CN109474630A - A kind of OAuth agreement authorization method based on dynamic authentication - Google Patents
A kind of OAuth agreement authorization method based on dynamic authentication Download PDFInfo
- Publication number
- CN109474630A CN109474630A CN201811617958.XA CN201811617958A CN109474630A CN 109474630 A CN109474630 A CN 109474630A CN 201811617958 A CN201811617958 A CN 201811617958A CN 109474630 A CN109474630 A CN 109474630A
- Authority
- CN
- China
- Prior art keywords
- authorization
- authentication
- oauth
- application
- dynamic
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
- H04L63/205—Network architectures or network communication protocols for network security for managing network security; network security policies in general involving negotiation or determination of the one or more network security mechanisms to be used, e.g. by negotiation between the client and the server or between peers or by selection according to the capabilities of the entities involved
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
Abstract
The present invention relates to a kind of the OAuth agreement authorization method based on dynamic authentication, step of the present invention are as follows: define some authentication methods, authentication method realizes that authentication method parameter realizes the management configuration of authentication method;Configuration certification chain information;Dynamic authentication chain is supplied to application, applies and is voluntarily selected when registering application message;Using initiation OAuth protocol authorization requests;The certification chain information selected when according to application registration, shows the corresponding authorization layer page and identifying procedure;It is authenticated using OAuth protocol authorization requests are completed.The present invention requests the logic of the configurable OAuth authorization identifying of the application of authorization, it is possible to provide a variety of authorization identifying modes guarantee the safety of OAuth authorization identifying, and reduce application side ensures the safety cost of authorization identifying in authorization identifying in logic.
Description
Technical field
The present invention relates to a kind of OAuth agreement authorization method, more specifically to a kind of based on dynamic authentication
OAuth agreement authorization method.
Background technique
When using Internet service, the scene often met needs in A service using user in B service user
Data.But A and two kinds of B services are often not belonging to same system or manufacturer, it is therefore desirable to obtain the authorization of user, A service
The data that normally user could be used stored in B service.The safety of so this licensing process becomes as a value
The problem of must paying close attention to.Traditional mode is that oneself user credential (such as user name password) in B service is told A to take by user
Business, then A service interacts the information for obtaining user with B service again, and this mode has very big risk hidden danger.OAuth
Agreement logs in authorization token very good solution this problem by providing user.As the user during A service needs to service using B
When data, B service is not logged in directly by the user credential of user, in the authorization layer that a B service provides, by user
An authorization token is returned into A service after confirmation authorization, A service goes to obtain the use in B service again by this authorization token
User data.
Prior art first is that based on OAuth agreement make requests authorization application need authorization service offer
Information registering is carried out at person, it is dynamic using jumping to the unified authorization layer page by user and carrying out authorization when application request authorization
Make.Application authorization based on OAuth agreement, usually registers the essential information of application in authorized service provider by applying,
Such as Apply Names and apply URL, when application initiate authorization requests when, authorized service provider verify request in parameter and answer
It is whether consistent to judge whether it is effective authorization requests with the information of registration.After verifying the validity asked, next
The user's authorization identifying mode carried out in authorization layer is generally process and is determined uniformly, completely by authorization layer ISP
Authorization flow.The application of request authorization can not customize the authentication mode in authorization layer for this application in this way, this is for many
Authorized service provider is uncontrollable as authentication mode for the application of login authentication entrance or platform, and existing OAuth is assisted
Discussing the certification of authorization layer provided by Authorized Service Provider is mostly user name cipher authentication, higher for security level required to answer
For, safety can not be ensured.
Summary of the invention
The technical problem to be solved in the present invention is that for the defects in the prior art, providing a kind of based on dynamic authentication
OAuth agreement authorization method.
The technical solution adopted by the present invention to solve the technical problems is: constructing a kind of OAuth association based on dynamic authentication
Authorization method is discussed, the authorization layer dynamic generation certification page and logic of OAuth authorization identifying are realized based on dynamic authentication.
It is described based on dynamic authentication in the OAuth agreement authorization method of the present invention based on dynamic authentication
OAuth agreement authorization method step are as follows:
S1. some authentication methods are defined, authentication method realizes that authentication method parameter realizes the management configuration of authentication method;
S2. configuration certification chain information;
S3. dynamic authentication chain is supplied to application, applies and is voluntarily selected when registering application message;
S4. OAuth protocol authorization requests are initiated in application;
The certification chain information selected when S5. being registered according to application, shows the corresponding authorization layer page and identifying procedure;
S6. the certification of OAuth protocol authorization requests is completed in application.
Implement a kind of OAuth agreement authorization method based on dynamic authentication of the invention, has the advantages that this hair
The application of bright request authorization can configure the logic of OAuth authorization identifying, it is possible to provide a variety of authorization identifying modes guarantee that OAuth is awarded
The safety of certification is weighed, reduce application side ensures the safety cost of authorization identifying in authorization identifying in logic.
Detailed description of the invention
Present invention will be further explained below with reference to the attached drawings and examples, in attached drawing:
Fig. 1 is the OAuth agreement authorization method flow chart of the invention based on dynamic authentication
Specific embodiment
In order to make the objectives, technical solutions, and advantages of the present invention clearer, with reference to the accompanying drawings and embodiments, right
The present invention is further elaborated.It should be appreciated that the specific embodiments described herein are merely illustrative of the present invention, and
It is not used in the restriction present invention.
As shown in Figure 1, the OAuth agreement authorization method step based on dynamic authentication are as follows: S1. defines some authenticating parties
Method, authentication method realize that authentication method parameter realizes the management configuration of authentication method;
S2. configuration certification chain information;
S3. dynamic authentication chain is supplied to application, applies and is voluntarily selected when registering application message;
S4. OAuth protocol authorization requests are initiated in application;
The certification chain information selected when S5. being registered according to application, shows the corresponding authorization layer page and identifying procedure;
S6. the certification of OAuth protocol authorization requests is completed in application.
Further, the certification chain information, the title including certification chain, the authentication method that certification chain is included, and it is every
Logical relation between a authentication method;The OAuth protocol dynamic identifying procedure using progress OAuth dynamic authentication, including moves
State generates the certification page of OAuth authorization layer, the authentication method of dynamic authentication is configured when included in the page using registration, and dynamic
The Connection between Processes of next step OAuth agreement after the completion of state certification.
Although being disclosed by above embodiments to the present invention, scope of protection of the present invention is not limited thereto,
Under conditions of without departing from present inventive concept, deformation, the replacement etc. done to above each component will fall into right of the invention
In claimed range.
Claims (2)
1. a kind of OAuth agreement authorization method based on dynamic authentication, which is characterized in that the OAuth based on dynamic authentication
Agreement authorization method step are as follows:
S1. some authentication methods are defined, authentication method realizes that authentication method parameter realizes the management configuration of authentication method;
S2. configuration certification chain information;
S3. dynamic authentication chain is supplied to application, applies and is voluntarily selected when registering application message;
S4. OAuth protocol authorization requests are initiated in application;
The certification chain information selected when S5. being registered according to application, shows the corresponding authorization layer page and identifying procedure;
S6. the certification of OAuth protocol authorization requests is completed in application.
2. the OAuth agreement authorization method according to claim 1 based on dynamic authentication, which is characterized in that the certification
Chain information, the title including certification chain, logical relation between the authentication method and each authentication method that certification chain is included;Institute
OAuth protocol dynamic identifying procedure is stated, using progress OAuth dynamic authentication, the authentication page including dynamic generation OAuth authorization layer
Face is included in the page using the authentication method of configuration dynamic authentication and the next step OAuth after the completion of dynamic authentication when registration
The Connection between Processes of agreement.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811617958.XA CN109474630A (en) | 2018-12-28 | 2018-12-28 | A kind of OAuth agreement authorization method based on dynamic authentication |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811617958.XA CN109474630A (en) | 2018-12-28 | 2018-12-28 | A kind of OAuth agreement authorization method based on dynamic authentication |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN109474630A true CN109474630A (en) | 2019-03-15 |
Family
ID=65677911
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201811617958.XA Pending CN109474630A (en) | 2018-12-28 | 2018-12-28 | A kind of OAuth agreement authorization method based on dynamic authentication |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109474630A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112822007A (en) * | 2020-12-29 | 2021-05-18 | 中国农业银行股份有限公司 | User authentication method, device and equipment |
| US11463431B2 (en) | 2020-05-29 | 2022-10-04 | Disney Enterprises, Inc. | System and method for public API authentication |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102664933A (en) * | 2012-04-06 | 2012-09-12 | 中国联合网络通信集团有限公司 | User authorization method, application terminal, open platform and system |
| CN106657112A (en) * | 2016-12-30 | 2017-05-10 | 曙光信息产业(北京)有限公司 | Authentication method and apparatus |
| CN107659412A (en) * | 2017-10-18 | 2018-02-02 | 深圳竹云科技有限公司 | A kind of method of dynamical assemble certification chain |
-
2018
- 2018-12-28 CN CN201811617958.XA patent/CN109474630A/en active Pending
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102664933A (en) * | 2012-04-06 | 2012-09-12 | 中国联合网络通信集团有限公司 | User authorization method, application terminal, open platform and system |
| CN106657112A (en) * | 2016-12-30 | 2017-05-10 | 曙光信息产业(北京)有限公司 | Authentication method and apparatus |
| CN107659412A (en) * | 2017-10-18 | 2018-02-02 | 深圳竹云科技有限公司 | A kind of method of dynamical assemble certification chain |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US11463431B2 (en) | 2020-05-29 | 2022-10-04 | Disney Enterprises, Inc. | System and method for public API authentication |
| CN112822007A (en) * | 2020-12-29 | 2021-05-18 | 中国农业银行股份有限公司 | User authentication method, device and equipment |
| CN112822007B (en) * | 2020-12-29 | 2023-11-03 | 中国农业银行股份有限公司 | User authentication method, device and equipment |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| EP2689372B1 (en) | User to user delegation service in a federated identity management environment | |
| CN104378210B (en) | Across the identity identifying method of trust domain | |
| CN101515932B (en) | Method and system for accessing Web service safely | |
| EP2208336B1 (en) | Method and system for performing delegation of resources | |
| CN103220259B (en) | The use of Oauth API, call method, equipment and system | |
| US8151328B1 (en) | Accessing secure network areas by utilizing mobile-device authentication | |
| CN104767731B (en) | A kind of Restful move transactions system identity certification means of defence | |
| CN1855810B (en) | Dynamic code verification system, method and use | |
| CN102111275B (en) | User authentication and authorization method and system for implementing user authentication and authorization method | |
| CN106209749A (en) | Single-point logging method and the processing method and processing device of device, relevant device and application | |
| US20130198801A1 (en) | Authentication collaboration system and id provider device | |
| CN106394486A (en) | Authorization method and system of virtual key and server | |
| CN108964885A (en) | Method for authenticating, device, system and storage medium | |
| CN104580184A (en) | Identity authentication method for mutual-trust application systems | |
| CN103378969B (en) | A kind of authorization method, system and third-party application system | |
| CN109005155A (en) | Identity identifying method and device | |
| CN103986734B (en) | Authentication management method and authentication management system applicable to high-security service system | |
| CN109040030A (en) | Single-point logging method and system | |
| CN107196943B (en) | A kind of security display implementation method of private data in third-party platform | |
| CA2381108A1 (en) | Secure mutual authentication system | |
| CN104320392A (en) | Unified user authentication method | |
| CN109474630A (en) | A kind of OAuth agreement authorization method based on dynamic authentication | |
| CN102420808B (en) | Method for realizing single signon on telecom on-line business hall | |
| US20060080730A1 (en) | Affiliations within single sign-on systems | |
| CN103428191A (en) | Single sign on method based on combination of CAS framework and fingerprint |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20190315 |
|
| RJ01 | Rejection of invention patent application after publication |