CN111475795A - Method and device for unified authentication and authorization facing to multiple applications - Google Patents
Method and device for unified authentication and authorization facing to multiple applications Download PDFInfo
- Publication number
- CN111475795A CN111475795A CN202010282772.4A CN202010282772A CN111475795A CN 111475795 A CN111475795 A CN 111475795A CN 202010282772 A CN202010282772 A CN 202010282772A CN 111475795 A CN111475795 A CN 111475795A
- Authority
- CN
- China
- Prior art keywords
- client
- authentication
- platform
- authorization code
- authorization
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/33—User authentication using certificates
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Information Transfer Between Computers (AREA)
Abstract
The embodiment of the application discloses a method and a device for unified authentication and authorization facing multiple applications. According to the technical scheme provided by the embodiment of the application, the unified authentication software development kit integrated with the client sends the authentication request to the authentication server, after the authentication is passed, the corresponding authorization code of the client is returned, and the login period of the client is maintained through the authorization code. After the authentication is successful, the client logically maintains the life cycle without verifying the authentication server by each request, so that the problem of high concurrency performance is avoided, and the unified authentication of the mobile terminal and the desktop client can be realized by the scheme.
Description
Technical Field
The embodiment of the application relates to the technical field of computer application, in particular to a method and a device for unified authentication and authorization facing multiple applications.
Background
At present, more and more applications are used or developed, such as a scheduling system, a payment system, a multimedia platform, a mobile terminal platform and the like, when a user needs to use a certain system, the user needs to input an account password for verification every time, and much inconvenience is brought to the user.
In the prior art, a common method is to realize that a user logs in an office business system once through a single sign-on mechanism, and a plurality of office business systems share session information, so as to solve the problem of multiple login, for example, when the user accesses an application system a, the user jumps to an authentication system to log in, after the login is completed, an authentication credential is returned to the user, when the user accesses the application system B again, the credential is transmitted to a user B, and the user B transmits the credential to an authentication center to check again, so as to complete the switching between the application systems, but the method has limitations: firstly, verification is carried out in an authentication center every time, so that the performance problem of an authentication server is caused; secondly, the mobile terminal and the desktop client cannot realize unified authentication.
Disclosure of Invention
The embodiment of the application provides a method and a device for unified authentication and authorization facing multiple applications, which can maintain the login life cycle of a client and a subsystem therein, do not need to verify the authentication server every time, avoid the problem of high concurrency performance of the authentication server, and facilitate the use of users.
In a first aspect, an embodiment of the present application provides a method for performing unified authentication and authorization for multiple applications, including:
receiving an authentication login request sent by a client or a platform integrated with a unified authentication software development kit;
the authentication login request is verified, if the verification is passed, a corresponding authorization code is generated according to the authentication login request, and the authorization code is stored in the authentication server;
returning the authorization code to the corresponding client or platform;
if logging in a subsystem in the client or the platform, receiving an authorization code sent by the client or the platform, judging whether the authorization code sent by the client or the platform is stored in the authentication server, and if so, generating token information;
and returning the generated token information and the user information to the corresponding subsystem in the client or the platform so as to log in the subsystem in the client or the platform.
More preferably, after returning the authorization code to the corresponding client or platform, the method further includes:
and if a login instruction or a logout instruction sent by a client or a platform integrated with the unified authentication software development kit is received, deleting the corresponding authorization code.
More preferably, the generating the corresponding authorization code according to the authentication login request and storing the authorization code in the authentication server includes:
generating a corresponding authorization code and a valid period according to the authentication login request, and storing the authorization code and the valid period in an authentication server;
correspondingly, receiving the authorization code sent by the client or the platform, and judging whether the authorization code sent by the client or the platform is stored in the authentication server includes:
and receiving the authorization code and the login time information sent by the client or the platform, and judging whether the authorization code and the login time sent by the client or the platform are consistent with the authorization code and the valid period stored by the authentication server.
More preferably, the generating the corresponding authorization code according to the authentication login request and storing the authorization code in the authentication server includes:
and generating a corresponding authorization code and a valid period according to the authentication login request, storing the authorization code and the valid period in an authentication server, and deleting the corresponding authorization code if the valid period is exceeded.
