CN105897668A - Third party account authorization method, device, server and system - Google Patents

Third party account authorization method, device, server and system Download PDF

Info

Publication number
CN105897668A
CN105897668A CN201510694688.2A CN201510694688A CN105897668A CN 105897668 A CN105897668 A CN 105897668A CN 201510694688 A CN201510694688 A CN 201510694688A CN 105897668 A CN105897668 A CN 105897668A
Authority
CN
China
Prior art keywords
user
authorization
account
application
party
Prior art date
Application number
CN201510694688.2A
Other languages
Chinese (zh)
Inventor
牛云飞
Original Assignee
乐视致新电子科技(天津)有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 乐视致新电子科技(天津)有限公司 filed Critical 乐视致新电子科技(天津)有限公司
Priority to CN201510694688.2A priority Critical patent/CN105897668A/en
Publication of CN105897668A publication Critical patent/CN105897668A/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L29/00Arrangements, apparatus, circuits or systems, not covered by a single one of groups H04L1/00 - H04L27/00
    • H04L29/02Communication control; Communication processing
    • H04L29/06Communication control; Communication processing characterised by a protocol
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for supporting authentication of entities communicating through a packet data network
    • H04L63/0807Network architectures or network communication protocols for network security for supporting authentication of entities communicating through a packet data network using tickets, e.g. Kerberos
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for supporting authentication of entities communicating through a packet data network
    • H04L63/0815Network architectures or network communication protocols for network security for supporting authentication of entities communicating through a packet data network providing single-sign-on or federations

Abstract

The invention discloses a third party account authorization method, device, server and system. The method comprises the following steps: an authorization request of a third party application is responded to; if a user account which is bound in advance is set, an authorization code of the user account which is bound in advance is obtained and sent to a user center, an access token of the authorization code is obtained from the user center, the access token and the user account are sent to the server, user information of the user account is obtained from the server after the access token passes verification, and the user information is called back to the third party application. According to the third party account authorization method, device, server and system, a solution that the account which is bound in advance can be authorized to the third party application is provided; the third party application is enabled to gain authorization of the safe account, and therefore the third party application can use the safe account to conduct all kinds of sensitive operations such as fee paying operation and the like.

Description

_种第三方账号授权方法、设备、服务器及其系统 _ Kinds of third-party account authorization methods, devices, servers and systems

技术领域 FIELD

[0001] 本发明涉及账号管理相关技术领域,特别是一种第三方账号授权方法、设备、服务器及其系统。 [0001] The present invention relates to the technical field related account management, in particular a third party account authorization method, apparatus, system and server.

背景技术 Background technique

[0002] 智能手机,是指像个人电脑一样,具有独立的操作系统,独立的运行空间,可以由用户自行安装软件、游戏、导航等第三方服务商提供的程序,并可以通过移动通讯网络来实现无线网络接入的手机类型。 [0002] smartphones, it means like personal computers, has a separate operating system, independent of the running space, you can install the software, games, navigation and other third-party service provider on their own by the user and can be through the mobile communication network wireless network access phone type.

[0003] 智能手机中所运行的软件称为应用(App),通过App能够为智能手机带来非常多的功能。 [0003] software running in the smart phone called application (App), can bring a lot of functionality through App for smart phones.

[0004] 用户账号是用于标识用户身份,因此如何保证用户账号的安全非常重要。 [0004] user account is used to identify the user, and therefore how to ensure that the user account security is very important. 现有技术一般采用的是将用户账号保存到服务器,用户在登陆时通过用户密码进行验证。 The prior art generally using a user account will be saved to the server, user authentication when users log in via password.

[0005] 然而,当用户账号过多时,其很难保证其账号的安全性,因此App很难采用账号进行敏感操作,例如支付付费等。 [0005] However, when too many user accounts, it is difficult to ensure the security of their account, and therefore difficult to use App account be sensitive operations, such as pay and other payments.

发明内容 SUMMARY

[0006] 基于此,有必要针对现有技术难以保证账号的安全性的技术问题,提供一种第三方账号授权方法、设备、服务器及其系统。 [0006] Based on this, it is necessary for the prior art is difficult to guarantee the safety of technical problems account to provide a third-party account authorization methods, devices, servers and systems.

[0007] 本发明提供一种第三方账号授权方法,包括: [0007] The present invention provides a third-party account authorization method, comprising:

[0008] 第三方授权响应步骤,包括:响应第三方应用的授权请求; [0008] The authorization response to third step, comprising: a third-party application in response to an authorization request;

[0009] 授权码获取步骤,包括:如果设有预先绑定的用户账号,则获取关于所述预先绑定的用户账号的授权码; [0009] The authorization code acquisition step comprising: if the user account has a pre-bound with respect to the authorization code is acquired prebound user account;

[0010] 访问令牌获取步骤,包括:将所述授权码发送至用户中心,从所述用户中心获取关于所述授权码的访问令牌; [0010] The access token acquisition step comprises: transmitting the authorization code to the subscriber center, with respect to the acquired access token authorization code from the user center;

[0011] 用户信息获取步骤,包括:将所述访问令牌和用户账号发送到服务器,从所述服务器获取在所述访问令牌验证通过后的关于所述用户账号的用户信息; [0011] The user information acquisition step, comprising: transmitting the token and the user account access to the server, the user acquires information about the user's account after the verification by the access token from the server;

[0012] 信息回调步骤,包括:将所述用户信息回调至所述第三方应用。 [0012] Step callback information, comprising: a callback to the user information of the third party applications.

[0013] 进一步的,所述获取关于所述预先绑定的用户账号的授权码,具体包括: [0013] Further, the obtaining authorization code with respect to the pre-bound user account comprises:

[0014] 获取所述第三方应用的应用标识和应用密钥; [0014] Get the application identifier and the application key of the third party application;

[0015] 对所述应用标识和所述应用密钥进行验证,如果验证通过,获取关于所述预先绑定的用户账号的授权码。 [0015] validate the application identifier and the application key, if the verification is passed, obtaining authorization code with respect to the pre-bound to the user account.

[0016] 进一步的,所述授权码获取步骤,还包括:如果没有预先绑定的用户账号,则: [0016] Further, the step of obtaining the authorization code, further comprising: a user account if not previously bound, then:

[0017] 获取所述第三方应用的应用标识和应用密钥; [0017] Get the application identifier and the application key of the third party application;

[0018] 将所述应用标识和所述应用密钥发送到服务器; [0018] transmitting the application identifier and the application key to a server;

[0019] 显示所述服务器对所述应用标识和所述应用密钥进行验证后所返回的登陆页面; [0019] The display server to the application identifier and the application key landing page returned after authentication;

[0020] 获取所述服务器对用户账号和用户密码验证通过后所返回的关于所述用户账号的授权码,执行访问令牌获取步骤,所述用户账号和所述用户密码由所述服务器通过所述登陆页面接收得到。 [0020] obtaining the authorization code server about the user's account password after user account and the user authentication returned by performing the step of obtaining access token, the user account and password to the user by the server via the above the landing page to get reception.

[0021] 进一步的,所述访问令牌获取步骤中,获取所述访问令牌后与所述用户账号关联保存; After [0021] Further, the access token acquisition step of acquiring the stored access token associated with the user account;

[0022] 所述第三方授权响应步骤,具体包括: [0022] in response to the third party authorization step comprises:

[0023] 当响应于第三方应用的授权请求时,如果保存有与所述用户账号关联保存的访问令牌,则直接执行所述用户信息获取步骤,否则执行所述授权码获取步骤。 [0023] When an authorized third-party application in response to a request, if stored with the user account associated stored access token, the user directly performed the information acquisition step is performed, otherwise the step of obtaining the authorization code.

[0024] 进一步的,所述信息回调步骤,具体包括: [0024] Further, the information correction step comprises:

[0025] 将所述用户信息进行哈希封装后回调至所述第三方应用。 After [0025] a hash of the user information to the third party application callback package.

[0026] 进一步的,所述第三方授权响应步骤,具体包括:显示授权页面,响应由所述授权页面所触发的第三方应用的授权请求,所述授权页面采用Java基于安卓系统生成,且所述授权页面的显示资源来自以Java库形式保存的至少一个资源文件,且每个所述资源文件的资源文件标识采用Java的反射机制从安卓系统所提供的R文件中获取。 [0026] Further, in response to the third party authorization step comprises: displaying authorization page, in response to the authorization request from the third party application authorization page triggered, generating the authorization page using Java-based Android, and the said resource authorization page display from Java libraries stored in the form of at least one resource file, resource file and the resource file for each identification using Java reflection mechanism of R obtained from the file system provided by Andrews.

[0027] 本发明提供一种第三方账号授权方法,包括: [0027] The present invention provides a third-party account authorization method, comprising:

[0028] 访问令牌接收步骤,包括:接收到来自设备的访问令牌和用户账号,所述访问令牌由所述设备响应第三方应用的授权请求,在设有预先绑定的用户账号时获取关于所述预先绑定的用户账号的授权码,并将所述授权码发送至用户中心后,从所述用户中心获取得到关于所述授权码的访问令牌; Upon receiving the access token from the account and the user equipment, the third party application access token authorization request by the device response, a user account with the pre-bound: [0028] the step of receiving an access token, comprising after obtaining the authorization code with respect to the pre-bound user account, and transmitting the authorization code to the subscriber center, obtained from the Center for the user of the authorization token access code;

[0029] 用户信息发送步骤,包括:对所述访问令牌进行验证,如果所述访问令牌验证通过,则将关于所述用户账号的用户信息发送至所述设备,所述用户信息由所述设备用于回调至所述第三方应用。 [0029] User information transmitting step, comprising: the access token for authentication, the access token if verification is passed, then the user information regarding the user account sent to the device, the information provided by the user said apparatus for a callback to the third party applications.

