All Products
Search

This Product

    Drive and Photo Service:Logon with DingTalk

    Document Center

    Drive and Photo Service:Logon with DingTalk

    Last Updated:Sep 19, 2024

    Photo and Drive Service (PDS) Developer Edition allows users to log on to PDS by using DingTalk to scan a QR code. If you want to allow users to log on to PDS in this way, you must enable logon with DingTalk. This topic describes how to enable logon with DingTalk in the PDS console.

    Prerequisites

    • You have the permissions to perform operations in the PDS console. If a Resource Access Management (RAM) user is used, the AliyunPDSFullAccess permission must be granted to the RAM user. For more information, see Grant permissions to a RAM user.

    • A PDS Developer Edition domain is created. If no PDS domain is available, create a PDS Developer Edition domain first. For more information, see Example of building a cloud disk service.

    • You have the permissions of an enterprise internal developer for DingTalk. If you are not a DingTalk developer, apply for the role first. For more information, see Become a DingTalk developer.

    Procedure

    Step 1: Create an internal application in DingTalk

    1. Log on to the DingTalk Open Platform by using your developer account.

    2. In the top navigation bar, click Application Development.

    3. On the DingTalk Applications page, click Create Application, enter the application information, and then click Save.

      image

      You are navigated to the details page of the DingTalk application.

    Step 2: Configure a redirect URL and grant permissions to the application

    1. Configure the Redirect URL (Callback Domain) parameter.

      In the left-side navigation pane of the DingTalk application details page, click Development Configuration. Configure the Redirect URL (Callback Domain) parameter in the Security Settings section.

      • The redirect URL must be in the https://{domainId}.api.aliyunpds.com/v2/oauth/callback format.

      • If you have enabled and configured a domain name for logon authentication, the redirect URL must be in the https://www.example.com/v2/oauth/callback format.

      • If you have enabled domain name for logon authentication but no domain name is configured, the redirect URL must be in the https://{domainId}.auth.aliyunpds.com/v2/oauth/callback format.

      • If you use a domain that is created before March 2, 2023, the redirect URL must be in the https://{domainId}.auth.aliyunpds.com/v2/oauth/callback format.image

    2. Grant the read permissions on member information to the application.

      1. In the left-side navigation pane of the DingTalk application details page, choose Development Configuration > Permissions.

      2. On the Permissions page, search for Member information read permission and click Apply.

      image

    3. Release the DingTalk application.

      1. In the left-side navigation pane of the DingTalk application details page, choose Application Release > Version Management and Release.

      2. On the page that appears, click Create Version. In the Create Version dialog box, configure the Version, Description, and Application Available Range parameters and click Save.

        image

      3. Click Release.

        image

    Step 3: Enable logon with DingTalk

    1. Obtain the client ID and client secret of the DingTalk application.

      1. In the left-side navigation pane of the DingTalk application details page, choose Basic Information > Credentials and Basic Information.

      2. Save the client ID and client secret in the Application Credentials section.

      image

    2. Enable logon to PDS Developer Edition with DingTalk.

      1. Log on to the PDS console. In the left-side navigation pane, choose Photo and Drive Service (Developer Edition) > Domains.

      2. Find the domain for which you want to enable logon with DingTalk and click Details in the Actions column.

        image

      3. On the domain details page, click the User Systems tab and click Configure next to the Access from OAuth 2.0 Logon Page of PDS parameter. The Configure PDS Logon Page panel appears.

        image

      4. Turn on Enable Logon by DingTalk, enter the client ID and client secret obtained in the previous step for the AppID and AppSecret parameters, and then click OK.

        image

    Step 4: Log on to PDS with DingTalk

    1. When you log on to the PDS console from a browser, the DingTalk login option appears below Other Login Mode.

      image

    2. Click ding login. The DingTalk QR code appears. Scan the QR code to log on.

      image

    FAQ

    How do I obtain the domain ID?

    1. Log on to the PDS console. In the left-side navigation pane, choose Photo and Drive Service (Developer Edition) > Domains.

    2. Find the domain whose ID you want to view and click Details in the Actions column.

    3. The domain ID is displayed next to the ID parameter in the Basic Information section.

    image

    What do I do if the following error is reported during DingTalk logon: The URL parameter does not match the callback domain name configured for the application?

    Check whether the callback domain name is correctly configured for the DingTalk application.

    What do I do if the following error is reported during DingTalk logon: Invalid App ID?

    Check whether the App ID configured for DingTalk in PDS is the same as the client ID of the DingTalk application.

    What do I do if the error persists after the redirect URL for DingTalk logon is corrected?

    If the error persists when you click DingTalk login after you confirm that the redirect URL is correct, release the DingTalk application again.