CN104734849B - The method and system that third-party application is authenticated - Google Patents
The method and system that third-party application is authenticated Download PDFInfo
- Publication number
- CN104734849B CN104734849B CN201310706124.7A CN201310706124A CN104734849B CN 104734849 B CN104734849 B CN 104734849B CN 201310706124 A CN201310706124 A CN 201310706124A CN 104734849 B CN104734849 B CN 104734849B
- Authority
- CN
- China
- Prior art keywords
- heartbeat packet
- party application
- user
- party
- token
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Landscapes
- Information Transfer Between Computers (AREA)
Abstract
This application discloses the method and system authenticated to third-party application, the method includes:After being authorized to third-party application, creating session and issue access token to third-party application, the access token is set to presence, and configure the effective time of presence;The heartbeat packet that browser where monitoring the third-party application within the effective time is sent, if listening to the heartbeat packet, then the legitimacy of the heartbeat packet is judged according to the cookie information carried in the heartbeat packet, if the heartbeat packet is legal, the effective time of the presence is once extended;When receiving the application programming interface API Calls request for carrying access token of third-party application transmission, by judging whether the access token is currently online, it determines whether user is used the third-party application, and the API Calls is responded according to judging result and are asked.By the application, the safety of user data can be improved.
Description
Technical field
This application involves third party's authentication techniques fields of open platform, are authenticated more particularly to third-party application
Method and system.
Background technology
Flatbed the Internet, applications(For example, e-commerce, using transaction platform etc.)In order to give user(For example, electronics quotient
It is engaged in, using the seller user in transaction platform)The service more segmented is provided, generally requires and introduces third party developer to complete.
For example, for E-commerce transaction platform, third party developer can be to click volume, across shop click, order turnover
The information such as the chat record in even related instant messaging tools are collected and analyze, and it is intuitive to can finally be provided to seller user
It is recommended that.That is, for the user of Mr. Yu's the Internet, applications, some browsed in the webpage of the Internet, applications count
Can be by third party App according to information such as analysis results(Application program)It provides.In order to support that it is above-mentioned that third-party application is realized
In function, E-commerce transaction platform, which generally requires, provides an open platform, some API are opened by open platform
(Application Programming Interface, application programming interface)To third party application developer, third party
App obtains some data by calling the API of open platform, and then provides the services such as corresponding analysis.
Open platform is supplied to the data of third party App that may be related to the private data of specific user, under normal circumstances,
Need the mandate of user that can just get.But open platform does not allow generally what third party App possessed oneself to log in authentication body
System, it is necessary to use the account system of open platform.The mandate system of existing open platform is generally assisted using using Oauth2.0
View.Oauth is an open standard of industry, for allowing user by third party App, operates the user in some website
The data of the secret of upper storage obtain the username and password of the user without third party App.
With enriching constantly with comprehensively for business, different want also proposed to the safety and preciseness that authorize system
It asks.Because may have a large amount of user almost to work on third party App, they are required on third party App more
It is conveniently accomplished almost all of operation.
But in existing mandate system, open platform only verifies the identity of user when user authorizes,
Once logging in mandate, user browser jumps to third party's App pages, and user just has been moved off open platform at this time, his appoints
What operation is all to come into contacts with third party App, and open platform only receives the API request of third party App.But open platform
It can only identify the API request of third party App, whether cannot be distinguished is that user oneself is using third party App.And this point,
It is the most weak ring of the open platform safety that is authorized based on Oauth, i.e. user authorizes third party App to read and write the user and opening
Be laid flat the data of platform, and when data of the third party App to read and write the user, open platform cannot distinguish between whether user
I is using, and then can not just open the higher business of demand for security.Such as:It is opened assuming that open platform will have agreed to reimbursement business
API is put into, the flowing of money is directly related to, if using existing Oauth agreements, third party App can be caused to have an opportunity to dislike
Meaning goes that user is helped to execute agreement reimbursement operation, and open platform cannot be distinguished, this will will appear user and have been switched off third
In the case of the page of square App, it has been found that there is the reimbursement of a transaction to be agreed, what this did not allowed certainly.
Therefore, the technical issues of there is an urgent need to those skilled in the art solve is that:How the awarding of open platform is improved
Power system so that whether the API request that open platform can distinguish third party App is feelings of the user using third party App
It is sent out under condition, and then determines whether that third party App opens sensitive data, to ensure the safety of user data.
Invention content
This application provides the method and system authenticated to third-party application, can improve the safety of user data
Property.
This application provides following schemes:
A method of third-party application is authenticated, it is real that the third-party application is based on browser/server framework
It is existing, be embedded in the page of the third-party application preset Software Development Kit SDK the method includes:
It, will be described after being authorized to third-party application, creating session and issue access token to third-party application
Access token is set to presence, and configures the effective time of presence;
The heartbeat packet that browser where monitoring the third-party application within the effective time is sent, if listened to described
Heartbeat packet then judges the legitimacy of the heartbeat packet according to the cookie information carried in the heartbeat packet, if described
Heartbeat packet is legal, then is once extended the effective time of the presence, wherein the heartbeat packet is in the third
In the state that Fang Yingyong obtains user and authorizes, and the page of third-party application is opened, drive browser every pre- by the SDK
Time transmission is set, the cookie information under preset domain name is carried in the heartbeat packet;
When receiving the application programming interface API Calls request for carrying access token of third-party application transmission,
By judging whether the access token is currently online, determine whether user is used the third-party application,
And the API Calls are responded according to judging result and are asked.
A method of third-party application is authenticated, it is real that the third-party application is based on user terminal/server framework
It is existing, preset SDK is embedded in the client of the third-party application, the method includes:
It, will be described after being authorized to third-party application, creating session and issue access token to third-party application
Access token is set to presence, and configures the effective time of presence;
The heartbeat packet that third-party application client transmission is monitored within the effective time, if listening to the heartbeat
Packet, then judge the legitimacy of the heartbeat packet according to the identity information carried in the heartbeat packet, if the heartbeat packet
It is legal, then the effective time of the presence is once extended;Wherein, the heartbeat packet is to be answered in the third party
It is authorized with user is obtained, and in the state that the client of third-party application is opened, the SDK drives client when preset
Between send, carry identity information of the user in the open platform in the heartbeat packet;
When receiving the API Calls request for carrying access token of the server end transmission of third-party application, by sentencing
Whether the access token that breaks currently is online, and determines whether user is used the third-party application, and according to
Judging result responds the API Calls request.
