Summary of the invention
The present invention provides a kind of account binding method and relevant device.The clear account of user can be allowed to bind the weight in process
Information is wanted, to reduce the error rate of account binding, promote user experience.
First aspect of the embodiment of the present invention provides a kind of account binding method, comprising:
The corresponding end Web of first server is when detecting the account bind request for second server, described in display
The login page of second server, the login page are used to indicate user and log in the second server;
The end Web obtains the user from the second server and logs in the first account used in the second server
Number account information;
The end Web shows the first prompt information, first prompt information is for prompting institute according to the account information
State whether user binds first account and the user logs in the second account used in the first server;
The confirmation for first prompt information that the end Web receives user's input instructs;
The end Web is instructed according to the confirmation, and Xiang Suoshu first server sends the binding information of first account,
The binding information is used to indicate the first server and binds first account and second account.
Wherein, the end Web obtains the user from the second server and logs in used in the second server
The account information of first account includes:
The end Web obtains the authorization code for first account that the second server generates;
The end Web sends formation access requests, the message reference according to the authorization code, Xiang Suoshu second server
Request is used to indicate the second server and sends the account information;
The end Web receives the account information that the second server is sent.
Wherein, the formation access requests include first information access request and the second formation access requests;
According to the authorization code, Xiang Suoshu second server sends formation access requests and includes: at the end Web
The end Web sends the first information access request to the second server, and the first information access is asked
It asks and carries the authorization code and the authentication information by the second server for the end Web distribution, the first information
Access request is used to indicate the first login token that the second server sends first account;
The end Web receives the second server is sent described first and logs in token;
The end Web sends second formation access requests to the second server, and second message reference is asked
The carrying first login token and the authentication information, second formation access requests is asked to be used to indicate described second
Server sends the account information.
Wherein, the binding information includes the first login token and verification information, and the verification information is for preventing
Described first, which logs in token, is stolen.
Wherein, the end Web is instructed according to the confirmation, and Xiang Suoshu first server sends the binding of first account
Information includes:
When confirmation instruction is bound for confirmation, Xiang Suoshu first server sends the binding information at the end Web.
Wherein, when confirmation instruction is bound for confirmation, Xiang Suoshu first server sends the binding at the end Web
After information, further includes:
The end Web receives the binding result information that the first server is sent;
The end Web shows the second prompt information, second prompt information is for leading to according to the binding result information
Know the binding result of the first account described in the user and second account.
Second aspect of the embodiment of the present invention provides another account binding method, comprising:
First server receives user's login second server that the corresponding end Web of the first server is sent and is used
The first account binding information, the binding information be the end Web receiving user's input for whether tying up
What the confirmation that fixed first account and the user log in the second account used in the first server was sent after instructing;
The first server binds first account and second account according to the binding information.
Wherein, the first server binds first account and the second account packet according to the binding information
It includes:
The first server sends described first to the second server and logs in token, and described first, which logs in token, uses
Corresponding first user identifier of first account is sent in the instruction second server;
The first server receives first user identifier that the second server is sent;
The first server logs in token according to the second of second account, determines second account corresponding the
Two user identifiers, the second login token is that the first server is logged in the user using second account
Shi Shengcheng's;
The first server establishes the incidence relation between first user identifier and second user mark.
Wherein, the binding information further includes verification information;
The first server is sent to the second server before the first login token, further includes:
The first server verifies the verification information;
The first server executes described to second server transmission institute when verification information verification passes through
State the operation of the first login token.
Wherein, the verification information includes certificate parameter and timestamp;
The first server carries out verification to the verification information
The certificate parameter is matched with parameter preset and is determined that the timestamp is corresponding by the first server
Time and current time between interval duration whether be more than preset threshold;
The first server is when the certificate parameter is identical with the parameter preset and the interval duration is no more than institute
When stating preset threshold, determine that the verification information verification passes through.
Wherein, the verification information can be according to the encrypted information of predetermined encryption rule;
Before the first server verifies the verification information, further includes:
The first server is decrypted the verification information according to the predetermined encryption rule.
Correspondingly, the embodiment of the invention provides the third aspect to provide a kind of end Web, the end Web and first service
Device is corresponding, comprising:
Display module, for showing the second service when detecting the account bind request for second server
The login page of device, the login page are used to indicate user and log in the second server;
Module is obtained, logs in used in the second server for obtaining the user from the second server
The account information of one account;
The display module is also used to show the first prompt information, first prompt information according to the account information
For prompting, whether the user binds first account and the user logs in second used in the first server
Account;
Receiving module, the confirmation for first prompt information for receiving user's input instruct;
Sending module, for being instructed according to the confirmation, Xiang Suoshu first server sends the binding of first account
Information, the binding information are used to indicate the first server and bind first account and second account.
Wherein, the acquisition module is also used to:
Obtain the authorization code for first account that the second server generates;
The sending module is also used to:
According to the authorization code, Xiang Suoshu second server sends formation access requests, and the formation access requests are used for
Indicate that the second server sends the account information;
The receiving module is also used to:
Receive the account information that the second server is sent.
Wherein, the formation access requests include first information access request and the second formation access requests;
The sending module is also used to:
To the second server transmission first information access request, described in the first information access request carrying
Authorization code and the authentication information distributed by the second server for the end Web, the first information access request are used
Send first account in the instruction second server first logs in token;
The receiving module is also used to:
It receives the second server is sent described first and logs in token;
The sending module is also used to:
To second server transmission second formation access requests, described in the second formation access requests carrying
First logs in token and the authentication information, and second formation access requests are used to indicate the second server and send
The account information.
Wherein, the binding information includes the first login token and verification information, and the verification information is for preventing
Described first, which logs in token, is stolen.
Wherein, the sending module is also used to:
When confirmation instruction is bound for confirmation, Xiang Suoshu first server sends the binding information.
Wherein, the receiving module is also used to:
Receive the binding result information that the first server is sent;
The display module is also used to:
According to the binding result information, the second prompt information is shown, second prompt information is for notifying the use
The binding result of first account described in family and second account.
Correspondingly, the embodiment of the invention provides fourth aspects to provide a kind of first server, comprising:
Receiving module logs in second server institute for receiving the user that the corresponding end Web of the first server is sent
The binding information of the first account used, the binding information be the end Web receive user's input for being
The confirmation that no binding first account and the user log in the second account used in the first server is sent out after instructing
It send;
Binding module, for binding first account and second account according to the binding information.
Wherein, the binding information includes the first login token of first account;
The binding module is also used to:
Described first is sent to the second server and logs in token, and the first login token is used to indicate described second
Server sends corresponding first user identifier of first account;
Receive first user identifier that the second server is sent;
Token is logged according to the second of second account, determines the corresponding second user mark of second account, institute
Stating the second login token is that the first server is generated when the user is logged in using second account;
Establish the incidence relation between first user identifier and second user mark.
Wherein, the binding information further includes verification information;
The binding module is also used to:
The verification information is verified;
When verification information verification passes through, Xiang Suoshu second server sends described first and logs in token.
Wherein, the verification information includes certificate parameter and timestamp;
The binding module is also used to:
The certificate parameter is matched with parameter preset and is determined the timestamp corresponding time and it is current when
Between between interval duration whether be more than preset threshold;
When the certificate parameter is identical as the parameter preset and the interval duration is no more than the preset threshold,
Determine that the verification information verification passes through.
Wherein, the verification information can be according to the encrypted information of predetermined encryption rule;
The binding module is also used to:
According to the predetermined encryption rule, the verification information is decrypted.
Correspondingly, the embodiment of the invention provides another ends Web characterized by comprising processor, leads to memory
Believe interface and bus;
The processor, the memory are connected by the bus with the communication interface and complete mutual lead to
Letter;
The memory stores executable program code;
The processor is run by reading the executable program code stored in the memory can be performed with described
The corresponding program of program code, for executing a kind of binding method of account disclosed in first aspect of the embodiment of the present invention.
Correspondingly, the embodiment of the invention provides another first servers characterized by comprising processor, storage
Device, communication interface and bus;
The processor, the memory are connected by the bus with the communication interface and complete mutual lead to
Letter;
The memory stores executable program code;
The processor is run by reading the executable program code stored in the memory can be performed with described
The corresponding program of program code, for executing a kind of binding method of account disclosed in second aspect of the embodiment of the present invention.
Correspondingly, the embodiment of the invention provides a kind of storage mediums, wherein the storage medium applies journey for storing
Sequence, the application program for executing a kind of binding method of account disclosed in first aspect of the embodiment of the present invention at runtime.
Correspondingly, the embodiment of the invention provides another storage mediums, wherein the storage medium is for storing application
Program, the application program for executing a kind of account binding method disclosed in second aspect of the embodiment of the present invention at runtime.
Correspondingly, the embodiment of the invention provides a kind of application programs, wherein the application program for holding at runtime
A kind of account binding method disclosed in row first aspect of the embodiment of the present invention.
Correspondingly, the embodiment of the invention provides another application programs, wherein the application program is at runtime
Execute a kind of account binding method disclosed in second aspect of the embodiment of the present invention.
Implement the embodiment of the present invention, the corresponding end Web of first server, which is worked as, detects that the account for second server is tied up
When requesting surely, show that the login page of second server, login page are used to indicate user and log in second server first;Then
The account information that user logs in the first account used in second server is obtained from second server;Then believed according to account
Breath shows the first prompt information, and first prompt information is for prompting the user whether that the first account of binding and user log in the
Second account used in one server, and the confirmation for the first prompt information for receiving user's input instructs;Last basis
Confirmation instruction, the binding information of the first account is sent to first server, which is used to indicate first server binding
First account and the second account can allow the clear account of user to bind the important information in process, to reduce account binding
Error rate promotes user experience.
Specific embodiment
Following will be combined with the drawings in the embodiments of the present invention, and technical solution in the embodiment of the present invention carries out clear, complete
Site preparation description, it is clear that described embodiments are some of the embodiments of the present invention, instead of all the embodiments.Based on this hair
Embodiment in bright, every other implementation obtained by those of ordinary skill in the art without making creative efforts
Example, shall fall within the protection scope of the present invention.
Referring to FIG. 1, Fig. 1 is a kind of flow diagram of account binding method provided in an embodiment of the present invention.As schemed
Show, the method in the embodiment of the present invention includes:
S101, when the corresponding end Web of first server detects the account bind request for second server, display
The login page of the second server, the login page are used to indicate user and log in the second server.
In the specific implementation, first server and second server can be the corresponding service of two independent account systems
Device, each separate account numbers system may include a server and an end Web.Wherein, the end Web can be responsible for maintenance and management
The front end website of account system.Server can undertake the data processing business of account system.As the corresponding Web of first server
When end detects the account bind request for second server, second server, that is, second server can be jumped to
The transfer login page (such as agent logs front end page) of corresponding account system.User can input in the transfer login page
Account name and account number cipher log in the corresponding account system of second server to log in second server.
S102, the end Web obtain the user from the second server and log in used in the second server
The account information of first account.
It should be noted that corresponding first account system of first server can be in corresponding second account of second server
It is authenticated in number system, and obtains the authentication information of second server distribution, authentication information may include identity
Mark (client_id) and authentication password (client_secret), the authentication information can be used as the first account system
The authentication information of first server and the end Web.The corresponding server of other systems is asked to second server transmission information
When asking, second server will verify the authentication information of the server, if being verified, responds the information and asks
It asks, so that it is guaranteed that the information security of corresponding second account system of second server.In the body for getting second server distribution
After part authentication information, the redirect address (redirect_uri) of corresponding front end website can be sent to the by the end Web
Two servers, then second server can establish the incidence relation of the client_id He the redirect_uri.Similarly the second clothes
Corresponding second account system of business device can be authenticated in corresponding first account system of first server, and obtain first
The authentication information of server distribution.
