全部技能 分类浏览
← 返回
未分类

天翼账号扫码登录ASTskill7-1

Use when Tianyi account AST direct authentication is needed, including login, QR code login, checking AST login status, reauth after 401, direct /ast/verify, idToken retrieval, another skill or plugin needing a Tianyi account idToken with business appId, or local agent_session authentication state.
天翼账号 AST 认证 Skill:为合作方业务按 appId 调起登录认证,自动完成扫码、会话复用与验证,返回可用于业务接口的 idToken。
user_990a4550
未分类 community v1.0.2 1 版本 100000 Key: 无需
★ 0
Stars
📥 65
下载
💾 0
安装
1
版本
#latest

概述

天翼账号 AST 直连认证 Skill v7.1

Overview

Use this skill to complete Tianyi account AST login and direct authentication. The public version is tianyi-ast-direct-auth-v7.1; the machine skill name is tianyi-ast-direct-auth-v7-1.

This skill handles one path only: direct authentication through /ast/verify. It does not use gateway mode or /ast/introspect.

Core Workflow

  1. Load runtime config from direct_auth_init.json or explicit caller parameters.
  2. Check local agent_session.json with the bundled Python helper.
  3. Resolve business appId from explicit caller input, runtime parameters, or direct_auth_init.json.
  4. If the session is valid and appId is available, call /ast/verify.
  5. If the session is missing, expired, malformed, or near expiry, start AST login.
  6. Call /ast/login/start, then /ast/login/qrcode.
  7. Show the user the QR image and login link.
  8. When the user says "已登录" or "查登录状态", call /ast/login/status/{ticket}.
  9. On success, persist local session and identity material with the helper.
  10. After local persistence succeeds, call /ast/verify to get idToken + expiresAt.

For code plugins, use scripts/get_id_token.py as the stable CLI wrapper around the same flow.

Read references/login-flow.md for login and pending-state details.

Read references/verify-flow.md for /ast/verify details.

Read references/caller-contract.md when another skill or business flow asks for an idToken.

Read references/auth-result-contract.md when returning auth results to a caller.

Read references/pending-handoff-contract.md when a caller must resume business work after QR login.

Read references/plugin-api-contract.md when a pure code plugin needs a CLI entrypoint.

Read references/partner-skill-template.md when writing a partner business skill.

Read references/local-session-contract.md before handling local files.

Read references/error-handling.md for failure handling.

Trigger Cases

Use this skill when the user or caller asks to:

  • 登录天翼账号
  • 进行天翼账号认证
  • 获取 AST 直连认证凭证
  • 获取 idToken
  • 其他业务 skill 需要天翼账号 idToken
  • 合作方插件需要使用业务 appId 获取天翼账号 idToken
  • 使用业务 appId=xxx 调起天翼账号认证 skill
  • 使用 appId=xxx 获取天翼账号 idToken
  • 检查或复用 agent_session.json
  • 处理业务 401 后重新认证
  • 使用 /ast/verify

Pending Context

After login starts, preserve:

  • pending_skill = "tianyi-ast-direct-auth-v7-1"
  • pending_action = "wait_user_confirm_login"
  • pending_ticket
  • pending_login_url
  • pending_ticket_expires_at
  • pending_last_status
  • pending_business_app_id when provided by a caller
  • pending_caller_skill when invoked by another skill
  • pending_business_intent when the caller must resume business work
  • pending_return_target = "idToken" when the caller expects an idToken

Only treat "已登录", "查登录状态", or equivalent replies as this skill's continuation when pending_skill, pending_action, and pending_ticket all match.

User Replies

Keep user-facing replies short. Show only the QR image, login link, and next action. Do not expose service URLs, local file paths, private key paths, signing plaintext, appId, or trusted-network details.

Success Rule

Login is complete only after:

  1. /ast/login/status/{ticket} returns status=success
  2. agent_session.json is saved successfully
  3. identity material is saved when privateKeyPem is returned

Direct authentication is complete only after /ast/verify returns idToken + expiresAt.

Caller Contract

When another skill invokes this skill as an authentication dependency, this skill owns the full AST login and /ast/verify flow. The caller receives only the resulting idToken + expiresAt for business API use.

The caller must not receive agentSessionToken, private key material, signing plaintext, or local file paths. See references/caller-contract.md.

For pure code plugins:

python scripts/get_id_token.py --app-id <partner-app-id> --json
python scripts/get_id_token.py --app-id <partner-app-id> --allow-login --json
python scripts/get_id_token.py --app-id <partner-app-id> --ticket <ticket> --json

The CLI output follows references/auth-result-contract.md.

Boundaries

  • Do not call /ast/introspect.
  • Do not implement gateway fallback.
  • Do not expose refresh/logout as user actions in v7.1.
  • Do not write appId, ticket, loginUrl, or idToken into agent_session.json.
  • Do not write old login_success.json.

版本历史

共 1 个版本

  • v1.0.2 Initial release 当前
    2026-05-26 09:54 安全 安全

安全检测

腾讯云安全 (Keen)

安全,无风险
查看报告

腾讯云安全 (Sanbu)

安全,无风险
查看报告

🔗 相关推荐

dev-programming

Mcporter

steipete
使用 mcporter CLI 直接列出、配置、认证及调用 MCP 服务器/工具(支持 HTTP 或 stdio),涵盖临时服务器、配置编辑及 CLI/类型生成功能。
★ 197 📥 68,021
dev-programming

Github

steipete
使用 `gh` CLI 与 GitHub 交互,通过 `gh issue`、`gh pr`、`gh run` 和 `gh api` 管理议题、PR、CI 运行及高级查询。
★ 681 📥 329,857
dev-programming

CodeConductor.ai

larsonreever
AI驱动平台,提供快速全栈开发、智能体、工作流自动化及低代码AI集成的可扩展产品创建。
★ 78 📥 182,596

Skill工具集 © 2026