feat(docs): 添加OpenIddict模块文档

aspnet-core/modules/openIddict/LINGYUN.Abp.OpenIddict.Application.Contracts/README.EN.md

@@ -0,0 +1,103 @@
+# LINGYUN.Abp.OpenIddict.Application.Contracts
+
+[![ABP version](https://img.shields.io/badge/dynamic/xml?style=flat-square&color=yellow&label=abp&query=%2F%2FProject%2FPropertyGroup%2FAbpVersion&url=https%3A%2F%2Fraw.githubusercontent.com%2Fcolinin%2Fabp-next-admin%2Fmaster%2Faspnet-core%2Fmodules%2FopenIddict%2FLINGYUN.Abp.OpenIddict.Application.Contracts%2FLINGYUN.Abp.OpenIddict.Application.Contracts.csproj)](https://abp.io)
+[![NuGet](https://img.shields.io/nuget/v/LINGYUN.Abp.OpenIddict.Application.Contracts.svg?style=flat-square)](https://www.nuget.org/packages/LINGYUN.Abp.OpenIddict.Application.Contracts)
+
+## Introduction
+
+`LINGYUN.Abp.OpenIddict.Application.Contracts` is the contract layer for OpenIddict application services, defining the interfaces, DTOs, and permissions required for OpenIddict management.
+
+[简体中文](./README.md)
+
+## Features
+
+* Define OpenIddict Application Service Interfaces
+  * IOpenIddictApplicationAppService
+  * IOpenIddictAuthorizationAppService
+  * IOpenIddictTokenAppService
+  * IOpenIddictScopeAppService
+
+* Provide Standardized DTOs
+  * OpenIddictApplicationDto
+  * OpenIddictAuthorizationDto
+  * OpenIddictTokenDto
+  * OpenIddictScopeDto
+  * And corresponding Create and Update DTOs
+
+* Permission Definitions
+  * OpenIddict.Applications
+  * OpenIddict.Authorizations
+  * OpenIddict.Tokens
+  * OpenIddict.Scopes
+
+* Multilingual Support
+  * Built-in Chinese and English localization resources
+  * Support for custom language extensions
+
+## Installation
+
+```bash
+dotnet add package LINGYUN.Abp.OpenIddict.Application.Contracts
+```
+
+## Usage
+
+1. Add `[DependsOn(typeof(AbpOpenIddictApplicationContractsModule))]` to your module class.
+
+2. Inject and use the corresponding application service interfaces:
+
+```csharp
+public class YourService
+{
+    private readonly IOpenIddictApplicationAppService _applicationAppService;
+    
+    public YourService(IOpenIddictApplicationAppService applicationAppService)
+    {
+        _applicationAppService = applicationAppService;
+    }
+    
+    public async Task DoSomethingAsync()
+    {
+        var applications = await _applicationAppService.GetListAsync(
+            new OpenIddictApplicationGetListInput());
+        // ...
+    }
+}
+```
+
+## Permissions
+
+The module defines the following permissions:
+
+* OpenIddict.Applications
+  * OpenIddict.Applications.Create
+  * OpenIddict.Applications.Update
+  * OpenIddict.Applications.Delete
+  * OpenIddict.Applications.ManagePermissions
+  * OpenIddict.Applications.ManageSecret
+* OpenIddict.Authorizations
+  * OpenIddict.Authorizations.Delete
+* OpenIddict.Scopes
+  * OpenIddict.Scopes.Create
+  * OpenIddict.Scopes.Update
+  * OpenIddict.Scopes.Delete
+* OpenIddict.Tokens
+  * OpenIddict.Tokens.Delete
+
+## Localization
+
+The module supports multiple languages with built-in support for:
+
+* English (en)
+* Simplified Chinese (zh-Hans)
+
+You can extend new languages as follows:
+
+```csharp
+Configure<AbpLocalizationOptions>(options =>
+{
+    options.Resources
+        .Get<AbpOpenIddictResource>()
+        .AddVirtualJson("/YourPath/Localization/Resources");
+});
+```

aspnet-core/modules/openIddict/LINGYUN.Abp.OpenIddict.Application.Contracts/README.md

@@ -0,0 +1,103 @@
+# LINGYUN.Abp.OpenIddict.Application.Contracts
+
+[![ABP version](https://img.shields.io/badge/dynamic/xml?style=flat-square&color=yellow&label=abp&query=%2F%2FProject%2FPropertyGroup%2FAbpVersion&url=https%3A%2F%2Fraw.githubusercontent.com%2Fcolinin%2Fabp-next-admin%2Fmaster%2Faspnet-core%2Fmodules%2FopenIddict%2FLINGYUN.Abp.OpenIddict.Application.Contracts%2FLINGYUN.Abp.OpenIddict.Application.Contracts.csproj)](https://abp.io)
+[![NuGet](https://img.shields.io/nuget/v/LINGYUN.Abp.OpenIddict.Application.Contracts.svg?style=flat-square)](https://www.nuget.org/packages/LINGYUN.Abp.OpenIddict.Application.Contracts)
+
+## 简介
+
+`LINGYUN.Abp.OpenIddict.Application.Contracts` 是 OpenIddict 应用服务的契约层，定义了 OpenIddict 管理所需的接口、DTO和权限。
+
+[English](./README.EN.md)
+
+## 功能特性
+
+* 定义 OpenIddict 应用服务接口
+  * IOpenIddictApplicationAppService
+  * IOpenIddictAuthorizationAppService
+  * IOpenIddictTokenAppService
+  * IOpenIddictScopeAppService
+
+* 提供标准化的 DTO 对象
+  * OpenIddictApplicationDto
+  * OpenIddictAuthorizationDto
+  * OpenIddictTokenDto
+  * OpenIddictScopeDto
+  * 以及相应的创建和更新 DTO
+
+* 权限定义
+  * OpenIddict.Applications
+  * OpenIddict.Authorizations
+  * OpenIddict.Tokens
+  * OpenIddict.Scopes
+
+* 多语言支持
+  * 内置中文和英文本地化资源
+  * 支持自定义语言扩展
+
+## 安装
+
+```bash
+dotnet add package LINGYUN.Abp.OpenIddict.Application.Contracts
+```
+
+## 使用
+
+1. 添加 `[DependsOn(typeof(AbpOpenIddictApplicationContractsModule))]` 到你的模块类。
+
+2. 注入并使用相应的应用服务接口：
+
+```csharp
+public class YourService
+{
+    private readonly IOpenIddictApplicationAppService _applicationAppService;
+    
+    public YourService(IOpenIddictApplicationAppService applicationAppService)
+    {
+        _applicationAppService = applicationAppService;
+    }
+    
+    public async Task DoSomethingAsync()
+    {
+        var applications = await _applicationAppService.GetListAsync(
+            new OpenIddictApplicationGetListInput());
+        // ...
+    }
+}
+```
+
+## 权限
+
+模块定义了以下权限：
+
+* OpenIddict.Applications
+  * OpenIddict.Applications.Create
+  * OpenIddict.Applications.Update
+  * OpenIddict.Applications.Delete
+  * OpenIddict.Applications.ManagePermissions
+  * OpenIddict.Applications.ManageSecret
+* OpenIddict.Authorizations
+  * OpenIddict.Authorizations.Delete
+* OpenIddict.Scopes
+  * OpenIddict.Scopes.Create
+  * OpenIddict.Scopes.Update
+  * OpenIddict.Scopes.Delete
+* OpenIddict.Tokens
+  * OpenIddict.Tokens.Delete
+
+## 本地化
+
+模块支持多语言，内置了以下语言：
+
+* 英文 (en)
+* 简体中文 (zh-Hans)
+
+可以通过以下方式扩展新的语言：
+
+```csharp
+Configure<AbpLocalizationOptions>(options =>
+{
+    options.Resources
+        .Get<AbpOpenIddictResource>()
+        .AddVirtualJson("/YourPath/Localization/Resources");
+});
+```

aspnet-core/modules/openIddict/LINGYUN.Abp.OpenIddict.Application/README.EN.md

@@ -0,0 +1,65 @@
+# LINGYUN.Abp.OpenIddict.Application
+
+[![ABP version](https://img.shields.io/badge/dynamic/xml?style=flat-square&color=yellow&label=abp&query=%2F%2FProject%2FPropertyGroup%2FAbpVersion&url=https%3A%2F%2Fraw.githubusercontent.com%2Fcolinin%2Fabp-next-admin%2Fmaster%2Faspnet-core%2Fmodules%2FopenIddict%2FLINGYUN.Abp.OpenIddict.Application%2FLINGYUN.Abp.OpenIddict.Application.csproj)](https://abp.io)
+[![NuGet](https://img.shields.io/nuget/v/LINGYUN.Abp.OpenIddict.Application.svg?style=flat-square)](https://www.nuget.org/packages/LINGYUN.Abp.OpenIddict.Application)
+
+## Introduction
+
+`LINGYUN.Abp.OpenIddict.Application` is an application service layer implementation based on ABP OpenIddict, providing management functionality for OpenIddict clients, authorizations, tokens, and scopes.
+
+[简体中文](./README.md)
+
+## Features
+
+* OpenIddict Client Application Management
+  * Create, update, and delete client applications
+  * Manage client basic information (client ID, secret, name, etc.)
+  * Configure grant types, response types, scopes, and redirect URIs
+  * Support custom configuration of client properties and requirements
+
+* OpenIddict Authorization Management
+  * Query and delete authorization records
+  * Filter authorizations by client ID, creation time, status, etc.
+
+* OpenIddict Token Management
+  * Query and delete tokens
+  * Filter tokens by client ID, creation time, expiration time, status, etc.
+
+* OpenIddict Scope Management
+  * Create, update, and delete scopes
+  * Manage scope basic information (name, description, display name, etc.)
+  * Support multilingual display names and descriptions
+  * Configure resources associated with scopes
+
+## Installation
+
+```bash
+dotnet add package LINGYUN.Abp.OpenIddict.Application
+```
+
+## Usage
+
+1. Add `[DependsOn(typeof(AbpOpenIddictApplicationModule))]` to your module class.
+
+2. Configure permissions:
+
+The module predefines the following permissions:
+
+* OpenIddict.Applications: Client application management
+  * OpenIddict.Applications.Create: Create clients
+  * OpenIddict.Applications.Update: Update clients
+  * OpenIddict.Applications.Delete: Delete clients
+* OpenIddict.Authorizations: Authorization management
+  * OpenIddict.Authorizations.Delete: Delete authorizations
+* OpenIddict.Scopes: Scope management
+  * OpenIddict.Scopes.Create: Create scopes
+  * OpenIddict.Scopes.Update: Update scopes
+  * OpenIddict.Scopes.Delete: Delete scopes
+* OpenIddict.Tokens: Token management
+  * OpenIddict.Tokens.Delete: Delete tokens
+
+## Notes
+
+* Client application ClientId cannot be modified after creation
+* Deleting a client application will also delete related authorizations and tokens
+* Scope names cannot be modified after creation

aspnet-core/modules/openIddict/LINGYUN.Abp.OpenIddict.Application/README.md

@@ -0,0 +1,65 @@
+# LINGYUN.Abp.OpenIddict.Application
+
+[![ABP version](https://img.shields.io/badge/dynamic/xml?style=flat-square&color=yellow&label=abp&query=%2F%2FProject%2FPropertyGroup%2FAbpVersion&url=https%3A%2F%2Fraw.githubusercontent.com%2Fcolinin%2Fabp-next-admin%2Fmaster%2Faspnet-core%2Fmodules%2FopenIddict%2FLINGYUN.Abp.OpenIddict.Application%2FLINGYUN.Abp.OpenIddict.Application.csproj)](https://abp.io)
+[![NuGet](https://img.shields.io/nuget/v/LINGYUN.Abp.OpenIddict.Application.svg?style=flat-square)](https://www.nuget.org/packages/LINGYUN.Abp.OpenIddict.Application)
+
+## 简介
+
+`LINGYUN.Abp.OpenIddict.Application` 是基于 ABP OpenIddict 的应用服务层实现，提供了对 OpenIddict 客户端、授权、令牌和作用域的管理功能。
+
+[English](./README.EN.md)
+
+## 功能特性
+
+* OpenIddict 客户端应用程序管理
+  * 创建、更新、删除客户端应用程序
+  * 管理客户端基本信息（客户端ID、密钥、名称等）
+  * 配置授权类型、响应类型、作用域和重定向URI
+  * 支持客户端属性和要求的自定义配置
+
+* OpenIddict 授权管理
+  * 查询和删除授权记录
+  * 按客户端ID、创建时间、状态等条件筛选授权
+
+* OpenIddict 令牌管理
+  * 查询和删除令牌
+  * 按客户端ID、创建时间、过期时间、状态等条件筛选令牌
+
+* OpenIddict 作用域管理
+  * 创建、更新、删除作用域
+  * 管理作用域基本信息（名称、描述、显示名称等）
+  * 支持多语言显示名称和描述
+  * 配置作用域关联的资源
+
+## 安装
+
+```bash
+dotnet add package LINGYUN.Abp.OpenIddict.Application
+```
+
+## 使用
+
+1. 添加 `[DependsOn(typeof(AbpOpenIddictApplicationModule))]` 到你的模块类。
+
+2. 配置权限:
+
+模块预定义了以下权限:
+
+* OpenIddict.Applications: 客户端应用管理
+  * OpenIddict.Applications.Create: 创建客户端
+  * OpenIddict.Applications.Update: 更新客户端
+  * OpenIddict.Applications.Delete: 删除客户端
+* OpenIddict.Authorizations: 授权管理
+  * OpenIddict.Authorizations.Delete: 删除授权
+* OpenIddict.Scopes: 作用域管理
+  * OpenIddict.Scopes.Create: 创建作用域
+  * OpenIddict.Scopes.Update: 更新作用域
+  * OpenIddict.Scopes.Delete: 删除作用域
+* OpenIddict.Tokens: 令牌管理
+  * OpenIddict.Tokens.Delete: 删除令牌
+
+## 注意事项
+
+* 客户端应用程序的 ClientId 在创建后不能修改
+* 删除客户端应用程序会同时删除相关的授权和令牌
+* 作用域名称在创建后不能修改

aspnet-core/modules/openIddict/LINGYUN.Abp.OpenIddict.AspNetCore.Session/README.EN.md

@@ -0,0 +1,76 @@
+# LINGYUN.Abp.OpenIddict.AspNetCore.Session
+
+[![ABP version](https://img.shields.io/badge/dynamic/xml?style=flat-square&color=yellow&label=abp&query=%2F%2FProject%2FPropertyGroup%2FAbpVersion&url=https%3A%2F%2Fraw.githubusercontent.com%2Fcolinin%2Fabp-next-admin%2Fmaster%2Faspnet-core%2Fmodules%2FopenIddict%2FLINGYUN.Abp.OpenIddict.AspNetCore.Session%2FLINGYUN.Abp.OpenIddict.AspNetCore.Session.csproj)](https://abp.io)
+[![NuGet](https://img.shields.io/nuget/v/LINGYUN.Abp.OpenIddict.AspNetCore.Session.svg?style=flat-square)](https://www.nuget.org/packages/LINGYUN.Abp.OpenIddict.AspNetCore.Session)
+
+## Introduction
+
+`LINGYUN.Abp.OpenIddict.AspNetCore.Session` is a session management extension module for OpenIddict, providing functionality for user session persistence, validation, and revocation.
+
+[简体中文](./README.md)
+
+## Features
+
+* User Session Management
+  * Automatic session persistence on login
+  * Automatic session termination on logout
+  * Automatic session termination on token revocation
+  * UserInfo endpoint session validation
+
+* Multi-tenancy Support
+  * Session management supports multi-tenant scenarios
+  * Tenant-isolated session storage
+
+* Configurable Session Persistence
+  * Support for configuring grant types that require session persistence
+  * Default support for password grant type
+
+## Installation
+
+```bash
+dotnet add package LINGYUN.Abp.OpenIddict.AspNetCore.Session
+```
+
+## Usage
+
+1. Add `[DependsOn(typeof(AbpOpenIddictAspNetCoreSessionModule))]` to your module class.
+
+2. Configure session options:
+
+```csharp
+Configure<IdentitySessionSignInOptions>(options =>
+{
+    options.SignInSessionEnabled = true;    // Enable login session
+    options.SignOutSessionEnabled = true;   // Enable logout session
+});
+
+Configure<AbpOpenIddictAspNetCoreSessionOptions>(options =>
+{
+    // Configure grant types that require session persistence
+    options.PersistentSessionGrantTypes.Add(GrantTypes.Password);
+    options.PersistentSessionGrantTypes.Add("custom_grant_type");
+});
+```
+
+## Workflow
+
+1. User Login
+   * When a user successfully logs in through configured grant types
+   * System automatically creates and persists session information
+
+2. Session Validation
+   * When user accesses the UserInfo endpoint
+   * System automatically validates if the session is valid
+   * Returns appropriate error if session has expired or is invalid
+
+3. Session Termination
+   * Automatically terminates session on user logout
+   * Automatically terminates related sessions on token revocation
+   * Supports session management for multiple concurrent logins
+
+## Notes
+
+* Session persistence only applies to configured grant types
+* Session validation automatically switches tenant context in multi-tenant environments
+* Token revocation will terminate related user sessions
+* UserInfo endpoint session validation is mandatory, invalid sessions will result in request rejection

aspnet-core/modules/openIddict/LINGYUN.Abp.OpenIddict.AspNetCore.Session/README.md

@@ -0,0 +1,76 @@
+# LINGYUN.Abp.OpenIddict.AspNetCore.Session
+
+[![ABP version](https://img.shields.io/badge/dynamic/xml?style=flat-square&color=yellow&label=abp&query=%2F%2FProject%2FPropertyGroup%2FAbpVersion&url=https%3A%2F%2Fraw.githubusercontent.com%2Fcolinin%2Fabp-next-admin%2Fmaster%2Faspnet-core%2Fmodules%2FopenIddict%2FLINGYUN.Abp.OpenIddict.AspNetCore.Session%2FLINGYUN.Abp.OpenIddict.AspNetCore.Session.csproj)](https://abp.io)
+[![NuGet](https://img.shields.io/nuget/v/LINGYUN.Abp.OpenIddict.AspNetCore.Session.svg?style=flat-square)](https://www.nuget.org/packages/LINGYUN.Abp.OpenIddict.AspNetCore.Session)
+
+## 简介
+
+`LINGYUN.Abp.OpenIddict.AspNetCore.Session` 是 OpenIddict 的会话管理扩展模块，提供了用户会话的持久化、验证和撤销功能。
+
+[English](./README.EN.md)
+
+## 功能特性
+
+* 用户会话管理
+  * 登录时自动持久化会话
+  * 登出时自动终止会话
+  * 令牌撤销时自动终止会话
+  * UserInfo 端点会话验证
+
+* 多租户支持
+  * 会话管理支持多租户场景
+  * 租户隔离的会话存储
+
+* 可配置的会话持久化
+  * 支持配置需要持久化会话的授权类型
+  * 默认支持密码授权类型
+
+## 安装
+
+```bash
+dotnet add package LINGYUN.Abp.OpenIddict.AspNetCore.Session
+```
+
+## 使用
+
+1. 添加 `[DependsOn(typeof(AbpOpenIddictAspNetCoreSessionModule))]` 到你的模块类。
+
+2. 配置会话选项：
+
+```csharp
+Configure<IdentitySessionSignInOptions>(options =>
+{
+    options.SignInSessionEnabled = true;    // 启用登录会话
+    options.SignOutSessionEnabled = true;   // 启用登出会话
+});
+
+Configure<AbpOpenIddictAspNetCoreSessionOptions>(options =>
+{
+    // 配置需要持久化会话的授权类型
+    options.PersistentSessionGrantTypes.Add(GrantTypes.Password);
+    options.PersistentSessionGrantTypes.Add("custom_grant_type");
+});
+```
+
+## 工作流程
+
+1. 用户登录
+   * 当用户通过配置的授权类型登录成功时
+   * 系统自动创建并持久化会话信息
+
+2. 会话验证
+   * 当用户访问 UserInfo 端点时
+   * 系统自动验证会话是否有效
+   * 如果会话已过期或无效，返回相应的错误
+
+3. 会话终止
+   * 用户主动登出时自动终止会话
+   * 令牌撤销时自动终止相关会话
+   * 支持多终端同时登录的会话管理
+
+## 注意事项
+
+* 会话持久化仅对配置的授权类型生效
+* 会话验证在多租户环境中会自动切换租户上下文
+* 令牌撤销会同时终止相关的用户会话
+* UserInfo 端点的会话验证是强制的，无效会话将导致请求被拒绝

aspnet-core/modules/openIddict/LINGYUN.Abp.OpenIddict.AspNetCore/README.EN.md

@@ -0,0 +1,74 @@
+# LINGYUN.Abp.OpenIddict.AspNetCore
+
+[![ABP version](https://img.shields.io/badge/dynamic/xml?style=flat-square&color=yellow&label=abp&query=%2F%2FProject%2FPropertyGroup%2FAbpVersion&url=https%3A%2F%2Fraw.githubusercontent.com%2Fcolinin%2Fabp-next-admin%2Fmaster%2Faspnet-core%2Fmodules%2FopenIddict%2FLINGYUN.Abp.OpenIddict.AspNetCore%2FLINGYUN.Abp.OpenIddict.AspNetCore.csproj)](https://abp.io)
+[![NuGet](https://img.shields.io/nuget/v/LINGYUN.Abp.OpenIddict.AspNetCore.svg?style=flat-square)](https://www.nuget.org/packages/LINGYUN.Abp.OpenIddict.AspNetCore)
+
+## Introduction
+
+`LINGYUN.Abp.OpenIddict.AspNetCore` is an ASP.NET Core integration module based on ABP OpenIddict, providing user information extensions and avatar URL claim support.
+
+[简体中文](./README.md)
+
+## Features
+
+* Extended UserInfo Endpoint
+  * Support for returning user avatar URL
+  * Extended standard OpenID Connect claims
+  * Multi-tenancy support
+
+* Avatar URL Claims Contributor
+  * Automatically add user avatar URL claim
+  * Integration with identity system
+
+* OpenIddict Server Configuration
+  * Pre-configured avatar URL claim support
+  * Inherits from Volo.Abp.OpenIddict.AbpOpenIddictAspNetCoreModule
+
+## Installation
+
+```bash
+dotnet add package LINGYUN.Abp.OpenIddict.AspNetCore
+```
+
+## Usage
+
+1. Add `[DependsOn(typeof(AbpOpenIddictAspNetCoreModule))]` to your module class.
+
+2. The UserInfo endpoint will automatically be extended to include the following claims:
+   * sub (User ID)
+   * tenant_id (Tenant ID, if multi-tenancy is enabled)
+   * preferred_username (Username)
+   * family_name (Surname)
+   * given_name (Name)
+   * picture (Avatar URL)
+   * email
+   * email_verified
+   * phone_number
+   * phone_number_verified
+   * role
+
+3. The avatar URL claim will be automatically added to the user's identity claims.
+
+## Configuration
+
+By default, the module is pre-configured with the required settings. If you need to customize the configuration, you can modify it in the module's `PreConfigureServices` method:
+
+```csharp
+public override void PreConfigureServices(ServiceConfigurationContext context)
+{
+    PreConfigure<OpenIddictServerBuilder>(builder =>
+    {
+        // Custom configuration
+        builder.RegisterClaims(new[] { "your_custom_claim" });
+    });
+}
+```
+
+## Notes
+
+* The avatar URL claim type is `IdentityConsts.ClaimType.Avatar.Name`
+* The UserInfo endpoint requires corresponding scope permissions to return information:
+  * profile: Basic information and avatar
+  * email: Email-related information
+  * phone: Phone number-related information
+  * roles: User role information

aspnet-core/modules/openIddict/LINGYUN.Abp.OpenIddict.AspNetCore/README.md

@@ -0,0 +1,74 @@
+# LINGYUN.Abp.OpenIddict.AspNetCore
+
+[![ABP version](https://img.shields.io/badge/dynamic/xml?style=flat-square&color=yellow&label=abp&query=%2F%2FProject%2FPropertyGroup%2FAbpVersion&url=https%3A%2F%2Fraw.githubusercontent.com%2Fcolinin%2Fabp-next-admin%2Fmaster%2Faspnet-core%2Fmodules%2FopenIddict%2FLINGYUN.Abp.OpenIddict.AspNetCore%2FLINGYUN.Abp.OpenIddict.AspNetCore.csproj)](https://abp.io)
+[![NuGet](https://img.shields.io/nuget/v/LINGYUN.Abp.OpenIddict.AspNetCore.svg?style=flat-square)](https://www.nuget.org/packages/LINGYUN.Abp.OpenIddict.AspNetCore)
+
+## 简介
+
+`LINGYUN.Abp.OpenIddict.AspNetCore` 是基于 ABP OpenIddict 的 ASP.NET Core 集成模块，提供了用户信息扩展和头像URL声明支持。
+
+[English](./README.EN.md)
+
+## 功能特性
+
+* 扩展用户信息端点
+  * 支持返回用户头像URL
+  * 扩展标准 OpenID Connect 声明
+  * 支持多租户
+
+* 头像URL声明贡献者
+  * 自动添加用户头像URL声明
+  * 与身份系统集成
+
+* OpenIddict 服务器配置
+  * 预配置头像URL声明支持
+  * 继承自 Volo.Abp.OpenIddict.AbpOpenIddictAspNetCoreModule
+
+## 安装
+
+```bash
+dotnet add package LINGYUN.Abp.OpenIddict.AspNetCore
+```
+
+## 使用
+
+1. 添加 `[DependsOn(typeof(AbpOpenIddictAspNetCoreModule))]` 到你的模块类。
+
+2. 用户信息端点将自动扩展以包含以下声明：
+   * sub (用户ID)
+   * tenant_id (租户ID，如果启用了多租户)
+   * preferred_username (用户名)
+   * family_name (姓氏)
+   * given_name (名字)
+   * picture (头像URL)
+   * email
+   * email_verified
+   * phone_number
+   * phone_number_verified
+   * role
+
+3. 头像URL声明会自动添加到用户的身份声明中。
+
+## 配置
+
+默认情况下，模块已预配置了所需的设置。如果需要自定义配置，可以在模块的 `PreConfigureServices` 方法中修改：
+
+```csharp
+public override void PreConfigureServices(ServiceConfigurationContext context)
+{
+    PreConfigure<OpenIddictServerBuilder>(builder =>
+    {
+        // 自定义配置
+        builder.RegisterClaims(new[] { "your_custom_claim" });
+    });
+}
+```
+
+## 注意事项
+
+* 头像URL声明的类型为 `IdentityConsts.ClaimType.Avatar.Name`
+* 用户信息端点需要相应的作用域权限才能返回信息：
+  * profile: 基本信息和头像
+  * email: 电子邮件相关信息
+  * phone: 电话号码相关信息
+  * roles: 用户角色信息

aspnet-core/modules/openIddict/LINGYUN.Abp.OpenIddict.Dapr.Client/README.EN.md

@@ -0,0 +1,89 @@
+# LINGYUN.Abp.OpenIddict.Dapr.Client
+
+[![ABP version](https://img.shields.io/badge/dynamic/xml?style=flat-square&color=yellow&label=abp&query=%2F%2FProject%2FPropertyGroup%2FAbpVersion&url=https%3A%2F%2Fraw.githubusercontent.com%2Fcolinin%2Fabp-next-admin%2Fmaster%2Faspnet-core%2Fmodules%2FopenIddict%2FLINGYUN.Abp.OpenIddict.Dapr.Client%2FLINGYUN.Abp.OpenIddict.Dapr.Client.csproj)](https://abp.io)
+[![NuGet](https://img.shields.io/nuget/v/LINGYUN.Abp.OpenIddict.Dapr.Client.svg?style=flat-square)](https://www.nuget.org/packages/LINGYUN.Abp.OpenIddict.Dapr.Client)
+
+## Introduction
+
+`LINGYUN.Abp.OpenIddict.Dapr.Client` is a Dapr-based OpenIddict client module that provides functionality to call OpenIddict remote services using the Dapr service invocation building block.
+
+[简体中文](./README.md)
+
+## Features
+
+* Dapr Service Invocation Integration
+  * Automatic registration of Dapr client proxies for OpenIddict application contracts
+  * Support accessing OpenIddict remote services via Dapr service invocation
+  * Support service-to-service communication in distributed systems
+
+* Remote Service Support
+  * Support all services defined in OpenIddict application contracts
+  * Support application management
+  * Support authorization management
+  * Support scope management
+  * Support token management
+
+## Installation
+
+```bash
+dotnet add package LINGYUN.Abp.OpenIddict.Dapr.Client
+```
+
+## Usage
+
+1. Add `[DependsOn(typeof(AbpOpenIddictDaprClientModule))]` to your module class.
+
+2. Configure Dapr service invocation:
+
+```csharp
+public override void ConfigureServices(ServiceConfigurationContext context)
+{
+    Configure<AbpDaprClientOptions>(options =>
+    {
+        options.ApplicationServices.Configure(config =>
+        {
+            // Configure the AppId for OpenIddict service
+            config.AppId = "openiddict-service";
+        });
+    });
+}
+```
+
+3. Usage example:
+
+```csharp
+public class MyService
+{
+    private readonly IOpenIddictApplicationAppService _applicationAppService;
+
+    public MyService(IOpenIddictApplicationAppService applicationAppService)
+    {
+        _applicationAppService = applicationAppService;
+    }
+
+    public async Task DoSomethingAsync()
+    {
+        // Access OpenIddict application service via Dapr service invocation
+        var applications = await _applicationAppService.GetListAsync(
+            new GetApplicationsInput());
+    }
+}
+```
+
+## Configuration
+
+* AppId
+  * Application identifier for the OpenIddict service
+  * Must match the app ID in Dapr component configuration
+
+* RemoteServiceName
+  * Name of the OpenIddict remote service
+  * Default value is "OpenIddict"
+
+## Notes
+
+* Ensure Dapr Sidecar is properly configured and running
+* Ensure OpenIddict service is registered in Dapr
+* Recommended to configure service-to-service authentication in production
+* Recommended to configure retry policies for service invocation
+* Recommended to configure service discovery mechanism

aspnet-core/modules/openIddict/LINGYUN.Abp.OpenIddict.Dapr.Client/README.md

@@ -0,0 +1,89 @@
+# LINGYUN.Abp.OpenIddict.Dapr.Client
+
+[![ABP version](https://img.shields.io/badge/dynamic/xml?style=flat-square&color=yellow&label=abp&query=%2F%2FProject%2FPropertyGroup%2FAbpVersion&url=https%3A%2F%2Fraw.githubusercontent.com%2Fcolinin%2Fabp-next-admin%2Fmaster%2Faspnet-core%2Fmodules%2FopenIddict%2FLINGYUN.Abp.OpenIddict.Dapr.Client%2FLINGYUN.Abp.OpenIddict.Dapr.Client.csproj)](https://abp.io)
+[![NuGet](https://img.shields.io/nuget/v/LINGYUN.Abp.OpenIddict.Dapr.Client.svg?style=flat-square)](https://www.nuget.org/packages/LINGYUN.Abp.OpenIddict.Dapr.Client)
+
+## 介绍
+
+`LINGYUN.Abp.OpenIddict.Dapr.Client` 是一个基于 Dapr 的 OpenIddict 客户端模块，提供了使用 Dapr 服务调用构建块来调用 OpenIddict 远程服务的功能。
+
+[English](./README.EN.md)
+
+## 功能
+
+* Dapr 服务调用集成
+  * 自动注册 OpenIddict 应用程序契约的 Dapr 客户端代理
+  * 支持通过 Dapr 服务调用访问 OpenIddict 远程服务
+  * 支持分布式系统中的服务间通信
+
+* 远程服务支持
+  * 支持所有 OpenIddict 应用程序契约定义的服务
+  * 支持应用程序管理
+  * 支持授权管理
+  * 支持作用域管理
+  * 支持令牌管理
+
+## 安装
+
+```bash
+dotnet add package LINGYUN.Abp.OpenIddict.Dapr.Client
+```
+
+## 使用
+
+1. 添加 `[DependsOn(typeof(AbpOpenIddictDaprClientModule))]` 到你的模块类。
+
+2. 配置 Dapr 服务调用：
+
+```csharp
+public override void ConfigureServices(ServiceConfigurationContext context)
+{
+    Configure<AbpDaprClientOptions>(options =>
+    {
+        options.ApplicationServices.Configure(config =>
+        {
+            // 配置 OpenIddict 服务的 AppId
+            config.AppId = "openiddict-service";
+        });
+    });
+}
+```
+
+3. 使用示例：
+
+```csharp
+public class MyService
+{
+    private readonly IOpenIddictApplicationAppService _applicationAppService;
+
+    public MyService(IOpenIddictApplicationAppService applicationAppService)
+    {
+        _applicationAppService = applicationAppService;
+    }
+
+    public async Task DoSomethingAsync()
+    {
+        // 通过 Dapr 服务调用访问 OpenIddict 应用程序服务
+        var applications = await _applicationAppService.GetListAsync(
+            new GetApplicationsInput());
+    }
+}
+```
+
+## 配置
+
+* AppId
+  * OpenIddict 服务的应用程序标识符
+  * 必须与 Dapr 组件配置中的应用 ID 匹配
+
+* RemoteServiceName
+  * OpenIddict 远程服务的名称
+  * 默认值为 "OpenIddict"
+
+## 注意事项
+
+* 确保 Dapr Sidecar 已正确配置和运行
+* 确保 OpenIddict 服务已在 Dapr 中注册
+* 建议在生产环境中配置服务间的身份认证
+* 建议配置服务调用的重试策略
+* 建议配置服务发现机制

aspnet-core/modules/openIddict/LINGYUN.Abp.OpenIddict.HttpApi.Client/README.EN.md

@@ -0,0 +1,83 @@
+# LINGYUN.Abp.OpenIddict.HttpApi.Client
+
+[![ABP version](https://img.shields.io/badge/dynamic/xml?style=flat-square&color=yellow&label=abp&query=%2F%2FProject%2FPropertyGroup%2FAbpVersion&url=https%3A%2F%2Fraw.githubusercontent.com%2Fcolinin%2Fabp-next-admin%2Fmaster%2Faspnet-core%2Fmodules%2FopenIddict%2FLINGYUN.Abp.OpenIddict.HttpApi.Client%2FLINGYUN.Abp.OpenIddict.HttpApi.Client.csproj)](https://abp.io)
+[![NuGet](https://img.shields.io/nuget/v/LINGYUN.Abp.OpenIddict.HttpApi.Client.svg?style=flat-square)](https://www.nuget.org/packages/LINGYUN.Abp.OpenIddict.HttpApi.Client)
+
+## Introduction
+
+`LINGYUN.Abp.OpenIddict.HttpApi.Client` is the HTTP API client module for OpenIddict, providing client proxies for remote OpenIddict HTTP API calls.
+
+[简体中文](./README.md)
+
+## Features
+
+* HTTP API Client Proxies
+  * Automatic HTTP client proxy generation
+  * Support for remote service calls
+  * Integration with ABP dynamic HTTP client proxies
+
+* Remote Service Configuration
+  * Support for configuring remote service URLs
+  * Support for configuring authentication methods
+  * Support for configuring request headers
+
+## Installation
+
+```bash
+dotnet add package LINGYUN.Abp.OpenIddict.HttpApi.Client
+```
+
+## Usage
+
+1. Add `[DependsOn(typeof(AbpOpenIddictHttpApiClientModule))]` to your module class.
+
+2. Configure remote services:
+
+```csharp
+public override void ConfigureServices(ServiceConfigurationContext context)
+{
+    var configuration = context.Services.GetConfiguration();
+    
+    Configure<AbpRemoteServiceOptions>(options =>
+    {
+        options.RemoteServices.Default = new RemoteServiceConfiguration
+        {
+            BaseUrl = configuration["RemoteServices:Default:BaseUrl"]
+        };
+    });
+}
+```
+
+3. Usage example:
+
+```csharp
+// Inject client proxy
+private readonly IOpenIddictApplicationAppService _applicationService;
+
+public YourService(IOpenIddictApplicationAppService applicationService)
+{
+    _applicationService = applicationService;
+}
+
+// Call remote service
+var input = new OpenIddictApplicationCreateDto
+{
+    ClientId = "your-client-id",
+    DisplayName = "Your App",
+    // ... other properties
+};
+var result = await _applicationService.CreateAsync(input);
+```
+
+## Configuration
+
+* RemoteServices
+  * Default:BaseUrl - Default remote service URL
+  * OpenIddict:BaseUrl - OpenIddict remote service URL
+
+## Notes
+
+* Correct remote service URLs need to be configured
+* If remote services require authentication, corresponding authentication information needs to be configured
+* HTTPS is recommended in production environments
+* Client proxies automatically handle authentication token transmission

aspnet-core/modules/openIddict/LINGYUN.Abp.OpenIddict.HttpApi.Client/README.md

@@ -0,0 +1,83 @@
+# LINGYUN.Abp.OpenIddict.HttpApi.Client
+
+[![ABP version](https://img.shields.io/badge/dynamic/xml?style=flat-square&color=yellow&label=abp&query=%2F%2FProject%2FPropertyGroup%2FAbpVersion&url=https%3A%2F%2Fraw.githubusercontent.com%2Fcolinin%2Fabp-next-admin%2Fmaster%2Faspnet-core%2Fmodules%2FopenIddict%2FLINGYUN.Abp.OpenIddict.HttpApi.Client%2FLINGYUN.Abp.OpenIddict.HttpApi.Client.csproj)](https://abp.io)
+[![NuGet](https://img.shields.io/nuget/v/LINGYUN.Abp.OpenIddict.HttpApi.Client.svg?style=flat-square)](https://www.nuget.org/packages/LINGYUN.Abp.OpenIddict.HttpApi.Client)
+
+## 简介
+
+`LINGYUN.Abp.OpenIddict.HttpApi.Client` 是 OpenIddict 的 HTTP API 客户端模块，提供了远程调用 OpenIddict HTTP API 的客户端代理。
+
+[English](./README.EN.md)
+
+## 功能特性
+
+* HTTP API 客户端代理
+  * 自动生成 HTTP 客户端代理
+  * 支持远程服务调用
+  * 集成 ABP 动态 HTTP 客户端代理
+
+* 远程服务配置
+  * 支持配置远程服务地址
+  * 支持配置认证方式
+  * 支持配置请求头
+
+## 安装
+
+```bash
+dotnet add package LINGYUN.Abp.OpenIddict.HttpApi.Client
+```
+
+## 使用
+
+1. 添加 `[DependsOn(typeof(AbpOpenIddictHttpApiClientModule))]` 到你的模块类。
+
+2. 配置远程服务:
+
+```csharp
+public override void ConfigureServices(ServiceConfigurationContext context)
+{
+    var configuration = context.Services.GetConfiguration();
+    
+    Configure<AbpRemoteServiceOptions>(options =>
+    {
+        options.RemoteServices.Default = new RemoteServiceConfiguration
+        {
+            BaseUrl = configuration["RemoteServices:Default:BaseUrl"]
+        };
+    });
+}
+```
+
+3. 使用示例:
+
+```csharp
+// 注入客户端代理
+private readonly IOpenIddictApplicationAppService _applicationService;
+
+public YourService(IOpenIddictApplicationAppService applicationService)
+{
+    _applicationService = applicationService;
+}
+
+// 调用远程服务
+var input = new OpenIddictApplicationCreateDto
+{
+    ClientId = "your-client-id",
+    DisplayName = "Your App",
+    // ... 其他属性
+};
+var result = await _applicationService.CreateAsync(input);
+```
+
+## 配置项
+
+* RemoteServices
+  * Default:BaseUrl - 默认远程服务地址
+  * OpenIddict:BaseUrl - OpenIddict 远程服务地址
+
+## 注意事项
+
+* 需要配置正确的远程服务地址
+* 如果远程服务需要认证，需要配置相应的认证信息
+* 建议在生产环境中使用 HTTPS
+* 客户端代理会自动处理认证令牌的传递

aspnet-core/modules/openIddict/LINGYUN.Abp.OpenIddict.HttpApi/README.EN.md

@@ -0,0 +1,117 @@
+# LINGYUN.Abp.OpenIddict.HttpApi
+
+[![ABP version](https://img.shields.io/badge/dynamic/xml?style=flat-square&color=yellow&label=abp&query=%2F%2FProject%2FPropertyGroup%2FAbpVersion&url=https%3A%2F%2Fraw.githubusercontent.com%2Fcolinin%2Fabp-next-admin%2Fmaster%2Faspnet-core%2Fmodules%2FopenIddict%2FLINGYUN.Abp.OpenIddict.HttpApi%2FLINGYUN.Abp.OpenIddict.HttpApi.csproj)](https://abp.io)
+[![NuGet](https://img.shields.io/nuget/v/LINGYUN.Abp.OpenIddict.HttpApi.svg?style=flat-square)](https://www.nuget.org/packages/LINGYUN.Abp.OpenIddict.HttpApi)
+
+## Introduction
+
+`LINGYUN.Abp.OpenIddict.HttpApi` is the HTTP API module for OpenIddict, providing RESTful API interfaces for OpenIddict-related functionality.
+
+[简体中文](./README.md)
+
+## Features
+
+* OpenIddict Application Management
+  * Create, update, delete applications
+  * Query application list
+  * Get application details
+
+* OpenIddict Authorization Management
+  * Query authorization list
+  * Get authorization details
+  * Delete authorization records
+
+* OpenIddict Token Management
+  * Query token list
+  * Get token details
+  * Delete token records
+
+* OpenIddict Scope Management
+  * Create, update, delete scopes
+  * Query scope list
+  * Get scope details
+
+* Localization Support
+  * Integrated with ABP localization framework
+  * Support for custom localization resources
+
+## Installation
+
+```bash
+dotnet add package LINGYUN.Abp.OpenIddict.HttpApi
+```
+
+## Usage
+
+1. Add `[DependsOn(typeof(AbpOpenIddictHttpApiModule))]` to your module class.
+
+2. Configure permissions:
+
+```csharp
+public override void ConfigureServices(ServiceConfigurationContext context)
+{
+    Configure<AbpPermissionOptions>(options =>
+    {
+        options.ValueProviders.Add<OpenIddictPermissionValueProvider>();
+    });
+}
+```
+
+3. API usage example:
+
+```csharp
+// Inject service
+private readonly IOpenIddictApplicationAppService _applicationService;
+
+public YourService(IOpenIddictApplicationAppService applicationService)
+{
+    _applicationService = applicationService;
+}
+
+// Create application
+var input = new OpenIddictApplicationCreateDto
+{
+    ClientId = "your-client-id",
+    DisplayName = "Your App",
+    // ... other properties
+};
+var result = await _applicationService.CreateAsync(input);
+
+// Query application list
+var query = new OpenIddictApplicationGetListInput
+{
+    MaxResultCount = 10,
+    SkipCount = 0,
+    Filter = "search-term"
+};
+var list = await _applicationService.GetListAsync(query);
+```
+
+## Permissions
+
+* OpenIddict.Applications
+  * OpenIddict.Applications.Create
+  * OpenIddict.Applications.Update
+  * OpenIddict.Applications.Delete
+  * OpenIddict.Applications.ManagePermissions
+
+* OpenIddict.Scopes
+  * OpenIddict.Scopes.Create
+  * OpenIddict.Scopes.Update
+  * OpenIddict.Scopes.Delete
+  * OpenIddict.Scopes.ManagePermissions
+
+* OpenIddict.Authorizations
+  * OpenIddict.Authorizations.Delete
+  * OpenIddict.Authorizations.ManagePermissions
+
+* OpenIddict.Tokens
+  * OpenIddict.Tokens.Delete
+  * OpenIddict.Tokens.ManagePermissions
+
+## Notes
+
+* All API endpoints require corresponding permissions to access
+* Deleting an application will also delete related authorizations and tokens
+* API endpoints support multi-tenant scenarios
+* It is recommended to enable API authentication and authorization in production environments

aspnet-core/modules/openIddict/LINGYUN.Abp.OpenIddict.HttpApi/README.md

@@ -0,0 +1,117 @@
+# LINGYUN.Abp.OpenIddict.HttpApi
+
+[![ABP version](https://img.shields.io/badge/dynamic/xml?style=flat-square&color=yellow&label=abp&query=%2F%2FProject%2FPropertyGroup%2FAbpVersion&url=https%3A%2F%2Fraw.githubusercontent.com%2Fcolinin%2Fabp-next-admin%2Fmaster%2Faspnet-core%2Fmodules%2FopenIddict%2FLINGYUN.Abp.OpenIddict.HttpApi%2FLINGYUN.Abp.OpenIddict.HttpApi.csproj)](https://abp.io)
+[![NuGet](https://img.shields.io/nuget/v/LINGYUN.Abp.OpenIddict.HttpApi.svg?style=flat-square)](https://www.nuget.org/packages/LINGYUN.Abp.OpenIddict.HttpApi)
+
+## 简介
+
+`LINGYUN.Abp.OpenIddict.HttpApi` 是 OpenIddict 的 HTTP API 模块，提供了 OpenIddict 相关功能的 RESTful API 接口。
+
+[English](./README.EN.md)
+
+## 功能特性
+
+* OpenIddict 应用程序管理
+  * 创建、更新、删除应用程序
+  * 查询应用程序列表
+  * 获取应用程序详情
+
+* OpenIddict 授权管理
+  * 查询授权列表
+  * 获取授权详情
+  * 删除授权记录
+
+* OpenIddict 令牌管理
+  * 查询令牌列表
+  * 获取令牌详情
+  * 删除令牌记录
+
+* OpenIddict 作用域管理
+  * 创建、更新、删除作用域
+  * 查询作用域列表
+  * 获取作用域详情
+
+* 多语言支持
+  * 集成 ABP 本地化框架
+  * 支持自定义本地化资源
+
+## 安装
+
+```bash
+dotnet add package LINGYUN.Abp.OpenIddict.HttpApi
+```
+
+## 使用
+
+1. 添加 `[DependsOn(typeof(AbpOpenIddictHttpApiModule))]` 到你的模块类。
+
+2. 配置权限:
+
+```csharp
+public override void ConfigureServices(ServiceConfigurationContext context)
+{
+    Configure<AbpPermissionOptions>(options =>
+    {
+        options.ValueProviders.Add<OpenIddictPermissionValueProvider>();
+    });
+}
+```
+
+3. API 接口使用示例:
+
+```csharp
+// 注入服务
+private readonly IOpenIddictApplicationAppService _applicationService;
+
+public YourService(IOpenIddictApplicationAppService applicationService)
+{
+    _applicationService = applicationService;
+}
+
+// 创建应用程序
+var input = new OpenIddictApplicationCreateDto
+{
+    ClientId = "your-client-id",
+    DisplayName = "Your App",
+    // ... 其他属性
+};
+var result = await _applicationService.CreateAsync(input);
+
+// 查询应用程序列表
+var query = new OpenIddictApplicationGetListInput
+{
+    MaxResultCount = 10,
+    SkipCount = 0,
+    Filter = "search-term"
+};
+var list = await _applicationService.GetListAsync(query);
+```
+
+## 权限
+
+* OpenIddict.Applications
+  * OpenIddict.Applications.Create
+  * OpenIddict.Applications.Update
+  * OpenIddict.Applications.Delete
+  * OpenIddict.Applications.ManagePermissions
+
+* OpenIddict.Scopes
+  * OpenIddict.Scopes.Create
+  * OpenIddict.Scopes.Update
+  * OpenIddict.Scopes.Delete
+  * OpenIddict.Scopes.ManagePermissions
+
+* OpenIddict.Authorizations
+  * OpenIddict.Authorizations.Delete
+  * OpenIddict.Authorizations.ManagePermissions
+
+* OpenIddict.Tokens
+  * OpenIddict.Tokens.Delete
+  * OpenIddict.Tokens.ManagePermissions
+
+## 注意事项
+
+* 所有 API 接口都需要相应的权限才能访问
+* 删除应用程序会同时删除相关的授权和令牌
+* API 接口支持多租户场景
+* 建议在生产环境中启用 API 认证和授权

aspnet-core/modules/openIddict/LINGYUN.Abp.OpenIddict.LinkUser/README.EN.md

@@ -0,0 +1,88 @@
+# LINGYUN.Abp.OpenIddict.LinkUser
+
+[![ABP version](https://img.shields.io/badge/dynamic/xml?style=flat-square&color=yellow&label=abp&query=%2F%2FProject%2FPropertyGroup%2FAbpVersion&url=https%3A%2F%2Fraw.githubusercontent.com%2Fcolinin%2Fabp-next-admin%2Fmaster%2Faspnet-core%2Fmodules%2FopenIddict%2FLINGYUN.Abp.OpenIddict.LinkUser%2FLINGYUN.Abp.OpenIddict.LinkUser.csproj)](https://abp.io)
+[![NuGet](https://img.shields.io/nuget/v/LINGYUN.Abp.OpenIddict.LinkUser.svg?style=flat-square)](https://www.nuget.org/packages/LINGYUN.Abp.OpenIddict.LinkUser)
+
+## Introduction
+
+`LINGYUN.Abp.OpenIddict.LinkUser` is a user linking extension module for OpenIddict, providing authentication functionality between linked users.
+
+[简体中文](./README.md)
+
+## Features
+
+* User Link Authentication
+  * Support for user-to-user linking authentication
+  * Support for cross-tenant user linking
+  * Support for access token exchange
+
+* Extension Grant Type
+  * Add link_user grant type
+  * Support for custom authorization flow
+  * Security log recording
+
+* Localization Support
+  * Integrated with ABP localization framework
+  * Support for custom error messages
+
+## Installation
+
+```bash
+dotnet add package LINGYUN.Abp.OpenIddict.LinkUser
+```
+
+## Usage
+
+1. Add `[DependsOn(typeof(AbpOpenIddictLinkUserModule))]` to your module class.
+
+2. Configure OpenIddict server:
+
+```csharp
+public override void PreConfigureServices(ServiceConfigurationContext context)
+{
+    PreConfigure<OpenIddictServerBuilder>(builder =>
+    {
+        // Allow link_user grant type
+        builder.AllowLinkUserFlow();
+    });
+}
+```
+
+3. Usage example:
+
+```http
+POST /connect/token
+Content-Type: application/x-www-form-urlencoded
+
+grant_type=link_user&
+access_token=current-user-access-token&
+LinkUserId=target-user-id&
+LinkTenantId=target-tenant-id&
+scope=openid profile
+```
+
+## Parameters
+
+* access_token (required)
+  * Current user's access token
+  * Used to verify current user's identity
+
+* LinkUserId (required)
+  * Target linked user's ID
+  * Must be a valid GUID format
+
+* LinkTenantId (optional)
+  * Tenant ID of the target linked user
+  * If specified, must be a valid GUID format
+
+* scope (optional)
+  * Requested permission scopes
+  * Defaults include openid profile
+
+## Notes
+
+* A valid access token must be provided
+* The target user must have a linking relationship with the current user
+* Correct tenant ID must be specified for cross-tenant linking
+* All operations are recorded in security logs
+* HTTPS is recommended in production environments

aspnet-core/modules/openIddict/LINGYUN.Abp.OpenIddict.LinkUser/README.md

@@ -0,0 +1,88 @@
+# LINGYUN.Abp.OpenIddict.LinkUser
+
+[![ABP version](https://img.shields.io/badge/dynamic/xml?style=flat-square&color=yellow&label=abp&query=%2F%2FProject%2FPropertyGroup%2FAbpVersion&url=https%3A%2F%2Fraw.githubusercontent.com%2Fcolinin%2Fabp-next-admin%2Fmaster%2Faspnet-core%2Fmodules%2FopenIddict%2FLINGYUN.Abp.OpenIddict.LinkUser%2FLINGYUN.Abp.OpenIddict.LinkUser.csproj)](https://abp.io)
+[![NuGet](https://img.shields.io/nuget/v/LINGYUN.Abp.OpenIddict.LinkUser.svg?style=flat-square)](https://www.nuget.org/packages/LINGYUN.Abp.OpenIddict.LinkUser)
+
+## 简介
+
+`LINGYUN.Abp.OpenIddict.LinkUser` 是 OpenIddict 的用户链接扩展模块，提供了用户之间的链接认证功能。
+
+[English](./README.EN.md)
+
+## 功能特性
+
+* 用户链接认证
+  * 支持用户之间的链接认证
+  * 支持跨租户用户链接
+  * 支持访问令牌交换
+
+* 扩展授权类型
+  * 添加 link_user 授权类型
+  * 支持自定义授权流程
+  * 安全日志记录
+
+* 多语言支持
+  * 集成 ABP 本地化框架
+  * 支持自定义错误消息
+
+## 安装
+
+```bash
+dotnet add package LINGYUN.Abp.OpenIddict.LinkUser
+```
+
+## 使用
+
+1. 添加 `[DependsOn(typeof(AbpOpenIddictLinkUserModule))]` 到你的模块类。
+
+2. 配置 OpenIddict 服务器:
+
+```csharp
+public override void PreConfigureServices(ServiceConfigurationContext context)
+{
+    PreConfigure<OpenIddictServerBuilder>(builder =>
+    {
+        // 允许 link_user 授权类型
+        builder.AllowLinkUserFlow();
+    });
+}
+```
+
+3. 使用示例:
+
+```http
+POST /connect/token
+Content-Type: application/x-www-form-urlencoded
+
+grant_type=link_user&
+access_token=current-user-access-token&
+LinkUserId=target-user-id&
+LinkTenantId=target-tenant-id&
+scope=openid profile
+```
+
+## 参数说明
+
+* access_token (必填)
+  * 当前用户的访问令牌
+  * 用于验证当前用户身份
+
+* LinkUserId (必填)
+  * 目标链接用户的ID
+  * 必须是有效的GUID格式
+
+* LinkTenantId (可选)
+  * 目标链接用户所属的租户ID
+  * 如果指定，必须是有效的GUID格式
+
+* scope (可选)
+  * 请求的权限范围
+  * 默认包含 openid profile
+
+## 注意事项
+
+* 必须提供有效的访问令牌
+* 目标用户必须与当前用户存在链接关系
+* 跨租户链接时需要指定正确的租户ID
+* 所有操作都会记录安全日志
+* 建议在生产环境中使用 HTTPS

aspnet-core/modules/openIddict/LINGYUN.Abp.OpenIddict.Portal/README.EN.md

@@ -0,0 +1,124 @@
+# LINGYUN.Abp.OpenIddict.Portal
+
+[![ABP version](https://img.shields.io/badge/dynamic/xml?style=flat-square&color=yellow&label=abp&query=%2F%2FProject%2FPropertyGroup%2FAbpVersion&url=https%3A%2F%2Fraw.githubusercontent.com%2Fcolinin%2Fabp-next-admin%2Fmaster%2Faspnet-core%2Fmodules%2FopenIddict%2FLINGYUN.Abp.OpenIddict.Portal%2FLINGYUN.Abp.OpenIddict.Portal.csproj)](https://abp.io)
+[![NuGet](https://img.shields.io/nuget/v/LINGYUN.Abp.OpenIddict.Portal.svg?style=flat-square)](https://www.nuget.org/packages/LINGYUN.Abp.OpenIddict.Portal)
+
+## Introduction
+
+`LINGYUN.Abp.OpenIddict.Portal` is a portal authentication extension module for OpenIddict, providing enterprise portal authentication functionality, including multi-tenant selection, two-factor authentication, password policies, and more.
+
+[简体中文](./README.md)
+
+## Features
+
+* Enterprise Portal Authentication
+  * Support for enterprise list selection
+  * Support for multi-tenant authentication
+  * Support for enterprise logo display
+
+* Enhanced Password Authentication
+  * Support for email login
+  * Support for external login providers
+  * Support for password policy validation
+  * Support for forced password change
+  * Support for periodic password change
+
+* Two-Factor Authentication
+  * Support for multiple verification providers
+  * Support for verification code validation
+  * Support for authenticator validation
+
+* Security Logging
+  * Record login attempts
+  * Record login failures
+  * Record password changes
+
+## Installation
+
+```bash
+dotnet add package LINGYUN.Abp.OpenIddict.Portal
+```
+
+## Usage
+
+1. Add `[DependsOn(typeof(AbpOpenIddictPortalModule))]` to your module class.
+
+2. Configure OpenIddict server:
+
+```csharp
+public override void PreConfigureServices(ServiceConfigurationContext context)
+{
+    PreConfigure<OpenIddictServerBuilder>(builder =>
+    {
+        // Allow portal authentication flow
+        builder.AllowPortalFlow();
+    });
+}
+```
+
+3. Usage example:
+
+```http
+POST /connect/token
+Content-Type: application/x-www-form-urlencoded
+
+grant_type=portal&
+username=admin&
+password=1q2w3E*&
+enterpriseId=your-enterprise-id&
+scope=openid profile
+```
+
+## Authentication Flow
+
+1. Enterprise Selection
+   * User provides enterprise ID (enterpriseId)
+   * Returns available enterprise list if not provided or invalid
+
+2. Password Verification
+   * Support for username or email login
+   * Password policy validation
+   * Account status check
+
+3. Two-Factor Authentication (if enabled)
+   * Verify two-factor authentication code
+   * Support for multiple verification providers
+
+4. Password Change (if required)
+   * Force password change on first login
+   * Periodic password change requirement
+
+## Parameters
+
+* username (required)
+  * Username or email address
+
+* password (required)
+  * User password
+
+* enterpriseId (required)
+  * Enterprise ID, must be a valid GUID format
+
+* TwoFactorProvider (optional)
+  * Two-factor authentication provider name
+  * Only required when two-factor authentication is enabled
+
+* TwoFactorCode (optional)
+  * Two-factor authentication code
+  * Only required when two-factor authentication is enabled
+
+* ChangePasswordToken (optional)
+  * Password change token
+  * Only required when password change is needed
+
+* NewPassword (optional)
+  * New password
+  * Only required when password change is needed
+
+## Notes
+
+* Enterprise ID must be a valid GUID format
+* Password must comply with system-configured password policy
+* Two-factor authentication codes have limited validity
+* All authentication operations are recorded in security logs
+* HTTPS is recommended in production environments

aspnet-core/modules/openIddict/LINGYUN.Abp.OpenIddict.Portal/README.md

@@ -0,0 +1,124 @@
+# LINGYUN.Abp.OpenIddict.Portal
+
+[![ABP version](https://img.shields.io/badge/dynamic/xml?style=flat-square&color=yellow&label=abp&query=%2F%2FProject%2FPropertyGroup%2FAbpVersion&url=https%3A%2F%2Fraw.githubusercontent.com%2Fcolinin%2Fabp-next-admin%2Fmaster%2Faspnet-core%2Fmodules%2FopenIddict%2FLINGYUN.Abp.OpenIddict.Portal%2FLINGYUN.Abp.OpenIddict.Portal.csproj)](https://abp.io)
+[![NuGet](https://img.shields.io/nuget/v/LINGYUN.Abp.OpenIddict.Portal.svg?style=flat-square)](https://www.nuget.org/packages/LINGYUN.Abp.OpenIddict.Portal)
+
+## 简介
+
+`LINGYUN.Abp.OpenIddict.Portal` 是 OpenIddict 的门户认证扩展模块，提供了企业门户的认证功能，包括多租户选择、双因素认证、密码策略等特性。
+
+[English](./README.EN.md)
+
+## 功能特性
+
+* 企业门户认证
+  * 支持企业列表选择
+  * 支持多租户认证
+  * 支持企业 Logo 显示
+
+* 密码认证增强
+  * 支持邮箱登录
+  * 支持外部登录提供程序
+  * 支持密码策略验证
+  * 支持强制修改密码
+  * 支持定期修改密码
+
+* 双因素认证
+  * 支持多种验证提供程序
+  * 支持验证码验证
+  * 支持认证器验证
+
+* 安全日志
+  * 记录登录尝试
+  * 记录登录失败
+  * 记录密码修改
+
+## 安装
+
+```bash
+dotnet add package LINGYUN.Abp.OpenIddict.Portal
+```
+
+## 使用
+
+1. 添加 `[DependsOn(typeof(AbpOpenIddictPortalModule))]` 到你的模块类。
+
+2. 配置 OpenIddict 服务器:
+
+```csharp
+public override void PreConfigureServices(ServiceConfigurationContext context)
+{
+    PreConfigure<OpenIddictServerBuilder>(builder =>
+    {
+        // 允许门户认证流程
+        builder.AllowPortalFlow();
+    });
+}
+```
+
+3. 使用示例:
+
+```http
+POST /connect/token
+Content-Type: application/x-www-form-urlencoded
+
+grant_type=portal&
+username=admin&
+password=1q2w3E*&
+enterpriseId=your-enterprise-id&
+scope=openid profile
+```
+
+## 认证流程
+
+1. 企业选择
+   * 用户提供企业ID (enterpriseId)
+   * 如未提供或无效，返回可选企业列表
+
+2. 密码验证
+   * 支持用户名或邮箱登录
+   * 验证密码策略
+   * 检查账户状态
+
+3. 双因素认证 (如启用)
+   * 验证双因素认证码
+   * 支持多种验证提供程序
+
+4. 密码修改 (如需要)
+   * 首次登录强制修改密码
+   * 定期修改密码要求
+
+## 参数说明
+
+* username (必填)
+  * 用户名或邮箱地址
+
+* password (必填)
+  * 用户密码
+
+* enterpriseId (必填)
+  * 企业ID，必须是有效的GUID格式
+
+* TwoFactorProvider (可选)
+  * 双因素认证提供程序名称
+  * 仅在启用双因素认证时需要
+
+* TwoFactorCode (可选)
+  * 双因素认证码
+  * 仅在启用双因素认证时需要
+
+* ChangePasswordToken (可选)
+  * 修改密码令牌
+  * 仅在需要修改密码时需要
+
+* NewPassword (可选)
+  * 新密码
+  * 仅在需要修改密码时需要
+
+## 注意事项
+
+* 企业ID必须是有效的GUID格式
+* 密码必须符合系统配置的密码策略
+* 双因素认证码有效期有限
+* 所有认证操作都会记录安全日志
+* 建议在生产环境中使用 HTTPS

aspnet-core/modules/openIddict/LINGYUN.Abp.OpenIddict.Sms/README.EN.md

@@ -0,0 +1,97 @@
+# LINGYUN.Abp.OpenIddict.Sms
+
+[![ABP version](https://img.shields.io/badge/dynamic/xml?style=flat-square&color=yellow&label=abp&query=%2F%2FProject%2FPropertyGroup%2FAbpVersion&url=https%3A%2F%2Fraw.githubusercontent.com%2Fcolinin%2Fabp-next-admin%2Fmaster%2Faspnet-core%2Fmodules%2FopenIddict%2FLINGYUN.Abp.OpenIddict.Sms%2FLINGYUN.Abp.OpenIddict.Sms.csproj)](https://abp.io)
+[![NuGet](https://img.shields.io/nuget/v/LINGYUN.Abp.OpenIddict.Sms.svg?style=flat-square)](https://www.nuget.org/packages/LINGYUN.Abp.OpenIddict.Sms)
+
+## Introduction
+
+`LINGYUN.Abp.OpenIddict.Sms` is an SMS verification extension module for OpenIddict, providing authentication functionality based on phone numbers and SMS verification codes.
+
+[简体中文](./README.md)
+
+## Features
+
+* SMS Verification Code Authentication
+  * Support for phone number login
+  * Support for SMS verification code validation
+  * Support for multi-tenant authentication
+
+* User Management Integration
+  * Support for finding users by phone number
+  * Support for account lockout policy
+  * Support for failed attempt counting
+
+* Security Logging
+  * Record login attempts
+  * Record verification code failures
+  * Record account lockouts
+
+* Localization Support
+  * Integrated with ABP localization framework
+  * Support for custom error messages
+
+## Installation
+
+```bash
+dotnet add package LINGYUN.Abp.OpenIddict.Sms
+```
+
+## Usage
+
+1. Add `[DependsOn(typeof(AbpOpenIddictSmsModule))]` to your module class.
+
+2. Configure OpenIddict server:
+
+```csharp
+public override void PreConfigureServices(ServiceConfigurationContext context)
+{
+    PreConfigure<OpenIddictServerBuilder>(builder =>
+    {
+        // Allow SMS verification code authentication flow
+        builder.AllowSmsFlow();
+    });
+}
+```
+
+3. Usage example:
+
+```http
+POST /connect/token
+Content-Type: application/x-www-form-urlencoded
+
+grant_type=sms&
+phone_number=13800138000&
+phone_verify=123456&
+scope=openid profile
+```
+
+## Parameters
+
+* phone_number (required)
+  * Phone number
+  * Must be a valid phone number format
+
+* phone_verify (required)
+  * SMS verification code
+  * Must be a valid verification code
+
+* scope (optional)
+  * Requested permission scopes
+  * Defaults include openid profile
+
+## Error Codes
+
+* invalid_grant
+  * GrantTypeInvalid - Authorization type not allowed
+  * PhoneVerifyInvalid - Phone verification code invalid or expired
+  * PhoneOrTokenCodeNotFound - Phone number or verification code not provided
+  * PhoneNumberNotRegister - Phone number not registered
+
+## Notes
+
+* Phone number must be registered
+* Verification codes have limited validity
+* Failed verifications increase failure count
+* Multiple verification failures may lead to account lockout
+* All authentication operations are recorded in security logs
+* HTTPS is recommended in production environments

aspnet-core/modules/openIddict/LINGYUN.Abp.OpenIddict.Sms/README.md

@@ -0,0 +1,97 @@
+# LINGYUN.Abp.OpenIddict.Sms
+
+[![ABP version](https://img.shields.io/badge/dynamic/xml?style=flat-square&color=yellow&label=abp&query=%2F%2FProject%2FPropertyGroup%2FAbpVersion&url=https%3A%2F%2Fraw.githubusercontent.com%2Fcolinin%2Fabp-next-admin%2Fmaster%2Faspnet-core%2Fmodules%2FopenIddict%2FLINGYUN.Abp.OpenIddict.Sms%2FLINGYUN.Abp.OpenIddict.Sms.csproj)](https://abp.io)
+[![NuGet](https://img.shields.io/nuget/v/LINGYUN.Abp.OpenIddict.Sms.svg?style=flat-square)](https://www.nuget.org/packages/LINGYUN.Abp.OpenIddict.Sms)
+
+## 简介
+
+`LINGYUN.Abp.OpenIddict.Sms` 是 OpenIddict 的短信验证扩展模块，提供了基于手机号码和短信验证码的认证功能。
+
+[English](./README.EN.md)
+
+## 功能特性
+
+* 短信验证码认证
+  * 支持手机号码登录
+  * 支持短信验证码验证
+  * 支持多租户认证
+
+* 用户管理集成
+  * 支持手机号码查找用户
+  * 支持账户锁定策略
+  * 支持失败尝试计数
+
+* 安全日志
+  * 记录登录尝试
+  * 记录验证码验证失败
+  * 记录账户锁定
+
+* 多语言支持
+  * 集成 ABP 本地化框架
+  * 支持自定义错误消息
+
+## 安装
+
+```bash
+dotnet add package LINGYUN.Abp.OpenIddict.Sms
+```
+
+## 使用
+
+1. 添加 `[DependsOn(typeof(AbpOpenIddictSmsModule))]` 到你的模块类。
+
+2. 配置 OpenIddict 服务器:
+
+```csharp
+public override void PreConfigureServices(ServiceConfigurationContext context)
+{
+    PreConfigure<OpenIddictServerBuilder>(builder =>
+    {
+        // 允许短信验证码认证流程
+        builder.AllowSmsFlow();
+    });
+}
+```
+
+3. 使用示例:
+
+```http
+POST /connect/token
+Content-Type: application/x-www-form-urlencoded
+
+grant_type=sms&
+phone_number=13800138000&
+phone_verify=123456&
+scope=openid profile
+```
+
+## 参数说明
+
+* phone_number (必填)
+  * 手机号码
+  * 必须是有效的手机号码格式
+
+* phone_verify (必填)
+  * 短信验证码
+  * 必须是有效的验证码
+
+* scope (可选)
+  * 请求的权限范围
+  * 默认包含 openid profile
+
+## 错误码说明
+
+* invalid_grant
+  * GrantTypeInvalid - 不被允许的授权类型
+  * PhoneVerifyInvalid - 手机验证码无效或已过期
+  * PhoneOrTokenCodeNotFound - 手机号码或验证码未输入
+  * PhoneNumberNotRegister - 登录的手机号码未注册
+
+## 注意事项
+
+* 手机号码必须已经注册
+* 验证码有效期有限
+* 验证失败会增加失败计数
+* 多次验证失败可能导致账户锁定
+* 所有认证操作都会记录安全日志
+* 建议在生产环境中使用 HTTPS

aspnet-core/modules/openIddict/LINGYUN.Abp.OpenIddict.WeChat.Work/README.EN.md

@@ -0,0 +1,99 @@
+# LINGYUN.Abp.OpenIddict.WeChat.Work
+
+[![ABP version](https://img.shields.io/badge/dynamic/xml?style=flat-square&color=yellow&label=abp&query=%2F%2FProject%2FPropertyGroup%2FAbpVersion&url=https%3A%2F%2Fraw.githubusercontent.com%2Fcolinin%2Fabp-next-admin%2Fmaster%2Faspnet-core%2Fmodules%2FopenIddict%2FLINGYUN.Abp.OpenIddict.WeChat.Work%2FLINGYUN.Abp.OpenIddict.WeChat.Work.csproj)](https://abp.io)
+[![NuGet](https://img.shields.io/nuget/v/LINGYUN.Abp.OpenIddict.WeChat.Work.svg?style=flat-square)](https://www.nuget.org/packages/LINGYUN.Abp.OpenIddict.WeChat.Work)
+
+## Introduction
+
+`LINGYUN.Abp.OpenIddict.WeChat.Work` is a WeChat Work (Enterprise WeChat) authentication extension module based on OpenIddict, supporting WeChat Work authentication flow.
+
+[简体中文](./README.md)
+
+## Features
+
+* WeChat Work Authentication
+  * Support WeChat Work authorization login
+  * Support automatic new user registration
+  * Support cross-tenant authentication
+  * Support security logging
+
+* User Management Integration
+  * Support WeChat Work account binding
+  * Support account lockout policy
+  * Support failed attempt counting
+
+* Security Logging
+  * Record login attempts
+  * Record authentication failures
+  * Record account lockouts
+
+* Localization Support
+  * Integrated with ABP localization framework
+  * Support custom error messages
+
+## Installation
+
+```bash
+dotnet add package LINGYUN.Abp.OpenIddict.WeChat.Work
+```
+
+## Usage
+
+1. Add `[DependsOn(typeof(AbpOpenIddictWeChatWorkModule))]` to your module class.
+
+2. Configure OpenIddict server:
+
+```csharp
+public override void PreConfigureServices(ServiceConfigurationContext context)
+{
+    PreConfigure<OpenIddictServerBuilder>(builder =>
+    {
+        // Allow WeChat Work authentication flow
+        builder.AllowWeChatWorkFlow();
+    });
+}
+```
+
+3. Usage example:
+
+WeChat Work Authentication:
+```http
+POST /connect/token
+Content-Type: application/x-www-form-urlencoded
+
+grant_type=wechat_work&
+agent_id=1000001&
+code=021iZ1Ga1TpLOB0dXJIa1Zr6RR1iZ1G7&
+scope=openid profile wechat_work
+```
+
+## Parameters
+
+* agent_id (required)
+  * WeChat Work application ID
+  * Must be a valid WeChat Work application ID
+
+* code (required)
+  * WeChat Work authorization code
+  * Must be a valid WeChat Work authorization code
+
+* scope (optional)
+  * Requested permission scopes
+  * Defaults include openid profile wechat_work
+
+## Error Codes
+
+* invalid_grant
+  * GrantTypeInvalid - Authorization type not allowed
+  * WeChatTokenInvalid - WeChat Work authentication failed
+  * AgentIdOrCodeNotFound - Application ID or authorization code empty or not found
+  * UserIdNotRegister - User WeChat Work account not bound
+
+## Notes
+
+* Must configure correct WeChat Work application ID and secret
+* Must configure correct WeChat Work enterprise ID
+* Authorization codes have limited validity
+* Multiple authentication failures may lead to account lockout
+* All authentication operations are recorded in security logs
+* HTTPS is recommended in production environments

aspnet-core/modules/openIddict/LINGYUN.Abp.OpenIddict.WeChat.Work/README.md

@@ -0,0 +1,99 @@
+# LINGYUN.Abp.OpenIddict.WeChat.Work
+
+[![ABP version](https://img.shields.io/badge/dynamic/xml?style=flat-square&color=yellow&label=abp&query=%2F%2FProject%2FPropertyGroup%2FAbpVersion&url=https%3A%2F%2Fraw.githubusercontent.com%2Fcolinin%2Fabp-next-admin%2Fmaster%2Faspnet-core%2Fmodules%2FopenIddict%2FLINGYUN.Abp.OpenIddict.WeChat.Work%2FLINGYUN.Abp.OpenIddict.WeChat.Work.csproj)](https://abp.io)
+[![NuGet](https://img.shields.io/nuget/v/LINGYUN.Abp.OpenIddict.WeChat.Work.svg?style=flat-square)](https://www.nuget.org/packages/LINGYUN.Abp.OpenIddict.WeChat.Work)
+
+## 介绍
+
+`LINGYUN.Abp.OpenIddict.WeChat.Work` 是一个基于 OpenIddict 的企业微信认证扩展模块，支持企业微信的认证流程。
+
+[English](./README.EN.md)
+
+## 功能
+
+* 企业微信认证
+  * 支持企业微信授权登录
+  * 支持自动注册新用户
+  * 支持跨租户认证
+  * 支持安全日志记录
+
+* 用户管理集成
+  * 支持企业微信账号绑定
+  * 支持账号锁定策略
+  * 支持失败尝试计数
+
+* 安全日志
+  * 记录登录尝试
+  * 记录认证失败
+  * 记录账号锁定
+
+* 本地化支持
+  * 集成 ABP 本地化框架
+  * 支持自定义错误消息
+
+## 安装
+
+```bash
+dotnet add package LINGYUN.Abp.OpenIddict.WeChat.Work
+```
+
+## 使用
+
+1. 添加 `[DependsOn(typeof(AbpOpenIddictWeChatWorkModule))]` 到你的模块类。
+
+2. 配置 OpenIddict 服务器：
+
+```csharp
+public override void PreConfigureServices(ServiceConfigurationContext context)
+{
+    PreConfigure<OpenIddictServerBuilder>(builder =>
+    {
+        // 允许企业微信认证流程
+        builder.AllowWeChatWorkFlow();
+    });
+}
+```
+
+3. 使用示例：
+
+企业微信认证：
+```http
+POST /connect/token
+Content-Type: application/x-www-form-urlencoded
+
+grant_type=wechat_work&
+agent_id=1000001&
+code=021iZ1Ga1TpLOB0dXJIa1Zr6RR1iZ1G7&
+scope=openid profile wechat_work
+```
+
+## 参数
+
+* agent_id (必填)
+  * 企业微信应用ID
+  * 必须是有效的企业微信应用ID
+
+* code (必填)
+  * 企业微信授权码
+  * 必须是有效的企业微信授权码
+
+* scope (可选)
+  * 请求的权限范围
+  * 默认包含 openid profile wechat_work
+
+## 错误码
+
+* invalid_grant
+  * GrantTypeInvalid - 不被允许的授权类型
+  * WeChatTokenInvalid - 企业微信认证失败
+  * AgentIdOrCodeNotFound - 应用ID或授权码为空或不存在
+  * UserIdNotRegister - 用户企业微信账号未绑定
+
+## 注意事项
+
+* 必须配置正确的企业微信应用ID和密钥
+* 必须配置正确的企业微信企业ID
+* 授权码有效期有限
+* 多次认证失败可能导致账号锁定
+* 所有认证操作都会记录在安全日志中
+* 生产环境建议使用 HTTPS

aspnet-core/modules/openIddict/LINGYUN.Abp.OpenIddict.WeChat/README.EN.md

@@ -0,0 +1,110 @@
+# LINGYUN.Abp.OpenIddict.WeChat
+
+[![ABP version](https://img.shields.io/badge/dynamic/xml?style=flat-square&color=yellow&label=abp&query=%2F%2FProject%2FPropertyGroup%2FAbpVersion&url=https%3A%2F%2Fraw.githubusercontent.com%2Fcolinin%2Fabp-next-admin%2Fmaster%2Faspnet-core%2Fmodules%2FopenIddict%2FLINGYUN.Abp.OpenIddict.WeChat%2FLINGYUN.Abp.OpenIddict.WeChat.csproj)](https://abp.io)
+[![NuGet](https://img.shields.io/nuget/v/LINGYUN.Abp.OpenIddict.WeChat.svg?style=flat-square)](https://www.nuget.org/packages/LINGYUN.Abp.OpenIddict.WeChat)
+
+## Introduction
+
+`LINGYUN.Abp.OpenIddict.WeChat` is a WeChat authentication extension module based on OpenIddict, supporting authentication flows for WeChat Official Platform and WeChat Mini Program.
+
+[简体中文](./README.md)
+
+## Features
+
+* WeChat Official Platform Authentication
+  * Support Official Account authorization login
+  * Support automatic new user registration
+  * Support cross-tenant authentication
+  * Support security logging
+
+* WeChat Mini Program Authentication
+  * Support Mini Program authorization login
+  * Support automatic new user registration
+  * Support cross-tenant authentication
+  * Support security logging
+
+* User Management Integration
+  * Support WeChat account binding
+  * Support account lockout policy
+  * Support failed attempt counting
+
+* Security Logging
+  * Record login attempts
+  * Record authentication failures
+  * Record account lockouts
+
+* Localization Support
+  * Integrated with ABP localization framework
+  * Support custom error messages
+
+## Installation
+
+```bash
+dotnet add package LINGYUN.Abp.OpenIddict.WeChat
+```
+
+## Usage
+
+1. Add `[DependsOn(typeof(AbpOpenIddictWeChatModule))]` to your module class.
+
+2. Configure OpenIddict server:
+
+```csharp
+public override void PreConfigureServices(ServiceConfigurationContext context)
+{
+    PreConfigure<OpenIddictServerBuilder>(builder =>
+    {
+        // Allow WeChat authentication flow
+        builder.AllowWeChatFlow();
+    });
+}
+```
+
+3. Usage examples:
+
+WeChat Official Platform Authentication:
+```http
+POST /connect/token
+Content-Type: application/x-www-form-urlencoded
+
+grant_type=wechat_official&
+code=021iZ1Ga1TpLOB0dXJIa1Zr6RR1iZ1G7&
+scope=openid profile wechat
+```
+
+WeChat Mini Program Authentication:
+```http
+POST /connect/token
+Content-Type: application/x-www-form-urlencoded
+
+grant_type=wechat_mini_program&
+code=021iZ1Ga1TpLOB0dXJIa1Zr6RR1iZ1G7&
+scope=openid profile wechat
+```
+
+## Parameters
+
+* code (required)
+  * WeChat authorization code
+  * Must be a valid WeChat authorization code
+
+* scope (optional)
+  * Requested permission scopes
+  * Defaults include openid profile wechat
+
+## Error Codes
+
+* invalid_grant
+  * GrantTypeInvalid - Authorization type not allowed
+  * WeChatTokenInvalid - WeChat authentication failed
+  * WeChatCodeNotFound - WeChat authorization code empty or not found
+  * WeChatNotRegister - User WeChat account not bound
+
+## Notes
+
+* Must enable corresponding features (Official Platform or Mini Program authorization)
+* Must configure correct WeChat application ID and secret
+* Authorization codes have limited validity
+* Multiple authentication failures may lead to account lockout
+* All authentication operations are recorded in security logs
+* HTTPS is recommended in production environments

aspnet-core/modules/openIddict/LINGYUN.Abp.OpenIddict.WeChat/README.md

@@ -0,0 +1,110 @@
+# LINGYUN.Abp.OpenIddict.WeChat
+
+[![ABP version](https://img.shields.io/badge/dynamic/xml?style=flat-square&color=yellow&label=abp&query=%2F%2FProject%2FPropertyGroup%2FAbpVersion&url=https%3A%2F%2Fraw.githubusercontent.com%2Fcolinin%2Fabp-next-admin%2Fmaster%2Faspnet-core%2Fmodules%2FopenIddict%2FLINGYUN.Abp.OpenIddict.WeChat%2FLINGYUN.Abp.OpenIddict.WeChat.csproj)](https://abp.io)
+[![NuGet](https://img.shields.io/nuget/v/LINGYUN.Abp.OpenIddict.WeChat.svg?style=flat-square)](https://www.nuget.org/packages/LINGYUN.Abp.OpenIddict.WeChat)
+
+## 介绍
+
+`LINGYUN.Abp.OpenIddict.WeChat` 是一个基于 OpenIddict 的微信认证扩展模块，支持微信公众平台和微信小程序的认证流程。
+
+[English](./README.EN.md)
+
+## 功能
+
+* 微信公众平台认证
+  * 支持公众号授权登录
+  * 支持自动注册新用户
+  * 支持跨租户认证
+  * 支持安全日志记录
+
+* 微信小程序认证
+  * 支持小程序授权登录
+  * 支持自动注册新用户
+  * 支持跨租户认证
+  * 支持安全日志记录
+
+* 用户管理集成
+  * 支持微信账号绑定
+  * 支持账号锁定策略
+  * 支持失败尝试计数
+
+* 安全日志
+  * 记录登录尝试
+  * 记录认证失败
+  * 记录账号锁定
+
+* 本地化支持
+  * 集成 ABP 本地化框架
+  * 支持自定义错误消息
+
+## 安装
+
+```bash
+dotnet add package LINGYUN.Abp.OpenIddict.WeChat
+```
+
+## 使用
+
+1. 添加 `[DependsOn(typeof(AbpOpenIddictWeChatModule))]` 到你的模块类。
+
+2. 配置 OpenIddict 服务器：
+
+```csharp
+public override void PreConfigureServices(ServiceConfigurationContext context)
+{
+    PreConfigure<OpenIddictServerBuilder>(builder =>
+    {
+        // 允许微信认证流程
+        builder.AllowWeChatFlow();
+    });
+}
+```
+
+3. 使用示例：
+
+微信公众平台认证：
+```http
+POST /connect/token
+Content-Type: application/x-www-form-urlencoded
+
+grant_type=wechat_official&
+code=021iZ1Ga1TpLOB0dXJIa1Zr6RR1iZ1G7&
+scope=openid profile wechat
+```
+
+微信小程序认证：
+```http
+POST /connect/token
+Content-Type: application/x-www-form-urlencoded
+
+grant_type=wechat_mini_program&
+code=021iZ1Ga1TpLOB0dXJIa1Zr6RR1iZ1G7&
+scope=openid profile wechat
+```
+
+## 参数
+
+* code (必填)
+  * 微信授权码
+  * 必须是有效的微信授权码
+
+* scope (可选)
+  * 请求的权限范围
+  * 默认包含 openid profile wechat
+
+## 错误码
+
+* invalid_grant
+  * GrantTypeInvalid - 不被允许的授权类型
+  * WeChatTokenInvalid - 微信认证失败
+  * WeChatCodeNotFound - 微信授权码为空或不存在
+  * WeChatNotRegister - 用户微信账号未绑定
+
+## 注意事项
+
+* 必须启用相应的功能（公众平台或小程序授权）
+* 必须配置正确的微信应用 ID 和密钥
+* 授权码有效期有限
+* 多次认证失败可能导致账号锁定
+* 所有认证操作都会记录在安全日志中
+* 生产环境建议使用 HTTPS