A kind of system authenticated to third-party application, it is real that the third-party application is based on browser/server framework
It is existing, preset Software Development Kit SDK is embedded in the page of the third-party application, the system comprises:
First token issues unit, for being authorized to third-party application, creating session and being issued to third-party application
After sending out access token, the access token is set to presence, and configure the effective time of presence;
First token status updating unit is sent out for browser where monitoring the third-party application within the effective time
The heartbeat packet sent, if listening to the heartbeat packet, according to the cookie information carried in the heartbeat packet to the heartbeat packet
Legitimacy judged, if the heartbeat packet is legal, the effective time of the presence is once extended,
Described in heartbeat packet be that obtaining user in the third-party application authorizes, and in the state that the page of third-party application is opened,
What the SDK drivings browser was sent every preset time, the cookie information under preset domain name is carried in the heartbeat packet;
First call request response unit, the application journey for carrying access token for receiving third-party application transmission
When sequence programming interface API Calls are asked, by judging whether the access token is currently online, whether user is determined
The third-party application is used, and the API Calls are responded according to judging result and are asked.
A kind of system authenticated to third-party application, it is real that the third-party application is based on user terminal/server framework
It is existing, preset SDK is embedded in the client of the third-party application, the system comprises:
Second token issues unit, for being authorized to third-party application, creating session and being issued to third-party application
After sending out access token, the access token is set to presence, and configure the effective time of presence;
Second token status updating unit, for monitoring third-party application client transmission within the effective time
Heartbeat packet, if listening to the heartbeat packet, according to the identity information carried in the heartbeat packet to the legal of the heartbeat packet
Property is judged, if the heartbeat packet is legal, the effective time of the presence is once extended, wherein institute
Stating heartbeat packet is, in the state that obtaining user in the third-party application authorizes, and the client of third-party application is opened, institute
It states SDK driving clients and sends a heartbeat packet every preset time, the identity information of user is carried in the heartbeat packet;
Second call request response unit, the access that carries that the server end for receiving third-party application is sent enable
When the API Calls request of board, by judging whether the access token is currently online, determine whether user makes
With the third-party application, and the API Calls are responded according to judging result and are asked.
According to specific embodiment provided by the present application, this application discloses following technique effects:
It, can be with by being embedded with the SDK of open platform offer in the page of third party App by the embodiment of the present application
As long as making in the state of the page open of third party App, SDK drives browser every preset time to open platform side
A heartbeat packet is sent, and carries the cookie information under the affiliated domain name in open platform website in heartbeat packet;Open platform is every
It is secondary receive heartbeat packet after, legitimacy can be verified, if verification, can be by the token terms of validity of respective session
Once extended, and token is set to presence, to show that the page of third party App is currently in open state.This
Sample, in the API Calls request that the server for receiving third party App is sent, so that it may therefrom to extract token first, and judge
Whether it is online, if it is, can allow third party's App calling that could only be called under presence
API returns to corresponding user data.Otherwise, if the token carried in the API Calls request that third party App is sent has located
In off-line state, then it can refuse this call request.As it can be seen that alloing open platform by judging in this way
Whether the page of tripartite App is in the open state, to judge whether active user is used the third party App, only true
It makes in the case that the third party App is used in user, the sensitive data that user can be just provided to third party App therefore can
To improve the safety of user data.
Certainly, any product for implementing the application does not necessarily require achieving all the advantages described above at the same time.
Description of the drawings
In order to illustrate the technical solutions in the embodiments of the present application or in the prior art more clearly, below will be to institute in embodiment
Attached drawing to be used is needed to be briefly described, it should be apparent that, the accompanying drawings in the following description is only some implementations of the application
Example, for those of ordinary skill in the art, without creative efforts, can also obtain according to these attached drawings
Obtain other attached drawings.
Fig. 1 is the flow chart of method provided by the embodiments of the present application;
Fig. 2 is the flow chart of another method provided by the embodiments of the present application;
Fig. 3 is the schematic diagram of the first system provided by the embodiments of the present application;
Fig. 4 is the schematic diagram of second system provided by the embodiments of the present application.
Specific implementation mode
Below in conjunction with the attached drawing in the embodiment of the present application, technical solutions in the embodiments of the present application carries out clear, complete
Site preparation describes, it is clear that described embodiments are only a part of embodiments of the present application, instead of all the embodiments.It is based on
Embodiment in the application, the every other embodiment that those of ordinary skill in the art are obtained belong to the application protection
Range.
Firstly the need of explanation, in the prior art, open platform to third-party application issued access token token it
Afterwards, the server-side of third-party application is when needing to open platform request call API to obtain corresponding data, so that it may to carry
The upper token, open platform lateral root determine whether third-party application has obtained the mandate of user according to the token.Certainly it is
Ensure that the safety of user data, the prior art generally also can be to be presented to the token setting timeliness of third-party application, example
Such as, the term of validity is usually even 1 year several hours, after the API Calls request for receiving third-party application server, only
If in the term of validity of token, so that it may to return to the corresponding user data of the API to third-party application server.Namely
It says, in the prior art, for the token for being presented to third-party application, can only go to be constrained by a time.And
The token of third-party application is likely to lose, once obtained by a hacker arrive, so that it may and to disguise oneself as, third-party application is put down from open
Platform obtains user data, therefore, relatively low to the protection of user data.
As it can be seen that existing mandate system, can only do rough mandate, even if open platform upgrades and is transformed to it,
The differentiation of the safe class of data has been done, it is corresponding to authorize duration that differentiation has also been made, or even introduce short mandate etc., purpose
Exactly in order not to excessively authorize, but still it can not effectively solve safety and the balance of user experience.
Therefore, User Session mechanism is introduced in the embodiment of the present application, can effectively be helped open platform to distinguish and be used
Whether family is used third party App, more accurately realizes delegated strategy by this information realization, can distinguish user's
Online(on-line)API and offline(off-line)API, when some third party App is used in user, this third party App is
On-line API can be called, off-line API otherwise can only be called.It can more accurately help third party App simultaneously
Whether legal distinguish active user.Concrete implementation mode is described in detail below.
Firstly the need of explanation before describing in detail, in practical applications, third party App is generally divided into B/S
(Browser/Server, browser/server)Framework and C/S(Client/Server, client/server)Framework,
In the embodiment of the present application, it is slightly different in specific implementation for the third party App of different frameworks, passes through embodiment first below
Third party App of a pair based on B/S frameworks is introduced.
Embodiment one
The so-called third party App based on B/S frameworks, user job interface are realized by web browser, seldom
Partial transaction logic realizes that major affairs logic is realized at server end (Server), as long as user exists at front end (Browser)
Web browser is installed in its client computer, you can to access the webpage of third party App, by the interactive interface provided in webpage,
Come the function of using the third party App to provide.