[0030] 进一步的,还包括,授权码发送步骤; [0030] Further, further comprising the step of transmitting authorization code;

[0031] 所述授权码发送步骤,包括: [0031] The step of transmitting the authorization code, comprising:

[0032] 接收到设备判断没有与所述设备绑定的用户账号时,所发送的应用标识和应用密钥,所述应用标识和所述应用密钥为所述设备所获取的所述第三方应用的应用标识和应用密钥; [0032] Upon receiving the device determines the user account is not bound with the device, the application identifier and the application key transmitted, the application identifier and the application key to the third party acquired the device application identifier and the application key of the application;

[0033] 如果所述应用标识和所述应用密钥验证通过则向所述设备返回登陆页面,并通过所述登陆页面获取用户账号和用户密码; [0033] If the application identifier and the application key to the authentication apparatus via the login page to return, via the login page for the user account and a user password;

[0034] 如果对所述用户账号和所述用户密码验证通过,则向所述设备返回关于所述用户账号的授权码。 [0034] If the verification of the user account and the user password, the authorization code to return the device about the user's account.

[0035] 本发明提供一种第三方账号授权设备,包括: [0035] The present invention provides a third-party account authorizing device, comprising:

[0036] 第三方授权响应模块,用于:响应第三方应用的授权请求; [0036] The third-party authorization response module configured to: in response to the authorization request of a third party application;

[0037] 授权码获取模块,用于:如果设有预先绑定的用户账号,则获取关于所述预先绑定的用户账号的授权码; [0037] The authorization code acquisition module, configured to: if the user account has a pre-bound with respect to the authorization code is acquired prebound user account;

[0038] 访问令牌获取模块,用于:将所述授权码发送至用户中心,从所述用户中心获取关于所述授权码的访问令牌; [0038] The access token obtaining module, configured to: send the authorization code to the subscriber center, with respect to the acquired access token authorization code from the user center;

[0039] 用户信息获取模块,用于:将所述访问令牌和用户账号发送到服务器,从所述服务器获取在所述访问令牌验证通过后的关于所述用户账号的用户信息; [0039] The user information obtaining module, configured to: send the access token to the server and the user account, the access token acquired authentication information about the user after the user account from the server by;

[0040] 信息回调模块,用于:将所述用户信息回调至所述第三方应用。 [0040] Information callback module, configured to: the user information to the third party application callback.

[0041] 进一步的,所述获取关于所述预先绑定的用户账号的授权码,具体用于: [0041] Further, the obtaining authorization code with respect to the pre-bound user account, in particular for:

[0042] 获取所述第三方应用的应用标识和应用密钥; [0042] Get the application identifier and the application key of the third party application;

[0043] 对所述应用标识和所述应用密钥进行验证,如果验证通过,获取关于所述预先绑定的用户账号的授权码。 [0043] validate the application identifier and the application key, if the verification is passed, obtaining authorization code with respect to the pre-bound to the user account.

[0044] 进一步的,所述授权码获取模块,还用于:如果没有预先绑定的用户账号,则: [0044] Further, the authorization code acquisition module is further configured to: if there is no pre-bound user account, then:

[0045] 获取所述第三方应用的应用标识和应用密钥; [0045] Get the application identifier and the application key of the third party application;

[0046] 将所述应用标识和所述应用密钥发送到服务器; [0046] transmitting the application identifier and the application key to a server;

[0047] 显示所述服务器对所述应用标识和所述应用密钥进行验证后所返回的登陆页面; [0047] The display server to the application identifier and the application key landing page returned after authentication;

[0048] 获取所述服务器对用户账号和用户密码验证通过后所返回的关于所述用户账号的授权码,执行访问令牌获取模块,所述用户账号和所述用户密码由所述服务器通过所述登陆页面接收得到。 [0048] obtaining the authorization code server about the user's account password after user account and the user returned by the authentication, execute access token acquisition module, the user account and password to the user by the server via the above the landing page to get reception.

[0049] 进一步的,所述访问令牌获取模块中,获取所述访问令牌后与所述用户账号关联保存; After [0049] Further, the access token acquisition module acquires the stored access token associated with the user account;

[0050] 所述第三方授权响应模块,具体用于: [0050] The third-party authorization response module is configured to:

[0051] 当响应于第三方应用的授权请求时,如果保存有与所述用户账号关联保存的访问令牌,则直接执行所述用户信息获取模块,否则执行所述授权码获取模块。 [0051] When an authorized third-party application in response to a request, if stored with the user account associated stored access token, the user directly executes the information acquisition module, otherwise, execute the authorization code acquisition module.

[0052] 进一步的,所述信息回调模块,具体用于: [0052] Further, the information correction module is configured to:

[0053] 将所述用户信息进行哈希封装后回调至所述第三方应用。 After [0053] a hash of the user information to the third party application callback package.

[0054] 进一步的,所述第三方授权响应模块,具体用于:显示授权页面,响应由所述授权页面所触发的第三方应用的授权请求,所述授权页面采用Java基于安卓系统生成,且所述授权页面的显示资源来自以Java库形式保存的至少一个资源文件,且每个所述资源文件的资源文件标识采用Java的反射机制从安卓系统所提供的R文件中获取。 [0054] Further, the third party authorization response module is configured to: display the authorization page, in response to the authorization request from the third party application authorization page triggered, generating the authorization page using Java-based Android, and displaying resource from the authorization page Java libraries stored in the form of at least one resource file, resource file and the resource file for each identification using Java reflection mechanism of R obtained from the file system provided by Andrews.

[0055] 本发明提供一种第三方账号授权服务器,包括: [0055] The present invention provides a third-party account authorization server, comprising:

[0056] 访问令牌接收模块,用于:接收到来自设备的访问令牌和用户账号,所述访问令牌由所述设备响应第三方应用的授权请求,在设有预先绑定的用户账号时获取关于所述预先绑定的用户账号的授权码,并将所述授权码发送至用户中心后,从所述用户中心获取得到关于所述授权码的访问令牌; [0056] The access token receiving module for: receiving an access token from the account and the user equipment, the third party application access token authorization request by the device response, a user account with prebound after obtaining the authorization code on a user account in advance when bound, and the authorization code to the subscriber center, obtained from the Center for the user of the authorization token access code;

[0057] 用户信息发送模块,用于:对所述访问令牌进行验证,如果所述访问令牌验证通过,则将关于所述用户账号的用户信息发送至所述设备,所述用户信息由所述设备用于回调至所述第三方应用。 [0057] The user information sending module, configured to: validate the access token, if the access token verification passes, the user information regarding the user account sent to the device, the user information by the the apparatus for the third party to the callback application.

[0058] 进一步的,还包括,授权码发送模块; [0058] Further, further comprising, transmitting the authorization code module;

[0059] 所述授权码发送模块,用于: [0059] The authorization code sending module, configured to:

[0060] 接收到设备判断没有与所述设备绑定的用户账号时,所发送的应用标识和应用密钥,所述应用标识和所述应用密钥为所述设备所获取的所述第三方应用的应用标识和应用密钥; [0060] Upon receiving the device determines the user account is not bound with the device, the application identifier and the application key transmitted, the application identifier and the application key to the third party acquired the device application identifier and the application key of the application;

[0061] 如果所述应用标识和所述应用密钥验证通过则向所述设备返回登陆页面,并通过所述登陆页面获取用户账号和用户密码; [0061] If the application identifier and the application key to the authentication apparatus via the login page to return, via the login page for the user account and a user password;

[0062] 如果对所述用户账号和所述用户密码验证通过,则向所述设备返回关于所述用户账号的授权码。 [0062] If the verification of the user account and the user password, the authorization code to return the device about the user's account.

[0063] 本发明提供一种第三方账号授权系统,包括:设备端和服务器端; [0063] The present invention provides a third-party account authorization system, comprising: a device side and server side;

[0064] 所述设备端,包括: [0064] The terminal apparatus, comprising:

[0065] 设备端第三方授权响应模块,用于:响应第三方应用的授权请求; [0065] The terminal apparatus in response to the third-party authorization module configured to: in response to the authorization request of a third party application;

[0066] 设备端授权码获取模块,用于:如果设有预先绑定的用户账号,则获取关于所述预先绑定的用户账号的授权码; [0066] The device-side authorization code obtaining module, configured to: if the user account has a pre-bound with respect to the authorization code is acquired prebound user account;

[0067] 设备端访问令牌获取模块,用于:将所述授权码发送至用户中心,从所述用户中心获取关于所述授权码的访问令牌; [0067] The device-side access token obtaining module, configured to: send the authorization code to the subscriber center, with respect to the acquired access token authorization code from the user center;

[0068] 设备端用户信息获取模块,用于:将所述访问令牌和用户账号发送到服务器,从所述服务器获取关于所述用户账号的用户信息; [0068] The user terminal device information acquisition module, configured to: send the access token to the server and the user account, the user acquires information about the user account from the server;

[0069] 设备端信息回调模块,用于:将所述用户信息回调至所述第三方应用; [0069] The information terminal apparatus callback module configured to: a callback to the user information to the third party application;

[0070] 所述服务器端,包括: [0070] The server, comprising:

[0071] 服务器端访问令牌接收模块,用于:接收到来自设备的访问令牌和用户账号; [0071] The server access token receiving module for: receiving an access token from the account and the user equipment;

[0072] 服务器端用户信息发送模块,用于:对所述访问令牌进行验证,如果所述访问令牌验证通过,则将关于所述用户账号的用户信息发送至所述设备。 [0072] The server-side user information sending module, configured to: validate the access token, if the access token verification passes, the user information regarding the user account sent to the device.

[0073] 本发明通过提供一种能够将预先绑定的账号授权给第三方应用使用的方案,使得第三方应用能够获取该安全账号的授权,从而使得第三方应用能够采用该安全账号进行各种敏感操作,例如支付付费等。 [0073] The present invention is capable of authorizing the account by providing the pre-bound to the third party application program used, so that the third party application can acquire the security authorization account, so that the third party applications can be employed for a variety of security account sensitive operations, such as pay and other payments.

附图说明 BRIEF DESCRIPTION

[0074] 图1为本发明应用于设备的一种第三方账号授权方法的工作流程图; [0074] Figure 1 is one kind of third-party account authorization method is applied to an operation flowchart of the apparatus of the invention;

[0075] 图2为本发明应用于服务器的一种第三方账号授权方法的工作流程图; [0075] The flow chart of Figure 2 applied to an authorized third-party account of the method of the present invention, a server;

[0076] 图3为本发明一种第三方账号授权设备的结构模块图; [0076] FIG 3 a block diagram of one kind of structure of the third party account authorized apparatus of the present invention;

[0077] 图4为本发明最佳实施例的设备结构示意图; [0077] FIG. 4 is a schematic structure of a preferred embodiment of apparatus of the present invention;

[0078] 图5为本发明一种第三方账号授权服务器的结构模块图; [0078] FIG. 5 one kind of third-party account authorization server configuration block diagram of the present invention;

[0079] 图6为本发明最佳实施例的服务器结构示意图; [0079] FIG. 6 is a schematic view of a preferred embodiment of the present invention, the structure of the server;

[0080] 图7为本发明一种第三方账号授权系统的结构模块图; [0080] FIG. 7 block diagram of a structure of a third-party account authorization system of the present invention;

[0081] 图8为本发明的最佳实施例的针对预先绑定用户账号的设备的工作流程图。 A flowchart of a preferred embodiment of the device for the user account prebound [0081] FIG. 8 of the present invention.

具体实施方式 Detailed ways

[0082] 下面结合附图和具体实施例对本发明做进一步详细的说明。 [0082] conjunction with the accompanying drawings and the following specific examples further illustrate the present invention in detail.

[0083] 如图1所示为本发明一种第三方账号授权方法的工作流程图,包括: [0083] FIG. 1 shows a flowchart of the present invention, one kind of third-party account authorization method, comprising:

[0084] 步骤S101,包括:响应第三方应用的授权请求; [0084] step S101, the comprising: a third-party application in response to an authorization request;

[0085] 步骤S102,包括:如果设有预先绑定的用户账号,则获取关于所述预先绑定的用户账号的授权码; [0085] step S102, comprising: if the user account has a pre-bound with respect to the authorization code is acquired prebound user account;

[0086] 步骤S103,包括:将所述授权码发送至用户中心,从所述用户中心获取关于所述授权码的访问令牌; [0086] step S103, the comprising: transmitting the authorization code to the subscriber center, with respect to the acquired access token authorization code from the user center;

[0087] 步骤S104,包括:将所述访问令牌和用户账号发送到服务器,从所述服务器获取在所述访问令牌验证通过后的关于所述用户账号的用户信息; [0087] step S104, comprising: transmitting the token and the user account access to the server, the user acquires information about the user's account after the verification by the access token from the server;

[0088] 步骤S105,包括:将所述用户信息回调至所述第三方应用。 [0088] step S105, comprising: a callback to the user information to the third party applications.

[0089] 本发明的方法可以采用软件开发工具包(Software Development Ki t,sdk)的形式提供给软件开发者。 [0089] The method of the present invention may employ a software development kit (Software Development Ki t, sdk) provided in the form to the software developer. 软件开发者所开发的软件应用,即第三方应用,通过调用sdk所提供的函数请求授权,触发步骤S101,从而响应授权请求。 Software developers developed software applications that third-party applications, by calling the function provided by requesting authorization sdk, triggering step S101, and thus respond to authorization requests. 步骤S102中,获取预先绑定的用户账号的授权码,并将该授权码发送到用于实现对用户信息的综合管理的用户中心,该用户中心可以与设备一体,也可以是与服务器一体,还可以是单独设备。 Step S102, acquired pre-bound user account authorization code and the authorization code is sent to the user center for implementing the integrated management of user information, the user equipment may be integrally center, it may be integral with the server, It may also be a separate device. 步骤S103中获取到访问令牌,并通过访问令牌发送到服务器,由于所发送的是访问令牌,因此其能很好地隐藏授权码,避免授权码被非法获取。 In step S103, acquired access token, and transmits the access token to the server, since the access token is transmitted, and therefore it can be well hidden authorization code, the authorization code is to avoid the illegal access. 在步骤S104中,服务器对访问令牌验证后即返回相关的用户信息,该用户信息通过第三方应用所提供的回调函数回调至第三方应用。 In step S104, the server returns access information associated with the user after the authentication token, the callback function of the user information provided by third party application callback to the third-party applications.

[0090] 本发明由于采用的用户账号是预先绑定的,因此其安全性较高,从而使得第三方应用能够采用该用户账号实现各种敏感操作,例如支付付费等。 [0090] The present invention adopts the user account is bound in advance, so that high safety, so that third party applications can be implemented using the user account on sensitive operations, such as payment paid like.

[0091] 在其中一个实施例中,所述获取关于所述预先绑定的用户账号的授权码,具体包括: [0091] In one embodiment, the obtaining authorization code with respect to the pre-bound user account comprises:

[0092] 获取所述第三方应用的应用标识和应用密钥; [0092] Get the application identifier and the application key of the third party application;

[0093] 对所述应用标识和所述应用密钥进行验证,如果验证通过,获取关于所述预先绑定的用户账号的授权码。 [0093] validate the application identifier and the application key, if the verification is passed, obtaining authorization code with respect to the pre-bound to the user account.

[0094] 本实施例进一步对第三方应用的应用标识和应用密钥进行验证,以保证该第三方应用具有相应的权限以取得预先绑定的用户账号的授权码,从而进一步提高安全。 [0094] This example further application of the application identifier and the application key to third parties for verification, to ensure that the third party application has the appropriate permissions to obtain pre-bound user account authorization code, thereby further improving safety.

[0095] 在其中一个实施例中,所述步骤S102,还包括:如果没有预先绑定的用户账号, 则: [0095] embodiment, the step S102 in one embodiment, further comprising: if there is no pre-bound user account, then:

[0096] 获取所述第三方应用的应用标识和应用密钥; [0096] Get the application identifier and the application key of the third party application;

[0097] 将所述应用标识和所述应用密钥发送到服务器; [0097] transmitting the application identifier and the application key to a server;

[0098] 显示所述服务器对所述应用标识和所述应用密钥进行验证后所返回的登陆页面; [0098] The display server to the application identifier and the application key landing page returned after authentication;

[0099] 获取所述服务器对用户账号和用户密码验证通过后所返回的关于所述用户账号的授权码,执行步骤S103,所述用户账号和所述用户密码由所述服务器通过所述登陆页面接收得到。 [0099] acquire the authentication server authorization code with respect to the user account of the user returned by the account and password, performing step S103, the user account and the password of the user by the server via the login page get reception.

[0100] 本实施例增加对没有预先绑定用户账号的支持,即如果用户采用的是一个预先绑定有用户账号的设备,则其可以直接在设备中获取授权码,然而,如果用户没有采用预先绑定有用户账号的设备,则其可以通过设备登陆服务器进而获取授权码,服务器对第三方应用的应用标识和应用密钥进行验证以确保其具有足够权限。 [0100] The present embodiment increases the binding of the user account is not previously supported, i.e., if the user uses a user account with a pre-binding equipment, it can directly obtain the authorization code in the device, however, if the user does not use there are pre-bundled user account equipment, it can then obtain an authorization code by landing device server, application server and third-party applications to identify key applications validated to ensure that it has sufficient authority.

[0101] 在其中一个实施例中,所述步骤S103中,获取所述访问令牌后与所述用户账号关联保存; After [0101] In one embodiment, the step S103, acquires the stored access token associated with the user account;

[0102] 所述步骤S101,具体包括: [0102] The step S101, and comprises:

[0103] 当响应于第三方应用的授权请求时,如果保存有与所述用户账号关联保存的访问令牌,则直接执行所述步骤S104,否则执行所述步骤S102。 [0103] When an authorized third-party application in response to a request, if stored with the user account stored access token associated, directly performing the step S104, otherwise, performing the step S102.

[0104] 本实施例中,针对已经取得过用户信息的用户账号,可以直接采用已有的访问令牌,从而减少步骤流程,提高用户信息的获取速度,使得用户获得更好的用户体验。 [0104] In this embodiment, the user had been made for the user account information can be accessed directly using the existing tokens, thereby reducing the flow of steps, improve speed of access to information the user so that the user get a better user experience.

[0105] 在其中一个实施例中,所述步骤S105,具体包括: [0105] In one embodiment, the step S105 embodiments, comprises:

[0106] 将所述用户信息进行哈希封装后回调至所述第三方应用。 After [0106] a hash of the user information to the third party application callback package.

[0107] 本实施例通过哈希封装进行回调,从而提高回调速度。 [0107] Examples of the present embodiment by hashing the package callback, the callback rate thereby increasing. 优选地,采用哈希地图,即HashMap方式对用户信息进行封装。 Preferably, a hash map, i.e. HashMap mode user information packages.

[0108] 在其中一个实施例中,所述步骤S101,具体包括:显示授权页面,响应由所述授权页面所触发的第三方应用的授权请求,所述授权页面采用Java基于安卓系统生成,且所述授权页面的显示资源来自以Java库形式保存的至少一个资源文件,且每个所述资源文件的资源文件标识采用Java的反射机制从安卓系统所提供的R文件中获取。 [0108] In one embodiment, the step S101, and comprises: a display authorization page, in response to the authorization request from the third party application authorization page triggered, generating the authorization page using Java-based Android, and displaying resource from the authorization page Java libraries stored in the form of at least one resource file, resource file and the resource file for each identification using Java reflection mechanism of R obtained from the file system provided by Andrews.

[0109] 安卓系统,即Android系统,当采用java进行开发时,其中有一个R文件,即R. Java文件,用于保存资源文件,然而,由于同一个jar包中不能同时具有两个R文件,因此,本实施例的资源文件以1 ibrary的形式提供,且将原R文件中,所有资源文件的资源文件标识,即资源文件id采用反射机制来取得,从而使得该sdk能够顺利的被Java开发者调用。 [0109] Andrews, i.e. Android system, when using java development, wherein R a document, i.e., R. Java file to save the resource file, however, since the same jar package file can not have two R Therefore, the resource file in the present embodiment is provided in the form of 1 ibrary, R and the original file, resource file identifying all resource files, resource file id that is employed to obtain reflection, so that the Java can be smoothly sdk developers call.

[0110] 如图2所示为本发明一种第三方账号授权方法的工作流程图,包括: [0110] FIG 2 is a flowchart of a third-party account authorization INVENTION A method, includes:

[0111] 步骤S201,包括:接收到来自设备的访问令牌和用户账号,所述访问令牌由所述设备响应第三方应用的授权请求,在设有预先绑定的用户账号时获取关于所述预先绑定的用户账号的授权码,并将所述授权码发送至用户中心后,从所述用户中心获取得到关于所述授权码的访问令牌; [0111] step S201, the comprising: receiving the access token from the account and the user equipment, the access token, regarding the acquired user account when the pre-bound with authorization request by the device in response to the third party application described later, pre-bound user account authorization code and the authorization code to the subscriber center, obtained from the Center for the user of the authorization token access code;

[0112] 步骤S202,包括:对所述访问令牌进行验证,如果所述访问令牌验证通过,则将关于所述用户账号的用户信息发送至所述设备,所述用户信息由所述设备用于回调至所述第三方应用。 [0112] step S202, comprising: the access token for authentication, the access token if verification is passed, then the user information regarding the user account sent to the device, the user information by said apparatus callback application to the third party.

[0113] 本实施例应用于服务器中,服务器对访问令牌进行验证后返回用户账号的用户信息。 [0113] The present embodiment is applied to the server, the server returns the token to access a user account after the user authentication information.

[0114] 在其中一个实施例中,还包括,授权码发送步骤; [0114] In one embodiment, further comprising the step of transmitting authorization code;

[0115] 所述授权码发送步骤,包括: [0115] The step of transmitting authorization code, comprising:

[0116] 接收到设备判断没有与所述设备绑定的用户账号时,所发送的应用标识和应用密钥,所述应用标识和所述应用密钥为所述设备所获取的所述第三方应用的应用标识和应用密钥; [0116] Upon receiving the device determines the user account is not bound with the device, the application identifier and the application key transmitted, the application identifier and the application key to the third party acquired the device application identifier and the application key of the application;

[0117] 如果所述应用标识和所述应用密钥验证通过则向所述设备返回登陆页面,并通过所述登陆页面获取用户账号和用户密码; [0117] If the application identifier and the application key to the authentication apparatus via the login page to return, via the login page for the user account and a user password;

[0118] 如果对所述用户账号和所述用户密码验证通过,则向所述设备返回关于所述用户账号的授权码。 [0118] If the verification of the user account and the user password, the authorization code to return the device about the user's account.

[0119] 本实施例的步骤处理了用户在采用不预先绑定用户账号的设备时的登陆请求,并返回相应的授权码。 Step [0119] This embodiment of a process when the user login request of the user account in the device does not use pre-bundled, and returns the appropriate authorization code.

[0120] 如图8所示为本发明的最佳实施例的针对预先绑定用户账号的设备的工作流程图,设备为手机,具体包括: [0120] Examples of preferred embodiments of the present invention shown in FIG. 8 is an operation flowchart for the pre-bound user account equipment, a mobile phone device, comprises:

[0121] 开发者采用本发明所提供的sdk时,首先需要在服务器申请授权的应用标识(appid)、应用密钥(appsecret)、openid 和secret_key〇 [0121] When using the developer according to the present invention provides sdk, first need to request authorization application identifier (AppID) in the server, the application key (appsecret), openid and secret_key〇

[0122] 步骤S801,将appid,appsecret传给置于手机rom的代理agent,如果appid与appsecret验证成功,直接打开登录界面,进行授权登录,登录成功将获得由agent返回的授权码(code),具体来说: [0122] step S801, the appid, appsecret passed to put the phone rom proxy agent, if appid and appsecret verification is successful, directly open the login screen, authorize login, the login is successful will receive an authorization code returned by the agent of the (code), specifically:

[0123] 将openid 与secret_key 传给agent 的GuideActivity,根据startActivityForResult 去启动内置在手机rom 里面的com. letv. android, agent. GuideActivity页面,如果该页面授权成功会在onActivityResult中将code通过Intent 回传,取到code之后,调用getAccessToken(code)来换取用户的accesstoken ; [0123] The openid with secret_key passed GuideActivity agent, according to the startActivityForResult to activate the built-in phone rom com inside. Letv. Android, agent. GuideActivity page, if the page is successfully authorized will pass in the code onActivityResult Intent in return, after taking to the code, call getAccessToken (code) in exchange for the user's accesstoken;

[0124] 步骤S802,通过http发送到用户中心,用户中心再根据该授权码,把对应该授权码的用户的访问令牌(accesstoken)返回,具体来说: [0124] step S802, transmitted to the user via http Center, then the center of the user based on the authorization code, the authorization code to the user should access token (accessToken) returns, in particular:

[0125] 将开发者传入的appid、appsecrect、授权码code、回调地址组合,成为一个json 字串,通过HttpClient的POST发送getAccessTokenFromServer请求到用户中心,然后用RequestCallback的接口回调从用户中心取到返回的Json字段,对其用JSONObject解析, 取到accesstoken、uid 字段; [0125] The developer incoming appid, appsecrect, code authorization code, callback address combination, into a json string, send a request to the user through the center getAccessTokenFromServer POST HttpClient, and then use the callback interfaces RequestCallback taken from the user to return to the center Json the field for analyzing the JSONObject thereof, to take accesstoken, uid field;

[0126] 步骤S803,通过accesstoken,取得用户的账户信息,具体来说: [0126] step S803, by accesstoken, to obtain user account information, specifically:

[0127] 将accesstoken、uid 传入getUserBasicInfo 方法,在getUserBasicInfo 方法中, 将appid、uid、accesstoken、uid组合成一个json字符串,同理根据HttpClient的Get发送getUserBasicInfoFromServer请求,取得用户的基本信息,返回信息包括:uid、nickname、 accesstoken、file_300*300、file_200*200、file_70*70、file_50*50。 [0127] The accesstoken, uid incoming getUserBasicInfo method, getUserBasicInfo method, appid, uid, accesstoken, uid json combined into one string, empathy getUserBasicInfoFromServer request transmission, to obtain the basic information of the user, and returns information according to the Get HttpClient comprising: uid, nickname, accesstoken, file_300 * 300, file_200 * 200, file_70 * 70, file_50 * 50.

[0128] 然后将这些信息组合到回调接口中; [0128] This information is then combined into a callback interface;

[0129] 步骤S804,取得用户信息之后,通过android的shareprefer,将accesstoken 以及uid、nickname等存储到本地存储,将uid作为主键,如果是根据历史直接点击登录, 则会取到所有shareprefer中的用户信息,进行展示,然后根据该用户信息取到用户的accesstoken,然后执行步骤S803,取到用户信息,将信息回调出去。 [0129] step S804, after obtaining user information through the android shareprefer, will accesstoken and uid, nickname, etc. stored in a local storage, the uid as primary key, if it is directly click on the login based on history, it will take the user shareprefer all information, display, and then take the user to the information according to the user's accessToken, then perform step S803, the information accessible to the user, the callback information out.

[0130] 步骤S805,通过sdk提供的回调接口,将信息回传给第三方应用进行账户信息处理,回调接口将用户信息封装成HashMap,然后开发者直接可以直接对HashMap对象进行操作,具体来说: [0130] step S805, the callback interface sdk provided by the information back to a third party account information processing applications, a user callback interface encapsulates information into HashMap, then the developer can directly operate directly HashMap object, particularly :

[0131] 其封装格式为: [0131] which is encapsulated in the form:

[0132] HashMap<String, 0bject>userInfo = new HashMap<String, 0bject>() [0132] HashMap <String, 0bject> userInfo = new HashMap <String, 0bject> ()

[0133] userlnfo. put ("letv_uid",/* 用户uid*/); . [0133] userlnfo put ( "letv_uid", / * user uid * /);

[0134] userlnfo. put ("nickname",/* 昵称*/); . [0134] userlnfo put ( "nickname", / * Nickname * /);

[0135] userlnfo. put (〃access_token〃,/氺授权access token*/); . [0135] userlnfo put (〃access_token〃, / Shui authorized access token * /);

[0136] userlnfo. put (〃file_3〇0*3〇0〃,/*3〇0*3〇0 头像*/); . [0136] userlnfo put (〃file_3〇0 3〇0〃 *, / * * 3〇0 head 3〇0 * /);

[0137] userlnfo. put (〃file_2〇0*2〇0〃,/*2〇0*2〇0 头像*/); . [0137] userlnfo put (〃file_2〇0 2〇0〃 *, / * * 2〇0 head 2〇0 * /);

[0138] userlnfo. put ("file_70*70",/*70*70 头像*/); . [0138] userlnfo put ( "file_70 * 70", / * 70 * 70 * head /);

[0139] userlnfo. put ("file_50*50",/*50*50 头像*/); . [0139] userlnfo put ( "file_50 * 50", / * 50 * 50 * head /);

[0140] 然后将该HashMap对象直接回调给开发者。 [0140] then the HashMap callback object directly to developers.

[0141] 本发明的最佳实施例的针对非预先绑定用户账号的设备,具体包括: [0141] for non-pre-bound user account apparatus of the preferred embodiment of the present invention, comprises:

[0142] 调用html5的登录页面,输入账户跟密码,点击登录,登录成功后在回调地址里会回传授权码code,然后后续与针对预先绑定用户账号的设备的工作流程相同,即与步骤S802-S805 -致,其登陆页面的生成,具体如下: [0142] calls html5 login page, enter the account with a password, click login, the login is successful callback address where will return authorization code code, then follow the same workflow for the user account of pre-bundled equipment, that step S802-S805 - actuator, which generates a login page, as follows:

[0143] 根据appid,appsecret及回调地址,拼出来一个调起登录的url,其格式如下: [0143] According appid, appsecret and callback address, to spell out a login invoking url, the following format:

[0144] ''https://aaa.xxx.com/oauthopen/authorize ? scope = user_basic_ show&display = mobile&client_id = [0144] '' https://aaa.xxx.com/oauthopen/authorize? Scope = user_basic_ show & display = mobile & client_id =

[0145] +AccountOathSDK. appid+〃&force_login = l&state = &response_type = code&cl ient_secret = [0145] + AccountOathSDK. Appid + 〃 & force_login = l & state = & response_type = code & cl ient_secret =

[0146] +AccountOathSDK. appsecret+〃&redirect_uri = 〃+AccountOathSDK. redirect- uri ; [0146] + AccountOathSDK appsecret + & redirect_uri = 〃 〃 + AccountOathSDK redirect- uri..;

[0147] 然后通过WebView的loadurl来打开该登录页面,如果登录成功,则会将授权码code 附在回调地址redirect_uri 后面,如https://aaa. XXX. com/oauth_default. html ? code = 1,然后通过WebView的onPageFinish方法,可以截取到code值,将该值传入getAccessToken (code)中。 [0147] and then to open the login page loadurl WebView, if the login is successful, it will be attached to the authorization code code callback address behind redirect_uri, such as https:...? // aaa XXX com / oauth_default html code = 1, then onPageFinish WebView method may intercept the code value, the value is passed in getAccessToken (code).

[0148] 本发明最佳实施例的sdk由于资源文件在jar中用R文件直接访问会有冲突,所以所有资源文件的访问都采用java的反射机制来获得。 [0148] sdk preferred embodiment of the present invention, since there is direct access to the file resource conflicts by R jar file, the file access all resources are used to obtain reflection java. 具体提供一个Mresource类以根据资源类的类名(className)以及资源文件名(name)来获取资源文件id。 Mresource provide a specific class resource file id in order to get the class name based on the resource class (className) and resource file name (name).

[0149] 在Mresource 中会提供一个getldByName(Context context, String className, String name),该方法会根据className以及id名称name来取得对应的id。 [0149] provides a getldByName in the Mresource (Context context, String className, String name), which will be made in accordance with the corresponding className id id and name name. 会先根据包名(package name)来反射出对应的R文件,然后在该R文件中遍历类,如果找到该资源类,则把该资源类中对用的name值所对应的id直接返回。 Will first be reflected according to the package name (name Package) file corresponding R, R and traversing the class file, if the resource is found, put the resource class name returned directly to the value corresponding to the id.

[0150] [0150]

Figure CN105897668AD00131

[0151] 如图3所示为本发明一种第三方账号授权设备的结构模块图,包括: [0151] FIG. 3 shows the present structure of the module of FIG INVENTION A third-party account authorization apparatus, comprising:

[0152] 第三方授权响应模块301,用于:响应第三方应用的授权请求; [0152] third party authorization response module 301, configured to: in response to the authorization request of a third party application;

[0153] 授权码获取模块302,用于:如果设有预先绑定的用户账号,则获取关于所述预先绑定的用户账号的授权码; [0153] Authorization Code acquisition module 302, configured to: if the user account has a pre-bound with respect to the authorization code is acquired prebound user account;

[0154] 访问令牌获取模块303,用于:将所述授权码发送至用户中心,从所述用户中心获取关于所述授权码的访问令牌; [0154] The access token acquisition module 303, configured to: send the authorization code to the subscriber center, with respect to the acquired access token authorization code from the user center;

[0155] 用户信息获取模块304,用于:将所述访问令牌和用户账号发送到服务器,从所述服务器获取在所述访问令牌验证通过后的关于所述用户账号的用户信息; [0155] The user information obtaining module 304, configured to: send the access token to the server and the user account, the user acquires information about the user's account after the verification by the access token from the server;

[0156] 信息回调模块305,用于:将所述用户信息回调至所述第三方应用。 [0156] Information callback module 305, configured to: the user information to the third party application callback.

[0157] 在其中一个实施例中,所述获取关于所述预先绑定的用户账号的授权码,具体用于: [0157] In one embodiment, the obtaining authorization code with respect to the pre-bound user account, in particular for:

[0158] 获取所述第三方应用的应用标识和应用密钥; [0158] Get the application identifier and the application key of the third party application;

[0159] 对所述应用标识和所述应用密钥进行验证,如果验证通过,获取关于所述预先绑定的用户账号的授权码。 [0159] validate the application identifier and the application key, if the verification is passed, obtaining authorization code with respect to the pre-bound to the user account.

[0160] 在其中一个实施例中,所述授权码获取模块302,还用于:如果没有预先绑定的用户账号,则: [0160] In one embodiment, the authorization code acquisition module 302 is further configured to: if there is no pre-bound user account, then:

[0161] 获取所述第三方应用的应用标识和应用密钥; [0161] Get the application identifier and the application key of the third party application;

[0162] 将所述应用标识和所述应用密钥发送到服务器; [0162] transmitting the application identifier and the application key to a server;

[0163] 显示所述服务器对所述应用标识和所述应用密钥进行验证后所返回的登陆页面; [0163] The display server to the application identifier and the application key landing page returned after authentication;

[0164] 获取所述服务器对用户账号和用户密码验证通过后所返回的关于所述用户账号的授权码,执行访问令牌获取模块,所述用户账号和所述用户密码由所述服务器通过所述登陆页面接收得到。 [0164] obtaining the authorization code server about the user's account password after user account and the user returned by the authentication, execute access token acquisition module, the user account and password to the user by the server via the above the landing page to get reception.

[0165] 在其中一个实施例中,所述访问令牌获取模块303中,获取所述访问令牌后与所述用户账号关联保存; After [0165] In one embodiment, the access token acquisition module 303 acquires the stored access token associated with the user account;

[0166] 所述第三方授权响应模块301,具体用于: [0166] The third-party authorization response module 301, configured to:

[0167] 当响应于第三方应用的授权请求时,如果保存有与所述用户账号关联保存的访问令牌,则直接执行所述用户信息获取模块304,否则执行所述授权码获取模块302。 [0167] When an authorized third-party application in response to a request, if stored with the user account associated stored access token, the user directly executes the information acquisition module 304, otherwise, execute the authorization code acquisition module 302.

[0168] 在其中一个实施例中,所述信息回调模块305,具体用于: [0168] In one embodiment, the callback information module 305, configured to:

[0169] 将所述用户信息进行哈希封装后回调至所述第三方应用。 After [0169] a hash of the user information to the third party application callback package.

[0170] 在其中一个实施例中,所述第三方授权响应模块301,具体用于:显示授权页面, 响应由所述授权页面所触发的第三方应用的授权请求,所述授权页面采用Java基于安卓系统生成,且所述授权页面的显示资源来自以Java库形式保存的至少一个资源文件,且每个所述资源文件的资源文件标识采用Java的反射机制从安卓系统所提供的R文件中获取。 [0170] In one embodiment, the third party authorization response module 301, configured to: display the authorization page, in response to the authorization request by a third party application triggered the authorization page, the page using Java-based authorization Andrews system generates and displays the resource from the authorization page Java libraries stored in the form of at least one resource file, resource file and the resource file for each identification using Java reflection mechanism of R obtained from the file system provided by Andrews .

[0171] 如图4所示为本发明的设备的结构框图,其主要包括:处理器401、存储器402、通信组件403及显示屏404等。 Block diagram of the apparatus of the present invention shown in [0171] FIG 4, which includes: a processor 401, memory 402, communications module 403 and the display 404 and the like. 一般来说,本发明的设备优选为智能手机、平板电脑和智能电视等。 Generally, the apparatus of the present invention is preferably a smart phones, tablet PCs and smart TVs.

[0172] 其中存储器402中存储前述方法的具体代码,由处理器401具体执行,通过显示屏404显示授权界面,以及通过通信组件403向服务器发送访问令牌和用户账号,以及接收用户信息并通过处理器401回调至第三方应用。 [0172] wherein the specific code stored in the process memory 402, executed by processor 401 specifically, through the display interface 404 displays authorization, and sends an access token information 403 and the user account server via the communications module, and receiving through user and processor 401 pullback to third-party applications.

[0173] 如图5所示为本发明一种第三方账号授权服务器的结构模块图,包括: [0173] FIG. 5 shows the structure of the present INVENTION A block diagram of a third-party account authorization server, comprising:

[0174] 访问令牌接收模块501,用于:接收到来自设备的访问令牌和用户账号,所述访问令牌由所述设备响应第三方应用的授权请求,在设有预先绑定的用户账号时获取关于所述预先绑定的用户账号的授权码,并将所述授权码发送至用户中心后,从所述用户中心获取得到关于所述授权码的访问令牌; [0174] The access token receiving module 501, configured to: receiving the access token from the account and the user equipment, the third party application access token authorization request by the device response, the user is provided with prebound after obtaining the authorization code with respect to the pre-bound user account when the account, and the authorization code to the subscriber center, obtained from the Center for the user of the authorization token access code;

[0175] 用户信息发送模块502,用于:对所述访问令牌进行验证,如果所述访问令牌验证通过,则将关于所述用户账号的用户信息发送至所述设备,所述用户信息由所述设备用于回调至所述第三方应用。 [0175] The user information sending module 502, configured to: validate the access token, if the access token verification passes, the user information regarding the user account sent to the device, the user information by the device for a callback to the third party applications.

[0176] 在其中一个实施例中,还包括,授权码发送模块; [0176] In one embodiment, further comprising transmitting an authorization code module;

[0177] 所述授权码发送模块,用于: [0177] The authorization code sending module, configured to:

[0178] 接收到设备判断没有与所述设备绑定的用户账号时,所发送的应用标识和应用密钥,所述应用标识和所述应用密钥为所述设备所获取的所述第三方应用的应用标识和应用密钥; [0178] Upon receiving the device determines the user account is not bound with the device, the application identifier and the application key transmitted, the application identifier and the application key to the third party acquired the device application identifier and the application key of the application;

[0179] 如果所述应用标识和所述应用密钥验证通过则向所述设备返回登陆页面,并通过所述登陆页面获取用户账号和用户密码; [0179] If the application identifier and the application key to the authentication apparatus via the login page to return, via the login page for the user account and a user password;

[0180] 如果对所述用户账号和所述用户密码验证通过,则向所述设备返回关于所述用户账号的授权码。 [0180] If the verification of the user account and the user password, the authorization code to return the device about the user's account.

[0181] 如图6所示为本发明的服务器的结构框图。 [0181] As shown in a block diagram of a server of the present invention shown in FIG 6. 服务器可以为一台电脑,也可以是多台电脑所组成的集群,其主要包括:处理器601、存储器602以及通信组件603等。 It may be a server computer, a cluster may be composed of more than one computer, which includes: a processor 601, a memory 602, and communications module 603 and the like.

[0182] 其中存储器602中存储前述方法的具体代码,由处理器601具体执行,通过通信组件603接收设备发送的访问令牌和用户账号,并由处理器601从存储器602中查询得到用户信息后,通过通信组件603向设备返回用户信息。 After [0182] wherein the specific code stored in the memory 602 of the aforementioned methods, the specific execution by a processor 601, user account access token and transmitted through the communication component receiving apparatus 603, by processor 601 queries the user information obtained from the memory 602 , 603 returns information to the user equipment through a communications component.

[0183] 如图7所示为本发明一种第三方账号授权系统的结构模块图,包括:设备端71和服务器端72 ; [0183] As shown in FIG. 7 of the present block diagram of a structure of a third-party account authorization system of the present invention, comprising: a server device 71 and 72;

[0184] 所述设备端71,包括: [0184] The apparatus 71, comprising:

[0185] 设备端第三方授权响应模块711,用于:响应第三方应用的授权请求; [0185] Device 711 ends the third-party authorization response module configured to: in response to the authorization request of a third party application;

[0186] 设备端授权码获取模块712,用于:如果设有预先绑定的用户账号,则获取关于所述预先绑定的用户账号的授权码; [0186] Authorization Code acquisition device side module 712, configured to: if the user account has a pre-bound with respect to the authorization code is acquired prebound user account;

[0187] 设备端访问令牌获取模块713,用于:将所述授权码发送至用户中心,从所述用户中心获取关于所述授权码的访问令牌; [0187] Access terminal device token acquisition module 713, configured to: send the authorization code to the subscriber center, with respect to the acquired access token authorization code from the user center;

[0188] 设备端用户信息获取模块714,用于:将所述访问令牌和用户账号发送到服务器, 从所述服务器获取关于所述用户账号的用户信息; [0188] the user terminal device information acquisition module 714, configured to: send the access token to the server and the user account, the user acquires information about the user account from the server;

[0189] 设备端信息回调模块715,用于:将所述用户信息回调至所述第三方应用; [0189] Device information terminal correction module 715, configured to: a callback to the user information to the third party application;

[0190] 所述服务器端72,包括: [0190] The server 72, comprising:

[0191] 服务器端访问令牌接收模块721,用于:接收到来自设备的访问令牌和用户账号; [0191] server access token receiving module 721, configured to: receiving the access token from the account and the user equipment;

[0192] 服务器端用户信息发送模块722,用于:对所述访问令牌进行验证,如果所述访问令牌验证通过,则将关于所述用户账号的用户信息发送至所述设备。 [0192] User server information sending module 722, configured to: validate the access token, if the access token verification passes, the user information regarding the user account sent to the device.

[0193] 以上所述实施例仅表达了本发明的几种实施方式,其描述较为具体和详细,但并不能因此而理解为对本发明专利范围的限制。 [0193] Expression of the above-described embodiments are only several embodiments of the present invention, and detailed description thereof is more specific, but can not therefore be understood as limiting the scope of the present invention. 应当指出的是,对于本领域的普通技术人员来说,在不脱离本发明构思的前提下,还可以做出若干变形和改进,这些都属于本发明的保护范围。 It should be noted that those of ordinary skill in the art, without departing from the spirit of the present invention, can make various changes and modifications, which fall within the protection scope of the present invention. 因此,本发明专利的保护范围应以所附权利要求为准。 Therefore, the protection scope of the present invention should be subject to the appended claims.

Claims (17)

1. 一种第三方账号授权方法,其特征在于,包括: 第三方授权响应步骤,包括:响应第三方应用的授权请求; 授权码获取步骤,包括:如果设有预先绑定的用户账号,则获取关于所述预先绑定的用户账号的授权码; 访问令牌获取步骤,包括:将所述授权码发送至用户中心,从所述用户中心获取关于所述授权码的访问令牌; 用户信息获取步骤,包括:将所述访问令牌和用户账号发送到服务器,从所述服务器获取在所述访问令牌验证通过后的关于所述用户账号的用户信息; 信息回调步骤,包括:将所述用户信息回调至所述第三方应用。 A third-party account authorization method, characterized by comprising: a step of third-party authorization response, comprising: a third-party application in response to an authorization request; authorization code acquisition step comprising: if the user account has a pre-bound, then obtaining authorization code with respect to the pre-bound user account; access token acquisition step comprises: transmitting the authorization code to the subscriber center, with respect to the acquired access token authorization code from the user center; user information an acquisition step comprises: transmitting the token and the user account access to the server, the user acquires information about the user's account after the verification by the access token from the server; correction information step comprises: the said user information to the third party application callback.
2. 根据权利要求1所述的第三方账号授权方法,其特征在于,所述获取关于所述预先绑定的用户账号的授权码,具体包括: 获取所述第三方应用的应用标识和应用密钥; 对所述应用标识和所述应用密钥进行验证,如果验证通过,获取关于所述预先绑定的用户账号的授权码。 2. The method of claim authorized third party account according to claim 1, wherein said obtaining authorization code with respect to the pre-bound user account comprises: acquiring the application identifier and the application of the third party application density key; said application identifier and the application key verification, if the verification, authorization code with respect to the acquired user account of pre-bound.
3. 根据权利要求1所述的第三方账号授权方法,其特征在于,所述授权码获取步骤,还包括:如果没有预先绑定的用户账号,则: 获取所述第三方应用的应用标识和应用密钥; 将所述应用标识和所述应用密钥发送到服务器; 显示所述服务器对所述应用标识和所述应用密钥进行验证后所返回的登陆页面; 获取所述服务器对用户账号和用户密码验证通过后所返回的关于所述用户账号的授权码,执行访问令牌获取步骤,所述用户账号和所述用户密码由所述服务器通过所述登陆页面接收得到。 The third-party account authorization method according to claim 1, wherein the step of obtaining the authorization code, further comprising: if there is no pre-bound user account, then: obtain the identifier of the application and the third application application key; transmitting the application identifier and the application key to a server; landing page displays the server after said application identifier and the application key to authenticate returned; acquiring the server user account authorization code with respect to the user account and the user password authentication returned by performing the step of obtaining access token, the user account and the user password of the login page obtained by the receiving server.
4. 根据权利要求1所述的第三方账号授权方法,其特征在于,所述访问令牌获取步骤中,获取所述访问令牌后与所述用户账号关联保存; 所述第三方授权响应步骤,具体包括: 当响应于第三方应用的授权请求时,如果保存有与所述用户账号关联保存的访问令牌,则直接执行所述用户信息获取步骤,否则执行所述授权码获取步骤。 The third-party account authorization method according to claim 1, wherein the access token acquisition step of acquiring stored associated with the user account after the access token; the third party authorization response step comprises: when the third-party application in response to the authorization request, if stored with the user account associated stored access token, the user directly performed the information acquisition step is performed, otherwise the step of obtaining the authorization code.
5. 根据权利要求1所述的第三方账号授权方法,其特征在于,所述信息回调步骤,具体包括: 将所述用户信息进行哈希封装后回调至所述第三方应用。 The third-party account authorization method according to claim 1, wherein said correction information step comprises: after the user information is hashed to the third party application callback package.
6. 根据权利要求1所述的第三方账号授权方法,其特征在于,所述第三方授权响应步骤,具体包括:显示授权页面,响应由所述授权页面所触发的第三方应用的授权请求,所述授权页面采用Java基于安卓系统生成,且所述授权页面的显示资源来自以Java库形式保存的至少一个资源文件,且每个所述资源文件的资源文件标识采用Java的反射机制从安卓系统所提供的R文件中获取。 The third-party account authorization method according to claim 1, wherein, in response to the third party authorization step comprises: displaying authorization page, in response to the authorization request from the third party application authorization page triggered, generating the authorization page using Java-based Andrew system, and shows the resource from the authorization page Java libraries stored in the form of at least one resource file, resource file and the resource file for each of the identified using Java reflection mechanism from Android Get wherein R documentation provided.
7. -种第三方账号授权方法,其特征在于,包括: 访问令牌接收步骤,包括:接收到来自设备的访问令牌和用户账号,所述访问令牌由所述设备响应第三方应用的授权请求,在设有预先绑定的用户账号时获取关于所述预先绑定的用户账号的授权码,并将所述授权码发送至用户中心后,从所述用户中心获取得到关于所述授权码的访问令牌; 用户信息发送步骤,包括:对所述访问令牌进行验证,如果所述访问令牌验证通过,则将关于所述用户账号的用户信息发送至所述设备,所述用户信息由所述设备用于回调至所述第三方应用。 7. - kind of third-party account authorization method comprising: the step of receiving the access token, comprising: receiving an access token from the account and the user equipment, the access token by the third application in response to the device authorization request, obtaining authorization code with respect to the pre-bound user account in the user account provided in advance to bind, and after the authorization code transmitted to the subscriber center, obtained from the Center for the user of the authorization token access code; user information transmitting step, comprising: the access token for authentication, the access token if verification is passed, then the user information regarding the user account sent to the device, the user by the device information for the third party to the callback application.
8. 根据权利要求7所述的第三方账号授权方法,其特征在于,还包括,授权码发送步骤; 所述授权码发送步骤,包括: 接收到设备判断没有与所述设备绑定的用户账号时,所发送的应用标识和应用密钥, 所述应用标识和所述应用密钥为所述设备所获取的所述第三方应用的应用标识和应用密钥; 如果所述应用标识和所述应用密钥验证通过则向所述设备返回登陆页面,并通过所述登陆页面获取用户账号和用户密码; 如果对所述用户账号和所述用户密码验证通过,则向所述设备返回关于所述用户账号的授权码。 8. The method of claim authorized third party account according to claim 7, characterized in that, further comprising the step of transmitting authorization code; step of transmitting said authorization code, comprising: a receiving device determines the user account is not bound with the device , the application identifier and the application key transmitted, the application identifier and the application identifier and the application key of the third party application the device key acquired application; if the application identifier and the application key validation by the device returns to the landing page, and through the landing page for a user account and user password; verifying the user if the user account and password, then return to the device on the user account authorization code.
9. 一种第三方账号授权设备,其特征在于,包括: 第三方授权响应模块,用于:响应第三方应用的授权请求; 授权码获取模块,用于:如果设有预先绑定的用户账号,则获取关于所述预先绑定的用户账号的授权码; 访问令牌获取模块,用于:将所述授权码发送至用户中心,从所述用户中心获取关于所述授权码的访问令牌; 用户信息获取模块,用于:将所述访问令牌和用户账号发送到服务器,从所述服务器获取在所述访问令牌验证通过后的关于所述用户账号的用户信息; 信息回调模块,用于:将所述用户信息回调至所述第三方应用。 A third-party account authorization apparatus, comprising: a third party authorization response module configured to: in response to the authorization request of a third party application; authorization code acquiring module, configured to: if the user account has a pre-bound , an authorization code is acquired with respect to the pre-bound to the user account; access token obtaining module, configured to: send the authorization code to the subscriber center, with respect to the acquired access token code from the user authorization center ; user information obtaining module, configured to: send the access token to the server and the user account, the user acquires information about the user's account after the verification by the access token from the server; callback module information, for: the user information to the third party application callback.
10. 根据权利要求9所述的第三方账号授权设备,其特征在于,所述获取关于所述预先绑定的用户账号的授权码,具体用于: 获取所述第三方应用的应用标识和应用密钥; 对所述应用标识和所述应用密钥进行验证,如果验证通过,获取关于所述预先绑定的用户账号的授权码。 10. The authorized third party account apparatus according to claim 9, wherein the obtaining of the authorization code on a user account previously bound specifically to: obtaining the third party application and the application identifier of the application key; said application identifier and the application key verification, if the verification, authorization code with respect to the acquired user account of pre-bound.
11. 根据权利要求9所述的第三方账号授权设备,其特征在于,所述授权码获取模块, 还用于:如果没有预先绑定的用户账号,则: 获取所述第三方应用的应用标识和应用密钥; 将所述应用标识和所述应用密钥发送到服务器; 显示所述服务器对所述应用标识和所述应用密钥进行验证后所返回的登陆页面; 获取所述服务器对用户账号和用户密码验证通过后所返回的关于所述用户账号的授权码,执行访问令牌获取模块,所述用户账号和所述用户密码由所述服务器通过所述登陆页面接收得到。 11. The apparatus according to third authorization account in claim 9, characterized in that, the authorization code acquisition module is further configured to: if there is no pre-bound user account, then: obtain the identifier of the third application application and the application key; transmitting the application identifier and the application key to a server; landing page displays the server after said application identifier and the application key to authenticate returned; acquiring the server to the user user account and password authentication returned by the authorization code on the user account, and performs access token acquisition module, the user account and the user password of the login page obtained by the receiving server.
12. 根据权利要求9所述的第三方账号授权设备,其特征在于,所述访问令牌获取模块中,获取所述访问令牌后与所述用户账号关联保存; 所述第三方授权响应模块,具体用于: 当响应于第三方应用的授权请求时,如果保存有与所述用户账号关联保存的访问令牌,则直接执行所述用户信息获取模块,否则执行所述授权码获取模块。 Saving the account associated with the user account 12. After authorizing the third party apparatus according to claim 9, wherein the access token acquisition module acquires the access token; the third party authorization response module specifically configured to: when the authorization request in response to a third-party application, if stored with the user account associated stored access token, the user directly executes the information acquisition module, otherwise, execute the authorization code acquisition module.
13. 根据权利要求9所述的第三方账号授权设备,其特征在于,所述信息回调模块,具体用于: 将所述用户信息进行哈希封装后回调至所述第三方应用。 13. The authorized third party account apparatus according to claim 9, characterized in that the callback information module is configured to: after the user information is hashed to the third party application callback package.
14. 根据权利要求9所述的第三方账号授权设备,其特征在于,所述第三方授权响应模块,具体用于:显示授权页面,响应由所述授权页面所触发的第三方应用的授权请求,所述授权页面采用Java基于安卓系统生成,且所述授权页面的显示资源来自以Java库形式保存的至少一个资源文件,且每个所述资源文件的资源文件标识采用Java的反射机制从安卓系统所提供的R文件中获取。 14. A third-party account of the authorizing device according to claim 9, wherein the third party authorization response module is configured to: display the authorization page, in response to the authorization request from the third party application authorization page triggered the authorization page generated using Java-based Android, and display the page from the resource authorization Java libraries stored in the form of at least one resource file, resource file and the resource file for each of the identified using Java reflection mechanism from Andrews acquiring the file system provided R.
15. -种第三方账号授权服务器,其特征在于,包括: 访问令牌接收模块,用于:接收到来自设备的访问令牌和用户账号,所述访问令牌由所述设备响应第三方应用的授权请求,在设有预先绑定的用户账号时获取关于所述预先绑定的用户账号的授权码,并将所述授权码发送至用户中心后,从所述用户中心获取得到关于所述授权码的访问令牌; 用户信息发送模块,用于:对所述访问令牌进行验证,如果所述访问令牌验证通过,则将关于所述用户账号的用户信息发送至所述设备,所述用户信息由所述设备用于回调至所述第三方应用。 15. - kind of third-party account authorization server, characterized by comprising: access token receiving module configured to: receive the access token from the user account and the device, the device in response to the access token by the third party application authorization request, obtaining authorization code with respect to the pre-bound user account in the user account provided in advance bound and the authorization code to the user after the transmission center to give the user with respect to the center for the authorization token access code; user information sending module, configured to: validate the access token, if the access token verification passes, the user information regarding the user account sent to the device, the said user for correction by the device information to the third party applications.
16. 根据权利要求15所述的第三方账号授权服务器,其特征在于,还包括,授权码发送模块; 所述授权码发送模块,用于: 接收到设备判断没有与所述设备绑定的用户账号时,所发送的应用标识和应用密钥, 所述应用标识和所述应用密钥为所述设备所获取的所述第三方应用的应用标识和应用密钥; 如果所述应用标识和所述应用密钥验证通过则向所述设备返回登陆页面,并通过所述登陆页面获取用户账号和用户密码; 如果对所述用户账号和所述用户密码验证通过,则向所述设备返回关于所述用户账号的授权码。 Receiving user equipment determines not bound to the device: sending the authorization code module configured to; third party account according to claim authorization server of claim 15, characterized by further comprising, transmitting the authorization code module when the account, the application identifier and the application key transmitted, the application identifier and the application key application identifier and the application key of the third party application acquired the device; and if the identifier of the application said key verification is applied to the apparatus returns login page, and acquires the user account and password through the user login page; if the user account number and password to the user authentication is passed, then the device returns to about the account of said user authorization code.
17. -种第三方账号授权系统,包括:设备端和服务器端; 所述设备端,包括: 设备端第三方授权响应模块,用于:响应第三方应用的授权请求; 设备端授权码获取模块,用于:如果设有预先绑定的用户账号,则获取关于所述预先绑定的用户账号的授权码; 设备端访问令牌获取模块,用于:将所述授权码发送至用户中心,从所述用户中心获取关于所述授权码的访问令牌; 设备端用户信息获取模块,用于:将所述访问令牌和用户账号发送到服务器,从所述服务器获取关于所述用户账号的用户信息; 设备端信息回调模块,用于:将所述用户信息回调至所述第三方应用; 所述服务器端,包括: 服务器端访问令牌接收模块,用于:接收到来自设备的访问令牌和用户账号; 服务器端用户信息发送模块,用于:对所述访问令牌进行验证,如果所述访问令牌 17. - kind of third-party account authorization system, comprising: a device side and server side; the terminal device, comprising: a terminal device in response to the third-party authorization module, configured to: in response to the authorization request of a third party application; device-side authorization code acquisition module configured to: if the user account has a pre-bound with respect to the authorization code is acquired pre-bound user account; end device access token obtaining module, configured to: send the authorization code to the subscriber center, the end-user device information acquisition module configured to; the user token with respect to the center for access authorization code from: transmitting the token and the user account access to the server, for information on the user account from the server user information; information terminal apparatus callback module, configured to: a callback to the user information to the third party application; the server, comprising: a server-side access token receiving module configured to: receive a command from the access device card and the user account; server-side user information sending module, configured to: validate the access token, if the access token 证通过,则将关于所述用户账号的用户信息发送至所述设备。 Card is passed, the user information regarding the user account sent to the device.
CN201510694688.2A 2015-10-22 2015-10-22 Third party account authorization method, device, server and system CN105897668A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201510694688.2A CN105897668A (en) 2015-10-22 2015-10-22 Third party account authorization method, device, server and system

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201510694688.2A CN105897668A (en) 2015-10-22 2015-10-22 Third party account authorization method, device, server and system
PCT/CN2016/088564 WO2017067227A1 (en) 2015-10-22 2016-07-05 Third party account number authorisation method, device, server, and system

Publications (1)

Publication Number Publication Date
CN105897668A true CN105897668A (en) 2016-08-24

Family

ID=57001786

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201510694688.2A CN105897668A (en) 2015-10-22 2015-10-22 Third party account authorization method, device, server and system

Country Status (2)

Country Link
CN (1) CN105897668A (en)
WO (1) WO2017067227A1 (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106534072A (en) * 2016-10-13 2017-03-22 腾讯科技(深圳)有限公司 User information authorization method, apparatus, equipment and system
WO2018068682A1 (en) * 2016-10-14 2018-04-19 中国银联股份有限公司 Intelligent automobile payment system and payment method

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103067381A (en) * 2012-12-26 2013-04-24 百度在线网络技术(北京)有限公司 Third-party service login method, login system and login device by means of platform-party account
CN103888451A (en) * 2014-03-10 2014-06-25 百度在线网络技术(北京)有限公司 Method, device and system for certification authorization
CN104753672A (en) * 2013-12-30 2015-07-01 腾讯科技(深圳)有限公司 Account authentication method, account authentication device and terminal

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8959347B2 (en) * 2011-08-29 2015-02-17 Salesforce.Com, Inc. Methods and systems of data security in browser storage
CN104917721B (en) * 2014-03-10 2019-05-07 腾讯科技(北京)有限公司 Authorization method, device and system based on oAuth agreement

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103067381A (en) * 2012-12-26 2013-04-24 百度在线网络技术(北京)有限公司 Third-party service login method, login system and login device by means of platform-party account
CN104753672A (en) * 2013-12-30 2015-07-01 腾讯科技(深圳)有限公司 Account authentication method, account authentication device and terminal
CN103888451A (en) * 2014-03-10 2014-06-25 百度在线网络技术(北京)有限公司 Method, device and system for certification authorization

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
勒布兰克: "《社交应用编程》", 30 June 2013 *

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106534072A (en) * 2016-10-13 2017-03-22 腾讯科技(深圳)有限公司 User information authorization method, apparatus, equipment and system
WO2018068682A1 (en) * 2016-10-14 2018-04-19 中国银联股份有限公司 Intelligent automobile payment system and payment method

Also Published As

Publication number Publication date
WO2017067227A1 (en) 2017-04-27

Similar Documents

Publication Publication Date Title
US10055731B2 (en) Method and device for securing an information interaction process
US8874914B2 (en) Secure and automated credential information transfer mechanism
US8893237B2 (en) Secure and efficient login and transaction authentication using iphones# and other smart mobile communication devices
US8099768B2 (en) Method and system for multi-protocol single logout
US9985969B1 (en) Controlling use of computing-related resources by multiple independent parties
US7748609B2 (en) System and method for browser based access to smart cards
US20140013409A1 (en) Single sign on for cloud
JP5567011B2 (en) The methods and service integration platform system for providing Internet services
RU2576479C2 (en) Method and system for visiting third party application via cloud platform
US8881227B2 (en) Secure web container for a secure online user environment
EP2721548B1 (en) Passporting credentials between a mobile app and a web browser
US8966594B2 (en) Proxy authentication
CN103051630B (en) Based on the open method authorized third-party application platform, device and system
US20140337954A1 (en) Method and Apparatus for Providing Federated Service Accounts
CN102821085B (en) Authorized third-party login method, open platform and systems
US10013548B2 (en) System and method for integrating two-factor authentication in a device
CN102754098B (en) Method and apparatus for secure cross-site scripting
JP2009529817A (en) Method for providing a cryptographically signed command
WO2013071087A1 (en) Single sign on for cloud
CN103023917A (en) Method, system and device for authorization aiming at intelligent household electrical appliance
US8782411B2 (en) System and method of extending oauth server(s) with third party authentication/authorization
CN103283204A (en) Method for authorizing access to protected content
US9444787B2 (en) Non-intrusive method and apparatus for automatically dispatching security rules in cloud environment
US9531714B2 (en) Enterprise authentication via third party authentication support
CN101075875A (en) Method and system for realizing monopoint login between gate and system

Legal Events

Date Code Title Description
C06 Publication
C10 Entry into substantive examination
WD01 Invention patent application deemed withdrawn after publication