In the specific implementation, user is after transfer login page inputs account name and account number cipher, second server can be obtained
The account name and account number cipher of user's input are got, and account name and account number cipher are verified, and is controlled after verifying successfully
Transfer login page processed jumps to the redirect_uri of the corresponding front end website in the end Web, and second server can also generate use
The authorization code for the used account (the first account) that family this time logs in, and be carried on using the authorization code as additional parameter
In redirect_uri, so that the end Web obtains the authorization code (code), wherein authorization code can be a character string.Institute
Stating the end Web then can send formation access requests to second server according to authorization code, to obtain first from second server
The account information of account, account information can be, but not limited to include account name, the account corresponding user information (such as head portrait, electricity
Sub-voice mailbox, phone number and user utilize the information of account publication).Wherein, formation access requests include that the first information is visited
Ask request and the second formation access requests.
Specifically, the end Web can send first information access request to first server first.First information access
Request carries authorization code, client_id and client_secret, is used to indicate first server and sends the first login token
(access_token), wherein second server after receiving first information access request can first to client_id and
Client_secret is verified, if verification passes through, according to the first login token of authorization code the first account of lookup, and to
The end Web sends first found and logs in token.
The end Web then sends the second formation access requests to second server after receiving the first login token.
Second formation access requests can carry the first login token and authentication information, be used to indicate the second server and send
The account information.Wherein, second server after receiving the second formation access requests can first to authentication information into
Row verification, if verification passes through, the account information for logging in the first account of token lookup according to first, and sent to the end Web
The account information found.
For information security, the access_token of agreement account exchanges the account letter of the account in OAuth2.0 agreement
Breath, and second server does not send the login token access_token of the first account directly to the end Web, but first will
Authorization code code returns to the end Web, and the end Web obtains access_token further according to code.Its reason is: code
It is to be carried in redirect_uri as additional parameter, in the browser's address bar it is seen that code, use are this
It is clearly unsafe that mode transmits access_token, and exchanging access_token for code is carried out on backstage, can be with
Ensure that access_token is not exposed.
Optionally, the user is obtained from institute's second server at the end Web to log in first used in the second server
Before the account information of account, authorization prompt information can be shown in transfer login page first, user is prompted to obtain the end Web
The account information of first account is authorized;Second server obtains the awarding for the authorization prompt information that can be inputted with user
Power instruction.Wherein, when the authorized order is confirmation authorization, second server returns to authorization code to the end Web.For example,
The entitled cm of first account system, the entitled contentos that corresponding second account system in the end Web is, then can show
It authorizes prompt information " contentos needs to obtain you in the account information of cm, and whether PLSCONFM authorizes ".
S103, the end Web show that the first prompt information, first prompt information are used for according to the account information
Prompt whether the user binds first account and the user logs in the second account used in the first server.
In the specific implementation, obtaining the user from the second server at the end Web logs in the second server
Before the account information of used first account, the end Web can show the login page of first server, then user can
To input the account name and password of second account in the login page;The end Web carries the account name and password
First server is sent in logging request, first server verifies account name and password, if verification passes through, connects
By logging request, the second account is logined successfully.The second of the second account of first server generation simultaneously logs in token, and can incite somebody to action
Second logs in token passing to the end Web.
Wherein, the end Web can be according to the account information got, display reminding information.For example, as shown in Fig. 2, working as
The entitled apple of account that preceding user logs in the corresponding first account system cm of first server.User is got second
The account information logged in the corresponding second account system contentos of server includes account name pear, head portrait and and account
Number associated E-mail address, then the end Web can be with display reminding information, " below by cm account pear and the contentos account to you
Number apple is bound, the right to use that contentos obtains the head portrait of pear and is associated with E-mail address after binding, is woulded you please true
Recognize!"
The confirmation for first prompt information that S104, the Web receive user's input instructs.
In the specific implementation, the end Web can receive the confirmation instruction of the phonetic matrix of user's input or user passes through phase
The confirmation instruction of close button input.
S105, the end Web are instructed according to the confirmation, and Xiang Suoshu first server sends the binding of first account
Information, the binding information are used to indicate the first server and bind first account and second account.
In the specific implementation, confirmation instruction includes confirmation binding and refusal binding.It is described when confirmation instruction is bound for confirmation
The end Web sends the binding information of the first account to first server.When confirmation instruction is cancels binding, the end Web is not necessarily to
The binding information of the first account is sent to first server, wherein the binding information of the first account may include but be not limited to first
The first of account logs in token and verification information, wherein verification information can be used for preventing the first login token stolen, may be used also
It is whether expired that token is logged in verifying first.As shown in Fig. 2, when detecting that user clicks the button of " determine binding ", to right
Server is answered to send the binding information of pear.When detecting that user clicks the button of " cancelling binding ", illustrate that user disagrees
Account is bound, then without the binding information to corresponding server transmission pear.
In embodiments of the present invention, when the corresponding end Web of first server detects that the account for second server is tied up
When requesting surely, show that the login page of second server, login page are used to indicate user and log in second server first;Then
The account information that user logs in the first account used in second server is obtained from second server;Then believed according to account
Breath shows the first prompt information, and first prompt information is for prompting the user whether that the first account of binding and user log in the
Second account used in one server, and the confirmation for the first prompt information for receiving user's input instructs;Last basis
Confirmation instruction, the binding information of the first account is sent to first server, which is used to indicate first server binding
First account and the second account.Wherein, the step of display reminding information is added before sending binding information to server, allows use
Important information (the account name as bound account) in the clear account binding process in family, to execute account binding behaviour in server
Make before allow user to reaffirm whether carry out account binding, and only user's input validation bind instruct in the case where just to
Server sends binding information.Binding information is sent to server as long as the first account logins successfully in compared with the prior art
To indicate that method that server carries out account binding, method provided by the embodiment of the present invention can reduce the error of account binding
Rate promotes user experience.
