Scopes",
+    "Scopes - Tooltip": "Scopes - Tooltip",
     "Search": "Rechercher",
     "Send": "Envoyer",
     "Session ID": "Identifiant de session",
@@ -530,6 +535,7 @@
     "Transactions": "Transactions",
     "True": "Vrai",
     "Type": "Type",
+    "Type - Tooltip": "Type - Tooltip",
     "URL": "URL",
     "URL - Tooltip": "Lien de l'URL",
     "Unknown application name": "Nom d'application inconnu",
@@ -867,6 +873,8 @@
   },
   "plan": {
     "Edit Plan": "Modifier le plan",
+    "Is exclusive": "Is exclusive",
+    "Is exclusive - Tooltip": "Is exclusive - Tooltip",
     "New Plan": "Nouveau plan",
     "Period": "Période",
     "Period - Tooltip": "Période",
@@ -897,6 +905,7 @@
     "Amount": "Montant",
     "Buy": "Acheter",
     "Buy Product": "Acheter un produit",
+    "Cart contains invalid products, please delete them before placing an order": "Cart contains invalid products, please delete them before placing an order",
     "Custom amount available": "Montant personnalisé disponible",
     "Custom price should be greater than zero": "Le prix personnalisé doit être supérieur à zéro",
     "Detail - Tooltip": "Détail du produit - Infobulle",
@@ -909,9 +918,11 @@
     "Image": "Image",
     "Image - Tooltip": "Image du produit",
     "Information": "Informations",
+    "Invalid product": "Invalid product",
     "Is recharge": "Est un rechargement",
     "Is recharge - Tooltip": "Indique si le produit actuel permet de recharger le solde",
     "New Product": "Nouveau produit",
+    "No recharge options available": "No recharge options available",
     "Order created successfully": "Commande créée avec succès",
     "PayPal": "PayPal",
     "Payment cancelled": "Paiement annulé",
@@ -924,12 +935,12 @@
     "Please select at least one payment provider": "Veuillez sélectionner au moins un fournisseur de paiement",
     "Processing payment...": "Traitement du paiement...",
     "Product list cannot be empty": "La liste des produits ne peut pas être vide",
+    "Product not found or invalid": "Product not found or invalid",
     "Quantity": "Quantité",
     "Quantity - Tooltip": "Quantité du produit",
     "Recharge options": "Options de recharge",
     "Recharge options - Tooltip": "Recharge options - Tooltip",
-    "Return URL": "URL de retour",
-    "Return URL - Tooltip": "URL de retour après l'achat réussi",
+    "Recharge products need to go to the product detail page to set custom amount": "Recharge products need to go to the product detail page to set custom amount",
     "SKU": "SKU",
     "Select amount": "Sélectionner un montant",
     "Sold": "Vendu",
@@ -972,8 +983,6 @@
     "Can signin": "Pouvez-vous vous connecter?",
     "Can signup": "Peut s'inscrire",
     "Can unlink": "Peut annuler le lien",
-    "Category": "Catégorie",
-    "Category - Tooltip": "Sélectionnez une catégorie",
     "Channel No.": "chaîne n°",
     "Channel No. - Tooltip": "Canal N°",
     "Chat ID": "ID de chat",
@@ -990,8 +999,6 @@
     "Content - Tooltip": "Contenu - Infobulle",
     "DB test": "Test BD",
     "DB test - Tooltip": "Test BD - Infobulle",
-    "Disable SSL": "Désactiver SSL",
-    "Disable SSL - Tooltip": "Désactiver le protocole SSL lors de la communication avec le serveur STMP",
     "Domain": "Domaine",
     "Domain - Tooltip": "Domaine personnalisé pour le stockage d'objets",
     "Edit Provider": "Modifier le fournisseur",
@@ -1074,9 +1081,12 @@
     "SP ACS URL": "URL du SP ACS",
     "SP ACS URL - Tooltip": "URL de l'ACS du fournisseur de service",
     "SP Entity ID": "Identifiant d'entité SP",
+    "SSL mode": "SSL mode",
+    "SSL mode - Tooltip": "SSL mode - Tooltip",
     "Scene": "Scène",
     "Scene - Tooltip": "Scène",
     "Scope": "Portée",
+    "Scope - Tooltip": "Scope - Tooltip",
     "Secret access key": "Clé d'accès secrète",
     "Secret access key - Tooltip": "Clé d'accès secrète",
     "Secret key": "Clé secrète",
@@ -1238,6 +1248,9 @@
   },
   "syncer": {
     "API Token / Password": "Jeton API / Mot de passe",
+    "AWS Access Key ID": "AWS Access Key ID",
+    "AWS Region": "AWS Region",
+    "AWS Secret Access Key": "AWS Secret Access Key",
     "Admin Email": "E-mail admin",
     "Affiliation table": "Table d'affiliation",
     "Affiliation table - Tooltip": "Nom de la table de la base de données de l'unité de travail",
@@ -1269,8 +1282,6 @@
     "SSH password": "Mot de passe SSH",
     "SSH port": "Port SSH",
     "SSH user": "Utilisateur SSH",
-    "SSL mode": "Mode SSL",
-    "SSL mode - Tooltip": "Mode SSL",
     "Service account key": "Clé du compte de service",
     "Sync interval": "Intervalle de synchronisation",
     "Sync interval - Tooltip": "Unité en secondes",

web/src/locales/ja/data.json

@@ -70,6 +70,7 @@
     "Enable signin session - Tooltip": "アプリケーションから Casdoor にログイン後、Casdoor がセッションを維持しているかどうか",
     "Enable signup": "サインアップを有効にする",
     "Enable signup - Tooltip": "新しいアカウントの登録をユーザーに許可するかどうか",
+    "Existing Field": "Existing Field",
     "Failed signin frozen time": "サインイン失敗時の凍結時間",
     "Failed signin frozen time - Tooltip": "サインイン失敗後にアカウントが凍結される時間",
     "Failed signin limit": "サインイン失敗回数制限",
@@ -117,7 +118,6 @@
     "Please input your organization!": "あなたの組織を入力してください！",
     "Please select a HTML file": "HTMLファイルを選択してください",
     "Pop up": "ポップアップ",
-    "Pop up - Tooltip": "ポップアップ - ヒント",
     "Providers": "プロバイダー",
     "Random": "ランダム",
     "Real name": "本名",
@@ -135,7 +135,6 @@
     "SAML metadata": "SAMLメタデータ",
     "SAML metadata - Tooltip": "SAMLプロトコルのメタデータ - ヒント",
     "SAML reply URL": "SAMLリプライURL",
-    "SAML reply URL - Tooltip": "SAMLリプライURL - ヒント",
     "Security": "セキュリティ",
     "Select": "選択",
     "Side panel HTML": "サイドパネルのHTML",
@@ -153,6 +152,7 @@
     "Signup items - Tooltip": "新しいアカウントを登録する際にユーザーが入力するアイテム",
     "Single Choice": "単一選択",
     "Small icon": "小さいアイコン",
+    "Static Value": "Static Value",
     "String": "文字列",
     "Tags - Tooltip": "アプリケーションタグに含まれるタグを持つユーザーのみログイン可能です",
     "The application does not allow to sign up new account": "アプリケーションでは新しいアカウントの登録ができません",
@@ -186,9 +186,7 @@
     "Expire in years - Tooltip": "証明書の有効期間、年数で",
     "New Cert": "新しい証明書",
     "Private key": "プライベートキー",
-    "Private key - Tooltip": "公開鍵証明書に対応する秘密鍵",
-    "Scope - Tooltip": "証明書の使用シナリオ",
-    "Type - Tooltip": "証明書の種類"
+    "Private key - Tooltip": "公開鍵証明書に対応する秘密鍵"
   },
   "code": {
     "Code you received": "受け取ったコード",
@@ -277,6 +275,7 @@
     "Applications that require authentication": "認証が必要なアプリケーション",
     "Apps": "アプリ",
     "Authorization": "認可",
+    "Auto": "Auto",
     "Avatar": "アバター",
     "Avatar - Tooltip": "ユーザーのパブリックアバター画像",
     "Back": "戻る",
@@ -285,6 +284,8 @@
     "Cancel": "キャンセルします",
     "Captcha": "キャプチャ",
     "Cart": "カート",
+    "Category": "Category",
+    "Category - Tooltip": "Category - Tooltip",
     "Cert": "証明書",
     "Cert - Tooltip": "このアプリケーションに対応するクライアントSDKによって検証する必要がある公開鍵証明書",
     "Certs": "証明書",
@@ -478,6 +479,8 @@
     "SSH type - Tooltip": "SSH接続の認証タイプ",
     "Save": "保存",
     "Save & Exit": "保存して終了",
+    "Scopes": "Scopes",
+    "Scopes - Tooltip": "Scopes - Tooltip",
     "Search": "検索",
     "Send": "送信",
     "Session ID": "セッションID",
@@ -532,6 +535,7 @@
     "Transactions": "取引",
     "True": "真",
     "Type": "タイプ",
+    "Type - Tooltip": "Type - Tooltip",
     "URL": "URL",
     "URL - Tooltip": "URLリンク",
     "Unknown application name": "不明なアプリケーション名",
@@ -869,6 +873,8 @@
   },
   "plan": {
     "Edit Plan": "プランを編集",
+    "Is exclusive": "Is exclusive",
+    "Is exclusive - Tooltip": "Is exclusive - Tooltip",
     "New Plan": "新しいプラン",
     "Period": "期間",
     "Period - Tooltip": "期間",
@@ -899,6 +905,7 @@
     "Amount": "金額",
     "Buy": "購入",
     "Buy Product": "製品を購入する",
+    "Cart contains invalid products, please delete them before placing an order": "Cart contains invalid products, please delete them before placing an order",
     "Custom amount available": "任意金額を利用可能",
     "Custom price should be greater than zero": "カスタム価格は0より大きくする必要があります",
     "Detail - Tooltip": "製品の詳細",
@@ -911,9 +918,11 @@
     "Image": "画像",
     "Image - Tooltip": "製品のイメージ",
     "Information": "情報",
+    "Invalid product": "Invalid product",
     "Is recharge": "チャージ用か",
     "Is recharge - Tooltip": "現在の製品が残高をチャージするためかどうか",
     "New Product": "新製品",
+    "No recharge options available": "No recharge options available",
     "Order created successfully": "注文が正常に作成されました",
     "PayPal": "ペイパル",
     "Payment cancelled": "支払いキャンセル",
@@ -926,12 +935,12 @@
     "Please select at least one payment provider": "少なくとも1つの支払いプロバイダーを選択してください",
     "Processing payment...": "支払い処理中...",
     "Product list cannot be empty": "商品リストを空にできません",
+    "Product not found or invalid": "Product not found or invalid",
     "Quantity": "量",
     "Quantity - Tooltip": "製品の量",
     "Recharge options": "チャージオプション",
     "Recharge options - Tooltip": "チャージオプション - ツールチップ",
-    "Return URL": "戻りURL",
-    "Return URL - Tooltip": "成功した購入後に戻るURL",
+    "Recharge products need to go to the product detail page to set custom amount": "Recharge products need to go to the product detail page to set custom amount",
     "SKU": "SKU",
     "Select amount": "金額を選択",
     "Sold": "売れました",
@@ -974,8 +983,6 @@
     "Can signin": "サインインできますか？",
     "Can signup": "サインアップできますか？",
     "Can unlink": "アンリンクすることができます",
-    "Category": "カテゴリー",
-    "Category - Tooltip": "カテゴリーを選択してください",
     "Channel No.": "チャンネル番号",
     "Channel No. - Tooltip": "チャンネル番号",
     "Chat ID": "チャットID",
@@ -992,8 +999,6 @@
     "Content - Tooltip": "コンテンツ - ツールチップ",
     "DB test": "DBテスト",
     "DB test - Tooltip": "DBテスト - ツールチップ",
-    "Disable SSL": "SSLを無効にする",
-    "Disable SSL - Tooltip": "SMTPサーバーと通信する場合にSSLプロトコルを無効にするかどうか",
     "Domain": "ドメイン",
     "Domain - Tooltip": "オブジェクトストレージのカスタムドメイン",
     "Edit Provider": "編集プロバイダー",
@@ -1076,9 +1081,12 @@
     "SP ACS URL": "SP ACS URL",
     "SP ACS URL - Tooltip": "SP ACS URL - ツールチップ",
     "SP Entity ID": "SPエンティティID",
+    "SSL mode": "SSL mode",
+    "SSL mode - Tooltip": "SSL mode - Tooltip",
     "Scene": "シーン",
     "Scene - Tooltip": "シーン",
     "Scope": "範囲",
+    "Scope - Tooltip": "Scope - Tooltip",
     "Secret access key": "秘密のアクセスキー",
     "Secret access key - Tooltip": "秘密のアクセスキー",
     "Secret key": "秘密鍵",
@@ -1240,6 +1248,9 @@
   },
   "syncer": {
     "API Token / Password": "APIトークン / パスワード",
+    "AWS Access Key ID": "AWS Access Key ID",
+    "AWS Region": "AWS Region",
+    "AWS Secret Access Key": "AWS Secret Access Key",
     "Admin Email": "管理者メール",
     "Affiliation table": "所属テーブル",
     "Affiliation table - Tooltip": "作業単位のデータベーステーブル名",
@@ -1271,8 +1282,6 @@
     "SSH password": "SSHパスワード",
     "SSH port": "SSHポート",
     "SSH user": "SSHユーザー",
-    "SSL mode": "SSLモード",
-    "SSL mode - Tooltip": "SSLモード",
     "Service account key": "サービスアカウントキー",
     "Sync interval": "同期の間隔",
     "Sync interval - Tooltip": "単位は秒です",

web/src/locales/pl/data.json

@@ -70,6 +70,7 @@
     "Enable signin session - Tooltip": "Czy Casdoor utrzymuje sesję po zalogowaniu do Casdoor z poziomu aplikacji",
     "Enable signup": "Włącz rejestrację",
     "Enable signup - Tooltip": "Czy zezwolić użytkownikom na rejestrację nowych kont",
+    "Existing Field": "Existing Field",
     "Failed signin frozen time": "Czas blokady po nieudanym logowaniu",
     "Failed signin frozen time - Tooltip": "Czas w którym konto jest zablokowane po nieudanych próbach logowania - Podpowiedź",
     "Failed signin limit": "Limit nieudanych logowań",
@@ -151,6 +152,7 @@
     "Signup items - Tooltip": "Elementy, które użytkownicy muszą wypełnić podczas rejestracji nowych kont",
     "Single Choice": "Jednokrotny wybór",
     "Small icon": "Mała ikona",
+    "Static Value": "Static Value",
     "String": "Ciąg",
     "Tags - Tooltip": "Tylko użytkownicy z tagiem wymienionym w tagach aplikacji mogą się zalogować",
     "The application does not allow to sign up new account": "Aplikacja nie zezwala na rejestrację nowego konta",
@@ -184,9 +186,7 @@
     "Expire in years - Tooltip": "Okres ważności certyfikatu, w latach",
     "New Cert": "Nowy certyfikat",
     "Private key": "Klucz prywatny",
-    "Private key - Tooltip": "Klucz prywatny odpowiadający certyfikatowi klucza publicznego",
-    "Scope - Tooltip": "Scenariusze użycia certyfikatu",
-    "Type - Tooltip": "Typ certyfikatu"
+    "Private key - Tooltip": "Klucz prywatny odpowiadający certyfikatowi klucza publicznego"
   },
   "code": {
     "Code you received": "Kod, który otrzymałeś",
@@ -275,6 +275,7 @@
     "Applications that require authentication": "Aplikacje wymagające uwierzytelniania",
     "Apps": "Aplikacje",
     "Authorization": "Autoryzacja",
+    "Auto": "Auto",
     "Avatar": "Awatar",
     "Avatar - Tooltip": "Publiczny obraz awatara użytkownika",
     "Back": "Wstecz",
@@ -283,6 +284,8 @@
     "Cancel": "Anuluj",
     "Captcha": "Captcha",
     "Cart": "Koszyk",
+    "Category": "Category",
+    "Category - Tooltip": "Category - Tooltip",
     "Cert": "Certyfikat",
     "Cert - Tooltip": "Certyfikat klucza publicznego, który musi być zweryfikowany przez odpowiednią aplikację SDK po stronie klienta",
     "Certs": "Certyfikaty",
@@ -476,6 +479,8 @@
     "SSH type - Tooltip": "Typ uwierzytelniania połączenia SSH",
     "Save": "Zapisz",
     "Save & Exit": "Zapisz i wyjdź",
+    "Scopes": "Scopes",
+    "Scopes - Tooltip": "Scopes - Tooltip",
     "Search": "Szukaj",
     "Send": "Wyślij",
     "Session ID": "ID sesji",
@@ -530,6 +535,7 @@
     "Transactions": "Transakcje",
     "True": "Prawda",
     "Type": "Typ",
+    "Type - Tooltip": "Type - Tooltip",
     "URL": "URL",
     "URL - Tooltip": "Link URL",
     "Unknown application name": "Nieznana nazwa aplikacji",
@@ -867,6 +873,8 @@
   },
   "plan": {
     "Edit Plan": "Edytuj plan",
+    "Is exclusive": "Is exclusive",
+    "Is exclusive - Tooltip": "Is exclusive - Tooltip",
     "New Plan": "Nowy plan",
     "Period": "Okres",
     "Period - Tooltip": "Okres",
@@ -897,6 +905,7 @@
     "Amount": "Kwota",
     "Buy": "Kup",
     "Buy Product": "Kup produkt",
+    "Cart contains invalid products, please delete them before placing an order": "Cart contains invalid products, please delete them before placing an order",
     "Custom amount available": "Dostępna kwota niestandardowa",
     "Custom price should be greater than zero": "Cena niestandardowa musi być większa od zera",
     "Detail - Tooltip": "Szczegóły produktu",
@@ -909,9 +918,11 @@
     "Image": "Obrazek",
     "Image - Tooltip": "Obrazek produktu",
     "Information": "Informacje",
+    "Invalid product": "Invalid product",
     "Is recharge": "Jest doładowaniem",
     "Is recharge - Tooltip": "Czy bieżący produkt służy do doładowania salda",
     "New Product": "Nowy produkt",
+    "No recharge options available": "No recharge options available",
     "Order created successfully": "Zamówienie utworzone pomyślnie",
     "PayPal": "PayPal",
     "Payment cancelled": "Płatność anulowana",
@@ -924,12 +935,12 @@
     "Please select at least one payment provider": "Wybierz co najmniej jednego dostawcę płatności",
     "Processing payment...": "Przetwarzanie płatności...",
     "Product list cannot be empty": "Lista produktów nie może być pusta",
+    "Product not found or invalid": "Product not found or invalid",
     "Quantity": "Ilość",
     "Quantity - Tooltip": "Ilość produktu",
     "Recharge options": "Opcje doładowania",
     "Recharge options - Tooltip": "Opcje doładowania - Podpowiedź",
-    "Return URL": "Adres powrotu",
-    "Return URL - Tooltip": "Adres do powrotu po udanym zakupie",
+    "Recharge products need to go to the product detail page to set custom amount": "Recharge products need to go to the product detail page to set custom amount",
     "SKU": "SKU",
     "Select amount": "Wybierz kwotę",
     "Sold": "Sprzedano",
@@ -972,8 +983,10 @@
     "Can signin": "Można się zalogować",
     "Can signup": "Można się zarejestrować",
     "Can unlink": "Można odłączyć",
-    "Category": "Kategoria",
-    "Category - Tooltip": "Wybierz kategorię",
+    "Channel No.": "Channel No.",
+    "Channel No. - Tooltip": "Channel No. - Tooltip",
+    "Chat ID": "Chat ID",
+    "Chat ID - Tooltip": "Chat ID - Tooltip",
     "Client ID": "ID klienta",
     "Client ID - Tooltip": "ID klienta",
     "Client ID 2": "ID klienta 2",
@@ -986,6 +999,37 @@
     "Content - Tooltip": "Treść",
     "DB test": "Test bazy danych",
     "DB test - Tooltip": "Test bazy danych",
+    "Domain": "Domain",
+    "Domain - Tooltip": "Domain - Tooltip",
+    "Edit Provider": "Edit Provider",
+    "Email content": "Email content",
+    "Email content - Tooltip": "Email content - Tooltip",
+    "Email regex": "Email regex",
+    "Email regex - Tooltip": "Email regex - Tooltip",
+    "Email title": "Email title",
+    "Email title - Tooltip": "Email title - Tooltip",
+    "Enable PKCE": "Enable PKCE",
+    "Enable PKCE - Tooltip": "Enable PKCE - Tooltip",
+    "Enable proxy": "Enable proxy",
+    "Enable proxy - Tooltip": "Enable proxy - Tooltip",
+    "Endpoint": "Endpoint",
+    "Endpoint (Intranet)": "Endpoint (Intranet)",
+    "Endpoint - Tooltip": "Endpoint - Tooltip",
+    "Follow-up action": "Follow-up action",
+    "Follow-up action - Tooltip": "Follow-up action - Tooltip",
+    "From address": "From address",
+    "From address - Tooltip": "From address - Tooltip",
+    "From name": "From name",
+    "From name - Tooltip": "From name - Tooltip",
+    "Get phone number": "Get phone number",
+    "Get phone number - Tooltip": "Get phone number - Tooltip",
+    "HTTP body mapping": "HTTP body mapping",
+    "HTTP body mapping - Tooltip": "HTTP body mapping - Tooltip",
+    "HTTP header": "HTTP header",
+    "HTTP header - Tooltip": "HTTP header - Tooltip",
+    "Host": "Host",
+    "Host - Tooltip": "Host - Tooltip",
+    "IdP": "IdP",
     "IdP certificate": "Certyfikat IdP",
     "Internal": "Wewnętrzny",
     "Issuer URL": "Adres URL wystawcy",
@@ -1037,9 +1081,12 @@
     "SP ACS URL": "Adres URL SP ACS",
     "SP ACS URL - Tooltip": "Adres URL SP ACS",
     "SP Entity ID": "ID jednostki SP",
+    "SSL mode": "SSL mode",
+    "SSL mode - Tooltip": "SSL mode - Tooltip",
     "Scene": "Scena",
     "Scene - Tooltip": "Scena",
     "Scope": "Zakres",
+    "Scope - Tooltip": "Scope - Tooltip",
     "Secret access key": "Tajny klucz dostępu",
     "Secret access key - Tooltip": "Tajny klucz dostępu",
     "Secret key": "Tajny klucz",
@@ -1201,6 +1248,9 @@
   },
   "syncer": {
     "API Token / Password": "API Token / Password",
+    "AWS Access Key ID": "AWS Access Key ID",
+    "AWS Region": "AWS Region",
+    "AWS Secret Access Key": "AWS Secret Access Key",
     "Admin Email": "Admin Email",
     "Affiliation table": "Tabela przynależności",
     "Affiliation table - Tooltip": "Nazwa tabeli bazy danych jednostki pracy",
@@ -1232,8 +1282,6 @@
     "SSH password": "Hasło SSH",
     "SSH port": "Port SSH",
     "SSH user": "Użytkownik SSH",
-    "SSL mode": "Tryb SSL",
-    "SSL mode - Tooltip": "Tryb SSL - etykietka",
     "Service account key": "Klucz konta usługi",
     "Sync interval": "Interwał synchronizacji",
     "Sync interval - Tooltip": "Jednostka w sekundach",

web/src/locales/pt/data.json

@@ -70,6 +70,7 @@
     "Enable signin session - Tooltip": "Se o Casdoor mantém uma sessão depois de fazer login no Casdoor a partir da aplicação",
     "Enable signup": "Ativar registro",
     "Enable signup - Tooltip": "Se permite que os usuários registrem uma nova conta",
+    "Existing Field": "Existing Field",
     "Failed signin frozen time": "Tempo de bloqueio após falha de login",
     "Failed signin frozen time - Tooltip": "Tempo em que a conta fica congelada após tentativas de login falhadas",
     "Failed signin limit": "Limite de tentativas de login falhadas",
@@ -151,6 +152,7 @@
     "Signup items - Tooltip": "Itens para os usuários preencherem ao fazer login - Dica",
     "Single Choice": "Escolha única",
     "Small icon": "Ícone pequeno",
+    "Static Value": "Static Value",
     "String": "String",
     "Tags - Tooltip": "Apenas usuários com a tag listada nas tags da aplicação podem fazer login - Dica",
     "The application does not allow to sign up new account": "A aplicação não permite o registro de novas contas",
@@ -184,9 +186,7 @@
     "Expire in years - Tooltip": "Período de validade do certificado, em anos",
     "New Cert": "Novo Certificado",
     "Private key": "Chave privada",
-    "Private key - Tooltip": "Chave privada correspondente ao certificado de chave pública",
-    "Scope - Tooltip": "Cenários de uso do certificado",
-    "Type - Tooltip": "Tipo de certificado"
+    "Private key - Tooltip": "Chave privada correspondente ao certificado de chave pública"
   },
   "code": {
     "Code you received": "Código que você recebeu",
@@ -275,6 +275,7 @@
     "Applications that require authentication": "Aplicações que requerem autenticação",
     "Apps": "Aplicativos",
     "Authorization": "Autorização",
+    "Auto": "Auto",
     "Avatar": "Avatar",
     "Avatar - Tooltip": "Imagem de avatar pública do usuário",
     "Back": "Voltar",
@@ -283,6 +284,8 @@
     "Cancel": "Cancelar",
     "Captcha": "Captcha",
     "Cart": "Carrinho",
+    "Category": "Category",
+    "Category - Tooltip": "Category - Tooltip",
     "Cert": "Certificado",
     "Cert - Tooltip": "O certificado da chave pública que precisa ser verificado pelo SDK do cliente correspondente a esta aplicação",
     "Certs": "Certificados",
@@ -476,6 +479,8 @@
     "SSH type - Tooltip": "Tipo de autenticação para conexão SSH",
     "Save": "Salvar",
     "Save & Exit": "Salvar e Sair",
+    "Scopes": "Scopes",
+    "Scopes - Tooltip": "Scopes - Tooltip",
     "Search": "Buscar",
     "Send": "Enviar",
     "Session ID": "ID da sessão",
@@ -530,6 +535,7 @@
     "Transactions": "Transações",
     "True": "Verdadeiro",
     "Type": "Tipo",
+    "Type - Tooltip": "Type - Tooltip",
     "URL": "URL",
     "URL - Tooltip": "Link da URL",
     "Unknown application name": "Nome de aplicação desconhecido",
@@ -867,6 +873,8 @@
   },
   "plan": {
     "Edit Plan": "Editar Plano",
+    "Is exclusive": "Is exclusive",
+    "Is exclusive - Tooltip": "Is exclusive - Tooltip",
     "New Plan": "Novo Plano",
     "Period": "Período",
     "Period - Tooltip": "Período",
@@ -897,6 +905,7 @@
     "Amount": "Valor",
     "Buy": "Comprar",
     "Buy Product": "Comprar Produto",
+    "Cart contains invalid products, please delete them before placing an order": "Cart contains invalid products, please delete them before placing an order",
     "Custom amount available": "Valor personalizado disponível",
     "Custom price should be greater than zero": "O preço personalizado deve ser maior que zero",
     "Detail - Tooltip": "Detalhes do produto",
@@ -909,9 +918,11 @@
     "Image": "Imagem",
     "Image - Tooltip": "Imagem do produto",
     "Information": "Informações",
+    "Invalid product": "Invalid product",
     "Is recharge": "É recarga",
     "Is recharge - Tooltip": "Se o produto atual é para recarregar saldo",
     "New Product": "Novo Produto",
+    "No recharge options available": "No recharge options available",
     "Order created successfully": "Pedido criado com sucesso",
     "PayPal": "PayPal",
     "Payment cancelled": "Pagamento cancelado",
@@ -924,12 +935,12 @@
     "Please select at least one payment provider": "Por favor, selecione pelo menos um provedor de pagamento",
     "Processing payment...": "Processando pagamento...",
     "Product list cannot be empty": "A lista de produtos não pode estar vazia",
+    "Product not found or invalid": "Product not found or invalid",
     "Quantity": "Quantidade",
     "Quantity - Tooltip": "Quantidade do produto",
     "Recharge options": "Opções de recarga",
     "Recharge options - Tooltip": "Dica: opções de recarga",
-    "Return URL": "URL de Retorno",
-    "Return URL - Tooltip": "URL para retornar após a compra bem-sucedida",
+    "Recharge products need to go to the product detail page to set custom amount": "Recharge products need to go to the product detail page to set custom amount",
     "SKU": "SKU",
     "Select amount": "Selecionar valor",
     "Sold": "Vendido",
@@ -972,8 +983,6 @@
     "Can signin": "Pode fazer login",
     "Can signup": "Pode se inscrever",
     "Can unlink": "Pode desvincular",
-    "Category": "Categoria",
-    "Category - Tooltip": "Selecione uma categoria",
     "Channel No.": "Número do canal",
     "Channel No. - Tooltip": "Número do canal",
     "Chat ID": "ID do chat",
@@ -990,8 +999,6 @@
     "Content - Tooltip": "Dica: conteúdo",
     "DB test": "Teste do banco de dados",
     "DB test - Tooltip": "Dica: teste do banco de dados",
-    "Disable SSL": "Desabilitar SSL",
-    "Disable SSL - Tooltip": "Se deve desabilitar o protocolo SSL ao comunicar com o servidor SMTP",
     "Domain": "Domínio",
     "Domain - Tooltip": "Domínio personalizado para armazenamento de objetos",
     "Edit Provider": "Editar Provedor",
@@ -1074,9 +1081,12 @@
     "SP ACS URL": "URL SP ACS",
     "SP ACS URL - Tooltip": "URL SP ACS",
     "SP Entity ID": "ID da Entidade SP",
+    "SSL mode": "SSL mode",
+    "SSL mode - Tooltip": "SSL mode - Tooltip",
     "Scene": "Cenário",
     "Scene - Tooltip": "Cenário",
     "Scope": "Escopo",
+    "Scope - Tooltip": "Scope - Tooltip",
     "Secret access key": "Chave de acesso secreta",
     "Secret access key - Tooltip": "Chave de acesso secreta",
     "Secret key": "Chave secreta",
@@ -1238,6 +1248,9 @@
   },
   "syncer": {
     "API Token / Password": "Token de API / Senha",
+    "AWS Access Key ID": "AWS Access Key ID",
+    "AWS Region": "AWS Region",
+    "AWS Secret Access Key": "AWS Secret Access Key",
     "Admin Email": "E-mail do administrador",
     "Affiliation table": "Tabela de Afiliação",
     "Affiliation table - Tooltip": "Nome da tabela no banco de dados da unidade de trabalho",
@@ -1269,8 +1282,6 @@
     "SSH password": "Senha SSH",
     "SSH port": "Porta SSH",
     "SSH user": "Usuário SSH",
-    "SSL mode": "Modo SSL",
-    "SSL mode - Tooltip": "Dica: modo SSL",
     "Service account key": "Chave da conta de serviço",
     "Sync interval": "Intervalo de sincronização",
     "Sync interval - Tooltip": "Unidade em segundos",