More preferably, before receiving the authorization code sent by the client or the platform, the method further includes:
controlling a login page of a subsystem in a client or a platform to be redirected to an authentication server;
correspondingly, after the generated token information and the user information are returned to the corresponding client or subsystem in the platform to log in the subsystem in the client or the platform, the method further comprises the following steps:
and controlling the login page of the client or the subsystem in the platform to be redirected to the client.
In a second aspect, an embodiment of the present application provides an apparatus for performing unified authentication and authorization for multiple applications, including:
a receiving module: the system comprises a client side or a platform, a unified authentication software development kit tool and a unified authentication software development kit tool, wherein the client side or the platform is used for receiving an authentication login request sent by the client side or the platform integrated with the unified authentication software development kit tool;
a checking module: the authentication server is used for verifying the authentication login request, if the authentication login request passes the verification, generating a corresponding authorization code according to the authentication login request and storing the authorization code in the authentication server;
a feedback module: for returning the authorization code to the corresponding client or platform;
a token generation module: the system comprises a client side and a subsystem in a platform, wherein the subsystem is used for receiving an authorization code sent by the client side or the platform if logging in the client side or the subsystem in the platform, judging whether the authorization code sent by the client side or the platform is stored in an authentication server side, and if yes, generating token information;
a login module: and the system is used for returning the generated token information and the user information to the corresponding subsystem in the client or the platform so as to log in the subsystem in the client or the platform.
More preferably, after the feedback module, the method further comprises:
a logout module: and the authorization code deleting module is used for deleting the corresponding authorization code if a login instruction or a logout instruction is sent by a client or a platform integrated with the unified authentication software development kit tool is received.
More preferably, before the token generation module, the method further includes:
a first redirection module: the login page used for controlling the client or the subsystem in the platform is redirected to the authentication server;
correspondingly, after the module is logged in, the method further comprises:
a second reorientation module: a landing page for controlling the client or a subsystem within the platform is redirected to the client.
In a third aspect, an embodiment of the present application provides an electronic device, including:
a memory and one or more processors;
a memory for storing one or more programs;
when the one or more programs are executed by the one or more processors, the one or more processors implement the method for unified authentication and authorization for multiple applications as described in the first aspect.
In a fourth aspect, embodiments of the present application provide a storage medium containing computer-executable instructions for performing the method for unified authentication authorization for multiple applications as in the first aspect when executed by a computer processor.
According to the method and the device, the uniform authentication software development kit integrated by the client sends the authentication request to the authentication server, after the authentication is passed, the corresponding authorization code of the client is returned, and the login period of the client is maintained through the authorization code. After the authentication is successful, the client logically maintains the life cycle without verifying the authentication server by each request, so that the problem of high concurrency performance is avoided, and the unified authentication of the mobile terminal and the desktop client can be realized by the scheme.
Drawings
Fig. 1 is a flowchart of a method for unified authentication and authorization for multiple applications according to an embodiment of the present application;
fig. 2 is a schematic structural diagram of an apparatus for performing unified authentication and authorization for multiple applications according to an embodiment of the present application;
fig. 3 is a schematic structural diagram of an electronic device according to an embodiment of the present application.
Detailed Description
In order to make the objects, technical solutions and advantages of the present application more apparent, specific embodiments of the present application will be described in detail with reference to the accompanying drawings. It is to be understood that the specific embodiments described herein are merely illustrative of the application and are not limiting of the application. It should be further noted that, for the convenience of description, only some but not all of the relevant portions of the present application are shown in the drawings. Before discussing exemplary embodiments in more detail, it should be noted that some exemplary embodiments are described as processes or methods depicted as flowcharts. Although a flowchart may describe the operations (or steps) as a sequential process, many of the operations can be performed in parallel, concurrently or simultaneously. In addition, the order of the operations may be re-arranged. A process may be terminated when its operations are completed, but may have additional steps not included in the figure. A process may correspond to a method, a function, a procedure, a subroutine, a subprogram, etc.
According to the method for carrying out unified authentication and authorization facing to multiple applications, an authentication request is sent to an authentication server side through a unified authentication software development kit tool integrated by a client side, after the authentication is passed, an authorization code corresponding to the client side is returned, and the login period of the client side is maintained through the authorization code. When the existing scheme is used for verification, the verification needs to be carried out in an authentication center, so that the performance problem of the authentication service can be caused. Based on this, the application provides a method for unified authentication and authorization facing to multiple applications. The client logically maintains the life cycle after successful authentication, the authentication server does not need to be verified by each request, the problem of high concurrency performance is avoided, and unified authentication of the mobile terminal and the desktop client can be realized through the scheme.