Referring to FIG. 3, Fig. 3 is the flow diagram of another account binding method provided in an embodiment of the present invention.Such as figure
Shown, the method in the embodiment of the present invention includes:
S301, the corresponding end Web of first server is when detecting the account bind request for second server, display
The login page of the second server, the login page are used to indicate user and log in the second server.This step with
S101 in a upper embodiment is identical, this step repeats no more.
S302, second server obtain the account name and password for the first account that user inputs in the login page, and
The account name and password are verified.
In the specific implementation, the login page is transfer login page.Second server can be advised according to preset verification
Then verify account name and password.
S303, the end Web obtain the authorization code for first account that the second server generates.
In the specific implementation, second server can control transfer after the account name of the first account and cryptographic check success
Login page jumps to the redirect_uri of the corresponding front end website in the end Web, and used in user this time logged in
The authorization code of account (the first account) is carried in redirect_uri as additional parameter, is awarded so that the end Web obtains this
Weighted code.
S304, the end Web send first information access request to the second server.
In the specific implementation, first information access request can carry authorization code, client_id and client_secret.
S305, what the second server sent first account to the end Web first logs in token.
In the specific implementation, second server can be first to authentication information after receiving first information access request
Client_id and client_secret are verified, if verification passes through, search the first account according to authorization code first is stepped on
Token is recorded, and sends first found to the end Web and logs in token.
S306, the end Web send the second formation access requests to the second server.
In the specific implementation, the second formation access requests can carry the first login token, client_id and client_
secret。
S307, the second server send the account information of first account to the end Web.
In the specific implementation, second server is after receiving the second formation access requests, it can be first to authentication information
It is verified, if verification passes through, the account information for logging in the first account described in token lookup according to first, and sent out to the end Web
Send the account information found.
S308, the end Web show that the first prompt information, first prompt information are used for according to the account information
Prompt the user whether that binding first account and the user logs in the second account used in the first server.This step
Suddenly identical as the S103 in a upper embodiment, this step repeats no more.
S309, the confirmation for first prompt information that the end Web receives user's input instruct.This step
Identical as the S104 in a upper embodiment, this step repeats no more.
S310, the end Web send the binding of first account according to the confirmation instruction to the first server
Information.This step is identical as the S105 in a upper embodiment, this step repeats no more.
S311, the first server bind first account and second account according to the binding information.
In the specific implementation, binding information includes the first login token of first account.First server can be first
Described first is sent to the second server and logs in token, to indicate that the second server sends first account pair
The first user identifier answered, the first user identifier can with but be not limited to openid;After the openid for receiving the first account, then
Log in token according to the second of the second account, determine the second account corresponding second user mark, second user mark can with but
It is not limited to openid, wherein the second login token is that first server is generated when user is logged in using the second account;
Then the incidence relation between the openid of the first account and the openid of the second account is established.
It optionally, can also include verification information in binding information, which can prevent the first of the first account
It is stolen to log in token.For example, binding information, which is intercepted and captured by third party in transmitting and attempted malice, logs in token using first
When, because of the certificate parameter arranged in verification information comprising first server and second server, then third party verifies in verification
Can not be by verification when information, so that the first login token cannot be extracted from binding information, reaching prevents the first login token
Stolen purpose.The verification information can be also used for verifying first and log in whether token is expired, and first logs in the expired table of token
Show that the first login token exists be held as a hostage, distort the possibility for being even implanted into virus.Wherein, first server is to second service
It before device sends the first login token, needs to verify the verification information, pass through if verifying the verification information verification,
The first login token can be then extracted from binding information and sends the first login token to second server.It is tested to improve
The generation and verification efficiency of information are demonstrate,proved, to improve account binding efficiency, the verification information includes certificate parameter and timestamp,
The certificate parameter is identical as the parameter preset that first server and second server are appointed under normal circumstances, and timestamp can be with
The generation time of the generation time for logging in token for first, the first login token can obtain from second server.Wherein,
One server certificate parameter can be matched with parameter preset and be determined timestamp corresponding time and current time it
Between interval duration whether be more than preset threshold, wherein parameter preset is first server and second server.When the verifying
When parameter is identical as the parameter preset and the interval duration is no more than preset threshold (such as 60 seconds (s)), the verifying is determined
Information checking passes through.When being spaced duration and being more than preset threshold, determining the first of the first account, to log in token expired,.Example
Such as, the timestamp corresponding time be 2018-12-12-10:45:09, current time 2018-12-12-10:46:01, then they
Between interval duration 52s because 52s is not above 60s, it is thus determined that first log in token it is not expired.
Optionally, the certificate parameter of first server and second server agreement still have stolen risk and
Timestamp may be tampered.Therefore, in order to further ensure that the safety for logging in token, the verification information can be according to default
The encrypted information of encryption rule, predetermined encryption rule can be, but not limited to as rsa encryption rule.Therefore, first server exists
Before being verified to verification information, it is also necessary to verification information be decrypted according to predetermined encryption rule.
Such as: From=(salt, time, from) is obtained first, wherein salt is Fixed constant, under normal circumstances
Salt is identical as the parameter preset that first server and second server are arranged, and time is timestamp, and from mark binding comes
The mark in source, from can be the client_id of first server in embodiments of the present invention.It is then possible to be calculated with rsa encryption
Method encrypts From, using encrypted From as verification information.
Optionally, first server can also be sent after being bundled with the first account and the second account to the end Web
Binding result information.Correspondingly, the end Web can also receive the binding result information of first server transmission, and according to this
Binding result information display reminding information, to notify the binding result of user's the first account and the second account.For example, the end Web
It can show " binding success!".
In conclusion account binding method provided in the embodiment of the present invention utilizes the first account successful log in user
After second server, the corresponding end Web of first server is obtained according to the authorization code of the first account from second server first
The first account account information, and according to account information display reminding information alert user be confirmed whether bind the first account and
Second account.When user, which confirms, to be bound, then the binding information of the first account is sent to first server and carries out account binding.