web/src/locales/tr/data.json

@@ -70,6 +70,7 @@
     "Enable signin session - Tooltip": "Uygulamadan Casdoor'a giriş yaptıktan sonra Casdoor'un bir oturum sürdürüp sürdürmeyeceği",
     "Enable signup": "Kayıtı Etkinleştir",
     "Enable signup - Tooltip": "Kullanıcıların yeni bir hesap kaydetmesine izin verilip verilmeyeceği",
+    "Existing Field": "Existing Field",
     "Failed signin frozen time": "Başarısız giriş dondurma süresi",
     "Failed signin frozen time - Tooltip": "Başarısız giriş denemelerinden sonra hesabın dondurulduğu süre",
     "Failed signin limit": "Başarısız giriş limiti",
@@ -151,6 +152,7 @@
     "Signup items - Tooltip": "Kullanıcıların yeni hesaplar kaydederken doldurması gereken öğeler - İpucu",
     "Single Choice": "Tek Seçim",
     "Small icon": "Küçük simge",
+    "Static Value": "Static Value",
     "String": "Dize",
     "Tags - Tooltip": "Yalnızca uygulama etiketlerinde listelenen etikete sahip kullanıcılar giriş yapabilir - İpucu",
     "The application does not allow to sign up new account": "Uygulama yeni hesap kaydetmeyi izin vermemektedir",
@@ -184,9 +186,7 @@
     "Expire in years - Tooltip": "Sertifikanın geçerlilik süresi, yıllarda",
     "New Cert": "Yeni Sertifika",
     "Private key": "Özel anahtar",
-    "Private key - Tooltip": "Genel anahtar sertifikasına karşılık gelen özel anahtar",
-    "Scope - Tooltip": "Sertifikanın kullanım senaryoları",
-    "Type - Tooltip": "Sertifika türü"
+    "Private key - Tooltip": "Genel anahtar sertifikasına karşılık gelen özel anahtar"
   },
   "code": {
     "Code you received": "Aldığınız kod",
@@ -275,6 +275,7 @@
     "Applications that require authentication": "Kimlik doğrulaması gerektiren uygulamalar",
     "Apps": "Uygulamalar",
     "Authorization": "Yetkilendirme",
+    "Auto": "Auto",
     "Avatar": "Avatar",
     "Avatar - Tooltip": "Kullanıcı için genel avatar resmi",
     "Back": "Geri",
@@ -283,6 +284,8 @@
     "Cancel": "Vazgeç",
     "Captcha": "Captcha",
     "Cart": "Sepet",
+    "Category": "Category",
+    "Category - Tooltip": "Category - Tooltip",
     "Cert": "Sertifika",
     "Cert - Tooltip": "Bu uygulamaya karşılık gelen istemci SDK tarafından doğrulanması gereken genel anahtar sertifikası",
     "Certs": "Sertifikalar",
@@ -476,6 +479,8 @@
     "SSH type - Tooltip": "SSH bağlantısının kimlik doğrulama türü",
     "Save": "Kaydet",
     "Save & Exit": "Kaydet ve Çık",
+    "Scopes": "Scopes",
+    "Scopes - Tooltip": "Scopes - Tooltip",
     "Search": "Ara",
     "Send": "Gönder",
     "Session ID": "Oturum ID",
@@ -530,6 +535,7 @@
     "Transactions": "İşlemler",
     "True": "Doğru",
     "Type": "Tür",
+    "Type - Tooltip": "Type - Tooltip",
     "URL": "URL",
     "URL - Tooltip": "URL bağlantısı",
     "Unknown application name": "Bilinmeyen uygulama adı",
@@ -867,6 +873,8 @@
   },
   "plan": {
     "Edit Plan": "Planı Düzenle",
+    "Is exclusive": "Is exclusive",
+    "Is exclusive - Tooltip": "Is exclusive - Tooltip",
     "New Plan": "Yeni Plan",
     "Period": "Dönem",
     "Period - Tooltip": "Dönem",
@@ -897,6 +905,7 @@
     "Amount": "Tutar",
     "Buy": "Satın Al",
     "Buy Product": "Ürün Satın Al",
+    "Cart contains invalid products, please delete them before placing an order": "Cart contains invalid products, please delete them before placing an order",
     "Custom amount available": "Özel tutar kullanılabilir",
     "Custom price should be greater than zero": "Özel fiyat sıfırdan büyük olmalıdır",
     "Detail - Tooltip": "Ürün detayı",
@@ -909,9 +918,11 @@
     "Image": "Resim",
     "Image - Tooltip": "Ürün resmi",
     "Information": "Bilgi",
+    "Invalid product": "Invalid product",
     "Is recharge": "Yeniden yükleme mi",
     "Is recharge - Tooltip": "Mevcut ürün bakiye yeniden yüklemesi ise",
     "New Product": "Yeni Ürün",
+    "No recharge options available": "No recharge options available",
     "Order created successfully": "Sipariş başarıyla oluşturuldu",
     "PayPal": "PayPal",
     "Payment cancelled": "Ödeme iptal edildi",
@@ -924,12 +935,12 @@
     "Please select at least one payment provider": "Lütfen en az bir ödeme sağlayıcısı seçin",
     "Processing payment...": "Ödeme işleniyor...",
     "Product list cannot be empty": "Ürün listesi boş olamaz",
+    "Product not found or invalid": "Product not found or invalid",
     "Quantity": "Miktar",
     "Quantity - Tooltip": "Ürün miktarı",
     "Recharge options": "Yeniden yükleme seçenekleri",
     "Recharge options - Tooltip": "Yeniden yükleme seçenekleri - Araç ipucu",
-    "Return URL": "Dönüş URL'si",
-    "Return URL - Tooltip": "Satın alımdan sonra dönülecek URL",
+    "Recharge products need to go to the product detail page to set custom amount": "Recharge products need to go to the product detail page to set custom amount",
     "SKU": "SKU",
     "Select amount": "Tutar seç",
     "Sold": "Satılmış",
@@ -972,8 +983,6 @@
     "Can signin": "Giriş yapabilir",
     "Can signup": "Kayıt yapabilir",
     "Can unlink": "Bağlantıyı kesebilir",
-    "Category": "Kategori",
-    "Category - Tooltip": "Bir kategori seçin",
     "Channel No.": "Kanal Numarası",
     "Channel No. - Tooltip": "Kanal Numarası",
     "Chat ID": "Sohbet Kimliği",
@@ -990,8 +999,6 @@
     "Content - Tooltip": "İçerik - Araç ipucu",
     "DB test": "Veritabanı testi",
     "DB test - Tooltip": "Veritabanı testi - Araç ipucu",
-    "Disable SSL": "SSL'yi Devre Dışı Bırak",
-    "Disable SSL - Tooltip": "STMP sunucusu ile iletişim kurarken SSL protokolünü devre dışı bırakıp bırakmayacağı",
     "Domain": "Alan adı",
     "Domain - Tooltip": "Nesne depolama için özel alan adı",
     "Edit Provider": "Sağlayıcıyı Düzenle",
@@ -1074,9 +1081,12 @@
     "SP ACS URL": "SP ACS URL'si",
     "SP ACS URL - Tooltip": "SP ACS URL'si",
     "SP Entity ID": "SP Varlık ID'si",
+    "SSL mode": "SSL mode",
+    "SSL mode - Tooltip": "SSL mode - Tooltip",
     "Scene": "Senaryo",
     "Scene - Tooltip": "Senaryo",
     "Scope": "Kapsam",
+    "Scope - Tooltip": "Scope - Tooltip",
     "Secret access key": "Gizli erişim anahtarı",
     "Secret access key - Tooltip": "Gizli erişim anahtarı",
     "Secret key": "Gizli anahtar",
@@ -1238,6 +1248,9 @@
   },
   "syncer": {
     "API Token / Password": "API Token / Password",
+    "AWS Access Key ID": "AWS Access Key ID",
+    "AWS Region": "AWS Region",
+    "AWS Secret Access Key": "AWS Secret Access Key",
     "Admin Email": "Admin Email",
     "Affiliation table": "İlişki tablosu",
     "Affiliation table - Tooltip": "Çalışma biriminin veritabanı tablo adı",
@@ -1269,8 +1282,6 @@
     "SSH password": "SSH şifresi",
     "SSH port": "SSH portu",
     "SSH user": "SSH kullanıcısı",
-    "SSL mode": "SSL modu",
-    "SSL mode - Tooltip": "SSL modu - İpucu",
     "Service account key": "Service account key",
     "Sync interval": "Senkronizasyon aralığı",
     "Sync interval - Tooltip": "Birimi saniye cinsinden",

web/src/locales/uk/data.json

@@ -70,6 +70,7 @@
     "Enable signin session - Tooltip": "Чи підтримує Casdoor сеанс після входу в Casdoor із програми",
     "Enable signup": "Увімкнути реєстрацію",
     "Enable signup - Tooltip": "Чи дозволяти користувачам реєструвати новий обліковий запис",
+    "Existing Field": "Existing Field",
     "Failed signin frozen time": "Помилка входу заморожений час",
     "Failed signin frozen time - Tooltip": "Час після якого обліковий запис заморожується після невдалих спроб входу - Підказка",
     "Failed signin limit": "Обмеження невдалого входу",
@@ -151,6 +152,7 @@
     "Signup items - Tooltip": "Пункти, які користувачі повинні заповнити під час реєстрації нових облікових записів",
     "Single Choice": "Один варіант",
     "Small icon": "Маленький значок",
+    "Static Value": "Static Value",
     "String": "Рядок",
     "Tags - Tooltip": "Увійти можуть лише користувачі з тегом, указаним у тегах програми",
     "The application does not allow to sign up new account": "Програма не дозволяє зареєструвати новий обліковий запис",
@@ -184,9 +186,7 @@
     "Expire in years - Tooltip": "Термін дії сертифіката, років",
     "New Cert": "Новий сертифікат",
     "Private key": "Приватний ключ",
-    "Private key - Tooltip": "Закритий ключ, що відповідає сертифікату відкритого ключа",
-    "Scope - Tooltip": "Сценарії використання сертифіката",
-    "Type - Tooltip": "Тип сертифіката"
+    "Private key - Tooltip": "Закритий ключ, що відповідає сертифікату відкритого ключа"
   },
   "code": {
     "Code you received": "Код, який ви отримали",
@@ -275,6 +275,7 @@
     "Applications that require authentication": "Програми, які потребують автентифікації",
     "Apps": "програми",
     "Authorization": "Авторизація",
+    "Auto": "Auto",
     "Avatar": "Аватар",
     "Avatar - Tooltip": "Публічний аватар користувача",
     "Back": "Назад",
@@ -283,6 +284,8 @@
     "Cancel": "Скасувати",
     "Captcha": "Капча",
     "Cart": "Кошик",
+    "Category": "Category",
+    "Category - Tooltip": "Category - Tooltip",
     "Cert": "сертифікат",
     "Cert - Tooltip": "Сертифікат відкритого ключа, який потрібно перевірити клієнтським SDK, що відповідає цій програмі",
     "Certs": "Сертифікати",
@@ -476,6 +479,8 @@
     "SSH type - Tooltip": "Тип авторизації підключення SSH",
     "Save": "зберегти",
     "Save & Exit": "зберегти",
+    "Scopes": "Scopes",
+    "Scopes - Tooltip": "Scopes - Tooltip",
     "Search": "Пошук",
     "Send": "Надіслати",
     "Session ID": "Ідентифікатор сеансу",
@@ -530,6 +535,7 @@
     "Transactions": "транзакції",
     "True": "Так",
     "Type": "Тип",
+    "Type - Tooltip": "Type - Tooltip",
     "URL": "URL",
     "URL - Tooltip": "URL-посилання",
     "Unknown application name": "Невідома назва програми",
@@ -737,48 +743,59 @@
     "New Order": "Нове замовлення",
     "Order not found": "Замовлення не знайдено",
     "Pay": "Оплатити",
-    "Account menu - Tooltip": "Меню облікового запису - підказка",
-    "Admin navbar items": "Пункти панелі навігації адміністратора",
-    "Admin navbar items - Tooltip": "Пункти панелі навігації адміністратора - підказка",
-    "Balance credit": "Баланс кредиту",
-    "Balance credit - Tooltip": "Баланс кредиту - підказка",
-    "Balance currency": "Валюта балансу",
-    "Balance currency - Tooltip": "Валюта балансу - підказка",
-    "Edit Organization": "Редагувати організацію",
-    "Follow global theme": "Дотримуйтеся глобальної теми",
-    "Has privilege consent": "Має згоду на привілеї",
-    "Has privilege consent - Tooltip": "Заборонити додавання користувачів до вбудованої організації, якщо HasPrivilegeConsent встановлено в false",
-    "Has privilege consent warning": "Додавання нового користувача до організації «built-in» (вбудованої) на даний момент вимкнено. Зауважте: усі користувачі в організації «built-in» є глобальними адміністраторами в Casdoor. Дивіться документацію: https://casdoor.org/docs/basic/core-concepts#how-does-casdoor-manage-itself. Якщо ви все ще хочете створити користувача для організації «built-in», перейдіть на сторінку налаштувань організації та увімкніть опцію «Має згоду на привілеї».",
-    "Init score": "Початкова оцінка",
-    "Init score - Tooltip": "Початкові бали, нараховані користувачам під час реєстрації",
-    "Is profile public": "Профіль загальнодоступний",
-    "Is profile public - Tooltip": "Після закриття лише глобальні адміністратори або користувачі в одній організації можуть отримати доступ до сторінки профілю користувача",
-    "Modify rule": "Змінити правило",
-    "New Organization": "Нова організація",
-    "Optional": "Додатково",
-    "Org balance": "Баланс організації",
-    "Org balance - Tooltip": "Баланс організації - підказка",
-    "Password expire days": "Кількість днів дії паролю",
-    "Password expire days - Tooltip": "Кількість днів дії паролю - підказка",
-    "Prompt": "Підкажіть",
-    "Required": "вимагається",
-    "Soft deletion": "М'яке видалення",
-    "Soft deletion - Tooltip": "Якщо ввімкнено, видалення користувачів не призведе до їх повного видалення з бази даних. ",
-    "Tags": "Теги",
-    "Use Email as username": "Використовувати Email як ім'я користувача",
-    "Use Email as username - Tooltip": "Використовувати Email як ім'я користувача, якщо поле імені користувача не відображається під час реєстрації",
-    "User balance": "Баланс користувача",
-    "User balance - Tooltip": "Баланс користувача - підказка",
-    "User navbar items": "Пункти панелі навігації користувача",
-    "User navbar items - Tooltip": "Пункти панелі навігації користувача - підказка",
-    "User types": "Типи користувачів",
-    "User types - Tooltip": "Типи користувачів - підказка",
-    "View rule": "Переглянути правило",
-    "Visible": "Видно",
-    "Website URL": "адреса вебсайту",
-    "Website URL - Tooltip": "URL-адреса домашньої сторінки організації. ",
-    "Widget items": "Елементи віджета",
-    "Widget items - Tooltip": "Елементи віджета - підказка"
+    "Payment failed time": "Payment failed time",
+    "Payment time": "Payment time",
+    "Price": "Price",
+    "Return to Order List": "Return to Order List",
+    "Timeout time": "Timeout time",
+    "View Order": "View Order"
+  },
+  "organization": {
+    "Account items": "Account items",
+    "Account items - Tooltip": "Account items - Tooltip",
+    "Account menu": "Account menu",
+    "Account menu - Tooltip": "Account menu - Tooltip",
+    "Admin navbar items": "Admin navbar items",
+    "Admin navbar items - Tooltip": "Admin navbar items - Tooltip",
+    "Balance credit": "Balance credit",
+    "Balance credit - Tooltip": "Balance credit - Tooltip",
+    "Balance currency": "Balance currency",
+    "Balance currency - Tooltip": "Balance currency - Tooltip",
+    "Edit Organization": "Edit Organization",
+    "Follow global theme": "Follow global theme",
+    "Has privilege consent": "Has privilege consent",
+    "Has privilege consent - Tooltip": "Has privilege consent - Tooltip",
+    "Has privilege consent warning": "Has privilege consent warning",
+    "Init score": "Init score",
+    "Init score - Tooltip": "Init score - Tooltip",
+    "Is profile public": "Is profile public",
+    "Is profile public - Tooltip": "Is profile public - Tooltip",
+    "Modify rule": "Modify rule",
+    "New Organization": "New Organization",
+    "Optional": "Optional",
+    "Org balance": "Org balance",
+    "Org balance - Tooltip": "Org balance - Tooltip",
+    "Password expire days": "Password expire days",
+    "Password expire days - Tooltip": "Password expire days - Tooltip",
+    "Prompt": "Prompt",
+    "Required": "Required",
+    "Soft deletion": "Soft deletion",
+    "Soft deletion - Tooltip": "Soft deletion - Tooltip",
+    "Tags": "Tags",
+    "Use Email as username": "Use Email as username",
+    "Use Email as username - Tooltip": "Use Email as username - Tooltip",
+    "User balance": "User balance",
+    "User balance - Tooltip": "User balance - Tooltip",
+    "User navbar items": "User navbar items",
+    "User navbar items - Tooltip": "User navbar items - Tooltip",
+    "User types": "User types",
+    "User types - Tooltip": "User types - Tooltip",
+    "View rule": "View rule",
+    "Visible": "Visible",
+    "Website URL": "Website URL",
+    "Website URL - Tooltip": "Website URL - Tooltip",
+    "Widget items": "Widget items",
+    "Widget items - Tooltip": "Widget items - Tooltip"
   },
   "payment": {
     "Confirm your invoice information": "Підтвердьте інформацію про рахунок",
@@ -856,6 +873,8 @@
   },
   "plan": {
     "Edit Plan": "Редагувати план",
+    "Is exclusive": "Is exclusive",
+    "Is exclusive - Tooltip": "Is exclusive - Tooltip",
     "New Plan": "Новий план",
     "Period": "Крапка",
     "Period - Tooltip": "Період",
@@ -886,6 +905,7 @@
     "Amount": "Amount",
     "Buy": "купити",
     "Buy Product": "Купити товар",
+    "Cart contains invalid products, please delete them before placing an order": "Cart contains invalid products, please delete them before placing an order",
     "Custom amount available": "Custom amount available",
     "Custom price should be greater than zero": "Custom price should be greater than zero",
     "Detail - Tooltip": "Деталь продукту",
@@ -898,9 +918,11 @@
     "Image": "Зображення",
     "Image - Tooltip": "Зображення товару",
     "Information": "Information",
+    "Invalid product": "Invalid product",
     "Is recharge": "Чи є поповненням",
     "Is recharge - Tooltip": "Чи є поточний продукт для поповнення балансу",
     "New Product": "Новий продукт",
+    "No recharge options available": "No recharge options available",
     "Order created successfully": "Order created successfully",
     "PayPal": "Пейпал",
     "Payment cancelled": "Платіж скасовано",
@@ -913,12 +935,12 @@
     "Please select at least one payment provider": "Please select at least one payment provider",
     "Processing payment...": "Processing payment...",
     "Product list cannot be empty": "Product list cannot be empty",
+    "Product not found or invalid": "Product not found or invalid",
     "Quantity": "Кількість",
     "Quantity - Tooltip": "Кількість товару",
     "Recharge options": "Recharge options",
     "Recharge options - Tooltip": "Варіанти поповнення - Підказка",
-    "Return URL": "Повернута URL-адреса",
-    "Return URL - Tooltip": "URL-адреса для повернення після успішної покупки",
+    "Recharge products need to go to the product detail page to set custom amount": "Recharge products need to go to the product detail page to set custom amount",
     "SKU": "SKU",
     "Select amount": "Select amount",
     "Sold": "Продано",
@@ -961,8 +983,6 @@
     "Can signin": "Можна ввійти",
     "Can signup": "Можна записатися",
     "Can unlink": "Можна від’єднати",
-    "Category": "Категорія",
-    "Category - Tooltip": "Ідентифікатор для категоризації та групування елементів або контенту, що полегшує фільтрацію та управління",
     "Channel No.": "Номер каналу",
     "Channel No. - Tooltip": "Унікальний номер, що ідентифікує канал зв'язку або передачі даних, використовується для розрізнення різних шляхів передачі",
     "Chat ID": "Ідентифікатор чату",
@@ -979,8 +999,6 @@
     "Content - Tooltip": "Вміст – підказка",
     "DB test": "Тест БД",
     "DB test - Tooltip": "Тест бази даних - підказка",
-    "Disable SSL": "Вимкнути SSL",
-    "Disable SSL - Tooltip": "Чи вимикати протокол SSL під час зв’язку із сервером STMP",
     "Domain": "Домен",
     "Domain - Tooltip": "Спеціальний домен для зберігання об'єктів",
     "Edit Provider": "Редагувати постачальника",
@@ -1063,9 +1081,12 @@
     "SP ACS URL": "URL ACS СП",
     "SP ACS URL - Tooltip": "URL ACS СП",
     "SP Entity ID": "Ідентифікатор особи SP",
+    "SSL mode": "SSL mode",
+    "SSL mode - Tooltip": "SSL mode - Tooltip",
     "Scene": "Сцена",
     "Scene - Tooltip": "Сцена",
     "Scope": "Область застосування",
+    "Scope - Tooltip": "Scope - Tooltip",
     "Secret access key": "Секретний ключ доступу",
     "Secret access key - Tooltip": "Секретний ключ доступу",
     "Secret key": "Секретний ключ",
@@ -1227,6 +1248,9 @@
   },
   "syncer": {
     "API Token / Password": "API Token / Password",
+    "AWS Access Key ID": "AWS Access Key ID",
+    "AWS Region": "AWS Region",
+    "AWS Secret Access Key": "AWS Secret Access Key",
     "Admin Email": "Admin Email",
     "Affiliation table": "Таблиця приналежності",
     "Affiliation table - Tooltip": "Назва робочої одиниці таблиці бази даних",
@@ -1258,8 +1282,6 @@
     "SSH password": "пароль SSH",
     "SSH port": "порт SSH",
     "SSH user": "Користувач SSH",
-    "SSL mode": "Режим SSL",
-    "SSL mode - Tooltip": "Режим SSL – підказка",
     "Service account key": "Service account key",
     "Sync interval": "Інтервал синхронізації",
     "Sync interval - Tooltip": "Одиниця в секундах",

web/src/locales/vi/data.json

@@ -70,6 +70,7 @@
     "Enable signin session - Tooltip": "Có phải Casdoor duy trì phiên sau khi đăng nhập vào Casdoor từ ứng dụng không?",
     "Enable signup": "Kích hoạt đăng ký",
     "Enable signup - Tooltip": "Có cho phép người dùng đăng ký tài khoản mới không?",
+    "Existing Field": "Existing Field",
     "Failed signin frozen time": "Thời gian khóa khi đăng nhập thất bại",
     "Failed signin frozen time - Tooltip": "Thời gian tài khoản bị đóng băng sau các lần đăng nhập thất bại",
     "Failed signin limit": "Giới hạn đăng nhập thất bại",
@@ -151,6 +152,7 @@
     "Signup items - Tooltip": "Mục cho người dùng đề điền khi đăng nhập - Gợi ý",
     "Single Choice": "Lựa chọn đơn",
     "Small icon": "Biểu tượng nhỏ",
+    "Static Value": "Static Value",
     "String": "Chuỗi",
     "Tags - Tooltip": "Chỉ người dùng có thẻ được liệt kê trong thẻ ứng dụng mới có thể đăng nhập - Gợi ý",
     "The application does not allow to sign up new account": "Ứng dụng không cho phép đăng ký tài khoản mới",
@@ -184,9 +186,7 @@
     "Expire in years - Tooltip": "Thời hạn hiệu lực của chứng chỉ, tính bằng năm",
     "New Cert": "Chứng chỉ mới",
     "Private key": "Khóa bí mật",
-    "Private key - Tooltip": "Khóa riêng tương ứng với chứng thư khóa công khai",
-    "Scope - Tooltip": "Các kịch bản sử dụng của giấy chứng nhận",
-    "Type - Tooltip": "Loại chứng chỉ"
+    "Private key - Tooltip": "Khóa riêng tương ứng với chứng thư khóa công khai"
   },
   "code": {
     "Code you received": "Mã bạn nhận được",
@@ -275,6 +275,7 @@
     "Applications that require authentication": "Các ứng dụng yêu cầu xác thực",
     "Apps": "Ứng dụng",
     "Authorization": "Ủy quyền",
+    "Auto": "Auto",
     "Avatar": "Ảnh đại diện",
     "Avatar - Tooltip": "Ảnh đại diện công khai cho người dùng",
     "Back": "Quay lại",
@@ -283,6 +284,8 @@
     "Cancel": "Hủy bỏ",
     "Captcha": "Mã xác nhận",
     "Cart": "Giỏ hàng",
+    "Category": "Category",
+    "Category - Tooltip": "Category - Tooltip",
     "Cert": "Chứng chỉ",
     "Cert - Tooltip": "Chứng chỉ khóa công khai cần được xác minh bởi SDK khách hàng tương ứng với ứng dụng này",
     "Certs": "Chứng chỉ",
@@ -476,6 +479,8 @@
     "SSH type - Tooltip": "Loại xác thực kết nối SSH",
     "Save": "Lưu",
     "Save & Exit": "Lưu và Thoát",
+    "Scopes": "Scopes",
+    "Scopes - Tooltip": "Scopes - Tooltip",
     "Search": "Tìm kiếm",
     "Send": "Gửi",
     "Session ID": "ID phiên làm việc",
@@ -530,6 +535,7 @@
     "Transactions": "Giao dịch",
     "True": "Đúng",
     "Type": "Loại",
+    "Type - Tooltip": "Type - Tooltip",
     "URL": "URL",
     "URL - Tooltip": "Đường dẫn URL",
     "Unknown application name": "Tên ứng dụng không xác định",
@@ -867,6 +873,8 @@
   },
   "plan": {
     "Edit Plan": "Chỉnh sửa gói",
+    "Is exclusive": "Is exclusive",
+    "Is exclusive - Tooltip": "Is exclusive - Tooltip",
     "New Plan": "Gói mới",
     "Period": "Kỳ",
     "Period - Tooltip": "Thời kỳ",
@@ -897,6 +905,7 @@
     "Amount": "Số tiền",
     "Buy": "Mua",
     "Buy Product": "Mua sản phẩm",
+    "Cart contains invalid products, please delete them before placing an order": "Cart contains invalid products, please delete them before placing an order",
     "Custom amount available": "Số tiền tùy chỉnh có sẵn",
     "Custom price should be greater than zero": "Giá tùy chỉnh phải lớn hơn không",
     "Detail - Tooltip": "Chi tiết sản phẩm",
@@ -909,9 +918,11 @@
     "Image": "Ảnh",
     "Image - Tooltip": "Hình ảnh sản phẩm",
     "Information": "Thông tin",
+    "Invalid product": "Invalid product",
     "Is recharge": "Là nạp tiền",
     "Is recharge - Tooltip": "Sản phẩm hiện tại có phải để nạp số dư",
     "New Product": "Sản phẩm mới",
+    "No recharge options available": "No recharge options available",
     "Order created successfully": "Tạo đơn hàng thành công",
     "PayPal": "PayPal",
     "Payment cancelled": "Thanh toán đã bị hủy",
@@ -924,12 +935,12 @@
     "Please select at least one payment provider": "Vui lòng chọn ít nhất một nhà cung cấp thanh toán",
     "Processing payment...": "Đang xử lý thanh toán...",
     "Product list cannot be empty": "Danh sách sản phẩm không thể trống",
+    "Product not found or invalid": "Product not found or invalid",
     "Quantity": "Số lượng",
     "Quantity - Tooltip": "Số lượng sản phẩm",
     "Recharge options": "Tùy chọn nạp tiền",
     "Recharge options - Tooltip": "Tùy chọn nạp tiền - Gợi ý",
-    "Return URL": "Địa chỉ URL trở lại",
-    "Return URL - Tooltip": "URL để quay lại sau khi mua hàng thành công",
+    "Recharge products need to go to the product detail page to set custom amount": "Recharge products need to go to the product detail page to set custom amount",
     "SKU": "SKU",
     "Select amount": "Chọn số tiền",
     "Sold": "Đã bán",
@@ -972,8 +983,6 @@
     "Can signin": "Đăng nhập được không?",
     "Can signup": "Đăng ký có thể được thực hiện",
     "Can unlink": "Không liên kết được",
-    "Category": "Thể loại",
-    "Category - Tooltip": "Chọn một danh mục",
     "Channel No.": "Kênh số.",
     "Channel No. - Tooltip": "Kênh Số.",
     "Chat ID": "ID trò chuyện",
@@ -990,8 +999,6 @@
     "Content - Tooltip": "Gợi ý nội dung",
     "DB test": "DB test",
     "DB test - Tooltip": "Kiểm tra DB - Gợi ý",
-    "Disable SSL": "Vô hiệu hóa SSL",
-    "Disable SSL - Tooltip": "Có nên vô hiệu hóa giao thức SSL khi giao tiếp với máy chủ STMP hay không?",
     "Domain": "Miền",
     "Domain - Tooltip": "Tên miền tùy chỉnh cho lưu trữ đối tượng",
     "Edit Provider": "Chỉnh sửa nhà cung cấp",
@@ -1074,9 +1081,12 @@
     "SP ACS URL": "SP ACC URL",
     "SP ACS URL - Tooltip": "URL ACS của SP - Gợi ý",
     "SP Entity ID": "SP Entity ID: Định danh thực thể SP",
+    "SSL mode": "SSL mode",
+    "SSL mode - Tooltip": "SSL mode - Tooltip",
     "Scene": "Cảnh",
     "Scene - Tooltip": "Cảnh",
     "Scope": "Phạm vi",
+    "Scope - Tooltip": "Scope - Tooltip",
     "Secret access key": "Chìa khóa truy cập bí mật",
     "Secret access key - Tooltip": "Khóa truy cập bí mật",
     "Secret key": "Chìa khóa bí mật",
@@ -1238,6 +1248,9 @@
   },
   "syncer": {
     "API Token / Password": "Mã thông báo API / Mật khẩu",
+    "AWS Access Key ID": "AWS Access Key ID",
+    "AWS Region": "AWS Region",
+    "AWS Secret Access Key": "AWS Secret Access Key",
     "Admin Email": "Email quản trị viên",
     "Affiliation table": "Bảng liên kết",
     "Affiliation table - Tooltip": "Bảng liên kết - Gợi ý",
@@ -1245,11 +1258,8 @@
     "Avatar base URL - Tooltip": "Địa chỉ cơ sở URL ảnh đại diện - Gợi ý",
     "Bind DN": "Kết nối DN",
     "Casdoor column": "Cột Casdoor",
-    "Casdoor column - Tooltip": "Tên cột trong bảng Casdoor tương ứng",
     "Column name": "Tên cột",
-    "Column name - Tooltip": "Tên cột trong bảng cơ sở dữ liệu",
     "Column type": "Loại cột",
-    "Column type - Tooltip": "Kiểu dữ liệu của cột",
     "Connect successfully": "Kết nối thành công",
     "Corp ID": "Mã doanh nghiệp",
     "Corp secret": "Bí mật doanh nghiệp",
@@ -1268,15 +1278,11 @@
     "New Syncer": "Đồng bộ mới",
     "Paste your Google Workspace service account JSON key here": "Dán khóa JSON tài khoản dịch vụ Google Workspace của bạn tại đây",
     "SCIM Server URL": "URL máy chủ SCIM",
-    "SCIM Server URL - Tooltip": "Địa chỉ URL của máy chủ SCIM",
     "SSH host": "Máy chủ SSH",
     "SSH password": "Mật khẩu SSH",
     "SSH port": "Cổng SSH",
     "SSH user": "Người dùng SSH",
-    "SSL mode": "Chế độ SSL",
-    "SSL mode - Tooltip": "Chế độ kết nối SSL với cơ sở dữ liệu",
     "Service account key": "Khóa tài khoản dịch vụ",
-    "Service account key - Tooltip": "Khóa JSON của tài khoản dịch vụ",
     "Sync interval": "Khoảng thời gian đồng bộ",
     "Sync interval - Tooltip": "Khoảng thời gian giữa các lần đồng bộ (tính bằng giây)",
     "Table": "Bảng",
@@ -1291,7 +1297,6 @@
     "API Latency": "Độ trễ API",
     "API Throughput": "Thông lượng API",
     "About Casdoor": "Về Casdoor",
-    "About Casdoor - Tooltip": "Thông tin về nền tảng Casdoor",
     "An Identity and Access Management (IAM) / Single-Sign-On (SSO) platform with web UI supporting OAuth 2.0, OIDC, SAML and CAS": "Một nền tảng Quản lý Danh tính và Truy cập (IAM) / Đăng nhập Một lần (SSO) với giao diện người dùng web hỗ trợ OAuth 2.0, OIDC, SAML và CAS",
     "CPU Usage": "Sử dụng CPU",
     "Community": "Cộng đồng",

web/src/locales/zh/data.json

@@ -70,6 +70,7 @@
     "Enable signin session - Tooltip": "从应用登录Casdoor后，Casdoor是否保持会话",
     "Enable signup": "启用注册",
     "Enable signup - Tooltip": "是否允许用户注册",
+    "Existing Field": "Existing Field",
     "Failed signin frozen time": "登入重试等待时间",
     "Failed signin frozen time - Tooltip": "超过登入错误重试次数后的等待时间，只有超过等待时间后用户才能重新登入，默认值为15分钟，设置的值需为正整数",
     "Failed signin limit": "登入错误次数限制",
@@ -151,6 +152,7 @@
     "Signup items - Tooltip": "注册用户注册时需要填写的项目",
     "Single Choice": "单选",
     "Small icon": "小图标",
+    "Static Value": "Static Value",
     "String": "字符串",
     "Tags - Tooltip": "用户的标签在应用的标签集合中时，用户才可以登录该应用",
     "The application does not allow to sign up new account": "该应用不允许注册新账户",
@@ -184,9 +186,7 @@
     "Expire in years - Tooltip": "公钥证书的有效期，以年为单位",
     "New Cert": "添加证书",
     "Private key": "私钥",
-    "Private key - Tooltip": "公钥证书对应的私钥",
-    "Scope - Tooltip": "公钥证书的使用场景",
-    "Type - Tooltip": "公钥证书的类型"
+    "Private key - Tooltip": "公钥证书对应的私钥"
   },
   "code": {
     "Code you received": "验证码",
@@ -268,13 +268,14 @@
     "Admin": "管理工具",
     "Affiliation URL": "工作单位URL",
     "Affiliation URL - Tooltip": "工作单位的官网URL",
-    "All": "全部允许",
+    "All": "全部",
     "Application": "应用",
     "Application - Tooltip": "可以访问的应用",
     "Applications": "应用",
     "Applications that require authentication": "需要认证和鉴权的应用",
     "Apps": "应用列表",
     "Authorization": "Casbin权限管理",
+    "Auto": "Auto",
     "Avatar": "头像",
     "Avatar - Tooltip": "公开展示的用户头像",
     "Back": "返回",
@@ -283,6 +284,8 @@
     "Cancel": "取消",
     "Captcha": "人机验证码",
     "Cart": "购物车",
+    "Category": "Category",
+    "Category - Tooltip": "Category - Tooltip",
     "Cert": "证书",
     "Cert - Tooltip": "该应用所对应的客户端SDK需要验证的公钥证书",
     "Certs": "证书",
@@ -476,6 +479,8 @@
     "SSH type - Tooltip": "SSH连接的认证类型",
     "Save": "保存",
     "Save & Exit": "保存 & 退出",
+    "Scopes": "Scopes",
+    "Scopes - Tooltip": "Scopes - Tooltip",
     "Search": "搜索",
     "Send": "发送",
     "Session ID": "会话ID",
@@ -530,6 +535,7 @@
     "Transactions": "交易",
     "True": "真",
     "Type": "类型",
+    "Type - Tooltip": "Type - Tooltip",
     "URL": "链接",
     "URL - Tooltip": "URL链接",
     "Unknown application name": "未知的应用程序名称",
@@ -867,6 +873,8 @@
   },
   "plan": {
     "Edit Plan": "编辑计划",
+    "Is exclusive": "Is exclusive",
+    "Is exclusive - Tooltip": "Is exclusive - Tooltip",
     "New Plan": "添加计划",
     "Period": "期限",
     "Period - Tooltip": "计划对应的期限",
@@ -897,6 +905,7 @@
     "Amount": "金额",
     "Buy": "购买",
     "Buy Product": "购买商品",
+    "Cart contains invalid products, please delete them before placing an order": "Cart contains invalid products, please delete them before placing an order",
     "Custom amount available": "可自定义金额",
     "Custom price should be greater than zero": "自定义价格必须大于零",
     "Detail - Tooltip": "商品详情",
@@ -909,9 +918,11 @@
     "Image": "图片",
     "Image - Tooltip": "商品图片",
     "Information": "信息",
+    "Invalid product": "Invalid product",
     "Is recharge": "充值",
     "Is recharge - Tooltip": "当前商品是否为充值商品",
     "New Product": "添加商品",
+    "No recharge options available": "No recharge options available",
     "Order created successfully": "订单创建成功",
     "PayPal": "PayPal",
     "Payment cancelled": "支付取消",
@@ -924,12 +935,12 @@
     "Please select at least one payment provider": "请至少选择一个支付提供商",
     "Processing payment...": "正在处理支付...",
     "Product list cannot be empty": "商品列表不能为空",
+    "Product not found or invalid": "Product not found or invalid",
     "Quantity": "库存",
     "Quantity - Tooltip": "库存的数量",
     "Recharge options": "充值选项",
     "Recharge options - Tooltip": "预设充值金额",
-    "Return URL": "返回URL",
-    "Return URL - Tooltip": "购买成功后返回的URL",
+    "Recharge products need to go to the product detail page to set custom amount": "Recharge products need to go to the product detail page to set custom amount",
     "SKU": "货号",
     "Select amount": "选择金额",
     "Sold": "售出",
@@ -972,8 +983,6 @@
     "Can signin": "可用于登录",
     "Can signup": "可用于注册",
     "Can unlink": "可解绑定",
-    "Category": "分类",
-    "Category - Tooltip": "用于对项目或内容进行归类分组的标识",
     "Channel No.": "Channel号码",
     "Channel No. - Tooltip": "标识通信或数据传输通道的唯一编号",
     "Chat ID": "聊天ID",
@@ -990,8 +999,6 @@
     "Content - Tooltip": "消息、通知或文档中包含的具体信息或数据内容",
     "DB test": "数据库测试",
     "DB test - Tooltip": "测试数据库连接是否正常",
-    "Disable SSL": "禁用SSL",
-    "Disable SSL - Tooltip": "与STMP服务器通信时是否禁用SSL协议",
     "Domain": "域名",
     "Domain - Tooltip": "对象存储的自定义域名",
     "Edit Provider": "编辑提供商",
@@ -1074,9 +1081,12 @@
     "SP ACS URL": "SP ACS 网址",
     "SP ACS URL - Tooltip": "服务提供商（SP）的断言消费者服务（ACS）地址",
     "SP Entity ID": "SP 实体 ID",
+    "SSL mode": "SSL mode",
+    "SSL mode - Tooltip": "SSL mode - Tooltip",
     "Scene": "场景",
     "Scene - Tooltip": "表示功能或操作适用的具体业务场景，用于适配不同场景下的逻辑处理",
     "Scope": "范围",
+    "Scope - Tooltip": "Scope - Tooltip",
     "Secret access key": "秘密访问密钥",
     "Secret access key - Tooltip": "与访问密钥配套的私密密钥",
     "Secret key": "密钥",
@@ -1238,6 +1248,9 @@
   },
   "syncer": {
     "API Token / Password": "API Token / Password",
+    "AWS Access Key ID": "AWS Access Key ID",
+    "AWS Region": "AWS Region",
+    "AWS Secret Access Key": "AWS Secret Access Key",
     "Admin Email": "Admin Email",
     "Affiliation table": "工作单位表",
     "Affiliation table - Tooltip": "工作单位的数据库表名",
@@ -1269,8 +1282,6 @@
     "SSH password": "SSH密码",
     "SSH port": "SSH端口",
     "SSH user": "SSH用户",
-    "SSL mode": "SSL模式",
-    "SSL mode - Tooltip": "连接数据库采用哪种SSL模式",
     "Service account key": "Service account key",
     "Sync interval": "同步间隔",
     "Sync interval - Tooltip": "单位为秒",

web/src/provider/CaptchaProviderFields.js

@@ -0,0 +1,44 @@
+// Copyright 2026 The Casdoor Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+import React from "react";
+import {Col, Row} from "antd";
+import * as Setting from "../Setting";
+import i18next from "i18next";
+import {CaptchaPreview} from "../common/CaptchaPreview";
+
+export function renderCaptchaProviderFields(provider, providerName) {
+  return (
+    <Row style={{marginTop: "20px"}} >
+      <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
+        {Setting.getLabel(i18next.t("general:Preview"), i18next.t("general:Preview - Tooltip"))} :
+      </Col>
+      <Col span={22} >
+        <CaptchaPreview
+          owner={provider.owner}
+          name={provider.name}
+          provider={provider}
+          providerName={providerName}
+          captchaType={provider.type}
+          subType={provider.subType}
+          clientId={provider.clientId}
+          clientSecret={provider.clientSecret}
+          clientId2={provider.clientId2}
+          clientSecret2={provider.clientSecret2}
+          providerUrl={provider.providerUrl}
+        />
+      </Col>
+    </Row>
+  );
+}

web/src/provider/EmailProviderFields.js

@@ -0,0 +1,257 @@
+// Copyright 2026 The Casdoor Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+import React from "react";
+import {Button, Col, Input, InputNumber, Row, Select, Switch} from "antd";
+import {LinkOutlined} from "@ant-design/icons";
+import * as Setting from "../Setting";
+import i18next from "i18next";
+import * as ProviderEditTestEmail from "../common/TestEmailWidget";
+import Editor from "../common/Editor";
+import HttpHeaderTable from "../table/HttpHeaderTable";
+
+const {Option} = Select;
+
+export function renderEmailProviderFields(provider, updateProviderField, renderEmailMappingInput, account) {
+  return (
+    <React.Fragment>
+      {
+        ["Custom HTTP Email", "SendGrid"].includes(provider.type) ? (
+          <Row style={{marginTop: "20px"}} >
+            <Col style={{marginTop: "5px"}} span={2}>
+              {Setting.getLabel(i18next.t("provider:Endpoint"), i18next.t("provider:Region endpoint for Internet"))} :
+            </Col>
+            <Col span={22} >
+              <Input prefix={<LinkOutlined />} value={provider.endpoint} onChange={e => {
+                updateProviderField("endpoint", e.target.value);
+              }} />
+            </Col>
+          </Row>) : null
+      }
+      {provider.type === "Resend" ? null : (
+        <Row style={{marginTop: "20px"}} >
+          <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
+            {Setting.getLabel(i18next.t("provider:Host"), i18next.t("provider:Host - Tooltip"))} :
+          </Col>
+          <Col span={22} >
+            <Input prefix={<LinkOutlined />} value={provider.host} onChange={e => {
+              updateProviderField("host", e.target.value);
+            }} />
+          </Col>
+        </Row>
+      )}
+      {["Azure ACS", "SendGrid", "Resend"].includes(provider.type) ? null : (
+        <Row style={{marginTop: "20px"}} >
+          <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
+            {Setting.getLabel(i18next.t("provider:Port"), i18next.t("provider:Port - Tooltip"))} :
+          </Col>
+          <Col span={22} >
+            <InputNumber value={provider.port} onChange={value => {
+              updateProviderField("port", value);
+            }} />
+          </Col>
+        </Row>
+      )}
+      {["Azure ACS", "SendGrid", "Resend"].includes(provider.type) ? null : (
+        <Row style={{marginTop: "20px"}} >
+          <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
+            {Setting.getLabel(i18next.t("provider:SSL mode"), i18next.t("provider:SSL mode - Tooltip"))} :
+          </Col>
+          <Col span={22} >
+            <Select virtual={false} style={{width: "200px"}} value={provider.sslMode || "Auto"} onChange={value => {
+              updateProviderField("sslMode", value);
+            }}>
+              <Option value="Auto">{i18next.t("general:Auto")}</Option>
+              <Option value="Enable">{i18next.t("general:Enable")}</Option>
+              <Option value="Disable">{i18next.t("general:Disable")}</Option>
+            </Select>
+          </Col>
+        </Row>
+      )}
+      <Row style={{marginTop: "20px"}} >
+        <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
+          {Setting.getLabel(i18next.t("provider:Enable proxy"), i18next.t("provider:Enable proxy - Tooltip"))} :
+        </Col>
+        <Col span={1} >
+          <Switch checked={provider.enableProxy} onChange={checked => {
+            updateProviderField("enableProxy", checked);
+          }} />
+        </Col>
+      </Row>
+      {
+        provider.type === "Custom HTTP Email" ? (
+          <React.Fragment>
+            <Row style={{marginTop: "20px"}} >
+              <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
+                {Setting.getLabel(i18next.t("general:Method"), i18next.t("provider:Method - Tooltip"))} :
+              </Col>
+              <Col span={22} >
+                <Select virtual={false} style={{width: "100%"}} value={provider.method} onChange={value => {
+                  updateProviderField("method", value);
+                }}>
+                  {
+                    [
+                      {id: "GET", name: "GET"},
+                      {id: "POST", name: "POST"},
+                      {id: "PUT", name: "PUT"},
+                      {id: "DELETE", name: "DELETE"},
+                    ].map((method, index) => <Option key={index} value={method.id}>{method.name}</Option>)
+                  }
+                </Select>
+              </Col>
+            </Row>
+            {
+              provider.method !== "GET" ? (<Row style={{marginTop: "20px"}} >
+                <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
+                  {Setting.getLabel(i18next.t("webhook:Content type"), i18next.t("webhook:Content type - Tooltip"))} :
+                </Col>
+                <Col span={22} >
+                  <Select virtual={false} style={{width: "100%"}} value={provider.issuerUrl === "" ? "application/x-www-form-urlencoded" : provider.issuerUrl} onChange={value => {
+                    updateProviderField("issuerUrl", value);
+                  }}>
+                    {
+                      [
+                        {id: "application/json", name: "application/json"},
+                        {id: "application/x-www-form-urlencoded", name: "application/x-www-form-urlencoded"},
+                      ].map((method, index) => <Option key={index} value={method.id}>{method.name}</Option>)
+                    }
+                  </Select>
+                </Col>
+              </Row>) : null
+            }
+            <Row style={{marginTop: "20px"}} >
+              <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
+                {Setting.getLabel(i18next.t("provider:HTTP header"), i18next.t("provider:HTTP header - Tooltip"))} :
+              </Col>
+              <Col span={22} >
+                <HttpHeaderTable httpHeaders={provider.httpHeaders} onUpdateTable={(value) => {updateProviderField("httpHeaders", value);}} />
+              </Col>
+            </Row>
+            {provider.method !== "GET" ? <Row style={{marginTop: "20px"}}>
+              <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
+                {Setting.getLabel(i18next.t("provider:HTTP body mapping"), i18next.t("provider:HTTP body mapping - Tooltip"))} :
+              </Col>
+              <Col span={22}>
+                {renderEmailMappingInput()}
+              </Col>
+            </Row> : null}
+          </React.Fragment>
+        ) : null
+      }
+      <Row style={{marginTop: "20px"}} >
+        <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
+          {Setting.getLabel(i18next.t("provider:Email title"), i18next.t("provider:Email title - Tooltip"))} :
+        </Col>
+        <Col span={22} >
+          <Input value={provider.title} onChange={e => {
+            updateProviderField("title", e.target.value);
+          }} />
+        </Col>
+      </Row>
+      <Row style={{marginTop: "20px"}} >
+        <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
+          {Setting.getLabel(i18next.t("provider:Email content"), i18next.t("provider:Email content - Tooltip"))} :
+        </Col>
+        <Col span={22} >
+          <Row style={{marginTop: "20px"}} >
+            <Button style={{marginLeft: "10px", marginBottom: "5px"}} onClick={() => updateProviderField("content", "You have requested a verification code at Casdoor. Here is your code: %s, please enter in 5 minutes. <reset-link>Or click %link to reset</reset-link>")} >
+              {i18next.t("general:Reset to Default")} (Text)
+            </Button>
+            <Button style={{marginLeft: "10px", marginBottom: "5px"}} type="primary" onClick={() => updateProviderField("content", Setting.getDefaultHtmlEmailContent())} >
+              {i18next.t("general:Reset to Default")} (HTML)
+            </Button>
+          </Row>
+          <Row>
+            <Col span={Setting.isMobile() ? 22 : 11}>
+              <div style={{height: "300px", margin: "10px"}}>
+                <Editor
+                  value={provider.content}
+                  fillHeight
+                  dark
+                  lang="html"
+                  onChange={value => {
+                    updateProviderField("content", value);
+                  }}
+                />
+              </div>
+            </Col>
+            <Col span={1} />
+            <Col span={Setting.isMobile() ? 22 : 11}>
+              <div style={{margin: "10px"}}>
+                <div dangerouslySetInnerHTML={{__html: provider.content.replace("%s", "123456").replace("%{user.friendlyName}", Setting.getFriendlyUserName(account))}} />
+              </div>
+            </Col>
+          </Row>
+        </Col>
+      </Row>
+      <Row style={{marginTop: "20px"}} >
+        <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
+          {Setting.getLabel(`${i18next.t("provider:Email content")}-${i18next.t("general:Invitations")}`, i18next.t("provider:Email content - Tooltip"))} :
+        </Col>
+        <Col span={22} >
+          <Row style={{marginTop: "20px"}} >
+            <Button style={{marginLeft: "10px", marginBottom: "5px"}} onClick={() => updateProviderField("metadata", "You have invited to join Casdoor. Here is your invitation code: %s, please enter in 5 minutes. Or click %link to signup")} >
+              {i18next.t("general:Reset to Default")} (Text)
+            </Button>
+            <Button style={{marginLeft: "10px", marginBottom: "5px"}} type="primary" onClick={() => updateProviderField("metadata", Setting.getDefaultInvitationHtmlEmailContent())} >
+              {i18next.t("general:Reset to Default")} (HTML)
+            </Button>
+          </Row>
+          <Row>
+            <Col span={Setting.isMobile() ? 22 : 11}>
+              <div style={{height: "300px", margin: "10px"}}>
+                <Editor
+                  value={provider.metadata}
+                  fillHeight
+                  dark
+                  lang="html"
+                  onChange={value => {
+                    updateProviderField("metadata", value);
+                  }}
+                />
+              </div>
+            </Col>
+            <Col span={1} />
+            <Col span={Setting.isMobile() ? 22 : 11}>
+              <div style={{margin: "10px"}}>
+                <div dangerouslySetInnerHTML={{__html: provider.metadata.replace("%code", "123456").replace("%s", "123456")}} />
+              </div>
+            </Col>
+          </Row>
+        </Col>
+      </Row>
+      <Row style={{marginTop: "20px"}}>
+        <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
+          {Setting.getLabel(i18next.t("provider:Test Email"), i18next.t("provider:Test Email - Tooltip"))} :
+        </Col>
+        <Col span={4}>
+          <Input value={provider.receiver} placeholder={i18next.t("user:Input your email")}
+            onChange={e => {
+              updateProviderField("receiver", e.target.value);
+            }} />
+        </Col>
+        {["Azure ACS", "SendGrid", "Resend"].includes(provider.type) ? null : (
+          <Button style={{marginLeft: "10px", marginBottom: "5px"}} onClick={() => ProviderEditTestEmail.connectSmtpServer(provider)} >
+            {i18next.t("provider:Test SMTP Connection")}
+          </Button>
+        )}
+        <Button style={{marginLeft: "10px", marginBottom: "5px"}} type="primary"
+          disabled={!Setting.isValidEmail(provider.receiver)}
+          onClick={() => ProviderEditTestEmail.sendTestEmail(provider, provider.receiver)} >
+          {i18next.t("provider:Send Testing Email")}
+        </Button>
+      </Row>
+    </React.Fragment>
+  );
+}

web/src/provider/FaceIDProviderFields.js

@@ -0,0 +1,48 @@
+// Copyright 2026 The Casdoor Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+import React from "react";
+import {Col, Input, Row} from "antd";
+import {LinkOutlined} from "@ant-design/icons";
+import * as Setting from "../Setting";
+import i18next from "i18next";
+
+export function renderFaceIdProviderFields(provider, updateProviderField) {
+  return (
+    <>
+      {["Alibaba Cloud Facebody"].includes(provider.type) ? null : (
+        <Row style={{marginTop: "20px"}} >
+          <Col style={{marginTop: "5px"}} span={2}>
+            {Setting.getLabel(i18next.t("provider:Endpoint (Intranet)"), i18next.t("provider:Region endpoint for Intranet"))} :
+          </Col>
+          <Col span={22} >
+            <Input prefix={<LinkOutlined />} value={provider.intranetEndpoint} onChange={e => {
+              updateProviderField("intranetEndpoint", e.target.value);
+            }} />
+          </Col>
+        </Row>
+      )}
+      <Row style={{marginTop: "20px"}} >
+        <Col style={{marginTop: "5px"}} span={2}>
+          {Setting.getLabel(i18next.t("provider:Endpoint"), i18next.t("provider:Region endpoint for Internet"))} :
+        </Col>
+        <Col span={22} >
+          <Input prefix={<LinkOutlined />} value={provider.endpoint} onChange={e => {
+            updateProviderField("endpoint", e.target.value);
+          }} />
+        </Col>
+      </Row>
+    </>
+  );
+}

web/src/provider/IDVerificationProviderFields.js

@@ -0,0 +1,34 @@
+// Copyright 2026 The Casdoor Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+import React from "react";
+import {Col, Input, Row} from "antd";
+import {LinkOutlined} from "@ant-design/icons";
+import * as Setting from "../Setting";
+import i18next from "i18next";
+
+export function renderIDVerificationProviderFields(provider, updateProviderField) {
+  return (
+    <Row style={{marginTop: "20px"}} >
+      <Col style={{marginTop: "5px"}} span={2}>
+        {Setting.getLabel(i18next.t("provider:Endpoint"), i18next.t("provider:Region endpoint for Internet"))} :
+      </Col>
+      <Col span={22} >
+        <Input prefix={<LinkOutlined />} value={provider.endpoint} onChange={e => {
+          updateProviderField("endpoint", e.target.value);
+        }} />
+      </Col>
+    </Row>
+  );
+}

web/src/provider/MfaProviderFields.js

@@ -0,0 +1,56 @@
+// Copyright 2026 The Casdoor Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+import React from "react";
+import {Col, Input, InputNumber, Row} from "antd";
+import {LinkOutlined} from "@ant-design/icons";
+import * as Setting from "../Setting";
+import i18next from "i18next";
+
+export function renderMfaProviderFields(provider, updateProviderField) {
+  return (
+    <React.Fragment>
+      <Row style={{marginTop: "20px"}} >
+        <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
+          {Setting.getLabel(i18next.t("provider:Host"), i18next.t("provider:Host - Tooltip"))} :
+        </Col>
+        <Col span={22} >
+          <Input prefix={<LinkOutlined />} value={provider.host} placeholder="10.10.10.10" onChange={e => {
+            updateProviderField("host", e.target.value);
+          }} />
+        </Col>
+      </Row>
+      <Row style={{marginTop: "20px"}} >
+        <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
+          {Setting.getLabel(i18next.t("provider:Port"), i18next.t("provider:Port - Tooltip"))} :
+        </Col>
+        <Col span={22} >
+          <InputNumber value={provider.port} onChange={value => {
+            updateProviderField("port", value);
+          }} />
+        </Col>
+      </Row>
+      <Row style={{marginTop: "20px"}} >
+        <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
+          {Setting.getLabel(i18next.t("provider:Client secret"), i18next.t("provider:RADIUS Shared Secret - Tooltip"))} :
+        </Col>
+        <Col span={22} >
+          <Input value={provider.clientSecret} placeholder="Shared secret" onChange={e => {
+            updateProviderField("clientSecret", e.target.value);
+          }} />
+        </Col>
+      </Row>
+    </React.Fragment>
+  );
+}

web/src/provider/NotificationProviderFields.js

@@ -0,0 +1,103 @@
+// Copyright 2026 The Casdoor Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+import React from "react";
+import {Button, Col, Input, Row, Select} from "antd";
+import * as Setting from "../Setting";
+import i18next from "i18next";
+import * as ProviderNotification from "../common/TestNotificationWidget";
+
+const {Option} = Select;
+const {TextArea} = Input;
+
+export function renderNotificationProviderFields(provider, updateProviderField, getReceiverRow) {
+  return (
+    <React.Fragment>
+      {["CUCloud"].includes(provider.type) ? (
+        <Row style={{marginTop: "20px"}} >
+          <Col style={{marginTop: "5px"}} span={2}>
+            {["Casdoor"].includes(provider.type) ?
+              Setting.getLabel(i18next.t("general:Application"), i18next.t("general:Application - Tooltip")) :
+              Setting.getLabel(i18next.t("provider:Region ID"), i18next.t("provider:Region ID - Tooltip"))} :
+          </Col>
+          <Col span={22} >
+            <Input value={provider.regionId} onChange={e => {
+              updateProviderField("regionId", e.target.value);
+            }} />
+          </Col>
+        </Row>
+      ) : null}
+      {["Custom HTTP"].includes(provider.type) ? (
+        <Row style={{marginTop: "20px"}} >
+          <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
+            {Setting.getLabel(i18next.t("general:Method"), i18next.t("provider:Method - Tooltip"))} :
+          </Col>
+          <Col span={22} >
+            <Select virtual={false} style={{width: "100%"}} value={provider.method} onChange={value => {
+              updateProviderField("method", value);
+            }}>
+              {
+                [
+                  {id: "GET", name: "GET"},
+                  {id: "POST", name: "POST"},
+                ].map((method, index) => <Option key={index} value={method.id}>{method.name}</Option>)
+              }
+            </Select>
+          </Col>
+        </Row>
+      ) : null}
+      {["Custom HTTP", "CUCloud"].includes(provider.type) ? (
+        <Row style={{marginTop: "20px"}} >
+          <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
+            {Setting.getLabel(i18next.t("provider:Parameter"), i18next.t("provider:Parameter - Tooltip"))} :
+          </Col>
+          <Col span={22} >
+            <Input value={provider.title} onChange={e => {
+              updateProviderField("title", e.target.value);
+            }} />
+          </Col>
+        </Row>
+      ) : null}
+      {["Google Chat", "CUCloud"].includes(provider.type) ? (
+        <Row style={{marginTop: "20px"}} >
+          <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
+            {Setting.getLabel(i18next.t("provider:Metadata"), i18next.t("provider:Metadata - Tooltip"))} :
+          </Col>
+          <Col span={22}>
+            <TextArea rows={4} value={provider.metadata} onChange={e => {
+              updateProviderField("metadata", e.target.value);
+            }} />
+          </Col>
+        </Row>
+      ) : null}
+      <Row style={{marginTop: "20px"}} >
+        <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
+          {Setting.getLabel(i18next.t("provider:Content"), i18next.t("provider:Content - Tooltip"))} :
+        </Col>
+        <Col span={22} >
+          <TextArea autoSize={{minRows: 3, maxRows: 100}} value={provider.content} onChange={e => {
+            updateProviderField("content", e.target.value);
+          }} />
+        </Col>
+      </Row>
+      <Row style={{marginTop: "20px"}} >
+        {getReceiverRow(provider)}
+        <Button style={{marginLeft: "10px", marginBottom: "5px"}} type="primary"
+          onClick={() => ProviderNotification.sendTestNotification(provider)} >
+          {i18next.t("provider:Send Testing Notification")}
+        </Button>
+      </Row>
+    </React.Fragment>
+  );
+}

web/src/provider/OAuthProviderFields.js

@@ -0,0 +1,218 @@
+// Copyright 2026 The Casdoor Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+import React from "react";
+import {Col, Input, Radio, Row, Switch} from "antd";
+import {LinkOutlined} from "@ant-design/icons";
+import * as Setting from "../Setting";
+import i18next from "i18next";
+
+const {TextArea} = Input;
+
+export function renderOAuthProviderFields(provider, updateProviderField, renderUserMappingInput) {
+  const getDomainLabel = provider => {
+    switch (provider.category) {
+    case "OAuth":
+      if (provider.type === "AzureAD" || provider.type === "AzureADB2C") {
+        return Setting.getLabel(i18next.t("provider:Tenant ID"), i18next.t("provider:Tenant ID - Tooltip"));
+      } else {
+        return Setting.getLabel(i18next.t("provider:Domain"), i18next.t("provider:Domain - Tooltip"));
+      }
+    default:
+      return Setting.getLabel(i18next.t("provider:Domain"), i18next.t("provider:Domain - Tooltip"));
+    }
+  };
+
+  return (
+    <React.Fragment>
+      <Row style={{marginTop: "20px"}} >
+        <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
+          {Setting.getLabel(i18next.t("provider:Email regex"), i18next.t("provider:Email regex - Tooltip"))} :
+        </Col>
+        <Col span={22}>
+          <TextArea rows={4} value={provider.emailRegex} onChange={e => {
+            updateProviderField("emailRegex", e.target.value);
+          }} />
+        </Col>
+      </Row>
+      {
+        provider.type !== "WeChat" ? null : (
+          <React.Fragment>
+            <Row style={{marginTop: "20px"}} >
+              <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
+                {Setting.getLabel(i18next.t("provider:Use WeChat Media Platform in PC"), i18next.t("provider:Use WeChat Media Platform in PC - Tooltip"))} :
+              </Col>
+              <Col span={1} >
+                <Switch disabled={!provider.clientId} checked={provider.disableSsl} onChange={checked => {
+                  updateProviderField("disableSsl", checked);
+                }} />
+              </Col>
+            </Row>
+            <Row style={{marginTop: "20px"}} >
+              <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
+                {Setting.getLabel(i18next.t("token:Access token"), i18next.t("token:Access token - Tooltip"))} :
+              </Col>
+              <Col span={22} >
+                <Input value={provider.content} disabled={!provider.disableSsl || !provider.clientId2} onChange={e => {
+                  updateProviderField("content", e.target.value);
+                }} />
+              </Col>
+            </Row>
+            <Row style={{marginTop: "20px"}} >
+              <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
+                {Setting.getLabel(i18next.t("provider:Follow-up action"), i18next.t("provider:Follow-up action - Tooltip"))} :
+              </Col>
+              <Col>
+                <Radio.Group value={provider.signName}
+                  disabled={!provider.disableSsl || !provider.clientId || !provider.clientId2}
+                  buttonStyle="solid"
+                  onChange={e => {
+                    updateProviderField("signName", e.target.value);
+                  }}>
+                  <Radio.Button value="open">{i18next.t("provider:Use WeChat Open Platform to login")}</Radio.Button>
+                  <Radio.Button value="media">{i18next.t("provider:Use WeChat Media Platform to login")}</Radio.Button>
+                </Radio.Group>
+              </Col>
+            </Row>
+          </React.Fragment>
+        )
+      }
+      {
+        provider.type !== "ADFS" && provider.type !== "AzureAD"
+        && provider.type !== "AzureADB2C" && (provider.type !== "Casdoor" && provider.category !== "Storage")
+        && provider.type !== "Okta" && provider.type !== "Nextcloud" ? null : (
+            <Row style={{marginTop: "20px"}} >
+              <Col style={{marginTop: "5px"}} span={2}>
+                {getDomainLabel(provider)} :
+              </Col>
+              <Col span={22} >
+                <Input prefix={<LinkOutlined />} value={provider.domain} onChange={e => {
+                  updateProviderField("domain", e.target.value);
+                }} />
+              </Col>
+            </Row>
+          )
+      }
+      {
+        provider.type !== "Google" && provider.type !== "Lark" ? null : (
+          <Row style={{marginTop: "20px"}} >
+            <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
+              {provider.type === "Google" ?
+                Setting.getLabel(i18next.t("provider:Get phone number"), i18next.t("provider:Get phone number - Tooltip"))
+                : Setting.getLabel(i18next.t("provider:Use global endpoint"), i18next.t("provider:Use global endpoint - Tooltip"))} :
+            </Col>
+            <Col span={1} >
+              <Switch disabled={!provider.clientId} checked={provider.disableSsl} onChange={checked => {
+                updateProviderField("disableSsl", checked);
+              }} />
+            </Col>
+          </Row>
+        )
+      }
+      {
+        provider.type.startsWith("Custom") ? (
+          <React.Fragment>
+            <Col>
+              <Row style={{marginTop: "20px"}} >
+                <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
+                  {Setting.getLabel(i18next.t("provider:Auth URL"), i18next.t("provider:Auth URL - Tooltip"))}
+                </Col>
+                <Col span={22} >
+                  <Input value={provider.customAuthUrl} onChange={e => {
+                    updateProviderField("customAuthUrl", e.target.value);
+                  }} />
+                </Col>
+              </Row>
+              <Row style={{marginTop: "20px"}} >
+                <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
+                  {Setting.getLabel(i18next.t("provider:Token URL"), i18next.t("provider:Token URL - Tooltip"))}
+                </Col>
+                <Col span={22} >
+                  <Input value={provider.customTokenUrl} onChange={e => {
+                    updateProviderField("customTokenUrl", e.target.value);
+                  }} />
+                </Col>
+              </Row>
+              <Row style={{marginTop: "20px"}} >
+                <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
+                  {Setting.getLabel(i18next.t("provider:Scope"), i18next.t("provider:Scope - Tooltip"))}
+                </Col>
+                <Col span={22} >
+                  <Input value={provider.scopes} onChange={e => {
+                    updateProviderField("scopes", e.target.value);
+                  }} />
+                </Col>
+              </Row>
+              <Row style={{marginTop: "20px"}} >
+                <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
+                  {Setting.getLabel(i18next.t("provider:UserInfo URL"), i18next.t("provider:UserInfo URL - Tooltip"))}
+                </Col>
+                <Col span={22} >
+                  <Input value={provider.customUserInfoUrl} onChange={e => {
+                    updateProviderField("customUserInfoUrl", e.target.value);
+                  }} />
+                </Col>
+              </Row>
+              <Row style={{marginTop: "20px"}} >
+                <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
+                  {Setting.getLabel(i18next.t("provider:Enable PKCE"), i18next.t("provider:Enable PKCE - Tooltip"))} :
+                </Col>
+                <Col span={22} >
+                  <Switch checked={provider.enablePkce} onChange={checked => {
+                    updateProviderField("enablePkce", checked);
+                  }} />
+                </Col>
+              </Row>
+            </Col>
+            <Row style={{marginTop: "20px"}} >
+              <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
+                {Setting.getLabel(i18next.t("provider:User mapping"), i18next.t("provider:User mapping - Tooltip"))} :
+              </Col>
+              <Col span={22} >
+                {renderUserMappingInput()}
+              </Col>
+            </Row>
+            <Row style={{marginTop: "20px"}} >
+              <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
+                {Setting.getLabel(i18next.t("general:Favicon"), i18next.t("general:Favicon - Tooltip"))} :
+              </Col>
+              <Col span={22} >
+                <Row style={{marginTop: "20px"}} >
+                  <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 1}>
+                    {Setting.getLabel(i18next.t("general:URL"), i18next.t("general:URL - Tooltip"))} :
+                  </Col>
+                  <Col span={23} >
+                    <Input prefix={<LinkOutlined />} value={provider.customLogo} onChange={e => {
+                      updateProviderField("customLogo", e.target.value);
+                    }} />
+                  </Col>
+                </Row>
+                <Row style={{marginTop: "20px"}} >
+                  <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 1}>
+                    {i18next.t("general:Preview")}:
+                  </Col>
+                  <Col span={23} >
+                    <a target="_blank" rel="noreferrer" href={provider.customLogo}>
+                      <img src={provider.customLogo} alt={provider.customLogo} height={90} style={{marginBottom: "20px"}} />
+                    </a>
+                  </Col>
+                </Row>
+              </Col>
+            </Row>
+          </React.Fragment>
+        ) : null
+      }
+    </React.Fragment>
+  );
+}

web/src/provider/PaymentProviderFields.js

@@ -0,0 +1,72 @@
+// Copyright 2026 The Casdoor Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+import React from "react";
+import {Col, Input, Row, Select} from "antd";
+import * as Setting from "../Setting";
+import i18next from "i18next";
+import {LinkOutlined} from "@ant-design/icons";
+
+const {Option} = Select;
+
+export function renderPaymentProviderFields(provider, updateProviderField, certs) {
+  return (
+    <React.Fragment>
+      {
+        (provider.type === "Alipay" || provider.type === "WeChat Pay" || provider.type === "Casdoor") ? (
+          <Row style={{marginTop: "20px"}} >
+            <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
+              {Setting.getLabel(i18next.t("general:Cert"), i18next.t("general:Cert - Tooltip"))} :
+            </Col>
+            <Col span={22} >
+              <Select virtual={false} style={{width: "100%"}} value={provider.cert} onChange={(value => {updateProviderField("cert", value);})}>
+                {
+                  certs.map((cert, index) => <Option key={index} value={cert.name}>{cert.name}</Option>)
+                }
+              </Select>
+            </Col>
+          </Row>
+        ) : null
+      }
+      {
+        (provider.type === "Alipay") ? (
+          <Row style={{marginTop: "20px"}} >
+            <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
+              {Setting.getLabel(i18next.t("general:Root cert"), i18next.t("general:Root cert - Tooltip"))} :
+            </Col>
+            <Col span={22} >
+              <Select virtual={false} style={{width: "100%"}} value={provider.metadata} onChange={(value => {updateProviderField("metadata", value);})}>
+                {
+                  certs.map((cert, index) => <Option key={index} value={cert.name}>{cert.name}</Option>)
+                }
+              </Select>
+            </Col>
+          </Row>
+        ) : null
+      }
+      {(provider.type === "GC" || provider.type === "FastSpring") ? (
+        <Row style={{marginTop: "20px"}}>
+          <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
+            {Setting.getLabel(i18next.t("provider:Host"), i18next.t("provider:Host - Tooltip"))} :
+          </Col>
+          <Col span={22}>
+            <Input prefix={<LinkOutlined />} value={provider.host} onChange={e => {
+              updateProviderField("host", e.target.value);
+            }} />
+          </Col>
+        </Row>
+      ) : null}
+    </React.Fragment>
+  );
+}

web/src/provider/SamlProviderFields.js

@@ -0,0 +1,133 @@
+// Copyright 2026 The Casdoor Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+import React from "react";
+import {Button, Col, Input, Row, Switch} from "antd";
+import * as Setting from "../Setting";
+import i18next from "i18next";
+import {authConfig} from "../auth/Auth";
+import copy from "copy-to-clipboard";
+
+const {TextArea} = Input;
+
+export function renderSamlProviderFields(provider, updateProviderField, metadataConfig) {
+  const {requestUrl, setRequestUrl, metadataLoading, fetchSamlMetadata, parseSamlMetadata} = metadataConfig;
+  return (
+    <React.Fragment>
+      <Row style={{marginTop: "20px"}} >
+        <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
+          {Setting.getLabel(i18next.t("provider:Sign request"), i18next.t("provider:Sign request - Tooltip"))} :
+        </Col>
+        <Col span={22} >
+          <Switch checked={provider.enableSignAuthnRequest} onChange={checked => {
+            updateProviderField("enableSignAuthnRequest", checked);
+          }} />
+        </Col>
+      </Row>
+      <Row style={{marginTop: "20px"}} >
+        <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
+          {Setting.getLabel(i18next.t("provider:Metadata url"), i18next.t("provider:Metadata url - Tooltip"))} :
+        </Col>
+        <Col span={6} >
+          <Input value={requestUrl} onChange={e => {
+            setRequestUrl(e.target.value);
+          }} />
+        </Col>
+        <Col span={16} >
+          <Button style={{marginLeft: "10px"}} type="primary" loading={metadataLoading} onClick={() => {fetchSamlMetadata();}}>{i18next.t("general:Request")}</Button>
+        </Col>
+      </Row>
+      <Row style={{marginTop: "20px"}} >
+        <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
+          {Setting.getLabel(i18next.t("provider:Metadata"), i18next.t("provider:Metadata - Tooltip"))} :
+        </Col>
+        <Col span={22}>
+          <TextArea rows={4} value={provider.metadata} onChange={e => {
+            updateProviderField("metadata", e.target.value);
+          }} />
+        </Col>
+      </Row>
+      <Row style={{marginTop: "20px"}}>
+        <Col style={{marginTop: "5px"}} span={2} />
+        <Col span={2}>
+          <Button type="primary" onClick={() => {parseSamlMetadata();}}>
+            {i18next.t("provider:Parse")}
+          </Button>
+        </Col>
+      </Row>
+      <Row style={{marginTop: "20px"}} >
+        <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
+          {Setting.getLabel(i18next.t("provider:Endpoint"), i18next.t("provider:SAML 2.0 Endpoint (HTTP)"))} :
+        </Col>
+        <Col span={22} >
+          <Input value={provider.endpoint} onChange={e => {
+            updateProviderField("endpoint", e.target.value);
+          }} />
+        </Col>
+      </Row>
+      <Row style={{marginTop: "20px"}} >
+        <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
+          {Setting.getLabel(i18next.t("provider:IdP"), i18next.t("provider:IdP certificate"))} :
+        </Col>
+        <Col span={22} >
+          <Input value={provider.idP} onChange={e => {
+            updateProviderField("idP", e.target.value);
+          }} />
+        </Col>
+      </Row>
+      <Row style={{marginTop: "20px"}} >
+        <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
+          {Setting.getLabel(i18next.t("provider:Issuer URL"), i18next.t("provider:Issuer URL - Tooltip"))} :
+        </Col>
+        <Col span={22} >
+          <Input value={provider.issuerUrl} onChange={e => {
+            updateProviderField("issuerUrl", e.target.value);
+          }} />
+        </Col>
+      </Row>
+      <Row style={{marginTop: "20px"}} >
+        <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
+          {Setting.getLabel(i18next.t("provider:SP ACS URL"), i18next.t("provider:SP ACS URL - Tooltip"))} :
+        </Col>
+        <Col span={21} >
+          <Input value={`${authConfig.serverUrl}/api/acs`} readOnly="readonly" />
+        </Col>
+        <Col span={1}>
+          <Button type="primary" onClick={() => {
+            copy(`${authConfig.serverUrl}/api/acs`);
+            Setting.showMessage("success", i18next.t("general:Copied to clipboard successfully"));
+          }}>
+            {i18next.t("general:Copy")}
+          </Button>
+        </Col>
+      </Row>
+      <Row style={{marginTop: "20px"}} >
+        <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
+          {Setting.getLabel(i18next.t("provider:SP Entity ID"), i18next.t("provider:SP Entity ID - Tooltip"))} :
+        </Col>
+        <Col span={21} >
+          <Input value={`${authConfig.serverUrl}/api/acs`} readOnly="readonly" />
+        </Col>
+        <Col span={1}>
+          <Button type="primary" onClick={() => {
+            copy(`${authConfig.serverUrl}/api/acs`);
+            Setting.showMessage("success", i18next.t("general:Copied to clipboard successfully"));
+          }}>
+            {i18next.t("general:Copy")}
+          </Button>
+        </Col>
+      </Row>
+    </React.Fragment>
+  );
+}

web/src/provider/SmsProviderFields.js

@@ -0,0 +1,182 @@
+// Copyright 2026 The Casdoor Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+import React from "react";
+import {Button, Col, Input, Row, Select, Switch} from "antd";
+import * as Setting from "../Setting";
+import i18next from "i18next";
+import * as ProviderEditTestSms from "../common/TestSmsWidget";
+import {CountryCodeSelect} from "../common/select/CountryCodeSelect";
+import HttpHeaderTable from "../table/HttpHeaderTable";
+import {LinkOutlined} from "@ant-design/icons";
+
+const {Option} = Select;
+
+const SMS_PROVIDERS_WITHOUT_SIGN_NAME = ["Custom HTTP SMS", "Twilio SMS", "Amazon SNS", "Msg91 SMS", "Infobip SMS"];
+const SMS_PROVIDERS_WITHOUT_TEMPLATE_CODE = ["Infobip SMS", "Custom HTTP SMS"];
+
+export function renderSmsProviderFields(provider, updateProviderField, renderSmsMappingInput, account) {
+  return (
+    <React.Fragment>
+      {SMS_PROVIDERS_WITHOUT_SIGN_NAME.includes(provider.type) ?
+        null :
+        (<Row style={{marginTop: "20px"}} >
+          <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
+            {Setting.getLabel(i18next.t("provider:Sign Name"), i18next.t("provider:Sign Name - Tooltip"))} :
+          </Col>
+          <Col span={22} >
+            <Input value={provider.signName} onChange={e => {
+              updateProviderField("signName", e.target.value);
+            }} />
+          </Col>
+        </Row>
+        )
+      }
+      {SMS_PROVIDERS_WITHOUT_TEMPLATE_CODE.includes(provider.type) ?
+        null :
+        (<Row style={{marginTop: "20px"}} >
+          <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
+            {Setting.getLabel(i18next.t("provider:Template code"), i18next.t("provider:Template code - Tooltip"))} :
+          </Col>
+          <Col span={22} >
+            <Input value={provider.templateCode} onChange={e => {
+              updateProviderField("templateCode", e.target.value);
+            }} />
+          </Col>
+        </Row>
+        )
+      }
+      {
+        provider.type === "Custom HTTP SMS" ? (
+          <React.Fragment>
+            <Row style={{marginTop: "20px"}} >
+              <Col style={{marginTop: "5px"}} span={2}>
+                {Setting.getLabel(i18next.t("provider:Endpoint"), i18next.t("provider:Region endpoint for Internet"))} :
+              </Col>
+              <Col span={22} >
+                <Input prefix={<LinkOutlined />} value={provider.endpoint} onChange={e => {
+                  updateProviderField("endpoint", e.target.value);
+                }} />
+              </Col>
+            </Row>
+            <Row style={{marginTop: "20px"}} >
+              <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
+                {Setting.getLabel(i18next.t("general:Method"), i18next.t("provider:Method - Tooltip"))} :
+              </Col>
+              <Col span={22} >
+                <Select virtual={false} style={{width: "100%"}} value={provider.method} onChange={value => {
+                  updateProviderField("method", value);
+                }}>
+                  {
+                    [
+                      {id: "GET", name: "GET"},
+                      {id: "POST", name: "POST"},
+                      {id: "PUT", name: "PUT"},
+                      {id: "DELETE", name: "DELETE"},
+                    ].map((method, index) => <Option key={index} value={method.id}>{method.name}</Option>)
+                  }
+                </Select>
+              </Col>
+            </Row>
+            {
+              provider.method !== "GET" ? (<Row style={{marginTop: "20px"}} >
+                <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
+                  {Setting.getLabel(i18next.t("webhook:Content type"), i18next.t("webhook:Content type - Tooltip"))} :
+                </Col>
+                <Col span={22} >
+                  <Select virtual={false} style={{width: "100%"}} value={provider.issuerUrl === "" ? "application/x-www-form-urlencoded" : provider.issuerUrl} onChange={value => {
+                    updateProviderField("issuerUrl", value);
+                  }}>
+                    {
+                      [
+                        {id: "application/json", name: "application/json"},
+                        {id: "application/x-www-form-urlencoded", name: "application/x-www-form-urlencoded"},
+                      ].map((method, index) => <Option key={index} value={method.id}>{method.name}</Option>)
+                    }
+                  </Select>
+                </Col>
+              </Row>) : null
+            }
+            <Row style={{marginTop: "20px"}} >
+              <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
+                {Setting.getLabel(i18next.t("provider:HTTP header"), i18next.t("provider:HTTP header - Tooltip"))} :
+              </Col>
+              <Col span={22} >
+                <HttpHeaderTable httpHeaders={provider.httpHeaders} onUpdateTable={(value) => {updateProviderField("httpHeaders", value);}} />
+              </Col>
+            </Row>
+            {provider.method !== "GET" ? <Row style={{marginTop: "20px"}}>
+              <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
+                {Setting.getLabel(i18next.t("provider:HTTP body mapping"), i18next.t("provider:HTTP body mapping - Tooltip"))} :
+              </Col>
+              <Col span={22}>
+                {renderSmsMappingInput()}
+              </Col>
+            </Row> : null}
+            <Row style={{marginTop: "20px"}} >
+              <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
+                {Setting.getLabel(i18next.t("provider:Parameter"), i18next.t("provider:Parameter - Tooltip"))} :
+              </Col>
+              <Col span={22} >
+                <Input value={provider.title} onChange={e => {
+                  updateProviderField("title", e.target.value);
+                }} />
+              </Col>
+            </Row>
+          </React.Fragment>
+        ) : null
+      }
+      <Row style={{marginTop: "20px"}} >
+        <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
+          {Setting.getLabel(i18next.t("provider:Enable proxy"), i18next.t("provider:Enable proxy - Tooltip"))} :
+        </Col>
+        <Col span={1} >
+          <Switch checked={provider.enableProxy} onChange={checked => {
+            updateProviderField("enableProxy", checked);
+          }} />
+        </Col>
+      </Row>
+      <Row style={{marginTop: "20px"}} >
+        <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
+          {Setting.getLabel(i18next.t("provider:SMS Test"), i18next.t("provider:SMS Test - Tooltip"))} :
+        </Col>
+        <Col span={4} >
+          <Input.Group compact>
+            <CountryCodeSelect
+              style={{width: "90px"}}
+              initValue={provider.content}
+              onChange={(value) => {
+                updateProviderField("content", value);
+              }}
+              countryCodes={account.organization.countryCodes}
+            />
+            <Input value={provider.receiver}
+              style={{width: "150px"}}
+              placeholder = {i18next.t("user:Input your phone number")}
+              onChange={e => {
+                updateProviderField("receiver", e.target.value);
+              }} />
+          </Input.Group>
+        </Col>
+        <Col span={2} >
+          <Button style={{marginLeft: "10px", marginBottom: "5px"}} type="primary"
+            disabled={!Setting.isValidPhone(provider.receiver) || (provider.type === "Custom HTTP SMS" && provider.endpoint === "")}
+            onClick={() => ProviderEditTestSms.sendTestSms(provider, "+" + Setting.getCountryCode(provider.content) + provider.receiver)} >
+            {i18next.t("provider:Send Testing SMS")}
+          </Button>
+        </Col>
+      </Row>
+    </React.Fragment>
+  );
+}

web/src/provider/StorageProviderFields.js

@@ -0,0 +1,112 @@
+// Copyright 2026 The Casdoor Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+import React from "react";
+import {Col, Input, Row} from "antd";
+import {LinkOutlined} from "@ant-design/icons";
+import * as Setting from "../Setting";
+import i18next from "i18next";
+
+export function renderStorageProviderFields(provider, updateProviderField) {
+  return (
+    <React.Fragment>
+      {["Local File System", "MinIO", "Tencent Cloud COS", "Google Cloud Storage", "Qiniu Cloud Kodo", "Synology", "Casdoor"].includes(provider.type) ? null : (
+        <Row style={{marginTop: "20px"}} >
+          <Col style={{marginTop: "5px"}} span={2}>
+            {Setting.getLabel(i18next.t("provider:Endpoint (Intranet)"), i18next.t("provider:Region endpoint for Intranet"))} :
+          </Col>
+          <Col span={22} >
+            <Input prefix={<LinkOutlined />} value={provider.intranetEndpoint} onChange={e => {
+              updateProviderField("intranetEndpoint", e.target.value);
+            }} />
+          </Col>
+        </Row>
+      )}
+      {["Local File System"].includes(provider.type) ? null : (
+        <Row style={{marginTop: "20px"}} >
+          <Col style={{marginTop: "5px"}} span={2}>
+            {Setting.getLabel(i18next.t("provider:Endpoint"), i18next.t("provider:Region endpoint for Internet"))} :
+          </Col>
+          <Col span={22} >
+            <Input prefix={<LinkOutlined />} value={provider.endpoint} onChange={e => {
+              updateProviderField("endpoint", e.target.value);
+            }} />
+          </Col>
+        </Row>
+      )}
+      {["Local File System"].includes(provider.type) ? null : (
+        <Row style={{marginTop: "20px"}} >
+          <Col style={{marginTop: "5px"}} span={2}>
+            {["Casdoor"].includes(provider.type) ?
+              Setting.getLabel(i18next.t("general:Provider"), i18next.t("general:Provider - Tooltip"))
+              : Setting.getLabel(i18next.t("provider:Bucket"), i18next.t("provider:Bucket - Tooltip"))} :
+          </Col>
+          <Col span={22} >
+            <Input value={provider.bucket} onChange={e => {
+              updateProviderField("bucket", e.target.value);
+            }} />
+          </Col>
+        </Row>
+      )}
+      <Row style={{marginTop: "20px"}} >
+        <Col style={{marginTop: "5px"}} span={2}>
+          {Setting.getLabel(i18next.t("provider:Path prefix"), i18next.t("provider:Path prefix - Tooltip"))} :
+        </Col>
+        <Col span={22} >
+          <Input value={provider.pathPrefix} onChange={e => {
+            updateProviderField("pathPrefix", e.target.value);
+          }} />
+        </Col>
+      </Row>
+      {["Synology", "Casdoor"].includes(provider.type) ? null : (
+        <Row style={{marginTop: "20px"}} >
+          <Col style={{marginTop: "5px"}} span={2}>
+            {Setting.getLabel(i18next.t("provider:Domain"), i18next.t("provider:Domain - Tooltip"))} :
+          </Col>
+          <Col span={22} >
+            <Input prefix={<LinkOutlined />} value={provider.domain} disabled={provider.type === "Local File System"} onChange={e => {
+              updateProviderField("domain", e.target.value);
+            }} />
+          </Col>
+        </Row>
+      )}
+      {["Casdoor"].includes(provider.type) ? (
+        <Row style={{marginTop: "20px"}} >
+          <Col style={{marginTop: "5px"}} span={2}>
+            {Setting.getLabel(i18next.t("general:Organization"), i18next.t("general:Organization - Tooltip"))} :
+          </Col>
+          <Col span={22} >
+            <Input value={provider.content} onChange={e => {
+              updateProviderField("content", e.target.value);
+            }} />
+          </Col>
+        </Row>
+      ) : null}
+      {["AWS S3", "Tencent Cloud COS", "Qiniu Cloud Kodo", "Casdoor", "CUCloud OSS", "MinIO"].includes(provider.type) ? (
+        <Row style={{marginTop: "20px"}} >
+          <Col style={{marginTop: "5px"}} span={2}>
+            {["Casdoor"].includes(provider.type) ?
+              Setting.getLabel(i18next.t("general:Application"), i18next.t("general:Application - Tooltip")) :
+              Setting.getLabel(i18next.t("provider:Region ID"), i18next.t("provider:Region ID - Tooltip"))} :
+          </Col>
+          <Col span={22} >
+            <Input value={provider.regionId} onChange={e => {
+              updateProviderField("regionId", e.target.value);
+            }} />
+          </Col>
+        </Row>
+      ) : null}
+    </React.Fragment>
+  );
+}