yida-login

Original：🇨🇳 Chinese

Translated

1 scriptsChecked / no sensitive code detected

Yida Platform Login State Management Skill, manages login state via Playwright (Cookie Persistence + QR Code Login) and retrieves CSRF Token.

1installs

Sourceopenyida/yida-skills

Added on2026-03-14

NPX Install

npx skill4agent add openyida/yida-skills yida-login

SKILL.md Content (Chinese)

View Translation Comparison →

Yida Login State Management Skill

Overview

This skill provides login state management capabilities for the Yida platform, supporting cookie persistence and automatic verification. A QR code login is required for the first use, and cookies will be reused automatically in subsequent uses.

When to Use

Use this skill in the following scenarios:

First-time use of Yida skills, requiring QR code login
Cookies expired or invalid, requiring re-login
Login state exception prompts when calling other skills
User requests manual login execution

Usage Examples

Example 1: Trigger Login

Scenario: Manually trigger QR code login Command:

bash

python3 .claude/skills/yida-login/scripts/login.py

Output:

json

{"csrf_token":"b2a5d192-xxx","corp_id":"dingxxx","user_id":"1955225xxx","base_url":"https://abcd.aliwork.com"}

Example 2: Refresh CSRF Token

Scenario: CSRF Token is invalid but cookies are valid Command:

bash

python3 .claude/skills/yida-login/scripts/login.py --refresh-csrf

Usage Method

bash

python3 .claude/skills/yida-login/scripts/login.py

No parameters are required. The login address is read from the

loginUrl

field in the

config.json

file in the project root directory. After login, it may redirect to domains such as

abcd.aliwork.com

Output: After successful login,

csrf_token

base_url

(the actual domain after redirection) and cookie information will be output to stdout in JSON format. Meanwhile, cookies will be persisted to

.cache/cookies.json

in the project root directory.

⚠️ Important:
base_url
is obtained from the actual domain the browser redirects to after login, not the
loginUrl
or
defaultBaseUrl
configured in
config.json
. For example, even if
loginUrl
is configured as
https://www.aliwork.com
, if your account's organization corresponds to
abcd.aliwork.com
, the platform will automatically redirect, and the final
base_url
will be
https://abcd.aliwork.com
. All subsequent API requests (including
yida-publish
releases) will use this
base_url
. To publish to a specific domain, ensure that the
loginUrl
in
config.json
points to the domain corresponding to that organization, and your account belongs to that organization.

The project root directory is located by searching upward for the
config.json
or
.git
directory.

Workflow

Check if the
```
.cache/cookies.json
```
cache (containing cookies and
```
base_url
```
) exists locally
If it exists, directly extract
```
csrf_token
```
(
```
tianshu_csrf_token
```
),
```
corp_id
```
and
```
user_id
```
(
```
tianshu_corp_user
```
) from the cookies without accessing any pages
If
```
tianshu_csrf_token
```
is not present in the cookies, it is considered invalid, and a headed browser will be opened for the user to scan the QR code to log in
After successful login, extract the required information directly from the cookies, and save the cookies and
```
base_url
```
(obtained from the actual redirected URL after login)

Prerequisites

Python 3.12+

playwright（

pip install playwright && playwright install chromium

）

File Structure

yida-login/
├── SKILL.md           # This document
└── scripts/
    └── login.py       # Login script

Project Root Directory/
├── config.json        # Global configuration (loginUrl, defaultBaseUrl)
└── .cache/
    └── cookies.json   # Login state cache (automatically generated at runtime, contains cookies + base_url)

Output Format

After the script is successfully executed, the last line outputs JSON:

json

{
  "csrf_token": "b2a5d192-db90-484c-880f-9b48edd396d5",
  "corp_id": "ding9a0954b4f9d9d40ef5bf40eda33b7ba0",
  "user_id": "19552253733782",
  "base_url": "https://abcd.aliwork.com",
  "cookies": [...]
}

csrf_token
is extracted from the value of the cookie
tianshu_csrf_token
;
corp_id
and
user_id
are extracted from the value of the cookie
tianshu_corp_user
, which is in the format
{corpId}_{userId}
, separated by the last
_
.

base_url
is the actual domain the browser redirects to after login (e.g.,
https://abcd.aliwork.com
), which may differ from the
loginUrl
in
config.json
. Other scripts should use this value as the base address for API requests instead of hardcoding the domain.

Other scripts can receive and parse the last line of stdout via a pipe to obtain login state information.

Cache Format

The format of the

.cache/cookies.json

file (compatible with the old pure cookie array):

json

{
  "cookies": [...],
  "base_url": "https://abcd.aliwork.com"
}

csrf_token

corp_id

, and

user_id

are not stored in the cache; they are directly extracted from the cookie list (fields

tianshu_csrf_token

and

tianshu_corp_user

) each time the script starts.

Global Configuration

All scripts (

login.py

and various JS scripts) read configurations from the

config.json

file in the project root directory, and no longer hardcode URLs:

json

{
  "loginUrl": "https://www.aliwork.com/workPlatform",
  "defaultBaseUrl": "https://www.aliwork.com"
}

Field	Description
`loginUrl`	QR code login page address (the platform may automatically redirect to another domain after successful login)
`defaultBaseUrl`	Default base address for API requests (only used as a fallback when `base_url` cannot be obtained from the login state, and will not be used in normal processes)

Error Handling Mechanism

Each skill script determines login state exceptions by parsing the

errorCode

field in the interface response body, and automatically calls this skill for processing:

errorCode	Meaning	Handling Method
`"TIANSHU_000030"`	CSRF verification failed (csrf_token expired)	Call `login.py --refresh-csrf` to refresh the csrf_token headlessly without requiring re-scanning the QR code
`"307"`	Login state has expired (cookies invalid)	Call `login.py` to trigger a full re-login (may require QR code scanning)

Note: Error judgment is based on the
errorCode
field in the response body JSON, not the HTTP status code.

Logout

Clear the content of the local cookie cache file to complete logout. The next time any skill is called, it will automatically trigger re-login via QR code:

bash

echo -n "" > .cache/cookies.json

Applicable Scenarios:

Need to switch accounts or organizations
Cookies are invalid and cannot be refreshed automatically
User actively requests to log out

Note: The cookie cache file is located in the
.cache/
directory of the project root directory (the directory containing
README.md
or
.git
). Logging out does not affect deployed pages or saved data.

Coordination with Other Skills

Logout: When you need to switch accounts or cookies are invalid, execute the above "Logout" command and then re-run any skill to trigger QR code login
yida-publish
: Automatically calls this skill to obtain login state during publishing

yida-create-app
, yida-create-page
, yida-create-form-page
: Pass the output of this skill via a pipe

yida-login

NPX Install

Tags

SKILL.md Content (Chinese)

Yida Login State Management Skill

Overview

When to Use

Usage Examples

Example 1: Trigger Login

Example 2: Refresh CSRF Token

Usage Method

Workflow

Prerequisites

File Structure

Output Format

Cache Format

Global Configuration

Error Handling Mechanism

Logout

Coordination with Other Skills

yida-login

NPX Install

Tags

SKILL.md Content (Chinese)

Yida Login State Management Skill

Overview

When to Use

Usage Examples

Example 1: Trigger Login

Example 2: Refresh CSRF Token

Usage Method

Workflow

Prerequisites

File Structure

Output Format

Cache Format

Global Configuration

Error Handling Mechanism

Logout

Coordination with Other Skills