And in the prior art, after user is using the first account successful log second server, the corresponding end Web of first server
The binding information for obtaining the first account according to the authorization code of the first account immediately, is then sent to first service for binding information
Device, to indicate that first server executes account bindings.Compared with the prior art, account provided by the embodiment of the present invention is tied up
The method of determining can allow the clear account of user to bind the important information in process, to reduce the error rate of account binding, be promoted and used
Family experience.
Illustrate that the present invention implements the implementation process of provided account binding method below by way of an example.
Such as: as shown in figure 4, www.contentos is the front end website of account system contentos, it is corresponding
The end Web of contentos, www.contentos include the server that the webpage that JavaScript (JS) is realized and Json are realized.
Open.contentos corresponds to the server of account system contentos, including external open application interface (Open
Appliction Programming Interface, Open api) and inside Open api.Cm indicates that account system cm is corresponding
Server, including Iptlogin agency and data processing section iopen, wherein Iptlogin is the agency of account system cm
Log in front end page.
User can use account c login account system contentos in JS webpage first, wherein user can be
The account name and password of account c are inputted in JS webpage, then JS webpage sends logging request to server, takes in the logging request
Logging request is transmitted to external Open api, external Open again by the account name and password of the account c with user's input, server
Api verifies the account name and password of account c, and account c is returned after verifying successfully logs in token c_access_token
The account information of account c is transmitted to JS webpage again and is shown to server, server with account information.Then user can be with
It clicks corresponding button in JS webpage to unbind the account d of cm account system, which is equivalent to bind request, JS webpage
The transfer login page of account d in cm is jumped to when detecting bind request, user can input in the transfer login page
The account name and password of account d.Iptlogin acts on behalf of the account for the account d that available user can input in transfer login page
Number name and password, and send iopen to and verified, if verification passes through, i.e. account d is successfully logged in, then iopen then generates d
Login token cm_access_token, and control transfer login page and jump to the redirect_uir of server, and return
The authorization code (cm_code) of account d, wherein cm_code can be attached in redirect_uir.Server then can be from
Cm_code is obtained in redirect_uir.Then it is executed between server and iopen and exchanges cm_access_ for cm_code
Token and exchanged for cm_access_token account d account information operation, wherein the two operation in it is all adjoint
The transmission of the client_id and client_secret of contentos account system, the two parameters belong to internal pass and join, therefore
It is not write out in figure.Server sends JS webpage to after the account information for getting account d, so that JS web displaying prompts to believe
Breath prompts user's confirmation that account d is tied to account c.If receiving the confirmation binding instruction of user, JS web page notification
Server sends cm_access_token+from ciphertext to internal Open api, wherein from ciphertext is verification information.It is interior
Portion Open api is decrypted and verifies to from ciphertext, if verification pass through, extract and using cm_access_token from
The corresponding openid of account d is obtained in iopen and obtains the corresponding openid of account c by parsing c_access_token,
Wherein, internal Open api can obtain c_access_token from external Open api.Then establish two openid's
Incidence relation is to complete account binding.Finally, inside Open api sends the result information of binding success to server,
Server sends the result information of binding success to JS webpage again, and JS webpage shows according to the result information of the binding success and mentions
Show information, notifies user account binding success.
Referring to FIG. 5, Fig. 5 is a kind of structural schematic diagram at end Web provided in an embodiment of the present invention.In the embodiment of the present invention
The end Web it is corresponding with first server, as shown, the end Web in the embodiment of the present invention includes:
Display module 501, for when detecting the account bind request for second server, showing second clothes
The login page of business device, the login page are used to indicate user and log in the second server.
In the specific implementation, first server and second server can be the corresponding service of two independent account systems
Device, each separate account numbers system may include a server and an end Web.Wherein, the end Web can be responsible for maintenance and management
The front end website of account system.Server can undertake the data processing business of account system.Second service is directed to when detecting
When the account bind request of device, second server, that is, the transfer of the corresponding account system of second server can be jumped to
Login page (such as agent logs front end page), display module 501 can show the transfer login page.Then user can be
The transfer login page inputs account name and account number cipher to log in second server, that is, logs in the corresponding account of second server
Number system.
Module 502 is obtained, is used for obtaining user's login second server from the second server
The first account account information.
It should be noted that corresponding first account system of first server can be in corresponding second account of second server
It is authenticated in number system, and obtains the authentication information of second server distribution, authentication information may include identity
Mark (client_id) and authentication password (client_secret), the authentication information can be used as the first account system
The authentication information of first server and the end Web.It is described after the authentication information for getting second server distribution
The redirect address (redirect_uri) of corresponding front end website can be sent to second server by the end Web, then second service
Device can establish the incidence relation of the client_id He the redirect_uri.Similarly corresponding second account of second server
System can be authenticated in corresponding first account system of first server, and the identity for obtaining first server distribution is recognized
Demonstrate,prove information.
In the specific implementation, user is after transfer login page inputs account name and account number cipher, second server can be obtained
The account name and account number cipher of user's input are got, and account name and account number cipher are verified, and is controlled after verifying successfully
Transfer login page processed jumps to the redirect_uri of the corresponding front end website in the end Web, and second server can also generate use
The authorization code for the used account (the first account) that family this time logs in, and be carried on using the authorization code as additional parameter
In redirect_uri, the authorization code (code) is obtained to obtain module 502, wherein authorization code can be a character string.
For information security, second server does not directly send the account information of the first account to the end Web at this time and obtains
Login token needed for the account information, but authorization code is returned into the end Web.Wherein, obtaining module 502 can indicate
Sending module 504 sends formation access requests according to authorization code, to second server, to obtain the first account from second server
Number account information, account information can be, but not limited to include account name, the account corresponding user information (such as head portrait, electronics
Mailbox, phone number and user utilize the information of account publication).Wherein, formation access requests include first information access
Request and the second formation access requests.
Specifically, obtaining module 502 can indicate that sending module 504 sends first information access to first server first
Request.First information access request carries authorization code, client_id and client_secret, is used to indicate first server hair
Send the first login token (access_token), wherein second server can be first after receiving first information access request
Client_id and client_secret are verified, if verification passes through, search the first of the first account according to authorization code
Token is logged in, and sends first found to the end Web and logs in token, therefore obtains module 502 to indicate to receive mould
Block 503 receives the first login token.
After receiving the first login token, then obtaining module 502 can indicate sending module 504 to second server
Send the second formation access requests.Second formation access requests can carry the first login token and authentication information, be used for
Indicate that the second server sends the account information.Wherein, second server is after receiving the second formation access requests
First authentication information can be verified, if verification passes through, the account for logging in the first account of token lookup according to first
Information, and the account information found is sent to the end Web.Therefore obtaining module 502 can indicate that receiving module 503 receives
The account information.
Optionally, module 502 is obtained to log in used in the second server from institute's second server acquisition user
Before the account information of first account, display module 501 can show authorization prompt information in transfer login page first, prompt
The account information that user obtains the first account to the end Web authorizes;Second server, which obtains, to be somebody's turn to do with being directed to for user's input
Authorize the authorized order of prompt information.Wherein, when the authorized order is confirmation authorization, second server is to the end Web
Return to authorization code.For example, the entitled cm of the first account system, corresponding second account system in the end Web are entitled
Contentos can then show that " contentos needs to obtain you in the account information of cm to authorization prompt information, and whether is PLSCONFM
Authorization ".
Display module 501 is also used to show that the first prompt information, first prompt information are used according to the account information
In prompting, whether the user binds first account and the user logs in the second account used in the first server
Number.
In the specific implementation, obtaining user's login second service from the second server obtaining module 502
Before the account information of first account used in device, display module 501 can also show the login page of first server, then
User can input the account name and password of second account in the login page;Then sending module 504 is by the account
Name and password carrying are sent to first server in logging request, and first server verifies account name and password, if
Verification passes through, then receives logging request, and the second account logins successfully.The second of the second account of first server generation simultaneously logs in
Token, and token passing can be logged in the acquisition module 502 at the end Web by second.
The confirmation for first prompt information that receiving module 503 can be also used for receiving user's input refers to
It enables.Specifically, the confirmation instruction or user that can receive the phonetic matrix of user's input are referred to by the confirmation that related key inputs
It enables.
Sending module 504 can be also used for being instructed according to the confirmation, and Xiang Suoshu first server sends first account
Number binding information, the binding information is used to indicate the first server and binds first account and second account
Number.
In the specific implementation, confirmation instruction includes confirmation binding and refusal binding.When confirmation instruction is confirmation binding, to the
One server sends the binding information of the first account.When confirmation instruction is cancels binding, without sending the to first server
The binding information of one account, wherein the binding information of the first account may include but be not limited to the first login token of the first account
And verification information, wherein verification information can be used for preventing the first login token stolen, can also verify the first login token
It is whether expired.As shown in Fig. 2, sending pear's to corresponding server when detecting that user clicks the button of " determining binding "
Binding information.When detecting that user clicks the button of " cancelling binding ", illustrate that user disagrees binding account, is then not necessarily to right
Server is answered to send the binding information of pear.
Optionally, receiving module 503 is also used to receive the binding result information of first server transmission, display module 501
It is also used to show the second prompt information according to the binding result information, to notify tying up for the first account of user and the second account
Determine result.
In embodiments of the present invention, when the corresponding end Web of first server detects that the account for second server is tied up
When requesting surely, show that the login page of second server, login page are used to indicate user and log in second server first;Then
The account information that user logs in the first account used in second server is obtained from second server;Then believed according to account
Breath shows the first prompt information, and first prompt information is for prompting the user whether that the first account of binding and user log in the
Second account used in one server, and the confirmation for the first prompt information for receiving user's input instructs;Last basis
Confirmation instruction, the binding information of the first account is sent to first server, which is used to indicate first server binding
First account and the second account can allow the clear account of user to bind the important information in process, to reduce account binding
Error rate promotes user experience.
Referring to FIG. 6, Fig. 6 is a kind of structural schematic diagram of first server provided in an embodiment of the present invention.As shown,
First server in the embodiment of the present invention includes:
Receiving module 601 logs in second server for receiving the user that the corresponding end Web of the first server is sent
The binding information of used first account.
In the specific implementation, first server and second server can be the corresponding service of two independent account systems
Device, each separate account numbers system may include a server and an end Web.Wherein, the end Web can be responsible for maintenance and management
The front end website of account system.Server can undertake the data processing business of account system.Account information can be, but not limited to
Including account name, the corresponding user information of the account, (such as head portrait, E-mail address, phone number and user are sent out using the account
The information of cloth).
Binding module 602, for according to the binding information, binding first account and the user logs in described the
Second account used in one server.
In the specific implementation, binding information includes the first login token of first account.It can be first to described second
Server sends described first and logs in token, uses to indicate that the second server sends first account corresponding first
Family mark, the first user identifier can with but be not limited to openid;After the openid for receiving the first account, further according to the second account
Number second log in token, determine the second account corresponding second user mark, second user mark can with but be not limited to
Openid, wherein the second login token is that first server is generated when user is logged in using the second account;Then it builds
Incidence relation between the openid of vertical first account and the openid of the second account.
It optionally, can also include verification information in binding information, which can be used as the first of the first account
The encryption information for logging in token is stolen for preventing the first of the first account to log in token, can also verify the first login order
Whether board is expired.Before sending the first login token to second server, it is also necessary to the verification information is verified, when
When the verification information verification passes through, then first is sent to second server and logs in token.The verification information includes verifying ginseng
Several and timestamp, wherein certificate parameter can be matched with parameter preset and determination timestamp corresponding time and be worked as
Whether the interval duration between the preceding time is more than preset threshold.Wherein, identical as the parameter preset when the certificate parameter and
When the interval duration is no more than preset threshold (such as 60s), determine that the verification information verification passes through.Wherein, the parameter preset
It is first server and the parameter that second server has been made an appointment.When duration is more than preset threshold when interval, first is determined
It is expired that the first of account logs in token.
Optionally, the verification information can be according to the encrypted information of predetermined encryption rule, and predetermined encryption rule can
With but be not limited to rsa encryption rule.Therefore, before verifying to verification information, binding module 602 is also used to according to pre-
If verification information is decrypted in encryption rule.
In embodiments of the present invention, first server receives the use that the corresponding end Web of the first server is sent first
Family logs in the binding information of the first account used in second server;Then according to the binding information, binding described first
Account and the user log in the second account used in the first server.Wherein, binding information not only include for into
The login token of first account of row account binding, further includes verification information, therefore server is in the login token of the first account
Checking information can will be verified before first account and the binding of the second account, again to the first account after check information passes through
Number and the second account bound, can with account bind safety.
Referring to FIG. 7, Fig. 7 is the structural schematic diagram at the another kind end Web provided in an embodiment of the present invention.The embodiment of the present invention
In the end Web it is corresponding with first server.As shown, the end Web may include: at least one processor 701, example
Such as CPU, at least one communication interface 702, at least one processor 703, at least one bus 704.Wherein, bus 704 is used for
Realize the connection communication between these components.Wherein, the communication interface 702 at the end Web is wired transmitting terminal in the embodiment of the present invention
Mouthful, or wireless device, for example including antenna assembly, for carrying out the communication of signaling or data with other node devices.
Memory 703 can be high speed RAM memory, be also possible to non-labile memory (non-volatile memory), example
Such as at least one magnetic disk storage.Memory 703 optionally can also be that at least one is located remotely from depositing for aforementioned processor 701
Storage device.Batch processing code is stored in memory 703, and processor 701 is used to call the program code stored in memory,
For performing the following operations:
When detecting the account bind request for second server, the login page of the second server is shown,
The login page is used to indicate user and logs in the second server;
The account that the user logs in the first account used in the second server is obtained from the second server
Information;
According to the account information, show that the first prompt information, first prompt information are for prompting the user
No binding first account and the user log in the second account used in the first server;
The confirmation for first prompt information for receiving user's input instructs;
It is instructed according to the confirmation, Xiang Suoshu first server sends the binding information of first account, the binding
Information is used to indicate the first server and binds first account and second account.
Wherein, processor 701 is also used to perform the following operations step:
Obtain the authorization code for first account that the second server generates;
According to the authorization code, Xiang Suoshu second server sends formation access requests, and the formation access requests are used for
Indicate that the second server sends the account information;
Receive the account information that the second server is sent.
Wherein, the formation access requests include first information access request and the second formation access requests;
Processor 701 is also used to perform the following operations step:
To the second server transmission first information access request, described in the first information access request carrying
Authorization code and the authentication information distributed by the second server for the end Web, the first information access request are used
Send first account in the instruction second server first logs in token;
It receives the second server is sent described first and logs in token;
To second server transmission second formation access requests, described in the second formation access requests carrying
First logs in token and the authentication information, and second formation access requests are used to indicate the second server and send
The account information.
Wherein, processor 701 is also used to perform the following operations step:
When confirmation instruction is bound for confirmation, Xiang Suoshu first server sends the binding information.
Wherein, processor 701 is also used to perform the following operations step:
Receive the binding result information that the first server is sent;
According to the binding result information, the second prompt information is shown, second prompt information is for notifying the use
The binding result of first account described in family and second account.
It should be noted that the embodiment of the present invention also provides a kind of storage medium simultaneously, the storage medium is for storing
Application program, the application program are executed for executing the end Web in Fig. 1 and a kind of account binding method shown in Fig. 3 at runtime
Operation.
It should be noted that the embodiment of the present invention also provides a kind of application program simultaneously, the application program is for transporting
The operation that the end Web executes in Fig. 1 and a kind of account binding method shown in Fig. 3 is executed when row.
Referring to FIG. 8, Fig. 8 is the structural schematic diagram of another first server provided in an embodiment of the present invention.As schemed
Show, which may include: at least one processor 801, such as CPU, at least one communication interface 802, at least one
A memory 803, at least one bus 804.Wherein, bus 804 is for realizing the connection communication between these components.Wherein,
The communication interface 802 of first server is wired sending port in the embodiment of the present invention, or wireless device, for example including
Antenna assembly, for carrying out the communication of signaling or data with other node devices.Memory 803 can be high speed RAM memory,
It is also possible to non-labile memory (non-volatile memory), for example, at least a magnetic disk storage.Memory
803 optionally can also be that at least one is located remotely from the storage device of aforementioned processor 801.One group is stored in memory 803
Program code, and processor 801 is used to call the program code stored in memory, for performing the following operations:
It receives the user that the corresponding end Web of the first server is sent and logs in the first account used in second server
Binding information;
According to the binding information, binds first account and the user logs in used in the first server
Second account.
Wherein, the binding information includes the first login token of first account;
Processor 801 is also used to perform the following operations step:
Described first is sent to the second server and logs in token, and the first login token is used to indicate described second
Server sends corresponding first user identifier of first account;
Receive first user identifier that the second server is sent;
Token is logged according to the second of second account, determines the corresponding second user mark of second account, institute
Stating the second login token is that the first server is generated when the user is logged in using second account;
Establish the incidence relation between first user identifier and second user mark.
Wherein, the binding information further includes verification information;
Processor 801 is also used to perform the following operations step:
The verification information is verified;
When verification information verification passes through, execute described to second server transmission the first login token
Operation.
Wherein, the verification information includes certificate parameter and timestamp;
Processor 801 is also used to perform the following operations step:
The certificate parameter is matched with parameter preset and is determined the timestamp corresponding time and it is current when
Between between interval duration whether be more than preset threshold;
When the certificate parameter is identical as the parameter preset and the interval duration is no more than the preset threshold,
Determine that the verification information verification passes through.
Wherein, the verification information can be according to the encrypted information of predetermined encryption rule;
Processor 801 is also used to perform the following operations step:
According to the predetermined encryption rule, the verification information is decrypted.
It should be noted that the embodiment of the present invention also provides a kind of storage medium simultaneously, the storage medium is for storing
Application program, the application program for executing first server in Fig. 1 and a kind of account binding method shown in Fig. 3 at runtime
The operation of execution.
It should be noted that the embodiment of the present invention also provides a kind of application program simultaneously, the application program is for transporting
The operation that first server executes in Fig. 1 and a kind of account binding method shown in Fig. 3 is executed when row.
It should be noted that for simple description, therefore, it is stated as a systems for each embodiment of the method above-mentioned
The combination of actions of column, but those skilled in the art should understand that, the present invention is not limited by the sequence of acts described, because
For according to the present invention, certain some step can be performed in other orders or simultaneously.Secondly, those skilled in the art also should
Know, the embodiments described in the specification are all preferred embodiments, related actions and modules not necessarily this hair
Necessary to bright.
In the above-described embodiments, it all emphasizes particularly on different fields to the description of each embodiment, is not described in some embodiment
Part, reference can be made to the related descriptions of other embodiments.
Those of ordinary skill in the art will appreciate that all or part of the steps in the various methods of above-described embodiment is can
It is completed with instructing relevant hardware by program, which can be stored in a computer readable storage medium, storage
Medium may include: flash disk, read-only memory (English: Read-Only Memory, abbreviation: ROM), random access device (English
Text: Random Access Memory, referred to as: RAM), disk or CD etc..
It is provided for the embodiments of the invention content download method above and relevant device, system are described in detail,
Used herein a specific example illustrates the principle and implementation of the invention, and the explanation of above embodiments is only used
In facilitating the understanding of the method and its core concept of the invention;At the same time, for those skilled in the art, according to the present invention
Thought, there will be changes in the specific implementation manner and application range, in conclusion the content of the present specification should not be construed as
Limitation of the present invention.
In the description of this specification, reference term " one embodiment ", " some embodiments ", " example ", " specifically show
The description of example " or " some examples " etc. means specific features, structure, material or spy described in conjunction with this embodiment or example
Point is included at least one embodiment or example of the invention.In the present specification, schematic expression of the above terms are not
It must be directed to identical embodiment or example.Moreover, particular features, structures, materials, or characteristics described can be in office
It can be combined in any suitable manner in one or more embodiment or examples.In addition, without conflicting with each other, the skill of this field
Art personnel can tie the feature of different embodiments or examples described in this specification and different embodiments or examples
It closes and combines.
In addition, term " first ", " second " are used for descriptive purposes only and cannot be understood as indicating or suggesting relative importance
Or implicitly indicate the quantity of indicated technical characteristic.Define " first " as a result, the feature of " second " can be expressed or
Implicitly include at least one this feature.In the description of the present invention, the meaning of " plurality " is at least two, such as two, three
It is a etc., unless otherwise specifically defined.
Any process described otherwise above or method description are construed as in flow chart or herein, and expression includes
It is one or more for realizing specific logical function or process the step of executable instruction code module, segment or portion
Point, and the range of the preferred embodiment of the present invention includes other realization, wherein can not press shown or discussed suitable
Sequence, including according to related function by it is basic simultaneously in the way of or in the opposite order, Lai Zhihang function, this should be of the invention
Embodiment person of ordinary skill in the field understood.
Expression or logic and/or step described otherwise above herein in flow charts, for example, being considered use
In the order list for the executable instruction for realizing logic function, may be embodied in any computer-readable medium, for
Instruction execution system, device or equipment (such as computer based system, including the system of processor or other can be held from instruction
The instruction fetch of row system, device or equipment and the system executed instruction) it uses, or combine these instruction execution systems, device or set
It is standby and use.For the purpose of this specification, " computer-readable medium ", which can be, any may include, stores, communicates, propagates or pass
Defeated program is for instruction execution system, device or equipment or the dress used in conjunction with these instruction execution systems, device or equipment
It sets.The more specific example (non-exhaustive list) of computer-readable medium include the following: there is the electricity of one or more wirings
Interconnecting piece (electronic device), portable computer diskette box (magnetic device), random access memory (RAM), read-only memory
(ROM), erasable edit read-only storage (EPROM or flash memory), fiber device and portable optic disk is read-only deposits
Reservoir (CDROM).In addition, computer-readable medium can even is that the paper that can print described program on it or other are suitable
Medium, because can then be edited, be interpreted or when necessary with it for example by carrying out optical scanner to paper or other media
His suitable method is handled electronically to obtain described program, is then stored in computer storage.
It should be appreciated that each section of the invention can be realized with hardware, software, firmware or their combination.Above-mentioned
In embodiment, software that multiple steps or method can be executed in memory and by suitable instruction execution system with storage
Or firmware is realized.It, and in another embodiment, can be under well known in the art for example, if realized with hardware
Any one of column technology or their combination are realized: having a logic gates for realizing logic function to data-signal
Discrete logic, with suitable combinational logic gate circuit specific integrated circuit, programmable gate array (PGA), scene
Programmable gate array (FPGA) etc..
Those skilled in the art are understood that realize all or part of step that above-described embodiment method carries
It suddenly is that relevant hardware can be instructed to complete by program, the program can store in a kind of computer-readable storage medium
In matter, which when being executed, includes the steps that one or a combination set of embodiment of the method.
It, can also be in addition, each functional unit in each embodiment of the present invention can integrate in a processing module
It is that each unit physically exists alone, can also be integrated in two or more units in a module.Above-mentioned integrated mould
Block both can take the form of hardware realization, can also be realized in the form of software function module.The integrated module is such as
Fruit is realized and when sold or used as an independent product in the form of software function module, also can store in a computer
In read/write memory medium.
Storage medium mentioned above can be read-only memory, disk or CD etc..Although having been shown and retouching above
The embodiment of the present invention is stated, it is to be understood that above-described embodiment is exemplary, and should not be understood as to limit of the invention
System, those skilled in the art can be changed above-described embodiment, modify, replace and become within the scope of the invention
Type.