Fig. 1 is a flowchart of a method for performing unified authentication and authorization for multiple applications according to an embodiment of the present application, where the method for performing unified authentication and authorization for multiple applications provided in this embodiment may be executed by a device for performing unified authentication and authorization for multiple applications, the device for performing unified authentication and authorization for multiple applications may be implemented in a software and/or hardware manner, and the device for performing unified authentication and authorization for multiple applications may be formed by two or more physical entities or by one physical entity. Generally, the device for performing unified authentication and authorization for multiple applications may be a computer, a mobile phone, a tablet, a server, or the like.
The following description will be given by taking a server as an example of a device for executing a method for performing unified authentication and authorization for multiple applications. Referring to fig. 1, the method for performing unified authentication and authorization for multiple applications specifically includes:
s101: and receiving an authentication login request sent by a client or a platform integrated with a unified authentication software development kit.
The client mentioned in this embodiment may be a client installed on a mobile terminal, or a client installed on a computer desktop; a platform refers to a platform that can be accessed through a web page. The client needs to integrate a uniform authentication SDK, and corresponding authentication operation can be realized only by integrating the development kit tool.
S102: and checking the authentication login request, if the authentication login request passes the checking, generating a corresponding authorization code according to the authentication login request, and storing the authorization code in the authentication server.
And when the authentication center server receives the login request information, the login information is verified, if the login user is a legal user, the verification is passed, and if the login user is not the legal user, the authentication center server is reminded to input correct user information and returns the correct user information to the login page. And when the verification is passed, generating a corresponding authorization code. And storing the authorization code in a storage module of the authentication server for subsequent authorization verification. The authorization code is used for uniquely identifying the user, the authorization code obtained by each user is different, and the main purpose of storing the authorization code at the authentication server is to perform subsequent authorization code comparison.
S103: and returning the authorization code to the corresponding client or platform.
And when the verification in the step S102 is passed, returning the authorization code to the client so as to send the authorization code to the authentication server for verification when accessing the server next time. This allows the user to have authentication information with identification. The authorization code stored in the client side is the same as the authorization code information stored in the authentication server side, and the authorization code information is uniquely corresponding to each user.
More preferably, the embodiment further includes step S1031: and if a login instruction or a logout instruction sent by a client or a platform integrated with the unified authentication software development kit is received, deleting the corresponding authorization code.
The method mainly comprises the step of realizing information logout, wherein when a client user logs out or logs out, the client sends a logout instruction to an authentication server through an integrated SDK (software development kit), so that the login life cycles of the client and the authentication server are kept consistent. Specifically, the logout operation is performed by deleting the authorization codes at the client and the authentication server to log out the user.
S104: and if the client or the subsystem in the platform is logged in, receiving an authorization code sent by the client or the platform, judging whether the authorization code sent by the client or the platform is stored in the authentication server, and if so, generating token information.
The method comprises the steps that a client receives an authorization code sent by an authentication server for verification, a verification request is sent to the authentication server through an integrated platform SDK, the authorization code used by the current client is obtained from a storage module of the authentication server, when the authorization code of the current client exists in the storage module, the authorization code is judged to be successfully logged in within the validity period, the authentication server generates a corresponding token value, the generated token value and user information are returned to the corresponding client, and if the authorization code does not exist in the storage module, the authorization code is invalid, the verification fails, and the login is quitted.
Illustratively, generating a corresponding authorization code according to the authentication login request and storing the authorization code in the authentication server includes:
and generating a corresponding authorization code and a valid period according to the authentication login request, and storing the authorization code and the valid period in an authentication server.
The verification login is set through the service life of the authorization code, if the service life is not set, the problem can exist that all account number associated information is in a login state, and corresponding information can be checked without inputting a corresponding account number password. This can greatly reduce the security of the account number, and the duration of validity of the authorization code can be controlled by setting the lifetime.
For example, receiving an authorization code sent by a client or a platform, and determining whether the authorization code sent by the client or the platform is stored in an authentication server includes:
and receiving the authorization code and the login time information sent by the client or the platform, and judging whether the authorization code and the login time sent by the client or the platform are consistent with the authorization code and the valid period stored by the authentication server.
If the login time of the user is within the valid period, the token information and the user information can be returned to the corresponding client, and if the login time exceeds the valid period, the user is reminded to perform re-authentication.
In addition to the above-described method of performing the validity period verification, there is another method of performing validity period management, and the specific method of performing validity period management is as follows:
generating a corresponding authorization code according to the authentication login request and storing the authorization code in an authentication server, comprising:
and generating a corresponding authorization code and a valid period according to the authentication login request, storing the authorization code and the valid period in an authentication server, and deleting the corresponding authorization code if the valid period is exceeded.
That is, when the authentication server detects that the corresponding validity period is exceeded, the corresponding authorization code can be directly deleted, and then the management of the validity period is realized. When the authentication server and the client do not have the authorization code, the authentication server and the client cannot pass the unified verification login procedure, and the user needs to re-input login information.
S105: and returning the generated token information and the user information to the corresponding subsystem in the client or the platform so as to log in the subsystem in the client or the platform.
And when the authentication server side successfully verifies the login, the client side receives the token value and the user information of the authentication server side, enters the self login logic of the client side, acquires the login user information and maintains the corresponding login life cycle. The user can log in at the client side without inputting any information by receiving the fed back token value and the user information, so that the user identity authentication times are reduced, and the operation of the user on the system content is greatly facilitated.
Before receiving the authorization code sent by the client or the platform, the method further includes:
controlling a login page of a subsystem in a client or a platform to be redirected to an authentication server;
correspondingly, after the generated token information and the user information are returned to the corresponding client or subsystem in the platform to log in the subsystem in the client or the platform, the method further comprises the following steps:
and controlling the login page of the client or the subsystem in the platform to be redirected to the client.
In this embodiment, the redirection mode adopted is 302 redirection, which is also called temporary transfer, and generally, 302 redirection is used to use the command when a website or a webpage is temporarily moved to another location within 24 to 48 hours, and at this time, a temporary jump is made. In this embodiment, the login page needs to be temporarily jumped to the authentication login page, so a redirection manner is adopted to jump the web page link.
In the embodiment, the authentication request is only required to be initiated to the authentication server side during the first login, the life cycle is logically maintained by the client side after the authentication is successful, the request is not required to be verified to the authentication server side every time, and the problem of high concurrency performance is avoided. And the client or the platform can provide the SDK of multiple platforms so as to realize the application integration of the mobile terminal or the desktop terminal, thereby being convenient for users to use.
According to the method and the device, the uniform authentication software development kit integrated by the client sends the authentication request to the authentication server, after the authentication is passed, the corresponding authorization code of the client is returned, and the login period of the client is maintained through the authorization code. After the authentication is successful, the client logically maintains the life cycle without verifying the authentication server by each request, so that the problem of high concurrency performance is avoided, and the unified authentication of the mobile terminal and the desktop client can be realized by the scheme.
On the basis of the foregoing embodiment, fig. 2 is a schematic structural diagram of a device for performing unified authentication and authorization for multiple applications according to an embodiment of the present application. Referring to fig. 2, the apparatus for performing unified authentication and authorization for multiple applications provided in this embodiment specifically includes:
a receiving module: the system comprises a client side or a platform, a unified authentication software development kit tool and a unified authentication software development kit tool, wherein the client side or the platform is used for receiving an authentication login request sent by the client side or the platform integrated with the unified authentication software development kit tool;
a checking module: the authentication server is used for verifying the authentication login request, if the authentication login request passes the verification, generating a corresponding authorization code according to the authentication login request and storing the authorization code in the authentication server;
a feedback module: for returning the authorization code to the corresponding client or platform;
a token generation module: the system comprises a client side and a subsystem in a platform, wherein the subsystem is used for receiving an authorization code sent by the client side or the platform if logging in the client side or the subsystem in the platform, judging whether the authorization code sent by the client side or the platform is stored in an authentication server side, and if yes, generating token information;
a login module: and the system is used for returning the generated token information and the user information to the corresponding subsystem in the client or the platform so as to log in the subsystem in the client or the platform.
More preferably, after the feedback module, the method further comprises:
a logout module: and the authorization code deleting module is used for deleting the corresponding authorization code if a login instruction or a logout instruction is sent by a client or a platform integrated with the unified authentication software development kit tool is received.
More preferably, before the token generation module, the method further includes:
a first redirection module: the login page used for controlling the client or the subsystem in the platform is redirected to the authentication server;
correspondingly, after the module is logged in, the method further comprises:
a second reorientation module: a landing page for controlling the client or a subsystem within the platform is redirected to the client.
According to the method and the device, the uniform authentication software development kit integrated by the client sends the authentication request to the authentication server, after the authentication is passed, the corresponding authorization code of the client is returned, and the login period of the client is maintained through the authorization code. After the authentication is successful, the client logically maintains the life cycle without verifying the authentication server by each request, so that the problem of high concurrency performance is avoided, and the unified authentication of the mobile terminal and the desktop client can be realized by the scheme.
The device for performing unified authentication and authorization for multiple applications provided by the embodiment of the application can be used for executing the method for performing unified authentication and authorization for multiple applications provided by the embodiment, and has corresponding functions and beneficial effects.
Referring to fig. 3, an electronic device according to an embodiment of the present disclosure includes: the device comprises a processor, a memory, a communication module, an input device and an output device. The number of processors in the electronic device may be one or more, and the number of memories in the electronic device may be one or more. The processor, memory, communication module, input device, and output device of the electronic device may be connected by a bus or other means.
The memory is used as a computer readable storage medium and can be used for storing software programs, computer executable programs, and modules, such as program instructions/modules corresponding to the method for performing unified authentication and authorization for multiple applications according to any embodiment of the present application (for example, a receiving module, a checking module, a feedback module, a token generation module, and a login module in a device for performing unified authentication and authorization for multiple applications). The memory can mainly comprise a program storage area and a data storage area, wherein the program storage area can store an operating system and an application program required by at least one function; the storage data area may store data created according to use of the device, and the like. Further, the memory may include high speed random access memory, and may also include non-volatile memory, such as at least one magnetic disk storage device, flash memory device, or other non-volatile solid state storage device. In some examples, the memory may further include memory located remotely from the processor, and these remote memories may be connected to the device over a network. Examples of such networks include, but are not limited to, the internet, intranets, local area networks, mobile communication networks, and combinations thereof.
The communication module is used for data transmission.
The processor executes various functional applications and data processing of the device by running software programs, instructions and modules stored in the memory, that is, the method for performing unified authentication and authorization for multiple applications is realized.
The input device may be used to receive input numeric or character information and to generate key signal inputs relating to user settings and function controls of the apparatus. The output device may include a display device such as a display screen.
According to the method and the device, the uniform authentication software development kit integrated by the client sends the authentication request to the authentication server, after the authentication is passed, the corresponding authorization code of the client is returned, and the login period of the client is maintained through the authorization code. After the authentication is successful, the client logically maintains the life cycle without verifying the authentication server by each request, so that the problem of high concurrency performance is avoided, and the unified authentication of the mobile terminal and the desktop client can be realized by the scheme.
The electronic device provided by the embodiment can be used for executing the method for performing unified authentication and authorization for multiple applications, and has corresponding functions and beneficial effects.
The embodiment of the present application further provides a storage medium containing computer-executable instructions, which when executed by a computer processor, are configured to perform a method for unified authentication and authorization for multiple applications, where the method for unified authentication and authorization for multiple applications includes:
receiving an authentication login request sent by a client or a platform integrated with a unified authentication software development kit;
the authentication login request is verified, if the verification is passed, a corresponding authorization code is generated according to the authentication login request, and the authorization code is stored in the authentication server;
returning the authorization code to the corresponding client or platform;
if logging in a subsystem in the client or the platform, receiving an authorization code sent by the client or the platform, judging whether the authorization code sent by the client or the platform is stored in the authentication server, and if so, generating token information;
and returning the generated token information and the user information to the corresponding subsystem in the client or the platform so as to log in the subsystem in the client or the platform.
Storage medium-any of various types of memory devices or storage devices. The term "storage medium" is intended to include: mounting media such as CD-ROM, floppy disk, or tape devices; computer system memory or random access memory such as DRAM, DDR RAM, SRAM, EDO RAM, Lanbas (Rambus) RAM, etc.; non-volatile memory such as flash memory, magnetic media (e.g., hard disk or optical storage); registers or other similar types of memory elements, etc. The storage medium may also include other types of memory or combinations thereof. In addition, the storage medium may be located in a first computer system in which the program is executed, or may be located in a different second computer system connected to the first computer system through a network (such as the internet). The second computer system may provide program instructions to the first computer for execution. The term "storage medium" may include two or more storage media residing in different locations, e.g., in different computer systems connected by a network. The storage medium may store program instructions (e.g., embodied as a computer program) that are executable by one or more processors.
Of course, the storage medium containing the computer-executable instructions provided in the embodiments of the present application is not limited to the above method for performing unified authentication and authorization for multiple applications, and may also perform related operations in the method for performing unified authentication and authorization for multiple applications provided in any embodiments of the present application.
The apparatus, the storage medium, and the electronic device for performing unified authentication and authorization for multiple applications provided in the foregoing embodiments may execute the method for performing unified authentication and authorization for multiple applications provided in any embodiments of the present application, and reference may be made to the method for performing unified authentication and authorization for multiple applications provided in any embodiments of the present application without detailed technical details described in the foregoing embodiments.
The foregoing is considered as illustrative of the preferred embodiments of the invention and the technical principles employed. The present application is not limited to the particular embodiments described herein, and various obvious changes, adaptations and substitutions may be made by those skilled in the art without departing from the scope of the present application. Therefore, although the present application has been described in more detail with reference to the above embodiments, the present application is not limited to the above embodiments, and may include other equivalent embodiments without departing from the spirit of the present application, and the scope of the present application is determined by the scope of the claims.
Claims (10)
1. A method for unified authentication and authorization facing multiple applications is characterized by comprising the following steps:
receiving an authentication login request sent by a client or a platform integrated with a unified authentication software development kit;
the authentication login request is verified, if the verification is passed, a corresponding authorization code is generated according to the authentication login request, and the authorization code is stored in the authentication server;
returning the authorization code to the corresponding client or platform;
if logging in a subsystem in a client or a platform, receiving an authorization code sent by the client or the platform, judging whether the authorization code sent by the client or the platform is stored in an authentication server, and if so, generating token information;
and returning the generated token information and the user information to the corresponding subsystem in the client or the platform so as to log in the subsystem in the client or the platform.
2. The method for unified authentication and authorization for multiple applications according to claim 1, further comprising, after the returning the authorization code to the corresponding client or platform:
and if a login instruction or a logout instruction sent by a client or a platform integrated with the unified authentication software development kit is received, deleting the corresponding authorization code.
3. The method for unified authentication and authorization for multiple applications according to claim 1, wherein the generating a corresponding authorization code according to the authentication login request and storing the authorization code in the authentication server includes:
generating a corresponding authorization code and a valid period according to the authentication login request, and storing the authorization code and the valid period in an authentication server;
correspondingly, the receiving an authorization code sent by a client or a platform, and judging whether the authorization code sent by the client or the platform is stored in an authentication server includes:
and receiving the authorization code and the login time information sent by the client or the platform, and judging whether the authorization code and the login time sent by the client or the platform are consistent with the authorization code and the valid period stored by the authentication server.
4. The method for unified authentication and authorization for multiple applications according to claim 1, wherein the generating a corresponding authorization code according to the authentication login request and storing the authorization code in the authentication server includes:
and generating a corresponding authorization code and a valid period according to the authentication login request, storing the authorization code and the valid period in an authentication server, and deleting the corresponding authorization code if the validity period is exceeded.
5. The method for unified authentication and authorization for multiple applications according to claim 1, wherein before receiving the authorization code sent by the client or the platform, the method further comprises:
controlling a login page of a subsystem in a client or a platform to be redirected to an authentication server;
correspondingly, after the step of returning the generated token information and the user information to the corresponding subsystem in the client or the platform to log in the subsystem in the client or the platform, the method further includes:
and controlling the login page of the client or the subsystem in the platform to be redirected to the client.
6. An apparatus for unified authentication and authorization for multiple applications, comprising:
a receiving module: the system comprises a client side or a platform, a unified authentication software development kit tool and a unified authentication software development kit tool, wherein the client side or the platform is used for receiving an authentication login request sent by the client side or the platform integrated with the unified authentication software development kit tool;
a checking module: the authentication server is used for verifying the authentication login request, if the authentication login request passes the verification, generating a corresponding authorization code according to the authentication login request and storing the authorization code in the authentication server;
a feedback module: the authorization code is returned to the corresponding client or platform;
a token generation module: the system comprises a client side and a subsystem in a platform, wherein the client side is used for receiving an authorization code sent by the client side or the platform if logging in the subsystem in the client side or the platform, judging whether the authorization code sent by the client side or the platform is stored in an authentication server side, and if yes, generating token information;
a login module: and the system is used for returning the generated token information and the user information to the corresponding subsystem in the client or the platform so as to log in the subsystem in the client or the platform.
7. The apparatus for unified authentication and authorization for multiple applications according to claim 6, further comprising after the feedback module:
a logout module: and the authorization code deleting module is used for deleting the corresponding authorization code if a login instruction or a logout instruction is sent by a client or a platform integrated with the unified authentication software development kit tool is received.
8. The apparatus for unified authentication and authorization for multiple applications according to claim 6, further comprising, before the token generation module:
a first redirection module: the login page used for controlling the client or the subsystem in the platform is redirected to the authentication server;
correspondingly, after the login module, the method further comprises:
a second reorientation module: a landing page for controlling the client or a subsystem within the platform is redirected to the client.
9. An electronic device, comprising:
a memory and one or more processors;
the memory for storing one or more programs;
when executed by the one or more processors, cause the one or more processors to implement a method for unified authentication authorization for multiple applications as recited in any of claims 1-7.
10. A storage medium containing computer-executable instructions for performing the method for unified authentication authorization for multiple applications according to any one of claims 1-7 when executed by a computer processor.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010282772.4A CN111475795A (en) | 2020-04-12 | 2020-04-12 | Method and device for unified authentication and authorization facing to multiple applications |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010282772.4A CN111475795A (en) | 2020-04-12 | 2020-04-12 | Method and device for unified authentication and authorization facing to multiple applications |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN111475795A true CN111475795A (en) | 2020-07-31 |
Family
ID=71751491
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010282772.4A Pending CN111475795A (en) | 2020-04-12 | 2020-04-12 | Method and device for unified authentication and authorization facing to multiple applications |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111475795A (en) |
Cited By (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109218298A (en) * | 2018-09-04 | 2019-01-15 | 中钞信用卡产业发展有限公司杭州区块链技术研究院 | A kind of application data access method and system |
| CN112689285A (en) * | 2020-12-10 | 2021-04-20 | 航天信息股份有限公司 | Authorization authentication method and system for mobile terminal SDK |
| CN113055371A (en) * | 2021-03-09 | 2021-06-29 | 上海明略人工智能(集团)有限公司 | Login authentication method and system for Internet of things TCP (Transmission control protocol) equipment |
| CN113098975A (en) * | 2021-04-16 | 2021-07-09 | 北京沃东天骏信息技术有限公司 | Cross-platform application publishing method and device |
| CN113536241A (en) * | 2021-06-01 | 2021-10-22 | 上海赫千电子科技有限公司 | Countable software authorization method for vehicle-mounted system |
| CN113721922A (en) * | 2021-09-01 | 2021-11-30 | 中建电子信息技术有限公司 | Big data internet of things management system based on micro-service |
| WO2022170849A1 (en) * | 2021-02-09 | 2022-08-18 | 华为技术有限公司 | Development kit authentication method and related device |
| CN115002057A (en) * | 2022-05-26 | 2022-09-02 | 威艾特科技(深圳)有限公司 | Distributed multi-server instant messaging method |
