CN104734849B - The method and system that third-party application is authenticated - Google Patents

The method and system that third-party application is authenticated Download PDF

Info

Publication number
CN104734849B
CN104734849B CN201310706124.7A CN201310706124A CN104734849B CN 104734849 B CN104734849 B CN 104734849B CN 201310706124 A CN201310706124 A CN 201310706124A CN 104734849 B CN104734849 B CN 104734849B
Authority
CN
China
Prior art keywords
heartbeat packet
party application
user
party
token
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201310706124.7A
Other languages
Chinese (zh)
Other versions
CN104734849A (en
Inventor
涂靖
王雄
顾风胜
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Alibaba Group Holding Ltd
Original Assignee
Alibaba Group Holding Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Alibaba Group Holding Ltd filed Critical Alibaba Group Holding Ltd
Priority to CN201310706124.7A priority Critical patent/CN104734849B/en
Publication of CN104734849A publication Critical patent/CN104734849A/en
Application granted granted Critical
Publication of CN104734849B publication Critical patent/CN104734849B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Landscapes

  • Information Transfer Between Computers (AREA)

Abstract

This application discloses the method and system authenticated to third-party application, the method includes:After being authorized to third-party application, creating session and issue access token to third-party application, the access token is set to presence, and configure the effective time of presence;The heartbeat packet that browser where monitoring the third-party application within the effective time is sent, if listening to the heartbeat packet, then the legitimacy of the heartbeat packet is judged according to the cookie information carried in the heartbeat packet, if the heartbeat packet is legal, the effective time of the presence is once extended;When receiving the application programming interface API Calls request for carrying access token of third-party application transmission, by judging whether the access token is currently online, it determines whether user is used the third-party application, and the API Calls is responded according to judging result and are asked.By the application, the safety of user data can be improved.

Description

The method and system that third-party application is authenticated
Technical field
This application involves third party's authentication techniques fields of open platform, are authenticated more particularly to third-party application Method and system.
Background technology
Flatbed the Internet, applications(For example, e-commerce, using transaction platform etc.)In order to give user(For example, electronics quotient It is engaged in, using the seller user in transaction platform)The service more segmented is provided, generally requires and introduces third party developer to complete. For example, for E-commerce transaction platform, third party developer can be to click volume, across shop click, order turnover The information such as the chat record in even related instant messaging tools are collected and analyze, and it is intuitive to can finally be provided to seller user It is recommended that.That is, for the user of Mr. Yu's the Internet, applications, some browsed in the webpage of the Internet, applications count Can be by third party App according to information such as analysis results(Application program)It provides.In order to support that it is above-mentioned that third-party application is realized In function, E-commerce transaction platform, which generally requires, provides an open platform, some API are opened by open platform (Application Programming Interface, application programming interface)To third party application developer, third party App obtains some data by calling the API of open platform, and then provides the services such as corresponding analysis.
Open platform is supplied to the data of third party App that may be related to the private data of specific user, under normal circumstances, Need the mandate of user that can just get.But open platform does not allow generally what third party App possessed oneself to log in authentication body System, it is necessary to use the account system of open platform.The mandate system of existing open platform is generally assisted using using Oauth2.0 View.Oauth is an open standard of industry, for allowing user by third party App, operates the user in some website The data of the secret of upper storage obtain the username and password of the user without third party App.
With enriching constantly with comprehensively for business, different want also proposed to the safety and preciseness that authorize system It asks.Because may have a large amount of user almost to work on third party App, they are required on third party App more It is conveniently accomplished almost all of operation.
But in existing mandate system, open platform only verifies the identity of user when user authorizes, Once logging in mandate, user browser jumps to third party's App pages, and user just has been moved off open platform at this time, his appoints What operation is all to come into contacts with third party App, and open platform only receives the API request of third party App.But open platform It can only identify the API request of third party App, whether cannot be distinguished is that user oneself is using third party App.And this point, It is the most weak ring of the open platform safety that is authorized based on Oauth, i.e. user authorizes third party App to read and write the user and opening Be laid flat the data of platform, and when data of the third party App to read and write the user, open platform cannot distinguish between whether user I is using, and then can not just open the higher business of demand for security.Such as:It is opened assuming that open platform will have agreed to reimbursement business API is put into, the flowing of money is directly related to, if using existing Oauth agreements, third party App can be caused to have an opportunity to dislike Meaning goes that user is helped to execute agreement reimbursement operation, and open platform cannot be distinguished, this will will appear user and have been switched off third In the case of the page of square App, it has been found that there is the reimbursement of a transaction to be agreed, what this did not allowed certainly.
Therefore, the technical issues of there is an urgent need to those skilled in the art solve is that:How the awarding of open platform is improved Power system so that whether the API request that open platform can distinguish third party App is feelings of the user using third party App It is sent out under condition, and then determines whether that third party App opens sensitive data, to ensure the safety of user data.
Invention content
This application provides the method and system authenticated to third-party application, can improve the safety of user data Property.
This application provides following schemes:
A method of third-party application is authenticated, it is real that the third-party application is based on browser/server framework It is existing, be embedded in the page of the third-party application preset Software Development Kit SDK the method includes:
It, will be described after being authorized to third-party application, creating session and issue access token to third-party application Access token is set to presence, and configures the effective time of presence;
The heartbeat packet that browser where monitoring the third-party application within the effective time is sent, if listened to described Heartbeat packet then judges the legitimacy of the heartbeat packet according to the cookie information carried in the heartbeat packet, if described Heartbeat packet is legal, then is once extended the effective time of the presence, wherein the heartbeat packet is in the third In the state that Fang Yingyong obtains user and authorizes, and the page of third-party application is opened, drive browser every pre- by the SDK Time transmission is set, the cookie information under preset domain name is carried in the heartbeat packet;
When receiving the application programming interface API Calls request for carrying access token of third-party application transmission, By judging whether the access token is currently online, determine whether user is used the third-party application, And the API Calls are responded according to judging result and are asked.
A method of third-party application is authenticated, it is real that the third-party application is based on user terminal/server framework It is existing, preset SDK is embedded in the client of the third-party application, the method includes:
It, will be described after being authorized to third-party application, creating session and issue access token to third-party application Access token is set to presence, and configures the effective time of presence;
The heartbeat packet that third-party application client transmission is monitored within the effective time, if listening to the heartbeat Packet, then judge the legitimacy of the heartbeat packet according to the identity information carried in the heartbeat packet, if the heartbeat packet It is legal, then the effective time of the presence is once extended;Wherein, the heartbeat packet is to be answered in the third party It is authorized with user is obtained, and in the state that the client of third-party application is opened, the SDK drives client when preset Between send, carry identity information of the user in the open platform in the heartbeat packet;
When receiving the API Calls request for carrying access token of the server end transmission of third-party application, by sentencing Whether the access token that breaks currently is online, and determines whether user is used the third-party application, and according to Judging result responds the API Calls request.
A kind of system authenticated to third-party application, it is real that the third-party application is based on browser/server framework It is existing, preset Software Development Kit SDK is embedded in the page of the third-party application, the system comprises:
First token issues unit, for being authorized to third-party application, creating session and being issued to third-party application After sending out access token, the access token is set to presence, and configure the effective time of presence;
First token status updating unit is sent out for browser where monitoring the third-party application within the effective time The heartbeat packet sent, if listening to the heartbeat packet, according to the cookie information carried in the heartbeat packet to the heartbeat packet Legitimacy judged, if the heartbeat packet is legal, the effective time of the presence is once extended, Described in heartbeat packet be that obtaining user in the third-party application authorizes, and in the state that the page of third-party application is opened, What the SDK drivings browser was sent every preset time, the cookie information under preset domain name is carried in the heartbeat packet;
First call request response unit, the application journey for carrying access token for receiving third-party application transmission When sequence programming interface API Calls are asked, by judging whether the access token is currently online, whether user is determined The third-party application is used, and the API Calls are responded according to judging result and are asked.
A kind of system authenticated to third-party application, it is real that the third-party application is based on user terminal/server framework It is existing, preset SDK is embedded in the client of the third-party application, the system comprises:
Second token issues unit, for being authorized to third-party application, creating session and being issued to third-party application After sending out access token, the access token is set to presence, and configure the effective time of presence;
Second token status updating unit, for monitoring third-party application client transmission within the effective time Heartbeat packet, if listening to the heartbeat packet, according to the identity information carried in the heartbeat packet to the legal of the heartbeat packet Property is judged, if the heartbeat packet is legal, the effective time of the presence is once extended, wherein institute Stating heartbeat packet is, in the state that obtaining user in the third-party application authorizes, and the client of third-party application is opened, institute It states SDK driving clients and sends a heartbeat packet every preset time, the identity information of user is carried in the heartbeat packet;
Second call request response unit, the access that carries that the server end for receiving third-party application is sent enable When the API Calls request of board, by judging whether the access token is currently online, determine whether user makes With the third-party application, and the API Calls are responded according to judging result and are asked.
According to specific embodiment provided by the present application, this application discloses following technique effects:
It, can be with by being embedded with the SDK of open platform offer in the page of third party App by the embodiment of the present application As long as making in the state of the page open of third party App, SDK drives browser every preset time to open platform side A heartbeat packet is sent, and carries the cookie information under the affiliated domain name in open platform website in heartbeat packet;Open platform is every It is secondary receive heartbeat packet after, legitimacy can be verified, if verification, can be by the token terms of validity of respective session Once extended, and token is set to presence, to show that the page of third party App is currently in open state.This Sample, in the API Calls request that the server for receiving third party App is sent, so that it may therefrom to extract token first, and judge Whether it is online, if it is, can allow third party's App calling that could only be called under presence API returns to corresponding user data.Otherwise, if the token carried in the API Calls request that third party App is sent has located In off-line state, then it can refuse this call request.As it can be seen that alloing open platform by judging in this way Whether the page of tripartite App is in the open state, to judge whether active user is used the third party App, only true It makes in the case that the third party App is used in user, the sensitive data that user can be just provided to third party App therefore can To improve the safety of user data.
Certainly, any product for implementing the application does not necessarily require achieving all the advantages described above at the same time.
Description of the drawings
In order to illustrate the technical solutions in the embodiments of the present application or in the prior art more clearly, below will be to institute in embodiment Attached drawing to be used is needed to be briefly described, it should be apparent that, the accompanying drawings in the following description is only some implementations of the application Example, for those of ordinary skill in the art, without creative efforts, can also obtain according to these attached drawings Obtain other attached drawings.
Fig. 1 is the flow chart of method provided by the embodiments of the present application;
Fig. 2 is the flow chart of another method provided by the embodiments of the present application;
Fig. 3 is the schematic diagram of the first system provided by the embodiments of the present application;
Fig. 4 is the schematic diagram of second system provided by the embodiments of the present application.
Specific implementation mode
Below in conjunction with the attached drawing in the embodiment of the present application, technical solutions in the embodiments of the present application carries out clear, complete Site preparation describes, it is clear that described embodiments are only a part of embodiments of the present application, instead of all the embodiments.It is based on Embodiment in the application, the every other embodiment that those of ordinary skill in the art are obtained belong to the application protection Range.
Firstly the need of explanation, in the prior art, open platform to third-party application issued access token token it Afterwards, the server-side of third-party application is when needing to open platform request call API to obtain corresponding data, so that it may to carry The upper token, open platform lateral root determine whether third-party application has obtained the mandate of user according to the token.Certainly it is Ensure that the safety of user data, the prior art generally also can be to be presented to the token setting timeliness of third-party application, example Such as, the term of validity is usually even 1 year several hours, after the API Calls request for receiving third-party application server, only If in the term of validity of token, so that it may to return to the corresponding user data of the API to third-party application server.Namely It says, in the prior art, for the token for being presented to third-party application, can only go to be constrained by a time.And The token of third-party application is likely to lose, once obtained by a hacker arrive, so that it may and to disguise oneself as, third-party application is put down from open Platform obtains user data, therefore, relatively low to the protection of user data.
As it can be seen that existing mandate system, can only do rough mandate, even if open platform upgrades and is transformed to it, The differentiation of the safe class of data has been done, it is corresponding to authorize duration that differentiation has also been made, or even introduce short mandate etc., purpose Exactly in order not to excessively authorize, but still it can not effectively solve safety and the balance of user experience.
Therefore, User Session mechanism is introduced in the embodiment of the present application, can effectively be helped open platform to distinguish and be used Whether family is used third party App, more accurately realizes delegated strategy by this information realization, can distinguish user's Online(on-line)API and offline(off-line)API, when some third party App is used in user, this third party App is On-line API can be called, off-line API otherwise can only be called.It can more accurately help third party App simultaneously Whether legal distinguish active user.Concrete implementation mode is described in detail below.
Firstly the need of explanation before describing in detail, in practical applications, third party App is generally divided into B/S (Browser/Server, browser/server)Framework and C/S(Client/Server, client/server)Framework, In the embodiment of the present application, it is slightly different in specific implementation for the third party App of different frameworks, passes through embodiment first below Third party App of a pair based on B/S frameworks is introduced.
Embodiment one
The so-called third party App based on B/S frameworks, user job interface are realized by web browser, seldom Partial transaction logic realizes that major affairs logic is realized at server end (Server), as long as user exists at front end (Browser) Web browser is installed in its client computer, you can to access the webpage of third party App, by the interactive interface provided in webpage, Come the function of using the third party App to provide.
In the embodiment of the present application, open platform can provide a SDK for third party App(Software Development Kit, Software Development Kit), can be by third party for the third party App of this B/S frameworks App developer embedded SDK in its page.The SDK can be realized based on JavaScript, can when initialization In one readjustment JS method of registration, the mode reality of Jsonp can be used in the TOP_Session newly issued for receiving open platform Existing cross-domain data transmission.The most important effects of the SDK are, in the case where third party App obtains user and authorizes, it can be determined that the Whether the page of tripartite App is in the state that is opened, if it is, SDK can drive browser when certain preset Between(For example, three minutes, five minutes etc.)A heartbeat packet just is sent to open platform side, open platform is carried in the heartbeat packet Cookie information under the affiliated domain in website, open platform can be based on the cookie informations carried in heartbeat packet come to heartbeat packet Legitimacy is verified, in the case of legal, so that it may will be presented to the extension of validity of the token of current third party App Once.That is, open platform be presented to the term of validity of the token of third party App than in the prior art want short, but can By legal heartbeat packet to be extended, it is required for verifying the legitimacy of heartbeat packet before every time extending, if not It is legal, mistake is returned, if not receiving heartbeat packet within the regular hour, it may be considered that user has had been switched off webpage, Oneself third party App is not being used.
In order to make it easy to understand, several concepts are introduced here.
Heartbeat packet
In the embodiment of the present application, heartbeat packet is exactly the specific asynchronous timing HTTP initiated from user browser (Hypertext transfer protocol, hypertext transfer protocol)Request, is all unaware to user and third party App 's.The authorization server of the through open platform of request, it can be the cookie under open platform domain to carry information, and there is opening in the inside Specific mark under platform kind, meanwhile, also have recorded the corresponding third of each user at the authorization server end of open platform Square App log in and heartbeat state information.Because user will log in open platform, third party's App pages are jumped to(If awarded Power failure, then authorize, effectively then directly redirect again), in this way, the state of user is just continuous, when a user is from opening After platform authorization center logs in, since the online situation for accessing third party App, until receiving effective heartbeat packet time-out. In addition, due to the cookie information carried in heartbeat packet be open platform server-side kind under, be difficult to be forged.
It should be noted that in the embodiment of the present application, as long as the page of third party App opens, browser can week The transmission heartbeat packet of phase property.But a page opens, general there are two types of situations, and one is users to browse the page really Face, another kind are that although the page opens, but possible user is but other using journey in the other pages of browsing, or even using Sequence.Since http protocol is inherently stateless, so when user opens third party's App pages, SDK.js is not Know that interaction user is directly occurring with third party App and whether interacting, therefore, as long as the page of third party App Face opens, even if current, there is no obtain operation focus(For example, user just browses other pages in other Shipping Options Pages of browser Face), heartbeat packet, which remains on, to be sent to open platform according to the period.Certainly, the third party App pages are open in above-mentioned user not having but Have in the case where current page operates, user does not use the third party App, if in this state also to open platform Heartbeat packet is sent, open platform but will be considered that the third party App is used in active user, that is to say, that open platform can only be true It makes whether the third party App pages are opened, and cannot really determine user whether really in the page for browsing the third party App. This mode, which seems, may still can have certain risk, but be actually acceptable for service layer. This is because first, the page of third party App opens really, it was demonstrated that active user not yet exits the application;Second, except when After preceding user, other people(Such as hacker etc.)It is not aware that whether active user is used third party App;Third, Under presence, allowing third party App that the business of some on-line API, these API can be called to be usually user can perceive , for example, it may be possible to be associated with the mobile terminal device of user etc., user is notified by short message etc., in this way, even if occurring illegal API request, active user is also that could be aware that;4th, for more high-risk API, such as:Batch agrees to reimbursement, though So also belong to on-line API, but can be not only by judging whether token decides whether in on-line states Allow this API Calls, but to be initiated in person by user, that is to say, that the secondary verification skill of API may be used in this kind of API Art.About the realization method of specific secondary verification technique, it is not belonging to the protection category of the embodiment of the present application, here no longer in detail It states.
It is further to note that browser to open platform send heartbeat packet when, can also to each heartbeat packet into The heartbeat packet number can be " 0 ", next time is again when sending heartbeat packet for the first time wherein after completing a sub-authorization by row number It is " 1 " with regard to number, correspondingly, open platform server end also may be used after receiving each heartbeat packet when sending new heartbeat packet To record the number of the heartbeat packet received every time respectively, and then it can judge the company of heartbeat packet by the number of each heartbeat packet Continuous property.In addition, for first heartbeat packet, number can also indicate that it is starting point by adding the modes such as special identifier.
token
When third party App carries out logging in mandate, after authorizing successfully, the authorization server of open platform can be with for Tripartite App issues token.The signature of token itself and age information, open platform is contained in token.In addition, token In can also carry user information(For example, subscriber identity information etc.).Certainly, in specific implementation, user information not necessarily can Third party App is given, the permission control to third party App is referred here to.If third party App has permission acquisition user information, User can be prompted when authorizing.If third party App does not have the permission of user information, the authorization server of open platform The pet name obscured can be returned to, for third party App, it is only necessary to know user of the active user with regard to an open platform, and Specifically which user need not be concerned about.In the embodiment of the present application, the term of validity of token is relatively short, needs to pass through third SDK in the square App pages drives the heartbeat packet of browser transmission to extend its term of validity, each extended term of validity and heartbeat packet Sending cycle can be identical.Also, in the term of validity of token, token can keep presence.Token's Online or off-line state safeguards that effect is, when the server for receiving third party App is sent in open platform side API Calls request when, extract the token of its carrying first, and judge whether the token is online, if so, The third party App can just call on-line API.
Session
Session mechanism is a kind of solution of hold mode between a client and a server.In open platform Authorization server side, session are preserved for each user, the value of variable on the server, with a sessionID It is which user to distinguish.Due to the scheme using server end hold mode, it is also required to preserve a mark, institute in client It is generally required with session mechanism and achievees the purpose that preserve mark by means of cookie mechanism.When open platform server connects When receiving the request of some client, first check for whether having contained a session mark in the request of this client (Referred to as session id), client created session thus before illustrating if having included, server just according to This session is retrieved use by session id(Retrieval is less than can create one)If client request does not include Session id, then client creates a session and generates a session associated with this session thus The value of id, session id, which are one, will not only repeat, but also be not easy to be found rule the character string to copy, this Session id will be returned to client preservation in this secondary response.
In the embodiment of the present application, when third party App carries out logging in mandate every time, session(Session)It will be again It creates, after conversation establishing success, open platform can will send session identification to browser where the third-party application page (Namely session id), it is however generally that, user identity information and browser identification information are carried in session id, it is clear After device of looking at receives, so that it may to generate cookie information.In this way, when browser sends heartbeat packet to open platform, so that it may with The upper cookie information is carried in heartbeat packet.Certainly, for browser, the case where user opens multiple webpages Under, the cookie information of multiple websites may be had recorded, certainly, which website every cookie record is belonging respectively to, can be with It is distinguished by corresponding website domain name, therefore, in the embodiment of the present application, opening can be extracted according to corresponding domain name Cookie information under the affiliated domain name in platform website, then carries and is sent in heartbeat packet.
On the basis of the above, the embodiment of the present application provides a kind of method authenticated to third-party application, Referring to Fig. 1, this method may comprise steps of:
S101:It, will after being authorized to third-party application, creating session and issue access token to third-party application The access token is set to presence, and configures the effective time of presence;
Firstly the need of explanation, method shown in FIG. 1 is the angle from the authorization server of open platform to the application The description that the technical solution of embodiment carries out, therefore, the executive agent of each step can be the authorization service of the open platform Device.
In specific implementation, when user needs using certain third party App, so that it may with first by browser open this The webpage of tripartite App, if user needs to access its data in open platform, third party App by the third party App It can show that a login page, user can input its account registered in open platform in the login page to user The information such as name, password, after confirmation, browser can be submitted to the authorization server of open platform.The mandate of open platform Server verifies account name and password, by later, so that it may to create session for active user, and to third party App It is authorized, by access token(token)It is presented to third party App.Certainly, while the token can be set to presence, And effective time is configured, which, which may be embodied in token, is presented to third party App.
S102:The heartbeat packet that browser where monitoring the third-party application within the effective time is sent, if monitored To the heartbeat packet, then the legitimacy of the heartbeat packet is judged according to the cookie information carried in the heartbeat packet, such as Heartbeat packet described in fruit is legal, then is once extended the effective time of the presence;
After token is presented to third party App, so that it may to monitor from the browsing where third party's App pages The heartbeat packet that device is sent.If listen to heartbeat packet within the effective time of token, so that it may with according to being carried in heartbeat packet Cookie information judges the legitimacy of the heartbeat packet, if heartbeat packet is legal, by token presences it is effective when Between once extended.Wherein, when the legitimacy to heartbeat packet judges, the cookie that can be carried according to heartbeat packet believes Breath, determines corresponding session, then first determines whether the starting point that whether there is heart beat status in the session(Such as it can will complete It authorizes, jumps to starting point of the state as heart beat status of tripartite App), if it does, judging the corresponding each heart of the session again Whether continuous packet is jumped, if it is, judging that the heartbeat packet is legal.When specific implementation, due to when browser end sends heartbeat packet Heartbeat packet can be numbered, accordingly, it is possible to which this number to judge whether heartbeat packet is continuous.
What needs to be explained here is that when browser end sends heartbeat packet, due to carrying session identification letter in heartbeat packet Breath, therefore, can be according to the session identification carried in heartbeat packet to each heartbeat packet at the authorization server end of open platform Information(For example, the number of heartbeat packet)It is preserved, after such a period of time, may be saved under the same session identification The information of multiple heartbeat packets.When receiving a new heartbeat packet every time, so that it may to take out the number of the heartbeat packet, and be taken according to it The session identification of band finds the number of other heartbeat packets received under the session, judge its whether with other heartbeat packets Number is continuous, while can also judge to whether there is under the session starting point of heart beat status.If the judging result of two conditions It is to be, then it can be assumed that the heartbeat packet is legal.Then by one time cycle of extension of validity of the corresponding token of the session .Certainly, in practical applications, it is contemplated that the other factors such as user experience, it is also contemplated that the condition that will determine that suitably is put Width decides that the heartbeat packet being currently received is legal as long as originating heartbeat packet for example, existing under corresponding session.Judging the heart Jump inclusion method or it is illegal after, can also by way of Jsonp to the front ends third party App return judging result, for example, True or false, then notify by front end the back-end server of third party App, to notify the application.Third party App is such as Fruit receives false, can also show that the login interface of open platform, instruction user log in again to user again.
If open platform server end judges that the heartbeat packet for certain session being currently received is illegal, or when effective The interior heartbeat packet for not receiving the session, then can be set to off-line state by the corresponding token of the session.
In this way, even if hacker etc. has got the token for being presented to third party App, and heartbeat packet has been forged, Since hacker is not aware that heartbeat packet has had sent how many, the heartbeat packet that puppet is produced can not generally be carried out correct Number, therefore, after being sent to open platform server, also due to there is no heart beat status starting point or with other hearts It is discontinuous etc. to jump packet, is opened platform and is considered as illegal heartbeat packet, and then token is set to off-line state, therefore, Hei Ketong Sample can not get the corresponding user data of on-line API, to ensure the safety of user data.
It should be noted that specific implementation when, when issuing token, the length of the effective time of configuration and every time Extended effective time length can be equal, and the transmission interval time lengths of the effective time length and heartbeat packet can To be equal, alternatively, the transmission interval time lengths of heartbeat packet can also be slightly larger than, in this way, being reached in heartbeat packet open flat In the case that the time of platform slightly postpones, token directly can be set to off-line state to avoid open platform.
S103:The application programming interface API Calls for carrying access token for receiving third-party application transmission are asked When asking, currently whether it is online by judging that the access token is set, determines whether user is used the third Fang Yingyong, and the API Calls are responded according to judging result and are asked.
By foregoing manner, it can so that open platform side could be aware that whether the page of third party App is open shape State, and then judge the API whether token for being presented to third party App can call some sensitive.Specifically, receiving When what tripartite App was sent carries the API Calls request of token, it can extract and be carried in API Calls request first Token determines whether user is used the third party App by judging whether the token is currently online, and API Calls request is responded according to judging result.For example, if the token is currently at presence, and current request is called API be on-line API, then corresponding user data can be returned to the server of corresponding third party App.Otherwise, If the token is currently at off-line state, and the API that current request is called is on-line API, then refuses to corresponding The server of third party App returns to corresponding user data, while can return to bomp.Certainly, if the token is current In off-line state, but the API that current request is called is off-line API, that is to say, that the corresponding user of the API request The susceptibility of data is relatively low, usually allows can to use in the case where authorizing without user, therefore, still can be with Corresponding user data is returned to the server of corresponding third party App.
It should be noted that can also be third party App when receiving new heartbeat packet every time in practical applications New token is issued, multiple token can be corresponded to by being equivalent in this way in the same session, and the server of third party App is each When sending API Calls request, need, using the token newly issued in current heart beat cycle, to may further ensure that use in this way The safety of user data.
It is further to note that in previously described implementation, it is inserted into the page by third party App SDK drives browser to send heartbeat packet according to certain period automatically.In practical applications, it can also held by third party App When row sensitive operation, SDK is called, then SDK drives browser to send heartbeat packet to the authorization server of open platform.This is quite Then when third party App needs, the identity of user is verified again.Certainly, this mode realization need according to Rely in third party App, if third party App is not followed strictly, for example, not sent but when the heartbeat packet of the transmission, with regard to nothing Method ensures the safety of user's sensitive data.Therefore, in practical applications, heartbeat can be sent with SDK automatic trigger browsers Based on the mode of packet, supplemented by the mode that third party App is called.That is, under normal circumstances, SDK is still periodically triggered Browser sends heartbeat packet, while also providing calling interface for third party App, if third party App needs pair in interactive process User identity is verified again, then SDK can be called actively to initiate a heartbeat packet.
In short, in the embodiment of the present application, by being embedded with the SDK of open platform offer in the page of third party App, As long as can make in the state of the page open of third party App, SDK drives browser flat to opening every preset time Platform side sends a heartbeat packet, and the cookie information under the affiliated domain name in open platform website is carried in heartbeat packet;It is open flat After platform receives heartbeat packet every time, legitimacy can be verified, if verification, there can be the token of respective session The effect phase is once extended, and token is set to presence, to show that the page of third party App is currently in open shape State.In this way, in the API Calls request that the server for receiving third party App is sent, so that it may therefrom to extract token first, and Judge whether to be online, if it is, can allow third party's App calling that could only call under presence API, return to corresponding user data.Otherwise, if the token carried in the API Calls request that third party App is sent In off-line state, then it can refuse this call request.As it can be seen that open platform is allow to pass through judgement in this way Whether the page of third party App is in the open state, to judge whether active user is used the third party App, only exists In the case of determining that the third party App is used in user, the sensitive data of user can be just provided to third party App, therefore, It can ensure the safety of user data.
Embodiment two
Previous embodiment one is to be directed to the third party App based on B/S frameworks, provides specific method for authenticating, the implementation Second example is directed to the third party App based on C/S frameworks, concrete implementation mode is described in detail.
The so-called application based on C/S frameworks is equivalent to be using being by the way that task is reasonably allocated to the ends Client With the ends Server, the communication-cost of system is reduced, needs installation client that can just be managed operation.Client and server The program at end is different, and mainly in client, it is total that server end mainly provides data management, data for the specific implementation interacted with user It enjoys, data and system maintenance and con current control etc..That is, for third party App, above-mentioned C/S framves can also be passed through Structure is realized.At this point, when user needs using the third party App, so that it may to install the third party App's in its client computer Then client-side program runs the client-side program, you can enter the application interface of third party App.
In this case, it also needs to obtain when needing data of the user in open platform due to third party App It is authorized to user, therefore, can also provide a login interface to the user, only user need not be in third party's App systems Individual account information is registered, but direct account name and encrypted message using in open platform is logged in.Open platform After being verified, third party App can be authorized, equally can be that the user creates a session, and generates one Corresponding to the token of the session, it is presented to third party App;Equally, newly-generated token can also be configured with the corresponding term of validity Information, and the term of validity is generally shorter, such as three minutes.It on the other hand, can also be embedding in the client of third-party application The SDK for entering to have open platform to provide obtains user in third-party application and authorizes, and the shape that the client of third-party application is opened Under state, SDK can drive client to send a heartbeat packet to open platform side every preset time, be carried in the heartbeat packet Identity information of the user in open platform(Can be logical to Information Authentications such as user name passwords input by user in open platform Later, open platform is sent to the client of third party App, certainly, for safety, is sent to user's body of third party App Part information can only include username information).
Open platform is after the heartbeat packet that the client for receiving third party App is sent, so that it may with according to the identity of user Information verifies the legitimacy of heartbeat packet, if the verification passes, then can be by the term of validity of the corresponding token of corresponding session Once extended.Correspondingly, the API Calls for carrying token sent in the server end for receiving third-party application are asked When asking, the token carried in API Calls request can be extracted, by judging whether token is currently online, really Determine whether user is used third-party application, and API Calls request is responded according to judging result.For example, if token is current It is online, then judges that the third party App is being currently used in user, therefore, even if the request of current API Calls belongs to pair The call request of on-line API can also return to corresponding user data to third party App.Otherwise, if token is current In off-line state, then user is judged currently without the third party App is used, therefore, if current API Calls request belongs to pair The call request of on-line API can then be refused to return to corresponding user data to third party App, if current API Calls Request belongs to the call request to off-line API, then can return to corresponding user data to third party App.
In short, referring to Fig. 2, the method that third-party application is authenticated which provides can specifically include with Lower step:
S201:It, will after being authorized to third-party application, creating session and issue access token to third-party application The access token is set to presence, and configures the effective time of presence;
S202:The heartbeat packet that third-party application client transmission is monitored within the effective time, if listening to institute Heartbeat packet is stated, then the legitimacy of the heartbeat packet is judged according to the identity information carried in the heartbeat packet, if described Heartbeat packet is legal, then is once extended the effective time of the presence;
S203:When receiving the API Calls request for carrying access token of the server end transmission of third-party application, lead to It crosses and judges whether the access token is currently online, determine whether user is used the third-party application, and The API Calls request is responded according to judging result.
It should be noted that about concrete implementation details in two each step of embodiment, portion corresponding with embodiment one It is similar to divide, therefore may refer to the introduction in embodiment one, and which is not described herein again.
Corresponding with the method authenticated to third-party application that the embodiment of the present application one provides, the embodiment of the present application is also A kind of system authenticated to third-party application is provided, the third-party application is realized based on browser/server framework, It is characterized in that, being embedded with preset Software Development Kit SDK in the page of the third-party application referring to Fig. 3, the system System includes:
First token issues unit 301, for being authorized to third-party application, creating session and to third-party application After issuing access token, the access token is set to presence, and configure the effective time of presence;
First token status updating unit 302, for browsing where monitoring the third-party application within the effective time The heartbeat packet that device is sent, if listening to the heartbeat packet, according to the cookie information carried in the heartbeat packet to the heart The legitimacy for jumping packet is judged, if the heartbeat packet is legal, the effective time of the presence is once prolonged Long, wherein the heartbeat packet is, obtaining user in the third-party application authorizes, and the shape that the page of third-party application is opened Under state, what the SDK drivings browser was sent every preset time, the cookie under preset domain name is carried in the heartbeat packet Information;
First call request response unit 303, for receive third-party application transmission carry answering for access token When being asked with Program Interfaces API Calls, by judging whether the access token is currently online, user is determined The third-party application whether is used, and the API Calls are responded according to judging result and are asked.
When specific implementation, can also include:
Session identification returning unit provides access to third-party application and enables for being authorized to third-party application After board, browser where to the third-party application page sends session identification, and user's mark is carried in the session identification Information and browser identification information are known, so that the browser generates cookie information.
Specifically, the first token status updating unit 302 specifically can be used for:
According to the cookie information that the heartbeat packet carries, judge that the heart beat status of current third party application respective session is It is no there are whether starting point and the corresponding each heartbeat packet of the session continuous, if it is, judging that the heartbeat packet is legal.
Wherein, each heartbeat packet that browser is sent carries out serial number, the first token shape according to the priority of transmission State updating unit 302, including:
Determination subelement, for the cookie information that is carried according to the heartbeat packet, determination have been received about working as Each heartbeat packet of preceding session;
Judgment sub-unit judges whether heart beat status for the number according to each heartbeat packet having been received Starting point, and according to the number for the heartbeat packet being currently received and the number for each heartbeat packet having been received, judge to work as Before the heartbeat packet that receives with whether each heartbeat packet has been received continuous.
In addition, the system can also include:
As a result returning unit, for after judging whether heartbeat packet is legal, judging result information to be returned to browser.
Length for the effective time of access token configuration and each extended effective time length, the hair with heartbeat packet Send interval time lengths equal, or slightly larger than the transmission interval time lengths of heartbeat packet.
Can also include:
Token retransmission unit, for after judging that heartbeat packet is legal, providing the access of information to third-party application again Token.
Further include:
Third token status updating unit, if for not monitoring heartbeat packet within effective time, or judge to supervise It is illegal to measure heartbeat packet, then the access token is set to off-line state.
Error warning unit, after the API Calls request that the server for receiving third-party application is sent, if described The access token carried in API Calls request is in off-line state, and API Calls request is that access token is in threadiness It could be responded when state, then return to bomp information.
When the SDK is additionally operable to receive the request of the transmission heartbeat packet of third-party application, then browser is driven to send the heart Jump packet.
Corresponding with the method authenticated to third-party application that the embodiment of the present application two provides, the embodiment of the present application is also A kind of system authenticated to third-party application is provided, the third-party application is realized based on user terminal/server framework, It is characterized in that, be embedded with preset SDK in the client of the third-party application, referring to Fig. 4, the system comprises:
Second token issues unit 401, for being authorized to third-party application, creating session and to third-party application After issuing access token, the access token is set to presence, and configure the effective time of presence;
Second token status updating unit 402, for monitoring third-party application client hair within the effective time The heartbeat packet sent, if listening to the heartbeat packet, according to the identity information carried in the heartbeat packet to the heartbeat packet Legitimacy is judged, if the heartbeat packet is legal, the effective time of the presence is once extended, In, the heartbeat packet is that obtaining user in the third-party application authorizes, and the state that the client of third-party application is opened Under, the SDK driving clients send a heartbeat packet every preset time, and the identity letter of user is carried in the heartbeat packet Breath;
Second call request response unit 403, what the server end for receiving third-party application was sent carries visit When asking the API Calls request of token, by judging whether the access token is currently online, whether just user is determined The third-party application is being used, and the API Calls are responded according to judging result and are asked.
It, can be with by being embedded with the SDK of open platform offer in the page of third party App by the embodiment of the present application As long as making in the state of the page open of third party App, SDK drives browser every preset time to open platform side A heartbeat packet is sent, and carries the cookie information under the affiliated domain name in open platform website in heartbeat packet;Open platform is every It is secondary receive heartbeat packet after, legitimacy can be verified, if verification, can be by the token terms of validity of respective session Once extended, and token is set to presence, to show that the page of third party App is currently in open state.This Sample, in the API Calls request that the server for receiving third party App is sent, so that it may therefrom to extract token first, and judge Whether it is online, if it is, can allow third party's App calling that could only be called under presence API returns to corresponding user data.Otherwise, if the token carried in the API Calls request that third party App is sent has located In off-line state, then it can refuse this call request.As it can be seen that alloing open platform by judging in this way Whether the page of tripartite App is in the open state, to judge whether active user is used the third party App, only true It makes in the case that the third party App is used in user, the sensitive data that user can be just provided to third party App therefore can To ensure the safety of user data.
As seen through the above description of the embodiments, those skilled in the art can be understood that the application can It is realized by the mode of software plus required general hardware platform.Based on this understanding, the technical solution essence of the application On in other words the part that contributes to existing technology can be expressed in the form of software products, the computer software product It can be stored in a storage medium, such as ROM/RAM, magnetic disc, CD, including some instructions are used so that a computer equipment (Can be personal computer, server or the network equipment etc.)Execute the certain of each embodiment of the application or embodiment Method described in part.
Each embodiment in this specification is described in a progressive manner, identical similar portion between each embodiment Point just to refer each other, and each embodiment focuses on the differences from other embodiments.Especially for system or For system embodiment, since it is substantially similar to the method embodiment, so describing fairly simple, related place is referring to method The part of embodiment illustrates.System and system embodiment described above is only schematical, wherein the conduct The unit that separating component illustrates may or may not be physically separated, the component shown as unit can be or Person may not be physical unit, you can be located at a place, or may be distributed over multiple network units.It can root According to actual need that some or all of module therein is selected to achieve the purpose of the solution of this embodiment.Ordinary skill Personnel are without creative efforts, you can to understand and implement.
Above to the method and system provided herein authenticated to third-party application, it is described in detail, Specific examples are used herein to illustrate the principle and implementation manner of the present application, and the explanation of above example is only used Understand the present processes and its core concept in help;Meanwhile for those of ordinary skill in the art, according to the application's Thought, there will be changes in the specific implementation manner and application range.In conclusion the content of the present specification should not be construed as Limitation to the application.

Claims (12)

1. a kind of method authenticated to third-party application, the third-party application is realized based on browser/server framework, It is characterized in that, preset Software Development Kit SDK is embedded in the page of the third-party application, the method includes:
After being authorized to third-party application, creating session and issue access token to third-party application, by the access Token is set to presence, and configures the effective time of presence;
The heartbeat packet that browser where monitoring the third-party application within the effective time is sent, if listening to the heartbeat Packet carries out the legitimacy of the heartbeat packet then according to the number of the cookie information and heartbeat packet that are carried in the heartbeat packet Judge, if the heartbeat packet is legal, the effective time of the presence is once extended;Wherein, the heartbeat In the state that packet authorizes to obtain user in the third-party application, and the page of third-party application is opened, driven by the SDK What dynamic browser was sent every preset time, the cookie information under preset domain name is carried in the heartbeat packet;
When receiving the application programming interface API Calls request for carrying access token of third-party application transmission, pass through Judge whether the access token is currently online, determines whether user is used the third-party application, and root It is judged that result responds the API Calls request.
2. according to the method described in claim 1, it is characterized in that, third-party application is authorized, create session and to After third-party application provides access token, further include:
Browser where to the third-party application page sends session identification, and user identifier letter is carried in the session identification Breath and browser identification information, so that the browser generates cookie information.
3. according to the method described in claim 1, it is characterized in that, described according to the cookie information carried in the heartbeat packet The legitimacy of the heartbeat packet is judged, including:
According to the cookie information that the heartbeat packet carries, judge whether the heart beat status of current third party application respective session is deposited It is whether continuous in starting point and the corresponding each heartbeat packet of the session, if it is, judging that the heartbeat packet is legal.
4. according to the method described in claim 3, it is characterized in that, each heartbeat packet for sending of browser is according to the priority of transmission Serial number is carried out, the cookie information carried according to the heartbeat packet judges current third party application respective session Whether heart beat status is continuous with the presence or absence of starting point and the corresponding each heartbeat packet of the session, including:
According to the cookie information that the heartbeat packet carries, each heartbeat packet about current sessions having been received is determined;
According to the number for each heartbeat packet having been received, the starting point of heart beat status is judged whether, and according to currently connecing The number of the number of the heartbeat packet received and each heartbeat packet having been received, judge the heartbeat packet being currently received with It is received whether continuous to each heartbeat packet.
5. according to the method described in claim 1, it is characterized in that, further including:
Length for the effective time of access token configuration and each extended effective time length, between the transmission of heartbeat packet It is equal every time span, or slightly larger than the transmission interval time lengths of heartbeat packet.
6. method according to any one of claims 1 to 5, which is characterized in that further include:
After judging that heartbeat packet is legal, the access token of information is provided to third-party application again, so as to third-party application Server sends API Calls using new access token in lower heart cycle and asks.
7. method according to any one of claims 1 to 5, which is characterized in that further include:
If not monitoring heartbeat packet within effective time, or judge to monitor that heartbeat packet is illegal, then by the access Token is set to off-line state.
8. the method according to the description of claim 7 is characterized in that further including:
After the API Calls request for receiving the server transmission of third-party application, if the visit carried in API Calls request Ask that token is in off-line state, and the API Calls ask to respond when being online for access token, then return out Wrong prompt message.
9. method according to any one of claims 1 to 5, which is characterized in that the SDK, which is additionally operable to receive third party, to be answered When sending the request of heartbeat packet, then browser is driven to send heartbeat packet.
10. a kind of method authenticated to third-party application, it is real that the third-party application is based on user terminal/server framework It is existing, which is characterized in that preset SDK is embedded in the client of the third-party application, the method includes:
After being authorized to third-party application, creating session and issue access token to third-party application, by the access Token is set to presence, and configures the effective time of presence;
The heartbeat packet that third-party application client transmission is monitored within the effective time, if listening to the heartbeat packet, Then the legitimacy of the heartbeat packet is judged according to the identity information carried in the heartbeat packet, if the heartbeat includes Method is then once extended the effective time of the presence;Wherein, the heartbeat packet is, in the third-party application In the state that acquisition user authorizes, and the client of third-party application is opened, the SDK drives client every preset time It sends, the identity information of user is carried in the heartbeat packet;
When receiving the API Calls request for carrying access token of the server end transmission of third-party application, by judging It states whether access token is currently online, determines whether user is used the third-party application, and according to judgement As a result the API Calls request is responded.
11. a kind of system authenticated to third-party application, it is real that the third-party application is based on browser/server framework It is existing, which is characterized in that preset Software Development Kit SDK, the system packet are embedded in the page of the third-party application It includes:
First token issues unit, for being authorized to third-party application, creating session and issue visit to third-party application After asking token, the access token is set to presence, and configure the effective time of presence;
First token status updating unit is sent for browser where monitoring the third-party application within the effective time Heartbeat packet, if listening to the heartbeat packet, according to the volume of the cookie information and heartbeat packet that are carried in the heartbeat packet Number, the legitimacy of the heartbeat packet is judged, if the heartbeat packet is legal, by the effective time of the presence into Row is primary to be extended, wherein the heartbeat packet is, obtaining user in the third-party application authorizes, and the page quilt of third-party application In the state of opening, what the SDK drivings browser was sent every preset time, it is carried in the heartbeat packet under preset domain name Cookie information;
First call request response unit, the application program for carrying access token for receiving third-party application transmission are compiled When journey interface API Calls are asked, by judging whether the access token is currently online, whether user is determined Using the third-party application, and the API Calls are responded according to judging result and are asked.
12. a kind of system authenticated to third-party application, it is real that the third-party application is based on user terminal/server framework It is existing, which is characterized in that preset SDK is embedded in the client of the third-party application, the system comprises:
Second token issues unit, for being authorized to third-party application, creating session and issue visit to third-party application After asking token, the access token is set to presence, and configure the effective time of presence;
Second token status updating unit, the heartbeat for monitoring third-party application client transmission within the effective time Packet, if listening to the heartbeat packet, according to the identity information carried in the heartbeat packet to the legitimacy of the heartbeat packet into Row judges, if the heartbeat packet is legal, the effective time of the presence is once extended, wherein the heart Jumping packet is, described in the state that obtaining user in the third-party application authorizes, and the client of third-party application is opened SDK drives client to send a heartbeat packet every preset time, and the identity information of user is carried in the heartbeat packet;
Second call request response unit, what the server end for receiving third-party application was sent carries access token When API Calls are asked, by judging whether the access token is currently online, determine whether user is used institute Third-party application is stated, and the API Calls are responded according to judging result and are asked.
CN201310706124.7A 2013-12-19 2013-12-19 The method and system that third-party application is authenticated Active CN104734849B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201310706124.7A CN104734849B (en) 2013-12-19 2013-12-19 The method and system that third-party application is authenticated

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201310706124.7A CN104734849B (en) 2013-12-19 2013-12-19 The method and system that third-party application is authenticated

Publications (2)

Publication Number Publication Date
CN104734849A CN104734849A (en) 2015-06-24
CN104734849B true CN104734849B (en) 2018-09-18

Family

ID=53458312

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201310706124.7A Active CN104734849B (en) 2013-12-19 2013-12-19 The method and system that third-party application is authenticated

Country Status (1)

Country Link
CN (1) CN104734849B (en)

Families Citing this family (19)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106528056A (en) * 2015-09-09 2017-03-22 阿里巴巴集团控股有限公司 Control method and device for system function
CN105450425B (en) * 2015-12-25 2019-03-01 北京奇虎科技有限公司 Realize the method and device of user's online control
CN106982187B (en) * 2016-01-15 2020-12-01 中兴通讯股份有限公司 Resource authorization method and device
CN106982239B (en) * 2016-01-18 2020-01-17 中国移动通信集团公司 Multi-electronic channel life reporting method and device
CN107342966B (en) * 2016-04-29 2019-05-03 北京京东尚科信息技术有限公司 Authority credentials distribution method and device
JP6476402B2 (en) * 2016-05-20 2019-03-06 システムメトリックス株式会社 Authentication system
CN105933732B (en) * 2016-06-14 2019-08-27 天脉聚源(北京)传媒科技有限公司 A kind of video playing duration statistical method and system
CN107196943B (en) * 2017-05-26 2019-09-20 浙江大学 A kind of security display implementation method of private data in third-party platform
CN107920063A (en) * 2017-11-07 2018-04-17 杭州安恒信息技术有限公司 A kind of method of online updating tokenID
CN108763921B (en) * 2018-05-29 2019-04-02 北京迪诺益佳信息科技有限公司 A kind of method of application software and SDK control
CN108846263B (en) * 2018-05-31 2020-10-27 北京市商汤科技开发有限公司 Software authorization processing and running method and device and electronic equipment
CN109165059B (en) * 2018-07-11 2022-03-22 绿湾网络科技有限公司 Page locking method and device
CN109547422B (en) * 2018-11-09 2021-06-25 福建天泉教育科技有限公司 Method and terminal for automatically renewing login state
CN109635596B (en) * 2018-12-14 2024-04-12 闪联信息技术工程中心有限公司 Safety protection system and method for multimedia touch control integrated machine
CN109600306B (en) * 2019-01-22 2020-10-27 腾讯科技(深圳)有限公司 Method, device and storage medium for creating session
CN111639327A (en) * 2020-05-29 2020-09-08 深圳前海微众银行股份有限公司 Authentication method and device for open platform
CN112398856B (en) * 2020-11-17 2022-11-29 平安普惠企业管理有限公司 Page access method, device, equipment and storage medium
CN112866385B (en) * 2021-01-19 2022-06-24 北京字跳网络技术有限公司 Interface calling method and device, electronic equipment and storage medium
CN115766206A (en) * 2022-11-14 2023-03-07 网易(杭州)网络有限公司 Application login processing method and device, electronic equipment and storage medium

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102378170A (en) * 2010-08-27 2012-03-14 中国移动通信有限公司 Method, device and system of authentication and service calling
CN102394887A (en) * 2011-11-10 2012-03-28 杭州东信北邮信息技术有限公司 OAuth protocol-based safety certificate method of open platform and system thereof
CN102611709A (en) * 2012-03-31 2012-07-25 奇智软件(北京)有限公司 Access control method and system for third party resources
CN103051630A (en) * 2012-12-21 2013-04-17 微梦创科网络科技(中国)有限公司 Method, device and system for implementing authorization of third-party application based on open platform
CN103378969A (en) * 2012-04-12 2013-10-30 腾讯科技(北京)有限公司 Authorization method, system and third party application system

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102378170A (en) * 2010-08-27 2012-03-14 中国移动通信有限公司 Method, device and system of authentication and service calling
CN102394887A (en) * 2011-11-10 2012-03-28 杭州东信北邮信息技术有限公司 OAuth protocol-based safety certificate method of open platform and system thereof
CN102611709A (en) * 2012-03-31 2012-07-25 奇智软件(北京)有限公司 Access control method and system for third party resources
CN103378969A (en) * 2012-04-12 2013-10-30 腾讯科技(北京)有限公司 Authorization method, system and third party application system
CN103051630A (en) * 2012-12-21 2013-04-17 微梦创科网络科技(中国)有限公司 Method, device and system for implementing authorization of third-party application based on open platform

Also Published As

Publication number Publication date
CN104734849A (en) 2015-06-24

Similar Documents

Publication Publication Date Title
CN104734849B (en) The method and system that third-party application is authenticated
US10015157B2 (en) Multi-domain applications with authorization and authentication in cloud environment
EP2307982B1 (en) Method and service integration platform system for providing internet services
JP4394951B2 (en) Method and system for secure processing of electronic business transactions over the Internet
CN101771532B (en) Method, device and system for realizing resource sharing
US20140189839A1 (en) Single sign-on methods and apparatus therefor
US10547602B2 (en) Communications methods and apparatus related to web initiated sessions
CN105337949B (en) A kind of SSO authentication method, web server, authentication center and token verify center
CN101990183B (en) Method, device and system for protecting user information
CN112468481B (en) Single-page and multi-page web application identity integrated authentication method based on CAS
CN104580364B (en) A kind of method and apparatus of resource sharing
CN105049427B (en) The management method and device of application system login account
CN111355713B (en) Proxy access method, device, proxy gateway and readable storage medium
CN109525604A (en) A kind of method and relevant device of account binding
US8694993B1 (en) Virtualization platform for secured communications between a user device and an application server
JP2007310512A (en) Communication system, service providing server, and user authentication server
CN106331003B (en) The access method and device of application door system on a kind of cloud desktop
CN109067785A (en) Cluster authentication method, device
WO2023029138A1 (en) Login method, electronic device and computer-readable storage medium
CN105991640B (en) Handle the method and device of HTTP request
US20100293604A1 (en) Interactive authentication challenge
CN108055314A (en) The management method and group system of a kind of group system
CN103297462B (en) The verification method and device of a kind of business object
CN105959278B (en) A kind of method, apparatus and system for calling VPN
CN106302479B (en) A kind of single-point logging method and system for multi-service internet site

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant