yhzhu的随手记

Clarifying the boundaries between access tokens, refresh tokens, authorization codes, browser sessions, and server-side session revocation in OAuth2/OIDC, with explanations of common timeout phenomena and recommended time configuration strategies.

梳理 OAuth2/OIDC 中 access token、refresh token、授权码、浏览器会话与服务端会话撤销之间的边界，说明前后端常见超时现象与推荐的时间配置思路。

A detailed walkthrough of troubleshooting OAuth2 redirect URLs with incorrect ports in a multi-layer proxy architecture using APISIX, and the complete solution via configuring trusted_addresses.

记录一次 APISIX 网关在多层代理架构下，OAuth2 重定向 URL 包含错误端口的问题排查过程，以及通过配置 trusted_addresses 解决的完整方案。

A practical guide to designing API gateway routing for OAuth2 authentication flows in microservices. Learn how to handle redirects, configure Context-Path, and implement BFF patterns for seamless service decomposition without breaking client contracts.

微服务架构中 API 网关 OAuth2 认证流程路由设计的实践指南。学习如何处理重定向、配置 Context-Path，以及实现 BFF 模式，实现客户端无感知的服务拆分。

记录一个 Java 技术团队在微服务架构中的网关选型过程，对比 Kong、APISIX、Spring Cloud Gateway、Higress 等主流方案。在 AI 辅助编程的加持下，最终选择基于 Nginx 的 APISIX，兼顾性能与扩展性。

传统的大宽表用户设计难以应对多样化登录方式。了解如何通过分离 AuthIdentity 与 User 实体，构建支持邮箱、手机号、社交登录和 SSO 的灵活可扩展认证体系，无需修改表结构。

Traditional 'wide table' user designs struggle with diverse login methods. Learn how separating AuthIdentity from User entities enables flexible, scalable authentication supporting email, mobile, social logins, and SSO without schema migrations.

Recurring meetings break standard delta sync logic. Learn how to synchronize Outlook recurring events with EspoCRM using windowed expansion and series rebuild strategies—a production-grade solution for Microsoft Graph API integration.