| CN115102782A (en) * | 2022-07-19 | 2022-09-23 | 平安科技(深圳)有限公司 | Client authentication method and device, storage medium and computer equipment |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105812314A (en) * | 2014-12-29 | 2016-07-27 | 北京新媒传信科技有限公司 | Method for logging in Internet application program by user and unified authentication platform |
| CN110086822A (en) * | 2019-05-07 | 2019-08-02 | 北京智芯微电子科技有限公司 | The realization method and system of unified identity authentication strategy towards micro services framework |
-
2020
- 2020-04-12 CN CN202010282772.4A patent/CN111475795A/en active Pending
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105812314A (en) * | 2014-12-29 | 2016-07-27 | 北京新媒传信科技有限公司 | Method for logging in Internet application program by user and unified authentication platform |
| CN110086822A (en) * | 2019-05-07 | 2019-08-02 | 北京智芯微电子科技有限公司 | The realization method and system of unified identity authentication strategy towards micro services framework |
Cited By (14)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109218298A (en) * | 2018-09-04 | 2019-01-15 | 中钞信用卡产业发展有限公司杭州区块链技术研究院 | A kind of application data access method and system |
| CN112689285B (en) * | 2020-12-10 | 2023-08-15 | 航天信息股份有限公司 | Authorization authentication method and system for mobile terminal SDK |
| CN112689285A (en) * | 2020-12-10 | 2021-04-20 | 航天信息股份有限公司 | Authorization authentication method and system for mobile terminal SDK |
| WO2022170849A1 (en) * | 2021-02-09 | 2022-08-18 | 华为技术有限公司 | Development kit authentication method and related device |
| CN113055371A (en) * | 2021-03-09 | 2021-06-29 | 上海明略人工智能(集团)有限公司 | Login authentication method and system for Internet of things TCP (Transmission control protocol) equipment |
| CN113098975A (en) * | 2021-04-16 | 2021-07-09 | 北京沃东天骏信息技术有限公司 | Cross-platform application publishing method and device |
| CN113536241A (en) * | 2021-06-01 | 2021-10-22 | 上海赫千电子科技有限公司 | Countable software authorization method for vehicle-mounted system |
| CN113536241B (en) * | 2021-06-01 | 2024-05-28 | 上海赫千电子科技有限公司 | Countable software authorization method for vehicle-mounted system |
| CN113721922B (en) * | 2021-09-01 | 2022-06-14 | 中建电子信息技术有限公司 | Big data Internet of things management system based on micro-service |
| CN113721922A (en) * | 2021-09-01 | 2021-11-30 | 中建电子信息技术有限公司 | Big data internet of things management system based on micro-service |
| CN115002057A (en) * | 2022-05-26 | 2022-09-02 | 威艾特科技(深圳)有限公司 | Distributed multi-server instant messaging method |
| CN115002057B (en) * | 2022-05-26 | 2024-04-12 | 威艾特科技(深圳)有限公司 | Distributed multi-server instant messaging method |
| CN115102782A (en) * | 2022-07-19 | 2022-09-23 | 平安科技(深圳)有限公司 | Client authentication method and device, storage medium and computer equipment |
| CN115102782B (en) * | 2022-07-19 | 2024-04-09 | 平安科技(深圳)有限公司 | Authentication method and device of client, storage medium and computer equipment |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111475795A (en) | Method and device for unified authentication and authorization facing to multiple applications | |
| CN107948167B (en) | Single sign-on method and device | |
| JP7042842B2 (en) | How to generate offline verification code based on smart door lock system and its system | |
| US10805301B2 (en) | Securely managing digital assistants that access third-party applications | |
| US11601412B2 (en) | Securely managing digital assistants that access third-party applications | |
| US10673866B2 (en) | Cross-account role management | |
| CN112597472B (en) | Single sign-on method, device and storage medium | |
| CN101764819B (en) | For detecting the method and system of man-in-the-browser attacks | |
| WO2021013033A1 (en) | File operation method, apparatus, device, and system, and computer readable storage medium | |
| CN103930897A (en) | Mobile application, single sign-on management | |
| CN111833507B (en) | Visitor authentication method, device, equipment and computer readable storage medium | |
| CA2909282A1 (en) | System and method for mobile single sign-on integration | |
| CN108073823B (en) | Data processing method, device and system | |
| CN112528262A (en) | Application program access method, device, medium and electronic equipment based on token | |
| US10817327B2 (en) | Network-accessible volume creation and leasing | |
| CN111343145A (en) | Redis-based single sign-on method and device | |
| CN103152351A (en) | Network equipment and AD (Active Directory) domain single sign on method and system | |
| CN112165448A (en) | Service processing method, device, system, computer equipment and storage medium | |
| CN113761509B (en) | iframe verification login method and device | |
| CN116170234B (en) | Single sign-on method and system based on virtual account authentication | |
| CN112560006A (en) | Single sign-on method and system under multi-application system | |
| CN103559430A (en) | Application account management method and device based on android system | |
| CN105681291A (en) | Method and system for realizing unified authentication of multiple clients | |
| CN112597118B (en) | Shared file adding method and device | |
| CN112422528B (en) | Client login method, device, system, electronic equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |