From c53d5c105be2dba1c837eb402abc292f47ac4acf Mon Sep 17 00:00:00 2001
From: zxhlyh <jasonapring2015@outlook.com>
Date: Thu, 3 Jul 2025 17:55:52 +0800
Subject: [PATCH 01/25] feat: tool oauth

---
 web/app/components/base/modal/modal.tsx       | 118 +++++++++++++++++
 .../tools/tool-auth/add-api-key-button.tsx    |  40 ++++++
 .../tools/tool-auth/add-oauth-button.tsx      |  69 ++++++++++
 .../tools/tool-auth/api-key-modal.tsx         |  52 ++++++++
 .../tools/tool-auth/authorization.tsx         | 124 ++++++++++++++++++
 web/app/components/tools/tool-auth/index.tsx  |  23 ++++
 .../tools/tool-auth/oauth-client-settings.tsx |  26 ++++
 .../components/workflow/nodes/tool/panel.tsx  |   6 +
 8 files changed, 458 insertions(+)
 create mode 100644 web/app/components/base/modal/modal.tsx
 create mode 100644 web/app/components/tools/tool-auth/add-api-key-button.tsx
 create mode 100644 web/app/components/tools/tool-auth/add-oauth-button.tsx
 create mode 100644 web/app/components/tools/tool-auth/api-key-modal.tsx
 create mode 100644 web/app/components/tools/tool-auth/authorization.tsx
 create mode 100644 web/app/components/tools/tool-auth/index.tsx
 create mode 100644 web/app/components/tools/tool-auth/oauth-client-settings.tsx
diff --git a/web/app/components/base/modal/modal.tsx b/web/app/components/base/modal/modal.tsx
new file mode 100644
index 0000000000..3137e7adcc
--- /dev/null
+++ b/web/app/components/base/modal/modal.tsx
@@ -0,0 +1,118 @@
+import { memo } from 'react'
+import { useTranslation } from 'react-i18next'
+import { RiCloseLine } from '@remixicon/react'
+import {
+  PortalToFollowElem,
+  PortalToFollowElemContent,
+} from '@/app/components/base/portal-to-follow-elem'
+import Button from '@/app/components/base/button'
+import type { ButtonProps } from '@/app/components/base/button'
+import cn from '@/utils/classnames'
+
+type ModalProps = {
+  onClose?: () => void
+  size?: 'sm' | 'md'
+  title: string
+  subTitle?: string
+  children?: React.ReactNode
+  confirmButtonText?: string
+  onConfirm?: () => void
+  cancelButtonText?: string
+  onCancel?: () => void
+  showExtraButton?: boolean
+  extraButtonText?: string
+  extraButtonVariant?: ButtonProps['variant']
+  onExtraButtonClick?: () => void
+  footerSlot?: React.ReactNode
+  bottomSlot?: React.ReactNode
+}
+const Modal = ({
+  onClose,
+  size = 'sm',
+  title,
+  subTitle,
+  children,
+  confirmButtonText,
+  onConfirm,
+  cancelButtonText,
+  onCancel,
+  showExtraButton,
+  extraButtonVariant = 'warning',
+  extraButtonText,
+  onExtraButtonClick,
+  footerSlot,
+  bottomSlot,
+}: ModalProps) => {
+  const { t } = useTranslation()
+
+  return (
+    <PortalToFollowElem open>
+      <PortalToFollowElemContent
+        className='z-[999999] flex h-full w-full items-center justify-center bg-background-overlay'
+        onClick={onClose}
+      >
+        <div
+          className={cn(
+            'max-h-[80%] w-[480px] overflow-y-auto rounded-2xl border-[0.5px] border-components-panel-border bg-components-panel-bg shadow-xs',
+            size === 'sm' && 'w-[480px',
+            size === 'md' && 'w-[640px]',
+          )}
+          onClick={e => e.stopPropagation()}
+        >
+          <div className='title-2xl-semi-bold relative p-6 pb-3 pr-14 text-text-primary'>
+            {title}
+            {
+              subTitle && (
+                <div className='system-xs-regular mt-1 text-text-tertiary'>
+                  {subTitle}
+                </div>
+              )
+            }
+            <div
+              className='absolute right-5 top-5 flex h-8 w-8 cursor-pointer items-center justify-center rounded-lg'
+              onClick={onClose}
+            >
+              <RiCloseLine className='h-5 w-5 text-text-tertiary' />
+            </div>
+          </div>
+          {
+            children && (
+              <div className='px-6 py-3'>{children}</div>
+            )
+          }
+          <div className='flex items-center justify-end p-6 pt-5'>
+            {footerSlot}
+            {
+              showExtraButton && (
+                <>
+                  <Button
+                    variant={extraButtonVariant}
+                    onClick={onExtraButtonClick}
+                  >
+                    {extraButtonText || t('common.operation.remove')}
+                  </Button>
+                  <div className='mx-3 h-4 w-[1px] bg-divider-regular'></div>
+                </>
+              )
+            }
+            <Button
+              onClick={onCancel}
+            >
+              {cancelButtonText || t('common.operation.cancel')}
+            </Button>
+            <Button
+              className='ml-2'
+              variant='primary'
+              onClick={onConfirm}
+            >
+              {confirmButtonText || t('common.operation.save')}
+            </Button>
+          </div>
+          {bottomSlot}
+        </div>
+      </PortalToFollowElemContent>
+    </PortalToFollowElem>
+  )
+}
+
+export default memo(Modal)
diff --git a/web/app/components/tools/tool-auth/add-api-key-button.tsx b/web/app/components/tools/tool-auth/add-api-key-button.tsx
new file mode 100644
index 0000000000..21eeed5600
--- /dev/null
+++ b/web/app/components/tools/tool-auth/add-api-key-button.tsx
@@ -0,0 +1,40 @@
+import {
+  memo,
+  useState,
+} from 'react'
+import Button from '@/app/components/base/button'
+import type { ButtonProps } from '@/app/components/base/button'
+import ApiKeyModal from './api-key-modal'
+
+type AddApiKeyButtonProps = {
+  buttonVariant?: ButtonProps['variant']
+  buttonText?: string
+}
+const AddApiKeyButton = ({
+  buttonVariant = 'secondary-accent',
+  buttonText = 'use api key',
+}: AddApiKeyButtonProps) => {
+  const [isApiKeyModalOpen, setIsApiKeyModalOpen] = useState(false)
+
+  return (
+    <>
+      <Button
+        className='grow'
+        variant={buttonVariant}
+        onClick={() => setIsApiKeyModalOpen(true)}
+      >
+        {buttonText}
+      </Button>
+      {
+        isApiKeyModalOpen && (
+          <ApiKeyModal
+            onClose={() => setIsApiKeyModalOpen(false)}
+          />
+        )
+      }
+    </>
+
+  )
+}
+
+export default memo(AddApiKeyButton)
diff --git a/web/app/components/tools/tool-auth/add-oauth-button.tsx b/web/app/components/tools/tool-auth/add-oauth-button.tsx
new file mode 100644
index 0000000000..7e6bc91774
--- /dev/null
+++ b/web/app/components/tools/tool-auth/add-oauth-button.tsx
@@ -0,0 +1,69 @@
+import {
+  memo,
+  useState,
+} from 'react'
+import { RiEqualizer2Line } from '@remixicon/react'
+import Button from '@/app/components/base/button'
+import type { ButtonProps } from '@/app/components/base/button'
+import OAuthClientSettings from './oauth-client-settings'
+import cn from '@/utils/classnames'
+
+type AddOAuthButtonProps = {
+  buttonVariant?: ButtonProps['variant']
+  buttonText?: string
+  className?: string
+  buttonLeftClassName?: string
+  buttonRightClassName?: string
+  dividerClassName?: string
+}
+const AddOAuthButton = ({
+  buttonVariant = 'primary',
+  buttonText = 'use oauth',
+  className,
+  buttonLeftClassName,
+  buttonRightClassName,
+  dividerClassName,
+}: AddOAuthButtonProps) => {
+  const [isOAuthSettingsOpen, setIsOAuthSettingsOpen] = useState(false)
+
+  return (
+    <>
+      <Button
+        variant={buttonVariant}
+        className={cn(
+          'grow px-0 py-0 hover:bg-components-button-primary-bg',
+          className,
+        )}
+      >
+        <div className={cn(
+          'flex h-full grow items-center justify-center rounded-l-lg hover:bg-components-button-primary-bg-hover',
+          buttonLeftClassName,
+        )}>
+          {buttonText}
+        </div>
+        <div className={cn(
+          'h-4 w-[1px] bg-text-primary-on-surface opacity-[0.15]',
+          dividerClassName,
+        )}></div>
+        <div
+          className={cn(
+            'flex h-full w-8 shrink-0 items-center justify-center rounded-r-lg hover:bg-components-button-primary-bg-hover',
+            buttonRightClassName,
+          )}
+          onClick={() => setIsOAuthSettingsOpen(true)}
+        >
+          <RiEqualizer2Line className='h-4 w-4' />
+        </div>
+      </Button>
+      {
+        isOAuthSettingsOpen && (
+          <OAuthClientSettings
+            onClose={() => setIsOAuthSettingsOpen(false)}
+          />
+        )
+      }
+    </>
+  )
+}
+
+export default memo(AddOAuthButton)
diff --git a/web/app/components/tools/tool-auth/api-key-modal.tsx b/web/app/components/tools/tool-auth/api-key-modal.tsx
new file mode 100644
index 0000000000..f4a2332861
--- /dev/null
+++ b/web/app/components/tools/tool-auth/api-key-modal.tsx
@@ -0,0 +1,52 @@
+import { memo } from 'react'
+import { useTranslation } from 'react-i18next'
+import { RiExternalLinkLine } from '@remixicon/react'
+import { Lock01 } from '@/app/components/base/icons/src/vender/solid/security'
+import Modal from '@/app/components/base/modal/modal'
+
+export type ApiKeyModalProps = {
+  onClose?: () => void
+}
+const ApiKeyModal = ({
+  onClose,
+}: ApiKeyModalProps) => {
+  const { t } = useTranslation()
+
+  return (
+    <Modal
+      size='md'
+      title='API Key Authorization Configuration'
+      subTitle='After configuring credentials, all members within the workspace can use this tool when orchestrating applications.'
+      onClose={onClose}
+      onCancel={onClose}
+      footerSlot={
+        <a
+          className='system-xs-regular flex h-8 grow items-center text-text-accent'
+          href=''
+          target='_blank'
+        >
+          Get your API Key from OpenAI
+          <RiExternalLinkLine className='ml-1 h-3 w-3' />
+        </a>
+      }
+      bottomSlot={
+        <div className='flex items-center justify-center bg-background-section-burn py-3 text-xs text-text-tertiary'>
+          <Lock01 className='mr-1 h-3 w-3 text-text-tertiary' />
+          {t('common.modelProvider.encrypted.front')}
+          <a
+            className='mx-1 text-text-accent'
+            target='_blank' rel='noopener noreferrer'
+            href='https://pycryptodome.readthedocs.io/en/latest/src/cipher/oaep.html'
+          >
+            PKCS1_OAEP
+          </a>
+          {t('common.modelProvider.encrypted.back')}
+        </div>
+      }
+    >
+      <div>oauth</div>
+    </Modal>
+  )
+}
+
+export default memo(ApiKeyModal)
diff --git a/web/app/components/tools/tool-auth/authorization.tsx b/web/app/components/tools/tool-auth/authorization.tsx
new file mode 100644
index 0000000000..5d3322d629
--- /dev/null
+++ b/web/app/components/tools/tool-auth/authorization.tsx
@@ -0,0 +1,124 @@
+import {
+  memo,
+  useState,
+} from 'react'
+import {
+  RiArrowDownSLine,
+  RiDeleteBinLine,
+  RiEditLine,
+} from '@remixicon/react'
+import {
+  PortalToFollowElem,
+  PortalToFollowElemContent,
+  PortalToFollowElemTrigger,
+} from '@/app/components/base/portal-to-follow-elem'
+import Button from '@/app/components/base/button'
+import Indicator from '@/app/components/header/indicator'
+import Badge from '@/app/components/base/badge'
+import ActionButton from '@/app/components/base/action-button'
+import cn from '@/utils/classnames'
+import AddOauthButton from './add-oauth-button'
+import AddApiKeyButton from './add-api-key-button'
+
+const Authorization = () => {
+  const [isOpen, setIsOpen] = useState(false)
+
+  return (
+    <PortalToFollowElem
+      open={isOpen}
+      onOpenChange={setIsOpen}
+      placement='bottom-start'
+      offset={8}
+      triggerPopupSameWidth
+    >
+      <PortalToFollowElemTrigger
+        onClick={() => setIsOpen(!isOpen)}
+        asChild
+      >
+        <Button
+          className={cn(
+            'w-full',
+            isOpen && 'bg-components-button-secondary-bg-hover',
+          )}>
+          <Indicator className='mr-2' />
+          4 Authorizations
+          <RiArrowDownSLine className='ml-0.5 h-4 w-4' />
+        </Button>
+      </PortalToFollowElemTrigger>
+      <PortalToFollowElemContent className='z-[11]'>
+        <div className='max-h-[360px] overflow-y-auto rounded-xl border-[0.5px] border-components-panel-border bg-components-panel-bg-blur shadow-lg'>
+          <div className='py-1'>
+            <div className='p-1'>
+              <div className='system-xs-medium px-3 pb-0.5 pt-1 text-text-tertiary'>
+                OAuth
+              </div>
+              <div className='flex items-center rounded-lg p-1 hover:bg-state-base-hover'>
+                <div className='flex grow items-center space-x-1.5 pl-2'>
+                  <Indicator className='mr-1.5' />
+                  <div
+                    className='system-md-regular truncate text-text-secondary'
+                    title='Auth 1'
+                  >
+                    Auth 1
+                  </div>
+                  <Badge>
+                    Default
+                  </Badge>
+                </div>
+                <div className='ml-2 flex shrink-0 items-center'>
+                  <ActionButton>
+                    <RiEditLine className='h-4 w-4 text-text-tertiary' />
+                  </ActionButton>
+                  <ActionButton>
+                    <RiDeleteBinLine className='h-4 w-4 text-text-tertiary' />
+                  </ActionButton>
+                </div>
+              </div>
+            </div>
+            <div className='p-1'>
+              <div className='system-xs-medium px-3 pb-0.5 pt-1 text-text-tertiary'>
+                API Keys
+              </div>
+              <div className='flex items-center rounded-lg p-1 hover:bg-state-base-hover'>
+                <div className='flex grow items-center space-x-1.5 pl-2'>
+                  <Indicator className='mr-1.5' />
+                  <div
+                    className='system-md-regular truncate text-text-secondary'
+                    title='Production'
+                  >
+                    Production
+                  </div>
+                </div>
+                <div className='ml-2 flex shrink-0 items-center space-x-1'>
+                  <Badge>
+                    0.2
+                  </Badge>
+                  <Badge>
+                    ENTERPRISE
+                  </Badge>
+                </div>
+              </div>
+            </div>
+          </div>
+          <div className='h-[1px] bg-divider-subtle'></div>
+          <div className='flex items-center space-x-1.5 p-2'>
+            <AddOauthButton
+              buttonVariant='secondary'
+              buttonText='Add OAuth'
+              className='hover:bg-components-button-secondary-bg'
+              buttonLeftClassName='hover:bg-components-button-secondary-bg-hover'
+              buttonRightClassName='hover:bg-components-button-secondary-bg-hover'
+              dividerClassName='bg-divider-regular opacity-100'
+            />
+            <AddApiKeyButton
+              buttonVariant='secondary'
+              buttonText='Add API Key'
+            />
+          </div>
+        </div>
+      </PortalToFollowElemContent>
+    </PortalToFollowElem>
+  )
+}
+
+export default memo(Authorization)
diff --git a/web/app/components/tools/tool-auth/index.tsx b/web/app/components/tools/tool-auth/index.tsx
new file mode 100644
index 0000000000..a632029ca2
--- /dev/null
+++ b/web/app/components/tools/tool-auth/index.tsx
@@ -0,0 +1,23 @@
+import {
+  memo,
+} from 'react'
+import AddOAuthButton from './add-oauth-button'
+import AddApiKeyButton from './add-api-key-button'
+
+const ToolAuth = () => {
+  return (
+    <>
+      <div className='flex items-center space-x-1.5'>
+        <AddOAuthButton />
+        <div className='system-2xs-medium-uppercase flex shrink-0 flex-col items-center justify-between text-text-tertiary'>
+          <div className='h-2 w-[1px] bg-divider-subtle'></div>
+          or
+          <div className='h-2 w-[1px] bg-divider-subtle'></div>
+        </div>
+        <AddApiKeyButton />
+      </div>
+    </>
+  )
+}
+
+export default memo(ToolAuth)
diff --git a/web/app/components/tools/tool-auth/oauth-client-settings.tsx b/web/app/components/tools/tool-auth/oauth-client-settings.tsx
new file mode 100644
index 0000000000..724351bd57
--- /dev/null
+++ b/web/app/components/tools/tool-auth/oauth-client-settings.tsx
@@ -0,0 +1,26 @@
+import { memo } from 'react'
+import Modal from '@/app/components/base/modal/modal'
+
+type OAuthClientSettingsProps = {
+  onClose?: () => void
+}
+const OAuthClientSettings = ({
+  onClose,
+}: OAuthClientSettingsProps) => {
+  return (
+    <Modal
+      title='Oauth client settings'
+      confirmButtonText='Save & Authorize'
+      cancelButtonText='Save only'
+      extraButtonText='Cancel'
+      showExtraButton
+      extraButtonVariant='secondary'
+      onExtraButtonClick={onClose}
+      onClose={onClose}
+    >
+      <div>oauth</div>
+    </Modal>
+  )
+}
+
+export default memo(OAuthClientSettings)
diff --git a/web/app/components/workflow/nodes/tool/panel.tsx b/web/app/components/workflow/nodes/tool/panel.tsx
index 038159870e..561a6e8eea 100644
--- a/web/app/components/workflow/nodes/tool/panel.tsx
+++ b/web/app/components/workflow/nodes/tool/panel.tsx
@@ -14,6 +14,8 @@ import Loading from '@/app/components/base/loading'
 import OutputVars, { VarItem } from '@/app/components/workflow/nodes/_base/components/output-vars'
 import StructureOutputItem from '@/app/components/workflow/nodes/_base/components/variable/object-child-tree-panel/show'
 import { Type } from '../llm/types'
+import ToolAuth from '@/app/components/tools/tool-auth'
+import Authorization from '@/app/components/tools/tool-auth/authorization'
 
 const i18nPrefix = 'workflow.nodes.tool'
 
@@ -53,6 +55,10 @@ const Panel: FC<NodePanelProps<ToolNodeType>> = ({
 
   return (
     <div className='pt-2'>
+      <div className='px-4 py-2'>
+        <ToolAuth />
+        <Authorization />
+      </div>
       {!readOnly && isShowAuthBtn && (
         <>
           <div className='px-4'>

From 0f1be60daa3423f67d5a00499c2cad7f4198356f Mon Sep 17 00:00:00 2001
From: zxhlyh <jasonapring2015@outlook.com>
Date: Tue, 8 Jul 2025 18:20:30 +0800
Subject: [PATCH 02/25] tool oauth

---
 .../base/form/components/base/base-field.tsx  |  76 +++++++
 .../base/form/components/base/base-form.tsx   |  91 ++++++++
 .../base/form/components/base/index.tsx       |   2 +
 .../base/form/form-scenarios/auth/index.tsx   |  21 ++
 web/app/components/base/form/types.ts         |  51 +++++
 .../authorize}/add-api-key-button.tsx         |   8 +-
 .../authorize}/add-oauth-button.tsx           |   5 +-
 .../plugin-auth/authorize/api-key-modal.tsx   | 109 ++++++++++
 .../plugins/plugin-auth/authorize/index.tsx   |  91 ++++++++
 .../authorize}/oauth-client-settings.tsx      |   0
 .../plugins/plugin-auth/authorized/index.tsx  | 205 ++++++++++++++++++
 .../plugins/plugin-auth/authorized/item.tsx   |  96 ++++++++
 .../components/plugins/plugin-auth/index.tsx  |   1 +
 .../plugins/plugin-auth/plugin-auth.tsx       |  47 ++++
 .../components/plugins/plugin-auth/types.ts   |  13 ++
 .../plugin-detail-panel/action-list.tsx       |  62 +-----
 .../plugin-detail-panel/detail-header.tsx     |  18 +-
 .../tools/tool-auth/api-key-modal.tsx         |  52 -----
 .../tools/tool-auth/authorization.tsx         | 124 -----------
 web/app/components/tools/tool-auth/index.tsx  |  23 --
 .../components/workflow/nodes/tool/panel.tsx  |  10 +-
 web/service/use-plugins-auth.ts               | 138 ++++++++++++
 web/service/use-tools.ts                      |   3 +-
 23 files changed, 978 insertions(+), 268 deletions(-)
 create mode 100644 web/app/components/base/form/components/base/base-field.tsx
 create mode 100644 web/app/components/base/form/components/base/base-form.tsx
 create mode 100644 web/app/components/base/form/components/base/index.tsx
 create mode 100644 web/app/components/base/form/form-scenarios/auth/index.tsx
 create mode 100644 web/app/components/base/form/types.ts
 rename web/app/components/{tools/tool-auth => plugins/plugin-auth/authorize}/add-api-key-button.tsx (83%)
 rename web/app/components/{tools/tool-auth => plugins/plugin-auth/authorize}/add-oauth-button.tsx (95%)
 create mode 100644 web/app/components/plugins/plugin-auth/authorize/api-key-modal.tsx
 create mode 100644 web/app/components/plugins/plugin-auth/authorize/index.tsx
 rename web/app/components/{tools/tool-auth => plugins/plugin-auth/authorize}/oauth-client-settings.tsx (100%)
 create mode 100644 web/app/components/plugins/plugin-auth/authorized/index.tsx
 create mode 100644 web/app/components/plugins/plugin-auth/authorized/item.tsx
 create mode 100644 web/app/components/plugins/plugin-auth/index.tsx
 create mode 100644 web/app/components/plugins/plugin-auth/plugin-auth.tsx
 create mode 100644 web/app/components/plugins/plugin-auth/types.ts
 delete mode 100644 web/app/components/tools/tool-auth/api-key-modal.tsx
 delete mode 100644 web/app/components/tools/tool-auth/authorization.tsx
 delete mode 100644 web/app/components/tools/tool-auth/index.tsx
 create mode 100644 web/service/use-plugins-auth.ts

diff --git a/web/app/components/base/form/components/base/base-field.tsx b/web/app/components/base/form/components/base/base-field.tsx
new file mode 100644
index 0000000000..df4c0d18ee
--- /dev/null
+++ b/web/app/components/base/form/components/base/base-field.tsx
@@ -0,0 +1,76 @@
+import {
+  isValidElement,
+  memo,
+  useMemo,
+} from 'react'
+import type { AnyFieldApi } from '@tanstack/react-form'
+import cn from '@/utils/classnames'
+import Input from '@/app/components/base/input'
+import type { FormSchema } from '@/app/components/base/form/types'
+import { FormTypeEnum } from '@/app/components/base/form/types'
+import { useRenderI18nObject } from '@/hooks/use-i18n'
+
+export type BaseFieldProps = {
+  fieldClassName?: string
+  labelClassName?: string
+  inputContainerClassName?: string
+  inputClassName?: string
+  formSchema: FormSchema
+  field: AnyFieldApi
+}
+const BaseField = ({
+  fieldClassName,
+  labelClassName,
+  inputContainerClassName,
+  inputClassName,
+  formSchema,
+  field,
+}: BaseFieldProps) => {
+  const renderI18nObject = useRenderI18nObject()
+  const {
+    label,
+  } = formSchema
+
+  const memorizedLabel = useMemo(() => {
+    if (isValidElement(label))
+      return label
+
+    if (typeof label === 'object' && label !== null)
+      return renderI18nObject(label as Record<string, string>)
+  }, [label, renderI18nObject])
+
+  return (
+    <div className={cn(fieldClassName)}>
+      <div className={cn(labelClassName)}>
+        {memorizedLabel}
+      </div>
+      <div className={cn(inputContainerClassName)}>
+        {
+          formSchema.type === FormTypeEnum.textInput && (
+            <Input
+              className={cn(inputClassName)}
+              id={field.name}
+              value={field.state.value}
+              onChange={e => field.handleChange(e.target.value)}
+              onBlur={field.handleBlur}
+            />
+          )
+        }
+        {
+          formSchema.type === FormTypeEnum.secretInput && (
+            <Input
+              type='password'
+              className={cn(inputClassName)}
+              id={field.name}
+              value={field.state.value}
+              onChange={e => field.handleChange(e.target.value)}
+              onBlur={field.handleBlur}
+            />
+          )
+        }
+      </div>
+    </div>
+  )
+}
+
+export default memo(BaseField)
diff --git a/web/app/components/base/form/components/base/base-form.tsx b/web/app/components/base/form/components/base/base-form.tsx
new file mode 100644
index 0000000000..5d4ca2618d
--- /dev/null
+++ b/web/app/components/base/form/components/base/base-form.tsx
@@ -0,0 +1,91 @@
+import {
+  memo,
+  useCallback,
+  useImperativeHandle,
+} from 'react'
+import type {
+  AnyFieldApi,
+} from '@tanstack/react-form'
+import { useForm } from '@tanstack/react-form'
+import type {
+  FormRef,
+  FormSchema,
+} from '@/app/components/base/form/types'
+import {
+  BaseField,
+} from '.'
+import type {
+  BaseFieldProps,
+} from '.'
+import cn from '@/utils/classnames'
+
+export type BaseFormProps = {
+  formSchemas?: FormSchema[]
+  defaultValues?: Record<string, any>
+  formClassName?: string
+  ref?: FormRef
+} & Pick<BaseFieldProps, 'fieldClassName' | 'labelClassName' | 'inputContainerClassName' | 'inputClassName'>
+
+const BaseForm = ({
+  formSchemas,
+  defaultValues,
+  formClassName,
+  fieldClassName,
+  labelClassName,
+  inputContainerClassName,
+  inputClassName,
+  ref,
+}: BaseFormProps) => {
+  const form = useForm({
+    defaultValues,
+  })
+
+  useImperativeHandle(ref, () => {
+    return {
+      getFormStore() {
+        return form.store
+      },
+    }
+  }, [form])
+
+  const renderField = useCallback((field: AnyFieldApi) => {
+    const formSchema = formSchemas?.find(schema => schema.name === field.name)
+
+    if (formSchema) {
+      return (
+        <BaseField
+          field={field}
+          formSchema={formSchema}
+          fieldClassName={fieldClassName}
+          labelClassName={labelClassName}
+          inputContainerClassName={inputContainerClassName}
+          inputClassName={inputClassName}
+        />
+      )
+    }
+
+    return null
+  }, [formSchemas, fieldClassName, labelClassName, inputContainerClassName, inputClassName])
+
+  if (!formSchemas?.length)
+    return null
+
+  return (
+    <form className={cn(formClassName)}>
+      {
+        formSchemas.map((formSchema) => {
+          return (
+            <form.Field
+              key={formSchema.name}
+              name={formSchema.name}
+            >
+              {renderField}
+            </form.Field>
+          )
+        })
+      }
+    </form>
+  )
+}
+
+export default memo(BaseForm)
diff --git a/web/app/components/base/form/components/base/index.tsx b/web/app/components/base/form/components/base/index.tsx
new file mode 100644
index 0000000000..0d6f0808ff
--- /dev/null
+++ b/web/app/components/base/form/components/base/index.tsx
@@ -0,0 +1,2 @@
+export { default as BaseForm, type BaseFormProps } from './base-form'
+export { default as BaseField, type BaseFieldProps } from './base-field'
diff --git a/web/app/components/base/form/form-scenarios/auth/index.tsx b/web/app/components/base/form/form-scenarios/auth/index.tsx
new file mode 100644
index 0000000000..5a88f94ac6
--- /dev/null
+++ b/web/app/components/base/form/form-scenarios/auth/index.tsx
@@ -0,0 +1,21 @@
+import { memo } from 'react'
+import { BaseForm } from '../../components/base'
+import type { BaseFormProps } from '../../components/base'
+
+const AuthForm = ({
+  formSchemas = [],
+  defaultValues,
+  ref,
+}: BaseFormProps) => {
+  return (
+    <BaseForm
+      ref={ref}
+      formSchemas={formSchemas}
+      defaultValues={defaultValues}
+      formClassName='space-y-4'
+      labelClassName='h-6 flex items-center mb-1 system-sm-medium text-text-secondary'
+    />
+  )
+}
+
+export default memo(AuthForm)
diff --git a/web/app/components/base/form/types.ts b/web/app/components/base/form/types.ts
new file mode 100644
index 0000000000..69a4fe7795
--- /dev/null
+++ b/web/app/components/base/form/types.ts
@@ -0,0 +1,51 @@
+import type {
+  ForwardedRef,
+  ReactNode,
+} from 'react'
+import type { AnyFormApi } from '@tanstack/react-form'
+
+export type TypeWithI18N<T = string> = {
+  en_US: T
+  zh_Hans: T
+  [key: string]: T
+}
+
+export type FormShowOnObject = {
+  variable: string
+  value: string
+}
+
+export enum FormTypeEnum {
+  textInput = 'text-input',
+  textNumber = 'number-input',
+  secretInput = 'secret-input',
+  select = 'select',
+  radio = 'radio',
+  boolean = 'boolean',
+  files = 'files',
+  file = 'file',
+  modelSelector = 'model-selector',
+  toolSelector = 'tool-selector',
+  multiToolSelector = 'array[tools]',
+  appSelector = 'app-selector',
+  dynamicSelect = 'dynamic-select',
+}
+
+export type FormSchema = {
+  type: FormTypeEnum
+  name: string
+  label: string | ReactNode | TypeWithI18N
+  required: boolean
+  default?: any
+  tooltip?: string | TypeWithI18N
+  show_on: FormShowOnObject[]
+  url?: string
+  scope?: string
+}
+
+export type FormValues = Record<string, any>
+
+export type FromRefObject = {
+    getFormStore: () => AnyFormApi['store']
+}
+export type FormRef = ForwardedRef<FromRefObject>
diff --git a/web/app/components/tools/tool-auth/add-api-key-button.tsx b/web/app/components/plugins/plugin-auth/authorize/add-api-key-button.tsx
similarity index 83%
rename from web/app/components/tools/tool-auth/add-api-key-button.tsx
rename to web/app/components/plugins/plugin-auth/authorize/add-api-key-button.tsx
index 21eeed5600..e7312168b4 100644
--- a/web/app/components/tools/tool-auth/add-api-key-button.tsx
+++ b/web/app/components/plugins/plugin-auth/authorize/add-api-key-button.tsx
@@ -6,13 +6,17 @@ import Button from '@/app/components/base/button'
 import type { ButtonProps } from '@/app/components/base/button'
 import ApiKeyModal from './api-key-modal'
 
-type AddApiKeyButtonProps = {
+export type AddApiKeyButtonProps = {
+  provider?: string
   buttonVariant?: ButtonProps['variant']
   buttonText?: string
+  disabled?: boolean
 }
 const AddApiKeyButton = ({
+  provider = '',
   buttonVariant = 'secondary-accent',
   buttonText = 'use api key',
+  disabled,
 }: AddApiKeyButtonProps) => {
   const [isApiKeyModalOpen, setIsApiKeyModalOpen] = useState(false)
 
@@ -22,12 +26,14 @@ const AddApiKeyButton = ({
         className='grow'
         variant={buttonVariant}
         onClick={() => setIsApiKeyModalOpen(true)}
+        disabled={disabled}
       >
         {buttonText}
       </Button>
       {
         isApiKeyModalOpen && (
           <ApiKeyModal
+            provider={provider}
             onClose={() => setIsApiKeyModalOpen(false)}
           />
         )
diff --git a/web/app/components/tools/tool-auth/add-oauth-button.tsx b/web/app/components/plugins/plugin-auth/authorize/add-oauth-button.tsx
similarity index 95%
rename from web/app/components/tools/tool-auth/add-oauth-button.tsx
rename to web/app/components/plugins/plugin-auth/authorize/add-oauth-button.tsx
index 7e6bc91774..6f2460b2de 100644
--- a/web/app/components/tools/tool-auth/add-oauth-button.tsx
+++ b/web/app/components/plugins/plugin-auth/authorize/add-oauth-button.tsx
@@ -8,13 +8,14 @@ import type { ButtonProps } from '@/app/components/base/button'
 import OAuthClientSettings from './oauth-client-settings'
 import cn from '@/utils/classnames'
 
-type AddOAuthButtonProps = {
+export type AddOAuthButtonProps = {
   buttonVariant?: ButtonProps['variant']
   buttonText?: string
   className?: string
   buttonLeftClassName?: string
   buttonRightClassName?: string
   dividerClassName?: string
+  disabled?: boolean
 }
 const AddOAuthButton = ({
   buttonVariant = 'primary',
@@ -23,6 +24,7 @@ const AddOAuthButton = ({
   buttonLeftClassName,
   buttonRightClassName,
   dividerClassName,
+  disabled,
 }: AddOAuthButtonProps) => {
   const [isOAuthSettingsOpen, setIsOAuthSettingsOpen] = useState(false)
 
@@ -34,6 +36,7 @@ const AddOAuthButton = ({
           'grow px-0 py-0 hover:bg-components-button-primary-bg',
           className,
         )}
+        disabled={disabled}
       >
         <div className={cn(
           'flex h-full grow items-center justify-center rounded-l-lg hover:bg-components-button-primary-bg-hover',
diff --git a/web/app/components/plugins/plugin-auth/authorize/api-key-modal.tsx b/web/app/components/plugins/plugin-auth/authorize/api-key-modal.tsx
new file mode 100644
index 0000000000..7a6826066e
--- /dev/null
+++ b/web/app/components/plugins/plugin-auth/authorize/api-key-modal.tsx
@@ -0,0 +1,109 @@
+import {
+  memo,
+  useCallback,
+  useRef,
+} from 'react'
+import { useTranslation } from 'react-i18next'
+import { RiExternalLinkLine } from '@remixicon/react'
+import { Lock01 } from '@/app/components/base/icons/src/vender/solid/security'
+import Modal from '@/app/components/base/modal/modal'
+import {
+  useAddPluginToolCredential,
+  useGetPluginToolCredentialSchema,
+  useInvalidPluginToolCredentialInfo,
+  useUpdatePluginToolCredential,
+} from '@/service/use-plugins-auth'
+import { CredentialTypeEnum } from '../types'
+import AuthForm from '@/app/components/base/form/form-scenarios/auth'
+import type { FromRefObject } from '@/app/components/base/form/types'
+import { useToastContext } from '@/app/components/base/toast'
+
+export type ApiKeyModalProps = {
+  provider: string
+  onClose?: () => void
+  editValues?: Record<string, any>
+  onRemove?: () => void
+}
+const ApiKeyModal = ({
+  provider,
+  onClose,
+  editValues,
+  onRemove,
+}: ApiKeyModalProps) => {
+  const { t } = useTranslation()
+  const { notify } = useToastContext()
+  const { data } = useGetPluginToolCredentialSchema(provider, CredentialTypeEnum.API_KEY)
+  const { mutateAsync: addPluginToolCredential } = useAddPluginToolCredential(provider)
+  const { mutateAsync: updatePluginToolCredential } = useUpdatePluginToolCredential(provider)
+  const invalidatePluginToolCredentialInfo = useInvalidPluginToolCredentialInfo(provider)
+  const formRef = useRef<FromRefObject>(null)
+  const handleConfirm = useCallback(async () => {
+    const store = formRef.current?.getFormStore()
+    const values = store?.state.values
+
+    if (editValues) {
+      await updatePluginToolCredential({
+        credentials: values,
+        type: CredentialTypeEnum.API_KEY,
+      })
+    }
+    else {
+      await addPluginToolCredential({
+        credentials: values,
+        type: CredentialTypeEnum.API_KEY,
+      })
+    }
+    notify({
+      type: 'success',
+      message: t('common.api.actionSuccess'),
+    })
+
+    onClose?.()
+    invalidatePluginToolCredentialInfo()
+  }, [addPluginToolCredential, onClose, invalidatePluginToolCredentialInfo, updatePluginToolCredential, notify, t, editValues])
+
+  return (
+    <Modal
+      size='md'
+      title='API Key Authorization Configuration'
+      subTitle='After configuring credentials, all members within the workspace can use this tool when orchestrating applications.'
+      onClose={onClose}
+      onCancel={onClose}
+      footerSlot={
+        <a
+          className='system-xs-regular flex h-8 grow items-center text-text-accent'
+          href=''
+          target='_blank'
+        >
+          Get your API Key from OpenAI
+          <RiExternalLinkLine className='ml-1 h-3 w-3' />
+        </a>
+      }
+      bottomSlot={
+        <div className='flex items-center justify-center bg-background-section-burn py-3 text-xs text-text-tertiary'>
+          <Lock01 className='mr-1 h-3 w-3 text-text-tertiary' />
+          {t('common.modelProvider.encrypted.front')}
+          <a
+            className='mx-1 text-text-accent'
+            target='_blank' rel='noopener noreferrer'
+            href='https://pycryptodome.readthedocs.io/en/latest/src/cipher/oaep.html'
+          >
+            PKCS1_OAEP
+          </a>
+          {t('common.modelProvider.encrypted.back')}
+        </div>
+      }
+      onConfirm={handleConfirm}
+      showExtraButton={!!editValues}
+      onExtraButtonClick={onRemove}
+    >
+      <AuthForm
+        ref={formRef}
+        formSchemas={data}
+        defaultValues={editValues}
+      />
+    </Modal>
+  )
+}
+
+export default memo(ApiKeyModal)
diff --git a/web/app/components/plugins/plugin-auth/authorize/index.tsx b/web/app/components/plugins/plugin-auth/authorize/index.tsx
new file mode 100644
index 0000000000..f40451e7fa
--- /dev/null
+++ b/web/app/components/plugins/plugin-auth/authorize/index.tsx
@@ -0,0 +1,91 @@
+import {
+  memo,
+  useMemo,
+} from 'react'
+import AddOAuthButton from './add-oauth-button'
+import type { AddOAuthButtonProps } from './add-oauth-button'
+import AddApiKeyButton from './add-api-key-button'
+import type { AddApiKeyButtonProps } from './add-api-key-button'
+
+type AuthorizeProps = {
+  provider?: string
+  theme?: 'primary' | 'secondary'
+  showDivider?: boolean
+  canOAuth?: boolean
+  canApiKey?: boolean
+  disabled?: boolean
+}
+const Authorize = ({
+  provider = '',
+  theme = 'primary',
+  showDivider = true,
+  canOAuth,
+  canApiKey,
+  disabled,
+}: AuthorizeProps) => {
+  const oAuthButtonProps: AddOAuthButtonProps = useMemo(() => {
+    if (theme === 'secondary') {
+      return {
+        buttonText: !canApiKey ? 'Add OAuth Authorization' : 'Add OAuth',
+        buttonVariant: 'secondary',
+        className: 'hover:bg-components-button-secondary-bg',
+        buttonLeftClassName: 'hover:bg-components-button-secondary-bg-hover',
+        buttonRightClassName: 'hover:bg-components-button-secondary-bg-hover',
+        dividerClassName: 'bg-divider-regular opacity-100',
+      }
+    }
+
+    return {
+      buttonText: !canApiKey ? 'Use OAuth Authorization' : '',
+    }
+  }, [canApiKey, theme])
+
+  const apiKeyButtonProps: AddApiKeyButtonProps = useMemo(() => {
+    if (theme === 'secondary') {
+      return {
+        provider,
+        buttonVariant: 'secondary',
+        buttonText: !canOAuth ? 'API Key Authorization Configuration' : 'Add API Key',
+      }
+    }
+    return {
+      provider,
+      buttonText: !canOAuth ? 'API Key Authorization Configuration' : '',
+      buttonVariant: !canOAuth ? 'primary' : 'secondary-accent',
+    }
+  }, [canOAuth, theme, provider])
+
+  return (
+    <>
+      <div className='flex items-center space-x-1.5'>
+        {
+          canOAuth && (
+            <AddOAuthButton
+              {...oAuthButtonProps}
+              disabled={disabled}
+            />
+          )
+        }
+        {
+          showDivider && canOAuth && canApiKey && (
+            <div className='system-2xs-medium-uppercase flex shrink-0 flex-col items-center justify-between text-text-tertiary'>
+              <div className='h-2 w-[1px] bg-divider-subtle'></div>
+              or
+              <div className='h-2 w-[1px] bg-divider-subtle'></div>
+            </div>
+          )
+        }
+        {
+          canApiKey && (
+            <AddApiKeyButton
+              {...apiKeyButtonProps}
+              disabled={disabled}
+            />
+          )
+        }
+      </div>
+    </>
+  )
+}
+
+export default memo(Authorize)
diff --git a/web/app/components/tools/tool-auth/oauth-client-settings.tsx b/web/app/components/plugins/plugin-auth/authorize/oauth-client-settings.tsx
similarity index 100%
rename from web/app/components/tools/tool-auth/oauth-client-settings.tsx
rename to web/app/components/plugins/plugin-auth/authorize/oauth-client-settings.tsx
diff --git a/web/app/components/plugins/plugin-auth/authorized/index.tsx b/web/app/components/plugins/plugin-auth/authorized/index.tsx
new file mode 100644
index 0000000000..98e90d357f
--- /dev/null
+++ b/web/app/components/plugins/plugin-auth/authorized/index.tsx
@@ -0,0 +1,205 @@
+import {
+  memo,
+  useCallback,
+  useRef,
+  useState,
+} from 'react'
+import {
+  RiArrowDownSLine,
+} from '@remixicon/react'
+import { useTranslation } from 'react-i18next'
+import {
+  PortalToFollowElem,
+  PortalToFollowElemContent,
+  PortalToFollowElemTrigger,
+} from '@/app/components/base/portal-to-follow-elem'
+import Button from '@/app/components/base/button'
+import Indicator from '@/app/components/header/indicator'
+import cn from '@/utils/classnames'
+import Confirm from '@/app/components/base/confirm'
+import Authorize from '../authorize'
+import type { Credential } from '../types'
+import { CredentialTypeEnum } from '../types'
+import ApiKeyModal from '../authorize/api-key-modal'
+import Item from './item'
+import {
+  useDeletePluginToolCredential,
+  useInvalidPluginToolCredentialInfo,
+  useSetPluginToolDefaultCredential,
+} from '@/service/use-plugins-auth'
+import { useToastContext } from '@/app/components/base/toast'
+
+type AuthorizedProps = {
+  provider: string
+  credentials: Credential[]
+  canOAuth?: boolean
+  canApiKey?: boolean
+  disabled?: boolean
+}
+const Authorized = ({
+  provider,
+  credentials,
+  canOAuth,
+  canApiKey,
+  disabled,
+}: AuthorizedProps) => {
+  const { t } = useTranslation()
+  const { notify } = useToastContext()
+  const [isOpen, setIsOpen] = useState(false)
+  const oAuthCredentials = credentials.filter(credential => credential.credential_type === CredentialTypeEnum.OAUTH2)
+  const apiKeyCredentials = credentials.filter(credential => credential.credential_type === CredentialTypeEnum.API_KEY)
+  const pendingOperationCredentialId = useRef<string | null>(null)
+  const [deleteCredentialId, setDeleteCredentialId] = useState<string | null>(null)
+  const { mutateAsync: deletePluginToolCredential } = useDeletePluginToolCredential(provider)
+  const invalidatePluginToolCredentialInfo = useInvalidPluginToolCredentialInfo(provider)
+  const openConfirm = useCallback((credentialId?: string) => {
+    if (credentialId)
+      pendingOperationCredentialId.current = credentialId
+
+    setDeleteCredentialId(pendingOperationCredentialId.current)
+  }, [])
+  const closeConfirm = useCallback(() => {
+    setDeleteCredentialId(null)
+    pendingOperationCredentialId.current = null
+  }, [])
+  const handleConfirm = useCallback(async () => {
+    if (!pendingOperationCredentialId.current) {
+      setDeleteCredentialId(null)
+      return
+    }
+
+    await deletePluginToolCredential({ credential_id: pendingOperationCredentialId.current })
+    notify({
+      type: 'success',
+      message: t('common.api.actionSuccess'),
+    })
+    invalidatePluginToolCredentialInfo()
+    setDeleteCredentialId(null)
+    pendingOperationCredentialId.current = null
+  }, [deletePluginToolCredential, invalidatePluginToolCredentialInfo, notify, t])
+  const [editValues, setEditValues] = useState<Record<string, any> | null>(null)
+  const handleEdit = useCallback((id: string, values: Record<string, any>) => {
+    pendingOperationCredentialId.current = id
+    setEditValues(values)
+  }, [])
+  const handleRemove = useCallback(() => {
+    setDeleteCredentialId(pendingOperationCredentialId.current)
+  }, [])
+  const { mutateAsync: setPluginToolDefaultCredential } = useSetPluginToolDefaultCredential(provider)
+  const handleSetDefault = useCallback(async (id: string) => {
+    await setPluginToolDefaultCredential(id)
+    notify({
+      type: 'success',
+      message: t('common.api.actionSuccess'),
+    })
+    invalidatePluginToolCredentialInfo()
+  }, [setPluginToolDefaultCredential, invalidatePluginToolCredentialInfo, notify, t])
+
+  return (
+    <>
+      <PortalToFollowElem
+        open={isOpen}
+        onOpenChange={setIsOpen}
+        placement='bottom-start'
+        offset={8}
+        triggerPopupSameWidth
+      >
+        <PortalToFollowElemTrigger
+          onClick={() => setIsOpen(!isOpen)}
+          asChild
+        >
+          <Button
+            className={cn(
+              'w-full',
+              isOpen && 'bg-components-button-secondary-bg-hover',
+            )}>
+            <Indicator className='mr-2' />
+            {credentials.length} Authorizations
+            <RiArrowDownSLine className='ml-0.5 h-4 w-4' />
+          </Button>
+        </PortalToFollowElemTrigger>
+        <PortalToFollowElemContent className='z-[100]'>
+          <div className='max-h-[360px] overflow-y-auto rounded-xl border-[0.5px] border-components-panel-border bg-components-panel-bg-blur shadow-lg'>
+            <div className='py-1'>
+              {
+                !!oAuthCredentials.length && (
+                  <div className='p-1'>
+                    <div className='system-xs-medium px-3 pb-0.5 pt-1 text-text-tertiary'>
+                      OAuth
+                    </div>
+                    {
+                      oAuthCredentials.map(credential => (
+                        <Item
+                          key={credential.id}
+                          credential={credential}
+                        />
+                      ))
+                    }
+                  </div>
+                )
+              }
+              {
+                !!apiKeyCredentials.length && (
+                  <div className='p-1'>
+                    <div className='system-xs-medium px-3 pb-0.5 pt-1 text-text-tertiary'>
+                      API Keys
+                    </div>
+                    {
+                      apiKeyCredentials.map(credential => (
+                        <Item
+                          key={credential.id}
+                          credential={credential}
+                          disabled={disabled}
+                          onDelete={openConfirm}
+                          onEdit={handleEdit}
+                          onSetDefault={handleSetDefault}
+                        />
+                      ))
+                    }
+                  </div>
+                )
+              }
+            </div>
+            <div className='h-[1px] bg-divider-subtle'></div>
+            <div className='p-2'>
+              <Authorize
+                provider={provider}
+                theme='secondary'
+                showDivider={false}
+                canOAuth={canOAuth}
+                canApiKey={canApiKey}
+                disabled={disabled}
+              />
+            </div>
+          </div>
+        </PortalToFollowElemContent>
+      </PortalToFollowElem>
+      {
+        deleteCredentialId && (
+          <Confirm
+            isShow
+            title='Are you sure?'
+            content='content'
+            onCancel={closeConfirm}
+            onConfirm={handleConfirm}
+          />
+        )
+      }
+      {
+        !!editValues && (
+          <ApiKeyModal
+            provider={provider}
+            editValues={editValues}
+            onClose={() => {
+              setEditValues(null)
+              pendingOperationCredentialId.current = null
+            }}
+            onRemove={handleRemove}
+          />
+        )
+      }
+    </>
+  )
+}
+
+export default memo(Authorized)
diff --git a/web/app/components/plugins/plugin-auth/authorized/item.tsx b/web/app/components/plugins/plugin-auth/authorized/item.tsx
new file mode 100644
index 0000000000..c32d0a9008
--- /dev/null
+++ b/web/app/components/plugins/plugin-auth/authorized/item.tsx
@@ -0,0 +1,96 @@
+import {
+  memo,
+} from 'react'
+import {
+  RiDeleteBinLine,
+  RiEditLine,
+  RiEqualizer2Line,
+} from '@remixicon/react'
+import Indicator from '@/app/components/header/indicator'
+import Badge from '@/app/components/base/badge'
+import ActionButton from '@/app/components/base/action-button'
+import Tooltip from '@/app/components/base/tooltip'
+import Button from '@/app/components/base/button'
+import type { Credential } from '../types'
+import { CredentialTypeEnum } from '../types'
+
+type ItemProps = {
+  credential: Credential
+  disabled?: boolean
+  onDelete?: (id: string) => void
+  onEdit?: (id: string, values: Record<string, any>) => void
+  onSetDefault?: (id: string) => void
+}
+const Item = ({
+  credential,
+  disabled,
+  onDelete,
+  onEdit,
+  onSetDefault,
+}: ItemProps) => {
+  const isOAuth = credential.credential_type === CredentialTypeEnum.OAUTH2
+
+  return (
+    <div
+      key={credential.id}
+      className='group flex h-8 items-center rounded-lg p-1 hover:bg-state-base-hover'
+    >
+      <div className='flex grow items-center space-x-1.5 pl-2'>
+        <Indicator className='mr-1.5' />
+        <div
+          className='system-md-regular truncate text-text-secondary'
+          title={credential.name}
+        >
+          {credential.name}
+        </div>
+        {
+          credential.is_default && (
+            <Badge>
+              Default
+            </Badge>
+          )
+        }
+      </div>
+      <div className='ml-2 hidden shrink-0 items-center group-hover:flex'>
+        <Button
+          size='small'
+          disabled={disabled}
+          onClick={() => onSetDefault?.(credential.id)}
+        >
+          Set as default
+        </Button>
+        {
+          isOAuth && (
+            <Tooltip popupContent='rename'>
+              <ActionButton>
+                <RiEditLine className='h-4 w-4 text-text-tertiary' />
+              </ActionButton>
+            </Tooltip>
+          )
+        }
+        {
+          !isOAuth && (
+            <Tooltip popupContent='edit'>
+              <ActionButton
+                disabled={disabled}
+                onClick={() => onEdit?.(credential.id, credential.credentials)}
+              >
+                <RiEqualizer2Line className='h-4 w-4 text-text-tertiary' />
+              </ActionButton>
+            </Tooltip>
+          )
+        }
+        <Tooltip popupContent='delete'>
+          <ActionButton
+            disabled={disabled}
+            onClick={() => onDelete?.(credential.id)}
+          >
+            <RiDeleteBinLine className='h-4 w-4 text-text-tertiary' />
+          </ActionButton>
+        </Tooltip>
+      </div>
+    </div>
+  )
+}
+
+export default memo(Item)
diff --git a/web/app/components/plugins/plugin-auth/index.tsx b/web/app/components/plugins/plugin-auth/index.tsx
new file mode 100644
index 0000000000..274697e061
--- /dev/null
+++ b/web/app/components/plugins/plugin-auth/index.tsx
@@ -0,0 +1 @@
+export { default as PluginAuth } from './plugin-auth'
diff --git a/web/app/components/plugins/plugin-auth/plugin-auth.tsx b/web/app/components/plugins/plugin-auth/plugin-auth.tsx
new file mode 100644
index 0000000000..045abd2318
--- /dev/null
+++ b/web/app/components/plugins/plugin-auth/plugin-auth.tsx
@@ -0,0 +1,47 @@
+import { memo } from 'react'
+import Authorize from './authorize'
+import Authorized from './authorized'
+import { useAppContext } from '@/context/app-context'
+import { useGetPluginToolCredentialInfo } from '@/service/use-plugins-auth'
+import { CredentialTypeEnum } from './types'
+
+type PluginAuthProps = {
+  provider?: string
+}
+const PluginAuth = ({
+  provider = '',
+}: PluginAuthProps) => {
+  const { data } = useGetPluginToolCredentialInfo(provider)
+  const { isCurrentWorkspaceManager } = useAppContext()
+  const isAuthorized = !!data?.credentials.length
+  const canOAuth = data?.supported_credential_types.includes(CredentialTypeEnum.OAUTH2)
+  const canApiKey = data?.supported_credential_types.includes(CredentialTypeEnum.API_KEY)
+
+  return (
+    <>
+      {
+        !isAuthorized && (
+          <Authorize
+            provider={provider}
+            canOAuth={canOAuth}
+            canApiKey={canApiKey}
+            disabled={!isCurrentWorkspaceManager}
+          />
+        )
+      }
+      {
+        isAuthorized && (
+          <Authorized
+            provider={provider}
+            credentials={data?.credentials}
+            canOAuth={canOAuth}
+            canApiKey={canApiKey}
+            disabled={!isCurrentWorkspaceManager}
+          />
+        )
+      }
+    </>
+  )
+}
+
+export default memo(PluginAuth)
diff --git a/web/app/components/plugins/plugin-auth/types.ts b/web/app/components/plugins/plugin-auth/types.ts
new file mode 100644
index 0000000000..b9c63d2965
--- /dev/null
+++ b/web/app/components/plugins/plugin-auth/types.ts
@@ -0,0 +1,13 @@
+export enum CredentialTypeEnum {
+  OAUTH2 = 'oauth2',
+  API_KEY = 'api-key',
+}
+
+export type Credential = {
+  id: string
+  name: string
+  provider: string
+  credential_type: CredentialTypeEnum
+  is_default: boolean
+  credentials: Record<string, any>
+}
diff --git a/web/app/components/plugins/plugin-detail-panel/action-list.tsx b/web/app/components/plugins/plugin-detail-panel/action-list.tsx
index 2505b6d5aa..040c728630 100644
--- a/web/app/components/plugins/plugin-detail-panel/action-list.tsx
+++ b/web/app/components/plugins/plugin-detail-panel/action-list.tsx
@@ -1,17 +1,9 @@
-import React, { useMemo, useState } from 'react'
+import React, { useMemo } from 'react'
 import { useTranslation } from 'react-i18next'
-import { useAppContext } from '@/context/app-context'
-import Button from '@/app/components/base/button'
-import Toast from '@/app/components/base/toast'
-import Indicator from '@/app/components/header/indicator'
 import ToolItem from '@/app/components/tools/provider/tool-item'
-import ConfigCredential from '@/app/components/tools/setting/build-in/config-credentials'
 import {
   useAllToolProviders,
   useBuiltinTools,
-  useInvalidateAllToolProviders,
-  useRemoveProviderCredentials,
-  useUpdateProviderCredentials,
 } from '@/service/use-tools'
 import type { PluginDetail } from '@/app/components/plugins/types'
 