In the embodiment of the present application, open platform can provide a SDK for third party App(Software
Development Kit, Software Development Kit), can be by third party for the third party App of this B/S frameworks
App developer embedded SDK in its page.The SDK can be realized based on JavaScript, can when initialization
In one readjustment JS method of registration, the mode reality of Jsonp can be used in the TOP_Session newly issued for receiving open platform
Existing cross-domain data transmission.The most important effects of the SDK are, in the case where third party App obtains user and authorizes, it can be determined that the
Whether the page of tripartite App is in the state that is opened, if it is, SDK can drive browser when certain preset
Between(For example, three minutes, five minutes etc.)A heartbeat packet just is sent to open platform side, open platform is carried in the heartbeat packet
Cookie information under the affiliated domain in website, open platform can be based on the cookie informations carried in heartbeat packet come to heartbeat packet
Legitimacy is verified, in the case of legal, so that it may will be presented to the extension of validity of the token of current third party App
Once.That is, open platform be presented to the term of validity of the token of third party App than in the prior art want short, but can
By legal heartbeat packet to be extended, it is required for verifying the legitimacy of heartbeat packet before every time extending, if not
It is legal, mistake is returned, if not receiving heartbeat packet within the regular hour, it may be considered that user has had been switched off webpage,
Oneself third party App is not being used.
In order to make it easy to understand, several concepts are introduced here.
Heartbeat packet
In the embodiment of the present application, heartbeat packet is exactly the specific asynchronous timing HTTP initiated from user browser
(Hypertext transfer protocol, hypertext transfer protocol)Request, is all unaware to user and third party App
's.The authorization server of the through open platform of request, it can be the cookie under open platform domain to carry information, and there is opening in the inside
Specific mark under platform kind, meanwhile, also have recorded the corresponding third of each user at the authorization server end of open platform
Square App log in and heartbeat state information.Because user will log in open platform, third party's App pages are jumped to(If awarded
Power failure, then authorize, effectively then directly redirect again), in this way, the state of user is just continuous, when a user is from opening
After platform authorization center logs in, since the online situation for accessing third party App, until receiving effective heartbeat packet time-out.
In addition, due to the cookie information carried in heartbeat packet be open platform server-side kind under, be difficult to be forged.
It should be noted that in the embodiment of the present application, as long as the page of third party App opens, browser can week
The transmission heartbeat packet of phase property.But a page opens, general there are two types of situations, and one is users to browse the page really
Face, another kind are that although the page opens, but possible user is but other using journey in the other pages of browsing, or even using
Sequence.Since http protocol is inherently stateless, so when user opens third party's App pages, SDK.js is not
Know that interaction user is directly occurring with third party App and whether interacting, therefore, as long as the page of third party App
Face opens, even if current, there is no obtain operation focus(For example, user just browses other pages in other Shipping Options Pages of browser
Face), heartbeat packet, which remains on, to be sent to open platform according to the period.Certainly, the third party App pages are open in above-mentioned user not having but
Have in the case where current page operates, user does not use the third party App, if in this state also to open platform
Heartbeat packet is sent, open platform but will be considered that the third party App is used in active user, that is to say, that open platform can only be true
It makes whether the third party App pages are opened, and cannot really determine user whether really in the page for browsing the third party App.
This mode, which seems, may still can have certain risk, but be actually acceptable for service layer.
This is because first, the page of third party App opens really, it was demonstrated that active user not yet exits the application;Second, except when
After preceding user, other people(Such as hacker etc.)It is not aware that whether active user is used third party App;Third,
Under presence, allowing third party App that the business of some on-line API, these API can be called to be usually user can perceive
, for example, it may be possible to be associated with the mobile terminal device of user etc., user is notified by short message etc., in this way, even if occurring illegal
API request, active user is also that could be aware that;4th, for more high-risk API, such as:Batch agrees to reimbursement, though
So also belong to on-line API, but can be not only by judging whether token decides whether in on-line states
Allow this API Calls, but to be initiated in person by user, that is to say, that the secondary verification skill of API may be used in this kind of API
Art.About the realization method of specific secondary verification technique, it is not belonging to the protection category of the embodiment of the present application, here no longer in detail
It states.
It is further to note that browser to open platform send heartbeat packet when, can also to each heartbeat packet into
The heartbeat packet number can be " 0 ", next time is again when sending heartbeat packet for the first time wherein after completing a sub-authorization by row number
It is " 1 " with regard to number, correspondingly, open platform server end also may be used after receiving each heartbeat packet when sending new heartbeat packet
To record the number of the heartbeat packet received every time respectively, and then it can judge the company of heartbeat packet by the number of each heartbeat packet
Continuous property.In addition, for first heartbeat packet, number can also indicate that it is starting point by adding the modes such as special identifier.
token
When third party App carries out logging in mandate, after authorizing successfully, the authorization server of open platform can be with for
Tripartite App issues token.The signature of token itself and age information, open platform is contained in token.In addition, token
In can also carry user information(For example, subscriber identity information etc.).Certainly, in specific implementation, user information not necessarily can
Third party App is given, the permission control to third party App is referred here to.If third party App has permission acquisition user information,
User can be prompted when authorizing.If third party App does not have the permission of user information, the authorization server of open platform
The pet name obscured can be returned to, for third party App, it is only necessary to know user of the active user with regard to an open platform, and
Specifically which user need not be concerned about.In the embodiment of the present application, the term of validity of token is relatively short, needs to pass through third
SDK in the square App pages drives the heartbeat packet of browser transmission to extend its term of validity, each extended term of validity and heartbeat packet
Sending cycle can be identical.Also, in the term of validity of token, token can keep presence.Token's
Online or off-line state safeguards that effect is, when the server for receiving third party App is sent in open platform side
API Calls request when, extract the token of its carrying first, and judge whether the token is online, if so,
The third party App can just call on-line API.
Session
Session mechanism is a kind of solution of hold mode between a client and a server.In open platform
Authorization server side, session are preserved for each user, the value of variable on the server, with a sessionID
It is which user to distinguish.Due to the scheme using server end hold mode, it is also required to preserve a mark, institute in client
It is generally required with session mechanism and achievees the purpose that preserve mark by means of cookie mechanism.When open platform server connects
When receiving the request of some client, first check for whether having contained a session mark in the request of this client
(Referred to as session id), client created session thus before illustrating if having included, server just according to
This session is retrieved use by session id(Retrieval is less than can create one)If client request does not include
Session id, then client creates a session and generates a session associated with this session thus
The value of id, session id, which are one, will not only repeat, but also be not easy to be found rule the character string to copy, this
Session id will be returned to client preservation in this secondary response.
