Skills auth-tool-cloudbase

Use CloudBase Auth tool to configure and manage authentication providers for web applications - enable/disable login methods (SMS, Email, WeChat Open Platform, Google, Anonymous, Username/password, OAuth, SAML, CAS, Dingding, etc.) and configure provider settings via MCP tools `callCloudApi`.

install

source · Clone the upstream repo

git clone https://github.com/openclaw/skills

Claude Code · Install into ~/.claude/skills/

T=$(mktemp -d) && git clone --depth=1 https://github.com/openclaw/skills "$T" && mkdir -p ~/.claude/skills && cp -r "$T/skills/binggg/cloudbase/references/auth-tool" ~/.claude/skills/clawdbot-skills-auth-tool-cloudbase && rm -rf "$T"

manifest: skills/binggg/cloudbase/references/auth-tool/SKILL.md

source content

Overview

Configure CloudBase authentication providers: Anonymous, Username/Password, SMS, Email, WeChat, Google, and more.

Prerequisites: CloudBase environment ID (

env

)

Authentication Scenarios

1. Get Login Strategy

Query current login configuration:

{
    "params": { "EnvId": `env` },
    "service": "lowcode",
    "action": "DescribeLoginStrategy"
}

Returns

LoginStrategy

object or

false

if not configured.

2. Anonymous Login

Get
```
LoginStrategy
```
(see Scenario 1)

Set

LoginStrategy.AnonymousLogin = true

(on) or

false

(off)

Update:

{
    "params": { "EnvId": `env`, ...LoginStrategy },
    "service": "lowcode",
    "action": "ModifyLoginStrategy"
}

3. Username/Password Login

Get
```
LoginStrategy
```
(see Scenario 1)
Set
```
LoginStrategy.UserNameLogin = true
```
(on) or
```
false
```
(off)
Update:

{
    "params": { "EnvId": `env`, ...LoginStrategy },
    "service": "lowcode",
    "action": "ModifyLoginStrategy"
}

4. SMS Login

Get
```
LoginStrategy
```
(see Scenario 1)

Modify:

Turn on:
```
LoginStrategy.PhoneNumberLogin = true
```
Turn off:
```
LoginStrategy.PhoneNumberLogin = false
```

Config (optional):

LoginStrategy.SmsVerificationConfig = {
    Type: 'default',      // 'default' or 'apis'
    Method: 'methodName',
    SmsDayLimit: 30       // -1 = unlimited
}

Update:

{
    "params": { "EnvId": `env`, ...LoginStrategy },
    "service": "lowcode",
    "action": "ModifyLoginStrategy"
}

5. Email Login

Turn on (Tencent Cloud email):

{
    "params": {
        "EnvId": `env`,
        "Id": "email",
        "On": "TRUE",
        "EmailConfig": { "On": "TRUE", "SmtpConfig": {} }
    },
    "service": "tcb",
    "action": "ModifyProvider"
}

Turn off:

{
    "params": { "EnvId": `env`, "Id": "email", "On": "FALSE" },
    "service": "tcb",
    "action": "ModifyProvider"
}

Turn on (custom SMTP):

{
    "params": {
        "EnvId": `env`,
        "Id": "email",
        "On": "TRUE",
        "EmailConfig": {
            "On": "FALSE",
            "SmtpConfig": {
                "AccountPassword": "password",
                "AccountUsername": "username",
                "SecurityMode": "SSL",
                "SenderAddress": "sender@example.com",
                "ServerHost": "smtp.qq.com",
                "ServerPort": 465
            }
        }
    },
    "service": "tcb",
    "action": "ModifyProvider"
}

6. WeChat Login

Get WeChat config:

{
    "params": { "EnvId": `env` },
    "service": "tcb",
    "action": "GetProviders"
}

Filter by

Id == "wx_open"

, save as

WeChatProvider

Get credentials from WeChat Open Platform:
- ```
AppID
```
- ```
AppSecret
```
Update:

{
    "params": {
        "EnvId": `env`,
        "Id": "wx_open",
        "On": "TRUE",  // "FALSE" to disable
        "Config": {
            ...WeChatProvider.Config,
            ClientId: `AppID`,
            ClientSecret: `AppSecret`
        }
    },
    "service": "tcb",
    "action": "ModifyProvider"
}

7. Google Login

Get redirect URI:

{
    "params": { "EnvId": `env` },
    "service": "lowcode",
    "action": "DescribeStaticDomain"
}

Save

result.Data.StaticDomain

staticDomain

Configure at Google Cloud Console:
- Create OAuth 2.0 Client ID
- Set redirect URI:
```
https://{staticDomain}/__auth/
```
- Get
```
Client ID
```
  and
```
Client Secret
```
Enable:

{
    "params": {
        "EnvId": `env`,
        "ProviderType": "OAUTH",
        "Id": "google",
        "On": "TRUE",  // "FALSE" to disable
        "Name": { "Message": "Google" },
        "Description": { "Message": "" },
        "Config": {
            "ClientId": `Client ID`,
            "ClientSecret": `Client Secret`,
            "Scope": "email openid profile",
            "AuthorizationEndpoint": "https://accounts.google.com/o/oauth2/v2/auth",
            "TokenEndpoint": "https://oauth2.googleapis.com/token",
            "UserinfoEndpoint": "https://www.googleapis.com/oauth2/v3/userinfo",
            "TokenEndpointAuthMethod": "CLIENT_SECRET_BASIC",
            "RequestParametersMap": {
                "RegisterUserSyncScope": "syncEveryLogin",
                "IsGoogle": "TRUE"
            }
        },
        "Picture": "https://qcloudimg.tencent-cloud.cn/raw/f9131c00dcbcbccd5899a449d68da3ba.png",
        "TransparentMode": "FALSE",
        "ReuseUserId": "TRUE",
        "AutoSignUpWithProviderUser": "TRUE"
    },
    "service": "tcb",
    "action": "ModifyProvider"
}

8. Get Publishable Key

Query existing key:

{
    "params": { "EnvId": `env`, "KeyType": "publish_key", "PageNumber": 1, "PageSize": 10 },
    "service": "lowcode",
    "action": "DescribeApiKeyTokens"
}

Return

PublishableKey.ApiKey

if exists (filter by

Name == "publish_key"

Create new key (if not exists):

{
    "params": { "EnvId": `env`, "KeyType": "publish_key", "KeyName": "publish_key" },
    "service": "lowcode",
    "action": "CreateApiKeyToken"
}

If creation fails, direct user to: "https://tcb.cloud.tencent.com/dev?envId=`env`#/env/apikey"