@@ -23,35 +15,14 @@ const ActionList = ({
   detail,
 }: Props) => {
   const { t } = useTranslation()
-  const { isCurrentWorkspaceManager } = useAppContext()
   const providerBriefInfo = detail.declaration.tool.identity
   const providerKey = `${detail.plugin_id}/${providerBriefInfo.name}`
   const { data: collectionList = [] } = useAllToolProviders()
-  const invalidateAllToolProviders = useInvalidateAllToolProviders()
   const provider = useMemo(() => {
     return collectionList.find(collection => collection.name === providerKey)
   }, [collectionList, providerKey])
   const { data } = useBuiltinTools(providerKey)
 
-  const [showSettingAuth, setShowSettingAuth] = useState(false)
-
-  const handleCredentialSettingUpdate = () => {
-    invalidateAllToolProviders()
-    Toast.notify({
-      type: 'success',
-      message: t('common.api.actionSuccess'),
-    })
-    setShowSettingAuth(false)
-  }
-
-  const { mutate: updatePermission, isPending } = useUpdateProviderCredentials({
-    onSuccess: handleCredentialSettingUpdate,
-  })
-
-  const { mutate: removePermission } = useRemoveProviderCredentials({
-    onSuccess: handleCredentialSettingUpdate,
-  })
-
   if (!data || !provider)
     return null
 
@@ -60,26 +31,7 @@ const ActionList = ({
       <div className='mb-1 py-1'>
         <div className='system-sm-semibold-uppercase mb-1 flex h-6 items-center justify-between text-text-secondary'>
           {t('plugin.detailPanel.actionNum', { num: data.length, action: data.length > 1 ? 'actions' : 'action' })}
-          {provider.is_team_authorization && provider.allow_delete && (
-            <Button
-              variant='secondary'
-              size='small'
-              onClick={() => setShowSettingAuth(true)}
-              disabled={!isCurrentWorkspaceManager}
-            >
-              <Indicator className='mr-2' color={'green'} />
-              {t('tools.auth.authorized')}
-            </Button>
-          )}
         </div>
-        {!provider.is_team_authorization && provider.allow_delete && (
-          <Button
-            variant='primary'
-            className='w-full'
-            onClick={() => setShowSettingAuth(true)}
-            disabled={!isCurrentWorkspaceManager}
-          >{t('workflow.nodes.tool.authorize')}</Button>
-        )}
       </div>
       <div className='flex flex-col gap-2'>
         {data.map(tool => (
@@ -93,18 +45,6 @@ const ActionList = ({
           />
         ))}
       </div>
-      {showSettingAuth && (
-        <ConfigCredential
-          collection={provider}
-          onCancel={() => setShowSettingAuth(false)}
-          onSaved={async value => updatePermission({
-            providerName: provider.name,
-            credentials: value,
-          })}
-          onRemove={async () => removePermission(provider.name)}
-          isSaving={isPending}
-        />
-      )}
     </div>
   )
 }
diff --git a/web/app/components/plugins/plugin-detail-panel/detail-header.tsx b/web/app/components/plugins/plugin-detail-panel/detail-header.tsx
index 0a5a8b87d6..a1f14e6301 100644
--- a/web/app/components/plugins/plugin-detail-panel/detail-header.tsx
+++ b/web/app/components/plugins/plugin-detail-panel/detail-header.tsx
@@ -36,6 +36,8 @@ import { useInvalidateAllToolProviders } from '@/service/use-tools'
 import { API_PREFIX } from '@/config'
 import cn from '@/utils/classnames'
 import { getMarketplaceUrl } from '@/utils/var'
+import { PluginAuth } from '@/app/components/plugins/plugin-auth'
+import { useAllToolProviders } from '@/service/use-tools'
 
 const i18nPrefix = 'plugin.action'
 
@@ -68,7 +70,14 @@ const DetailHeader = ({
     meta,
     plugin_id,
   } = detail
-  const { author, category, name, label, description, icon, verified } = detail.declaration
+  const { author, category, name, label, description, icon, verified, tool } = detail.declaration
+  const isTool = category === PluginType.tool
+  const providerBriefInfo = tool?.identity
+  const providerKey = `${plugin_id}/${providerBriefInfo?.name}`
+  const { data: collectionList = [] } = useAllToolProviders(isTool)
+  const provider = useMemo(() => {
+    return collectionList.find(collection => collection.name === providerKey)
+  }, [collectionList, providerKey])
   const isFromGitHub = source === PluginSource.github
   const isFromMarketplace = source === PluginSource.marketplace
 
@@ -263,6 +272,13 @@ const DetailHeader = ({
         </div>
       </div>
       <Description className='mt-3' text={description[locale]} descriptionLineRows={2}></Description>
+      {
+        category === PluginType.tool && (
+          <PluginAuth
+            provider={provider?.name}
+          />
+        )
+      }
       {isShowPluginInfo && (
         <PluginInfo
           repository={isFromGitHub ? meta?.repo : ''}
diff --git a/web/app/components/tools/tool-auth/api-key-modal.tsx b/web/app/components/tools/tool-auth/api-key-modal.tsx
deleted file mode 100644
index f4a2332861..0000000000
--- a/web/app/components/tools/tool-auth/api-key-modal.tsx
+++ /dev/null
@@ -1,52 +0,0 @@
-import { memo } from 'react'
-import { useTranslation } from 'react-i18next'
-import { RiExternalLinkLine } from '@remixicon/react'
-import { Lock01 } from '@/app/components/base/icons/src/vender/solid/security'
-import Modal from '@/app/components/base/modal/modal'
-
-export type ApiKeyModalProps = {
-  onClose?: () => void
-}
-const ApiKeyModal = ({
-  onClose,
-}: ApiKeyModalProps) => {
-  const { t } = useTranslation()
-
-  return (
-    <Modal
-      size='md'
-      title='API Key Authorization Configuration'
-      subTitle='After configuring credentials, all members within the workspace can use this tool when orchestrating applications.'
-      onClose={onClose}
-      onCancel={onClose}
-      footerSlot={
-        <a
-          className='system-xs-regular flex h-8 grow items-center text-text-accent'
-          href=''
-          target='_blank'
-        >
-          Get your API Key from OpenAI
-          <RiExternalLinkLine className='ml-1 h-3 w-3' />
-        </a>
-      }
-      bottomSlot={
-        <div className='flex items-center justify-center bg-background-section-burn py-3 text-xs text-text-tertiary'>
-          <Lock01 className='mr-1 h-3 w-3 text-text-tertiary' />
-          {t('common.modelProvider.encrypted.front')}
-          <a
-            className='mx-1 text-text-accent'
-            target='_blank' rel='noopener noreferrer'
-            href='https://pycryptodome.readthedocs.io/en/latest/src/cipher/oaep.html'
-          >
-            PKCS1_OAEP
-          </a>
-          {t('common.modelProvider.encrypted.back')}
-        </div>
-      }
-    >
-      <div>oauth</div>
-    </Modal>
-  )
-}
-
-export default memo(ApiKeyModal)
diff --git a/web/app/components/tools/tool-auth/authorization.tsx b/web/app/components/tools/tool-auth/authorization.tsx
deleted file mode 100644
index 5d3322d629..0000000000
--- a/web/app/components/tools/tool-auth/authorization.tsx
+++ /dev/null
@@ -1,124 +0,0 @@
-import {
-  memo,
-  useState,
-} from 'react'
-import {
-  RiArrowDownSLine,
-  RiDeleteBinLine,
-  RiEditLine,
-} from '@remixicon/react'
-import {
-  PortalToFollowElem,
-  PortalToFollowElemContent,
-  PortalToFollowElemTrigger,
-} from '@/app/components/base/portal-to-follow-elem'
-import Button from '@/app/components/base/button'
-import Indicator from '@/app/components/header/indicator'
-import Badge from '@/app/components/base/badge'
-import ActionButton from '@/app/components/base/action-button'
-import cn from '@/utils/classnames'
-import AddOauthButton from './add-oauth-button'
-import AddApiKeyButton from './add-api-key-button'
-
-const Authorization = () => {
-  const [isOpen, setIsOpen] = useState(false)
-
-  return (
-    <PortalToFollowElem
-      open={isOpen}
-      onOpenChange={setIsOpen}
-      placement='bottom-start'
-      offset={8}
-      triggerPopupSameWidth
-    >
-      <PortalToFollowElemTrigger
-        onClick={() => setIsOpen(!isOpen)}
-        asChild
-      >
-        <Button
-          className={cn(
-            'w-full',
-            isOpen && 'bg-components-button-secondary-bg-hover',
-          )}>
-          <Indicator className='mr-2' />
-          4 Authorizations
-          <RiArrowDownSLine className='ml-0.5 h-4 w-4' />
-        </Button>
-      </PortalToFollowElemTrigger>
-      <PortalToFollowElemContent className='z-[11]'>
-        <div className='max-h-[360px] overflow-y-auto rounded-xl border-[0.5px] border-components-panel-border bg-components-panel-bg-blur shadow-lg'>
-          <div className='py-1'>
-            <div className='p-1'>
-              <div className='system-xs-medium px-3 pb-0.5 pt-1 text-text-tertiary'>
-                OAuth
-              </div>
-              <div className='flex items-center rounded-lg p-1 hover:bg-state-base-hover'>
-                <div className='flex grow items-center space-x-1.5 pl-2'>
-                  <Indicator className='mr-1.5' />
-                  <div
-                    className='system-md-regular truncate text-text-secondary'
-                    title='Auth 1'
-                  >
-                    Auth 1
-                  </div>
-                  <Badge>
-                    Default
-                  </Badge>
-                </div>
-                <div className='ml-2 flex shrink-0 items-center'>
-                  <ActionButton>
-                    <RiEditLine className='h-4 w-4 text-text-tertiary' />
-                  </ActionButton>
-                  <ActionButton>
-                    <RiDeleteBinLine className='h-4 w-4 text-text-tertiary' />
-                  </ActionButton>
-                </div>
-              </div>
-            </div>
-            <div className='p-1'>
-              <div className='system-xs-medium px-3 pb-0.5 pt-1 text-text-tertiary'>
-                API Keys
-              </div>
-              <div className='flex items-center rounded-lg p-1 hover:bg-state-base-hover'>
-                <div className='flex grow items-center space-x-1.5 pl-2'>
-                  <Indicator className='mr-1.5' />
-                  <div
-                    className='system-md-regular truncate text-text-secondary'
-                    title='Production'
-                  >
-                    Production
-                  </div>
-                </div>
-                <div className='ml-2 flex shrink-0 items-center space-x-1'>
-                  <Badge>
-                    0.2
-                  </Badge>
-                  <Badge>
-                    ENTERPRISE
-                  </Badge>
-                </div>
-              </div>
-            </div>
-          </div>
-          <div className='h-[1px] bg-divider-subtle'></div>
-          <div className='flex items-center space-x-1.5 p-2'>
-            <AddOauthButton
-              buttonVariant='secondary'
-              buttonText='Add OAuth'
-              className='hover:bg-components-button-secondary-bg'
-              buttonLeftClassName='hover:bg-components-button-secondary-bg-hover'
-              buttonRightClassName='hover:bg-components-button-secondary-bg-hover'
-              dividerClassName='bg-divider-regular opacity-100'
-            />
-            <AddApiKeyButton
-              buttonVariant='secondary'
-              buttonText='Add API Key'
-            />
-          </div>
-        </div>
-      </PortalToFollowElemContent>
-    </PortalToFollowElem>
-  )
-}
-
-export default memo(Authorization)
diff --git a/web/app/components/tools/tool-auth/index.tsx b/web/app/components/tools/tool-auth/index.tsx
deleted file mode 100644
index a632029ca2..0000000000
--- a/web/app/components/tools/tool-auth/index.tsx
+++ /dev/null
@@ -1,23 +0,0 @@
-import {
-  memo,
-} from 'react'
-import AddOAuthButton from './add-oauth-button'
-import AddApiKeyButton from './add-api-key-button'
-
-const ToolAuth = () => {
-  return (
-    <>
-      <div className='flex items-center space-x-1.5'>
-        <AddOAuthButton />
-        <div className='system-2xs-medium-uppercase flex shrink-0 flex-col items-center justify-between text-text-tertiary'>
-          <div className='h-2 w-[1px] bg-divider-subtle'></div>
-          or
-          <div className='h-2 w-[1px] bg-divider-subtle'></div>
-        </div>
-        <AddApiKeyButton />
-      </div>
-    </>
-  )
-}
-
-export default memo(ToolAuth)
diff --git a/web/app/components/workflow/nodes/tool/panel.tsx b/web/app/components/workflow/nodes/tool/panel.tsx
index 561a6e8eea..9f6465c008 100644
--- a/web/app/components/workflow/nodes/tool/panel.tsx
+++ b/web/app/components/workflow/nodes/tool/panel.tsx
@@ -14,8 +14,9 @@ import Loading from '@/app/components/base/loading'
 import OutputVars, { VarItem } from '@/app/components/workflow/nodes/_base/components/output-vars'
 import StructureOutputItem from '@/app/components/workflow/nodes/_base/components/variable/object-child-tree-panel/show'
 import { Type } from '../llm/types'
-import ToolAuth from '@/app/components/tools/tool-auth'
-import Authorization from '@/app/components/tools/tool-auth/authorization'
+import {
+  PluginAuth,
+} from '@/app/components/plugins/plugin-auth'
 
 const i18nPrefix = 'workflow.nodes.tool'
 
@@ -56,8 +57,9 @@ const Panel: FC<NodePanelProps<ToolNodeType>> = ({
   return (
     <div className='pt-2'>
       <div className='px-4 py-2'>
-        <ToolAuth />
-        <Authorization />
+        <PluginAuth
+          provider={currCollection?.name}
+        />
       </div>
       {!readOnly && isShowAuthBtn && (
         <>
diff --git a/web/service/use-plugins-auth.ts b/web/service/use-plugins-auth.ts
new file mode 100644
index 0000000000..86bed7d343
--- /dev/null
+++ b/web/service/use-plugins-auth.ts
@@ -0,0 +1,138 @@
+import {
+  useMutation,
+  useQuery,
+} from '@tanstack/react-query'
+import { get, post } from './base'
+import { useInvalid } from './use-base'
+import type {
+  Credential,
+  CredentialTypeEnum,
+} from '@/app/components/plugins/plugin-auth/types'
+import type { FormSchema } from '@/app/components/base/form/types'
+
+const NAME_SPACE = 'plugins-auth'
+
+export const useGetPluginToolCredentialInfo = (
+  provider: string,
+) => {
+  return useQuery({
+    enabled: !!provider,
+    queryKey: [NAME_SPACE, 'credential-info', provider],
+    queryFn: () => get<{
+        supported_credential_types: string[]
+        credentials: Credential[]
+        is_oauth_custom_client_enabled: boolean
+      }>(`/workspaces/current/tool-provider/builtin/${provider}/credential/info`),
+    staleTime: 0,
+  })
+}
+
+export const useInvalidPluginToolCredentialInfo = (
+  provider: string,
+) => {
+  return useInvalid([NAME_SPACE, 'credential-info', provider])
+}
+
+export const useSetPluginToolDefaultCredential = (
+  provider: string,
+) => {
+  return useMutation({
+    mutationFn: (id: string) => {
+      return post(`/workspaces/current/tool-provider/builtin/${provider}/default-credential`, { body: { id } })
+    },
+  })
+}
+
+export const useGetPluginToolCredentialList = (
+  provider: string,
+) => {
+  return useQuery({
+    queryKey: [NAME_SPACE, 'credential-list', provider],
+    queryFn: () => get(`/workspaces/current/tool-provider/builtin/${provider}/credentials`),
+  })
+}
+
+export const useAddPluginToolCredential = (
+  provider: string,
+) => {
+  return useMutation({
+    mutationFn: (params: {
+      credentials: Record<string, any>
+      type: CredentialTypeEnum
+      name?: string
+    }) => {
+      return post(`/workspaces/current/tool-provider/builtin/${provider}/add`, { body: params })
+    },
+  })
+}
+
+export const useUpdatePluginToolCredential = (
+  provider: string,
+) => {
+  return useMutation({
+    mutationFn: (params: {
+      credentials: Record<string, any>
+      type: CredentialTypeEnum
+      name?: string
+    }) => {
+      return post(`/workspaces/current/tool-provider/builtin/${provider}/update`, { body: params })
+    },
+  })
+}
+
+export const useDeletePluginToolCredential = (
+  provider: string,
+) => {
+  return useMutation({
+    mutationFn: (params: { credential_id: string }) => {
+      return post(`/workspaces/current/tool-provider/builtin/${provider}/delete`, { body: params })
+    },
+  })
+}
+
+export const useGetPluginToolCredentialSchema = (
+  provider: string,
+  credential_type: CredentialTypeEnum,
+) => {
+  return useQuery({
+    queryKey: [NAME_SPACE, 'credential-schema', provider, credential_type],
+    queryFn: () => get<FormSchema[]>(`/workspaces/current/tool-provider/builtin/${provider}/credential/schema/${credential_type}`),
+  })
+}
+
+export const useGetPluginToolOAuthUrl = (
+  provider: string,
+) => {
+  return useQuery({
+    queryKey: [NAME_SPACE, 'oauth-url', provider],
+    queryFn: () => get(`oauth/plugin/${provider}/tool/authorization-url`),
+  })
+}
+
+export const useGetPluginToolOAuthClientSchema = (
+  provider: string,
+) => {
+  return useQuery({
+    queryKey: [NAME_SPACE, 'oauth-client-schema', provider],
+    queryFn: () => get(`/workspaces/current/tool-provider/builtin/${provider}/oauth/client-schema`),
+  })
+}
+
+export const useSetPluginToolOAuthCustomClient = (
+  provider: string,
+) => {
+  return useMutation({
+    mutationFn: (params) => {
+      return post(`/workspaces/current/tool-provider/builtin/${provider}/oauth/custom-client`, { body: params })
+    },
+  })
+}
+
+export const useGetPluginToolOAuthCustomClientSchema = (
+  provider: string,
+) => {
+  return useQuery({
+    queryKey: [NAME_SPACE, 'oauth-custom-client-schema', provider],
+    queryFn: () => get(`/workspaces/current/tool-provider/builtin/${provider}/oauth/custom-client`),
+  })
+}
diff --git a/web/service/use-tools.ts b/web/service/use-tools.ts
index ceaa4b14b3..9238826ea4 100644
--- a/web/service/use-tools.ts
+++ b/web/service/use-tools.ts
@@ -14,10 +14,11 @@ import {
 const NAME_SPACE = 'tools'
 
 const useAllToolProvidersKey = [NAME_SPACE, 'allToolProviders']
-export const useAllToolProviders = () => {
+export const useAllToolProviders = (enabled = true) => {
   return useQuery<Collection[]>({
     queryKey: useAllToolProvidersKey,
     queryFn: () => get<Collection[]>('/workspaces/current/tool-providers'),
+    enabled,
   })
 }
 

From 8968a3e254a6b6d19af23f08c0f5f23458caec59 Mon Sep 17 00:00:00 2001
From: zxhlyh <jasonapring2015@outlook.com>
Date: Wed, 9 Jul 2025 18:28:39 +0800
Subject: [PATCH 03/25] tool oauth

---
 .../base/form/components/base/base-field.tsx  |  19 ++-
 .../base/form/components/base/base-form.tsx   |  13 +-
 web/app/components/base/form/types.ts         |   4 +-
 web/app/components/base/modal/modal.tsx       |   7 +-
 .../plugin-auth/authorize/api-key-modal.tsx   |  50 ++++++-
 .../plugins/plugin-auth/authorize/index.tsx   |   4 +-
 .../plugin-auth/authorized-in-node.tsx        |  94 +++++++++++++
 .../plugins/plugin-auth/authorized/index.tsx  |  96 +++++++++++---
 .../plugins/plugin-auth/authorized/item.tsx   | 123 ++++++++++++------
 .../components/plugins/plugin-auth/hooks.ts   |  20 +++
 .../components/plugins/plugin-auth/index.tsx  |   3 +
 .../plugins/plugin-auth/plugin-auth.tsx       |   7 +-
 .../components/plugins/plugin-auth/types.ts   |   5 +-
 .../components/plugins/plugin-auth/utils.ts   |  10 ++
 .../workflow/block-selector/types.ts          |   1 +
 .../_base/components/workflow-panel/index.tsx |  60 ++++++++-
 .../components/workflow/nodes/tool/panel.tsx  |  37 ------
 web/app/components/workflow/types.ts          |   2 +-
 web/service/use-plugins-auth.ts               |   1 +
 19 files changed, 432 insertions(+), 124 deletions(-)
 create mode 100644 web/app/components/plugins/plugin-auth/authorized-in-node.tsx
 create mode 100644 web/app/components/plugins/plugin-auth/hooks.ts
 create mode 100644 web/app/components/plugins/plugin-auth/utils.ts

diff --git a/web/app/components/base/form/components/base/base-field.tsx b/web/app/components/base/form/components/base/base-field.tsx
index df4c0d18ee..f997297691 100644
--- a/web/app/components/base/form/components/base/base-field.tsx
+++ b/web/app/components/base/form/components/base/base-field.tsx
@@ -4,6 +4,7 @@ import {
   useMemo,
 } from 'react'
 import type { AnyFieldApi } from '@tanstack/react-form'
+import { useStore } from '@tanstack/react-form'
 import cn from '@/utils/classnames'
 import Input from '@/app/components/base/input'
 import type { FormSchema } from '@/app/components/base/form/types'
@@ -17,6 +18,7 @@ export type BaseFieldProps = {
   inputClassName?: string
   formSchema: FormSchema
   field: AnyFieldApi
+  disabled?: boolean
 }
 const BaseField = ({
   fieldClassName,
@@ -25,6 +27,7 @@ const BaseField = ({
   inputClassName,
   formSchema,
   field,
+  disabled,
 }: BaseFieldProps) => {
   const renderI18nObject = useRenderI18nObject()
   const {
@@ -35,9 +38,13 @@ const BaseField = ({
     if (isValidElement(label))
       return label
 
+    if (typeof label === 'string')
+      return label
+
     if (typeof label === 'object' && label !== null)
       return renderI18nObject(label as Record<string, string>)
   }, [label, renderI18nObject])
+  const value = useStore(field.form.store, s => s.values[field.name])
 
   return (
     <div className={cn(fieldClassName)}>
@@ -48,23 +55,27 @@ const BaseField = ({
         {
           formSchema.type === FormTypeEnum.textInput && (
             <Input
-              className={cn(inputClassName)}
               id={field.name}
-              value={field.state.value}
+              name={field.name}
+              className={cn(inputClassName)}
+              value={value}
               onChange={e => field.handleChange(e.target.value)}
               onBlur={field.handleBlur}
+              disabled={disabled}
             />
           )
         }
         {
           formSchema.type === FormTypeEnum.secretInput && (
             <Input
+              id={field.name}
+              name={field.name}
               type='password'
               className={cn(inputClassName)}
-              id={field.name}
-              value={field.state.value}
+              value={value}
               onChange={e => field.handleChange(e.target.value)}
               onBlur={field.handleBlur}
+              disabled={disabled}
             />
           )
         }
diff --git a/web/app/components/base/form/components/base/base-form.tsx b/web/app/components/base/form/components/base/base-form.tsx
index 5d4ca2618d..3fee80bac1 100644
--- a/web/app/components/base/form/components/base/base-form.tsx
+++ b/web/app/components/base/form/components/base/base-form.tsx
@@ -24,6 +24,7 @@ export type BaseFormProps = {
   defaultValues?: Record<string, any>
   formClassName?: string
   ref?: FormRef
+  disabled?: boolean
 } & Pick<BaseFieldProps, 'fieldClassName' | 'labelClassName' | 'inputContainerClassName' | 'inputClassName'>
 
 const BaseForm = ({
@@ -35,6 +36,7 @@ const BaseForm = ({
   inputContainerClassName,
   inputClassName,
   ref,
+  disabled,
 }: BaseFormProps) => {
   const form = useForm({
     defaultValues,
@@ -42,8 +44,8 @@ const BaseForm = ({
 
   useImperativeHandle(ref, () => {
     return {
-      getFormStore() {
-        return form.store
+      getForm() {
+        return form
       },
     }
   }, [form])
@@ -60,18 +62,21 @@ const BaseForm = ({
           labelClassName={labelClassName}
           inputContainerClassName={inputContainerClassName}
           inputClassName={inputClassName}
+          disabled={disabled}
         />
       )
     }
 
     return null
-  }, [formSchemas, fieldClassName, labelClassName, inputContainerClassName, inputClassName])
+  }, [formSchemas, fieldClassName, labelClassName, inputContainerClassName, inputClassName, disabled])
 
   if (!formSchemas?.length)
     return null
 
   return (
-    <form className={cn(formClassName)}>
+    <form
+      className={cn(formClassName)}
+    >
       {
         formSchemas.map((formSchema) => {
           return (
diff --git a/web/app/components/base/form/types.ts b/web/app/components/base/form/types.ts
index 69a4fe7795..5156477a38 100644
--- a/web/app/components/base/form/types.ts
+++ b/web/app/components/base/form/types.ts
@@ -38,7 +38,7 @@ export type FormSchema = {
   required: boolean
   default?: any
   tooltip?: string | TypeWithI18N
-  show_on: FormShowOnObject[]
+  show_on?: FormShowOnObject[]
   url?: string
   scope?: string
 }
@@ -46,6 +46,6 @@ export type FormSchema = {
 export type FormValues = Record<string, any>
 
 export type FromRefObject = {
-    getFormStore: () => AnyFormApi['store']
+    getForm: () => AnyFormApi
 }
 export type FormRef = ForwardedRef<FromRefObject>
diff --git a/web/app/components/base/modal/modal.tsx b/web/app/components/base/modal/modal.tsx
index 3137e7adcc..5738704722 100644
--- a/web/app/components/base/modal/modal.tsx
+++ b/web/app/components/base/modal/modal.tsx
@@ -25,6 +25,7 @@ type ModalProps = {
   onExtraButtonClick?: () => void
   footerSlot?: React.ReactNode
   bottomSlot?: React.ReactNode
+  disabled?: boolean
 }
 const Modal = ({
   onClose,
@@ -42,13 +43,14 @@ const Modal = ({
   onExtraButtonClick,
   footerSlot,
   bottomSlot,
+  disabled,
 }: ModalProps) => {
   const { t } = useTranslation()
 
   return (
     <PortalToFollowElem open>
       <PortalToFollowElemContent
-        className='z-[999999] flex h-full w-full items-center justify-center bg-background-overlay'
+        className='z-[9998] flex h-full w-full items-center justify-center bg-background-overlay'
         onClick={onClose}
       >
         <div
@@ -88,6 +90,7 @@ const Modal = ({
                   <Button
                     variant={extraButtonVariant}
                     onClick={onExtraButtonClick}
+                    disabled={disabled}
                   >
                     {extraButtonText || t('common.operation.remove')}
                   </Button>
@@ -97,6 +100,7 @@ const Modal = ({
             }
             <Button
               onClick={onCancel}
+              disabled={disabled}
             >
               {cancelButtonText || t('common.operation.cancel')}
             </Button>
@@ -104,6 +108,7 @@ const Modal = ({
               className='ml-2'
               variant='primary'
               onClick={onConfirm}
+              disabled={disabled}
             >
               {confirmButtonText || t('common.operation.save')}
             </Button>
diff --git a/web/app/components/plugins/plugin-auth/authorize/api-key-modal.tsx b/web/app/components/plugins/plugin-auth/authorize/api-key-modal.tsx
index 7a6826066e..b7aae3c9fd 100644
--- a/web/app/components/plugins/plugin-auth/authorize/api-key-modal.tsx
+++ b/web/app/components/plugins/plugin-auth/authorize/api-key-modal.tsx
@@ -1,6 +1,7 @@
 import {
   memo,
   useCallback,
+  useMemo,
   useRef,
 } from 'react'
 import { useTranslation } from 'react-i18next'
@@ -14,8 +15,10 @@ import {
   useUpdatePluginToolCredential,
 } from '@/service/use-plugins-auth'
 import { CredentialTypeEnum } from '../types'
+import { transformFormSchemasSecretInput } from '../utils'
 import AuthForm from '@/app/components/base/form/form-scenarios/auth'
 import type { FromRefObject } from '@/app/components/base/form/types'
+import { FormTypeEnum } from '@/app/components/base/form/types'
 import { useToastContext } from '@/app/components/base/toast'
 
 export type ApiKeyModalProps = {
@@ -23,34 +26,65 @@ export type ApiKeyModalProps = {
   onClose?: () => void
   editValues?: Record<string, any>
   onRemove?: () => void
+  disabled?: boolean
 }
 const ApiKeyModal = ({
   provider,
   onClose,
   editValues,
   onRemove,
+  disabled,
 }: ApiKeyModalProps) => {
   const { t } = useTranslation()
   const { notify } = useToastContext()
-  const { data } = useGetPluginToolCredentialSchema(provider, CredentialTypeEnum.API_KEY)
+  const { data = [] } = useGetPluginToolCredentialSchema(provider, CredentialTypeEnum.API_KEY)
+  const formSchemas = useMemo(() => {
+    return [
+      {
+        type: FormTypeEnum.textInput,
+        name: '__name__',
+        label: 'Authorization name',
+        required: false,
+      },
+      ...data,
+    ]
+  }, [data])
   const { mutateAsync: addPluginToolCredential } = useAddPluginToolCredential(provider)
   const { mutateAsync: updatePluginToolCredential } = useUpdatePluginToolCredential(provider)
   const invalidatePluginToolCredentialInfo = useInvalidPluginToolCredentialInfo(provider)
   const formRef = useRef<FromRefObject>(null)
   const handleConfirm = useCallback(async () => {
-    const store = formRef.current?.getFormStore()
-    const values = store?.state.values
+    const form = formRef.current?.getForm()
+    const store = form?.store
+    const {
+      __name__,
+      __credential_id__,
+      ...values
+    } = store?.state.values
+    const isPristineSecretInputNames: string[] = []
+    formSchemas.forEach((schema) => {
+      if (schema.type === FormTypeEnum.secretInput) {
+        const fieldMeta = form?.getFieldMeta(schema.name)
+        if (fieldMeta?.isPristine)
+          isPristineSecretInputNames.push(schema.name)
+      }
+    })
+
+    const transformedValues = transformFormSchemasSecretInput(isPristineSecretInputNames, values)
 
     if (editValues) {
       await updatePluginToolCredential({
-        credentials: values,
+        credentials: transformedValues,
+        credential_id: __credential_id__,
         type: CredentialTypeEnum.API_KEY,
+        name: __name__ || '',
       })
     }
     else {
       await addPluginToolCredential({
-        credentials: values,
+        credentials: transformedValues,
         type: CredentialTypeEnum.API_KEY,
+        name: __name__ || '',
       })
     }
     notify({
@@ -60,7 +94,7 @@ const ApiKeyModal = ({
 
     onClose?.()
     invalidatePluginToolCredentialInfo()
-  }, [addPluginToolCredential, onClose, invalidatePluginToolCredentialInfo, updatePluginToolCredential, notify, t, editValues])
+  }, [addPluginToolCredential, onClose, invalidatePluginToolCredentialInfo, updatePluginToolCredential, notify, t, editValues, formSchemas])
 
   return (
     <Modal
@@ -96,11 +130,13 @@ const ApiKeyModal = ({
       onConfirm={handleConfirm}
       showExtraButton={!!editValues}
       onExtraButtonClick={onRemove}
+      disabled={disabled}
     >
       <AuthForm
         ref={formRef}
-        formSchemas={data}
+        formSchemas={formSchemas}
         defaultValues={editValues}
+        disabled={disabled}
       />
     </Modal>
   )
diff --git a/web/app/components/plugins/plugin-auth/authorize/index.tsx b/web/app/components/plugins/plugin-auth/authorize/index.tsx
index f40451e7fa..ceb5e79023 100644
--- a/web/app/components/plugins/plugin-auth/authorize/index.tsx
+++ b/web/app/components/plugins/plugin-auth/authorize/index.tsx
@@ -36,7 +36,7 @@ const Authorize = ({
     }
 
     return {
-      buttonText: !canApiKey ? 'Use OAuth Authorization' : '',
+      buttonText: !canApiKey ? 'Use OAuth Authorization' : 'Use OAuth',
     }
   }, [canApiKey, theme])
 
@@ -50,7 +50,7 @@ const Authorize = ({
     }
     return {
       provider,
-      buttonText: !canOAuth ? 'API Key Authorization Configuration' : '',
+      buttonText: !canOAuth ? 'API Key Authorization Configuration' : 'Use API Key',
       buttonVariant: !canOAuth ? 'primary' : 'secondary-accent',
     }
   }, [canOAuth, theme, provider])
diff --git a/web/app/components/plugins/plugin-auth/authorized-in-node.tsx b/web/app/components/plugins/plugin-auth/authorized-in-node.tsx
new file mode 100644
index 0000000000..1bf0425695
--- /dev/null
+++ b/web/app/components/plugins/plugin-auth/authorized-in-node.tsx
@@ -0,0 +1,94 @@
+import {
+  memo,
+  useCallback,
+  useMemo,
+  useState,
+} from 'react'
+import { RiArrowDownSLine } from '@remixicon/react'
+import Button from '@/app/components/base/button'
+import Indicator from '@/app/components/header/indicator'
+import cn from '@/utils/classnames'
+import type { Credential } from './types'
+import {
+  Authorized,
+  usePluginAuth,
+} from '.'
+
+type AuthorizedInNodeProps = {
+  provider: string
+  onAuthorizationItemClick: (id: string) => void
+  credentialId?: string
+}
+const AuthorizedInNode = ({
+  provider = '',
+  onAuthorizationItemClick,
+  credentialId,
+}: AuthorizedInNodeProps) => {
+  const [isOpen, setIsOpen] = useState(false)
+  const {
+    canApiKey,
+    canOAuth,
+    credentials,
+    disabled,
+  } = usePluginAuth(provider, isOpen)
+  const label = useMemo(() => {
+    if (!credentialId)
+      return 'Workspace default'
+    const credential = credentials.find(c => c.id === credentialId)
+
+    if (!credential)
+      return 'Auth removed'
+
+    return credential.name
+  }, [credentials, credentialId])
+  const renderTrigger = useCallback((open?: boolean) => {
+    return (
+      <Button
+        size='small'
+        className={cn(open && 'bg-components-button-ghost-bg-hover')}
+      >
+        <Indicator className='mr-1.5' />
+        {label}
+        <RiArrowDownSLine className='h-3.5 w-3.5 text-components-button-ghost-text' />
+      </Button>
+    )
+  }, [label])
+  const extraAuthorizationItems: Credential[] = [
+    {
+      id: '__workspace_default__',
+      name: 'Workspace default',
+      provider: '',
+      is_default: false,
+      isWorkspaceDefault: true,
+    },
+  ]
+  const handleAuthorizationItemClick = useCallback((id: string) => {
+    onAuthorizationItemClick(id)
+    setIsOpen(false)
+  }, [
+    onAuthorizationItemClick,
+    setIsOpen,
+  ])
+
+  return (
+    <Authorized
+      provider={provider}
+      credentials={credentials}
+      canOAuth={canOAuth}
+      canApiKey={canApiKey}
+      renderTrigger={renderTrigger}
+      isOpen={isOpen}
+      onOpenChange={setIsOpen}
+      offset={4}
+      placement='bottom-end'
+      triggerPopupSameWidth={false}
+      popupClassName='w-[360px]'
+      disabled={disabled}
+      disableSetDefault
+      onItemClick={handleAuthorizationItemClick}
+      extraAuthorizationItems={extraAuthorizationItems}
+    />
+  )
+}
+
+export default memo(AuthorizedInNode)
diff --git a/web/app/components/plugins/plugin-auth/authorized/index.tsx b/web/app/components/plugins/plugin-auth/authorized/index.tsx
index 98e90d357f..f1188aaa70 100644
--- a/web/app/components/plugins/plugin-auth/authorized/index.tsx
+++ b/web/app/components/plugins/plugin-auth/authorized/index.tsx
@@ -13,6 +13,9 @@ import {
   PortalToFollowElemContent,
   PortalToFollowElemTrigger,
 } from '@/app/components/base/portal-to-follow-elem'
+import type {
+  PortalToFollowElemOptions,
+} from '@/app/components/base/portal-to-follow-elem'
 import Button from '@/app/components/base/button'
 import Indicator from '@/app/components/header/indicator'
 import cn from '@/utils/classnames'
@@ -35,6 +38,16 @@ type AuthorizedProps = {
   canOAuth?: boolean
   canApiKey?: boolean
   disabled?: boolean
+  renderTrigger?: (open?: boolean) => React.ReactNode
+  isOpen?: boolean
+  onOpenChange?: (open: boolean) => void
+  offset?: PortalToFollowElemOptions['offset']
+  placement?: PortalToFollowElemOptions['placement']
+  triggerPopupSameWidth?: boolean
+  popupClassName?: string
+  disableSetDefault?: boolean
+  onItemClick?: (id: string) => void
+  extraAuthorizationItems?: Credential[]
 }
 const Authorized = ({
   provider,
@@ -42,10 +55,27 @@ const Authorized = ({
   canOAuth,
   canApiKey,
   disabled,
+  renderTrigger,
+  isOpen,
+  onOpenChange,
+  offset = 8,
+  placement = 'bottom-start',
+  triggerPopupSameWidth = true,
+  popupClassName,
+  disableSetDefault,
+  onItemClick,
+  extraAuthorizationItems,
 }: AuthorizedProps) => {
   const { t } = useTranslation()
   const { notify } = useToastContext()
-  const [isOpen, setIsOpen] = useState(false)
+  const [isLocalOpen, setIsLocalOpen] = useState(false)
+  const mergedIsOpen = isOpen ?? isLocalOpen
+  const setMergedIsOpen = useCallback((open: boolean) => {
+    if (onOpenChange)
+      onOpenChange(open)
+
+    setIsLocalOpen(open)
+  }, [onOpenChange])
   const oAuthCredentials = credentials.filter(credential => credential.credential_type === CredentialTypeEnum.OAUTH2)
   const apiKeyCredentials = credentials.filter(credential => credential.credential_type === CredentialTypeEnum.API_KEY)
   const pendingOperationCredentialId = useRef<string | null>(null)
@@ -98,28 +128,57 @@ const Authorized = ({
   return (
     <>
       <PortalToFollowElem
-        open={isOpen}
-        onOpenChange={setIsOpen}
-        placement='bottom-start'
-        offset={8}
-        triggerPopupSameWidth
+        open={mergedIsOpen}
+        onOpenChange={setMergedIsOpen}
+        placement={placement}
+        offset={offset}
+        triggerPopupSameWidth={triggerPopupSameWidth}
       >
         <PortalToFollowElemTrigger
-          onClick={() => setIsOpen(!isOpen)}
+          onClick={() => setMergedIsOpen(!mergedIsOpen)}
           asChild
         >
-          <Button
-            className={cn(
-              'w-full',
-              isOpen && 'bg-components-button-secondary-bg-hover',
-            )}>
-            <Indicator className='mr-2' />
-            {credentials.length} Authorizations
-            <RiArrowDownSLine className='ml-0.5 h-4 w-4' />
-          </Button>
+          {
+            renderTrigger
+              ? renderTrigger(mergedIsOpen)
+              : (
+                <Button
+                  className={cn(
+                    'w-full',
+                    isOpen && 'bg-components-button-secondary-bg-hover',
+                  )}>
+                  <Indicator className='mr-2' />
+                  {credentials.length} Authorizations
+                  <RiArrowDownSLine className='ml-0.5 h-4 w-4' />
+                </Button>
+              )
+          }
         </PortalToFollowElemTrigger>
         <PortalToFollowElemContent className='z-[100]'>
-          <div className='max-h-[360px] overflow-y-auto rounded-xl border-[0.5px] border-components-panel-border bg-components-panel-bg-blur shadow-lg'>
+          <div className={cn(
+            'max-h-[360px] overflow-y-auto rounded-xl border-[0.5px] border-components-panel-border bg-components-panel-bg-blur shadow-lg',
+            popupClassName,
+          )}>
+            {
+              !!extraAuthorizationItems?.length && (
+                <div className='p-1'>
+                  {
+                    extraAuthorizationItems.map(credential => (
+                      <Item
+                        key={credential.id}
+                        credential={credential}
+                        disabled={disabled}
+                        onItemClick={onItemClick}
+                        disableRename
+                        disableEdit
+                        disableDelete
+                        disableSetDefault
+                      />
+                    ))
+                  }
+                </div>
+              )
+            }
             <div className='py-1'>
               {
                 !!oAuthCredentials.length && (
@@ -153,6 +212,8 @@ const Authorized = ({
                           onDelete={openConfirm}
                           onEdit={handleEdit}
                           onSetDefault={handleSetDefault}
+                          disableSetDefault={disableSetDefault}
+                          onItemClick={onItemClick}
                         />
                       ))
                     }
@@ -195,6 +256,7 @@ const Authorized = ({
               pendingOperationCredentialId.current = null
             }}
             onRemove={handleRemove}
+            disabled={disabled}
           />
         )
       }
diff --git a/web/app/components/plugins/plugin-auth/authorized/item.tsx b/web/app/components/plugins/plugin-auth/authorized/item.tsx
index c32d0a9008..f54ef5ac9b 100644
--- a/web/app/components/plugins/plugin-auth/authorized/item.tsx
+++ b/web/app/components/plugins/plugin-auth/authorized/item.tsx
@@ -1,5 +1,6 @@
 import {
   memo,
+  useMemo,
 } from 'react'
 import {
   RiDeleteBinLine,
@@ -20,6 +21,11 @@ type ItemProps = {
   onDelete?: (id: string) => void
   onEdit?: (id: string, values: Record<string, any>) => void
   onSetDefault?: (id: string) => void
+  disableRename?: boolean
+  disableEdit?: boolean
+  disableDelete?: boolean
+  disableSetDefault?: boolean
+  onItemClick?: (id: string) => void
 }
 const Item = ({
   credential,
@@ -27,16 +33,25 @@ const Item = ({
   onDelete,
   onEdit,
   onSetDefault,
+  disableRename,
+  disableEdit,
+  disableDelete,
+  disableSetDefault,
+  onItemClick,
 }: ItemProps) => {
   const isOAuth = credential.credential_type === CredentialTypeEnum.OAUTH2
+  const showAction = useMemo(() => {
+    return !(disableRename && disableEdit && disableDelete && disableSetDefault)
+  }, [disableRename, disableEdit, disableDelete, disableSetDefault])
 
   return (
     <div
       key={credential.id}
       className='group flex h-8 items-center rounded-lg p-1 hover:bg-state-base-hover'
+      onClick={() => onItemClick?.(credential.id)}
     >
-      <div className='flex grow items-center space-x-1.5 pl-2'>
-        <Indicator className='mr-1.5' />
+      <div className='flex w-0 grow items-center space-x-1.5 pl-2'>
+        <Indicator className='mr-1.5 shrink-0' />
         <div
           className='system-md-regular truncate text-text-secondary'
           title={credential.name}
@@ -51,44 +66,72 @@ const Item = ({
           )
         }
       </div>
-      <div className='ml-2 hidden shrink-0 items-center group-hover:flex'>
-        <Button
-          size='small'
-          disabled={disabled}
-          onClick={() => onSetDefault?.(credential.id)}
-        >
-          Set as default
-        </Button>
-        {
-          isOAuth && (
-            <Tooltip popupContent='rename'>
-              <ActionButton>
-                <RiEditLine className='h-4 w-4 text-text-tertiary' />
-              </ActionButton>
-            </Tooltip>
-          )
-        }
-        {
-          !isOAuth && (
-            <Tooltip popupContent='edit'>
-              <ActionButton
-                disabled={disabled}
-                onClick={() => onEdit?.(credential.id, credential.credentials)}
-              >
-                <RiEqualizer2Line className='h-4 w-4 text-text-tertiary' />
-              </ActionButton>
-            </Tooltip>
-          )
-        }
-        <Tooltip popupContent='delete'>
-          <ActionButton
-            disabled={disabled}
-            onClick={() => onDelete?.(credential.id)}
-          >
-            <RiDeleteBinLine className='h-4 w-4 text-text-tertiary' />
-          </ActionButton>
-        </Tooltip>
-      </div>
+      {
+        showAction && (
+          <div className='ml-2 hidden shrink-0 items-center group-hover:flex'>
+            {
+              !credential.is_default && !disableSetDefault && (
+                <Button
+                  size='small'
+                  disabled={disabled}
+                  onClick={(e) => {
+                    e.stopPropagation()
+                    onSetDefault?.(credential.id)
+                  }}
+                >
+                  Set as default
+                </Button>
+              )
+            }
+            {
+              isOAuth && !disableRename && (
+                <Tooltip popupContent='rename'>
+                  <ActionButton>
+                    <RiEditLine className='h-4 w-4 text-text-tertiary' />
+                  </ActionButton>
+                </Tooltip>
+              )
+            }
+            {
+              !isOAuth && !disableEdit && (
+                <Tooltip popupContent='edit'>
+                  <ActionButton
+                    disabled={disabled}
+                    onClick={(e) => {
+                      e.stopPropagation()
+                      onEdit?.(
+                        credential.id,
+                        {
+                          ...credential.credentials,
+                          __name__: credential.name,
+                          __credential_id__: credential.id,
+                        },
+                      )
+                    }}
+                  >
+                    <RiEqualizer2Line className='h-4 w-4 text-text-tertiary' />
+                  </ActionButton>
+                </Tooltip>
+              )
+            }
+            {
+              !disableDelete && (
+                <Tooltip popupContent='delete'>
+                  <ActionButton
+                    disabled={disabled}
+                    onClick={(e) => {
+                      e.stopPropagation()
+                      onDelete?.(credential.id)
+                    }}
+                  >
+                    <RiDeleteBinLine className='h-4 w-4 text-text-tertiary' />
+                  </ActionButton>
+                </Tooltip>
+              )
+            }
+          </div>
+        )
+      }
     </div>
   )
 }
diff --git a/web/app/components/plugins/plugin-auth/hooks.ts b/web/app/components/plugins/plugin-auth/hooks.ts
new file mode 100644
index 0000000000..3c47997e4e
--- /dev/null
+++ b/web/app/components/plugins/plugin-auth/hooks.ts
@@ -0,0 +1,20 @@
+import { useAppContext } from '@/context/app-context'
+import { useGetPluginToolCredentialInfo } from '@/service/use-plugins-auth'
+import { CredentialTypeEnum } from './types'
+
+export const usePluginAuth = (provider: string, enable?: boolean) => {
+  const { data } = useGetPluginToolCredentialInfo(enable ? provider : '')
+  const { isCurrentWorkspaceManager } = useAppContext()
+  const isAuthorized = !!data?.credentials.length
+  const canOAuth = data?.supported_credential_types.includes(CredentialTypeEnum.OAUTH2)
+  const canApiKey = data?.supported_credential_types.includes(CredentialTypeEnum.API_KEY)
+
+  return {
+    isAuthorized,
+    canOAuth,
+    canApiKey,
+    credentials: data?.credentials || [],
+    provider,
+    disabled: !isCurrentWorkspaceManager,
+  }
+}
diff --git a/web/app/components/plugins/plugin-auth/index.tsx b/web/app/components/plugins/plugin-auth/index.tsx
index 274697e061..a3cde28c72 100644
--- a/web/app/components/plugins/plugin-auth/index.tsx
+++ b/web/app/components/plugins/plugin-auth/index.tsx
@@ -1 +1,4 @@
 export { default as PluginAuth } from './plugin-auth'
+export { default as Authorized } from './authorized'
+export { default as AuthorizedInNode } from './authorized-in-node'
+export { usePluginAuth } from './hooks'
diff --git a/web/app/components/plugins/plugin-auth/plugin-auth.tsx b/web/app/components/plugins/plugin-auth/plugin-auth.tsx
index 045abd2318..f02c66bc5f 100644
--- a/web/app/components/plugins/plugin-auth/plugin-auth.tsx
+++ b/web/app/components/plugins/plugin-auth/plugin-auth.tsx
@@ -7,9 +7,11 @@ import { CredentialTypeEnum } from './types'
 
 type PluginAuthProps = {
   provider?: string
+  children?: React.ReactNode
 }
 const PluginAuth = ({
   provider = '',
+  children,
 }: PluginAuthProps) => {
   const { data } = useGetPluginToolCredentialInfo(provider)
   const { isCurrentWorkspaceManager } = useAppContext()
@@ -30,7 +32,7 @@ const PluginAuth = ({
         )
       }
       {
-        isAuthorized && (
+        isAuthorized && !children && (
           <Authorized
             provider={provider}
             credentials={data?.credentials}
@@ -40,6 +42,9 @@ const PluginAuth = ({
           />
         )
       }
+      {
+        isAuthorized && children
+      }
     </>
   )
 }
diff --git a/web/app/components/plugins/plugin-auth/types.ts b/web/app/components/plugins/plugin-auth/types.ts
index b9c63d2965..f60324b7f7 100644
--- a/web/app/components/plugins/plugin-auth/types.ts
+++ b/web/app/components/plugins/plugin-auth/types.ts
@@ -7,7 +7,8 @@ export type Credential = {
   id: string
   name: string
   provider: string
-  credential_type: CredentialTypeEnum
+  credential_type?: CredentialTypeEnum
   is_default: boolean
-  credentials: Record<string, any>
+  credentials?: Record<string, any>
+  isWorkspaceDefault?: boolean
 }
diff --git a/web/app/components/plugins/plugin-auth/utils.ts b/web/app/components/plugins/plugin-auth/utils.ts
new file mode 100644
index 0000000000..d264cfb198
--- /dev/null
+++ b/web/app/components/plugins/plugin-auth/utils.ts
@@ -0,0 +1,10 @@
+export const transformFormSchemasSecretInput = (isPristineSecretInputNames: string[], values: Record<string, any>) => {
+  const transformedValues: Record<string, any> = { ...values }
+
+  isPristineSecretInputNames.forEach((name) => {
+    if (transformedValues[name])
+      transformedValues[name] = '[__HIDDEN__]'
+  })
+
+  return transformedValues
+}
diff --git a/web/app/components/workflow/block-selector/types.ts b/web/app/components/workflow/block-selector/types.ts
index f1bdbbfbd9..ce7dcea0e2 100644
--- a/web/app/components/workflow/block-selector/types.ts
+++ b/web/app/components/workflow/block-selector/types.ts
@@ -30,6 +30,7 @@ export type ToolDefaultValue = {
   params: Record<string, any>
   paramSchemas: Record<string, any>[]
   output_schema: Record<string, any>
+  credential_id?: string
 }
 
 export type ToolValue = {
diff --git a/web/app/components/workflow/nodes/_base/components/workflow-panel/index.tsx b/web/app/components/workflow/nodes/_base/components/workflow-panel/index.tsx
index 164369e64c..59c46b1e45 100644
--- a/web/app/components/workflow/nodes/_base/components/workflow-panel/index.tsx
+++ b/web/app/components/workflow/nodes/_base/components/workflow-panel/index.tsx
@@ -59,6 +59,11 @@ import { useLogs } from '@/app/components/workflow/run/hooks'
 import PanelWrap from '../before-run-form/panel-wrap'
 import SpecialResultPanel from '@/app/components/workflow/run/special-result-panel'
 import { Stop } from '@/app/components/base/icons/src/vender/line/mediaAndDevices'
+import {
+  AuthorizedInNode,
+  PluginAuth,
+} from '@/app/components/plugins/plugin-auth'
+import { canFindTool } from '@/utils'
 
 type BasePanelProps = {
   children: ReactNode
@@ -215,6 +220,22 @@ const BasePanel: FC<BasePanelProps> = ({
     return {}
   })()
 
+  const buildInTools = useStore(s => s.buildInTools)
+  const currCollection = useMemo(() => {
+    return buildInTools.find(item => canFindTool(item.id, data.provider_id))
+  }, [buildInTools, data.provider_id])
+  const showPluginAuth = useMemo(() => {
+    return data.type === BlockEnum.Tool && currCollection?.allow_delete && !currCollection.is_team_authorization
+  }, [currCollection, data.type])
+  const handleAuthorizationItemClick = useCallback((id: string) => {
+    handleNodeDataUpdate({
+      id,
+      data: {
+        credential_id: id === '__workspace_default__' ? undefined : id,
+      },
+    })
+  }, [handleNodeDataUpdate])
+
   if(logParams.showSpecialResultPanel) {
     return (
     <div className={cn(
@@ -347,12 +368,39 @@ const BasePanel: FC<BasePanelProps> = ({
               onChange={handleDescriptionChange}
             />
           </div>
-          <div className='pl-4'>
-            <Tab
-              value={tabType}
-              onChange={setTabType}
-            />
-          </div>
+          {
+            showPluginAuth && (
+              <PluginAuth
+                provider={currCollection?.name}
+              >
+                <div className='pl-4'>
+                  <Tab
+                    value={tabType}
+                    onChange={setTabType}
+                  />
+                </div>
+              </PluginAuth>
+            )
+          }
+          {
+            !showPluginAuth && (
+              <div className='flex items-center justify-between pl-4 pr-3'>
+                <Tab
+                  value={tabType}
+                  onChange={setTabType}
+                />
+                {
+                  currCollection?.allow_delete && (
+                    <AuthorizedInNode
+                      provider={currCollection?.name}
+                      onAuthorizationItemClick={handleAuthorizationItemClick}
+                      credentialId={data.credential_id}
+                    />
+                  )
+                }
+              </div>
+            )
+          }
           <Split />
         </div>
 
diff --git a/web/app/components/workflow/nodes/tool/panel.tsx b/web/app/components/workflow/nodes/tool/panel.tsx
index 9f6465c008..a245dd63aa 100644
--- a/web/app/components/workflow/nodes/tool/panel.tsx
+++ b/web/app/components/workflow/nodes/tool/panel.tsx
@@ -5,18 +5,13 @@ import Split from '../_base/components/split'
 import type { ToolNodeType } from './types'
 import useConfig from './use-config'
 import InputVarList from './components/input-var-list'
-import Button from '@/app/components/base/button'
 import Field from '@/app/components/workflow/nodes/_base/components/field'
 import type { NodePanelProps } from '@/app/components/workflow/types'
 import Form from '@/app/components/header/account-setting/model-provider-page/model-modal/Form'
-import ConfigCredential from '@/app/components/tools/setting/build-in/config-credentials'
 import Loading from '@/app/components/base/loading'
 import OutputVars, { VarItem } from '@/app/components/workflow/nodes/_base/components/output-vars'
 import StructureOutputItem from '@/app/components/workflow/nodes/_base/components/variable/object-child-tree-panel/show'
 import { Type } from '../llm/types'
-import {
-  PluginAuth,
-} from '@/app/components/plugins/plugin-auth'
 
 const i18nPrefix = 'workflow.nodes.tool'
 
@@ -38,10 +33,6 @@ const Panel: FC<NodePanelProps<ToolNodeType>> = ({
     setToolSettingValue,
     currCollection,
     isShowAuthBtn,
-    showSetAuth,
-    showSetAuthModal,
-    hideSetAuthModal,
-    handleSaveAuth,
     isLoading,
     outputSchema,
     hasObjectOutput,
@@ -56,24 +47,6 @@ const Panel: FC<NodePanelProps<ToolNodeType>> = ({
 
   return (
     <div className='pt-2'>
-      <div className='px-4 py-2'>
-        <PluginAuth
-          provider={currCollection?.name}
-        />
-      </div>
-      {!readOnly && isShowAuthBtn && (
-        <>
-          <div className='px-4'>
-            <Button
-              variant='primary'
-              className='w-full'
-              onClick={showSetAuthModal}
-            >
-              {t(`${i18nPrefix}.authorize`)}
-            </Button>
-          </div>
-        </>
-      )}
       {!isShowAuthBtn && <>
         <div className='space-y-4 px-4'>
           {toolInputVarSchema.length > 0 && (
@@ -114,16 +87,6 @@ const Panel: FC<NodePanelProps<ToolNodeType>> = ({
           />
         </div>
       </>}
-
-      {showSetAuth && (
-        <ConfigCredential
-          collection={currCollection!}
-          onCancel={hideSetAuthModal}
-          onSaved={handleSaveAuth}
-          isHideRemoveBtn
-        />
-      )}
-
       <div>
         <OutputVars>
           <>
diff --git a/web/app/components/workflow/types.ts b/web/app/components/workflow/types.ts
index c9e5aa31b5..eb30e1f265 100644
--- a/web/app/components/workflow/types.ts
+++ b/web/app/components/workflow/types.ts
@@ -92,7 +92,7 @@ export type CommonNodeType<T = {}> = {
   error_strategy?: ErrorHandleTypeEnum
   retry_config?: WorkflowRetryConfig
   default_value?: DefaultValueForm[]
-} & T & Partial<Pick<ToolDefaultValue, 'provider_id' | 'provider_type' | 'provider_name' | 'tool_name'>>
+} & T & Partial<Pick<ToolDefaultValue, 'provider_id' | 'provider_type' | 'provider_name' | 'tool_name' | 'credential_id'>>
 
 export type CommonEdgeType = {
   _hovering?: boolean
diff --git a/web/service/use-plugins-auth.ts b/web/service/use-plugins-auth.ts
index 86bed7d343..000d6db723 100644
--- a/web/service/use-plugins-auth.ts
+++ b/web/service/use-plugins-auth.ts
@@ -71,6 +71,7 @@ export const useUpdatePluginToolCredential = (
 ) => {
   return useMutation({
     mutationFn: (params: {
+      credential_id: string
       credentials: Record<string, any>
       type: CredentialTypeEnum
       name?: string

From bdf5af7a6f0e59bf6f6ad8377dbaa58f4b10c6e7 Mon Sep 17 00:00:00 2001
From: zxhlyh <jasonapring2015@outlook.com>
Date: Thu, 10 Jul 2025 11:38:51 +0800
Subject: [PATCH 04/25] tool oauth

---
 .../authorize/add-api-key-button.tsx          |  7 +-
 .../authorize/add-oauth-button.tsx            |  2 +
 .../plugin-auth/authorize/api-key-modal.tsx   | 33 +++----
 .../plugins/plugin-auth/authorize/index.tsx   | 15 ++--
 .../plugin-auth/authorized-in-node.tsx        | 53 ++++++-----
 .../plugins/plugin-auth/authorized/index.tsx  | 37 ++++----
 .../plugin-auth/hooks/use-credential.ts       | 53 +++++++++++
 .../plugins/plugin-auth/hooks/use-get-api.ts  | 39 +++++++++
 .../{hooks.ts => hooks/use-plugin-auth.ts}    | 10 +--
 .../components/plugins/plugin-auth/index.tsx  |  3 +-
 .../plugins/plugin-auth/plugin-auth.tsx       | 31 +++----
 .../components/plugins/plugin-auth/types.ts   | 11 +++
 .../plugin-detail-panel/detail-header.tsx     |  6 +-
 .../_base/components/workflow-panel/index.tsx | 17 ++--
 web/service/use-plugins-auth.ts               | 87 +++++++++----------
 15 files changed, 270 insertions(+), 134 deletions(-)
 create mode 100644 web/app/components/plugins/plugin-auth/hooks/use-credential.ts
 create mode 100644 web/app/components/plugins/plugin-auth/hooks/use-get-api.ts
 rename web/app/components/plugins/plugin-auth/{hooks.ts => hooks/use-plugin-auth.ts} (60%)

diff --git a/web/app/components/plugins/plugin-auth/authorize/add-api-key-button.tsx b/web/app/components/plugins/plugin-auth/authorize/add-api-key-button.tsx
index e7312168b4..733ebbd945 100644
--- a/web/app/components/plugins/plugin-auth/authorize/add-api-key-button.tsx
+++ b/web/app/components/plugins/plugin-auth/authorize/add-api-key-button.tsx
@@ -5,15 +5,16 @@ import {
 import Button from '@/app/components/base/button'
 import type { ButtonProps } from '@/app/components/base/button'
 import ApiKeyModal from './api-key-modal'
+import type { PluginPayload } from '../types'
 
 export type AddApiKeyButtonProps = {
-  provider?: string
+  pluginPayload: PluginPayload
   buttonVariant?: ButtonProps['variant']
   buttonText?: string
   disabled?: boolean
 }
 const AddApiKeyButton = ({
-  provider = '',
+  pluginPayload,
   buttonVariant = 'secondary-accent',
   buttonText = 'use api key',
   disabled,
@@ -33,7 +34,7 @@ const AddApiKeyButton = ({
       {
         isApiKeyModalOpen && (
           <ApiKeyModal
-            provider={provider}
+            pluginPayload={pluginPayload}
             onClose={() => setIsApiKeyModalOpen(false)}
           />
         )
diff --git a/web/app/components/plugins/plugin-auth/authorize/add-oauth-button.tsx b/web/app/components/plugins/plugin-auth/authorize/add-oauth-button.tsx
index 6f2460b2de..379dfb7e61 100644
--- a/web/app/components/plugins/plugin-auth/authorize/add-oauth-button.tsx
+++ b/web/app/components/plugins/plugin-auth/authorize/add-oauth-button.tsx
@@ -7,8 +7,10 @@ import Button from '@/app/components/base/button'
 import type { ButtonProps } from '@/app/components/base/button'
 import OAuthClientSettings from './oauth-client-settings'
 import cn from '@/utils/classnames'
+import type { PluginPayload } from '../types'
 
 export type AddOAuthButtonProps = {
+  pluginPayload: PluginPayload
   buttonVariant?: ButtonProps['variant']
   buttonText?: string
   className?: string
diff --git a/web/app/components/plugins/plugin-auth/authorize/api-key-modal.tsx b/web/app/components/plugins/plugin-auth/authorize/api-key-modal.tsx
index b7aae3c9fd..d7d4253089 100644
--- a/web/app/components/plugins/plugin-auth/authorize/api-key-modal.tsx
+++ b/web/app/components/plugins/plugin-auth/authorize/api-key-modal.tsx
@@ -8,28 +8,29 @@ import { useTranslation } from 'react-i18next'
 import { RiExternalLinkLine } from '@remixicon/react'
 import { Lock01 } from '@/app/components/base/icons/src/vender/solid/security'
 import Modal from '@/app/components/base/modal/modal'
-import {
-  useAddPluginToolCredential,
-  useGetPluginToolCredentialSchema,
-  useInvalidPluginToolCredentialInfo,
-  useUpdatePluginToolCredential,
-} from '@/service/use-plugins-auth'
 import { CredentialTypeEnum } from '../types'
 import { transformFormSchemasSecretInput } from '../utils'
 import AuthForm from '@/app/components/base/form/form-scenarios/auth'
 import type { FromRefObject } from '@/app/components/base/form/types'
 import { FormTypeEnum } from '@/app/components/base/form/types'
 import { useToastContext } from '@/app/components/base/toast'
+import type { PluginPayload } from '../types'
+import {
+  useAddPluginCredentialHook,
+  useGetPluginCredentialSchemaHook,
+  useInvalidPluginCredentialInfoHook,
+  useUpdatePluginCredentialHook,
+} from '../hooks/use-credential'
 
 export type ApiKeyModalProps = {
-  provider: string
+  pluginPayload: PluginPayload
   onClose?: () => void
   editValues?: Record<string, any>
   onRemove?: () => void
   disabled?: boolean
 }
 const ApiKeyModal = ({
-  provider,
+  pluginPayload,
   onClose,
   editValues,
   onRemove,
@@ -37,7 +38,7 @@ const ApiKeyModal = ({
 }: ApiKeyModalProps) => {
   const { t } = useTranslation()
   const { notify } = useToastContext()
-  const { data = [] } = useGetPluginToolCredentialSchema(provider, CredentialTypeEnum.API_KEY)
+  const { data = [] } = useGetPluginCredentialSchemaHook(pluginPayload, CredentialTypeEnum.API_KEY)
   const formSchemas = useMemo(() => {
     return [
       {
@@ -49,9 +50,9 @@ const ApiKeyModal = ({
       ...data,
     ]
   }, [data])
-  const { mutateAsync: addPluginToolCredential } = useAddPluginToolCredential(provider)
-  const { mutateAsync: updatePluginToolCredential } = useUpdatePluginToolCredential(provider)
-  const invalidatePluginToolCredentialInfo = useInvalidPluginToolCredentialInfo(provider)
+  const { mutateAsync: addPluginCredential } = useAddPluginCredentialHook(pluginPayload)
+  const { mutateAsync: updatePluginCredential } = useUpdatePluginCredentialHook(pluginPayload)
+  const invalidatePluginCredentialInfo = useInvalidPluginCredentialInfoHook(pluginPayload)
   const formRef = useRef<FromRefObject>(null)
   const handleConfirm = useCallback(async () => {
     const form = formRef.current?.getForm()
@@ -73,7 +74,7 @@ const ApiKeyModal = ({
     const transformedValues = transformFormSchemasSecretInput(isPristineSecretInputNames, values)
 
     if (editValues) {
-      await updatePluginToolCredential({
+      await updatePluginCredential({
         credentials: transformedValues,
         credential_id: __credential_id__,
         type: CredentialTypeEnum.API_KEY,
@@ -81,7 +82,7 @@ const ApiKeyModal = ({
       })
     }
     else {
-      await addPluginToolCredential({
+      await addPluginCredential({
         credentials: transformedValues,
         type: CredentialTypeEnum.API_KEY,
         name: __name__ || '',
@@ -93,8 +94,8 @@ const ApiKeyModal = ({
     })
 
     onClose?.()
-    invalidatePluginToolCredentialInfo()
-  }, [addPluginToolCredential, onClose, invalidatePluginToolCredentialInfo, updatePluginToolCredential, notify, t, editValues, formSchemas])
+    invalidatePluginCredentialInfo()
+  }, [addPluginCredential, onClose, invalidatePluginCredentialInfo, updatePluginCredential, notify, t, editValues, formSchemas])
 
   return (
     <Modal
diff --git a/web/app/components/plugins/plugin-auth/authorize/index.tsx b/web/app/components/plugins/plugin-auth/authorize/index.tsx
index ceb5e79023..bb87578671 100644
--- a/web/app/components/plugins/plugin-auth/authorize/index.tsx
+++ b/web/app/components/plugins/plugin-auth/authorize/index.tsx
@@ -6,9 +6,10 @@ import AddOAuthButton from './add-oauth-button'
 import type { AddOAuthButtonProps } from './add-oauth-button'
 import AddApiKeyButton from './add-api-key-button'
 import type { AddApiKeyButtonProps } from './add-api-key-button'
+import type { PluginPayload } from '../types'
 
 type AuthorizeProps = {
-  provider?: string
+  pluginPayload: PluginPayload
   theme?: 'primary' | 'secondary'
   showDivider?: boolean
   canOAuth?: boolean
@@ -16,7 +17,7 @@ type AuthorizeProps = {
   disabled?: boolean
 }
 const Authorize = ({
-  provider = '',
+  pluginPayload,
   theme = 'primary',
   showDivider = true,
   canOAuth,
@@ -32,28 +33,30 @@ const Authorize = ({
         buttonLeftClassName: 'hover:bg-components-button-secondary-bg-hover',
         buttonRightClassName: 'hover:bg-components-button-secondary-bg-hover',
         dividerClassName: 'bg-divider-regular opacity-100',
+        pluginPayload,
       }
     }
 
     return {
       buttonText: !canApiKey ? 'Use OAuth Authorization' : 'Use OAuth',
+      pluginPayload,
     }
-  }, [canApiKey, theme])
+  }, [canApiKey, theme, pluginPayload])
 
   const apiKeyButtonProps: AddApiKeyButtonProps = useMemo(() => {
     if (theme === 'secondary') {
       return {
-        provider,
+        pluginPayload,
         buttonVariant: 'secondary',
         buttonText: !canOAuth ? 'API Key Authorization Configuration' : 'Add API Key',
       }
     }
     return {
-      provider,
+      pluginPayload,
       buttonText: !canOAuth ? 'API Key Authorization Configuration' : 'Use API Key',
       buttonVariant: !canOAuth ? 'primary' : 'secondary-accent',
     }
-  }, [canOAuth, theme, provider])
+  }, [canOAuth, theme, pluginPayload])
 
   return (
     <>
diff --git a/web/app/components/plugins/plugin-auth/authorized-in-node.tsx b/web/app/components/plugins/plugin-auth/authorized-in-node.tsx
index 1bf0425695..96eb409829 100644
--- a/web/app/components/plugins/plugin-auth/authorized-in-node.tsx
+++ b/web/app/components/plugins/plugin-auth/authorized-in-node.tsx
@@ -1,26 +1,28 @@
 import {
   memo,
   useCallback,
-  useMemo,
   useState,
 } from 'react'
 import { RiArrowDownSLine } from '@remixicon/react'
 import Button from '@/app/components/base/button'
 import Indicator from '@/app/components/header/indicator'
 import cn from '@/utils/classnames'
-import type { Credential } from './types'
+import type {
+  Credential,
+  PluginPayload,
+} from './types'
 import {
   Authorized,
   usePluginAuth,
 } from '.'
 
 type AuthorizedInNodeProps = {
-  provider: string
+  pluginPayload: PluginPayload
   onAuthorizationItemClick: (id: string) => void
   credentialId?: string
 }
 const AuthorizedInNode = ({
-  provider = '',
+  pluginPayload,
   onAuthorizationItemClick,
   credentialId,
 }: AuthorizedInNodeProps) => {
@@ -30,29 +32,40 @@ const AuthorizedInNode = ({
     canOAuth,
     credentials,
     disabled,
-  } = usePluginAuth(provider, isOpen)
-  const label = useMemo(() => {
-    if (!credentialId)
-      return 'Workspace default'
-    const credential = credentials.find(c => c.id === credentialId)
-
-    if (!credential)
-      return 'Auth removed'
-
-    return credential.name
-  }, [credentials, credentialId])
+  } = usePluginAuth(pluginPayload, isOpen || !!credentialId)
   const renderTrigger = useCallback((open?: boolean) => {
+    let label = ''
+    let removed = false
+    if (!credentialId) {
+      label = 'Workspace default'
+    }
+    else {
+      const credential = credentials.find(c => c.id === credentialId)
+      label = credential ? credential.name : 'Auth removed'
+      removed = !credential
+    }
     return (
       <Button
         size='small'
-        className={cn(open && 'bg-components-button-ghost-bg-hover')}
+        className={cn(
+          open && !removed && 'bg-components-button-ghost-bg-hover',
+          removed && 'bg-transparent text-text-destructive',
+        )}
       >
-        <Indicator className='mr-1.5' />
+        <Indicator
+          className='mr-1.5'
+          color={removed ? 'red' : 'green'}
+        />
         {label}
-        <RiArrowDownSLine className='h-3.5 w-3.5 text-components-button-ghost-text' />
+        <RiArrowDownSLine
+          className={cn(
+            'h-3.5 w-3.5 text-components-button-ghost-text',
+            removed && 'text-text-destructive',
+          )}
+        />
       </Button>
     )
-  }, [label])
+  }, [credentialId, credentials])
   const extraAuthorizationItems: Credential[] = [
     {
       id: '__workspace_default__',
@@ -72,7 +85,7 @@ const AuthorizedInNode = ({
 
   return (
     <Authorized
-      provider={provider}
+      pluginPayload={pluginPayload}
       credentials={credentials}
       canOAuth={canOAuth}
       canApiKey={canApiKey}
diff --git a/web/app/components/plugins/plugin-auth/authorized/index.tsx b/web/app/components/plugins/plugin-auth/authorized/index.tsx
index f1188aaa70..13fec807f0 100644
--- a/web/app/components/plugins/plugin-auth/authorized/index.tsx
+++ b/web/app/components/plugins/plugin-auth/authorized/index.tsx
@@ -25,15 +25,16 @@ import type { Credential } from '../types'
 import { CredentialTypeEnum } from '../types'
 import ApiKeyModal from '../authorize/api-key-modal'
 import Item from './item'
-import {
-  useDeletePluginToolCredential,
-  useInvalidPluginToolCredentialInfo,
-  useSetPluginToolDefaultCredential,
-} from '@/service/use-plugins-auth'
 import { useToastContext } from '@/app/components/base/toast'
+import type { PluginPayload } from '../types'
+import {
+  useDeletePluginCredentialHook,
+  useInvalidPluginCredentialInfoHook,
+  useSetPluginDefaultCredentialHook,
+} from '../hooks/use-credential'
 
 type AuthorizedProps = {
-  provider: string
+  pluginPayload: PluginPayload
   credentials: Credential[]
   canOAuth?: boolean
   canApiKey?: boolean
@@ -50,7 +51,7 @@ type AuthorizedProps = {
   extraAuthorizationItems?: Credential[]
 }
 const Authorized = ({
-  provider,
+  pluginPayload,
   credentials,
   canOAuth,
   canApiKey,
@@ -80,8 +81,8 @@ const Authorized = ({
   const apiKeyCredentials = credentials.filter(credential => credential.credential_type === CredentialTypeEnum.API_KEY)
   const pendingOperationCredentialId = useRef<string | null>(null)
   const [deleteCredentialId, setDeleteCredentialId] = useState<string | null>(null)
-  const { mutateAsync: deletePluginToolCredential } = useDeletePluginToolCredential(provider)
-  const invalidatePluginToolCredentialInfo = useInvalidPluginToolCredentialInfo(provider)
+  const { mutateAsync: deletePluginCredential } = useDeletePluginCredentialHook(pluginPayload)
+  const invalidatePluginCredentialInfo = useInvalidPluginCredentialInfoHook(pluginPayload)
   const openConfirm = useCallback((credentialId?: string) => {
     if (credentialId)
       pendingOperationCredentialId.current = credentialId
@@ -98,15 +99,15 @@ const Authorized = ({
       return
     }
 
-    await deletePluginToolCredential({ credential_id: pendingOperationCredentialId.current })
+    await deletePluginCredential({ credential_id: pendingOperationCredentialId.current })
     notify({
       type: 'success',
       message: t('common.api.actionSuccess'),
     })
-    invalidatePluginToolCredentialInfo()
+    invalidatePluginCredentialInfo()
     setDeleteCredentialId(null)
     pendingOperationCredentialId.current = null
-  }, [deletePluginToolCredential, invalidatePluginToolCredentialInfo, notify, t])
+  }, [deletePluginCredential, invalidatePluginCredentialInfo, notify, t])
   const [editValues, setEditValues] = useState<Record<string, any> | null>(null)
   const handleEdit = useCallback((id: string, values: Record<string, any>) => {
     pendingOperationCredentialId.current = id
@@ -115,15 +116,15 @@ const Authorized = ({
   const handleRemove = useCallback(() => {
     setDeleteCredentialId(pendingOperationCredentialId.current)
   }, [])
-  const { mutateAsync: setPluginToolDefaultCredential } = useSetPluginToolDefaultCredential(provider)
+  const { mutateAsync: setPluginDefaultCredential } = useSetPluginDefaultCredentialHook(pluginPayload)
   const handleSetDefault = useCallback(async (id: string) => {
-    await setPluginToolDefaultCredential(id)
+    await setPluginDefaultCredential(id)
     notify({
       type: 'success',
       message: t('common.api.actionSuccess'),
     })
-    invalidatePluginToolCredentialInfo()
-  }, [setPluginToolDefaultCredential, invalidatePluginToolCredentialInfo, notify, t])
+    invalidatePluginCredentialInfo()
+  }, [setPluginDefaultCredential, invalidatePluginCredentialInfo, notify, t])
 
   return (
     <>
@@ -224,7 +225,7 @@ const Authorized = ({
             <div className='h-[1px] bg-divider-subtle'></div>
             <div className='p-2'>
               <Authorize
-                provider={provider}
+                pluginPayload={pluginPayload}
                 theme='secondary'
                 showDivider={false}
                 canOAuth={canOAuth}
@@ -249,7 +250,7 @@ const Authorized = ({
       {
         !!editValues && (
           <ApiKeyModal
-            provider={provider}
+            pluginPayload={pluginPayload}
             editValues={editValues}
             onClose={() => {
               setEditValues(null)
diff --git a/web/app/components/plugins/plugin-auth/hooks/use-credential.ts b/web/app/components/plugins/plugin-auth/hooks/use-credential.ts
new file mode 100644
index 0000000000..1fc9f0e012
--- /dev/null
+++ b/web/app/components/plugins/plugin-auth/hooks/use-credential.ts
@@ -0,0 +1,53 @@
+import {
+  useAddPluginCredential,
+  useDeletePluginCredential,
+  useGetPluginCredentialInfo,
+  useGetPluginCredentialSchema,
+  useInvalidPluginCredentialInfo,
+  useSetPluginDefaultCredential,
+  useUpdatePluginCredential,
+} from '@/service/use-plugins-auth'
+import { useGetApi } from './use-get-api'
+import type { PluginPayload } from '../types'
+import type { CredentialTypeEnum } from '../types'
+
+export const useGetPluginCredentialInfoHook = (pluginPayload: PluginPayload, enable?: boolean) => {
+  const apiMap = useGetApi(pluginPayload)
+  return useGetPluginCredentialInfo(enable ? apiMap.getCredentialInfo : '')
+}
+
+export const useDeletePluginCredentialHook = (pluginPayload: PluginPayload) => {
+  const apiMap = useGetApi(pluginPayload)
+
+  return useDeletePluginCredential(apiMap.deleteCredential)
+}
+
+export const useInvalidPluginCredentialInfoHook = (pluginPayload: PluginPayload) => {
+  const apiMap = useGetApi(pluginPayload)
+
+  return useInvalidPluginCredentialInfo(apiMap.getCredentialInfo)
+}
+
+export const useSetPluginDefaultCredentialHook = (pluginPayload: PluginPayload) => {
+  const apiMap = useGetApi(pluginPayload)
+
+  return useSetPluginDefaultCredential(apiMap.setDefaultCredential)
+}
+
+export const useGetPluginCredentialSchemaHook = (pluginPayload: PluginPayload, credentialType: CredentialTypeEnum) => {
+  const apiMap = useGetApi(pluginPayload)
+
+  return useGetPluginCredentialSchema(apiMap.getCredentialSchema(credentialType))
+}
+
+export const useAddPluginCredentialHook = (pluginPayload: PluginPayload) => {
+  const apiMap = useGetApi(pluginPayload)
+
+  return useAddPluginCredential(apiMap.addCredential)
+}
+
+export const useUpdatePluginCredentialHook = (pluginPayload: PluginPayload) => {
+  const apiMap = useGetApi(pluginPayload)
+
+  return useUpdatePluginCredential(apiMap.updateCredential)
+}
diff --git a/web/app/components/plugins/plugin-auth/hooks/use-get-api.ts b/web/app/components/plugins/plugin-auth/hooks/use-get-api.ts
new file mode 100644
index 0000000000..8551332ddb
--- /dev/null
+++ b/web/app/components/plugins/plugin-auth/hooks/use-get-api.ts
@@ -0,0 +1,39 @@
+import {
+  AuthCategory,
+} from '../types'
+import type {
+  CredentialTypeEnum,
+  PluginPayload,
+} from '../types'
+
+export const useGetApi = ({ category = AuthCategory.tool, provider }: PluginPayload) => {
+  if (category === AuthCategory.tool) {
+    return {
+      getCredentialInfo: `/workspaces/current/tool-provider/builtin/${provider}/credential/info`,
+      setDefaultCredential: `/workspaces/current/tool-provider/builtin/${provider}/default-credential`,
+      getCredentials: `/workspaces/current/tool-provider/builtin/${provider}/credentials`,
+      addCredential: `/workspaces/current/tool-provider/builtin/${provider}/add`,
+      updateCredential: `/workspaces/current/tool-provider/builtin/${provider}/update`,
+      deleteCredential: `/workspaces/current/tool-provider/builtin/${provider}/delete`,
+      getCredentialSchema: (credential_type: CredentialTypeEnum) => `/workspaces/current/tool-provider/builtin/${provider}/credential/schema/${credential_type}`,
+      getOauthUrl: `/oauth/plugin/${provider}/tool/authorization-url`,
+      getOauthClientSchema: `/workspaces/current/tool-provider/builtin/${provider}/oauth/client-schema`,
+      setCustomOauthClient: `/workspaces/current/tool-provider/builtin/${provider}/oauth/custom-client`,
+      getCustomOAuthClient: `/workspaces/current/tool-provider/builtin/${provider}/oauth/custom-client`,
+    }
+  }
+
+  return {
+    getCredentialInfo: '',
+    setDefaultCredential: '',
+    getCredentials: '',
+    addCredential: '',
+    updateCredential: '',
+    deleteCredential: '',
+    getCredentialSchema: () => '',
+    getOauthUrl: '',
+    getOauthClientSchema: '',
+    setCustomOauthClient: '',
+    getCustomOAuthClient: '',
+  }
+}
diff --git a/web/app/components/plugins/plugin-auth/hooks.ts b/web/app/components/plugins/plugin-auth/hooks/use-plugin-auth.ts
similarity index 60%
rename from web/app/components/plugins/plugin-auth/hooks.ts
rename to web/app/components/plugins/plugin-auth/hooks/use-plugin-auth.ts
index 3c47997e4e..67d19e3de1 100644
--- a/web/app/components/plugins/plugin-auth/hooks.ts
+++ b/web/app/components/plugins/plugin-auth/hooks/use-plugin-auth.ts
@@ -1,9 +1,10 @@
 import { useAppContext } from '@/context/app-context'
-import { useGetPluginToolCredentialInfo } from '@/service/use-plugins-auth'
-import { CredentialTypeEnum } from './types'
+import { useGetPluginCredentialInfoHook } from './use-credential'
+import { CredentialTypeEnum } from '../types'
+import type { PluginPayload } from '../types'
 
-export const usePluginAuth = (provider: string, enable?: boolean) => {
-  const { data } = useGetPluginToolCredentialInfo(enable ? provider : '')
+export const usePluginAuth = (pluginPayload: PluginPayload, enable?: boolean) => {
+  const { data } = useGetPluginCredentialInfoHook(pluginPayload, enable)
   const { isCurrentWorkspaceManager } = useAppContext()
   const isAuthorized = !!data?.credentials.length
   const canOAuth = data?.supported_credential_types.includes(CredentialTypeEnum.OAUTH2)
@@ -14,7 +15,6 @@ export const usePluginAuth = (provider: string, enable?: boolean) => {
     canOAuth,
     canApiKey,
     credentials: data?.credentials || [],
-    provider,
     disabled: !isCurrentWorkspaceManager,
   }
 }
diff --git a/web/app/components/plugins/plugin-auth/index.tsx b/web/app/components/plugins/plugin-auth/index.tsx
index a3cde28c72..f5b2f0c457 100644
--- a/web/app/components/plugins/plugin-auth/index.tsx
+++ b/web/app/components/plugins/plugin-auth/index.tsx
@@ -1,4 +1,5 @@
 export { default as PluginAuth } from './plugin-auth'
 export { default as Authorized } from './authorized'
 export { default as AuthorizedInNode } from './authorized-in-node'
-export { usePluginAuth } from './hooks'
+export { usePluginAuth } from './hooks/use-plugin-auth'
+export * from './types'
diff --git a/web/app/components/plugins/plugin-auth/plugin-auth.tsx b/web/app/components/plugins/plugin-auth/plugin-auth.tsx
index f02c66bc5f..6fdcdd1140 100644
--- a/web/app/components/plugins/plugin-auth/plugin-auth.tsx
+++ b/web/app/components/plugins/plugin-auth/plugin-auth.tsx
@@ -1,44 +1,45 @@
 import { memo } from 'react'
 import Authorize from './authorize'
 import Authorized from './authorized'
-import { useAppContext } from '@/context/app-context'
-import { useGetPluginToolCredentialInfo } from '@/service/use-plugins-auth'
-import { CredentialTypeEnum } from './types'
+import type { PluginPayload } from './types'
+import { usePluginAuth } from './hooks/use-plugin-auth'
 
 type PluginAuthProps = {
-  provider?: string
+  pluginPayload: PluginPayload
   children?: React.ReactNode
 }
 const PluginAuth = ({
-  provider = '',
+  pluginPayload,
   children,
 }: PluginAuthProps) => {
-  const { data } = useGetPluginToolCredentialInfo(provider)
-  const { isCurrentWorkspaceManager } = useAppContext()
-  const isAuthorized = !!data?.credentials.length
-  const canOAuth = data?.supported_credential_types.includes(CredentialTypeEnum.OAUTH2)
-  const canApiKey = data?.supported_credential_types.includes(CredentialTypeEnum.API_KEY)
+  const {
+    isAuthorized,
+    canOAuth,
+    canApiKey,
+    credentials,
+    disabled,
+  } = usePluginAuth(pluginPayload, true)
 
   return (
     <>
       {
         !isAuthorized && (
           <Authorize
-            provider={provider}
+            pluginPayload={pluginPayload}
             canOAuth={canOAuth}
             canApiKey={canApiKey}
-            disabled={!isCurrentWorkspaceManager}
+            disabled={disabled}
           />
         )
       }
       {
         isAuthorized && !children && (
           <Authorized
-            provider={provider}
-            credentials={data?.credentials}
+            pluginPayload={pluginPayload}
+            credentials={credentials}
             canOAuth={canOAuth}
             canApiKey={canApiKey}
-            disabled={!isCurrentWorkspaceManager}
+            disabled={disabled}
           />
         )
       }
diff --git a/web/app/components/plugins/plugin-auth/types.ts b/web/app/components/plugins/plugin-auth/types.ts
index f60324b7f7..ad41733bde 100644
--- a/web/app/components/plugins/plugin-auth/types.ts
+++ b/web/app/components/plugins/plugin-auth/types.ts
@@ -1,3 +1,14 @@
+export enum AuthCategory {
+  tool = 'tool',
+  datasource = 'datasource',
+  model = 'model',
+}
+
+export type PluginPayload = {
+  category: AuthCategory
+  provider: string
+}
+
 export enum CredentialTypeEnum {
   OAUTH2 = 'oauth2',
   API_KEY = 'api-key',
diff --git a/web/app/components/plugins/plugin-detail-panel/detail-header.tsx b/web/app/components/plugins/plugin-detail-panel/detail-header.tsx
index a1f14e6301..41e74b7d8a 100644
--- a/web/app/components/plugins/plugin-detail-panel/detail-header.tsx
+++ b/web/app/components/plugins/plugin-detail-panel/detail-header.tsx
@@ -37,6 +37,7 @@ import { API_PREFIX } from '@/config'
 import cn from '@/utils/classnames'
 import { getMarketplaceUrl } from '@/utils/var'
 import { PluginAuth } from '@/app/components/plugins/plugin-auth'
+import { AuthCategory } from '@/app/components/plugins/plugin-auth'
 import { useAllToolProviders } from '@/service/use-tools'
 
 const i18nPrefix = 'plugin.action'
@@ -275,7 +276,10 @@ const DetailHeader = ({
       {
         category === PluginType.tool && (
           <PluginAuth
-            provider={provider?.name}
+            pluginPayload={{
+              provider: provider?.name || '',
+              category: AuthCategory.tool,
+            }}
           />
         )
       }
diff --git a/web/app/components/workflow/nodes/_base/components/workflow-panel/index.tsx b/web/app/components/workflow/nodes/_base/components/workflow-panel/index.tsx
index 59c46b1e45..982dd4285a 100644
--- a/web/app/components/workflow/nodes/_base/components/workflow-panel/index.tsx
+++ b/web/app/components/workflow/nodes/_base/components/workflow-panel/index.tsx
@@ -63,6 +63,7 @@ import {
   AuthorizedInNode,
   PluginAuth,
 } from '@/app/components/plugins/plugin-auth'
+import { AuthCategory } from '@/app/components/plugins/plugin-auth'
 import { canFindTool } from '@/utils'
 
 type BasePanelProps = {
@@ -227,14 +228,14 @@ const BasePanel: FC<BasePanelProps> = ({
   const showPluginAuth = useMemo(() => {
     return data.type === BlockEnum.Tool && currCollection?.allow_delete && !currCollection.is_team_authorization
   }, [currCollection, data.type])
-  const handleAuthorizationItemClick = useCallback((id: string) => {
+  const handleAuthorizationItemClick = useCallback((credential_id: string) => {
     handleNodeDataUpdate({
       id,
       data: {
-        credential_id: id === '__workspace_default__' ? undefined : id,
+        credential_id: credential_id === '__workspace_default__' ? undefined : credential_id,
       },
     })
-  }, [handleNodeDataUpdate])
+  }, [handleNodeDataUpdate, id])
 
   if(logParams.showSpecialResultPanel) {
     return (
@@ -371,7 +372,10 @@ const BasePanel: FC<BasePanelProps> = ({
           {
             showPluginAuth && (
               <PluginAuth
-                provider={currCollection?.name}
+                pluginPayload={{
+                  provider: currCollection?.name || '',
+                  category: AuthCategory.tool,
+                }}
               >
                 <div className='pl-4'>
                   <Tab
@@ -392,7 +396,10 @@ const BasePanel: FC<BasePanelProps> = ({
                 {
                   currCollection?.allow_delete && (
                     <AuthorizedInNode
-                      provider={currCollection?.name}
+                      pluginPayload={{
+                        provider: currCollection?.name || '',
+                        category: AuthCategory.tool,
+                      }}
                       onAuthorizationItemClick={handleAuthorizationItemClick}
                       credentialId={data.credential_id}
                     />
diff --git a/web/service/use-plugins-auth.ts b/web/service/use-plugins-auth.ts
index 000d6db723..90b1a20e8c 100644
--- a/web/service/use-plugins-auth.ts
+++ b/web/service/use-plugins-auth.ts
@@ -12,48 +12,48 @@ import type { FormSchema } from '@/app/components/base/form/types'
 
 const NAME_SPACE = 'plugins-auth'
 
-export const useGetPluginToolCredentialInfo = (
-  provider: string,
+export const useGetPluginCredentialInfo = (
+  url: string,
 ) => {
   return useQuery({
-    enabled: !!provider,
-    queryKey: [NAME_SPACE, 'credential-info', provider],
+    enabled: !!url,
+    queryKey: [NAME_SPACE, 'credential-info', url],
     queryFn: () => get<{
         supported_credential_types: string[]
         credentials: Credential[]
         is_oauth_custom_client_enabled: boolean
-      }>(`/workspaces/current/tool-provider/builtin/${provider}/credential/info`),
+      }>(url),
     staleTime: 0,
   })
 }
 
-export const useInvalidPluginToolCredentialInfo = (
-  provider: string,
+export const useInvalidPluginCredentialInfo = (
+  url: string,
 ) => {
-  return useInvalid([NAME_SPACE, 'credential-info', provider])
+  return useInvalid([NAME_SPACE, 'credential-info', url])
 }
 
-export const useSetPluginToolDefaultCredential = (
-  provider: string,
+export const useSetPluginDefaultCredential = (
+  url: string,
 ) => {
   return useMutation({
     mutationFn: (id: string) => {
-      return post(`/workspaces/current/tool-provider/builtin/${provider}/default-credential`, { body: { id } })
+      return post(url, { body: { id } })
     },
   })
 }
 
-export const useGetPluginToolCredentialList = (
-  provider: string,
+export const useGetPluginCredentialList = (
+  url: string,
 ) => {
   return useQuery({
-    queryKey: [NAME_SPACE, 'credential-list', provider],
-    queryFn: () => get(`/workspaces/current/tool-provider/builtin/${provider}/credentials`),
+    queryKey: [NAME_SPACE, 'credential-list', url],
+    queryFn: () => get(url),
   })
 }
 
-export const useAddPluginToolCredential = (
-  provider: string,
+export const useAddPluginCredential = (
+  url: string,
 ) => {
   return useMutation({
     mutationFn: (params: {
@@ -61,13 +61,13 @@ export const useAddPluginToolCredential = (
       type: CredentialTypeEnum
       name?: string
     }) => {
-      return post(`/workspaces/current/tool-provider/builtin/${provider}/add`, { body: params })
+      return post(url, { body: params })
     },
   })
 }
 
-export const useUpdatePluginToolCredential = (
-  provider: string,
+export const useUpdatePluginCredential = (
+  url: string,
 ) => {
   return useMutation({
     mutationFn: (params: {
@@ -76,64 +76,63 @@ export const useUpdatePluginToolCredential = (
       type: CredentialTypeEnum
       name?: string
     }) => {
-      return post(`/workspaces/current/tool-provider/builtin/${provider}/update`, { body: params })
+      return post(url, { body: params })
     },
   })
 }
 
-export const useDeletePluginToolCredential = (
-  provider: string,
+export const useDeletePluginCredential = (
+  url: string,
 ) => {
   return useMutation({
     mutationFn: (params: { credential_id: string }) => {
-      return post(`/workspaces/current/tool-provider/builtin/${provider}/delete`, { body: params })
+      return post(url, { body: params })
     },
   })
 }
 
-export const useGetPluginToolCredentialSchema = (
-  provider: string,
-  credential_type: CredentialTypeEnum,
+export const useGetPluginCredentialSchema = (
+  url: string,
 ) => {
   return useQuery({
-    queryKey: [NAME_SPACE, 'credential-schema', provider, credential_type],
-    queryFn: () => get<FormSchema[]>(`/workspaces/current/tool-provider/builtin/${provider}/credential/schema/${credential_type}`),
+    queryKey: [NAME_SPACE, 'credential-schema', url],
+    queryFn: () => get<FormSchema[]>(url),
   })
 }
 
-export const useGetPluginToolOAuthUrl = (
-  provider: string,
+export const useGetPluginOAuthUrl = (
+  url: string,
 ) => {
   return useQuery({
-    queryKey: [NAME_SPACE, 'oauth-url', provider],
-    queryFn: () => get(`oauth/plugin/${provider}/tool/authorization-url`),
+    queryKey: [NAME_SPACE, 'oauth-url', url],
+    queryFn: () => get(url),
   })
 }
 
-export const useGetPluginToolOAuthClientSchema = (
-  provider: string,
+export const useGetPluginOAuthClientSchema = (
+  url: string,
 ) => {
   return useQuery({
-    queryKey: [NAME_SPACE, 'oauth-client-schema', provider],
-    queryFn: () => get(`/workspaces/current/tool-provider/builtin/${provider}/oauth/client-schema`),
+    queryKey: [NAME_SPACE, 'oauth-client-schema', url],
+    queryFn: () => get(url),
   })
 }
 
-export const useSetPluginToolOAuthCustomClient = (
-  provider: string,
+export const useSetPluginOAuthCustomClient = (
+  url: string,
 ) => {
   return useMutation({
     mutationFn: (params) => {
-      return post(`/workspaces/current/tool-provider/builtin/${provider}/oauth/custom-client`, { body: params })
+      return post(url, { body: params })
     },
   })
 }
 
-export const useGetPluginToolOAuthCustomClientSchema = (
-  provider: string,
+export const useGetPluginOAuthCustomClientSchema = (
+  url: string,
 ) => {
   return useQuery({
-    queryKey: [NAME_SPACE, 'oauth-custom-client-schema', provider],
-    queryFn: () => get(`/workspaces/current/tool-provider/builtin/${provider}/oauth/custom-client`),
+    queryKey: [NAME_SPACE, 'oauth-custom-client-schema', url],
+    queryFn: () => get(url),
   })
 }

From 18699f86714aa9701916b552929d7fb832b0c789 Mon Sep 17 00:00:00 2001
From: zxhlyh <jasonapring2015@outlook.com>
Date: Thu, 10 Jul 2025 17:12:48 +0800
Subject: [PATCH 05/25] tool oauth

---
 .../base/form/components/base/base-field.tsx  |  53 +++
 web/app/components/base/form/types.ts         |  10 +
 web/app/components/base/select/pure.tsx       |  10 +-
 .../plugin-auth/authorize/api-key-modal.tsx   |  61 ++--
 .../plugins/plugin-auth/authorize/index.tsx   |  14 +-
 .../plugin-auth/authorized-in-node.tsx        |  13 +-
 .../plugins/plugin-auth/authorized/index.tsx  |  83 +++--
 .../plugins/plugin-auth/authorized/item.tsx   | 123 +++++--
 .../components/plugins/plugin-auth/index.tsx  |   1 +
 .../plugin-auth/plugin-auth-in-agent.tsx      | 119 +++++++
 .../tool-selector/index.tsx                   | 328 ++++++++----------
 .../tool-selector/tool-item.tsx               |  12 +-
 web/app/components/workflow/types.ts          |   3 +-
 web/i18n/en-US/plugin.ts                      |  20 ++
 web/i18n/zh-Hans/plugin.ts                    |  20 ++
 web/service/use-plugins-auth.ts               |   3 +-
 16 files changed, 595 insertions(+), 278 deletions(-)
 create mode 100644 web/app/components/plugins/plugin-auth/plugin-auth-in-agent.tsx

diff --git a/web/app/components/base/form/components/base/base-field.tsx b/web/app/components/base/form/components/base/base-field.tsx
index f997297691..47a8cca419 100644
--- a/web/app/components/base/form/components/base/base-field.tsx
+++ b/web/app/components/base/form/components/base/base-field.tsx
@@ -7,6 +7,7 @@ import type { AnyFieldApi } from '@tanstack/react-form'
 import { useStore } from '@tanstack/react-form'
 import cn from '@/utils/classnames'
 import Input from '@/app/components/base/input'
+import PureSelect from '@/app/components/base/select/pure'
 import type { FormSchema } from '@/app/components/base/form/types'
 import { FormTypeEnum } from '@/app/components/base/form/types'
 import { useRenderI18nObject } from '@/hooks/use-i18n'
@@ -32,6 +33,9 @@ const BaseField = ({
   const renderI18nObject = useRenderI18nObject()
   const {
     label,
+    required,
+    placeholder,
+    options,
   } = formSchema
 
   const memorizedLabel = useMemo(() => {
@@ -44,12 +48,32 @@ const BaseField = ({
     if (typeof label === 'object' && label !== null)
       return renderI18nObject(label as Record<string, string>)
   }, [label, renderI18nObject])
+  const memorizedPlaceholder = useMemo(() => {
+    if (typeof placeholder === 'string')
+      return placeholder
+
+    if (typeof placeholder === 'object' && placeholder !== null)
+      return renderI18nObject(placeholder as Record<string, string>)
+  }, [placeholder, renderI18nObject])
+  const memorizedOptions = useMemo(() => {
+    return options?.map((option) => {
+      return {
+        label: typeof option.label === 'string' ? option.label : renderI18nObject(option.label),
+        value: option.value,
+      }
+    }) || []
+  }, [options, renderI18nObject])
   const value = useStore(field.form.store, s => s.values[field.name])
 
   return (
     <div className={cn(fieldClassName)}>
       <div className={cn(labelClassName)}>
         {memorizedLabel}
+        {
+          required && (
+            <span className='ml-1 text-text-destructive-secondary'>*</span>
+          )
+        }
       </div>
       <div className={cn(inputContainerClassName)}>
         {
@@ -62,6 +86,7 @@ const BaseField = ({
               onChange={e => field.handleChange(e.target.value)}
               onBlur={field.handleBlur}
               disabled={disabled}
+              placeholder={memorizedPlaceholder}
             />
           )
         }
@@ -76,6 +101,34 @@ const BaseField = ({
               onChange={e => field.handleChange(e.target.value)}
               onBlur={field.handleBlur}
               disabled={disabled}
+              placeholder={memorizedPlaceholder}
+            />
+          )
+        }
+        {
+          formSchema.type === FormTypeEnum.textNumber && (
+            <Input
+              id={field.name}
+              name={field.name}
+              type='number'
+              className={cn(inputClassName)}
+              value={value}
+              onChange={e => field.handleChange(e.target.value)}
+              onBlur={field.handleBlur}
+              disabled={disabled}
+              placeholder={memorizedPlaceholder}
+            />
+          )
+        }
+        {
+          formSchema.type === FormTypeEnum.select && (
+            <PureSelect
+              value={value}
+              onChange={v => field.handleChange(v)}
+              disabled={disabled}
+              placeholder={memorizedPlaceholder}
+              options={memorizedOptions}
+              triggerPopupSameWidth
             />
           )
         }
diff --git a/web/app/components/base/form/types.ts b/web/app/components/base/form/types.ts
index 5156477a38..3e1001b54e 100644
--- a/web/app/components/base/form/types.ts
+++ b/web/app/components/base/form/types.ts
@@ -31,6 +31,13 @@ export enum FormTypeEnum {
   dynamicSelect = 'dynamic-select',
 }
 
+export type FormOption = {
+  label: TypeWithI18N | string
+  value: string
+  show_on: FormShowOnObject[]
+  icon?: string
+}
+
 export type FormSchema = {
   type: FormTypeEnum
   name: string
@@ -41,6 +48,9 @@ export type FormSchema = {
   show_on?: FormShowOnObject[]
   url?: string
   scope?: string
+  help?: string | TypeWithI18N
+  placeholder?: string | TypeWithI18N
+  options?: FormOption[]
 }
 
 export type FormValues = Record<string, any>
diff --git a/web/app/components/base/select/pure.tsx b/web/app/components/base/select/pure.tsx
index 81cc2fbadf..be88c936fd 100644
--- a/web/app/components/base/select/pure.tsx
+++ b/web/app/components/base/select/pure.tsx
@@ -39,6 +39,9 @@ type PureSelectProps = {
     itemClassName?: string
     title?: string
   },
+  placeholder?: string
+  disabled?: boolean
+  triggerPopupSameWidth?: boolean
 }
 const PureSelect = ({
   options,
@@ -47,6 +50,9 @@ const PureSelect = ({
   containerProps,
   triggerProps,
   popupProps,
+  placeholder,
+  disabled,
+  triggerPopupSameWidth,
 }: PureSelectProps) => {
   const { t } = useTranslation()
   const {
@@ -74,7 +80,7 @@ const PureSelect = ({
   }, [onOpenChange])
 
   const selectedOption = options.find(option => option.value === value)
-  const triggerText = selectedOption?.label || t('common.placeholder.select')
+  const triggerText = selectedOption?.label || placeholder || t('common.placeholder.select')
 
   return (
     <PortalToFollowElem
@@ -82,6 +88,7 @@ const PureSelect = ({
       offset={offset || 4}
       open={mergedOpen}
       onOpenChange={handleOpenChange}
+      triggerPopupSameWidth={triggerPopupSameWidth}
     >
       <PortalToFollowElemTrigger
         onClick={() => handleOpenChange(!mergedOpen)}
@@ -135,6 +142,7 @@ const PureSelect = ({
                 )}
                 title={option.label}
                 onClick={() => {
+                  if (disabled) return
                   onChange?.(option.value)
                   handleOpenChange(false)
                 }}
diff --git a/web/app/components/plugins/plugin-auth/authorize/api-key-modal.tsx b/web/app/components/plugins/plugin-auth/authorize/api-key-modal.tsx
index d7d4253089..572dfe125e 100644
--- a/web/app/components/plugins/plugin-auth/authorize/api-key-modal.tsx
+++ b/web/app/components/plugins/plugin-auth/authorize/api-key-modal.tsx
@@ -14,6 +14,7 @@ import AuthForm from '@/app/components/base/form/form-scenarios/auth'
 import type { FromRefObject } from '@/app/components/base/form/types'
 import { FormTypeEnum } from '@/app/components/base/form/types'
 import { useToastContext } from '@/app/components/base/toast'
+import Loading from '@/app/components/base/loading'
 import type { PluginPayload } from '../types'
 import {
   useAddPluginCredentialHook,
@@ -21,6 +22,7 @@ import {
   useInvalidPluginCredentialInfoHook,
   useUpdatePluginCredentialHook,
 } from '../hooks/use-credential'
+import { useRenderI18nObject } from '@/hooks/use-i18n'
 
 export type ApiKeyModalProps = {
   pluginPayload: PluginPayload
@@ -38,18 +40,25 @@ const ApiKeyModal = ({
 }: ApiKeyModalProps) => {
   const { t } = useTranslation()
   const { notify } = useToastContext()
-  const { data = [] } = useGetPluginCredentialSchemaHook(pluginPayload, CredentialTypeEnum.API_KEY)
+  const { data = [], isLoading } = useGetPluginCredentialSchemaHook(pluginPayload, CredentialTypeEnum.API_KEY)
   const formSchemas = useMemo(() => {
     return [
       {
         type: FormTypeEnum.textInput,
         name: '__name__',
-        label: 'Authorization name',
+        label: t('plugin.auth.authorizationName'),
         required: false,
       },
       ...data,
     ]
-  }, [data])
+  }, [data, t])
+  const defaultValues = formSchemas.reduce((acc, schema) => {
+    if (schema.default)
+      acc[schema.name] = schema.default
+    return acc
+  }, {} as Record<string, any>)
+  const secretInput = formSchemas.find(schema => schema.type === FormTypeEnum.secretInput)
+  const renderI18nObject = useRenderI18nObject()
   const { mutateAsync: addPluginCredential } = useAddPluginCredentialHook(pluginPayload)
   const { mutateAsync: updatePluginCredential } = useUpdatePluginCredentialHook(pluginPayload)
   const invalidatePluginCredentialInfo = useInvalidPluginCredentialInfoHook(pluginPayload)
@@ -77,7 +86,6 @@ const ApiKeyModal = ({
       await updatePluginCredential({
         credentials: transformedValues,
         credential_id: __credential_id__,
-        type: CredentialTypeEnum.API_KEY,
         name: __name__ || '',
       })
     }
@@ -100,19 +108,21 @@ const ApiKeyModal = ({
   return (
     <Modal
       size='md'
-      title='API Key Authorization Configuration'
-      subTitle='After configuring credentials, all members within the workspace can use this tool when orchestrating applications.'
+      title={t('plugin.auth.useApiAuth')}
+      subTitle={t('plugin.auth.useApiAuthDesc')}
       onClose={onClose}
       onCancel={onClose}
       footerSlot={
-        <a
-          className='system-xs-regular flex h-8 grow items-center text-text-accent'
-          href=''
-          target='_blank'
-        >
-          Get your API Key from OpenAI
-          <RiExternalLinkLine className='ml-1 h-3 w-3' />
-        </a>
+        secretInput && (
+          <a
+            className='system-xs-regular flex h-8 grow items-center text-text-accent'
+            href={secretInput?.url}
+            target='_blank'
+          >
+            {renderI18nObject(secretInput?.help as any)}
+            <RiExternalLinkLine className='ml-1 h-3 w-3' />
+          </a>
+        )
       }
       bottomSlot={
         <div className='flex items-center justify-center bg-background-section-burn py-3 text-xs text-text-tertiary'>
@@ -133,12 +143,23 @@ const ApiKeyModal = ({
       onExtraButtonClick={onRemove}
       disabled={disabled}
     >
-      <AuthForm
-        ref={formRef}
-        formSchemas={formSchemas}
-        defaultValues={editValues}
-        disabled={disabled}
-      />
+      {
+        isLoading && (
+          <div className='flex h-40 items-center justify-center'>
+            <Loading />
+          </div>
+        )
+      }
+      {
+        !isLoading && !!data.length && (
+          <AuthForm
+            ref={formRef}
+            formSchemas={formSchemas}
+            defaultValues={editValues || defaultValues}
+            disabled={disabled}
+          />
+        )
+      }
     </Modal>
   )
 }
diff --git a/web/app/components/plugins/plugin-auth/authorize/index.tsx b/web/app/components/plugins/plugin-auth/authorize/index.tsx
index bb87578671..80f1656fb8 100644
--- a/web/app/components/plugins/plugin-auth/authorize/index.tsx
+++ b/web/app/components/plugins/plugin-auth/authorize/index.tsx
@@ -2,6 +2,7 @@ import {
   memo,
   useMemo,
 } from 'react'
+import { useTranslation } from 'react-i18next'
 import AddOAuthButton from './add-oauth-button'
 import type { AddOAuthButtonProps } from './add-oauth-button'
 import AddApiKeyButton from './add-api-key-button'
@@ -24,10 +25,11 @@ const Authorize = ({
   canApiKey,
   disabled,
 }: AuthorizeProps) => {
+  const { t } = useTranslation()
   const oAuthButtonProps: AddOAuthButtonProps = useMemo(() => {
     if (theme === 'secondary') {
       return {
-        buttonText: !canApiKey ? 'Add OAuth Authorization' : 'Add OAuth',
+        buttonText: !canApiKey ? t('plugin.auth.useOAuthAuth') : t('plugin.auth.addOAuth'),
         buttonVariant: 'secondary',
         className: 'hover:bg-components-button-secondary-bg',
         buttonLeftClassName: 'hover:bg-components-button-secondary-bg-hover',
@@ -38,25 +40,25 @@ const Authorize = ({
     }
 
     return {
-      buttonText: !canApiKey ? 'Use OAuth Authorization' : 'Use OAuth',
+      buttonText: !canApiKey ? t('plugin.auth.useOAuthAuth') : t('plugin.auth.addOAuth'),
       pluginPayload,
     }
-  }, [canApiKey, theme, pluginPayload])
+  }, [canApiKey, theme, pluginPayload, t])
 
   const apiKeyButtonProps: AddApiKeyButtonProps = useMemo(() => {
     if (theme === 'secondary') {
       return {
         pluginPayload,
         buttonVariant: 'secondary',
-        buttonText: !canOAuth ? 'API Key Authorization Configuration' : 'Add API Key',
+        buttonText: !canOAuth ? t('plugin.auth.useApiAuth') : t('plugin.auth.addApi'),
       }
     }
     return {
       pluginPayload,
-      buttonText: !canOAuth ? 'API Key Authorization Configuration' : 'Use API Key',
+      buttonText: !canOAuth ? t('plugin.auth.useApiAuth') : t('plugin.auth.addApi'),
       buttonVariant: !canOAuth ? 'primary' : 'secondary-accent',
     }
-  }, [canOAuth, theme, pluginPayload])
+  }, [canOAuth, theme, pluginPayload, t])
 
   return (
     <>
diff --git a/web/app/components/plugins/plugin-auth/authorized-in-node.tsx b/web/app/components/plugins/plugin-auth/authorized-in-node.tsx
index 96eb409829..55516e7fca 100644
--- a/web/app/components/plugins/plugin-auth/authorized-in-node.tsx
+++ b/web/app/components/plugins/plugin-auth/authorized-in-node.tsx
@@ -3,6 +3,7 @@ import {
   useCallback,
   useState,
 } from 'react'
+import { useTranslation } from 'react-i18next'
 import { RiArrowDownSLine } from '@remixicon/react'
 import Button from '@/app/components/base/button'
 import Indicator from '@/app/components/header/indicator'
@@ -26,6 +27,7 @@ const AuthorizedInNode = ({
   onAuthorizationItemClick,
   credentialId,
 }: AuthorizedInNodeProps) => {
+  const { t } = useTranslation()
   const [isOpen, setIsOpen] = useState(false)
   const {
     canApiKey,
@@ -37,11 +39,11 @@ const AuthorizedInNode = ({
     let label = ''
     let removed = false
     if (!credentialId) {
-      label = 'Workspace default'
+      label = t('plugin.auth.workspaceDefault')
     }
     else {
       const credential = credentials.find(c => c.id === credentialId)
-      label = credential ? credential.name : 'Auth removed'
+      label = credential ? credential.name : t('plugin.auth.authRemoved')
       removed = !credential
     }
     return (
@@ -65,13 +67,13 @@ const AuthorizedInNode = ({
         />
       </Button>
     )
-  }, [credentialId, credentials])
+  }, [credentialId, credentials, t])
   const extraAuthorizationItems: Credential[] = [
     {
       id: '__workspace_default__',
-      name: 'Workspace default',
+      name: t('plugin.auth.workspaceDefault'),
       provider: '',
-      is_default: false,
+      is_default: !credentialId,
       isWorkspaceDefault: true,
     },
   ]
@@ -100,6 +102,7 @@ const AuthorizedInNode = ({
       disableSetDefault
       onItemClick={handleAuthorizationItemClick}
       extraAuthorizationItems={extraAuthorizationItems}
+      showItemSelectedIcon
     />
   )
 }
diff --git a/web/app/components/plugins/plugin-auth/authorized/index.tsx b/web/app/components/plugins/plugin-auth/authorized/index.tsx
index 13fec807f0..ddd05787b6 100644
--- a/web/app/components/plugins/plugin-auth/authorized/index.tsx
+++ b/web/app/components/plugins/plugin-auth/authorized/index.tsx
@@ -31,6 +31,7 @@ import {
   useDeletePluginCredentialHook,
   useInvalidPluginCredentialInfoHook,
   useSetPluginDefaultCredentialHook,
+  useUpdatePluginCredentialHook,
 } from '../hooks/use-credential'
 
 type AuthorizedProps = {
@@ -49,6 +50,7 @@ type AuthorizedProps = {
   disableSetDefault?: boolean
   onItemClick?: (id: string) => void
   extraAuthorizationItems?: Credential[]
+  showItemSelectedIcon?: boolean
 }
 const Authorized = ({
   pluginPayload,
@@ -66,6 +68,7 @@ const Authorized = ({
   disableSetDefault,
   onItemClick,
   extraAuthorizationItems,
+  showItemSelectedIcon,
 }: AuthorizedProps) => {
   const { t } = useTranslation()
   const { notify } = useToastContext()
@@ -125,6 +128,17 @@ const Authorized = ({
     })
     invalidatePluginCredentialInfo()
   }, [setPluginDefaultCredential, invalidatePluginCredentialInfo, notify, t])
+  const { mutateAsync: updatePluginCredential } = useUpdatePluginCredentialHook(pluginPayload)
+  const handleRename = useCallback(async (payload: {
+      credential_id: string
+      name: string
+    }) => {
+    await updatePluginCredential(payload)
+    notify({
+      type: 'success',
+      message: t('common.api.actionSuccess'),
+    })
+  }, [updatePluginCredential, notify, t])
 
   return (
     <>
@@ -149,7 +163,12 @@ const Authorized = ({
                     isOpen && 'bg-components-button-secondary-bg-hover',
                   )}>
                   <Indicator className='mr-2' />
-                  {credentials.length} Authorizations
+                  {credentials.length}&nbsp;
+                  {
+                    credentials.length > 1
+                      ? t('plugin.auth.authorizations')
+                      : t('plugin.auth.authorization')
+                  }
                   <RiArrowDownSLine className='ml-0.5 h-4 w-4' />
                 </Button>
               )
@@ -160,31 +179,35 @@ const Authorized = ({
             'max-h-[360px] overflow-y-auto rounded-xl border-[0.5px] border-components-panel-border bg-components-panel-bg-blur shadow-lg',
             popupClassName,
           )}>
-            {
-              !!extraAuthorizationItems?.length && (
-                <div className='p-1'>
-                  {
-                    extraAuthorizationItems.map(credential => (
-                      <Item
-                        key={credential.id}
-                        credential={credential}
-                        disabled={disabled}
-                        onItemClick={onItemClick}
-                        disableRename
-                        disableEdit
-                        disableDelete
-                        disableSetDefault
-                      />
-                    ))
-                  }
-                </div>
-              )
-            }
             <div className='py-1'>
+              {
+                !!extraAuthorizationItems?.length && (
+                  <div className='p-1'>
+                    {
+                      extraAuthorizationItems.map(credential => (
+                        <Item
+                          key={credential.id}
+                          credential={credential}
+                          disabled={disabled}
+                          onItemClick={onItemClick}
+                          disableRename
+                          disableEdit
+                          disableDelete
+                          disableSetDefault
+                          showSelectedIcon={showItemSelectedIcon}
+                        />
+                      ))
+                    }
+                  </div>
+                )
+              }
               {
                 !!oAuthCredentials.length && (
                   <div className='p-1'>
-                    <div className='system-xs-medium px-3 pb-0.5 pt-1 text-text-tertiary'>
+                    <div className={cn(
+                      'system-xs-medium px-3 pb-0.5 pt-1 text-text-tertiary',
+                      showItemSelectedIcon && 'pl-7',
+                    )}>
                       OAuth
                     </div>
                     {
@@ -192,6 +215,14 @@ const Authorized = ({
                         <Item
                           key={credential.id}
                           credential={credential}
+                          disabled={disabled}
+                          disableEdit
+                          onDelete={openConfirm}
+                          onSetDefault={handleSetDefault}
+                          onRename={handleRename}
+                          disableSetDefault={disableSetDefault}
+                          onItemClick={onItemClick}
+                          showSelectedIcon={showItemSelectedIcon}
                         />
                       ))
                     }
@@ -201,7 +232,10 @@ const Authorized = ({
               {
                 !!apiKeyCredentials.length && (
                   <div className='p-1'>
-                    <div className='system-xs-medium px-3 pb-0.5 pt-1 text-text-tertiary'>
+                    <div className={cn(
+                      'system-xs-medium px-3 pb-0.5 pt-1 text-text-tertiary',
+                      showItemSelectedIcon && 'pl-7',
+                    )}>
                       API Keys
                     </div>
                     {
@@ -214,7 +248,10 @@ const Authorized = ({
                           onEdit={handleEdit}
                           onSetDefault={handleSetDefault}
                           disableSetDefault={disableSetDefault}
+                          disableRename
                           onItemClick={onItemClick}
+                          onRename={handleRename}
+                          showSelectedIcon={showItemSelectedIcon}
                         />
                       ))
                     }
diff --git a/web/app/components/plugins/plugin-auth/authorized/item.tsx b/web/app/components/plugins/plugin-auth/authorized/item.tsx
index f54ef5ac9b..42bce232ff 100644
--- a/web/app/components/plugins/plugin-auth/authorized/item.tsx
+++ b/web/app/components/plugins/plugin-auth/authorized/item.tsx
@@ -1,8 +1,11 @@
 import {
   memo,
   useMemo,
+  useState,
 } from 'react'
+import { useTranslation } from 'react-i18next'
 import {
+  RiCheckLine,
   RiDeleteBinLine,
   RiEditLine,
   RiEqualizer2Line,
@@ -12,6 +15,8 @@ import Badge from '@/app/components/base/badge'
 import ActionButton from '@/app/components/base/action-button'
 import Tooltip from '@/app/components/base/tooltip'
 import Button from '@/app/components/base/button'
+import Input from '@/app/components/base/input'
+import cn from '@/utils/classnames'
 import type { Credential } from '../types'
 import { CredentialTypeEnum } from '../types'
 
@@ -21,11 +26,16 @@ type ItemProps = {
   onDelete?: (id: string) => void
   onEdit?: (id: string, values: Record<string, any>) => void
   onSetDefault?: (id: string) => void
+  onRename?: (payload: {
+    credential_id: string
+    name: string
+  }) => void
   disableRename?: boolean
   disableEdit?: boolean
   disableDelete?: boolean
   disableSetDefault?: boolean
   onItemClick?: (id: string) => void
+  showSelectedIcon?: boolean
 }
 const Item = ({
   credential,
@@ -33,12 +43,17 @@ const Item = ({
   onDelete,
   onEdit,
   onSetDefault,
+  onRename,
   disableRename,
   disableEdit,
   disableDelete,
   disableSetDefault,
   onItemClick,
+  showSelectedIcon,
 }: ItemProps) => {
+  const { t } = useTranslation()
+  const [renaming, setRenaming] = useState(false)
+  const [renameValue, setRenameValue] = useState(credential.name)
   const isOAuth = credential.credential_type === CredentialTypeEnum.OAUTH2
   const showAction = useMemo(() => {
     return !(disableRename && disableEdit && disableDelete && disableSetDefault)
@@ -47,27 +62,77 @@ const Item = ({
   return (
     <div
       key={credential.id}
-      className='group flex h-8 items-center rounded-lg p-1 hover:bg-state-base-hover'
+      className={cn(
+        'group flex h-8 items-center rounded-lg p-1 hover:bg-state-base-hover',
+        renaming && 'bg-state-base-hover',
+      )}
       onClick={() => onItemClick?.(credential.id)}
     >
-      <div className='flex w-0 grow items-center space-x-1.5 pl-2'>
-        <Indicator className='mr-1.5 shrink-0' />
-        <div
-          className='system-md-regular truncate text-text-secondary'
-          title={credential.name}
-        >
-          {credential.name}
-        </div>
-        {
-          credential.is_default && (
-            <Badge>
-              Default
-            </Badge>
-          )
-        }
-      </div>
       {
-        showAction && (
+        renaming && (
+          <div className='flex w-full items-center space-x-1'>
+            <Input
+              wrapperClassName='grow rounded-[6px]'
+              className='h-6'
+              value={renameValue}
+              onChange={e => setRenameValue(e.target.value)}
+              placeholder={t('common.placeholder.input')}
+            />
+            <Button
+              size='small'
+              variant='primary'
+              onClick={() => {
+                onRename?.({
+                  credential_id: credential.id,
+                  name: renameValue,
+                })
+                setRenaming(false)
+              }}
+            >
+              {t('common.operation.save')}
+            </Button>
+            <Button
+              size='small'
+              onClick={() => setRenaming(false)}
+            >
+              {t('common.operation.cancel')}
+            </Button>
+          </div>
+        )
+      }
+      {
+        !renaming && (
+          <div className='flex w-0 grow items-center space-x-1.5'>
+            {
+              showSelectedIcon && (
+                <div className='h-4 w-4'>
+                  {
+                    credential.is_default && (
+                      <RiCheckLine className='h-4 w-4 text-text-accent' />
+                    )
+                  }
+                </div>
+              )
+            }
+            <Indicator className='ml-2 mr-1.5 shrink-0' />
+            <div
+              className='system-md-regular truncate text-text-secondary'
+              title={credential.name}
+            >
+              {credential.name}
+            </div>
+            {
+              credential.is_default && (
+                <Badge className='shrink-0'>
+                  {t('plugin.auth.default')}
+                </Badge>
+              )
+            }
+          </div>
+        )
+      }
+      {
+        showAction && !renaming && (
           <div className='ml-2 hidden shrink-0 items-center group-hover:flex'>
             {
               !credential.is_default && !disableSetDefault && (
@@ -79,14 +144,21 @@ const Item = ({
                     onSetDefault?.(credential.id)
                   }}
                 >
-                  Set as default
+                  {t('plugin.auth.setDefault')}
                 </Button>
               )
             }
             {
-              isOAuth && !disableRename && (
-                <Tooltip popupContent='rename'>
-                  <ActionButton>
+              !disableRename && (
+                <Tooltip popupContent={t('common.operation.rename')}>
+                  <ActionButton
+                    disabled={disabled}
+                    onClick={(e) => {
+                      e.stopPropagation()
+                      setRenaming(true)
+                      setRenameValue(credential.name)
+                    }}
+                  >
                     <RiEditLine className='h-4 w-4 text-text-tertiary' />
                   </ActionButton>
                 </Tooltip>
@@ -94,7 +166,7 @@ const Item = ({
             }
             {
               !isOAuth && !disableEdit && (
-                <Tooltip popupContent='edit'>
+                <Tooltip popupContent={t('common.operation.edit')}>
                   <ActionButton
                     disabled={disabled}
                     onClick={(e) => {
@@ -116,15 +188,16 @@ const Item = ({
             }
             {
               !disableDelete && (
-                <Tooltip popupContent='delete'>
+                <Tooltip popupContent={t('common.operation.delete')}>
                   <ActionButton
+                    className='hover:bg-transparent'
                     disabled={disabled}
                     onClick={(e) => {
                       e.stopPropagation()
                       onDelete?.(credential.id)
                     }}
                   >
-                    <RiDeleteBinLine className='h-4 w-4 text-text-tertiary' />
+                    <RiDeleteBinLine className='h-4 w-4 text-text-tertiary hover:text-text-destructive' />
                   </ActionButton>
                 </Tooltip>
               )
diff --git a/web/app/components/plugins/plugin-auth/index.tsx b/web/app/components/plugins/plugin-auth/index.tsx
index f5b2f0c457..e4f6ae8b2f 100644
--- a/web/app/components/plugins/plugin-auth/index.tsx
+++ b/web/app/components/plugins/plugin-auth/index.tsx
@@ -1,5 +1,6 @@
 export { default as PluginAuth } from './plugin-auth'
 export { default as Authorized } from './authorized'
 export { default as AuthorizedInNode } from './authorized-in-node'
+export { default as PluginAuthInAgent } from './plugin-auth-in-agent'
 export { usePluginAuth } from './hooks/use-plugin-auth'
 export * from './types'
diff --git a/web/app/components/plugins/plugin-auth/plugin-auth-in-agent.tsx b/web/app/components/plugins/plugin-auth/plugin-auth-in-agent.tsx
new file mode 100644
index 0000000000..bb5d8e1f3c
--- /dev/null
+++ b/web/app/components/plugins/plugin-auth/plugin-auth-in-agent.tsx
@@ -0,0 +1,119 @@
+import {
+  memo,
+  useCallback,
+  useState,
+} from 'react'
+import { RiArrowDownSLine } from '@remixicon/react'
+import { useTranslation } from 'react-i18next'
+import Authorize from './authorize'
+import Authorized from './authorized'
+import type {
+  Credential,
+  PluginPayload,
+} from './types'
+import { usePluginAuth } from './hooks/use-plugin-auth'
+import Button from '@/app/components/base/button'
+import Indicator from '@/app/components/header/indicator'
+import cn from '@/utils/classnames'
+
+type PluginAuthInAgentProps = {
+  pluginPayload: PluginPayload
+  credentialId?: string
+  onAuthorizationItemClick?: (id: string) => void
+}
+const PluginAuthInAgent = ({
+  pluginPayload,
+  credentialId,
+  onAuthorizationItemClick,
+}: PluginAuthInAgentProps) => {
+  const { t } = useTranslation()
+  const [isOpen, setIsOpen] = useState(false)
+  const {
+    isAuthorized,
+    canOAuth,
+    canApiKey,
+    credentials,
+    disabled,
+  } = usePluginAuth(pluginPayload, true)
+
+  const extraAuthorizationItems: Credential[] = [
+    {
+      id: '__workspace_default__',
+      name: t('plugin.auth.workspaceDefault'),
+      provider: '',
+      is_default: !credentialId,
+      isWorkspaceDefault: true,
+    },
+  ]
+
+  const handleAuthorizationItemClick = useCallback((id: string) => {
+    onAuthorizationItemClick?.(id)
+    setIsOpen(false)
+  }, [
+    onAuthorizationItemClick,
+    setIsOpen,
+  ])
+
+  const renderTrigger = useCallback((isOpen?: boolean) => {
+    let label = ''
+    let removed = false
+    if (!credentialId) {
+      label = t('plugin.auth.workspaceDefault')
+    }
+    else {
+      const credential = credentials.find(c => c.id === credentialId)
+      label = credential ? credential.name : t('plugin.auth.authRemoved')
+      removed = !credential
+    }
+    return (
+      <Button
+        className={cn(
+          'w-full',
+          isOpen && 'bg-components-button-secondary-bg-hover',
+          removed && 'text-text-destructive',
+        )}>
+        <Indicator
+          className='mr-2'
+          color={removed ? 'red' : 'green'}
+        />
+        {label}
+        <RiArrowDownSLine className='ml-0.5 h-4 w-4' />
+      </Button>
+    )
+  }, [credentialId, credentials, t])
+
+  return (
+    <>
+      {
+        !isAuthorized && (
+          <Authorize
+            pluginPayload={pluginPayload}
+            canOAuth={canOAuth}
+            canApiKey={canApiKey}
+            disabled={disabled}
+          />
+        )
+      }
+      {
+        isAuthorized && (
+          <Authorized
+            pluginPayload={pluginPayload}
+            credentials={credentials}
+            canOAuth={canOAuth}
+            canApiKey={canApiKey}
+            disabled={disabled}
+            disableSetDefault
+            onItemClick={handleAuthorizationItemClick}
+            extraAuthorizationItems={extraAuthorizationItems}
+            showItemSelectedIcon
+            renderTrigger={renderTrigger}
+            isOpen={isOpen}
+            onOpenChange={setIsOpen}
+          />
+        )
+      }
+    </>
+  )
+}
+
+export default memo(PluginAuthInAgent)
diff --git a/web/app/components/plugins/plugin-detail-panel/tool-selector/index.tsx b/web/app/components/plugins/plugin-detail-panel/tool-selector/index.tsx
index 350fe50933..da4323713b 100644
--- a/web/app/components/plugins/plugin-detail-panel/tool-selector/index.tsx
+++ b/web/app/components/plugins/plugin-detail-panel/tool-selector/index.tsx
@@ -4,7 +4,6 @@ import React, { useMemo, useState } from 'react'
 import { useTranslation } from 'react-i18next'
 import Link from 'next/link'
 import {
-  RiArrowLeftLine,
   RiArrowRightUpLine,
 } from '@remixicon/react'
 import {
@@ -15,24 +14,17 @@ import {
 import ToolTrigger from '@/app/components/plugins/plugin-detail-panel/tool-selector/tool-trigger'
 import ToolItem from '@/app/components/plugins/plugin-detail-panel/tool-selector/tool-item'
 import ToolPicker from '@/app/components/workflow/block-selector/tool-picker'
-import Button from '@/app/components/base/button'
-import Indicator from '@/app/components/header/indicator'
-import ToolCredentialForm from '@/app/components/plugins/plugin-detail-panel/tool-selector/tool-credentials-form'
-import Toast from '@/app/components/base/toast'
 import Textarea from '@/app/components/base/textarea'
 import Divider from '@/app/components/base/divider'
 import TabSlider from '@/app/components/base/tab-slider-plain'
 import ReasoningConfigForm from '@/app/components/plugins/plugin-detail-panel/tool-selector/reasoning-config-form'
 import Form from '@/app/components/header/account-setting/model-provider-page/model-modal/Form'
 import { generateFormValue, getPlainValue, getStructureValue, toolParametersToFormSchemas } from '@/app/components/tools/utils/to-form-schema'
-
-import { useAppContext } from '@/context/app-context'
 import {
   useAllBuiltInTools,
   useAllCustomTools,
   useAllWorkflowTools,
   useInvalidateAllBuiltInTools,
-  useUpdateProviderCredentials,
 } from '@/service/use-tools'
 import { useInvalidateInstalledPluginList } from '@/service/use-plugins'
 import { usePluginInstalledCheck } from '@/app/components/plugins/plugin-detail-panel/tool-selector/hooks'
@@ -46,6 +38,10 @@ import { MARKETPLACE_API_PREFIX } from '@/config'
 import type { Node } from 'reactflow'
 import type { NodeOutPutVar } from '@/app/components/workflow/types'
 import cn from '@/utils/classnames'
+import {
+  AuthCategory,
+  PluginAuthInAgent,
+} from '@/app/components/plugins/plugin-auth'
 
 type Props = {
   disabled?: boolean
@@ -191,23 +187,6 @@ const ToolSelector: FC<Props> = ({
     } as any)
   }
 
-  // authorization
-  const { isCurrentWorkspaceManager } = useAppContext()
-  const [isShowSettingAuth, setShowSettingAuth] = useState(false)
-  const handleCredentialSettingUpdate = () => {
-    invalidateAllBuiltinTools()
-    Toast.notify({
-      type: 'success',
-      message: t('common.api.actionSuccess'),
-    })
-    setShowSettingAuth(false)
-    onShowChange(false)
-  }
-
-  const { mutate: updatePermission } = useUpdateProviderCredentials({
-    onSuccess: handleCredentialSettingUpdate,
-  })
-
   // install from marketplace
   const currentTool = useMemo(() => {
     return currentProvider?.tools.find(tool => tool.name === value?.tool_name)
@@ -221,6 +200,12 @@ const ToolSelector: FC<Props> = ({
     invalidateAllBuiltinTools()
     invalidateInstalledPluginList()
   }
+  const handleAuthorizationItemClick = (id: string) => {
+    onSelect({
+      ...value,
+      credential_id: id,
+    } as any)
+  }
 
   return (
     <>
@@ -257,7 +242,6 @@ const ToolSelector: FC<Props> = ({
               onSwitchChange={handleEnabledChange}
               onDelete={onDelete}
               noAuth={currentProvider && currentTool && !currentProvider.is_team_authorization}
-              onAuth={() => setShowSettingAuth(true)}
               uninstalled={!currentProvider && inMarketPlace}
               versionMismatch={currentProvider && inMarketPlace && !currentTool}
               installInfo={manifest?.latest_package_identifier}
@@ -276,181 +260,141 @@ const ToolSelector: FC<Props> = ({
           )}
         </PortalToFollowElemTrigger>
         <PortalToFollowElemContent>
-          <div className={cn('relative max-h-[642px] min-h-20 w-[361px] rounded-xl border-[0.5px] border-components-panel-border bg-components-panel-bg-blur pb-4 shadow-lg backdrop-blur-sm', !isShowSettingAuth && 'overflow-y-auto pb-2')}>
-            {!isShowSettingAuth && (
-              <>
-                <div className='system-xl-semibold px-4 pb-1 pt-3.5 text-text-primary'>{t(`plugin.detailPanel.toolSelector.${isEdit ? 'toolSetting' : 'title'}`)}</div>
-                {/* base form */}
-                <div className='flex flex-col gap-3 px-4 py-2'>
-                  <div className='flex flex-col gap-1'>
-                    <div className='system-sm-semibold flex h-6 items-center text-text-secondary'>{t('plugin.detailPanel.toolSelector.toolLabel')}</div>
-                    <ToolPicker
-                      panelClassName='w-[328px]'
-                      placement='bottom'
-                      offset={offset}
-                      trigger={
-                        <ToolTrigger
-                          open={panelShowState || isShowChooseTool}
-                          value={value}
-                          provider={currentProvider}
-                        />
-                      }
-                      isShow={panelShowState || isShowChooseTool}
-                      onShowChange={trigger ? onPanelShowStateChange as any : setIsShowChooseTool}
-                      disabled={false}
-                      supportAddCustomTool
-                      onSelect={handleSelectTool}
-                      scope={scope}
-                      selectedTools={selectedTools}
+          <div className={cn('relative max-h-[642px] min-h-20 w-[361px] rounded-xl border-[0.5px] border-components-panel-border bg-components-panel-bg-blur pb-4 shadow-lg backdrop-blur-sm', 'overflow-y-auto pb-2')}>
+            <>
+              <div className='system-xl-semibold px-4 pb-1 pt-3.5 text-text-primary'>{t(`plugin.detailPanel.toolSelector.${isEdit ? 'toolSetting' : 'title'}`)}</div>
+              {/* base form */}
+              <div className='flex flex-col gap-3 px-4 py-2'>
+                <div className='flex flex-col gap-1'>
+                  <div className='system-sm-semibold flex h-6 items-center text-text-secondary'>{t('plugin.detailPanel.toolSelector.toolLabel')}</div>
+                  <ToolPicker
+                    panelClassName='w-[328px]'
+                    placement='bottom'
+                    offset={offset}
+                    trigger={
+                      <ToolTrigger
+                        open={panelShowState || isShowChooseTool}
+                        value={value}
+                        provider={currentProvider}
+                      />
+                    }
+                    isShow={panelShowState || isShowChooseTool}
+                    onShowChange={trigger ? onPanelShowStateChange as any : setIsShowChooseTool}
+                    disabled={false}
+                    supportAddCustomTool
+                    onSelect={handleSelectTool}
+                    scope={scope}
+                    selectedTools={selectedTools}
+                  />
+                </div>
+                <div className='flex flex-col gap-1'>
+                  <div className='system-sm-semibold flex h-6 items-center text-text-secondary'>{t('plugin.detailPanel.toolSelector.descriptionLabel')}</div>
+                  <Textarea
+                    className='resize-none'
+                    placeholder={t('plugin.detailPanel.toolSelector.descriptionPlaceholder')}
+                    value={value?.extra?.description || ''}
+                    onChange={handleDescriptionChange}
+                    disabled={!value?.provider_name}
+                  />
+                </div>
+              </div>
+              {/* authorization */}
+              {currentProvider && currentProvider.type === CollectionType.builtIn && currentProvider.allow_delete && (
+                <>
+                  <Divider className='my-1 w-full' />
+                  <div className='px-4 py-2'>
+                    <PluginAuthInAgent
+                      pluginPayload={{
+                        provider: currentProvider.name,
+                        category: AuthCategory.tool,
+                      }}
+                      credentialId={value?.credential_id}
+                      onAuthorizationItemClick={handleAuthorizationItemClick}
                     />
                   </div>
-                  <div className='flex flex-col gap-1'>
-                    <div className='system-sm-semibold flex h-6 items-center text-text-secondary'>{t('plugin.detailPanel.toolSelector.descriptionLabel')}</div>
-                    <Textarea
-                      className='resize-none'
-                      placeholder={t('plugin.detailPanel.toolSelector.descriptionPlaceholder')}
-                      value={value?.extra?.description || ''}
-                      onChange={handleDescriptionChange}
-                      disabled={!value?.provider_name}
+                </>
+              )}
+              {/* tool settings */}
+              {(currentToolSettings.length > 0 || currentToolParams.length > 0) && currentProvider?.is_team_authorization && (
+                <>
+                  <Divider className='my-1 w-full' />
+                  {/* tabs */}
+                  {nodeId && showTabSlider && (
+                    <TabSlider
+                      className='mt-1 shrink-0 px-4'
+                      itemClassName='py-3'
+                      noBorderBottom
+                      smallItem
+                      value={currType}
+                      onChange={(value) => {
+                        setCurrType(value)
+                      }}
+                      options={[
+                        { value: 'settings', text: t('plugin.detailPanel.toolSelector.settings')! },
+                        { value: 'params', text: t('plugin.detailPanel.toolSelector.params')! },
+                      ]}
                     />
-                  </div>
-                </div>
-                {/* authorization */}
-                {currentProvider && currentProvider.type === CollectionType.builtIn && currentProvider.allow_delete && (
-                  <>
-                    <Divider className='my-1 w-full' />
+                  )}
+                  {nodeId && showTabSlider && currType === 'params' && (
                     <div className='px-4 py-2'>
-                      {!currentProvider.is_team_authorization && (
-                        <Button
-                          variant='primary'
-                          className={cn('w-full shrink-0')}
-                          onClick={() => setShowSettingAuth(true)}
-                          disabled={!isCurrentWorkspaceManager}
-                        >
-                          {t('tools.auth.unauthorized')}
-                        </Button>
-                      )}
-                      {currentProvider.is_team_authorization && (
-                        <Button
-                          variant='secondary'
-                          className={cn('w-full shrink-0')}
-                          onClick={() => setShowSettingAuth(true)}
-                          disabled={!isCurrentWorkspaceManager}
-                        >
-                          <Indicator className='mr-2' color={'green'} />
-                          {t('tools.auth.authorized')}
-                        </Button>
-                      )}
+                      <div className='system-xs-regular text-text-tertiary'>{t('plugin.detailPanel.toolSelector.paramsTip1')}</div>
+                      <div className='system-xs-regular text-text-tertiary'>{t('plugin.detailPanel.toolSelector.paramsTip2')}</div>
                     </div>
-                  </>
-                )}
-                {/* tool settings */}
-                {(currentToolSettings.length > 0 || currentToolParams.length > 0) && currentProvider?.is_team_authorization && (
-                  <>
-                    <Divider className='my-1 w-full' />
-                    {/* tabs */}
-                    {nodeId && showTabSlider && (
-                      <TabSlider
-                        className='mt-1 shrink-0 px-4'
-                        itemClassName='py-3'
-                        noBorderBottom
-                        smallItem
-                        value={currType}
-                        onChange={(value) => {
-                          setCurrType(value)
-                        }}
-                        options={[
-                          { value: 'settings', text: t('plugin.detailPanel.toolSelector.settings')! },
-                          { value: 'params', text: t('plugin.detailPanel.toolSelector.params')! },
-                        ]}
-                      />
-                    )}
-                    {nodeId && showTabSlider && currType === 'params' && (
-                      <div className='px-4 py-2'>
+                  )}
+                  {/* user settings only */}
+                  {userSettingsOnly && (
+                    <div className='p-4 pb-1'>
+                      <div className='system-sm-semibold-uppercase text-text-primary'>{t('plugin.detailPanel.toolSelector.settings')}</div>
+                    </div>
+                  )}
+                  {/* reasoning config only */}
+                  {nodeId && reasoningConfigOnly && (
+                    <div className='mb-1 p-4 pb-1'>
+                      <div className='system-sm-semibold-uppercase text-text-primary'>{t('plugin.detailPanel.toolSelector.params')}</div>
+                      <div className='pb-1'>
                         <div className='system-xs-regular text-text-tertiary'>{t('plugin.detailPanel.toolSelector.paramsTip1')}</div>
                         <div className='system-xs-regular text-text-tertiary'>{t('plugin.detailPanel.toolSelector.paramsTip2')}</div>
                       </div>
-                    )}
-                    {/* user settings only */}
-                    {userSettingsOnly && (
-                      <div className='p-4 pb-1'>
-                        <div className='system-sm-semibold-uppercase text-text-primary'>{t('plugin.detailPanel.toolSelector.settings')}</div>
-                      </div>
-                    )}
-                    {/* reasoning config only */}
-                    {nodeId && reasoningConfigOnly && (
-                      <div className='mb-1 p-4 pb-1'>
-                        <div className='system-sm-semibold-uppercase text-text-primary'>{t('plugin.detailPanel.toolSelector.params')}</div>
-                        <div className='pb-1'>
-                          <div className='system-xs-regular text-text-tertiary'>{t('plugin.detailPanel.toolSelector.paramsTip1')}</div>
-                          <div className='system-xs-regular text-text-tertiary'>{t('plugin.detailPanel.toolSelector.paramsTip2')}</div>
-                        </div>
-                      </div>
-                    )}
-                    {/* user settings form */}
-                    {(currType === 'settings' || userSettingsOnly) && (
-                      <div className='px-4 py-2'>
-                        <Form
-                          value={getPlainValue(value?.settings || {})}
-                          onChange={handleSettingsFormChange}
-                          formSchemas={settingsFormSchemas as any}
-                          isEditMode={true}
-                          showOnVariableMap={{}}
-                          validating={false}
-                          inputClassName='bg-components-input-bg-normal hover:bg-components-input-bg-hover'
-                          fieldMoreInfo={item => item.url
-                            ? (<a
-                              href={item.url}
-                              target='_blank' rel='noopener noreferrer'
-                              className='inline-flex items-center text-xs text-text-accent'
-                            >
-                              {t('tools.howToGet')}
-                              <RiArrowRightUpLine className='ml-1 h-3 w-3' />
-                            </a>)
-                            : null}
-                        />
-                      </div>
-                    )}
-                    {/* reasoning config form */}
-                    {nodeId && (currType === 'params' || reasoningConfigOnly) && (
-                      <ReasoningConfigForm
-                        value={value?.parameters || {}}
-                        onChange={handleParamsFormChange}
-                        schemas={paramsFormSchemas as any}
-                        nodeOutputVars={nodeOutputVars}
-                        availableNodes={availableNodes}
-                        nodeId={nodeId}
+                    </div>
+                  )}
+                  {/* user settings form */}
+                  {(currType === 'settings' || userSettingsOnly) && (
+                    <div className='px-4 py-2'>
+                      <Form
+                        value={getPlainValue(value?.settings || {})}
+                        onChange={handleSettingsFormChange}
+                        formSchemas={settingsFormSchemas as any}
+                        isEditMode={true}
+                        showOnVariableMap={{}}
+                        validating={false}
+                        inputClassName='bg-components-input-bg-normal hover:bg-components-input-bg-hover'
+                        fieldMoreInfo={item => item.url
+                          ? (<a
+                            href={item.url}
+                            target='_blank' rel='noopener noreferrer'
+                            className='inline-flex items-center text-xs text-text-accent'
+                          >
+                            {t('tools.howToGet')}
+                            <RiArrowRightUpLine className='ml-1 h-3 w-3' />
+                          </a>)
+                          : null}
                       />
-                    )}
-                  </>
-                )}
-              </>
-            )}
-            {/* authorization panel */}
-            {isShowSettingAuth && currentProvider && (
-              <>
-                <div className='relative flex flex-col gap-1 pt-3.5'>
-                  <div className='absolute -top-2 left-2 w-[345px] rounded-t-xl border-[0.5px] border-components-panel-border bg-components-panel-bg-blur pt-2 backdrop-blur-sm'></div>
-                  <div
-                    className='system-xs-semibold-uppercase flex h-6 cursor-pointer items-center gap-1 px-3 text-text-accent-secondary'
-                    onClick={() => setShowSettingAuth(false)}
-                  >
-                    <RiArrowLeftLine className='h-4 w-4' />
-                    BACK
-                  </div>
-                  <div className='system-xl-semibold px-4 text-text-primary'>{t('tools.auth.setupModalTitle')}</div>
-                  <div className='system-xs-regular px-4 text-text-tertiary'>{t('tools.auth.setupModalTitleDescription')}</div>
-                </div>
-                <ToolCredentialForm
-                  collection={currentProvider}
-                  onCancel={() => setShowSettingAuth(false)}
-                  onSaved={async value => updatePermission({
-                    providerName: currentProvider.name,
-                    credentials: value,
-                  })}
-                />
-              </>
-            )}
+                    </div>
+                  )}
+                  {/* reasoning config form */}
+                  {nodeId && (currType === 'params' || reasoningConfigOnly) && (
+                    <ReasoningConfigForm
+                      value={value?.parameters || {}}
+                      onChange={handleParamsFormChange}
+                      schemas={paramsFormSchemas as any}
+                      nodeOutputVars={nodeOutputVars}
+                      availableNodes={availableNodes}
+                      nodeId={nodeId}
+                    />
+                  )}
+                </>
+              )}
+            </>
           </div>
         </PortalToFollowElemContent>
       </PortalToFollowElem>
diff --git a/web/app/components/plugins/plugin-detail-panel/tool-selector/tool-item.tsx b/web/app/components/plugins/plugin-detail-panel/tool-selector/tool-item.tsx
index d74fccf968..5127ddefab 100644
--- a/web/app/components/plugins/plugin-detail-panel/tool-selector/tool-item.tsx
+++ b/web/app/components/plugins/plugin-detail-panel/tool-selector/tool-item.tsx
@@ -27,7 +27,6 @@ type Props = {
   onSwitchChange?: (value: boolean) => void
   onDelete?: () => void
   noAuth?: boolean
-  onAuth?: () => void
   isError?: boolean
   errorTip?: any
   uninstalled?: boolean
@@ -35,6 +34,7 @@ type Props = {
   onInstall?: () => void
   versionMismatch?: boolean
   open: boolean
+  authRemoved?: boolean
 }
 
 const ToolItem = ({
@@ -47,13 +47,13 @@ const ToolItem = ({
   onSwitchChange,
   onDelete,
   noAuth,
-  onAuth,
   uninstalled,
   installInfo,
   onInstall,
   isError,
   errorTip,
   versionMismatch,
+  authRemoved,
 }: Props) => {
   const { t } = useTranslation()
   const providerNameText = providerName?.split('/').pop()
@@ -113,11 +113,17 @@ const ToolItem = ({
         </div>
       )}
       {!isError && !uninstalled && !versionMismatch && noAuth && (
-        <Button variant='secondary' size='small' onClick={onAuth}>
+        <Button variant='secondary' size='small'>
           {t('tools.notAuthorized')}
           <Indicator className='ml-2' color='orange' />
         </Button>
       )}
+      {!isError && !uninstalled && !versionMismatch && authRemoved && (
+        <Button variant='secondary' size='small'>
+          {t('plugin.auth.authRemoved')}
+          <Indicator className='ml-2' color='red' />
+        </Button>
+      )}
       {!isError && !uninstalled && versionMismatch && installInfo && (
         <div onClick={e => e.stopPropagation()}>
           <SwitchPluginVersion
diff --git a/web/app/components/workflow/types.ts b/web/app/components/workflow/types.ts
index 5d2ab1e628..898eff64c3 100644
--- a/web/app/components/workflow/types.ts
+++ b/web/app/components/workflow/types.ts
@@ -92,7 +92,8 @@ export type CommonNodeType<T = {}> = {
   error_strategy?: ErrorHandleTypeEnum
   retry_config?: WorkflowRetryConfig
   default_value?: DefaultValueForm[]
-} & T & Partial<Pick<ToolDefaultValue, 'provider_id' | 'provider_type' | 'provider_name' | 'tool_name' | 'credential_id'>>
+  credential_id?: string
+} & T & Partial<Pick<ToolDefaultValue, 'provider_id' | 'provider_type' | 'provider_name' | 'tool_name'>>
 
 export type CommonEdgeType = {
   _hovering?: boolean
diff --git a/web/i18n/en-US/plugin.ts b/web/i18n/en-US/plugin.ts
index 9fba3a4714..dd2d173dc1 100644
--- a/web/i18n/en-US/plugin.ts
+++ b/web/i18n/en-US/plugin.ts
@@ -213,6 +213,26 @@ const translation = {
   requestAPlugin: 'Request a plugin',
   publishPlugins: 'Publish plugins',
   difyVersionNotCompatible: 'The current Dify version is not compatible with this plugin, please upgrade to the minimum version required: {{minimalDifyVersion}}',
+  auth: {
+    default: 'Default',
+    setDefault: 'Set as default',
+    useOAuth: 'Use OAuth',
+    useOAuthAuth: 'Use OAuth Authorization',
+    addOAuth: 'Add OAuth',
+    setupOAuth: 'Setup OAuth Client',
+    useApi: 'Use API Key',
+    addApi: 'Add API Key',
+    useApiAuth: 'API Key Authorization Configuration',
+    useApiAuthDesc: 'After configuring credentials, all members within the workspace can use this tool when orchestrating applications.',
+    oauthClientSettings: 'OAuth Client Settings',
+    saveOnly: 'Save only',
+    saveAndAuth: 'Save and Authorize',
+    authorization: 'Authorization',
+    authorizations: 'Authorizations',
+    authorizationName: 'Authorization Name',
+    workspaceDefault: 'Workspace Default',
+    authRemoved: 'Auth removed',
+  },
 }
 
 export default translation
diff --git a/web/i18n/zh-Hans/plugin.ts b/web/i18n/zh-Hans/plugin.ts
index eddd117012..89fb31e9ca 100644
--- a/web/i18n/zh-Hans/plugin.ts
+++ b/web/i18n/zh-Hans/plugin.ts
@@ -213,6 +213,26 @@ const translation = {
   requestAPlugin: '申请插件',
   publishPlugins: '发布插件',
   difyVersionNotCompatible: '当前 Dify 版本不兼容该插件，其最低版本要求为 {{minimalDifyVersion}}',
+  auth: {
+    default: '默认',
+    setDefault: '设为默认',
+    useOAuth: '使用 OAuth',
+    useOAuthAuth: '使用 OAuth 授权',
+    addOAuth: '添加 OAuth',
+    setupOAuth: '设置 OAuth 客户端',
+    useApi: '使用 API Key',
+    addApi: '添加 API Key',
+    useApiAuth: 'API Key 授权配置',
+    useApiAuthDesc: '配置凭据后，工作区内的所有成员在编排应用时都可以使用此工具。',
+    oauthClientSettings: 'OAuth 客户端设置',
+    saveOnly: '仅保存',
+    saveAndAuth: '保存并授权',
+    authorization: '凭据',
+    authorizations: '凭据',
+    authorizationName: '凭据名称',
+    workspaceDefault: '工作区默认',
+    authRemoved: '凭据已移除',
+  },
 }
 
 export default translation
diff --git a/web/service/use-plugins-auth.ts b/web/service/use-plugins-auth.ts
index 90b1a20e8c..e6b326de94 100644
--- a/web/service/use-plugins-auth.ts
+++ b/web/service/use-plugins-auth.ts
@@ -72,8 +72,7 @@ export const useUpdatePluginCredential = (
   return useMutation({
     mutationFn: (params: {
       credential_id: string
-      credentials: Record<string, any>
-      type: CredentialTypeEnum
+      credentials?: Record<string, any>
       name?: string
     }) => {
       return post(url, { body: params })

From 5869d6aacc24ecba381a4cf1bcd0b310ad556ece Mon Sep 17 00:00:00 2001
From: zxhlyh <jasonapring2015@outlook.com>
Date: Thu, 10 Jul 2025 17:28:27 +0800
Subject: [PATCH 06/25] tool oauth

---
 web/app/components/workflow/block-selector/types.ts | 1 +
 1 file changed, 1 insertion(+)

diff --git a/web/app/components/workflow/block-selector/types.ts b/web/app/components/workflow/block-selector/types.ts
index ce7dcea0e2..ee7217073e 100644
--- a/web/app/components/workflow/block-selector/types.ts
+++ b/web/app/components/workflow/block-selector/types.ts
@@ -42,4 +42,5 @@ export type ToolValue = {
   parameters?: Record<string, any>
   enabled?: boolean
   extra?: Record<string, any>
+  credential_id?: string
 }

From cb0082c0b84c3e67e079e79d14a36b8f58c50864 Mon Sep 17 00:00:00 2001
From: zxhlyh <jasonapring2015@outlook.com>
Date: Fri, 11 Jul 2025 14:40:36 +0800
Subject: [PATCH 07/25] tool oauth

---
 .../config/agent/agent-tools/index.tsx        | 53 ++++-------
 .../agent-tools/setting-built-in-tool.tsx     | 23 ++++-
 .../authorize/add-oauth-button.tsx            | 28 +++++-
 .../authorize/oauth-client-settings.tsx       | 89 ++++++++++++++++++-
 .../plugin-auth/authorized-in-node.tsx        |  1 +
 .../plugins/plugin-auth/authorized/index.tsx  |  5 ++
 .../plugins/plugin-auth/authorized/item.tsx   |  4 +-
 .../plugin-auth/hooks/use-credential.ts       | 28 ++++++
 .../plugin-auth/plugin-auth-in-agent.tsx      |  1 +
 .../plugin-detail-panel/detail-header.tsx     |  2 +-
 .../tool-selector/index.tsx                   | 14 +--
 web/service/use-plugins-auth.ts               | 30 +++++--
 web/types/app.ts                              |  1 +
 13 files changed, 222 insertions(+), 57 deletions(-)

diff --git a/web/app/components/app/configuration/config/agent/agent-tools/index.tsx b/web/app/components/app/configuration/config/agent/agent-tools/index.tsx
index 66fe85a170..d78d4dba0a 100644
--- a/web/app/components/app/configuration/config/agent/agent-tools/index.tsx
+++ b/web/app/components/app/configuration/config/agent/agent-tools/index.tsx
@@ -18,7 +18,6 @@ import AppIcon from '@/app/components/base/app-icon'
 import Button from '@/app/components/base/button'
 import Indicator from '@/app/components/header/indicator'
 import Switch from '@/app/components/base/switch'
-import Toast from '@/app/components/base/toast'
 import ConfigContext from '@/context/debug-configuration'
 import type { AgentTool } from '@/types/app'
 import { type Collection, CollectionType } from '@/app/components/tools/types'
@@ -26,8 +25,6 @@ import { MAX_TOOLS_NUM } from '@/config'
 import { AlertTriangle } from '@/app/components/base/icons/src/vender/solid/alertsAndFeedback'
 import Tooltip from '@/app/components/base/tooltip'
 import { DefaultToolIcon } from '@/app/components/base/icons/src/public/other'
-import ConfigCredential from '@/app/components/tools/setting/build-in/config-credentials'
-import { updateBuiltInToolCredential } from '@/service/tools'
 import cn from '@/utils/classnames'
 import ToolPicker from '@/app/components/workflow/block-selector/tool-picker'
 import type { ToolDefaultValue, ToolValue } from '@/app/components/workflow/block-selector/types'
@@ -57,13 +54,7 @@ const AgentTools: FC = () => {
 
   const formattingChangedDispatcher = useFormattingChangedDispatcher()
   const [currentTool, setCurrentTool] = useState<AgentToolWithMoreInfo>(null)
-  const currentCollection = useMemo(() => {
-    if (!currentTool) return null
-    const collection = collectionList.find(collection => canFindTool(collection.id, currentTool?.provider_id) && collection.type === currentTool?.provider_type)
-    return collection
-  }, [currentTool, collectionList])
   const [isShowSettingTool, setIsShowSettingTool] = useState(false)
-  const [isShowSettingAuth, setShowSettingAuth] = useState(false)
   const tools = (modelConfig?.agentConfig?.tools as AgentTool[] || []).map((item) => {
     const collection = collectionList.find(
       collection =>
@@ -100,17 +91,6 @@ const AgentTools: FC = () => {
     formattingChangedDispatcher()
   }
 
-  const handleToolAuthSetting = (value: AgentToolWithMoreInfo) => {
-    const newModelConfig = produce(modelConfig, (draft) => {
-      const tool = (draft.agentConfig.tools).find((item: any) => item.provider_id === value?.collection?.id && item.tool_name === value?.tool_name)
-      if (tool)
-        (tool as AgentTool).notAuthor = false
-    })
-    setModelConfig(newModelConfig)
-    setIsShowSettingTool(false)
-    formattingChangedDispatcher()
-  }
-
   const [isDeleting, setIsDeleting] = useState<number>(-1)
   const getToolValue = (tool: ToolDefaultValue) => {
     return {
@@ -144,6 +124,20 @@ const AgentTools: FC = () => {
     return item.provider_name
   }
 
+  const handleAuthorizationItemClick = useCallback((credentialId: string) => {
+    const newModelConfig = produce(modelConfig, (draft) => {
+      const tool = (draft.agentConfig.tools).find((item: any) => item.provider_id === currentTool?.provider_id)
+      if (tool)
+        (tool as AgentTool).credential_id = credentialId
+    })
+    setCurrentTool({
+      ...currentTool,
+      credential_id: credentialId,
+    } as any)
+    setModelConfig(newModelConfig)
+    formattingChangedDispatcher()
+  }, [currentTool, modelConfig, setModelConfig, formattingChangedDispatcher])
+
   return (
     <>
       <Panel
@@ -302,7 +296,7 @@ const AgentTools: FC = () => {
                   {item.notAuthor && (
                     <Button variant='secondary' size='small' onClick={() => {
                       setCurrentTool(item)
-                      setShowSettingAuth(true)
+                      setIsShowSettingTool(true)
                     }}>
                       {t('tools.notAuthorized')}
                       <Indicator className='ml-2' color='orange' />
@@ -322,21 +316,8 @@ const AgentTools: FC = () => {
           isModel={currentTool?.collection?.type === CollectionType.model}
           onSave={handleToolSettingChange}
           onHide={() => setIsShowSettingTool(false)}
-        />
-      )}
-      {isShowSettingAuth && (
-        <ConfigCredential
-          collection={currentCollection as any}
-          onCancel={() => setShowSettingAuth(false)}
-          onSaved={async (value) => {
-            await updateBuiltInToolCredential((currentCollection as any).name, value)
-            Toast.notify({
-              type: 'success',
-              message: t('common.api.actionSuccess'),
-            })
-            handleToolAuthSetting(currentTool)
-            setShowSettingAuth(false)
-          }}
+          credentialId={currentTool?.credential_id}
+          onAuthorizationItemClick={handleAuthorizationItemClick}
         />
       )}
     </>
diff --git a/web/app/components/app/configuration/config/agent/agent-tools/setting-built-in-tool.tsx b/web/app/components/app/configuration/config/agent/agent-tools/setting-built-in-tool.tsx
index 1ad814c6e9..92f1525bd5 100644
--- a/web/app/components/app/configuration/config/agent/agent-tools/setting-built-in-tool.tsx
+++ b/web/app/components/app/configuration/config/agent/agent-tools/setting-built-in-tool.tsx
@@ -14,7 +14,6 @@ import Icon from '@/app/components/plugins/card/base/card-icon'
 import OrgInfo from '@/app/components/plugins/card/base/org-info'
 import Description from '@/app/components/plugins/card/base/description'
 import TabSlider from '@/app/components/base/tab-slider-plain'
-
 import Button from '@/app/components/base/button'
 import Form from '@/app/components/header/account-setting/model-provider-page/model-modal/Form'
 import { addDefaultValue, toolParametersToFormSchemas } from '@/app/components/tools/utils/to-form-schema'
@@ -25,6 +24,10 @@ import I18n from '@/context/i18n'
 import { getLanguage } from '@/i18n/language'
 import cn from '@/utils/classnames'
 import type { ToolWithProvider } from '@/app/components/workflow/types'
+import {
+  AuthCategory,
+  PluginAuthInAgent,
+} from '@/app/components/plugins/plugin-auth'
 
 type Props = {
   showBackButton?: boolean
@@ -36,6 +39,8 @@ type Props = {
   readonly?: boolean
   onHide: () => void
   onSave?: (value: Record<string, any>) => void
+  credentialId?: string
+  onAuthorizationItemClick?: (id: string) => void
 }
 
 const SettingBuiltInTool: FC<Props> = ({
@@ -48,6 +53,8 @@ const SettingBuiltInTool: FC<Props> = ({
   readonly,
   onHide,
   onSave,
+  credentialId,
+  onAuthorizationItemClick,
 }) => {
   const { locale } = useContext(I18n)
   const language = getLanguage(locale)
@@ -197,8 +204,20 @@ const SettingBuiltInTool: FC<Props> = ({
               </div>
               <div className='system-md-semibold mt-1 text-text-primary'>{currTool?.label[language]}</div>
               {!!currTool?.description[language] && (
-                <Description className='mt-3' text={currTool.description[language]} descriptionLineRows={2}></Description>
+                <Description className='mb-2 mt-3 h-auto' text={currTool.description[language]} descriptionLineRows={2}></Description>
               )}
+              {
+                collection.allow_delete && collection.type === CollectionType.builtIn && (
+                  <PluginAuthInAgent
+                    pluginPayload={{
+                      provider: collection.name,
+                      category: AuthCategory.tool,
+                    }}
+                    credentialId={credentialId}
+                    onAuthorizationItemClick={onAuthorizationItemClick}
+                  />
+                )
+              }
             </div>
             {/* form */}
             <div className='h-full'>
diff --git a/web/app/components/plugins/plugin-auth/authorize/add-oauth-button.tsx b/web/app/components/plugins/plugin-auth/authorize/add-oauth-button.tsx
index 379dfb7e61..d5666520b0 100644
--- a/web/app/components/plugins/plugin-auth/authorize/add-oauth-button.tsx
+++ b/web/app/components/plugins/plugin-auth/authorize/add-oauth-button.tsx
@@ -1,5 +1,6 @@
 import {
   memo,
+  useCallback,
   useState,
 } from 'react'
 import { RiEqualizer2Line } from '@remixicon/react'
@@ -8,6 +9,10 @@ import type { ButtonProps } from '@/app/components/base/button'
 import OAuthClientSettings from './oauth-client-settings'
 import cn from '@/utils/classnames'
 import type { PluginPayload } from '../types'
+import { openOAuthPopup } from '@/hooks/use-oauth'
+import {
+  useGetPluginOAuthUrlHook,
+} from '../hooks/use-credential'
 
 export type AddOAuthButtonProps = {
   pluginPayload: PluginPayload
@@ -20,6 +25,7 @@ export type AddOAuthButtonProps = {
   disabled?: boolean
 }
 const AddOAuthButton = ({
+  pluginPayload,
   buttonVariant = 'primary',
   buttonText = 'use oauth',
   className,
@@ -29,6 +35,20 @@ const AddOAuthButton = ({
   disabled,
 }: AddOAuthButtonProps) => {
   const [isOAuthSettingsOpen, setIsOAuthSettingsOpen] = useState(false)
+  const { mutateAsync: getPluginOAuthUrl } = useGetPluginOAuthUrlHook(pluginPayload)
+
+  const handleOAuth = useCallback(async () => {
+    const { authorization_url } = await getPluginOAuthUrl()
+
+    if (authorization_url) {
+      openOAuthPopup(
+        authorization_url,
+        () => {
+          console.log('success')
+        },
+      )
+    }
+  }, [getPluginOAuthUrl])
 
   return (
     <>
@@ -39,6 +59,7 @@ const AddOAuthButton = ({
           className,
         )}
         disabled={disabled}
+        onClick={handleOAuth}
       >
         <div className={cn(
           'flex h-full grow items-center justify-center rounded-l-lg hover:bg-components-button-primary-bg-hover',
@@ -55,7 +76,10 @@ const AddOAuthButton = ({
             'flex h-full w-8 shrink-0 items-center justify-center rounded-r-lg hover:bg-components-button-primary-bg-hover',
             buttonRightClassName,
           )}
-          onClick={() => setIsOAuthSettingsOpen(true)}
+          onClick={(e) => {
+            e.stopPropagation()
+            setIsOAuthSettingsOpen(true)
+          }}
         >
           <RiEqualizer2Line className='h-4 w-4' />
         </div>
@@ -63,7 +87,9 @@ const AddOAuthButton = ({
       {
         isOAuthSettingsOpen && (
           <OAuthClientSettings
+            pluginPayload={pluginPayload}
             onClose={() => setIsOAuthSettingsOpen(false)}
+            disabled={disabled}
           />
         )
       }
diff --git a/web/app/components/plugins/plugin-auth/authorize/oauth-client-settings.tsx b/web/app/components/plugins/plugin-auth/authorize/oauth-client-settings.tsx
index 724351bd57..e7ea175817 100644
--- a/web/app/components/plugins/plugin-auth/authorize/oauth-client-settings.tsx
+++ b/web/app/components/plugins/plugin-auth/authorize/oauth-client-settings.tsx
@@ -1,12 +1,80 @@
-import { memo } from 'react'
+import {
+  memo,
+  useCallback,
+  useMemo,
+  useRef,
+} from 'react'
+import { useTranslation } from 'react-i18next'
 import Modal from '@/app/components/base/modal/modal'
+import {
+  useGetPluginOAuthClientSchemaHook,
+  useInvalidPluginCredentialInfoHook,
+  useSetPluginOAuthCustomClientHook,
+} from '../hooks/use-credential'
+import type { PluginPayload } from '../types'
+import Loading from '@/app/components/base/loading'
+import AuthForm from '@/app/components/base/form/form-scenarios/auth'
+import type { FromRefObject } from '@/app/components/base/form/types'
+import { FormTypeEnum } from '@/app/components/base/form/types'
+import { transformFormSchemasSecretInput } from '../utils'
+import { useToastContext } from '@/app/components/base/toast'
 
 type OAuthClientSettingsProps = {
+  pluginPayload: PluginPayload
   onClose?: () => void
+  editValues?: Record<string, any>
+  disabled?: boolean
 }
 const OAuthClientSettings = ({
+  pluginPayload,
   onClose,
+  editValues,
+  disabled,
 }: OAuthClientSettingsProps) => {
+  const { t } = useTranslation()
+  const { notify } = useToastContext()
+  const {
+    data,
+    isLoading,
+  } = useGetPluginOAuthClientSchemaHook(pluginPayload)
+  const formSchemas = useMemo(() => {
+    return data?.schema || []
+  }, [data])
+  const defaultValues = formSchemas.reduce((acc, schema) => {
+    if (schema.default)
+      acc[schema.name] = schema.default
+    return acc
+  }, {} as Record<string, any>)
+  const { mutateAsync: setPluginOAuthCustomClient } = useSetPluginOAuthCustomClientHook(pluginPayload)
+  const invalidatePluginCredentialInfo = useInvalidPluginCredentialInfoHook(pluginPayload)
+  const formRef = useRef<FromRefObject>(null)
+  const handleConfirm = useCallback(async () => {
+    const form = formRef.current?.getForm()
+    const store = form?.store
+    const values = store?.state.values
+    const isPristineSecretInputNames: string[] = []
+    formSchemas.forEach((schema) => {
+      if (schema.type === FormTypeEnum.secretInput) {
+        const fieldMeta = form?.getFieldMeta(schema.name)
+        if (fieldMeta?.isPristine)
+          isPristineSecretInputNames.push(schema.name)
+      }
+    })
+
+    const transformedValues = transformFormSchemasSecretInput(isPristineSecretInputNames, values)
+
+    await setPluginOAuthCustomClient({
+      client_params: transformedValues,
+      enable_oauth_custom_client: true,
+    })
+    notify({
+      type: 'success',
+      message: t('common.api.actionSuccess'),
+    })
+
+    onClose?.()
+    invalidatePluginCredentialInfo()
+  }, [onClose, invalidatePluginCredentialInfo, setPluginOAuthCustomClient, notify, t, formSchemas])
   return (
     <Modal
       title='Oauth client settings'
@@ -17,8 +85,25 @@ const OAuthClientSettings = ({
       extraButtonVariant='secondary'
       onExtraButtonClick={onClose}
       onClose={onClose}
+      onConfirm={handleConfirm}
     >
-      <div>oauth</div>
+      {
+        isLoading && (
+          <div className='flex h-40 items-center justify-center'>
+            <Loading />
+          </div>
+        )
+      }
+      {
+        !isLoading && !!data?.schema.length && (
+          <AuthForm
+            ref={formRef}
+            formSchemas={formSchemas}
+            defaultValues={editValues || defaultValues}
+            disabled={disabled}
+          />
+        )
+      }
     </Modal>
   )
 }
diff --git a/web/app/components/plugins/plugin-auth/authorized-in-node.tsx b/web/app/components/plugins/plugin-auth/authorized-in-node.tsx
index 55516e7fca..1b6e090a44 100644
--- a/web/app/components/plugins/plugin-auth/authorized-in-node.tsx
+++ b/web/app/components/plugins/plugin-auth/authorized-in-node.tsx
@@ -103,6 +103,7 @@ const AuthorizedInNode = ({
       onItemClick={handleAuthorizationItemClick}
       extraAuthorizationItems={extraAuthorizationItems}
       showItemSelectedIcon
+      selectedCredentialId={credentialId || '__workspace_default__'}
     />
   )
 }
diff --git a/web/app/components/plugins/plugin-auth/authorized/index.tsx b/web/app/components/plugins/plugin-auth/authorized/index.tsx
index ddd05787b6..5762bad2da 100644
--- a/web/app/components/plugins/plugin-auth/authorized/index.tsx
+++ b/web/app/components/plugins/plugin-auth/authorized/index.tsx
@@ -51,6 +51,7 @@ type AuthorizedProps = {
   onItemClick?: (id: string) => void
   extraAuthorizationItems?: Credential[]
   showItemSelectedIcon?: boolean
+  selectedCredentialId?: string
 }
 const Authorized = ({
   pluginPayload,
@@ -69,6 +70,7 @@ const Authorized = ({
   onItemClick,
   extraAuthorizationItems,
   showItemSelectedIcon,
+  selectedCredentialId,
 }: AuthorizedProps) => {
   const { t } = useTranslation()
   const { notify } = useToastContext()
@@ -195,6 +197,7 @@ const Authorized = ({
                           disableDelete
                           disableSetDefault
                           showSelectedIcon={showItemSelectedIcon}
+                          selectedCredentialId={selectedCredentialId}
                         />
                       ))
                     }
@@ -223,6 +226,7 @@ const Authorized = ({
                           disableSetDefault={disableSetDefault}
                           onItemClick={onItemClick}
                           showSelectedIcon={showItemSelectedIcon}
+                          selectedCredentialId={selectedCredentialId}
                         />
                       ))
                     }
@@ -252,6 +256,7 @@ const Authorized = ({
                           onItemClick={onItemClick}
                           onRename={handleRename}
                           showSelectedIcon={showItemSelectedIcon}
+                          selectedCredentialId={selectedCredentialId}
                         />
                       ))
                     }
diff --git a/web/app/components/plugins/plugin-auth/authorized/item.tsx b/web/app/components/plugins/plugin-auth/authorized/item.tsx
index 42bce232ff..4c0f88d985 100644
--- a/web/app/components/plugins/plugin-auth/authorized/item.tsx
+++ b/web/app/components/plugins/plugin-auth/authorized/item.tsx
@@ -36,6 +36,7 @@ type ItemProps = {
   disableSetDefault?: boolean
   onItemClick?: (id: string) => void
   showSelectedIcon?: boolean
+  selectedCredentialId?: string
 }
 const Item = ({
   credential,
@@ -50,6 +51,7 @@ const Item = ({
   disableSetDefault,
   onItemClick,
   showSelectedIcon,
+  selectedCredentialId,
 }: ItemProps) => {
   const { t } = useTranslation()
   const [renaming, setRenaming] = useState(false)
@@ -107,7 +109,7 @@ const Item = ({
               showSelectedIcon && (
                 <div className='h-4 w-4'>
                   {
-                    credential.is_default && (
+                    selectedCredentialId === credential.id && (
                       <RiCheckLine className='h-4 w-4 text-text-accent' />
                     )
                   }
diff --git a/web/app/components/plugins/plugin-auth/hooks/use-credential.ts b/web/app/components/plugins/plugin-auth/hooks/use-credential.ts
index 1fc9f0e012..3b2080253c 100644
--- a/web/app/components/plugins/plugin-auth/hooks/use-credential.ts
+++ b/web/app/components/plugins/plugin-auth/hooks/use-credential.ts
@@ -3,8 +3,12 @@ import {
   useDeletePluginCredential,
   useGetPluginCredentialInfo,
   useGetPluginCredentialSchema,
+  useGetPluginOAuthClientSchema,
+  useGetPluginOAuthCustomClientSchema,
+  useGetPluginOAuthUrl,
   useInvalidPluginCredentialInfo,
   useSetPluginDefaultCredential,
+  useSetPluginOAuthCustomClient,
   useUpdatePluginCredential,
 } from '@/service/use-plugins-auth'
 import { useGetApi } from './use-get-api'
@@ -51,3 +55,27 @@ export const useUpdatePluginCredentialHook = (pluginPayload: PluginPayload) => {
 
   return useUpdatePluginCredential(apiMap.updateCredential)
 }
+
+export const useGetPluginOAuthUrlHook = (pluginPayload: PluginPayload) => {
+  const apiMap = useGetApi(pluginPayload)
+
+  return useGetPluginOAuthUrl(apiMap.getOauthUrl)
+}
+
+export const useGetPluginOAuthClientSchemaHook = (pluginPayload: PluginPayload) => {
+  const apiMap = useGetApi(pluginPayload)
+
+  return useGetPluginOAuthClientSchema(apiMap.getOauthClientSchema)
+}
+
+export const useSetPluginOAuthCustomClientHook = (pluginPayload: PluginPayload) => {
+  const apiMap = useGetApi(pluginPayload)
+
+  return useSetPluginOAuthCustomClient(apiMap.setCustomOauthClient)
+}
+
+export const useGetPluginOAuthCustomClientSchemaHook = (pluginPayload: PluginPayload) => {
+  const apiMap = useGetApi(pluginPayload)
+
+  return useGetPluginOAuthCustomClientSchema(apiMap.getCustomOAuthClient)
+}
diff --git a/web/app/components/plugins/plugin-auth/plugin-auth-in-agent.tsx b/web/app/components/plugins/plugin-auth/plugin-auth-in-agent.tsx
index bb5d8e1f3c..4c7b885226 100644
--- a/web/app/components/plugins/plugin-auth/plugin-auth-in-agent.tsx
+++ b/web/app/components/plugins/plugin-auth/plugin-auth-in-agent.tsx
@@ -109,6 +109,7 @@ const PluginAuthInAgent = ({
             renderTrigger={renderTrigger}
             isOpen={isOpen}
             onOpenChange={setIsOpen}
+            selectedCredentialId={credentialId || '__workspace_default__'}
           />
         )
       }
diff --git a/web/app/components/plugins/plugin-detail-panel/detail-header.tsx b/web/app/components/plugins/plugin-detail-panel/detail-header.tsx
index 41e74b7d8a..124e133c2b 100644
--- a/web/app/components/plugins/plugin-detail-panel/detail-header.tsx
+++ b/web/app/components/plugins/plugin-detail-panel/detail-header.tsx
@@ -272,7 +272,7 @@ const DetailHeader = ({
           </ActionButton>
         </div>
       </div>
-      <Description className='mt-3' text={description[locale]} descriptionLineRows={2}></Description>
+      <Description className='mb-2 mt-3 h-auto' text={description[locale]} descriptionLineRows={2}></Description>
       {
         category === PluginType.tool && (
           <PluginAuth
diff --git a/web/app/components/plugins/plugin-detail-panel/tool-selector/index.tsx b/web/app/components/plugins/plugin-detail-panel/tool-selector/index.tsx
index 33ff67091a..5dfb8d0231 100644
--- a/web/app/components/plugins/plugin-detail-panel/tool-selector/index.tsx
+++ b/web/app/components/plugins/plugin-detail-panel/tool-selector/index.tsx
@@ -311,13 +311,13 @@ const ToolSelector: FC<Props> = ({
                   <Divider className='my-1 w-full' />
                     <div className='px-4 py-2'>
                       <PluginAuthInAgent
-                      pluginPayload={{
-                        provider: currentProvider.name,
-                        category: AuthCategory.tool,
-                      }}
-                      credentialId={value?.credential_id}
-                      onAuthorizationItemClick={handleAuthorizationItemClick}
-                    />
+                        pluginPayload={{
+                          provider: currentProvider.name,
+                          category: AuthCategory.tool,
+                        }}
+                        credentialId={value?.credential_id}
+                        onAuthorizationItemClick={handleAuthorizationItemClick}
+                      />
                   </div>
                 </>
               )}
diff --git a/web/service/use-plugins-auth.ts b/web/service/use-plugins-auth.ts
index e6b326de94..7d65f8b884 100644
--- a/web/service/use-plugins-auth.ts
+++ b/web/service/use-plugins-auth.ts
@@ -102,9 +102,16 @@ export const useGetPluginCredentialSchema = (
 export const useGetPluginOAuthUrl = (
   url: string,
 ) => {
-  return useQuery({
-    queryKey: [NAME_SPACE, 'oauth-url', url],
-    queryFn: () => get(url),
+  return useMutation({
+    mutationKey: [NAME_SPACE, 'oauth-url', url],
+    mutationFn: () => {
+      return get<
+      {
+        authorization_url: string
+        state: string
+        context_id: string
+      }>(url)
+    },
   })
 }
 
@@ -113,7 +120,10 @@ export const useGetPluginOAuthClientSchema = (
 ) => {
   return useQuery({
     queryKey: [NAME_SPACE, 'oauth-client-schema', url],
-    queryFn: () => get(url),
+    queryFn: () => get<{
+      schema: FormSchema[]
+      is_oauth_custom_client_enabled: boolean
+    }>(url),
   })
 }
 
@@ -121,8 +131,11 @@ export const useSetPluginOAuthCustomClient = (
   url: string,
 ) => {
   return useMutation({
-    mutationFn: (params) => {
-      return post(url, { body: params })
+    mutationFn: (params: {
+        client_params: Record<string, any>
+        enable_oauth_custom_client: boolean
+      }) => {
+      return post<{ result: string }>(url, { body: params })
     },
   })
 }
@@ -132,6 +145,9 @@ export const useGetPluginOAuthCustomClientSchema = (
 ) => {
   return useQuery({
     queryKey: [NAME_SPACE, 'oauth-custom-client-schema', url],
-    queryFn: () => get(url),
+    queryFn: () => get<{
+      client_id: string
+      client_secret: string
+    }>(url),
   })
 }
diff --git a/web/types/app.ts b/web/types/app.ts
index 3de5c446ec..ab82ff0407 100644
--- a/web/types/app.ts
+++ b/web/types/app.ts
@@ -130,6 +130,7 @@ export type AgentTool = {
   enabled: boolean
   isDeleted?: boolean
   notAuthor?: boolean
+  credential_id?: string
 }
 
 export type ToolItem = {

From 83ab69d2eb297bc1ac2211c44d3d8e6cfe07b7a2 Mon Sep 17 00:00:00 2001
From: zxhlyh <jasonapring2015@outlook.com>
Date: Fri, 11 Jul 2025 17:37:13 +0800
Subject: [PATCH 08/25] tool oauth

---
 .../base/form/components/base/base-field.tsx  |  39 +++-
 web/app/components/base/form/types.ts         |   7 +-
 .../authorize/add-oauth-button.tsx            | 198 ++++++++++++++----
 .../plugin-auth/authorize/api-key-modal.tsx   |   4 +-
 .../authorize/oauth-client-settings.tsx       |  72 +++----
 .../plugin-auth/hooks/use-credential.ts       |   7 -
 .../plugins/plugin-auth/hooks/use-get-api.ts  |   4 +-
 web/i18n/en-US/plugin.ts                      |   3 +
 web/i18n/zh-Hans/plugin.ts                    |   3 +
 web/service/use-plugins-auth.ts               |  15 +-
 10 files changed, 250 insertions(+), 102 deletions(-)

diff --git a/web/app/components/base/form/components/base/base-field.tsx b/web/app/components/base/form/components/base/base-field.tsx
index 47a8cca419..70cd3a9f78 100644
--- a/web/app/components/base/form/components/base/base-field.tsx
+++ b/web/app/components/base/form/components/base/base-field.tsx
@@ -36,6 +36,8 @@ const BaseField = ({
     required,
     placeholder,
     options,
+    labelClassName: formLabelClassName,
+    show_on = [],
   } = formSchema
 
   const memorizedLabel = useMemo(() => {
@@ -64,10 +66,25 @@ const BaseField = ({
     }) || []
   }, [options, renderI18nObject])
   const value = useStore(field.form.store, s => s.values[field.name])
+  const values = useStore(field.form.store, (s) => {
+    return show_on.reduce((acc, condition) => {
+      acc[condition.variable] = s.values[condition.variable]
+      return acc
+    }, {} as Record<string, any>)
+  })
+  const show = useMemo(() => {
+    return show_on.every((condition) => {
+      const conditionValue = values[condition.variable]
+      return conditionValue === condition.value
+    })
+  }, [values, show_on])
+
+  if (!show)
+    return null
 
   return (
     <div className={cn(fieldClassName)}>
-      <div className={cn(labelClassName)}>
+      <div className={cn(labelClassName, formLabelClassName)}>
         {memorizedLabel}
         {
           required && (
@@ -132,6 +149,26 @@ const BaseField = ({
             />
           )
         }
+        {
+          formSchema.type === FormTypeEnum.radio && (
+            <div className='flex items-center space-x-2'>
+              {
+                memorizedOptions.map(option => (
+                  <div
+                    key={option.value}
+                    className={cn(
+                      'system-sm-regular hover:bg-components-option-card-option-hover-bg hover:border-components-option-card-option-hover-border flex h-8 grow cursor-pointer items-center justify-center rounded-lg border border-components-option-card-option-border bg-components-option-card-option-bg p-2 text-text-secondary',
+                      value === option.value && 'border-components-option-card-option-selected-border bg-components-option-card-option-selected-bg text-text-primary shadow-xs',
+                    )}
+                    onClick={() => field.handleChange(option.value)}
+                  >
+                    {option.label}
+                  </div>
+                ))
+              }
+            </div>
+          )
+        }
       </div>
     </div>
   )
diff --git a/web/app/components/base/form/types.ts b/web/app/components/base/form/types.ts
index 3e1001b54e..9255181518 100644
--- a/web/app/components/base/form/types.ts
+++ b/web/app/components/base/form/types.ts
@@ -34,7 +34,7 @@ export enum FormTypeEnum {
 export type FormOption = {
   label: TypeWithI18N | string
   value: string
-  show_on: FormShowOnObject[]
+  show_on?: FormShowOnObject[]
   icon?: string
 }
 
@@ -51,11 +51,12 @@ export type FormSchema = {
   help?: string | TypeWithI18N
   placeholder?: string | TypeWithI18N
   options?: FormOption[]
+  labelClassName?: string
 }
 
 export type FormValues = Record<string, any>
 
-export type FromRefObject = {
+export type FormRefObject = {
     getForm: () => AnyFormApi
 }
-export type FormRef = ForwardedRef<FromRefObject>
+export type FormRef = ForwardedRef<FormRefObject>
diff --git a/web/app/components/plugins/plugin-auth/authorize/add-oauth-button.tsx b/web/app/components/plugins/plugin-auth/authorize/add-oauth-button.tsx
index d5666520b0..c2a252969e 100644
--- a/web/app/components/plugins/plugin-auth/authorize/add-oauth-button.tsx
+++ b/web/app/components/plugins/plugin-auth/authorize/add-oauth-button.tsx
@@ -1,18 +1,31 @@
 import {
   memo,
   useCallback,
+  useMemo,
   useState,
 } from 'react'
-import { RiEqualizer2Line } from '@remixicon/react'
+import { useTranslation } from 'react-i18next'
+import {
+  RiClipboardLine,
+  RiEqualizer2Line,
+  RiInformation2Fill,
+} from '@remixicon/react'
 import Button from '@/app/components/base/button'
 import type { ButtonProps } from '@/app/components/base/button'
 import OAuthClientSettings from './oauth-client-settings'
 import cn from '@/utils/classnames'
 import type { PluginPayload } from '../types'
 import { openOAuthPopup } from '@/hooks/use-oauth'
+import Badge from '@/app/components/base/badge'
 import {
+  useGetPluginOAuthClientSchemaHook,
   useGetPluginOAuthUrlHook,
+  useInvalidPluginCredentialInfoHook,
 } from '../hooks/use-credential'
+import type { FormSchema } from '@/app/components/base/form/types'
+import { FormTypeEnum } from '@/app/components/base/form/types'
+import ActionButton from '@/app/components/base/action-button'
+import { useRenderI18nObject } from '@/hooks/use-i18n'
 
 export type AddOAuthButtonProps = {
   pluginPayload: PluginPayload
@@ -34,62 +47,173 @@ const AddOAuthButton = ({
   dividerClassName,
   disabled,
 }: AddOAuthButtonProps) => {
+  const { t } = useTranslation()
+  const renderI18nObject = useRenderI18nObject()
   const [isOAuthSettingsOpen, setIsOAuthSettingsOpen] = useState(false)
   const { mutateAsync: getPluginOAuthUrl } = useGetPluginOAuthUrlHook(pluginPayload)
+  const { data } = useGetPluginOAuthClientSchemaHook(pluginPayload)
+  const {
+    schema = [],
+    is_oauth_custom_client_enabled,
+    is_system_oauth_params_exists,
+    client_params,
+    redirect_uri,
+  } = data || {}
 
+  const isConfigured = is_system_oauth_params_exists || !!client_params
+  const invalidatePluginCredentialInfo = useInvalidPluginCredentialInfoHook(pluginPayload)
   const handleOAuth = useCallback(async () => {
     const { authorization_url } = await getPluginOAuthUrl()
 
     if (authorization_url) {
       openOAuthPopup(
         authorization_url,
-        () => {
-          console.log('success')
-        },
+        invalidatePluginCredentialInfo,
       )
     }
-  }, [getPluginOAuthUrl])
+  }, [getPluginOAuthUrl, invalidatePluginCredentialInfo])
 
-  return (
-    <>
-      <Button
-        variant={buttonVariant}
-        className={cn(
-          'grow px-0 py-0 hover:bg-components-button-primary-bg',
-          className,
-        )}
-        disabled={disabled}
-        onClick={handleOAuth}
-      >
-        <div className={cn(
-          'flex h-full grow items-center justify-center rounded-l-lg hover:bg-components-button-primary-bg-hover',
-          buttonLeftClassName,
-        )}>
-          {buttonText}
+  const renderCustomLabel = useCallback((item: FormSchema) => {
+    return (
+      <div>
+        <div className='mb-4 flex rounded-xl bg-background-section-burn p-4'>
+          <div className='mr-3 flex h-9 w-9 shrink-0 items-center justify-center rounded-lg border-[0.5px] border-components-card-border bg-components-card-bg shadow-lg'>
+            <RiInformation2Fill className='h-5 w-5 text-text-accent' />
+          </div>
+          <div className='grow'>
+            <div className='system-sm-regular mb-2'>
+              {t('plugin.auth.clientInfo')}
+            </div>
+            {
+              redirect_uri && (
+                <div className='system-sm-medium flex items-center'>
+                  {redirect_uri}
+                  <ActionButton
+                    onClick={() => {
+                      navigator.clipboard.writeText(redirect_uri || '')
+                    }}
+                  >
+                    <RiClipboardLine className='h-4 w-4' />
+                  </ActionButton>
+                </div>
+              )
+            }
+          </div>
         </div>
-        <div className={cn(
-          'h-4 w-[1px] bg-text-primary-on-surface opacity-[0.15]',
-          dividerClassName,
-        )}></div>
-        <div
-          className={cn(
-            'flex h-full w-8 shrink-0 items-center justify-center rounded-r-lg hover:bg-components-button-primary-bg-hover',
-            buttonRightClassName,
-          )}
-          onClick={(e) => {
-            e.stopPropagation()
-            setIsOAuthSettingsOpen(true)
-          }}
-        >
-          <RiEqualizer2Line className='h-4 w-4' />
+        <div className='system-sm-medium flex h-6 items-center text-text-secondary'>
+          {renderI18nObject(item.label as Record<string, string>)}
         </div>
-      </Button>
+      </div>
+    )
+  }, [t, redirect_uri, renderI18nObject])
+  const memorizedSchemas = useMemo(() => {
+    const result: FormSchema[] = schema.map((item, index) => {
+      return {
+        ...item,
+        label: index === 0 ? renderCustomLabel(item) : item.label,
+        labelClassName: index === 0 ? 'h-auto' : undefined,
+      }
+    })
+    if (is_system_oauth_params_exists) {
+      result.unshift({
+        name: '__oauth_client__',
+        label: t('plugin.auth.oauthClient'),
+        type: FormTypeEnum.radio,
+        options: [
+          {
+            label: t('plugin.auth.default'),
+            value: 'default',
+          },
+          {
+            label: t('plugin.auth.custom'),
+            value: 'custom',
+          },
+        ],
+        required: false,
+        default: is_oauth_custom_client_enabled ? 'custom' : 'default',
+      } as FormSchema)
+      result.forEach((item, index) => {
+        if (index > 0) {
+          item.show_on = [
+            {
+              variable: '__oauth_client__',
+              value: 'custom',
+            },
+          ]
+          if (client_params)
+            item.default = client_params[item.name] || item.default
+        }
+      })
+    }
+
+    return result
+  }, [schema, renderCustomLabel, t, is_system_oauth_params_exists, is_oauth_custom_client_enabled, client_params])
+
+  return (
+    <>
+      {
+        isConfigured && (
+          <Button
+            variant={buttonVariant}
+            className={cn(
+              'grow px-0 py-0 hover:bg-components-button-primary-bg',
+              className,
+            )}
+            disabled={disabled}
+            onClick={handleOAuth}
+          >
+            <div className={cn(
+              'flex h-full grow items-center justify-center rounded-l-lg hover:bg-components-button-primary-bg-hover',
+              buttonLeftClassName,
+            )}>
+              {buttonText}
+            </div>
+            {
+              is_oauth_custom_client_enabled && (
+                <Badge>
+                  {t('plugin.auth.custom')}
+                </Badge>
+              )
+            }
+            <div className={cn(
+              'h-4 w-[1px] bg-text-primary-on-surface opacity-[0.15]',
+              dividerClassName,
+            )}></div>
+            <div
+              className={cn(
+                'flex h-full w-8 shrink-0 items-center justify-center rounded-r-lg hover:bg-components-button-primary-bg-hover',
+                buttonRightClassName,
+              )}
+              onClick={(e) => {
+                e.stopPropagation()
+                setIsOAuthSettingsOpen(true)
+              }}
+            >
+              <RiEqualizer2Line className='h-4 w-4' />
+            </div>
+          </Button>
+        )
+      }
+      {
+        !isConfigured && (
+          <Button
+            variant={buttonVariant}
+            onClick={() => setIsOAuthSettingsOpen(true)}
+            disabled={disabled}
+          >
+            <RiEqualizer2Line className='mr-0.5 h-4 w-4' />
+            {t('plugin.auth.setupOAuth')}
+          </Button>
+        )
+      }
       {
         isOAuthSettingsOpen && (
           <OAuthClientSettings
             pluginPayload={pluginPayload}
             onClose={() => setIsOAuthSettingsOpen(false)}
             disabled={disabled}
+            schemas={memorizedSchemas}
+            onAuth={handleOAuth}
           />
         )
       }
diff --git a/web/app/components/plugins/plugin-auth/authorize/api-key-modal.tsx b/web/app/components/plugins/plugin-auth/authorize/api-key-modal.tsx
index 572dfe125e..c29e984ae4 100644
--- a/web/app/components/plugins/plugin-auth/authorize/api-key-modal.tsx
+++ b/web/app/components/plugins/plugin-auth/authorize/api-key-modal.tsx
@@ -11,7 +11,7 @@ import Modal from '@/app/components/base/modal/modal'
 import { CredentialTypeEnum } from '../types'
 import { transformFormSchemasSecretInput } from '../utils'
 import AuthForm from '@/app/components/base/form/form-scenarios/auth'
-import type { FromRefObject } from '@/app/components/base/form/types'
+import type { FormRefObject } from '@/app/components/base/form/types'
 import { FormTypeEnum } from '@/app/components/base/form/types'
 import { useToastContext } from '@/app/components/base/toast'
 import Loading from '@/app/components/base/loading'
@@ -62,7 +62,7 @@ const ApiKeyModal = ({
   const { mutateAsync: addPluginCredential } = useAddPluginCredentialHook(pluginPayload)
   const { mutateAsync: updatePluginCredential } = useUpdatePluginCredentialHook(pluginPayload)
   const invalidatePluginCredentialInfo = useInvalidPluginCredentialInfoHook(pluginPayload)
-  const formRef = useRef<FromRefObject>(null)
+  const formRef = useRef<FormRefObject>(null)
   const handleConfirm = useCallback(async () => {
     const form = formRef.current?.getForm()
     const store = form?.store
diff --git a/web/app/components/plugins/plugin-auth/authorize/oauth-client-settings.tsx b/web/app/components/plugins/plugin-auth/authorize/oauth-client-settings.tsx
index e7ea175817..8a844d0de8 100644
--- a/web/app/components/plugins/plugin-auth/authorize/oauth-client-settings.tsx
+++ b/web/app/components/plugins/plugin-auth/authorize/oauth-client-settings.tsx
@@ -1,20 +1,20 @@
 import {
   memo,
   useCallback,
-  useMemo,
   useRef,
 } from 'react'
 import { useTranslation } from 'react-i18next'
 import Modal from '@/app/components/base/modal/modal'
 import {
-  useGetPluginOAuthClientSchemaHook,
   useInvalidPluginCredentialInfoHook,
   useSetPluginOAuthCustomClientHook,
 } from '../hooks/use-credential'
 import type { PluginPayload } from '../types'
-import Loading from '@/app/components/base/loading'
 import AuthForm from '@/app/components/base/form/form-scenarios/auth'
-import type { FromRefObject } from '@/app/components/base/form/types'
+import type {
+  FormRefObject,
+  FormSchema,
+} from '@/app/components/base/form/types'
 import { FormTypeEnum } from '@/app/components/base/form/types'
 import { transformFormSchemasSecretInput } from '../utils'
 import { useToastContext } from '@/app/components/base/toast'
@@ -24,36 +24,36 @@ type OAuthClientSettingsProps = {
   onClose?: () => void
   editValues?: Record<string, any>
   disabled?: boolean
+  schemas: FormSchema[]
+  onAuth?: () => Promise<void>
 }
 const OAuthClientSettings = ({
   pluginPayload,
   onClose,
   editValues,
   disabled,
+  schemas,
+  onAuth,
 }: OAuthClientSettingsProps) => {
   const { t } = useTranslation()
   const { notify } = useToastContext()
-  const {
-    data,
-    isLoading,
-  } = useGetPluginOAuthClientSchemaHook(pluginPayload)
-  const formSchemas = useMemo(() => {
-    return data?.schema || []
-  }, [data])
-  const defaultValues = formSchemas.reduce((acc, schema) => {
+  const defaultValues = schemas.reduce((acc, schema) => {
     if (schema.default)
       acc[schema.name] = schema.default
     return acc
   }, {} as Record<string, any>)
   const { mutateAsync: setPluginOAuthCustomClient } = useSetPluginOAuthCustomClientHook(pluginPayload)
   const invalidatePluginCredentialInfo = useInvalidPluginCredentialInfoHook(pluginPayload)
-  const formRef = useRef<FromRefObject>(null)
+  const formRef = useRef<FormRefObject>(null)
   const handleConfirm = useCallback(async () => {
     const form = formRef.current?.getForm()
     const store = form?.store
-    const values = store?.state.values
+    const {
+      __oauth_client__,
+      ...values
+    } = store?.state.values
     const isPristineSecretInputNames: string[] = []
-    formSchemas.forEach((schema) => {
+    schemas.forEach((schema) => {
       if (schema.type === FormTypeEnum.secretInput) {
         const fieldMeta = form?.getFieldMeta(schema.name)
         if (fieldMeta?.isPristine)
@@ -74,36 +74,32 @@ const OAuthClientSettings = ({
 
     onClose?.()
     invalidatePluginCredentialInfo()
-  }, [onClose, invalidatePluginCredentialInfo, setPluginOAuthCustomClient, notify, t, formSchemas])
+  }, [onClose, invalidatePluginCredentialInfo, setPluginOAuthCustomClient, notify, t, schemas])
+
+  const handleConfirmAndAuthorize = useCallback(async () => {
+    await handleConfirm()
+    if (onAuth)
+      await onAuth()
+  }, [handleConfirm, onAuth])
   return (
     <Modal
-      title='Oauth client settings'
-      confirmButtonText='Save & Authorize'
-      cancelButtonText='Save only'
-      extraButtonText='Cancel'
+      title={t('plugin.auth.oauthClientSettings')}
+      confirmButtonText={t('plugin.auth.saveAndAuth')}
+      cancelButtonText={t('plugin.auth.saveOnly')}
+      extraButtonText={t('common.operation.cancel')}
       showExtraButton
       extraButtonVariant='secondary'
       onExtraButtonClick={onClose}
       onClose={onClose}
-      onConfirm={handleConfirm}
+      onCancel={handleConfirm}
+      onConfirm={handleConfirmAndAuthorize}
     >
-      {
-        isLoading && (
-          <div className='flex h-40 items-center justify-center'>
-            <Loading />
-          </div>
-        )
-      }
-      {
-        !isLoading && !!data?.schema.length && (
-          <AuthForm
-            ref={formRef}
-            formSchemas={formSchemas}
-            defaultValues={editValues || defaultValues}
-            disabled={disabled}
-          />
-        )
-      }
+      <AuthForm
+        ref={formRef}
+        formSchemas={schemas}
+        defaultValues={editValues || defaultValues}
+        disabled={disabled}
+      />
     </Modal>
   )
 }
diff --git a/web/app/components/plugins/plugin-auth/hooks/use-credential.ts b/web/app/components/plugins/plugin-auth/hooks/use-credential.ts
index 3b2080253c..de1ec8a80d 100644
--- a/web/app/components/plugins/plugin-auth/hooks/use-credential.ts
+++ b/web/app/components/plugins/plugin-auth/hooks/use-credential.ts
@@ -4,7 +4,6 @@ import {
   useGetPluginCredentialInfo,
   useGetPluginCredentialSchema,
   useGetPluginOAuthClientSchema,
-  useGetPluginOAuthCustomClientSchema,
   useGetPluginOAuthUrl,
   useInvalidPluginCredentialInfo,
   useSetPluginDefaultCredential,
@@ -73,9 +72,3 @@ export const useSetPluginOAuthCustomClientHook = (pluginPayload: PluginPayload)
 
   return useSetPluginOAuthCustomClient(apiMap.setCustomOauthClient)
 }
-
-export const useGetPluginOAuthCustomClientSchemaHook = (pluginPayload: PluginPayload) => {
-  const apiMap = useGetApi(pluginPayload)
-
-  return useGetPluginOAuthCustomClientSchema(apiMap.getCustomOAuthClient)
-}
diff --git a/web/app/components/plugins/plugin-auth/hooks/use-get-api.ts b/web/app/components/plugins/plugin-auth/hooks/use-get-api.ts
index 8551332ddb..9b88cb0dad 100644
--- a/web/app/components/plugins/plugin-auth/hooks/use-get-api.ts
+++ b/web/app/components/plugins/plugin-auth/hooks/use-get-api.ts
@@ -19,7 +19,7 @@ export const useGetApi = ({ category = AuthCategory.tool, provider }: PluginPayl
       getOauthUrl: `/oauth/plugin/${provider}/tool/authorization-url`,
       getOauthClientSchema: `/workspaces/current/tool-provider/builtin/${provider}/oauth/client-schema`,
       setCustomOauthClient: `/workspaces/current/tool-provider/builtin/${provider}/oauth/custom-client`,
-      getCustomOAuthClient: `/workspaces/current/tool-provider/builtin/${provider}/oauth/custom-client`,
+      getCustomOAuthClientValues: `/workspaces/current/tool-provider/builtin/${provider}/oauth/custom-client`,
     }
   }
 
@@ -34,6 +34,6 @@ export const useGetApi = ({ category = AuthCategory.tool, provider }: PluginPayl
     getOauthUrl: '',
     getOauthClientSchema: '',
     setCustomOauthClient: '',
-    getCustomOAuthClient: '',
+    getCustomOAuthClientValues: '',
   }
 }
diff --git a/web/i18n/en-US/plugin.ts b/web/i18n/en-US/plugin.ts
index 6d59810e94..2984f5f77c 100644
--- a/web/i18n/en-US/plugin.ts
+++ b/web/i18n/en-US/plugin.ts
@@ -216,6 +216,7 @@ const translation = {
   difyVersionNotCompatible: 'The current Dify version is not compatible with this plugin, please upgrade to the minimum version required: {{minimalDifyVersion}}',
   auth: {
     default: 'Default',
+    custom: 'Custom',
     setDefault: 'Set as default',
     useOAuth: 'Use OAuth',
     useOAuthAuth: 'Use OAuth Authorization',
@@ -233,6 +234,8 @@ const translation = {
     authorizationName: 'Authorization Name',
     workspaceDefault: 'Workspace Default',
     authRemoved: 'Auth removed',
+    clientInfo: 'As no system client secrets found for this tool provider, setup it manually is required, for redirect_uri, please use',
+    oauthClient: 'OAuth Client',
   },
 }
 
diff --git a/web/i18n/zh-Hans/plugin.ts b/web/i18n/zh-Hans/plugin.ts
index 039b798fa4..5f8f641b72 100644
--- a/web/i18n/zh-Hans/plugin.ts
+++ b/web/i18n/zh-Hans/plugin.ts
@@ -216,6 +216,7 @@ const translation = {
   difyVersionNotCompatible: '当前 Dify 版本不兼容该插件，其最低版本要求为 {{minimalDifyVersion}}',
   auth: {
     default: '默认',
+    custom: '自定义',
     setDefault: '设为默认',
     useOAuth: '使用 OAuth',
     useOAuthAuth: '使用 OAuth 授权',
@@ -233,6 +234,8 @@ const translation = {
     authorizationName: '凭据名称',
     workspaceDefault: '工作区默认',
     authRemoved: '凭据已移除',
+    clientInfo: '由于未找到此工具提供者的系统客户端密钥，因此需要手动设置，对于 redirect_uri，请使用',
+    oauthClient: 'OAuth 客户端',
   },
 }
 
diff --git a/web/service/use-plugins-auth.ts b/web/service/use-plugins-auth.ts
index 7d65f8b884..05364ad688 100644
--- a/web/service/use-plugins-auth.ts
+++ b/web/service/use-plugins-auth.ts
@@ -123,6 +123,9 @@ export const useGetPluginOAuthClientSchema = (
     queryFn: () => get<{
       schema: FormSchema[]
       is_oauth_custom_client_enabled: boolean
+      is_system_oauth_params_exists?: boolean
+      client_params?: Record<string, any>
+      redirect_uri?: string
     }>(url),
   })
 }
@@ -139,15 +142,3 @@ export const useSetPluginOAuthCustomClient = (
     },
   })
 }
-
-export const useGetPluginOAuthCustomClientSchema = (
-  url: string,
-) => {
-  return useQuery({
-    queryKey: [NAME_SPACE, 'oauth-custom-client-schema', url],
-    queryFn: () => get<{
-      client_id: string
-      client_secret: string
-    }>(url),
-  })
-}

From 580c9a668ff24db1e876c053c68a7b00f6d73443 Mon Sep 17 00:00:00 2001
From: zxhlyh <jasonapring2015@outlook.com>
Date: Fri, 11 Jul 2025 18:17:17 +0800
Subject: [PATCH 09/25] fix

---
 .../authorize/add-oauth-button.tsx            | 27 ++++++++++---------
 .../authorize/oauth-client-settings.tsx       |  2 +-
 web/service/use-plugins-auth.ts               |  1 +
 3 files changed, 17 insertions(+), 13 deletions(-)

diff --git a/web/app/components/plugins/plugin-auth/authorize/add-oauth-button.tsx b/web/app/components/plugins/plugin-auth/authorize/add-oauth-button.tsx
index c2a252969e..1372a3a5a8 100644
--- a/web/app/components/plugins/plugin-auth/authorize/add-oauth-button.tsx
+++ b/web/app/components/plugins/plugin-auth/authorize/add-oauth-button.tsx
@@ -75,20 +75,21 @@ const AddOAuthButton = ({
 
   const renderCustomLabel = useCallback((item: FormSchema) => {
     return (
-      <div>
+      <div className='w-full'>
         <div className='mb-4 flex rounded-xl bg-background-section-burn p-4'>
           <div className='mr-3 flex h-9 w-9 shrink-0 items-center justify-center rounded-lg border-[0.5px] border-components-card-border bg-components-card-bg shadow-lg'>
             <RiInformation2Fill className='h-5 w-5 text-text-accent' />
           </div>
-          <div className='grow'>
-            <div className='system-sm-regular mb-2'>
+          <div className='w-0 grow'>
+            <div className='system-sm-regular mb-1.5'>
               {t('plugin.auth.clientInfo')}
             </div>
             {
               redirect_uri && (
-                <div className='system-sm-medium flex items-center'>
-                  {redirect_uri}
+                <div className='system-sm-medium flex w-full py-0.5'>
+                  <div className='w-0 grow break-words'>{redirect_uri}</div>
                   <ActionButton
+                    className='shrink-0'
                     onClick={() => {
                       navigator.clipboard.writeText(redirect_uri || '')
                     }}
@@ -167,14 +168,16 @@ const AddOAuthButton = ({
               buttonLeftClassName,
             )}>
               {buttonText}
+              {
+                is_oauth_custom_client_enabled && (
+                  <Badge
+                    className='ml-1 border-text-primary-on-surface bg-components-badge-bg-dimm text-text-primary-on-surface'
+                  >
+                    {t('plugin.auth.custom')}
+                  </Badge>
+                )
+              }
             </div>
-            {
-              is_oauth_custom_client_enabled && (
-                <Badge>
-                  {t('plugin.auth.custom')}
-                </Badge>
-              )
-            }
             <div className={cn(
               'h-4 w-[1px] bg-text-primary-on-surface opacity-[0.15]',
               dividerClassName,
diff --git a/web/app/components/plugins/plugin-auth/authorize/oauth-client-settings.tsx b/web/app/components/plugins/plugin-auth/authorize/oauth-client-settings.tsx
index 8a844d0de8..aa9722a1c5 100644
--- a/web/app/components/plugins/plugin-auth/authorize/oauth-client-settings.tsx
+++ b/web/app/components/plugins/plugin-auth/authorize/oauth-client-settings.tsx
@@ -65,7 +65,7 @@ const OAuthClientSettings = ({
 
     await setPluginOAuthCustomClient({
       client_params: transformedValues,
-      enable_oauth_custom_client: true,
+      enable_oauth_custom_client: __oauth_client__ === 'custom',
     })
     notify({
       type: 'success',
diff --git a/web/service/use-plugins-auth.ts b/web/service/use-plugins-auth.ts
index 05364ad688..7c72455a53 100644
--- a/web/service/use-plugins-auth.ts
+++ b/web/service/use-plugins-auth.ts
@@ -127,6 +127,7 @@ export const useGetPluginOAuthClientSchema = (
       client_params?: Record<string, any>
       redirect_uri?: string
     }>(url),
+    staleTime: 0,
   })
 }
 

From 3b7df2f9b6cf466617a3082bf81264b4893d500d Mon Sep 17 00:00:00 2001
From: zxhlyh <jasonapring2015@outlook.com>
Date: Mon, 14 Jul 2025 11:12:10 +0800
Subject: [PATCH 10/25] fix: provider

---
 web/app/components/plugins/plugin-auth/plugin-auth.tsx | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/web/app/components/plugins/plugin-auth/plugin-auth.tsx b/web/app/components/plugins/plugin-auth/plugin-auth.tsx
index 6fdcdd1140..5056105641 100644
--- a/web/app/components/plugins/plugin-auth/plugin-auth.tsx
+++ b/web/app/components/plugins/plugin-auth/plugin-auth.tsx
@@ -18,7 +18,7 @@ const PluginAuth = ({
     canApiKey,
     credentials,
     disabled,
-  } = usePluginAuth(pluginPayload, true)
+  } = usePluginAuth(pluginPayload, !!pluginPayload.provider)
 
   return (
     <>

From 29035d333d8910fa730e8d8ee67f53dfd5e23b3a Mon Sep 17 00:00:00 2001
From: zxhlyh <jasonapring2015@outlook.com>
Date: Mon, 14 Jul 2025 14:45:12 +0800
Subject: [PATCH 11/25] fix: validate

---
 .../base/form/components/base/base-form.tsx   | 32 ++++++++++++-------
 web/app/components/base/form/types.ts         |  6 +++-
 .../authorize/add-oauth-button.tsx            |  1 +
 .../plugin-auth/authorize/api-key-modal.tsx   | 12 +++++--
 .../authorize/oauth-client-settings.tsx       | 12 +++++--
 .../plugins/plugin-auth/authorized/index.tsx  |  3 +-
 6 files changed, 47 insertions(+), 19 deletions(-)

diff --git a/web/app/components/base/form/components/base/base-form.tsx b/web/app/components/base/form/components/base/base-form.tsx
index 3fee80bac1..6911e4d95f 100644
--- a/web/app/components/base/form/components/base/base-form.tsx
+++ b/web/app/components/base/form/components/base/base-form.tsx
@@ -70,25 +70,33 @@ const BaseForm = ({
     return null
   }, [formSchemas, fieldClassName, labelClassName, inputContainerClassName, inputClassName, disabled])
 
+  const renderFieldWrapper = useCallback((formSchema: FormSchema) => {
+    const {
+      name,
+    } = formSchema
+
+    return (
+      <form.Field
+        key={name}
+        name={name}
+      >
+        {renderField}
+      </form.Field>
+    )
+  }, [renderField, form])
+
   if (!formSchemas?.length)
     return null
 
   return (
     <form
       className={cn(formClassName)}
+      onSubmit={(e) => {
+        e.preventDefault()
+        form?.handleSubmit()
+      }}
     >
-      {
-        formSchemas.map((formSchema) => {
-          return (
-            <form.Field
-              key={formSchema.name}
-              name={formSchema.name}
-            >
-              {renderField}
-            </form.Field>
-          )
-        })
-      }
+      {formSchemas.map(renderFieldWrapper)}
     </form>
   )
 }
diff --git a/web/app/components/base/form/types.ts b/web/app/components/base/form/types.ts
index 9255181518..02a93c3285 100644
--- a/web/app/components/base/form/types.ts
+++ b/web/app/components/base/form/types.ts
@@ -2,7 +2,10 @@ import type {
   ForwardedRef,
   ReactNode,
 } from 'react'
-import type { AnyFormApi } from '@tanstack/react-form'
+import type {
+  AnyFormApi,
+  FieldValidators,
+} from '@tanstack/react-form'
 
 export type TypeWithI18N<T = string> = {
   en_US: T
@@ -52,6 +55,7 @@ export type FormSchema = {
   placeholder?: string | TypeWithI18N
   options?: FormOption[]
   labelClassName?: string
+  validators?: FieldValidators<any, any, any, any, any, any, any, any, any, any>
 }
 
 export type FormValues = Record<string, any>
diff --git a/web/app/components/plugins/plugin-auth/authorize/add-oauth-button.tsx b/web/app/components/plugins/plugin-auth/authorize/add-oauth-button.tsx
index 1372a3a5a8..8e6fc5aa03 100644
--- a/web/app/components/plugins/plugin-auth/authorize/add-oauth-button.tsx
+++ b/web/app/components/plugins/plugin-auth/authorize/add-oauth-button.tsx
@@ -217,6 +217,7 @@ const AddOAuthButton = ({
             disabled={disabled}
             schemas={memorizedSchemas}
             onAuth={handleOAuth}
+            editValues={client_params}
           />
         )
       }
diff --git a/web/app/components/plugins/plugin-auth/authorize/api-key-modal.tsx b/web/app/components/plugins/plugin-auth/authorize/api-key-modal.tsx
index c29e984ae4..5e7f8a7adb 100644
--- a/web/app/components/plugins/plugin-auth/authorize/api-key-modal.tsx
+++ b/web/app/components/plugins/plugin-auth/authorize/api-key-modal.tsx
@@ -72,13 +72,21 @@ const ApiKeyModal = ({
       ...values
     } = store?.state.values
     const isPristineSecretInputNames: string[] = []
-    formSchemas.forEach((schema) => {
+    for (let i = 0; i < formSchemas.length; i++) {
+      const schema = formSchemas[i]
+      if (schema.required && !values[schema.name]) {
+        notify({
+          type: 'error',
+          message: t('common.errorMsg.fieldRequired', { field: schema.name }),
+        })
+        return
+      }
       if (schema.type === FormTypeEnum.secretInput) {
         const fieldMeta = form?.getFieldMeta(schema.name)
         if (fieldMeta?.isPristine)
           isPristineSecretInputNames.push(schema.name)
       }
-    })
+    }
 
     const transformedValues = transformFormSchemasSecretInput(isPristineSecretInputNames, values)
 
diff --git a/web/app/components/plugins/plugin-auth/authorize/oauth-client-settings.tsx b/web/app/components/plugins/plugin-auth/authorize/oauth-client-settings.tsx
index aa9722a1c5..7752d584fb 100644
--- a/web/app/components/plugins/plugin-auth/authorize/oauth-client-settings.tsx
+++ b/web/app/components/plugins/plugin-auth/authorize/oauth-client-settings.tsx
@@ -53,13 +53,21 @@ const OAuthClientSettings = ({
       ...values
     } = store?.state.values
     const isPristineSecretInputNames: string[] = []
-    schemas.forEach((schema) => {
+    for (let i = 0; i < schemas.length; i++) {
+      const schema = schemas[i]
+      if (schema.required && !values[schema.name]) {
+        notify({
+          type: 'error',
+          message: t('common.errorMsg.fieldRequired', { field: schema.name }),
+        })
+        return
+      }
       if (schema.type === FormTypeEnum.secretInput) {
         const fieldMeta = form?.getFieldMeta(schema.name)
         if (fieldMeta?.isPristine)
           isPristineSecretInputNames.push(schema.name)
       }
-    })
+    }
 
     const transformedValues = transformFormSchemasSecretInput(isPristineSecretInputNames, values)
 
diff --git a/web/app/components/plugins/plugin-auth/authorized/index.tsx b/web/app/components/plugins/plugin-auth/authorized/index.tsx
index 5762bad2da..9caef74d95 100644
--- a/web/app/components/plugins/plugin-auth/authorized/index.tsx
+++ b/web/app/components/plugins/plugin-auth/authorized/index.tsx
@@ -282,8 +282,7 @@ const Authorized = ({
         deleteCredentialId && (
           <Confirm
             isShow
-            title='Are you sure?'
-            content='content'
+            title={t('datasetDocuments.list.delete.title')}
             onCancel={closeConfirm}
             onConfirm={handleConfirm}
           />

From 2572e99a4bc93af48e33c1eca110dc4eada371c6 Mon Sep 17 00:00:00 2001
From: zxhlyh <jasonapring2015@outlook.com>
Date: Mon, 14 Jul 2025 16:42:23 +0800
Subject: [PATCH 12/25] form

---
 .../base/form/components/base/base-field.tsx  |  6 +--
 .../base/form/components/base/base-form.tsx   | 33 ++++++++++++--
 web/app/components/base/form/hooks/index.ts   |  2 +
 .../base/form/hooks/use-check-validated.ts    | 36 +++++++++++++++
 .../base/form/hooks/use-get-form-values.ts    | 45 +++++++++++++++++++
 web/app/components/base/form/types.ts         |  8 ++++
 web/app/components/base/form/utils/index.ts   |  1 +
 .../base/form/utils/secret-input/index.ts     | 29 ++++++++++++
 .../plugin-auth/authorize/api-key-modal.tsx   | 41 +++++++----------
 .../authorize/oauth-client-settings.tsx       | 39 ++++++----------
 10 files changed, 182 insertions(+), 58 deletions(-)
 create mode 100644 web/app/components/base/form/hooks/index.ts
 create mode 100644 web/app/components/base/form/hooks/use-check-validated.ts
 create mode 100644 web/app/components/base/form/hooks/use-get-form-values.ts
 create mode 100644 web/app/components/base/form/utils/index.ts
 create mode 100644 web/app/components/base/form/utils/secret-input/index.ts

diff --git a/web/app/components/base/form/components/base/base-field.tsx b/web/app/components/base/form/components/base/base-field.tsx
index 70cd3a9f78..e48ce780c0 100644
--- a/web/app/components/base/form/components/base/base-field.tsx
+++ b/web/app/components/base/form/components/base/base-field.tsx
@@ -99,7 +99,7 @@ const BaseField = ({
               id={field.name}
               name={field.name}
               className={cn(inputClassName)}
-              value={value}
+              value={value || ''}
               onChange={e => field.handleChange(e.target.value)}
               onBlur={field.handleBlur}
               disabled={disabled}
@@ -114,7 +114,7 @@ const BaseField = ({
               name={field.name}
               type='password'
               className={cn(inputClassName)}
-              value={value}
+              value={value || ''}
               onChange={e => field.handleChange(e.target.value)}
               onBlur={field.handleBlur}
               disabled={disabled}
@@ -129,7 +129,7 @@ const BaseField = ({
               name={field.name}
               type='number'
               className={cn(inputClassName)}
-              value={value}
+              value={value || ''}
               onChange={e => field.handleChange(e.target.value)}
               onBlur={field.handleBlur}
               disabled={disabled}
diff --git a/web/app/components/base/form/components/base/base-form.tsx b/web/app/components/base/form/components/base/base-form.tsx
index 6911e4d95f..cde1c7619a 100644
--- a/web/app/components/base/form/components/base/base-form.tsx
+++ b/web/app/components/base/form/components/base/base-form.tsx
@@ -6,6 +6,7 @@ import {
 import type {
   AnyFieldApi,
 } from '@tanstack/react-form'
+import { useTranslation } from 'react-i18next'
 import { useForm } from '@tanstack/react-form'
 import type {
   FormRef,
@@ -18,6 +19,7 @@ import type {
   BaseFieldProps,
 } from '.'
 import cn from '@/utils/classnames'
+import { useGetFormValues } from '@/app/components/base/form/hooks'
 
 export type BaseFormProps = {
   formSchemas?: FormSchema[]
@@ -28,7 +30,7 @@ export type BaseFormProps = {
 } & Pick<BaseFieldProps, 'fieldClassName' | 'labelClassName' | 'inputContainerClassName' | 'inputClassName'>
 
 const BaseForm = ({
-  formSchemas,
+  formSchemas = [],
   defaultValues,
   formClassName,
   fieldClassName,
@@ -38,17 +40,22 @@ const BaseForm = ({
   ref,
   disabled,
 }: BaseFormProps) => {
+  const { t } = useTranslation()
   const form = useForm({
     defaultValues,
   })
+  const { getFormValues } = useGetFormValues(form)
 
   useImperativeHandle(ref, () => {
     return {
       getForm() {
         return form
       },
+      getFormValues: (option) => {
+        return getFormValues(formSchemas, option)
+      },
     }
-  }, [form])
+  }, [form, formSchemas, getFormValues])
 
   const renderField = useCallback((field: AnyFieldApi) => {
     const formSchema = formSchemas?.find(schema => schema.name === field.name)
@@ -73,17 +80,37 @@ const BaseForm = ({
   const renderFieldWrapper = useCallback((formSchema: FormSchema) => {
     const {
       name,
+      validators,
+      required,
     } = formSchema
+    let mergedValidators = validators
+    if (required && !validators) {
+      mergedValidators = {
+        onMount: ({ value }: any) => {
+          if (!value)
+            return t('common.errorMsg.fieldRequired', { field: name })
+        },
+        onChange: ({ value }: any) => {
+          if (!value)
+            return t('common.errorMsg.fieldRequired', { field: name })
+        },
+        onBlur: ({ value }: any) => {
+          if (!value)
+            return t('common.errorMsg.fieldRequired', { field: name })
+        },
+      }
+    }
 
     return (
       <form.Field
         key={name}
         name={name}
+        validators={mergedValidators}
       >
         {renderField}
       </form.Field>
     )
-  }, [renderField, form])
+  }, [renderField, form, t])
 
   if (!formSchemas?.length)
     return null
diff --git a/web/app/components/base/form/hooks/index.ts b/web/app/components/base/form/hooks/index.ts
new file mode 100644
index 0000000000..189369f240
--- /dev/null
+++ b/web/app/components/base/form/hooks/index.ts
@@ -0,0 +1,2 @@
+export * from './use-check-validated'
+export * from './use-get-form-values'
diff --git a/web/app/components/base/form/hooks/use-check-validated.ts b/web/app/components/base/form/hooks/use-check-validated.ts
new file mode 100644
index 0000000000..975c6fcb1f
--- /dev/null
+++ b/web/app/components/base/form/hooks/use-check-validated.ts
@@ -0,0 +1,36 @@
+import { useCallback } from 'react'
+import type { AnyFormApi } from '@tanstack/react-form'
+import { useToastContext } from '@/app/components/base/toast'
+
+export const useCheckValidated = (form: AnyFormApi) => {
+  const { notify } = useToastContext()
+
+  const checkValidated = useCallback(() => {
+    const allError = form?.getAllErrors()
+
+      if (allError) {
+        const fields = allError.fields
+        const errorArray = Object.keys(fields).reduce((acc: string[], key: string) => {
+          const errors: any[] = fields[key].errors
+
+          return [...acc, ...errors]
+        }, [] as string[])
+
+        if (errorArray.length) {
+          notify({
+            type: 'error',
+            message: errorArray[0],
+          })
+          return false
+        }
+
+        return true
+      }
+
+      return true
+  }, [form, notify])
+
+  return {
+    checkValidated,
+  }
+}
diff --git a/web/app/components/base/form/hooks/use-get-form-values.ts b/web/app/components/base/form/hooks/use-get-form-values.ts
new file mode 100644
index 0000000000..918e6220bc
--- /dev/null
+++ b/web/app/components/base/form/hooks/use-get-form-values.ts
@@ -0,0 +1,45 @@
+import { useCallback } from 'react'
+import type { AnyFormApi } from '@tanstack/react-form'
+import { useCheckValidated } from './use-check-validated'
+import type {
+  FormSchema,
+  GetValuesOptions,
+} from '../types'
+import { getTransformedValuesWhenSecretInputPristine } from '../utils'
+
+export const useGetFormValues = (form: AnyFormApi) => {
+  const { checkValidated } = useCheckValidated(form)
+
+  const getFormValues = useCallback((
+    formSchemas: FormSchema[],
+    {
+      needCheckValidatedValues,
+      needTransformWhenSecretFieldIsPristine,
+    }: GetValuesOptions,
+  ) => {
+    const values = form?.store.state.values || {}
+    if (!needCheckValidatedValues) {
+      return {
+        values,
+        isCheckValidated: false,
+      }
+    }
+
+    if (checkValidated()) {
+      return {
+        values: needTransformWhenSecretFieldIsPristine ? getTransformedValuesWhenSecretInputPristine(formSchemas, form) : values,
+        isCheckValidated: true,
+      }
+    }
+    else {
+      return {
+        values: {},
+        isCheckValidated: false,
+      }
+    }
+  }, [form, checkValidated])
+
+  return {
+    getFormValues,
+  }
+}
diff --git a/web/app/components/base/form/types.ts b/web/app/components/base/form/types.ts
index 02a93c3285..0a26b3fad3 100644
--- a/web/app/components/base/form/types.ts
+++ b/web/app/components/base/form/types.ts
@@ -60,7 +60,15 @@ export type FormSchema = {
 
 export type FormValues = Record<string, any>
 
+export type GetValuesOptions = {
+  needTransformWhenSecretFieldIsPristine?: boolean
+  needCheckValidatedValues?: boolean
+}
 export type FormRefObject = {
     getForm: () => AnyFormApi
+    getFormValues: (obj: GetValuesOptions) => {
+      values: Record<string, any>
+      isCheckValidated: boolean
+    }
 }
 export type FormRef = ForwardedRef<FormRefObject>
diff --git a/web/app/components/base/form/utils/index.ts b/web/app/components/base/form/utils/index.ts
new file mode 100644
index 0000000000..0abb8d1ad5
--- /dev/null
+++ b/web/app/components/base/form/utils/index.ts
@@ -0,0 +1 @@
+export * from './secret-input'
diff --git a/web/app/components/base/form/utils/secret-input/index.ts b/web/app/components/base/form/utils/secret-input/index.ts
new file mode 100644
index 0000000000..e8458f90b2
--- /dev/null
+++ b/web/app/components/base/form/utils/secret-input/index.ts
@@ -0,0 +1,29 @@
+import type { AnyFormApi } from '@tanstack/react-form'
+import type { FormSchema } from '@/app/components/base/form/types'
+import { FormTypeEnum } from '@/app/components/base/form/types'
+
+export const transformFormSchemasSecretInput = (isPristineSecretInputNames: string[], values: Record<string, any>) => {
+  const transformedValues: Record<string, any> = { ...values }
+
+  isPristineSecretInputNames.forEach((name) => {
+    if (transformedValues[name])
+      transformedValues[name] = '[__HIDDEN__]'
+  })
+
+  return transformedValues
+}
+
+export const getTransformedValuesWhenSecretInputPristine = (formSchemas: FormSchema[], form: AnyFormApi) => {
+  const values = form?.store.state.values || {}
+  const isPristineSecretInputNames: string[] = []
+  for (let i = 0; i < formSchemas.length; i++) {
+    const schema = formSchemas[i]
+    if (schema.type === FormTypeEnum.secretInput) {
+      const fieldMeta = form?.getFieldMeta(schema.name)
+      if (fieldMeta?.isPristine)
+        isPristineSecretInputNames.push(schema.name)
+    }
+  }
+
+  return transformFormSchemasSecretInput(isPristineSecretInputNames, values)
+}
diff --git a/web/app/components/plugins/plugin-auth/authorize/api-key-modal.tsx b/web/app/components/plugins/plugin-auth/authorize/api-key-modal.tsx
index 5e7f8a7adb..0f81f8ace4 100644
--- a/web/app/components/plugins/plugin-auth/authorize/api-key-modal.tsx
+++ b/web/app/components/plugins/plugin-auth/authorize/api-key-modal.tsx
@@ -9,7 +9,6 @@ import { RiExternalLinkLine } from '@remixicon/react'
 import { Lock01 } from '@/app/components/base/icons/src/vender/solid/security'
 import Modal from '@/app/components/base/modal/modal'
 import { CredentialTypeEnum } from '../types'
-import { transformFormSchemasSecretInput } from '../utils'
 import AuthForm from '@/app/components/base/form/form-scenarios/auth'
 import type { FormRefObject } from '@/app/components/base/form/types'
 import { FormTypeEnum } from '@/app/components/base/form/types'
@@ -64,42 +63,32 @@ const ApiKeyModal = ({
   const invalidatePluginCredentialInfo = useInvalidPluginCredentialInfoHook(pluginPayload)
   const formRef = useRef<FormRefObject>(null)
   const handleConfirm = useCallback(async () => {
-    const form = formRef.current?.getForm()
-    const store = form?.store
+    const {
+      isCheckValidated,
+      values,
+    } = formRef.current?.getFormValues({
+      needCheckValidatedValues: true,
+      needTransformWhenSecretFieldIsPristine: true,
+    }) || { isCheckValidated: false, values: {} }
+    if (!isCheckValidated)
+      return
+
     const {
       __name__,
       __credential_id__,
-      ...values
-    } = store?.state.values
-    const isPristineSecretInputNames: string[] = []
-    for (let i = 0; i < formSchemas.length; i++) {
-      const schema = formSchemas[i]
-      if (schema.required && !values[schema.name]) {
-        notify({
-          type: 'error',
-          message: t('common.errorMsg.fieldRequired', { field: schema.name }),
-        })
-        return
-      }
-      if (schema.type === FormTypeEnum.secretInput) {
-        const fieldMeta = form?.getFieldMeta(schema.name)
-        if (fieldMeta?.isPristine)
-          isPristineSecretInputNames.push(schema.name)
-      }
-    }
-
-    const transformedValues = transformFormSchemasSecretInput(isPristineSecretInputNames, values)
+      ...restValues
+    } = values
 
     if (editValues) {
       await updatePluginCredential({
-        credentials: transformedValues,
+        credentials: restValues,
         credential_id: __credential_id__,
         name: __name__ || '',
       })
     }
     else {
       await addPluginCredential({
-        credentials: transformedValues,
+        credentials: restValues,
         type: CredentialTypeEnum.API_KEY,
         name: __name__ || '',
       })
@@ -111,7 +100,7 @@ const ApiKeyModal = ({
 
     onClose?.()
     invalidatePluginCredentialInfo()
-  }, [addPluginCredential, onClose, invalidatePluginCredentialInfo, updatePluginCredential, notify, t, editValues, formSchemas])
+  }, [addPluginCredential, onClose, invalidatePluginCredentialInfo, updatePluginCredential, notify, t, editValues])
 
   return (
     <Modal
diff --git a/web/app/components/plugins/plugin-auth/authorize/oauth-client-settings.tsx b/web/app/components/plugins/plugin-auth/authorize/oauth-client-settings.tsx
index 7752d584fb..283617543a 100644
--- a/web/app/components/plugins/plugin-auth/authorize/oauth-client-settings.tsx
+++ b/web/app/components/plugins/plugin-auth/authorize/oauth-client-settings.tsx
@@ -15,8 +15,6 @@ import type {
   FormRefObject,
   FormSchema,
 } from '@/app/components/base/form/types'
-import { FormTypeEnum } from '@/app/components/base/form/types'
-import { transformFormSchemasSecretInput } from '../utils'
 import { useToastContext } from '@/app/components/base/toast'
 
 type OAuthClientSettingsProps = {
@@ -46,33 +44,22 @@ const OAuthClientSettings = ({
   const invalidatePluginCredentialInfo = useInvalidPluginCredentialInfoHook(pluginPayload)
   const formRef = useRef<FormRefObject>(null)
   const handleConfirm = useCallback(async () => {
-    const form = formRef.current?.getForm()
-    const store = form?.store
+    const {
+      isCheckValidated,
+      values,
+    } = formRef.current?.getFormValues({
+      needCheckValidatedValues: true,
+      needTransformWhenSecretFieldIsPristine: true,
+    }) || { isCheckValidated: false, values: {} }
+    if (!isCheckValidated)
+      return
     const {
       __oauth_client__,
-      ...values
-    } = store?.state.values
-    const isPristineSecretInputNames: string[] = []
-    for (let i = 0; i < schemas.length; i++) {
-      const schema = schemas[i]
-      if (schema.required && !values[schema.name]) {
-        notify({
-          type: 'error',
-          message: t('common.errorMsg.fieldRequired', { field: schema.name }),
-        })
-        return
-      }
-      if (schema.type === FormTypeEnum.secretInput) {
-        const fieldMeta = form?.getFieldMeta(schema.name)
-        if (fieldMeta?.isPristine)
-          isPristineSecretInputNames.push(schema.name)
-      }
-    }
-
-    const transformedValues = transformFormSchemasSecretInput(isPristineSecretInputNames, values)
+      ...restValues
+    } = values
 
     await setPluginOAuthCustomClient({
-      client_params: transformedValues,
+      client_params: restValues,
       enable_oauth_custom_client: __oauth_client__ === 'custom',
     })
     notify({
@@ -82,7 +69,7 @@ const OAuthClientSettings = ({
 
     onClose?.()
     invalidatePluginCredentialInfo()
-  }, [onClose, invalidatePluginCredentialInfo, setPluginOAuthCustomClient, notify, t, schemas])
+  }, [onClose, invalidatePluginCredentialInfo, setPluginOAuthCustomClient, notify, t])
 
   const handleConfirmAndAuthorize = useCallback(async () => {
     await handleConfirm()

From d0ba7adf335e71d0a3520873aeef50b75457c9e4 Mon Sep 17 00:00:00 2001
From: zxhlyh <jasonapring2015@outlook.com>
Date: Mon, 14 Jul 2025 17:02:46 +0800
Subject: [PATCH 13/25] form

---
 .../base/form/components/base/base-form.tsx   | 32 ++++------------
 web/app/components/base/form/hooks/index.ts   |  1 +
 .../base/form/hooks/use-check-validated.ts    | 37 ++++++++++---------
 .../base/form/hooks/use-get-validators.ts     | 36 ++++++++++++++++++
 web/app/components/base/form/types.ts         |  4 +-
 5 files changed, 67 insertions(+), 43 deletions(-)
 create mode 100644 web/app/components/base/form/hooks/use-get-validators.ts

diff --git a/web/app/components/base/form/components/base/base-form.tsx b/web/app/components/base/form/components/base/base-form.tsx
index cde1c7619a..7502911a34 100644
--- a/web/app/components/base/form/components/base/base-form.tsx
+++ b/web/app/components/base/form/components/base/base-form.tsx
@@ -6,7 +6,6 @@ import {
 import type {
   AnyFieldApi,
 } from '@tanstack/react-form'
-import { useTranslation } from 'react-i18next'
 import { useForm } from '@tanstack/react-form'
 import type {
   FormRef,
@@ -19,7 +18,10 @@ import type {
   BaseFieldProps,
 } from '.'
 import cn from '@/utils/classnames'
-import { useGetFormValues } from '@/app/components/base/form/hooks'
+import {
+  useGetFormValues,
+  useGetValidators,
+} from '@/app/components/base/form/hooks'
 
 export type BaseFormProps = {
   formSchemas?: FormSchema[]
@@ -40,11 +42,11 @@ const BaseForm = ({
   ref,
   disabled,
 }: BaseFormProps) => {
-  const { t } = useTranslation()
   const form = useForm({
     defaultValues,
   })
   const { getFormValues } = useGetFormValues(form)
+  const { getValidators } = useGetValidators()
 
   useImperativeHandle(ref, () => {
     return {
@@ -78,39 +80,21 @@ const BaseForm = ({
   }, [formSchemas, fieldClassName, labelClassName, inputContainerClassName, inputClassName, disabled])
 
   const renderFieldWrapper = useCallback((formSchema: FormSchema) => {
+    const validators = getValidators(formSchema)
     const {
       name,
-      validators,
-      required,
     } = formSchema
-    let mergedValidators = validators
-    if (required && !validators) {
-      mergedValidators = {
-        onMount: ({ value }: any) => {
-          if (!value)
-            return t('common.errorMsg.fieldRequired', { field: name })
-        },
-        onChange: ({ value }: any) => {
-          if (!value)
-            return t('common.errorMsg.fieldRequired', { field: name })
-        },
-        onBlur: ({ value }: any) => {
-          if (!value)
-            return t('common.errorMsg.fieldRequired', { field: name })
-        },
-      }
-    }
 
     return (
       <form.Field
         key={name}
         name={name}
-        validators={mergedValidators}
+        validators={validators}
       >
         {renderField}
       </form.Field>
     )
-  }, [renderField, form, t])
+  }, [renderField, form, getValidators])
 
   if (!formSchemas?.length)
     return null
diff --git a/web/app/components/base/form/hooks/index.ts b/web/app/components/base/form/hooks/index.ts
index 189369f240..71ccfedef3 100644
--- a/web/app/components/base/form/hooks/index.ts
+++ b/web/app/components/base/form/hooks/index.ts
@@ -1,2 +1,3 @@
 export * from './use-check-validated'
 export * from './use-get-form-values'
+export * from './use-get-validators'
diff --git a/web/app/components/base/form/hooks/use-check-validated.ts b/web/app/components/base/form/hooks/use-check-validated.ts
index 975c6fcb1f..aaf79f55d9 100644
--- a/web/app/components/base/form/hooks/use-check-validated.ts
+++ b/web/app/components/base/form/hooks/use-check-validated.ts
@@ -7,27 +7,28 @@ export const useCheckValidated = (form: AnyFormApi) => {
 
   const checkValidated = useCallback(() => {
     const allError = form?.getAllErrors()
-
-      if (allError) {
-        const fields = allError.fields
-        const errorArray = Object.keys(fields).reduce((acc: string[], key: string) => {
-          const errors: any[] = fields[key].errors
-
-          return [...acc, ...errors]
-        }, [] as string[])
-
-        if (errorArray.length) {
-          notify({
-            type: 'error',
-            message: errorArray[0],
-          })
-          return false
-        }
-
-        return true
+    console.log('allError', allError)
+
+    if (allError) {
+      const fields = allError.fields
+      const errorArray = Object.keys(fields).reduce((acc: string[], key: string) => {
+        const errors: any[] = fields[key].errors
+
+        return [...acc, ...errors]
+      }, [] as string[])
+
+      if (errorArray.length) {
+        notify({
+          type: 'error',
+          message: errorArray[0],
+        })
+        return false
       }
 
       return true
+    }
+
+    return true
   }, [form, notify])
 
   return {
diff --git a/web/app/components/base/form/hooks/use-get-validators.ts b/web/app/components/base/form/hooks/use-get-validators.ts
new file mode 100644
index 0000000000..91754bc1ba
--- /dev/null
+++ b/web/app/components/base/form/hooks/use-get-validators.ts
@@ -0,0 +1,36 @@
+import { useCallback } from 'react'
+import { useTranslation } from 'react-i18next'
+import type { FormSchema } from '../types'
+
+export const useGetValidators = () => {
+  const { t } = useTranslation()
+  const getValidators = useCallback((formSchema: FormSchema) => {
+    const {
+      name,
+      validators,
+      required,
+    } = formSchema
+    let mergedValidators = validators
+    if (required && !validators) {
+      mergedValidators = {
+        onMount: ({ value }: any) => {
+          if (!value)
+            return t('common.errorMsg.fieldRequired', { field: name })
+        },
+        onChange: ({ value }: any) => {
+          if (!value)
+            return t('common.errorMsg.fieldRequired', { field: name })
+        },
+        onBlur: ({ value }: any) => {
+          if (!value)
+            return t('common.errorMsg.fieldRequired', { field: name })
+        },
+      }
+    }
+    return mergedValidators
+  }, [t])
+
+  return {
+    getValidators,
+  }
+}
diff --git a/web/app/components/base/form/types.ts b/web/app/components/base/form/types.ts
index 0a26b3fad3..c165d2939b 100644
--- a/web/app/components/base/form/types.ts
+++ b/web/app/components/base/form/types.ts
@@ -41,6 +41,8 @@ export type FormOption = {
   icon?: string
 }
 
+export type AnyValidators = FieldValidators<any, any, any, any, any, any, any, any, any, any>
+
 export type FormSchema = {
   type: FormTypeEnum
   name: string
@@ -55,7 +57,7 @@ export type FormSchema = {
   placeholder?: string | TypeWithI18N
   options?: FormOption[]
   labelClassName?: string
-  validators?: FieldValidators<any, any, any, any, any, any, any, any, any, any>
+  validators?: AnyValidators
 }
 
 export type FormValues = Record<string, any>

From 964e29b27f3662f2629bdc37636139529d961a69 Mon Sep 17 00:00:00 2001
From: zxhlyh <jasonapring2015@outlook.com>
Date: Mon, 14 Jul 2025 17:33:42 +0800
Subject: [PATCH 14/25] fix: loading

---
 .../base/form/hooks/use-check-validated.ts    |  1 -
 .../authorize/add-oauth-button.tsx            |  4 +-
 .../plugin-auth/authorize/api-key-modal.tsx   | 65 +++++++++------
 .../authorize/oauth-client-settings.tsx       | 47 +++++++----
 .../plugins/plugin-auth/authorized/index.tsx  | 79 +++++++++++++------
 5 files changed, 129 insertions(+), 67 deletions(-)

diff --git a/web/app/components/base/form/hooks/use-check-validated.ts b/web/app/components/base/form/hooks/use-check-validated.ts
index aaf79f55d9..ce2e524e07 100644
--- a/web/app/components/base/form/hooks/use-check-validated.ts
+++ b/web/app/components/base/form/hooks/use-check-validated.ts
@@ -7,7 +7,6 @@ export const useCheckValidated = (form: AnyFormApi) => {
 
   const checkValidated = useCallback(() => {
     const allError = form?.getAllErrors()
-    console.log('allError', allError)
 
     if (allError) {
       const fields = allError.fields
diff --git a/web/app/components/plugins/plugin-auth/authorize/add-oauth-button.tsx b/web/app/components/plugins/plugin-auth/authorize/add-oauth-button.tsx
index 8e6fc5aa03..e3780b11d7 100644
--- a/web/app/components/plugins/plugin-auth/authorize/add-oauth-button.tsx
+++ b/web/app/components/plugins/plugin-auth/authorize/add-oauth-button.tsx
@@ -51,7 +51,7 @@ const AddOAuthButton = ({
   const renderI18nObject = useRenderI18nObject()
   const [isOAuthSettingsOpen, setIsOAuthSettingsOpen] = useState(false)
   const { mutateAsync: getPluginOAuthUrl } = useGetPluginOAuthUrlHook(pluginPayload)
-  const { data } = useGetPluginOAuthClientSchemaHook(pluginPayload)
+  const { data, isLoading } = useGetPluginOAuthClientSchemaHook(pluginPayload)
   const {
     schema = [],
     is_oauth_custom_client_enabled,
@@ -214,7 +214,7 @@ const AddOAuthButton = ({
           <OAuthClientSettings
             pluginPayload={pluginPayload}
             onClose={() => setIsOAuthSettingsOpen(false)}
-            disabled={disabled}
+            disabled={disabled || isLoading}
             schemas={memorizedSchemas}
             onAuth={handleOAuth}
             editValues={client_params}
diff --git a/web/app/components/plugins/plugin-auth/authorize/api-key-modal.tsx b/web/app/components/plugins/plugin-auth/authorize/api-key-modal.tsx
index 0f81f8ace4..03849f1d66 100644
--- a/web/app/components/plugins/plugin-auth/authorize/api-key-modal.tsx
+++ b/web/app/components/plugins/plugin-auth/authorize/api-key-modal.tsx
@@ -3,6 +3,7 @@ import {
   useCallback,
   useMemo,
   useRef,
+  useState,
 } from 'react'
 import { useTranslation } from 'react-i18next'
 import { RiExternalLinkLine } from '@remixicon/react'
@@ -39,6 +40,12 @@ const ApiKeyModal = ({
 }: ApiKeyModalProps) => {
   const { t } = useTranslation()
   const { notify } = useToastContext()
+  const [doingAction, setDoingAction] = useState(false)
+  const doingActionRef = useRef(doingAction)
+  const handleSetDoingAction = useCallback((value: boolean) => {
+    doingActionRef.current = value
+    setDoingAction(value)
+  }, [])
   const { data = [], isLoading } = useGetPluginCredentialSchemaHook(pluginPayload, CredentialTypeEnum.API_KEY)
   const formSchemas = useMemo(() => {
     return [
@@ -63,6 +70,8 @@ const ApiKeyModal = ({
   const invalidatePluginCredentialInfo = useInvalidPluginCredentialInfoHook(pluginPayload)
   const formRef = useRef<FormRefObject>(null)
   const handleConfirm = useCallback(async () => {
+    if (doingActionRef.current)
+      return
     const {
       isCheckValidated,
       values,
@@ -73,34 +82,40 @@ const ApiKeyModal = ({
     if (!isCheckValidated)
       return
 
-    const {
-      __name__,
-      __credential_id__,
-      ...restValues
-    } = values
+    try {
+      const {
+        __name__,
+        __credential_id__,
+        ...restValues
+      } = values
 
-    if (editValues) {
-      await updatePluginCredential({
-        credentials: restValues,
-        credential_id: __credential_id__,
-        name: __name__ || '',
+      handleSetDoingAction(true)
+      if (editValues) {
+        await updatePluginCredential({
+          credentials: restValues,
+          credential_id: __credential_id__,
+          name: __name__ || '',
+        })
+      }
+      else {
+        await addPluginCredential({
+          credentials: restValues,
+          type: CredentialTypeEnum.API_KEY,
+          name: __name__ || '',
+        })
+      }
+      notify({
+        type: 'success',
+        message: t('common.api.actionSuccess'),
       })
+
+      onClose?.()
+      invalidatePluginCredentialInfo()
     }
-    else {
-      await addPluginCredential({
-        credentials: restValues,
-        type: CredentialTypeEnum.API_KEY,
-        name: __name__ || '',
-      })
+    finally {
+      handleSetDoingAction(false)
     }
-    notify({
-      type: 'success',
-      message: t('common.api.actionSuccess'),
-    })
-
-    onClose?.()
-    invalidatePluginCredentialInfo()
-  }, [addPluginCredential, onClose, invalidatePluginCredentialInfo, updatePluginCredential, notify, t, editValues])
+  }, [addPluginCredential, onClose, invalidatePluginCredentialInfo, updatePluginCredential, notify, t, editValues, handleSetDoingAction])
 
   return (
     <Modal
@@ -138,7 +153,7 @@ const ApiKeyModal = ({
       onConfirm={handleConfirm}
       showExtraButton={!!editValues}
       onExtraButtonClick={onRemove}
-      disabled={disabled}
+      disabled={disabled || isLoading || doingAction}
     >
       {
         isLoading && (
diff --git a/web/app/components/plugins/plugin-auth/authorize/oauth-client-settings.tsx b/web/app/components/plugins/plugin-auth/authorize/oauth-client-settings.tsx
index 283617543a..09d2571cb2 100644
--- a/web/app/components/plugins/plugin-auth/authorize/oauth-client-settings.tsx
+++ b/web/app/components/plugins/plugin-auth/authorize/oauth-client-settings.tsx
@@ -2,6 +2,7 @@ import {
   memo,
   useCallback,
   useRef,
+  useState,
 } from 'react'
 import { useTranslation } from 'react-i18next'
 import Modal from '@/app/components/base/modal/modal'
@@ -35,6 +36,12 @@ const OAuthClientSettings = ({
 }: OAuthClientSettingsProps) => {
   const { t } = useTranslation()
   const { notify } = useToastContext()
+  const [doingAction, setDoingAction] = useState(false)
+  const doingActionRef = useRef(doingAction)
+  const handleSetDoingAction = useCallback((value: boolean) => {
+    doingActionRef.current = value
+    setDoingAction(value)
+  }, [])
   const defaultValues = schemas.reduce((acc, schema) => {
     if (schema.default)
       acc[schema.name] = schema.default
@@ -44,6 +51,8 @@ const OAuthClientSettings = ({
   const invalidatePluginCredentialInfo = useInvalidPluginCredentialInfoHook(pluginPayload)
   const formRef = useRef<FormRefObject>(null)
   const handleConfirm = useCallback(async () => {
+    if (doingActionRef.current)
+      return
     const {
       isCheckValidated,
       values,
@@ -53,23 +62,30 @@ const OAuthClientSettings = ({
     }) || { isCheckValidated: false, values: {} }
     if (!isCheckValidated)
       return
-    const {
-      __oauth_client__,
-      ...restValues
-    } = values
 
-    await setPluginOAuthCustomClient({
-      client_params: restValues,
-      enable_oauth_custom_client: __oauth_client__ === 'custom',
-    })
-    notify({
-      type: 'success',
-      message: t('common.api.actionSuccess'),
-    })
+    try {
+      const {
+        __oauth_client__,
+        ...restValues
+      } = values
+
+      handleSetDoingAction(true)
+      await setPluginOAuthCustomClient({
+        client_params: restValues,
+        enable_oauth_custom_client: __oauth_client__ === 'custom',
+      })
+      notify({
+        type: 'success',
+        message: t('common.api.actionSuccess'),
+      })
 
-    onClose?.()
-    invalidatePluginCredentialInfo()
-  }, [onClose, invalidatePluginCredentialInfo, setPluginOAuthCustomClient, notify, t])
+      onClose?.()
+      invalidatePluginCredentialInfo()
+    }
+    finally {
+      handleSetDoingAction(false)
+    }
+  }, [onClose, invalidatePluginCredentialInfo, setPluginOAuthCustomClient, notify, t, handleSetDoingAction])
 
   const handleConfirmAndAuthorize = useCallback(async () => {
     await handleConfirm()
@@ -88,6 +104,7 @@ const OAuthClientSettings = ({
       onClose={onClose}
       onCancel={handleConfirm}
       onConfirm={handleConfirmAndAuthorize}
+      disabled={disabled || doingAction}
     >
       <AuthForm
         ref={formRef}
diff --git a/web/app/components/plugins/plugin-auth/authorized/index.tsx b/web/app/components/plugins/plugin-auth/authorized/index.tsx
index 9caef74d95..07b5db9524 100644
--- a/web/app/components/plugins/plugin-auth/authorized/index.tsx
+++ b/web/app/components/plugins/plugin-auth/authorized/index.tsx
@@ -98,21 +98,34 @@ const Authorized = ({
     setDeleteCredentialId(null)
     pendingOperationCredentialId.current = null
   }, [])
+  const [doingAction, setDoingAction] = useState(false)
+  const doingActionRef = useRef(doingAction)
+  const handleSetDoingAction = useCallback((doing: boolean) => {
+    doingActionRef.current = doing
+    setDoingAction(doing)
+  }, [])
   const handleConfirm = useCallback(async () => {
+    if (doingActionRef.current)
+      return
     if (!pendingOperationCredentialId.current) {
       setDeleteCredentialId(null)
       return
     }
-
-    await deletePluginCredential({ credential_id: pendingOperationCredentialId.current })
-    notify({
-      type: 'success',
-      message: t('common.api.actionSuccess'),
-    })
-    invalidatePluginCredentialInfo()
-    setDeleteCredentialId(null)
-    pendingOperationCredentialId.current = null
-  }, [deletePluginCredential, invalidatePluginCredentialInfo, notify, t])
+    try {
+      handleSetDoingAction(true)
+      await deletePluginCredential({ credential_id: pendingOperationCredentialId.current })
+      notify({
+        type: 'success',
+        message: t('common.api.actionSuccess'),
+      })
+      invalidatePluginCredentialInfo()
+      setDeleteCredentialId(null)
+      pendingOperationCredentialId.current = null
+    }
+    finally {
+      handleSetDoingAction(false)
+    }
+  }, [deletePluginCredential, invalidatePluginCredentialInfo, notify, t, handleSetDoingAction])
   const [editValues, setEditValues] = useState<Record<string, any> | null>(null)
   const handleEdit = useCallback((id: string, values: Record<string, any>) => {
     pendingOperationCredentialId.current = id
@@ -123,24 +136,41 @@ const Authorized = ({
   }, [])
   const { mutateAsync: setPluginDefaultCredential } = useSetPluginDefaultCredentialHook(pluginPayload)
   const handleSetDefault = useCallback(async (id: string) => {
-    await setPluginDefaultCredential(id)
-    notify({
-      type: 'success',
-      message: t('common.api.actionSuccess'),
-    })
-    invalidatePluginCredentialInfo()
-  }, [setPluginDefaultCredential, invalidatePluginCredentialInfo, notify, t])
+    if (doingActionRef.current)
+      return
+    try {
+      handleSetDoingAction(true)
+      await setPluginDefaultCredential(id)
+      notify({
+        type: 'success',
+        message: t('common.api.actionSuccess'),
+      })
+      invalidatePluginCredentialInfo()
+    }
+    finally {
+      handleSetDoingAction(false)
+    }
+  }, [setPluginDefaultCredential, invalidatePluginCredentialInfo, notify, t, handleSetDoingAction])
   const { mutateAsync: updatePluginCredential } = useUpdatePluginCredentialHook(pluginPayload)
   const handleRename = useCallback(async (payload: {
       credential_id: string
       name: string
     }) => {
-    await updatePluginCredential(payload)
-    notify({
-      type: 'success',
-      message: t('common.api.actionSuccess'),
-    })
-  }, [updatePluginCredential, notify, t])
+    if (doingActionRef.current)
+      return
+    try {
+      handleSetDoingAction(true)
+      await updatePluginCredential(payload)
+      notify({
+        type: 'success',
+        message: t('common.api.actionSuccess'),
+      })
+      invalidatePluginCredentialInfo()
+    }
+    finally {
+      handleSetDoingAction(false)
+    }
+  }, [updatePluginCredential, notify, t, handleSetDoingAction, invalidatePluginCredentialInfo])
 
   return (
     <>
@@ -283,6 +313,7 @@ const Authorized = ({
           <Confirm
             isShow
             title={t('datasetDocuments.list.delete.title')}
+            isDisabled={doingAction}
             onCancel={closeConfirm}
             onConfirm={handleConfirm}
           />
@@ -298,7 +329,7 @@ const Authorized = ({
               pendingOperationCredentialId.current = null
             }}
             onRemove={handleRemove}
-            disabled={disabled}
+            disabled={disabled || doingAction}
           />
         )
       }

From 3f273cae736d61f6404d350ff05c1628d4c38532 Mon Sep 17 00:00:00 2001
From: zxhlyh <jasonapring2015@outlook.com>
Date: Tue, 15 Jul 2025 14:45:50 +0800
Subject: [PATCH 15/25] fix

---
 .../base/form/components/base/base-field.tsx  |  2 +-
 .../base/form/components/base/base-form.tsx   | 10 ++--
 .../base/form/form-scenarios/auth/index.tsx   |  2 +
 .../authorize/add-api-key-button.tsx          |  2 +-
 .../authorize/add-oauth-button.tsx            | 19 ++++++-
 .../authorize/oauth-client-settings.tsx       | 55 ++++++++++++++++++-
 .../plugin-auth/hooks/use-credential.ts       | 14 +++++
 .../plugins/plugin-auth/hooks/use-get-api.ts  |  2 +
 web/service/use-plugins-auth.ts               | 18 +++++-
 9 files changed, 110 insertions(+), 14 deletions(-)

diff --git a/web/app/components/base/form/components/base/base-field.tsx b/web/app/components/base/form/components/base/base-field.tsx
index e48ce780c0..0195f38795 100644
--- a/web/app/components/base/form/components/base/base-field.tsx
+++ b/web/app/components/base/form/components/base/base-field.tsx
@@ -87,7 +87,7 @@ const BaseField = ({
       <div className={cn(labelClassName, formLabelClassName)}>
         {memorizedLabel}
         {
-          required && (
+          required && !isValidElement(label) && (
             <span className='ml-1 text-text-destructive-secondary'>*</span>
           )
         }
diff --git a/web/app/components/base/form/components/base/base-form.tsx b/web/app/components/base/form/components/base/base-form.tsx
index 7502911a34..ee78561250 100644
--- a/web/app/components/base/form/components/base/base-form.tsx
+++ b/web/app/components/base/form/components/base/base-form.tsx
@@ -5,6 +5,7 @@ import {
 } from 'react'
 import type {
   AnyFieldApi,
+  AnyFormApi,
 } from '@tanstack/react-form'
 import { useForm } from '@tanstack/react-form'
 import type {
@@ -29,6 +30,7 @@ export type BaseFormProps = {
   formClassName?: string
   ref?: FormRef
   disabled?: boolean
+  formFromProps?: AnyFormApi
 } & Pick<BaseFieldProps, 'fieldClassName' | 'labelClassName' | 'inputContainerClassName' | 'inputClassName'>
 
 const BaseForm = ({
@@ -41,10 +43,12 @@ const BaseForm = ({
   inputClassName,
   ref,
   disabled,
+  formFromProps,
 }: BaseFormProps) => {
-  const form = useForm({
+  const formFromHook = useForm({
     defaultValues,
   })
+  const form: any = formFromProps || formFromHook
   const { getFormValues } = useGetFormValues(form)
   const { getValidators } = useGetValidators()
 
@@ -102,10 +106,6 @@ const BaseForm = ({
   return (
     <form
       className={cn(formClassName)}
-      onSubmit={(e) => {
-        e.preventDefault()
-        form?.handleSubmit()
-      }}
     >
       {formSchemas.map(renderFieldWrapper)}
     </form>
diff --git a/web/app/components/base/form/form-scenarios/auth/index.tsx b/web/app/components/base/form/form-scenarios/auth/index.tsx
index 5a88f94ac6..3927f90959 100644
--- a/web/app/components/base/form/form-scenarios/auth/index.tsx
+++ b/web/app/components/base/form/form-scenarios/auth/index.tsx
@@ -6,6 +6,7 @@ const AuthForm = ({
   formSchemas = [],
   defaultValues,
   ref,
+  formFromProps,
 }: BaseFormProps) => {
   return (
     <BaseForm
@@ -14,6 +15,7 @@ const AuthForm = ({
       defaultValues={defaultValues}
       formClassName='space-y-4'
       labelClassName='h-6 flex items-center mb-1 system-sm-medium text-text-secondary'
+      formFromProps={formFromProps}
     />
   )
 }
diff --git a/web/app/components/plugins/plugin-auth/authorize/add-api-key-button.tsx b/web/app/components/plugins/plugin-auth/authorize/add-api-key-button.tsx
index 733ebbd945..ad15a37d5c 100644
--- a/web/app/components/plugins/plugin-auth/authorize/add-api-key-button.tsx
+++ b/web/app/components/plugins/plugin-auth/authorize/add-api-key-button.tsx
@@ -24,7 +24,7 @@ const AddApiKeyButton = ({
   return (
     <>
       <Button
-        className='grow'
+        className='w-0 grow'
         variant={buttonVariant}
         onClick={() => setIsApiKeyModalOpen(true)}
         disabled={disabled}
diff --git a/web/app/components/plugins/plugin-auth/authorize/add-oauth-button.tsx b/web/app/components/plugins/plugin-auth/authorize/add-oauth-button.tsx
index e3780b11d7..4db2d44156 100644
--- a/web/app/components/plugins/plugin-auth/authorize/add-oauth-button.tsx
+++ b/web/app/components/plugins/plugin-auth/authorize/add-oauth-button.tsx
@@ -103,6 +103,11 @@ const AddOAuthButton = ({
         </div>
         <div className='system-sm-medium flex h-6 items-center text-text-secondary'>
           {renderI18nObject(item.label as Record<string, string>)}
+          {
+            item.required && (
+              <span className='ml-1 text-text-destructive-secondary'>*</span>
+            )
+          }
         </div>
       </div>
     )
@@ -157,7 +162,7 @@ const AddOAuthButton = ({
           <Button
             variant={buttonVariant}
             className={cn(
-              'grow px-0 py-0 hover:bg-components-button-primary-bg',
+              'w-0 grow px-0 py-0 hover:bg-components-button-primary-bg',
               className,
             )}
             disabled={disabled}
@@ -171,7 +176,10 @@ const AddOAuthButton = ({
               {
                 is_oauth_custom_client_enabled && (
                   <Badge
-                    className='ml-1 border-text-primary-on-surface bg-components-badge-bg-dimm text-text-primary-on-surface'
+                    className={cn(
+                      'ml-1',
+                      buttonVariant === 'primary' && 'border-text-primary-on-surface bg-components-badge-bg-dimm text-text-primary-on-surface',
+                    )}
                   >
                     {t('plugin.auth.custom')}
                   </Badge>
@@ -203,6 +211,7 @@ const AddOAuthButton = ({
             variant={buttonVariant}
             onClick={() => setIsOAuthSettingsOpen(true)}
             disabled={disabled}
+            className='w-0 grow'
           >
             <RiEqualizer2Line className='mr-0.5 h-4 w-4' />
             {t('plugin.auth.setupOAuth')}
@@ -217,7 +226,11 @@ const AddOAuthButton = ({
             disabled={disabled || isLoading}
             schemas={memorizedSchemas}
             onAuth={handleOAuth}
-            editValues={client_params}
+            editValues={{
+              ...client_params,
+              __oauth_client__: is_oauth_custom_client_enabled ? 'custom' : 'default',
+            }}
+            hasOriginalClientParams={Object.keys(client_params || {}).length > 0}
           />
         )
       }
diff --git a/web/app/components/plugins/plugin-auth/authorize/oauth-client-settings.tsx b/web/app/components/plugins/plugin-auth/authorize/oauth-client-settings.tsx
index 09d2571cb2..71bc0d29c9 100644
--- a/web/app/components/plugins/plugin-auth/authorize/oauth-client-settings.tsx
+++ b/web/app/components/plugins/plugin-auth/authorize/oauth-client-settings.tsx
@@ -4,10 +4,16 @@ import {
   useRef,
   useState,
 } from 'react'
+import {
+  useForm,
+  useStore,
+} from '@tanstack/react-form'
 import { useTranslation } from 'react-i18next'
 import Modal from '@/app/components/base/modal/modal'
 import {
+  useDeletePluginOAuthCustomClientHook,
   useInvalidPluginCredentialInfoHook,
+  useInvalidPluginOAuthClientSchemaHook,
   useSetPluginOAuthCustomClientHook,
 } from '../hooks/use-credential'
 import type { PluginPayload } from '../types'
@@ -17,6 +23,7 @@ import type {
   FormSchema,
 } from '@/app/components/base/form/types'
 import { useToastContext } from '@/app/components/base/toast'
+import Button from '@/app/components/base/button'
 
 type OAuthClientSettingsProps = {
   pluginPayload: PluginPayload
@@ -25,6 +32,7 @@ type OAuthClientSettingsProps = {
   disabled?: boolean
   schemas: FormSchema[]
   onAuth?: () => Promise<void>
+  hasOriginalClientParams?: boolean
 }
 const OAuthClientSettings = ({
   pluginPayload,
@@ -33,6 +41,7 @@ const OAuthClientSettings = ({
   disabled,
   schemas,
   onAuth,
+  hasOriginalClientParams,
 }: OAuthClientSettingsProps) => {
   const { t } = useTranslation()
   const { notify } = useToastContext()
@@ -48,7 +57,8 @@ const OAuthClientSettings = ({
     return acc
   }, {} as Record<string, any>)
   const { mutateAsync: setPluginOAuthCustomClient } = useSetPluginOAuthCustomClientHook(pluginPayload)
-  const invalidatePluginCredentialInfo = useInvalidPluginCredentialInfoHook(pluginPayload)
+  const invalidPluginCredentialInfo = useInvalidPluginCredentialInfoHook(pluginPayload)
+  const invalidPluginOAuthClientSchema = useInvalidPluginOAuthClientSchemaHook(pluginPayload)
   const formRef = useRef<FormRefObject>(null)
   const handleConfirm = useCallback(async () => {
     if (doingActionRef.current)
@@ -80,18 +90,42 @@ const OAuthClientSettings = ({
       })
 
       onClose?.()
-      invalidatePluginCredentialInfo()
+      invalidPluginCredentialInfo()
+      invalidPluginOAuthClientSchema()
     }
     finally {
       handleSetDoingAction(false)
     }
-  }, [onClose, invalidatePluginCredentialInfo, setPluginOAuthCustomClient, notify, t, handleSetDoingAction])
+  }, [onClose, invalidPluginCredentialInfo, invalidPluginOAuthClientSchema, setPluginOAuthCustomClient, notify, t, handleSetDoingAction])
 
   const handleConfirmAndAuthorize = useCallback(async () => {
     await handleConfirm()
     if (onAuth)
       await onAuth()
   }, [handleConfirm, onAuth])
+  const { mutateAsync: deletePluginOAuthCustomClient } = useDeletePluginOAuthCustomClientHook(pluginPayload)
+  const handleRemove = useCallback(async () => {
+    if (doingActionRef.current)
+      return
+
+    try {
+      handleSetDoingAction(true)
+      await deletePluginOAuthCustomClient()
+      notify({
+        type: 'success',
+        message: t('common.api.actionSuccess'),
+      })
+      invalidPluginCredentialInfo()
+      invalidPluginOAuthClientSchema()
+    }
+    finally {
+      handleSetDoingAction(false)
+    }
+  }, [invalidPluginCredentialInfo, invalidPluginOAuthClientSchema, deletePluginOAuthCustomClient, notify, t, handleSetDoingAction])
+  const form = useForm({
+    defaultValues: editValues || defaultValues,
+  })
+  const __oauth_client__ = useStore(form.store, s => s.values.__oauth_client__)
   return (
     <Modal
       title={t('plugin.auth.oauthClientSettings')}
@@ -105,8 +139,23 @@ const OAuthClientSettings = ({
       onCancel={handleConfirm}
       onConfirm={handleConfirmAndAuthorize}
       disabled={disabled || doingAction}
+      footerSlot={
+        __oauth_client__ === 'custom' && hasOriginalClientParams && (
+          <div className='grow'>
+            <Button
+              variant='secondary'
+              className='text-components-button-destructive-secondary-text'
+              disabled={disabled || doingAction || !editValues}
+              onClick={handleRemove}
+            >
+              {t('common.operation.remove')}
+            </Button>
+          </div>
+        )
+      }
     >
       <AuthForm
+        formFromProps={form}
         ref={formRef}
         formSchemas={schemas}
         defaultValues={editValues || defaultValues}
diff --git a/web/app/components/plugins/plugin-auth/hooks/use-credential.ts b/web/app/components/plugins/plugin-auth/hooks/use-credential.ts
index de1ec8a80d..5a7a497ad9 100644
--- a/web/app/components/plugins/plugin-auth/hooks/use-credential.ts
+++ b/web/app/components/plugins/plugin-auth/hooks/use-credential.ts
@@ -1,11 +1,13 @@
 import {
   useAddPluginCredential,
   useDeletePluginCredential,
+  useDeletePluginOAuthCustomClient,
   useGetPluginCredentialInfo,
   useGetPluginCredentialSchema,
   useGetPluginOAuthClientSchema,
   useGetPluginOAuthUrl,
   useInvalidPluginCredentialInfo,
+  useInvalidPluginOAuthClientSchema,
   useSetPluginDefaultCredential,
   useSetPluginOAuthCustomClient,
   useUpdatePluginCredential,
@@ -67,8 +69,20 @@ export const useGetPluginOAuthClientSchemaHook = (pluginPayload: PluginPayload)
   return useGetPluginOAuthClientSchema(apiMap.getOauthClientSchema)
 }
 
+export const useInvalidPluginOAuthClientSchemaHook = (pluginPayload: PluginPayload) => {
+  const apiMap = useGetApi(pluginPayload)
+
+  return useInvalidPluginOAuthClientSchema(apiMap.getOauthClientSchema)
+}
+
 export const useSetPluginOAuthCustomClientHook = (pluginPayload: PluginPayload) => {
   const apiMap = useGetApi(pluginPayload)
 
   return useSetPluginOAuthCustomClient(apiMap.setCustomOauthClient)
 }
+
+export const useDeletePluginOAuthCustomClientHook = (pluginPayload: PluginPayload) => {
+  const apiMap = useGetApi(pluginPayload)
+
+  return useDeletePluginOAuthCustomClient(apiMap.deleteCustomOAuthClient)
+}
diff --git a/web/app/components/plugins/plugin-auth/hooks/use-get-api.ts b/web/app/components/plugins/plugin-auth/hooks/use-get-api.ts
index 9b88cb0dad..14199ddc4d 100644
--- a/web/app/components/plugins/plugin-auth/hooks/use-get-api.ts
+++ b/web/app/components/plugins/plugin-auth/hooks/use-get-api.ts
@@ -20,6 +20,7 @@ export const useGetApi = ({ category = AuthCategory.tool, provider }: PluginPayl
       getOauthClientSchema: `/workspaces/current/tool-provider/builtin/${provider}/oauth/client-schema`,
       setCustomOauthClient: `/workspaces/current/tool-provider/builtin/${provider}/oauth/custom-client`,
       getCustomOAuthClientValues: `/workspaces/current/tool-provider/builtin/${provider}/oauth/custom-client`,
+      deleteCustomOAuthClient: `/workspaces/current/tool-provider/builtin/${provider}/oauth/custom-client`,
     }
   }
 
@@ -35,5 +36,6 @@ export const useGetApi = ({ category = AuthCategory.tool, provider }: PluginPayl
     getOauthClientSchema: '',
     setCustomOauthClient: '',
     getCustomOAuthClientValues: '',
+    deleteCustomOAuthClient: '',
   }
 }
diff --git a/web/service/use-plugins-auth.ts b/web/service/use-plugins-auth.ts
index 7c72455a53..2dc0260647 100644
--- a/web/service/use-plugins-auth.ts
+++ b/web/service/use-plugins-auth.ts
@@ -2,7 +2,7 @@ import {
   useMutation,
   useQuery,
 } from '@tanstack/react-query'
-import { get, post } from './base'
+import { del, get, post } from './base'
 import { useInvalid } from './use-base'
 import type {
   Credential,
@@ -131,6 +131,12 @@ export const useGetPluginOAuthClientSchema = (
   })
 }
 
+export const useInvalidPluginOAuthClientSchema = (
+  url: string,
+) => {
+  return useInvalid([NAME_SPACE, 'oauth-client-schema', url])
+}
+
 export const useSetPluginOAuthCustomClient = (
   url: string,
 ) => {
@@ -143,3 +149,13 @@ export const useSetPluginOAuthCustomClient = (
     },
   })
 }
+
+export const useDeletePluginOAuthCustomClient = (
+  url: string,
+) => {
+  return useMutation({
+    mutationFn: () => {
+      return del<{ result: string }>(url)
+    },
+  })
+}

From 498d8ab33c76b2b77a86f21aa6c72115af8cf5cb Mon Sep 17 00:00:00 2001
From: zxhlyh <jasonapring2015@outlook.com>
Date: Tue, 15 Jul 2025 15:49:23 +0800
Subject: [PATCH 16/25] fix

---
 .../base/form/components/base/base-form.tsx   |  6 +++---
 .../base/form/hooks/use-check-validated.ts    | 18 +++++++++++++---
 .../base/form/hooks/use-get-form-values.ts    |  7 +++----
 .../authorize/oauth-client-settings.tsx       | 21 ++++++++++---------
 4 files changed, 32 insertions(+), 20 deletions(-)

diff --git a/web/app/components/base/form/components/base/base-form.tsx b/web/app/components/base/form/components/base/base-form.tsx
index ee78561250..640d474b19 100644
--- a/web/app/components/base/form/components/base/base-form.tsx
+++ b/web/app/components/base/form/components/base/base-form.tsx
@@ -49,7 +49,7 @@ const BaseForm = ({
     defaultValues,
   })
   const form: any = formFromProps || formFromHook
-  const { getFormValues } = useGetFormValues(form)
+  const { getFormValues } = useGetFormValues(form, formSchemas)
   const { getValidators } = useGetValidators()
 
   useImperativeHandle(ref, () => {
@@ -58,10 +58,10 @@ const BaseForm = ({
         return form
       },
       getFormValues: (option) => {
-        return getFormValues(formSchemas, option)
+        return getFormValues(option)
       },
     }
-  }, [form, formSchemas, getFormValues])
+  }, [form, getFormValues])
 
   const renderField = useCallback((field: AnyFieldApi) => {
     const formSchema = formSchemas?.find(schema => schema.name === field.name)
diff --git a/web/app/components/base/form/hooks/use-check-validated.ts b/web/app/components/base/form/hooks/use-check-validated.ts
index ce2e524e07..3a6b9860fe 100644
--- a/web/app/components/base/form/hooks/use-check-validated.ts
+++ b/web/app/components/base/form/hooks/use-check-validated.ts
@@ -1,17 +1,29 @@
 import { useCallback } from 'react'
 import type { AnyFormApi } from '@tanstack/react-form'
 import { useToastContext } from '@/app/components/base/toast'
+import type { FormSchema } from '@/app/components/base/form/types'
 
-export const useCheckValidated = (form: AnyFormApi) => {
+export const useCheckValidated = (form: AnyFormApi, FormSchemas: FormSchema[]) => {
   const { notify } = useToastContext()
 
   const checkValidated = useCallback(() => {
     const allError = form?.getAllErrors()
+    const values = form.state.values
 
     if (allError) {
       const fields = allError.fields
       const errorArray = Object.keys(fields).reduce((acc: string[], key: string) => {
-        const errors: any[] = fields[key].errors
+        const currentSchema = FormSchemas.find(schema => schema.name === key)
+        const { show_on = [] } = currentSchema || {}
+        const showOnValues = show_on.reduce((acc, condition) => {
+          acc[condition.variable] = values[condition.variable]
+          return acc
+        }, {} as Record<string, any>)
+        const show = currentSchema?.show_on?.every((condition) => {
+          const conditionValue = showOnValues[condition.variable]
+          return conditionValue === condition.value
+        })
+        const errors: any[] = show ? fields[key].errors : []
 
         return [...acc, ...errors]
       }, [] as string[])
@@ -28,7 +40,7 @@ export const useCheckValidated = (form: AnyFormApi) => {
     }
 
     return true
-  }, [form, notify])
+  }, [form, notify, FormSchemas])
 
   return {
     checkValidated,
diff --git a/web/app/components/base/form/hooks/use-get-form-values.ts b/web/app/components/base/form/hooks/use-get-form-values.ts
index 918e6220bc..36100a724a 100644
--- a/web/app/components/base/form/hooks/use-get-form-values.ts
+++ b/web/app/components/base/form/hooks/use-get-form-values.ts
@@ -7,11 +7,10 @@ import type {
 } from '../types'
 import { getTransformedValuesWhenSecretInputPristine } from '../utils'
 
-export const useGetFormValues = (form: AnyFormApi) => {
-  const { checkValidated } = useCheckValidated(form)
+export const useGetFormValues = (form: AnyFormApi, formSchemas: FormSchema[]) => {
+  const { checkValidated } = useCheckValidated(form, formSchemas)
 
   const getFormValues = useCallback((
-    formSchemas: FormSchema[],
     {
       needCheckValidatedValues,
       needTransformWhenSecretFieldIsPristine,
@@ -37,7 +36,7 @@ export const useGetFormValues = (form: AnyFormApi) => {
         isCheckValidated: false,
       }
     }
-  }, [form, checkValidated])
+  }, [form, checkValidated, formSchemas])
 
   return {
     getFormValues,
diff --git a/web/app/components/plugins/plugin-auth/authorize/oauth-client-settings.tsx b/web/app/components/plugins/plugin-auth/authorize/oauth-client-settings.tsx
index 71bc0d29c9..6f80570627 100644
--- a/web/app/components/plugins/plugin-auth/authorize/oauth-client-settings.tsx
+++ b/web/app/components/plugins/plugin-auth/authorize/oauth-client-settings.tsx
@@ -63,17 +63,17 @@ const OAuthClientSettings = ({
   const handleConfirm = useCallback(async () => {
     if (doingActionRef.current)
       return
-    const {
-      isCheckValidated,
-      values,
-    } = formRef.current?.getFormValues({
-      needCheckValidatedValues: true,
-      needTransformWhenSecretFieldIsPristine: true,
-    }) || { isCheckValidated: false, values: {} }
-    if (!isCheckValidated)
-      return
 
     try {
+      const {
+        isCheckValidated,
+        values,
+      } = formRef.current?.getFormValues({
+        needCheckValidatedValues: true,
+        needTransformWhenSecretFieldIsPristine: true,
+      }) || { isCheckValidated: false, values: {} }
+      if (!isCheckValidated)
+        throw new Error('error')
       const {
         __oauth_client__,
         ...restValues
@@ -115,13 +115,14 @@ const OAuthClientSettings = ({
         type: 'success',
         message: t('common.api.actionSuccess'),
       })
+      onClose?.()
       invalidPluginCredentialInfo()
       invalidPluginOAuthClientSchema()
     }
     finally {
       handleSetDoingAction(false)
     }
-  }, [invalidPluginCredentialInfo, invalidPluginOAuthClientSchema, deletePluginOAuthCustomClient, notify, t, handleSetDoingAction])
+  }, [invalidPluginCredentialInfo, invalidPluginOAuthClientSchema, deletePluginOAuthCustomClient, notify, t, handleSetDoingAction, onClose])
   const form = useForm({
     defaultValues: editValues || defaultValues,
   })

From e4cf6a497b500c077ba36fb28c50a4d5753fbcc8 Mon Sep 17 00:00:00 2001
From: zxhlyh <jasonapring2015@outlook.com>
Date: Tue, 15 Jul 2025 17:37:50 +0800
Subject: [PATCH 17/25] fix

---
 web/app/components/base/form/hooks/use-check-validated.ts | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/web/app/components/base/form/hooks/use-check-validated.ts b/web/app/components/base/form/hooks/use-check-validated.ts
index 3a6b9860fe..b4f3ec2b9a 100644
--- a/web/app/components/base/form/hooks/use-check-validated.ts
+++ b/web/app/components/base/form/hooks/use-check-validated.ts
@@ -19,7 +19,7 @@ export const useCheckValidated = (form: AnyFormApi, FormSchemas: FormSchema[]) =
           acc[condition.variable] = values[condition.variable]
           return acc
         }, {} as Record<string, any>)
-        const show = currentSchema?.show_on?.every((condition) => {
+        const show = show_on?.every((condition) => {
           const conditionValue = showOnValues[condition.variable]
           return conditionValue === condition.value
         })

From 67b5d7339946f879ba0e5a1d6ee5fac7fe9dfc55 Mon Sep 17 00:00:00 2001
From: zxhlyh <jasonapring2015@outlook.com>
Date: Tue, 15 Jul 2025 18:03:27 +0800
Subject: [PATCH 18/25] fix

---
 .../plugins/plugin-auth/authorize/api-key-modal.tsx       | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/web/app/components/plugins/plugin-auth/authorize/api-key-modal.tsx b/web/app/components/plugins/plugin-auth/authorize/api-key-modal.tsx
index 03849f1d66..672f7681f6 100644
--- a/web/app/components/plugins/plugin-auth/authorize/api-key-modal.tsx
+++ b/web/app/components/plugins/plugin-auth/authorize/api-key-modal.tsx
@@ -63,7 +63,7 @@ const ApiKeyModal = ({
       acc[schema.name] = schema.default
     return acc
   }, {} as Record<string, any>)
-  const secretInput = formSchemas.find(schema => schema.type === FormTypeEnum.secretInput)
+  const helpField = formSchemas.find(schema => schema.url && schema.help)
   const renderI18nObject = useRenderI18nObject()
   const { mutateAsync: addPluginCredential } = useAddPluginCredentialHook(pluginPayload)
   const { mutateAsync: updatePluginCredential } = useUpdatePluginCredentialHook(pluginPayload)
@@ -125,13 +125,13 @@ const ApiKeyModal = ({
       onClose={onClose}
       onCancel={onClose}
       footerSlot={
-        secretInput && (
+        helpField && (
           <a
             className='system-xs-regular flex h-8 grow items-center text-text-accent'
-            href={secretInput?.url}
+            href={helpField?.url}
             target='_blank'
           >
-            {renderI18nObject(secretInput?.help as any)}
+            {renderI18nObject(helpField?.help as any)}
             <RiExternalLinkLine className='ml-1 h-3 w-3' />
           </a>
         )

From e1bb6c00dfb0089ddd5cf523d4693d22f57b2fa1 Mon Sep 17 00:00:00 2001
From: zxhlyh <jasonapring2015@outlook.com>
Date: Tue, 15 Jul 2025 18:23:13 +0800
Subject: [PATCH 19/25] fix

---
 .../authorize/oauth-client-settings.tsx       | 31 ++++++++++++++-----
 1 file changed, 24 insertions(+), 7 deletions(-)

diff --git a/web/app/components/plugins/plugin-auth/authorize/oauth-client-settings.tsx b/web/app/components/plugins/plugin-auth/authorize/oauth-client-settings.tsx
index 6f80570627..12095cb8e2 100644
--- a/web/app/components/plugins/plugin-auth/authorize/oauth-client-settings.tsx
+++ b/web/app/components/plugins/plugin-auth/authorize/oauth-client-settings.tsx
@@ -4,6 +4,7 @@ import {
   useRef,
   useState,
 } from 'react'
+import { RiExternalLinkLine } from '@remixicon/react'
 import {
   useForm,
   useStore,
@@ -24,6 +25,7 @@ import type {
 } from '@/app/components/base/form/types'
 import { useToastContext } from '@/app/components/base/toast'
 import Button from '@/app/components/base/button'
+import { useRenderI18nObject } from '@/hooks/use-i18n'
 
 type OAuthClientSettingsProps = {
   pluginPayload: PluginPayload
@@ -127,6 +129,8 @@ const OAuthClientSettings = ({
     defaultValues: editValues || defaultValues,
   })
   const __oauth_client__ = useStore(form.store, s => s.values.__oauth_client__)
+  const helpField = schemas.find(schema => schema.url && schema.help)
+  const renderI18nObject = useRenderI18nObject()
   return (
     <Modal
       title={t('plugin.auth.oauthClientSettings')}
@@ -155,13 +159,26 @@ const OAuthClientSettings = ({
         )
       }
     >
-      <AuthForm
-        formFromProps={form}
-        ref={formRef}
-        formSchemas={schemas}
-        defaultValues={editValues || defaultValues}
-        disabled={disabled}
-      />
+      <>
+        <AuthForm
+          formFromProps={form}
+          ref={formRef}
+          formSchemas={schemas}
+          defaultValues={editValues || defaultValues}
+          disabled={disabled}
+        />
+        {
+          helpField && __oauth_client__ === 'custom' && (
+          <a
+            className='system-xs-regular mt-4 flex h-4 items-center text-text-accent'
+            href={helpField?.url}
+            target='_blank'
+          >
+            {renderI18nObject(helpField?.help as any)}
+            <RiExternalLinkLine className='ml-1 h-3 w-3' />
+          </a>
+        )}
+      </>
     </Modal>
   )
 }

From 0dcdfd6de39053fef82ac7829621d0f1265fa6a8 Mon Sep 17 00:00:00 2001
From: Yeuoly <admin@srmxy.cn>
Date: Tue, 15 Jul 2025 19:12:51 +0800
Subject: [PATCH 20/25] refactor: improve OAuth client configuration logic and
 logging in add-oauth-button component

---
 .../authorize/add-oauth-button.tsx            | 23 ++++++++++++++++---
 1 file changed, 20 insertions(+), 3 deletions(-)

diff --git a/web/app/components/plugins/plugin-auth/authorize/add-oauth-button.tsx b/web/app/components/plugins/plugin-auth/authorize/add-oauth-button.tsx
index 4db2d44156..a2e9339d33 100644
--- a/web/app/components/plugins/plugin-auth/authorize/add-oauth-button.tsx
+++ b/web/app/components/plugins/plugin-auth/authorize/add-oauth-button.tsx
@@ -5,6 +5,7 @@ import {
   useState,
 } from 'react'
 import { useTranslation } from 'react-i18next'
+import { IS_CE_EDITION } from '@/config'
 import {
   RiClipboardLine,
   RiEqualizer2Line,
@@ -59,8 +60,7 @@ const AddOAuthButton = ({
     client_params,
     redirect_uri,
   } = data || {}
-
-  const isConfigured = is_system_oauth_params_exists || !!client_params
+  const isConfigured = is_system_oauth_params_exists || Object.keys(client_params || {}).length > 0
   const invalidatePluginCredentialInfo = useInvalidPluginCredentialInfoHook(pluginPayload)
   const handleOAuth = useCallback(async () => {
     const { authorization_url } = await getPluginOAuthUrl()
@@ -155,6 +155,23 @@ const AddOAuthButton = ({
     return result
   }, [schema, renderCustomLabel, t, is_system_oauth_params_exists, is_oauth_custom_client_enabled, client_params])
 
+  const __auth_client__ = useMemo(() => {
+    if (!isConfigured) {
+      if (IS_CE_EDITION)
+        return 'custom'
+
+      return 'default'
+    }
+ else {
+      if (is_oauth_custom_client_enabled)
+        return 'custom'
+
+      return 'default'
+    }
+  }, [isConfigured, is_oauth_custom_client_enabled])
+
+  console.log('__auth_client__', __auth_client__)
+
   return (
     <>
       {
@@ -228,7 +245,7 @@ const AddOAuthButton = ({
             onAuth={handleOAuth}
             editValues={{
               ...client_params,
-              __oauth_client__: is_oauth_custom_client_enabled ? 'custom' : 'default',
+              __oauth_client__: __auth_client__,
             }}
             hasOriginalClientParams={Object.keys(client_params || {}).length > 0}
           />

From 3f65117007f39e1e63f9f4b35dbc0e5b3f6c4572 Mon Sep 17 00:00:00 2001
From: zxhlyh <jasonapring2015@outlook.com>
Date: Wed, 16 Jul 2025 11:28:17 +0800
Subject: [PATCH 21/25] fix: style

---
 .../authorize/add-api-key-button.tsx          |  2 +-
 .../authorize/add-oauth-button.tsx            | 21 +++++++++-------
 .../plugins/plugin-auth/authorize/index.tsx   | 20 +++++++++------
 .../plugins/plugin-auth/plugin-auth.tsx       |  7 ++++--
 .../_base/components/workflow-panel/index.tsx | 25 ++++++++-----------
 5 files changed, 41 insertions(+), 34 deletions(-)

diff --git a/web/app/components/plugins/plugin-auth/authorize/add-api-key-button.tsx b/web/app/components/plugins/plugin-auth/authorize/add-api-key-button.tsx
index ad15a37d5c..4de5110e65 100644
--- a/web/app/components/plugins/plugin-auth/authorize/add-api-key-button.tsx
+++ b/web/app/components/plugins/plugin-auth/authorize/add-api-key-button.tsx
@@ -24,7 +24,7 @@ const AddApiKeyButton = ({
   return (
     <>
       <Button
-        className='w-0 grow'
+        className='w-full'
         variant={buttonVariant}
         onClick={() => setIsApiKeyModalOpen(true)}
         disabled={disabled}
diff --git a/web/app/components/plugins/plugin-auth/authorize/add-oauth-button.tsx b/web/app/components/plugins/plugin-auth/authorize/add-oauth-button.tsx
index a2e9339d33..f9061a6045 100644
--- a/web/app/components/plugins/plugin-auth/authorize/add-oauth-button.tsx
+++ b/web/app/components/plugins/plugin-auth/authorize/add-oauth-button.tsx
@@ -162,7 +162,7 @@ const AddOAuthButton = ({
 
       return 'default'
     }
- else {
+    else {
       if (is_oauth_custom_client_enabled)
         return 'custom'
 
@@ -170,8 +170,6 @@ const AddOAuthButton = ({
     }
   }, [isConfigured, is_oauth_custom_client_enabled])
 
-  console.log('__auth_client__', __auth_client__)
-
   return (
     <>
       {
@@ -179,22 +177,27 @@ const AddOAuthButton = ({
           <Button
             variant={buttonVariant}
             className={cn(
-              'w-0 grow px-0 py-0 hover:bg-components-button-primary-bg',
+              'w-full py-0 pl-0.5 pr-0 hover:bg-components-button-primary-bg',
               className,
             )}
             disabled={disabled}
             onClick={handleOAuth}
           >
             <div className={cn(
-              'flex h-full grow items-center justify-center rounded-l-lg hover:bg-components-button-primary-bg-hover',
+              'flex h-full w-0 grow items-center justify-center rounded-l-lg hover:bg-components-button-primary-bg-hover',
               buttonLeftClassName,
             )}>
-              {buttonText}
+              <div
+                className='truncate'
+                title={buttonText}
+              >
+                {buttonText}
+              </div>
               {
                 is_oauth_custom_client_enabled && (
                   <Badge
                     className={cn(
-                      'ml-1',
+                      'ml-1 mr-0.5',
                       buttonVariant === 'primary' && 'border-text-primary-on-surface bg-components-badge-bg-dimm text-text-primary-on-surface',
                     )}
                   >
@@ -204,7 +207,7 @@ const AddOAuthButton = ({
               }
             </div>
             <div className={cn(
-              'h-4 w-[1px] bg-text-primary-on-surface opacity-[0.15]',
+              'h-4 w-[1px] shrink-0 bg-text-primary-on-surface opacity-[0.15]',
               dividerClassName,
             )}></div>
             <div
@@ -228,7 +231,7 @@ const AddOAuthButton = ({
             variant={buttonVariant}
             onClick={() => setIsOAuthSettingsOpen(true)}
             disabled={disabled}
-            className='w-0 grow'
+            className='w-full'
           >
             <RiEqualizer2Line className='mr-0.5 h-4 w-4' />
             {t('plugin.auth.setupOAuth')}
diff --git a/web/app/components/plugins/plugin-auth/authorize/index.tsx b/web/app/components/plugins/plugin-auth/authorize/index.tsx
index 80f1656fb8..0552708e1e 100644
--- a/web/app/components/plugins/plugin-auth/authorize/index.tsx
+++ b/web/app/components/plugins/plugin-auth/authorize/index.tsx
@@ -65,10 +65,12 @@ const Authorize = ({
       <div className='flex items-center space-x-1.5'>
         {
           canOAuth && (
-            <AddOAuthButton
-              {...oAuthButtonProps}
-              disabled={disabled}
-            />
+            <div className='min-w-0 flex-[1]'>
+              <AddOAuthButton
+                {...oAuthButtonProps}
+                disabled={disabled}
+              />
+            </div>
           )
         }
         {
@@ -82,10 +84,12 @@ const Authorize = ({
         }
         {
           canApiKey && (
-            <AddApiKeyButton
-              {...apiKeyButtonProps}
-              disabled={disabled}
-            />
+            <div className='min-w-0 flex-[1]'>
+              <AddApiKeyButton
+                {...apiKeyButtonProps}
+                disabled={disabled}
+              />
+            </div>
           )
         }
       </div>
diff --git a/web/app/components/plugins/plugin-auth/plugin-auth.tsx b/web/app/components/plugins/plugin-auth/plugin-auth.tsx
index 5056105641..b50cf1e662 100644
--- a/web/app/components/plugins/plugin-auth/plugin-auth.tsx
+++ b/web/app/components/plugins/plugin-auth/plugin-auth.tsx
@@ -3,14 +3,17 @@ import Authorize from './authorize'
 import Authorized from './authorized'
 import type { PluginPayload } from './types'
 import { usePluginAuth } from './hooks/use-plugin-auth'
+import cn from '@/utils/classnames'
 
 type PluginAuthProps = {
   pluginPayload: PluginPayload
   children?: React.ReactNode
+  className?: string
 }
 const PluginAuth = ({
   pluginPayload,
   children,
+  className,
 }: PluginAuthProps) => {
   const {
     isAuthorized,
@@ -21,7 +24,7 @@ const PluginAuth = ({
   } = usePluginAuth(pluginPayload, !!pluginPayload.provider)
 
   return (
-    <>
+    <div className={cn(!isAuthorized && className)}>
       {
         !isAuthorized && (
           <Authorize
@@ -46,7 +49,7 @@ const PluginAuth = ({
       {
         isAuthorized && children
       }
-    </>
+    </div>
   )
 }
 
diff --git a/web/app/components/workflow/nodes/_base/components/workflow-panel/index.tsx b/web/app/components/workflow/nodes/_base/components/workflow-panel/index.tsx
index 01d8e95272..987c013c82 100644
--- a/web/app/components/workflow/nodes/_base/components/workflow-panel/index.tsx
+++ b/web/app/components/workflow/nodes/_base/components/workflow-panel/index.tsx
@@ -232,7 +232,7 @@ const BasePanel: FC<BasePanelProps> = ({
     return buildInTools.find(item => canFindTool(item.id, data.provider_id))
   }, [buildInTools, data.provider_id])
   const showPluginAuth = useMemo(() => {
-    return data.type === BlockEnum.Tool && currCollection?.allow_delete && !currCollection.is_team_authorization
+    return data.type === BlockEnum.Tool && currCollection?.allow_delete
   }, [currCollection, data.type])
   const handleAuthorizationItemClick = useCallback((credential_id: string) => {
     handleNodeDataUpdate({
@@ -378,16 +378,25 @@ const BasePanel: FC<BasePanelProps> = ({
           {
             showPluginAuth && (
               <PluginAuth
+                className='px-4 pb-2'
                 pluginPayload={{
                   provider: currCollection?.name || '',
                   category: AuthCategory.tool,
                 }}
               >
-                <div className='pl-4'>
+                <div className='flex items-center justify-between pl-4 pr-3'>
                   <Tab
                     value={tabType}
                     onChange={setTabType}
                   />
+                  <AuthorizedInNode
+                    pluginPayload={{
+                      provider: currCollection?.name || '',
+                      category: AuthCategory.tool,
+                    }}
+                    onAuthorizationItemClick={handleAuthorizationItemClick}
+                    credentialId={data.credential_id}
+                  />
                 </div>
               </PluginAuth>
             )
@@ -399,18 +408,6 @@ const BasePanel: FC<BasePanelProps> = ({
                   value={tabType}
                   onChange={setTabType}
                 />
-                {
-                  currCollection?.allow_delete && (
-                    <AuthorizedInNode
-                      pluginPayload={{
-                        provider: currCollection?.name || '',
-                        category: AuthCategory.tool,
-                      }}
-                      onAuthorizationItemClick={handleAuthorizationItemClick}
-                      credentialId={data.credential_id}
-                    />
-                  )
-                }
               </div>
             )
           }

From 686b4b8e0e41437b119f1367ddc0567d0eeff5ac Mon Sep 17 00:00:00 2001
From: zxhlyh <jasonapring2015@outlook.com>
Date: Wed, 16 Jul 2025 13:58:17 +0800
Subject: [PATCH 22/25] fix: style

---
 .../plugin-auth/authorize/add-api-key-button.tsx |  3 +++
 .../plugin-auth/authorize/add-oauth-button.tsx   | 13 +++++++------
 .../plugin-auth/authorize/api-key-modal.tsx      |  8 ++++----
 .../plugins/plugin-auth/authorize/index.tsx      |  4 ++++
 .../authorize/oauth-client-settings.tsx          | 12 ++++++------
 .../plugins/plugin-auth/authorized-in-node.tsx   |  2 ++
 .../plugins/plugin-auth/authorized/index.tsx     | 16 ++++++++--------
 .../plugins/plugin-auth/hooks/use-plugin-auth.ts |  7 ++++++-
 .../plugins/plugin-auth/plugin-auth-in-agent.tsx |  3 +++
 .../plugins/plugin-auth/plugin-auth.tsx          |  3 +++
 10 files changed, 46 insertions(+), 25 deletions(-)

diff --git a/web/app/components/plugins/plugin-auth/authorize/add-api-key-button.tsx b/web/app/components/plugins/plugin-auth/authorize/add-api-key-button.tsx
index 4de5110e65..295fc4fa9d 100644
--- a/web/app/components/plugins/plugin-auth/authorize/add-api-key-button.tsx
+++ b/web/app/components/plugins/plugin-auth/authorize/add-api-key-button.tsx
@@ -12,12 +12,14 @@ export type AddApiKeyButtonProps = {
   buttonVariant?: ButtonProps['variant']
   buttonText?: string
   disabled?: boolean
+  onUpdate?: () => void
 }
 const AddApiKeyButton = ({
   pluginPayload,
   buttonVariant = 'secondary-accent',
   buttonText = 'use api key',
   disabled,
+  onUpdate,
 }: AddApiKeyButtonProps) => {
   const [isApiKeyModalOpen, setIsApiKeyModalOpen] = useState(false)
 
@@ -36,6 +38,7 @@ const AddApiKeyButton = ({
           <ApiKeyModal
             pluginPayload={pluginPayload}
             onClose={() => setIsApiKeyModalOpen(false)}
+            onUpdate={onUpdate}
           />
         )
       }
diff --git a/web/app/components/plugins/plugin-auth/authorize/add-oauth-button.tsx b/web/app/components/plugins/plugin-auth/authorize/add-oauth-button.tsx
index f9061a6045..5cb474f1bb 100644
--- a/web/app/components/plugins/plugin-auth/authorize/add-oauth-button.tsx
+++ b/web/app/components/plugins/plugin-auth/authorize/add-oauth-button.tsx
@@ -21,7 +21,6 @@ import Badge from '@/app/components/base/badge'
 import {
   useGetPluginOAuthClientSchemaHook,
   useGetPluginOAuthUrlHook,
-  useInvalidPluginCredentialInfoHook,
 } from '../hooks/use-credential'
 import type { FormSchema } from '@/app/components/base/form/types'
 import { FormTypeEnum } from '@/app/components/base/form/types'
@@ -37,6 +36,7 @@ export type AddOAuthButtonProps = {
   buttonRightClassName?: string
   dividerClassName?: string
   disabled?: boolean
+  onUpdate?: () => void
 }
 const AddOAuthButton = ({
   pluginPayload,
@@ -47,6 +47,7 @@ const AddOAuthButton = ({
   buttonRightClassName,
   dividerClassName,
   disabled,
+  onUpdate,
 }: AddOAuthButtonProps) => {
   const { t } = useTranslation()
   const renderI18nObject = useRenderI18nObject()
@@ -61,17 +62,16 @@ const AddOAuthButton = ({
     redirect_uri,
   } = data || {}
   const isConfigured = is_system_oauth_params_exists || Object.keys(client_params || {}).length > 0
-  const invalidatePluginCredentialInfo = useInvalidPluginCredentialInfoHook(pluginPayload)
   const handleOAuth = useCallback(async () => {
     const { authorization_url } = await getPluginOAuthUrl()
 
     if (authorization_url) {
       openOAuthPopup(
         authorization_url,
-        invalidatePluginCredentialInfo,
+        () => onUpdate?.(),
       )
     }
-  }, [getPluginOAuthUrl, invalidatePluginCredentialInfo])
+  }, [getPluginOAuthUrl, onUpdate])
 
   const renderCustomLabel = useCallback((item: FormSchema) => {
     return (
@@ -177,14 +177,14 @@ const AddOAuthButton = ({
           <Button
             variant={buttonVariant}
             className={cn(
-              'w-full py-0 pl-0.5 pr-0 hover:bg-components-button-primary-bg',
+              'w-full px-0 py-0 hover:bg-components-button-primary-bg',
               className,
             )}
             disabled={disabled}
             onClick={handleOAuth}
           >
             <div className={cn(
-              'flex h-full w-0 grow items-center justify-center rounded-l-lg hover:bg-components-button-primary-bg-hover',
+              'flex h-full w-0 grow items-center justify-center rounded-l-lg pl-0.5 hover:bg-components-button-primary-bg-hover',
               buttonLeftClassName,
             )}>
               <div
@@ -251,6 +251,7 @@ const AddOAuthButton = ({
               __oauth_client__: __auth_client__,
             }}
             hasOriginalClientParams={Object.keys(client_params || {}).length > 0}
+            onUpdate={onUpdate}
           />
         )
       }
diff --git a/web/app/components/plugins/plugin-auth/authorize/api-key-modal.tsx b/web/app/components/plugins/plugin-auth/authorize/api-key-modal.tsx
index 672f7681f6..e748dd4fd0 100644
--- a/web/app/components/plugins/plugin-auth/authorize/api-key-modal.tsx
+++ b/web/app/components/plugins/plugin-auth/authorize/api-key-modal.tsx
@@ -19,7 +19,6 @@ import type { PluginPayload } from '../types'
 import {
   useAddPluginCredentialHook,
   useGetPluginCredentialSchemaHook,
-  useInvalidPluginCredentialInfoHook,
   useUpdatePluginCredentialHook,
 } from '../hooks/use-credential'
 import { useRenderI18nObject } from '@/hooks/use-i18n'
@@ -30,6 +29,7 @@ export type ApiKeyModalProps = {
   editValues?: Record<string, any>
   onRemove?: () => void
   disabled?: boolean
+  onUpdate?: () => void
 }
 const ApiKeyModal = ({
   pluginPayload,
@@ -37,6 +37,7 @@ const ApiKeyModal = ({
   editValues,
   onRemove,
   disabled,
+  onUpdate,
 }: ApiKeyModalProps) => {
   const { t } = useTranslation()
   const { notify } = useToastContext()
@@ -67,7 +68,6 @@ const ApiKeyModal = ({
   const renderI18nObject = useRenderI18nObject()
   const { mutateAsync: addPluginCredential } = useAddPluginCredentialHook(pluginPayload)
   const { mutateAsync: updatePluginCredential } = useUpdatePluginCredentialHook(pluginPayload)
-  const invalidatePluginCredentialInfo = useInvalidPluginCredentialInfoHook(pluginPayload)
   const formRef = useRef<FormRefObject>(null)
   const handleConfirm = useCallback(async () => {
     if (doingActionRef.current)
@@ -110,12 +110,12 @@ const ApiKeyModal = ({
       })
 
       onClose?.()
-      invalidatePluginCredentialInfo()
+      onUpdate?.()
     }
     finally {
       handleSetDoingAction(false)
     }
-  }, [addPluginCredential, onClose, invalidatePluginCredentialInfo, updatePluginCredential, notify, t, editValues, handleSetDoingAction])
+  }, [addPluginCredential, onClose, onUpdate, updatePluginCredential, notify, t, editValues, handleSetDoingAction])
 
   return (
     <Modal
diff --git a/web/app/components/plugins/plugin-auth/authorize/index.tsx b/web/app/components/plugins/plugin-auth/authorize/index.tsx
index 0552708e1e..f430d8d48e 100644
--- a/web/app/components/plugins/plugin-auth/authorize/index.tsx
+++ b/web/app/components/plugins/plugin-auth/authorize/index.tsx
@@ -16,6 +16,7 @@ type AuthorizeProps = {
   canOAuth?: boolean
   canApiKey?: boolean
   disabled?: boolean
+  onUpdate?: () => void
 }
 const Authorize = ({
   pluginPayload,
@@ -24,6 +25,7 @@ const Authorize = ({
   canOAuth,
   canApiKey,
   disabled,
+  onUpdate,
 }: AuthorizeProps) => {
   const { t } = useTranslation()
   const oAuthButtonProps: AddOAuthButtonProps = useMemo(() => {
@@ -69,6 +71,7 @@ const Authorize = ({
               <AddOAuthButton
                 {...oAuthButtonProps}
                 disabled={disabled}
+                onUpdate={onUpdate}
               />
             </div>
           )
@@ -88,6 +91,7 @@ const Authorize = ({
               <AddApiKeyButton
                 {...apiKeyButtonProps}
                 disabled={disabled}
+                onUpdate={onUpdate}
               />
             </div>
           )
diff --git a/web/app/components/plugins/plugin-auth/authorize/oauth-client-settings.tsx b/web/app/components/plugins/plugin-auth/authorize/oauth-client-settings.tsx
index 12095cb8e2..b143c18d82 100644
--- a/web/app/components/plugins/plugin-auth/authorize/oauth-client-settings.tsx
+++ b/web/app/components/plugins/plugin-auth/authorize/oauth-client-settings.tsx
@@ -13,7 +13,6 @@ import { useTranslation } from 'react-i18next'
 import Modal from '@/app/components/base/modal/modal'
 import {
   useDeletePluginOAuthCustomClientHook,
-  useInvalidPluginCredentialInfoHook,
   useInvalidPluginOAuthClientSchemaHook,
   useSetPluginOAuthCustomClientHook,
 } from '../hooks/use-credential'
@@ -35,6 +34,7 @@ type OAuthClientSettingsProps = {
   schemas: FormSchema[]
   onAuth?: () => Promise<void>
   hasOriginalClientParams?: boolean
+  onUpdate?: () => void
 }
 const OAuthClientSettings = ({
   pluginPayload,
@@ -44,6 +44,7 @@ const OAuthClientSettings = ({
   schemas,
   onAuth,
   hasOriginalClientParams,
+  onUpdate,
 }: OAuthClientSettingsProps) => {
   const { t } = useTranslation()
   const { notify } = useToastContext()
@@ -59,7 +60,6 @@ const OAuthClientSettings = ({
     return acc
   }, {} as Record<string, any>)
   const { mutateAsync: setPluginOAuthCustomClient } = useSetPluginOAuthCustomClientHook(pluginPayload)
-  const invalidPluginCredentialInfo = useInvalidPluginCredentialInfoHook(pluginPayload)
   const invalidPluginOAuthClientSchema = useInvalidPluginOAuthClientSchemaHook(pluginPayload)
   const formRef = useRef<FormRefObject>(null)
   const handleConfirm = useCallback(async () => {
@@ -92,13 +92,13 @@ const OAuthClientSettings = ({
       })
 
       onClose?.()
-      invalidPluginCredentialInfo()
+      onUpdate?.()
       invalidPluginOAuthClientSchema()
     }
     finally {
       handleSetDoingAction(false)
     }
-  }, [onClose, invalidPluginCredentialInfo, invalidPluginOAuthClientSchema, setPluginOAuthCustomClient, notify, t, handleSetDoingAction])
+  }, [onClose, onUpdate, invalidPluginOAuthClientSchema, setPluginOAuthCustomClient, notify, t, handleSetDoingAction])
 
   const handleConfirmAndAuthorize = useCallback(async () => {
     await handleConfirm()
@@ -118,13 +118,13 @@ const OAuthClientSettings = ({
         message: t('common.api.actionSuccess'),
       })
       onClose?.()
-      invalidPluginCredentialInfo()
+      onUpdate?.()
       invalidPluginOAuthClientSchema()
     }
     finally {
       handleSetDoingAction(false)
     }
-  }, [invalidPluginCredentialInfo, invalidPluginOAuthClientSchema, deletePluginOAuthCustomClient, notify, t, handleSetDoingAction, onClose])
+  }, [onUpdate, invalidPluginOAuthClientSchema, deletePluginOAuthCustomClient, notify, t, handleSetDoingAction, onClose])
   const form = useForm({
     defaultValues: editValues || defaultValues,
   })
diff --git a/web/app/components/plugins/plugin-auth/authorized-in-node.tsx b/web/app/components/plugins/plugin-auth/authorized-in-node.tsx
index 1b6e090a44..79189fa585 100644
--- a/web/app/components/plugins/plugin-auth/authorized-in-node.tsx
+++ b/web/app/components/plugins/plugin-auth/authorized-in-node.tsx
@@ -34,6 +34,7 @@ const AuthorizedInNode = ({
     canOAuth,
     credentials,
     disabled,
+    invalidPluginCredentialInfo,
   } = usePluginAuth(pluginPayload, isOpen || !!credentialId)
   const renderTrigger = useCallback((open?: boolean) => {
     let label = ''
@@ -104,6 +105,7 @@ const AuthorizedInNode = ({
       extraAuthorizationItems={extraAuthorizationItems}
       showItemSelectedIcon
       selectedCredentialId={credentialId || '__workspace_default__'}
+      onUpdate={invalidPluginCredentialInfo}
     />
   )
 }
diff --git a/web/app/components/plugins/plugin-auth/authorized/index.tsx b/web/app/components/plugins/plugin-auth/authorized/index.tsx
index 07b5db9524..57da2148fe 100644
--- a/web/app/components/plugins/plugin-auth/authorized/index.tsx
+++ b/web/app/components/plugins/plugin-auth/authorized/index.tsx
@@ -29,7 +29,6 @@ import { useToastContext } from '@/app/components/base/toast'
 import type { PluginPayload } from '../types'
 import {
   useDeletePluginCredentialHook,
-  useInvalidPluginCredentialInfoHook,
   useSetPluginDefaultCredentialHook,
   useUpdatePluginCredentialHook,
 } from '../hooks/use-credential'
@@ -52,6 +51,7 @@ type AuthorizedProps = {
   extraAuthorizationItems?: Credential[]
   showItemSelectedIcon?: boolean
   selectedCredentialId?: string
+  onUpdate?: () => void
 }
 const Authorized = ({
   pluginPayload,
@@ -71,6 +71,7 @@ const Authorized = ({
   extraAuthorizationItems,
   showItemSelectedIcon,
   selectedCredentialId,
+  onUpdate,
 }: AuthorizedProps) => {
   const { t } = useTranslation()
   const { notify } = useToastContext()
@@ -87,7 +88,6 @@ const Authorized = ({
   const pendingOperationCredentialId = useRef<string | null>(null)
   const [deleteCredentialId, setDeleteCredentialId] = useState<string | null>(null)
   const { mutateAsync: deletePluginCredential } = useDeletePluginCredentialHook(pluginPayload)
-  const invalidatePluginCredentialInfo = useInvalidPluginCredentialInfoHook(pluginPayload)
   const openConfirm = useCallback((credentialId?: string) => {
     if (credentialId)
       pendingOperationCredentialId.current = credentialId
@@ -118,14 +118,14 @@ const Authorized = ({
         type: 'success',
         message: t('common.api.actionSuccess'),
       })
-      invalidatePluginCredentialInfo()
+      onUpdate?.()
       setDeleteCredentialId(null)
       pendingOperationCredentialId.current = null
     }
     finally {
       handleSetDoingAction(false)
     }
-  }, [deletePluginCredential, invalidatePluginCredentialInfo, notify, t, handleSetDoingAction])
+  }, [deletePluginCredential, onUpdate, notify, t, handleSetDoingAction])
   const [editValues, setEditValues] = useState<Record<string, any> | null>(null)
   const handleEdit = useCallback((id: string, values: Record<string, any>) => {
     pendingOperationCredentialId.current = id
@@ -145,12 +145,12 @@ const Authorized = ({
         type: 'success',
         message: t('common.api.actionSuccess'),
       })
-      invalidatePluginCredentialInfo()
+      onUpdate?.()
     }
     finally {
       handleSetDoingAction(false)
     }
-  }, [setPluginDefaultCredential, invalidatePluginCredentialInfo, notify, t, handleSetDoingAction])
+  }, [setPluginDefaultCredential, onUpdate, notify, t, handleSetDoingAction])
   const { mutateAsync: updatePluginCredential } = useUpdatePluginCredentialHook(pluginPayload)
   const handleRename = useCallback(async (payload: {
       credential_id: string
@@ -165,12 +165,12 @@ const Authorized = ({
         type: 'success',
         message: t('common.api.actionSuccess'),
       })
-      invalidatePluginCredentialInfo()
+      onUpdate?.()
     }
     finally {
       handleSetDoingAction(false)
     }
-  }, [updatePluginCredential, notify, t, handleSetDoingAction, invalidatePluginCredentialInfo])
+  }, [updatePluginCredential, notify, t, handleSetDoingAction, onUpdate])
 
   return (
     <>
diff --git a/web/app/components/plugins/plugin-auth/hooks/use-plugin-auth.ts b/web/app/components/plugins/plugin-auth/hooks/use-plugin-auth.ts
index 67d19e3de1..e449a4bb65 100644
--- a/web/app/components/plugins/plugin-auth/hooks/use-plugin-auth.ts
+++ b/web/app/components/plugins/plugin-auth/hooks/use-plugin-auth.ts
@@ -1,5 +1,8 @@
 import { useAppContext } from '@/context/app-context'
-import { useGetPluginCredentialInfoHook } from './use-credential'
+import {
+  useGetPluginCredentialInfoHook,
+  useInvalidPluginCredentialInfoHook,
+} from './use-credential'
 import { CredentialTypeEnum } from '../types'
 import type { PluginPayload } from '../types'
 
@@ -9,6 +12,7 @@ export const usePluginAuth = (pluginPayload: PluginPayload, enable?: boolean) =>
   const isAuthorized = !!data?.credentials.length
   const canOAuth = data?.supported_credential_types.includes(CredentialTypeEnum.OAUTH2)
   const canApiKey = data?.supported_credential_types.includes(CredentialTypeEnum.API_KEY)
+  const invalidPluginCredentialInfo = useInvalidPluginCredentialInfoHook(pluginPayload)
 
   return {
     isAuthorized,
@@ -16,5 +20,6 @@ export const usePluginAuth = (pluginPayload: PluginPayload, enable?: boolean) =>
     canApiKey,
     credentials: data?.credentials || [],
     disabled: !isCurrentWorkspaceManager,
+    invalidPluginCredentialInfo,
   }
 }
diff --git a/web/app/components/plugins/plugin-auth/plugin-auth-in-agent.tsx b/web/app/components/plugins/plugin-auth/plugin-auth-in-agent.tsx
index 4c7b885226..f3557f3d6f 100644
--- a/web/app/components/plugins/plugin-auth/plugin-auth-in-agent.tsx
+++ b/web/app/components/plugins/plugin-auth/plugin-auth-in-agent.tsx
@@ -34,6 +34,7 @@ const PluginAuthInAgent = ({
     canApiKey,
     credentials,
     disabled,
+    invalidPluginCredentialInfo,
   } = usePluginAuth(pluginPayload, true)
 
   const extraAuthorizationItems: Credential[] = [
@@ -91,6 +92,7 @@ const PluginAuthInAgent = ({
             canOAuth={canOAuth}
             canApiKey={canApiKey}
             disabled={disabled}
+            onUpdate={invalidPluginCredentialInfo}
           />
         )
       }
@@ -110,6 +112,7 @@ const PluginAuthInAgent = ({
             isOpen={isOpen}
             onOpenChange={setIsOpen}
             selectedCredentialId={credentialId || '__workspace_default__'}
+            onUpdate={invalidPluginCredentialInfo}
           />
         )
       }
diff --git a/web/app/components/plugins/plugin-auth/plugin-auth.tsx b/web/app/components/plugins/plugin-auth/plugin-auth.tsx
index b50cf1e662..76b405a750 100644
--- a/web/app/components/plugins/plugin-auth/plugin-auth.tsx
+++ b/web/app/components/plugins/plugin-auth/plugin-auth.tsx
@@ -21,6 +21,7 @@ const PluginAuth = ({
     canApiKey,
     credentials,
     disabled,
+    invalidPluginCredentialInfo,
   } = usePluginAuth(pluginPayload, !!pluginPayload.provider)
 
   return (
@@ -32,6 +33,7 @@ const PluginAuth = ({
             canOAuth={canOAuth}
             canApiKey={canApiKey}
             disabled={disabled}
+            onUpdate={invalidPluginCredentialInfo}
           />
         )
       }
@@ -43,6 +45,7 @@ const PluginAuth = ({
             canOAuth={canOAuth}
             canApiKey={canApiKey}
             disabled={disabled}
+            onUpdate={invalidPluginCredentialInfo}
           />
         )
       }

From 52e7bb1848c27ff7cf2859598f18b175eb76480b Mon Sep 17 00:00:00 2001
From: zxhlyh <jasonapring2015@outlook.com>
Date: Wed, 16 Jul 2025 15:03:33 +0800
Subject: [PATCH 23/25] fix

---
 web/app/components/plugins/plugin-auth/authorized/index.tsx | 2 ++
 web/app/components/plugins/plugin-auth/authorized/item.tsx  | 2 +-
 .../nodes/_base/components/workflow-panel/index.tsx         | 6 +++---
 3 files changed, 6 insertions(+), 4 deletions(-)

diff --git a/web/app/components/plugins/plugin-auth/authorized/index.tsx b/web/app/components/plugins/plugin-auth/authorized/index.tsx
index 57da2148fe..ac771afdd3 100644
--- a/web/app/components/plugins/plugin-auth/authorized/index.tsx
+++ b/web/app/components/plugins/plugin-auth/authorized/index.tsx
@@ -303,6 +303,7 @@ const Authorized = ({
                 canOAuth={canOAuth}
                 canApiKey={canApiKey}
                 disabled={disabled}
+                onUpdate={onUpdate}
               />
             </div>
           </div>
@@ -330,6 +331,7 @@ const Authorized = ({
             }}
             onRemove={handleRemove}
             disabled={disabled || doingAction}
+            onUpdate={onUpdate}
           />
         )
       }
diff --git a/web/app/components/plugins/plugin-auth/authorized/item.tsx b/web/app/components/plugins/plugin-auth/authorized/item.tsx
index 4c0f88d985..642240d7fe 100644
--- a/web/app/components/plugins/plugin-auth/authorized/item.tsx
+++ b/web/app/components/plugins/plugin-auth/authorized/item.tsx
@@ -68,7 +68,7 @@ const Item = ({
         'group flex h-8 items-center rounded-lg p-1 hover:bg-state-base-hover',
         renaming && 'bg-state-base-hover',
       )}
-      onClick={() => onItemClick?.(credential.id)}
+      onClick={() => onItemClick?.(credential.id === '__workspace_default__' ? '' : credential.id)}
     >
       {
         renaming && (
diff --git a/web/app/components/workflow/nodes/_base/components/workflow-panel/index.tsx b/web/app/components/workflow/nodes/_base/components/workflow-panel/index.tsx
index 987c013c82..d50b99e213 100644
--- a/web/app/components/workflow/nodes/_base/components/workflow-panel/index.tsx
+++ b/web/app/components/workflow/nodes/_base/components/workflow-panel/index.tsx
@@ -235,13 +235,13 @@ const BasePanel: FC<BasePanelProps> = ({
     return data.type === BlockEnum.Tool && currCollection?.allow_delete
   }, [currCollection, data.type])
   const handleAuthorizationItemClick = useCallback((credential_id: string) => {
-    handleNodeDataUpdate({
+    handleNodeDataUpdateWithSyncDraft({
       id,
       data: {
-        credential_id: credential_id === '__workspace_default__' ? undefined : credential_id,
+        credential_id,
       },
     })
-  }, [handleNodeDataUpdate, id])
+  }, [handleNodeDataUpdateWithSyncDraft, id])
 
   if(logParams.showSpecialResultPanel) {
     return (

From 75d8cb4978d44959fc9930bbbf79a8ce5278550d Mon Sep 17 00:00:00 2001
From: zxhlyh <jasonapring2015@outlook.com>
Date: Wed, 16 Jul 2025 15:06:04 +0800
Subject: [PATCH 24/25] fix

---
 .../components/plugins/plugin-auth/authorized/item.tsx   | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/web/app/components/plugins/plugin-auth/authorized/item.tsx b/web/app/components/plugins/plugin-auth/authorized/item.tsx
index 642240d7fe..5508bcc324 100644
--- a/web/app/components/plugins/plugin-auth/authorized/item.tsx
+++ b/web/app/components/plugins/plugin-auth/authorized/item.tsx
@@ -79,11 +79,13 @@ const Item = ({
               value={renameValue}
               onChange={e => setRenameValue(e.target.value)}
               placeholder={t('common.placeholder.input')}
+              onClick={e => e.stopPropagation()}
             />
             <Button
               size='small'
               variant='primary'
-              onClick={() => {
+              onClick={(e) => {
+                e.stopPropagation()
                 onRename?.({
                   credential_id: credential.id,
                   name: renameValue,
@@ -95,7 +97,10 @@ const Item = ({
             </Button>
             <Button
               size='small'
-              onClick={() => setRenaming(false)}
+              onClick={(e) => {
+                e.stopPropagation()
+                setRenaming(false)
+              }}
             >
               {t('common.operation.cancel')}
             </Button>

From 25e0013db92fac7ca8dc8ad4f5211ecab3d40b5a Mon Sep 17 00:00:00 2001
From: zxhlyh <jasonapring2015@outlook.com>
Date: Wed, 16 Jul 2025 16:00:53 +0800
Subject: [PATCH 25/25] fix

---
 web/app/components/base/modal/modal.tsx       | 64 ++++++++++---------
 .../plugin-auth/authorize/api-key-modal.tsx   |  6 +-
 .../authorize/oauth-client-settings.tsx       |  6 +-
 3 files changed, 42 insertions(+), 34 deletions(-)

diff --git a/web/app/components/base/modal/modal.tsx b/web/app/components/base/modal/modal.tsx
index 5738704722..e6e9fb8804 100644
--- a/web/app/components/base/modal/modal.tsx
+++ b/web/app/components/base/modal/modal.tsx
@@ -82,36 +82,40 @@ const Modal = ({
               <div className='px-6 py-3'>{children}</div>
             )
           }
-          <div className='flex items-center justify-end p-6 pt-5'>
-            {footerSlot}
-            {
-              showExtraButton && (
-                <>
-                  <Button
-                    variant={extraButtonVariant}
-                    onClick={onExtraButtonClick}
-                    disabled={disabled}
-                  >
-                    {extraButtonText || t('common.operation.remove')}
-                  </Button>
-                  <div className='mx-3 h-4 w-[1px] bg-divider-regular'></div>
-                </>
-              )
-            }
-            <Button
-              onClick={onCancel}
-              disabled={disabled}
-            >
-              {cancelButtonText || t('common.operation.cancel')}
-            </Button>
-            <Button
-              className='ml-2'
-              variant='primary'
-              onClick={onConfirm}
-              disabled={disabled}
-            >
-              {confirmButtonText || t('common.operation.save')}
-            </Button>
+          <div className='flex justify-between p-6 pt-5'>
+            <div>
+              {footerSlot}
+            </div>
+            <div className='flex items-center'>
+              {
+                showExtraButton && (
+                  <>
+                    <Button
+                      variant={extraButtonVariant}
+                      onClick={onExtraButtonClick}
+                      disabled={disabled}
+                    >
+                      {extraButtonText || t('common.operation.remove')}
+                    </Button>
+                    <div className='mx-3 h-4 w-[1px] bg-divider-regular'></div>
+                  </>
+                )
+              }
+              <Button
+                onClick={onCancel}
+                disabled={disabled}
+              >
+                {cancelButtonText || t('common.operation.cancel')}
+              </Button>
+              <Button
+                className='ml-2'
+                variant='primary'
+                onClick={onConfirm}
+                disabled={disabled}
+              >
+                {confirmButtonText || t('common.operation.save')}
+              </Button>
+            </div>
           </div>
           {bottomSlot}
         </div>
diff --git a/web/app/components/plugins/plugin-auth/authorize/api-key-modal.tsx b/web/app/components/plugins/plugin-auth/authorize/api-key-modal.tsx
index e748dd4fd0..d582c660b6 100644
--- a/web/app/components/plugins/plugin-auth/authorize/api-key-modal.tsx
+++ b/web/app/components/plugins/plugin-auth/authorize/api-key-modal.tsx
@@ -127,11 +127,13 @@ const ApiKeyModal = ({
       footerSlot={
         helpField && (
           <a
-            className='system-xs-regular flex h-8 grow items-center text-text-accent'
+            className='system-xs-regular mr-2 flex items-center py-2 text-text-accent'
             href={helpField?.url}
             target='_blank'
           >
-            {renderI18nObject(helpField?.help as any)}
+            <span className='break-all'>
+              {renderI18nObject(helpField?.help as any)}
+            </span>
             <RiExternalLinkLine className='ml-1 h-3 w-3' />
           </a>
         )
diff --git a/web/app/components/plugins/plugin-auth/authorize/oauth-client-settings.tsx b/web/app/components/plugins/plugin-auth/authorize/oauth-client-settings.tsx
index b143c18d82..14c7ed957f 100644
--- a/web/app/components/plugins/plugin-auth/authorize/oauth-client-settings.tsx
+++ b/web/app/components/plugins/plugin-auth/authorize/oauth-client-settings.tsx
@@ -170,11 +170,13 @@ const OAuthClientSettings = ({
         {
           helpField && __oauth_client__ === 'custom' && (
           <a
-            className='system-xs-regular mt-4 flex h-4 items-center text-text-accent'
+            className='system-xs-regular mt-4 flex items-center text-text-accent'
             href={helpField?.url}
             target='_blank'
           >
-            {renderI18nObject(helpField?.help as any)}
+            <span className='break-all'>
+              {renderI18nObject(helpField?.help as any)}
+            </span>
             <RiExternalLinkLine className='ml-1 h-3 w-3' />
           </a>
         )}