In the embodiment of the present application, when third party App carries out logging in mandate every time, session(Session)It will be again
It creates, after conversation establishing success, open platform can will send session identification to browser where the third-party application page
(Namely session id), it is however generally that, user identity information and browser identification information are carried in session id, it is clear
After device of looking at receives, so that it may to generate cookie information.In this way, when browser sends heartbeat packet to open platform, so that it may with
The upper cookie information is carried in heartbeat packet.Certainly, for browser, the case where user opens multiple webpages
Under, the cookie information of multiple websites may be had recorded, certainly, which website every cookie record is belonging respectively to, can be with
It is distinguished by corresponding website domain name, therefore, in the embodiment of the present application, opening can be extracted according to corresponding domain name
Cookie information under the affiliated domain name in platform website, then carries and is sent in heartbeat packet.
On the basis of the above, the embodiment of the present application provides a kind of method authenticated to third-party application,
Referring to Fig. 1, this method may comprise steps of:
S101:It, will after being authorized to third-party application, creating session and issue access token to third-party application
The access token is set to presence, and configures the effective time of presence;
Firstly the need of explanation, method shown in FIG. 1 is the angle from the authorization server of open platform to the application
The description that the technical solution of embodiment carries out, therefore, the executive agent of each step can be the authorization service of the open platform
Device.
In specific implementation, when user needs using certain third party App, so that it may with first by browser open this
The webpage of tripartite App, if user needs to access its data in open platform, third party App by the third party App
It can show that a login page, user can input its account registered in open platform in the login page to user
The information such as name, password, after confirmation, browser can be submitted to the authorization server of open platform.The mandate of open platform
Server verifies account name and password, by later, so that it may to create session for active user, and to third party App
It is authorized, by access token(token)It is presented to third party App.Certainly, while the token can be set to presence,
And effective time is configured, which, which may be embodied in token, is presented to third party App.
S102:The heartbeat packet that browser where monitoring the third-party application within the effective time is sent, if monitored
To the heartbeat packet, then the legitimacy of the heartbeat packet is judged according to the cookie information carried in the heartbeat packet, such as
Heartbeat packet described in fruit is legal, then is once extended the effective time of the presence;
After token is presented to third party App, so that it may to monitor from the browsing where third party's App pages
The heartbeat packet that device is sent.If listen to heartbeat packet within the effective time of token, so that it may with according to being carried in heartbeat packet
Cookie information judges the legitimacy of the heartbeat packet, if heartbeat packet is legal, by token presences it is effective when
Between once extended.Wherein, when the legitimacy to heartbeat packet judges, the cookie that can be carried according to heartbeat packet believes
Breath, determines corresponding session, then first determines whether the starting point that whether there is heart beat status in the session(Such as it can will complete
It authorizes, jumps to starting point of the state as heart beat status of tripartite App), if it does, judging the corresponding each heart of the session again
Whether continuous packet is jumped, if it is, judging that the heartbeat packet is legal.When specific implementation, due to when browser end sends heartbeat packet
Heartbeat packet can be numbered, accordingly, it is possible to which this number to judge whether heartbeat packet is continuous.
What needs to be explained here is that when browser end sends heartbeat packet, due to carrying session identification letter in heartbeat packet
Breath, therefore, can be according to the session identification carried in heartbeat packet to each heartbeat packet at the authorization server end of open platform
Information(For example, the number of heartbeat packet)It is preserved, after such a period of time, may be saved under the same session identification
The information of multiple heartbeat packets.When receiving a new heartbeat packet every time, so that it may to take out the number of the heartbeat packet, and be taken according to it
The session identification of band finds the number of other heartbeat packets received under the session, judge its whether with other heartbeat packets
Number is continuous, while can also judge to whether there is under the session starting point of heart beat status.If the judging result of two conditions
It is to be, then it can be assumed that the heartbeat packet is legal.Then by one time cycle of extension of validity of the corresponding token of the session
.Certainly, in practical applications, it is contemplated that the other factors such as user experience, it is also contemplated that the condition that will determine that suitably is put
Width decides that the heartbeat packet being currently received is legal as long as originating heartbeat packet for example, existing under corresponding session.Judging the heart
Jump inclusion method or it is illegal after, can also by way of Jsonp to the front ends third party App return judging result, for example,
True or false, then notify by front end the back-end server of third party App, to notify the application.Third party App is such as
Fruit receives false, can also show that the login interface of open platform, instruction user log in again to user again.
If open platform server end judges that the heartbeat packet for certain session being currently received is illegal, or when effective
The interior heartbeat packet for not receiving the session, then can be set to off-line state by the corresponding token of the session.
In this way, even if hacker etc. has got the token for being presented to third party App, and heartbeat packet has been forged,
Since hacker is not aware that heartbeat packet has had sent how many, the heartbeat packet that puppet is produced can not generally be carried out correct
Number, therefore, after being sent to open platform server, also due to there is no heart beat status starting point or with other hearts
It is discontinuous etc. to jump packet, is opened platform and is considered as illegal heartbeat packet, and then token is set to off-line state, therefore, Hei Ketong
Sample can not get the corresponding user data of on-line API, to ensure the safety of user data.
It should be noted that specific implementation when, when issuing token, the length of the effective time of configuration and every time
Extended effective time length can be equal, and the transmission interval time lengths of the effective time length and heartbeat packet can
To be equal, alternatively, the transmission interval time lengths of heartbeat packet can also be slightly larger than, in this way, being reached in heartbeat packet open flat
In the case that the time of platform slightly postpones, token directly can be set to off-line state to avoid open platform.
S103:The application programming interface API Calls for carrying access token for receiving third-party application transmission are asked
When asking, currently whether it is online by judging that the access token is set, determines whether user is used the third
Fang Yingyong, and the API Calls are responded according to judging result and are asked.
By foregoing manner, it can so that open platform side could be aware that whether the page of third party App is open shape
State, and then judge the API whether token for being presented to third party App can call some sensitive.Specifically, receiving
When what tripartite App was sent carries the API Calls request of token, it can extract and be carried in API Calls request first
Token determines whether user is used the third party App by judging whether the token is currently online, and
API Calls request is responded according to judging result.For example, if the token is currently at presence, and current request is called
API be on-line API, then corresponding user data can be returned to the server of corresponding third party App.Otherwise,
If the token is currently at off-line state, and the API that current request is called is on-line API, then refuses to corresponding
The server of third party App returns to corresponding user data, while can return to bomp.Certainly, if the token is current
In off-line state, but the API that current request is called is off-line API, that is to say, that the corresponding user of the API request
The susceptibility of data is relatively low, usually allows can to use in the case where authorizing without user, therefore, still can be with
Corresponding user data is returned to the server of corresponding third party App.
It should be noted that can also be third party App when receiving new heartbeat packet every time in practical applications
New token is issued, multiple token can be corresponded to by being equivalent in this way in the same session, and the server of third party App is each
When sending API Calls request, need, using the token newly issued in current heart beat cycle, to may further ensure that use in this way
The safety of user data.
It is further to note that in previously described implementation, it is inserted into the page by third party App
SDK drives browser to send heartbeat packet according to certain period automatically.In practical applications, it can also held by third party App
When row sensitive operation, SDK is called, then SDK drives browser to send heartbeat packet to the authorization server of open platform.This is quite
Then when third party App needs, the identity of user is verified again.Certainly, this mode realization need according to
Rely in third party App, if third party App is not followed strictly, for example, not sent but when the heartbeat packet of the transmission, with regard to nothing
Method ensures the safety of user's sensitive data.Therefore, in practical applications, heartbeat can be sent with SDK automatic trigger browsers
Based on the mode of packet, supplemented by the mode that third party App is called.That is, under normal circumstances, SDK is still periodically triggered
Browser sends heartbeat packet, while also providing calling interface for third party App, if third party App needs pair in interactive process
User identity is verified again, then SDK can be called actively to initiate a heartbeat packet.
In short, in the embodiment of the present application, by being embedded with the SDK of open platform offer in the page of third party App,
As long as can make in the state of the page open of third party App, SDK drives browser flat to opening every preset time
Platform side sends a heartbeat packet, and the cookie information under the affiliated domain name in open platform website is carried in heartbeat packet;It is open flat
After platform receives heartbeat packet every time, legitimacy can be verified, if verification, there can be the token of respective session
The effect phase is once extended, and token is set to presence, to show that the page of third party App is currently in open shape
State.In this way, in the API Calls request that the server for receiving third party App is sent, so that it may therefrom to extract token first, and
Judge whether to be online, if it is, can allow third party's App calling that could only call under presence
API, return to corresponding user data.Otherwise, if the token carried in the API Calls request that third party App is sent
In off-line state, then it can refuse this call request.As it can be seen that open platform is allow to pass through judgement in this way
Whether the page of third party App is in the open state, to judge whether active user is used the third party App, only exists
In the case of determining that the third party App is used in user, the sensitive data of user can be just provided to third party App, therefore,
It can ensure the safety of user data.
Embodiment two
Previous embodiment one is to be directed to the third party App based on B/S frameworks, provides specific method for authenticating, the implementation
Second example is directed to the third party App based on C/S frameworks, concrete implementation mode is described in detail.
The so-called application based on C/S frameworks is equivalent to be using being by the way that task is reasonably allocated to the ends Client
With the ends Server, the communication-cost of system is reduced, needs installation client that can just be managed operation.Client and server
The program at end is different, and mainly in client, it is total that server end mainly provides data management, data for the specific implementation interacted with user
It enjoys, data and system maintenance and con current control etc..That is, for third party App, above-mentioned C/S framves can also be passed through
Structure is realized.At this point, when user needs using the third party App, so that it may to install the third party App's in its client computer
Then client-side program runs the client-side program, you can enter the application interface of third party App.
In this case, it also needs to obtain when needing data of the user in open platform due to third party App
It is authorized to user, therefore, can also provide a login interface to the user, only user need not be in third party's App systems
Individual account information is registered, but direct account name and encrypted message using in open platform is logged in.Open platform
After being verified, third party App can be authorized, equally can be that the user creates a session, and generates one
Corresponding to the token of the session, it is presented to third party App;Equally, newly-generated token can also be configured with the corresponding term of validity
Information, and the term of validity is generally shorter, such as three minutes.It on the other hand, can also be embedding in the client of third-party application
The SDK for entering to have open platform to provide obtains user in third-party application and authorizes, and the shape that the client of third-party application is opened
Under state, SDK can drive client to send a heartbeat packet to open platform side every preset time, be carried in the heartbeat packet
Identity information of the user in open platform(Can be logical to Information Authentications such as user name passwords input by user in open platform
Later, open platform is sent to the client of third party App, certainly, for safety, is sent to user's body of third party App
Part information can only include username information).
Open platform is after the heartbeat packet that the client for receiving third party App is sent, so that it may with according to the identity of user
Information verifies the legitimacy of heartbeat packet, if the verification passes, then can be by the term of validity of the corresponding token of corresponding session
Once extended.Correspondingly, the API Calls for carrying token sent in the server end for receiving third-party application are asked
When asking, the token carried in API Calls request can be extracted, by judging whether token is currently online, really
Determine whether user is used third-party application, and API Calls request is responded according to judging result.For example, if token is current
It is online, then judges that the third party App is being currently used in user, therefore, even if the request of current API Calls belongs to pair
The call request of on-line API can also return to corresponding user data to third party App.Otherwise, if token is current
In off-line state, then user is judged currently without the third party App is used, therefore, if current API Calls request belongs to pair
The call request of on-line API can then be refused to return to corresponding user data to third party App, if current API Calls
Request belongs to the call request to off-line API, then can return to corresponding user data to third party App.
In short, referring to Fig. 2, the method that third-party application is authenticated which provides can specifically include with
Lower step:
S201:It, will after being authorized to third-party application, creating session and issue access token to third-party application
The access token is set to presence, and configures the effective time of presence;
S202:The heartbeat packet that third-party application client transmission is monitored within the effective time, if listening to institute
Heartbeat packet is stated, then the legitimacy of the heartbeat packet is judged according to the identity information carried in the heartbeat packet, if described
Heartbeat packet is legal, then is once extended the effective time of the presence;
S203:When receiving the API Calls request for carrying access token of the server end transmission of third-party application, lead to
It crosses and judges whether the access token is currently online, determine whether user is used the third-party application, and
The API Calls request is responded according to judging result.
It should be noted that about concrete implementation details in two each step of embodiment, portion corresponding with embodiment one
It is similar to divide, therefore may refer to the introduction in embodiment one, and which is not described herein again.
Corresponding with the method authenticated to third-party application that the embodiment of the present application one provides, the embodiment of the present application is also
A kind of system authenticated to third-party application is provided, the third-party application is realized based on browser/server framework,
It is characterized in that, being embedded with preset Software Development Kit SDK in the page of the third-party application referring to Fig. 3, the system
System includes:
First token issues unit 301, for being authorized to third-party application, creating session and to third-party application
After issuing access token, the access token is set to presence, and configure the effective time of presence;
First token status updating unit 302, for browsing where monitoring the third-party application within the effective time
The heartbeat packet that device is sent, if listening to the heartbeat packet, according to the cookie information carried in the heartbeat packet to the heart
The legitimacy for jumping packet is judged, if the heartbeat packet is legal, the effective time of the presence is once prolonged
Long, wherein the heartbeat packet is, obtaining user in the third-party application authorizes, and the shape that the page of third-party application is opened
Under state, what the SDK drivings browser was sent every preset time, the cookie under preset domain name is carried in the heartbeat packet
Information;
First call request response unit 303, for receive third-party application transmission carry answering for access token
When being asked with Program Interfaces API Calls, by judging whether the access token is currently online, user is determined
The third-party application whether is used, and the API Calls are responded according to judging result and are asked.
When specific implementation, can also include:
Session identification returning unit provides access to third-party application and enables for being authorized to third-party application
After board, browser where to the third-party application page sends session identification, and user's mark is carried in the session identification
Information and browser identification information are known, so that the browser generates cookie information.
Specifically, the first token status updating unit 302 specifically can be used for:
According to the cookie information that the heartbeat packet carries, judge that the heart beat status of current third party application respective session is
It is no there are whether starting point and the corresponding each heartbeat packet of the session continuous, if it is, judging that the heartbeat packet is legal.
Wherein, each heartbeat packet that browser is sent carries out serial number, the first token shape according to the priority of transmission
State updating unit 302, including:
Determination subelement, for the cookie information that is carried according to the heartbeat packet, determination have been received about working as
Each heartbeat packet of preceding session;
Judgment sub-unit judges whether heart beat status for the number according to each heartbeat packet having been received
Starting point, and according to the number for the heartbeat packet being currently received and the number for each heartbeat packet having been received, judge to work as
Before the heartbeat packet that receives with whether each heartbeat packet has been received continuous.
In addition, the system can also include:
As a result returning unit, for after judging whether heartbeat packet is legal, judging result information to be returned to browser.
Length for the effective time of access token configuration and each extended effective time length, the hair with heartbeat packet
Send interval time lengths equal, or slightly larger than the transmission interval time lengths of heartbeat packet.
Can also include:
Token retransmission unit, for after judging that heartbeat packet is legal, providing the access of information to third-party application again
Token.
Further include:
Third token status updating unit, if for not monitoring heartbeat packet within effective time, or judge to supervise
It is illegal to measure heartbeat packet, then the access token is set to off-line state.
Error warning unit, after the API Calls request that the server for receiving third-party application is sent, if described
The access token carried in API Calls request is in off-line state, and API Calls request is that access token is in threadiness
It could be responded when state, then return to bomp information.
When the SDK is additionally operable to receive the request of the transmission heartbeat packet of third-party application, then browser is driven to send the heart
Jump packet.
Corresponding with the method authenticated to third-party application that the embodiment of the present application two provides, the embodiment of the present application is also
A kind of system authenticated to third-party application is provided, the third-party application is realized based on user terminal/server framework,
It is characterized in that, be embedded with preset SDK in the client of the third-party application, referring to Fig. 4, the system comprises:
Second token issues unit 401, for being authorized to third-party application, creating session and to third-party application
After issuing access token, the access token is set to presence, and configure the effective time of presence;
Second token status updating unit 402, for monitoring third-party application client hair within the effective time
The heartbeat packet sent, if listening to the heartbeat packet, according to the identity information carried in the heartbeat packet to the heartbeat packet
Legitimacy is judged, if the heartbeat packet is legal, the effective time of the presence is once extended,
In, the heartbeat packet is that obtaining user in the third-party application authorizes, and the state that the client of third-party application is opened
Under, the SDK driving clients send a heartbeat packet every preset time, and the identity letter of user is carried in the heartbeat packet
Breath;
Second call request response unit 403, what the server end for receiving third-party application was sent carries visit
When asking the API Calls request of token, by judging whether the access token is currently online, whether just user is determined
The third-party application is being used, and the API Calls are responded according to judging result and are asked.
It, can be with by being embedded with the SDK of open platform offer in the page of third party App by the embodiment of the present application
As long as making in the state of the page open of third party App, SDK drives browser every preset time to open platform side
A heartbeat packet is sent, and carries the cookie information under the affiliated domain name in open platform website in heartbeat packet;Open platform is every
It is secondary receive heartbeat packet after, legitimacy can be verified, if verification, can be by the token terms of validity of respective session
Once extended, and token is set to presence, to show that the page of third party App is currently in open state.This
Sample, in the API Calls request that the server for receiving third party App is sent, so that it may therefrom to extract token first, and judge
Whether it is online, if it is, can allow third party's App calling that could only be called under presence
API returns to corresponding user data.Otherwise, if the token carried in the API Calls request that third party App is sent has located
In off-line state, then it can refuse this call request.As it can be seen that alloing open platform by judging in this way
Whether the page of tripartite App is in the open state, to judge whether active user is used the third party App, only true
It makes in the case that the third party App is used in user, the sensitive data that user can be just provided to third party App therefore can
To ensure the safety of user data.
As seen through the above description of the embodiments, those skilled in the art can be understood that the application can
It is realized by the mode of software plus required general hardware platform.Based on this understanding, the technical solution essence of the application
On in other words the part that contributes to existing technology can be expressed in the form of software products, the computer software product
It can be stored in a storage medium, such as ROM/RAM, magnetic disc, CD, including some instructions are used so that a computer equipment
(Can be personal computer, server or the network equipment etc.)Execute the certain of each embodiment of the application or embodiment
Method described in part.
Each embodiment in this specification is described in a progressive manner, identical similar portion between each embodiment
Point just to refer each other, and each embodiment focuses on the differences from other embodiments.Especially for system or
For system embodiment, since it is substantially similar to the method embodiment, so describing fairly simple, related place is referring to method
The part of embodiment illustrates.System and system embodiment described above is only schematical, wherein the conduct
The unit that separating component illustrates may or may not be physically separated, the component shown as unit can be or
Person may not be physical unit, you can be located at a place, or may be distributed over multiple network units.It can root
According to actual need that some or all of module therein is selected to achieve the purpose of the solution of this embodiment.Ordinary skill
Personnel are without creative efforts, you can to understand and implement.
Above to the method and system provided herein authenticated to third-party application, it is described in detail,
Specific examples are used herein to illustrate the principle and implementation manner of the present application, and the explanation of above example is only used
Understand the present processes and its core concept in help;Meanwhile for those of ordinary skill in the art, according to the application's
Thought, there will be changes in the specific implementation manner and application range.In conclusion the content of the present specification should not be construed as
Limitation to the application.
Claims (12)
1. a kind of method authenticated to third-party application, the third-party application is realized based on browser/server framework,
It is characterized in that, preset Software Development Kit SDK is embedded in the page of the third-party application, the method includes:
After being authorized to third-party application, creating session and issue access token to third-party application, by the access
Token is set to presence, and configures the effective time of presence;
The heartbeat packet that browser where monitoring the third-party application within the effective time is sent, if listening to the heartbeat
Packet carries out the legitimacy of the heartbeat packet then according to the number of the cookie information and heartbeat packet that are carried in the heartbeat packet
Judge, if the heartbeat packet is legal, the effective time of the presence is once extended;Wherein, the heartbeat
In the state that packet authorizes to obtain user in the third-party application, and the page of third-party application is opened, driven by the SDK
What dynamic browser was sent every preset time, the cookie information under preset domain name is carried in the heartbeat packet;
When receiving the application programming interface API Calls request for carrying access token of third-party application transmission, pass through
Judge whether the access token is currently online, determines whether user is used the third-party application, and root
It is judged that result responds the API Calls request.
2. according to the method described in claim 1, it is characterized in that, third-party application is authorized, create session and to
After third-party application provides access token, further include:
Browser where to the third-party application page sends session identification, and user identifier letter is carried in the session identification
Breath and browser identification information, so that the browser generates cookie information.
3. according to the method described in claim 1, it is characterized in that, described according to the cookie information carried in the heartbeat packet
The legitimacy of the heartbeat packet is judged, including:
According to the cookie information that the heartbeat packet carries, judge whether the heart beat status of current third party application respective session is deposited
It is whether continuous in starting point and the corresponding each heartbeat packet of the session, if it is, judging that the heartbeat packet is legal.
4. according to the method described in claim 3, it is characterized in that, each heartbeat packet for sending of browser is according to the priority of transmission
Serial number is carried out, the cookie information carried according to the heartbeat packet judges current third party application respective session
Whether heart beat status is continuous with the presence or absence of starting point and the corresponding each heartbeat packet of the session, including:
According to the cookie information that the heartbeat packet carries, each heartbeat packet about current sessions having been received is determined;
According to the number for each heartbeat packet having been received, the starting point of heart beat status is judged whether, and according to currently connecing
The number of the number of the heartbeat packet received and each heartbeat packet having been received, judge the heartbeat packet being currently received with
It is received whether continuous to each heartbeat packet.
5. according to the method described in claim 1, it is characterized in that, further including:
Length for the effective time of access token configuration and each extended effective time length, between the transmission of heartbeat packet
It is equal every time span, or slightly larger than the transmission interval time lengths of heartbeat packet.
6. method according to any one of claims 1 to 5, which is characterized in that further include:
After judging that heartbeat packet is legal, the access token of information is provided to third-party application again, so as to third-party application
Server sends API Calls using new access token in lower heart cycle and asks.
7. method according to any one of claims 1 to 5, which is characterized in that further include:
If not monitoring heartbeat packet within effective time, or judge to monitor that heartbeat packet is illegal, then by the access
Token is set to off-line state.
8. the method according to the description of claim 7 is characterized in that further including:
After the API Calls request for receiving the server transmission of third-party application, if the visit carried in API Calls request
Ask that token is in off-line state, and the API Calls ask to respond when being online for access token, then return out
Wrong prompt message.
9. method according to any one of claims 1 to 5, which is characterized in that the SDK, which is additionally operable to receive third party, to be answered
When sending the request of heartbeat packet, then browser is driven to send heartbeat packet.
10. a kind of method authenticated to third-party application, it is real that the third-party application is based on user terminal/server framework
It is existing, which is characterized in that preset SDK is embedded in the client of the third-party application, the method includes:
After being authorized to third-party application, creating session and issue access token to third-party application, by the access
Token is set to presence, and configures the effective time of presence;
The heartbeat packet that third-party application client transmission is monitored within the effective time, if listening to the heartbeat packet,
Then the legitimacy of the heartbeat packet is judged according to the identity information carried in the heartbeat packet, if the heartbeat includes
Method is then once extended the effective time of the presence;Wherein, the heartbeat packet is, in the third-party application
In the state that acquisition user authorizes, and the client of third-party application is opened, the SDK drives client every preset time
It sends, the identity information of user is carried in the heartbeat packet;
When receiving the API Calls request for carrying access token of the server end transmission of third-party application, by judging
It states whether access token is currently online, determines whether user is used the third-party application, and according to judgement
As a result the API Calls request is responded.
11. a kind of system authenticated to third-party application, it is real that the third-party application is based on browser/server framework
It is existing, which is characterized in that preset Software Development Kit SDK, the system packet are embedded in the page of the third-party application
It includes:
First token issues unit, for being authorized to third-party application, creating session and issue visit to third-party application
After asking token, the access token is set to presence, and configure the effective time of presence;
First token status updating unit is sent for browser where monitoring the third-party application within the effective time
Heartbeat packet, if listening to the heartbeat packet, according to the volume of the cookie information and heartbeat packet that are carried in the heartbeat packet
Number, the legitimacy of the heartbeat packet is judged, if the heartbeat packet is legal, by the effective time of the presence into
Row is primary to be extended, wherein the heartbeat packet is, obtaining user in the third-party application authorizes, and the page quilt of third-party application
In the state of opening, what the SDK drivings browser was sent every preset time, it is carried in the heartbeat packet under preset domain name
Cookie information;
First call request response unit, the application program for carrying access token for receiving third-party application transmission are compiled
When journey interface API Calls are asked, by judging whether the access token is currently online, whether user is determined
Using the third-party application, and the API Calls are responded according to judging result and are asked.
12. a kind of system authenticated to third-party application, it is real that the third-party application is based on user terminal/server framework
It is existing, which is characterized in that preset SDK is embedded in the client of the third-party application, the system comprises:
Second token issues unit, for being authorized to third-party application, creating session and issue visit to third-party application
After asking token, the access token is set to presence, and configure the effective time of presence;
Second token status updating unit, the heartbeat for monitoring third-party application client transmission within the effective time
Packet, if listening to the heartbeat packet, according to the identity information carried in the heartbeat packet to the legitimacy of the heartbeat packet into
Row judges, if the heartbeat packet is legal, the effective time of the presence is once extended, wherein the heart
Jumping packet is, described in the state that obtaining user in the third-party application authorizes, and the client of third-party application is opened
SDK drives client to send a heartbeat packet every preset time, and the identity information of user is carried in the heartbeat packet;
Second call request response unit, what the server end for receiving third-party application was sent carries access token
When API Calls are asked, by judging whether the access token is currently online, determine whether user is used institute
Third-party application is stated, and the API Calls are responded according to judging result and are asked.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201310706124.7A CN104734849B (en) | 2013-12-19 | 2013-12-19 | The method and system that third-party application is authenticated |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201310706124.7A CN104734849B (en) | 2013-12-19 | 2013-12-19 | The method and system that third-party application is authenticated |
Publications (2)
Publication Number | Publication Date |
---|---|
CN104734849A CN104734849A (en) | 2015-06-24 |
CN104734849B true CN104734849B (en) | 2018-09-18 |
Family
ID=53458312
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201310706124.7A Active CN104734849B (en) | 2013-12-19 | 2013-12-19 | The method and system that third-party application is authenticated |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN104734849B (en) |
Families Citing this family (19)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106528056A (en) * | 2015-09-09 | 2017-03-22 | 阿里巴巴集团控股有限公司 | Control method and device for system function |
CN105450425B (en) * | 2015-12-25 | 2019-03-01 | 北京奇虎科技有限公司 | Realize the method and device of user's online control |
CN106982187B (en) * | 2016-01-15 | 2020-12-01 | 中兴通讯股份有限公司 | Resource authorization method and device |
CN106982239B (en) * | 2016-01-18 | 2020-01-17 | 中国移动通信集团公司 | Multi-electronic channel life reporting method and device |
CN107342966B (en) * | 2016-04-29 | 2019-05-03 | 北京京东尚科信息技术有限公司 | Authority credentials distribution method and device |
JP6476402B2 (en) * | 2016-05-20 | 2019-03-06 | システムメトリックス株式会社 | Authentication system |
CN105933732B (en) * | 2016-06-14 | 2019-08-27 | 天脉聚源(北京)传媒科技有限公司 | A kind of video playing duration statistical method and system |
CN107196943B (en) * | 2017-05-26 | 2019-09-20 | 浙江大学 | A kind of security display implementation method of private data in third-party platform |
CN107920063A (en) * | 2017-11-07 | 2018-04-17 | 杭州安恒信息技术有限公司 | A kind of method of online updating tokenID |
CN108763921B (en) * | 2018-05-29 | 2019-04-02 | 北京迪诺益佳信息科技有限公司 | A kind of method of application software and SDK control |
CN108846263B (en) * | 2018-05-31 | 2020-10-27 | 北京市商汤科技开发有限公司 | Software authorization processing and running method and device and electronic equipment |
CN109165059B (en) * | 2018-07-11 | 2022-03-22 | 绿湾网络科技有限公司 | Page locking method and device |
CN109547422B (en) * | 2018-11-09 | 2021-06-25 | 福建天泉教育科技有限公司 | Method and terminal for automatically renewing login state |
CN109635596B (en) * | 2018-12-14 | 2024-04-12 | 闪联信息技术工程中心有限公司 | Safety protection system and method for multimedia touch control integrated machine |
CN109600306B (en) * | 2019-01-22 | 2020-10-27 | 腾讯科技(深圳)有限公司 | Method, device and storage medium for creating session |
CN111639327A (en) * | 2020-05-29 | 2020-09-08 | 深圳前海微众银行股份有限公司 | Authentication method and device for open platform |
CN112398856B (en) * | 2020-11-17 | 2022-11-29 | 平安普惠企业管理有限公司 | Page access method, device, equipment and storage medium |
CN112866385B (en) * | 2021-01-19 | 2022-06-24 | 北京字跳网络技术有限公司 | Interface calling method and device, electronic equipment and storage medium |
CN115766206A (en) * | 2022-11-14 | 2023-03-07 | 网易(杭州)网络有限公司 | Application login processing method and device, electronic equipment and storage medium |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102378170A (en) * | 2010-08-27 | 2012-03-14 | 中国移动通信有限公司 | Method, device and system of authentication and service calling |
CN102394887A (en) * | 2011-11-10 | 2012-03-28 | 杭州东信北邮信息技术有限公司 | OAuth protocol-based safety certificate method of open platform and system thereof |
CN102611709A (en) * | 2012-03-31 | 2012-07-25 | 奇智软件(北京)有限公司 | Access control method and system for third party resources |
CN103051630A (en) * | 2012-12-21 | 2013-04-17 | 微梦创科网络科技(中国)有限公司 | Method, device and system for implementing authorization of third-party application based on open platform |
CN103378969A (en) * | 2012-04-12 | 2013-10-30 | 腾讯科技(北京)有限公司 | Authorization method, system and third party application system |
-
2013
- 2013-12-19 CN CN201310706124.7A patent/CN104734849B/en active Active
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102378170A (en) * | 2010-08-27 | 2012-03-14 | 中国移动通信有限公司 | Method, device and system of authentication and service calling |
CN102394887A (en) * | 2011-11-10 | 2012-03-28 | 杭州东信北邮信息技术有限公司 | OAuth protocol-based safety certificate method of open platform and system thereof |
CN102611709A (en) * | 2012-03-31 | 2012-07-25 | 奇智软件(北京)有限公司 | Access control method and system for third party resources |
CN103378969A (en) * | 2012-04-12 | 2013-10-30 | 腾讯科技(北京)有限公司 | Authorization method, system and third party application system |
CN103051630A (en) * | 2012-12-21 | 2013-04-17 | 微梦创科网络科技(中国)有限公司 | Method, device and system for implementing authorization of third-party application based on open platform |
Also Published As
Publication number | Publication date |
---|---|
CN104734849A (en) | 2015-06-24 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN104734849B (en) | The method and system that third-party application is authenticated | |
US10015157B2 (en) | Multi-domain applications with authorization and authentication in cloud environment | |
EP2307982B1 (en) | Method and service integration platform system for providing internet services | |
JP4394951B2 (en) | Method and system for secure processing of electronic business transactions over the Internet | |
CN101771532B (en) | Method, device and system for realizing resource sharing | |
US20140189839A1 (en) | Single sign-on methods and apparatus therefor | |
US10547602B2 (en) | Communications methods and apparatus related to web initiated sessions | |
CN105337949B (en) | A kind of SSO authentication method, web server, authentication center and token verify center | |
CN101990183B (en) | Method, device and system for protecting user information | |
CN112468481B (en) | Single-page and multi-page web application identity integrated authentication method based on CAS | |
CN104580364B (en) | A kind of method and apparatus of resource sharing | |
CN105049427B (en) | The management method and device of application system login account | |
CN111355713B (en) | Proxy access method, device, proxy gateway and readable storage medium | |
CN109525604A (en) | A kind of method and relevant device of account binding | |
US8694993B1 (en) | Virtualization platform for secured communications between a user device and an application server | |
JP2007310512A (en) | Communication system, service providing server, and user authentication server | |
CN106331003B (en) | The access method and device of application door system on a kind of cloud desktop | |
CN109067785A (en) | Cluster authentication method, device | |
WO2023029138A1 (en) | Login method, electronic device and computer-readable storage medium | |
CN105991640B (en) | Handle the method and device of HTTP request | |
US20100293604A1 (en) | Interactive authentication challenge | |
CN108055314A (en) | The management method and group system of a kind of group system | |
CN103297462B (en) | The verification method and device of a kind of business object | |
CN105959278B (en) | A kind of method, apparatus and system for calling VPN | |
CN106302479B (en) | A kind of single-point logging method and system for multi-service internet site |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |