CN110069909B - Method and device for login of third-party system without secret - Google Patents
Method and device for login of third-party system without secret Download PDFInfo
- Publication number
- CN110069909B CN110069909B CN201910353596.6A CN201910353596A CN110069909B CN 110069909 B CN110069909 B CN 110069909B CN 201910353596 A CN201910353596 A CN 201910353596A CN 110069909 B CN110069909 B CN 110069909B
- Authority
- CN
- China
- Prior art keywords
- request
- party system
- token
- user resource
- client
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/45—Structures or tools for the administration of authentication
Abstract
The invention discloses a method and a device for login of a third-party system without secret, wherein the method comprises the following steps: the client successfully logs in the first party system, the client sends a request needing to access the third party system to the first party system, the first party system sends the first request to the user resource system, the user resource system generates a first response recorded with a first token after passing the verification of the first request, the first response is sent to the client through the first party system, the client generates an access request according to the first response and sends the access request to the third party system, the third party system generates a second request according to the access request and sends the second request to the user resource system, the user resource system generates a third token and sends the third token to the third party system, and the third party system obtains user information from the user resource system according to the third token to complete user registration. According to the technical scheme, the situation that when the performance of the third-party system is poor, the login requests of a plurality of users cannot be processed in time after being sent to the first-party system, and pressure is caused on the first-party system is avoided.
Description
Technical Field
The embodiment of the invention relates to the technical field of information, in particular to a method and a device for login of a third-party system without secret.
Background
An enterprise information system platform (a first party system) is usually connected with a plurality of third party systems in a butt joint mode, the third party systems provide user authorization interfaces for the first party systems, a user sends a login request to the first party systems, the first party systems send the login request to the third party systems through the user authorization interfaces, and the third party systems generate access tokens of the user, so that the user can log in the third party systems through the first party systems in a secret-free mode.
In the prior art, if the performance of the third-party system is poor, the access token of the user cannot be efficiently generated, that is, the user request in the first-party system cannot be processed in time. When a large number of users are requested, the login requests of the users cannot be processed in time after being sent to the first-party system, and pressure is caused to the first-party system.
Disclosure of Invention
The embodiment of the invention provides a method and a device for login of a third-party system without secret, which are used for avoiding the problem that when the performance of the third-party system is poor, login requests of a plurality of users cannot be processed in time after being sent to a first-party system, and pressure is caused to the first-party system.
The method for login to the third-party system without secret provided by the embodiment of the invention comprises the following steps:
a user resource system receives a first request sent by a first party system; the first request is sent by the first party system after the login of the verification client is successful;
after the user resource system passes the verification of the first request, generating a first response recorded with a first token; and sending the first response to the client through the first party system; the first response is used for instructing the client to log in the third-party system according to the first token;
the user resource system receives a second request sent by the third-party system; the second request is generated and sent by the third-party system after receiving the access request of the client; a second token is recorded in the second request;
after the user resource system verifies the first token and the second token, generating a third token and sending the third token to the third-party system; and the third token is used for the third-party system to acquire user information from the user resource system so as to complete user registration.
According to the technical scheme, after the first request is verified by the user resource system, a first response is generated and sent to the client through the first party system, the client logs in the third party system according to the first token, in the process, the plurality of first party systems are in butt joint with the user resource system, the plurality of third party systems are in butt joint with the user resource system, the first party system does not need to be in butt joint with the third party system, the first party system does not need to develop a corresponding interface for each third party system, and the development workload of the first party system is reduced. And the first token is generated by the user resource system, the requirement on the performance of the third-party system is low, and when the performance of the third-party system is poor and the number of users requesting to log in is large, the user resource system can generate the first token quickly and feed the first token back to the client, so that the pressure of the first-party system is not caused. And the third-party system acquires the user information from the user resource system according to the third token, completes user registration, and can update the user information in the third-party system in time according to the user information in the user resource system after realizing the password-free login of the user.
Optionally, the first request is information encrypted by the first party system;
the user resource system verifying the first request, comprising:
and if the user resource system successfully decrypts the first request, determining that the first request passes the verification.
In the technical scheme, the user resource system and the first party system can adopt a symmetric encryption mode, the first party system encrypts the first request, and the user resource system decrypts the first request, so that the encrypted communication between the user resource system and the first party system is completed, and the information safety is guaranteed.
Optionally, the first request includes an IP (Internet Protocol ) address of the first party system;
before determining that the first request is verified, the user resource system further includes:
and the user resource system determines that the IP address of the first party system is in a preset IP white list.
In the technical scheme, the user resource system can also preset an IP white list for carrying out secondary verification on the first party system, so that the information security is improved.
Correspondingly, the embodiment of the invention also provides a method for login of a third-party system without secret, which comprises the following steps:
a third-party system receives an access request sent by a client; the access request is generated after a client receives a first response sent by a user resource system through a first party system, and the access request records a first token; the first response is generated after the user resource system passes the verification of the first request; the first request is sent by the first party system after the successful login of the client is verified;
the third-party system generates a second request recorded with a second token according to the access request, and sends the second request to the user resource system;
the third-party system receives a third token sent by the user resource system; the third token is generated by the user resource system after the first token and the second token are verified;
the third-party system acquires user information from the user resource system according to the third token and completes user registration;
and the third-party system sends an access success response to the client.
In the technical scheme, the third-party system generates a second request according to the access request of the user, sends the second request to the user resource system, and acquires a third token sent by the user resource system, and the third-party system acquires user information from the user resource system according to the third token to complete user registration. In the technical scheme, the third-party system does not need to generate the first token, the performance requirement on the third-party system is low, and when the performance of the third-party system is poor and the number of users requesting to log in is large, the user resource system can generate the first token quickly and feed the first token back to the client, so that the pressure of the first-party system is avoided.
Correspondingly, the embodiment of the invention also provides a device for login of a third-party system without secret, which comprises:
the receiving and sending unit is used for receiving a first request sent by a first party system; the first request is sent by the first party system after the login of the verification client is successful;
the processing unit is used for generating a first response recorded with a first token after the first request passes verification; and controlling the transceiver unit to send the first response to the client through the first party system; the first response is used for instructing the client to log in the third-party system according to the first token;
the transceiver unit is further configured to receive a second request sent by the third-party system; the second request is generated and sent by the third-party system after receiving the access request of the client; a second token is recorded in the second request;
the processing unit is further configured to generate a third token and control the transceiver unit to send to the third-party system after the first token and the second token are verified; and the third token is used for the third-party system to acquire user information from the user resource system so as to complete user registration.
Optionally, the first request is information encrypted by the first party system;
the processing unit is specifically configured to:
and if the first request is decrypted successfully, determining that the first request is verified.
Optionally, the first request includes an IP address of the first party system;
the processing unit is specifically configured to:
before determining that the first request is verified, determining that the IP address of the first party system is in a preset IP white list.
Correspondingly, the embodiment of the invention also provides a device for login of a third-party system without secret, which comprises:
the receiving and sending unit is used for receiving an access request sent by a client; the access request is generated after a client receives a first response sent by a user resource system through a first party system, and the access request records a first token; the first response is generated after the user resource system passes the verification of the first request; the first request is sent by the first party system after the successful login of the client is verified;
the processing unit is used for generating a second request recorded with a second token according to the access request, and controlling the transceiver unit to send the second request to the user resource system;
the receiving and sending unit is further configured to receive a third token sent by the user resource system; the third token is generated by the user resource system after the first token and the second token are verified;
the processing unit is further configured to acquire user information from the user resource system according to the third token and complete user registration;
the transceiver unit is further configured to send an access success response to the client.
Correspondingly, an embodiment of the present invention further provides a computing device, including:
a memory for storing program instructions;
and the processor is used for calling the program instruction stored in the memory and executing the method for the secret-free login third-party system according to the obtained program.
Correspondingly, the embodiment of the invention also provides a computer-readable non-volatile storage medium, which comprises computer-readable instructions, and when the computer-readable instructions are read and executed by a computer, the computer is enabled to execute the method for login-exempt third-party system.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present invention, the drawings needed to be used in the description of the embodiments will be briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without creative efforts.
Fig. 1 is a schematic diagram of a system architecture according to an embodiment of the present invention;
fig. 2 is a schematic flowchart of a method for login to a third-party system without secret provided in an embodiment of the present invention;
fig. 3 is a schematic structural diagram of an apparatus for login to a third-party system without secret provided in an embodiment of the present invention;
fig. 4 is a schematic structural diagram of a device for login to a third-party system without secret provided in an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention clearer, the present invention will be described in further detail with reference to the accompanying drawings, and it is apparent that the described embodiments are only a part of the embodiments of the present invention, not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Fig. 1 exemplarily illustrates a system architecture to which the method for login-free third party system provided by the embodiment of the present invention is applicable, and the system architecture may include a client 100, a first party system 200, a user resource system 300, and a third party system 400.
The client 100: a website or APP (Application) to which a user logs in;
the first party system 200: a user needs to log in an information system platform to be accessed, which is usually a server corresponding to a user login website or a server corresponding to an APP;
user resource system 300: the user resource information management party comprises user basic data and other user data.
Third-party system 400: the client 100 requests the target system to be successfully jumped through the first party system 200 and then is in a logged-in state;
the user resource system 300 is connected to a plurality of first party systems 200 and to a plurality of third party systems 400. The user resource system 300 and the first party system 200 may employ a symmetric encryption manner, so that the first party system 200 and the user resource system 300 perform encrypted communication; similarly, the third party system 400 may also be in encrypted communication with the user resource system 300. The user resource system 300 provides server interfaces to the first party system 200 and the third party system 400 respectively, where the server interfaces may include an authorization interface 301, an information acquisition interface 302, and the like, where the authorization interface 301 is used to verify the identity of the first party system 200 or the third party system 400, and issue a corresponding token after the verification passes; the information obtaining interface 302 is used for the first party system 200 or the third party system 400 to obtain the user information from the user resource system 300. The user resource system 300 further includes a configuration storage module 303 for storing user basic information or other user information.
The first party system 200 is connected to a plurality of clients 100, the first party system 200 includes a third party system portal, and the clients 100 log in to the third party system 400 without secret by accessing the third party system portal.
The first party system 200 does not need to be directly connected with the third party system 400, and directly jumps to the third party system 400 without logging in after the user access authorization is carried out through the uniform user resource system 300; the client 100 does not need to access the user resource system 300, and the login-free operation is completed by the cooperation of the first-party system 200, the user resource system 300 and the third-party system 400, wherein the user resource system 300 is an intermediate system and is invisible to the user.
Based on the above description, fig. 2 exemplarily illustrates a flow of a method for login-exempt third-party system according to an embodiment of the present invention, where the flow may be executed by a device for login-exempt third-party system, and the related execution subject includes a client, a first-party system, a user resource system, and a third-party system.
As shown in fig. 2, the process specifically includes:
step 201, the client sends login information to the first party system.
The user may input a username and password to the client, such that the client sends login information to the first party system for the client to log in to the first party system.
Step 202, the first party system verifies the login information and determines that the client login is successful.
In step 203, the client sends a login-free access request to the first-party system.
After the first-party system determines that the client login is successful, the first-party system can feed a login success response back to the client, and the client sends a request for accessing the third-party system without login to the first-party system according to the login success response of the first-party system.
In step 204, the first party system sends a first request to the user resource system.
After receiving the request from the client, the first-party system generates a first request and sends the first request to the user resource system, which is a matter of course.
The first request may record an access address of the third party system to be logged in, a user identification, an IP address of the first party system, etc.
The user resource system verifies 205 the first request.
The authorization interface of the user resource system can comprise a temporary token interface and a long-term token interface, wherein the temporary token interface is used for verifying the identity of the first party system and issuing a temporary token to the first party system after the verification is passed; the long-term token interface is used for verifying the identity of the third-party system and issuing a long-term token to the third-party system after the verification is passed. Of course, after the identity authentication of the first party system or the third party system is not passed, the information of the verification failure is returned to the first party system or the third party system.
In the embodiment of the present invention, the user resource system may verify the first request to complete the identity verification of the first party system, and optionally, when the first party system sends the first request, the first request may be encrypted, that is, the first request is information encrypted by the first party system, and the user resource system determines whether the first request can be successfully decrypted, and if so, determines that the first request passes the verification, that is, the identity of the first party system passes the verification.
In addition, before determining that the first request is verified, the user resource system may further determine whether an IP address of the first party system in the first request is in a preset IP white list, if so, determine that the first request is verified, otherwise, determine that the first request is not verified. The preset IP white list is a list of IP addresses which are pre-stored in the user resource system by a worker and can access the user resource system.
In step 206, the user resource system generates a first response after the first request is verified.
The first response records a first token and a redirection address of the third-party system to be logged in. The first token, that is, the temporary token issued by the user resource system to the first party system, may set a usage time limit for the first token according to the system network environment, and if the first token is not used within the usage time limit, the first token is automatically disabled.
Step 207, the user resource system sends a first response to the client.
The user resource system sends the first response to the client through the first party system, which is equivalent to the user resource system sending the first response to the first party system, and the first party system forwarding the first response to the client.
At step 208, the client generates an access request.
In step 209, the client sends the access request to the third party system.
After receiving the first response, the client may generate an access request according to the first response, so as to log in to the third-party system without secret, and specifically, the client accesses the redirection address of the third-party system according to the first token.
At step 210, the third party system generates a second request.
After receiving an access request generated by a client, a third-party system generates a second request according to a first token in the access request, wherein the second token is recorded in the second request.
In step 211, the third party system sends a second request to the user resource system.
The user resource system verifies the first token and the second token, step 212.
And the user resource system judges whether the second token in the second request is consistent with the first token or not, if so, the second token is determined to pass the verification, otherwise, the second token is determined not to pass the verification.
Optionally, when the third-party system sends the second request, the second request may be encrypted, that is, the second request is information encrypted by the third-party system, and the user resource system determines whether the decryption of the second request is successful, and if so, determines that the second request passes the verification, that is, the identity of the third-party system passes the verification.
In step 213, the user resource system generates a third token after the first token and the second token are verified.
And the user resource system issues a third token to the third-party system, wherein the third token is a long-term token, and the long-term token is used for the third-party system to acquire the user information from the user resource system.
In step 214, the user resource system sends a third token to the third party system.
In step 215, the user resource system sends the user information to the third party system.
The third-party system may send a request for obtaining the user information to the user resource system according to the third token, and the user resource system sends the user information to the third-party system according to the third token, where the user information may include a user name, a name, an address, a contact information, and the like of the user.
At step 216, the third party system completes the user registration.
And the third-party system initializes the user information in the system according to the acquired user information, thereby completing user registration and setting the user to be in a logged-in state.
Step 217, the third party system sends an access success response to the client.
And the third-party system sends an access success response to the client, namely informing the client to jump to the page requested by the user. Certainly, the third-party system may not pass the identity verification of the user resource system, or the second token is inconsistent with the first token, or the action of user registration cannot be completed successfully, and the third-party system may notify the client to jump to an error page to prompt authentication failure information.
After the third-party system sends the successful access response to the client, the updated information of the user can be obtained from the user resource system according to the third token, and the user information in the third-party system is updated in time according to the updated information of the user.
The embodiment of the invention has the following beneficial effects:
1. the user can jump to the plurality of third-party systems only by logging in the first-party system, and the first-party system does not need to be directly connected with the third-party systems, and directly jumps to the third-party systems without logging in after user access authorization is carried out through a uniform user resource system; the user does not need to access the user resource system, and the login-free operation is completed by the cooperation of the first party system, the user resource system and the third party system, wherein the user resource system is an intermediate system and is invisible to the user.
2. The plurality of first party systems are in butt joint with the user resource system, the plurality of third party systems are in butt joint with the user resource system, the first party systems do not need to be in butt joint with the third party systems, the first party systems do not need to develop corresponding interfaces for each third party system, and the development workload of the first party systems is reduced. When a new third-party system is accessed, the first-party system does not need to independently realize the butt-joint service logic, and the client can log in the new third-party system without secret through the first-party system only by configuring relevant information.
3. The first token is generated by the user resource system, the performance requirement on the third-party system is low, and when the performance of the third-party system is poor and the number of users requesting to log in is large, the user resource system can generate the first token quickly and feed the first token back to the client, so that the pressure of the first-party system is not caused.
4. And the third-party system acquires the user information from the user resource system according to the third token, completes user registration, and can update the user information in the third-party system in time according to the user information in the user resource system after realizing the password-free login of the user.
Based on the same inventive concept, fig. 3 exemplarily illustrates a structure of an apparatus for login-exempt third-party system according to an embodiment of the present invention, and the apparatus may execute a flow of a method for login-exempt third-party system.
A transceiving unit 301, configured to receive a first request sent by a first party system; the first request is sent by the first party system after the login of the verification client is successful;
the processing unit 302 is configured to generate a first response in which a first token is recorded after the first request is verified; and controlling the transceiving unit 301 to send the first response to the client through the first party system; the first response is used for instructing the client to log in the third-party system according to the first token;
the transceiver unit 301 is further configured to receive a second request sent by the third-party system; the second request is generated and sent by the third-party system after receiving the access request of the client; a second token is recorded in the second request;
the processing unit 302 is further configured to generate a third token and control the transceiver unit 301 to send to the third-party system after the first token and the second token are verified; and the third token is used for the third-party system to acquire user information from the user resource system so as to complete user registration.
Optionally, the first request is information encrypted by the first party system;
the processing unit 302 is specifically configured to:
and if the first request is decrypted successfully, determining that the first request is verified.
Optionally, the first request includes an IP address of the first party system;
the processing unit 302 is specifically configured to:
before determining that the first request is verified, determining that the IP address of the first party system is in a preset IP white list.
Based on the same inventive concept, fig. 4 exemplarily shows a structure of a device for login-free third-party system according to an embodiment of the present invention.
A transceiving unit 401, configured to receive an access request sent by a client; the access request is generated after a client receives a first response sent by a user resource system through a first party system, and the access request records a first token; the first response is generated after the user resource system passes the verification of the first request; the first request is sent by the first party system after the successful login of the client is verified;
a processing unit 402, configured to generate a second request recorded with a second token according to the access request, and control the transceiver unit 401 to send the second request to the user resource system;
the transceiver 401 is further configured to receive a third token sent by the user resource system; the third token is generated by the user resource system after the first token and the second token are verified;
the processing unit 402 is further configured to obtain user information from the user resource system according to the third token and complete user registration;
the transceiving unit 401 is further configured to send an access success response to the client.
Based on the same inventive concept, an embodiment of the present invention further provides a computing device, including:
a memory for storing program instructions;
and the processor is used for calling the program instruction stored in the memory and executing the method for the secret-free login third-party system according to the obtained program.
Based on the same inventive concept, the embodiment of the present invention further provides a computer-readable non-volatile storage medium, which includes computer-readable instructions, and when the computer reads and executes the computer-readable instructions, the computer is enabled to execute the method for login-exempt third-party system.
The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
While preferred embodiments of the present invention have been described, additional variations and modifications in those embodiments may occur to those skilled in the art once they learn of the basic inventive concepts. Therefore, it is intended that the appended claims be interpreted as including preferred embodiments and all such alterations and modifications as fall within the scope of the invention.
It will be apparent to those skilled in the art that various changes and modifications may be made in the present invention without departing from the spirit and scope of the invention. Thus, if such modifications and variations of the present invention fall within the scope of the claims of the present invention and their equivalents, the present invention is also intended to include such modifications and variations.
Claims (10)
1. A method for secure login to a third party system, comprising:
a user resource system receives a first request sent by a first party system; the first request is sent by the first party system after the login of the verification client is successful;
after the user resource system passes the verification of the first request, generating a first response recorded with a first token; and sending the first response to the client through the first party system; the first response is used for instructing the client to log in the third-party system according to the first token;
the user resource system receives a second request sent by the third-party system; the second request is generated and sent by the third-party system after receiving the access request of the client; a second token is recorded in the second request;
after the user resource system determines that the first token is consistent with the second token, a third token is generated and sent to the third-party system; and the third token is used for the third-party system to acquire user information from the user resource system so as to complete user registration.
2. The method of claim 1, wherein the first request is information encrypted by the first party system;
the user resource system verifying the first request, comprising:
and if the user resource system successfully decrypts the first request, determining that the first request passes the verification.
3. The method of claim 2, wherein the first request includes a protocol IP address of an interconnection between networks of the first-party system;
before determining that the first request is verified, the user resource system further includes:
and the user resource system determines that the IP address of the first party system is in a preset IP white list.
4. A method for secure login to a third party system, comprising:
a third-party system receives an access request sent by a client; the access request is generated after a client receives a first response sent by a user resource system through a first party system, and the access request records a first token; the first response is generated after the user resource system passes the verification of the first request; the first request is sent by the first party system after the successful login of the client is verified;
the third-party system generates a second request recorded with a second token according to the access request, and sends the second request to the user resource system;
the third-party system receives a third token sent by the user resource system; the third token is generated by the user resource system after determining that the first token and the second token are consistent;
the third-party system acquires user information from the user resource system according to the third token and completes user registration;
and the third-party system sends an access success response to the client.
5. An apparatus for secure login to a third party system, comprising:
the receiving and sending unit is used for receiving a first request sent by a first party system; the first request is sent by the first party system after the login of the verification client is successful;
the processing unit is used for generating a first response recorded with a first token after the first request passes verification; and controlling the transceiver unit to send the first response to the client through the first party system; the first response is used for instructing the client to log in the third-party system according to the first token;
the transceiver unit is further configured to receive a second request sent by the third-party system; the second request is generated and sent by the third-party system after receiving the access request of the client; a second token is recorded in the second request;
the processing unit is further configured to generate a third token and control the transceiver unit to send to the third-party system after determining that the first token is consistent with the second token; and the third token is used for the third-party system to acquire user information from the user resource system so as to complete user registration.
6. The apparatus of claim 5, wherein the first request is information encrypted by the first party system;
the processing unit is specifically configured to:
and if the first request is decrypted successfully, determining that the first request is verified.
7. The apparatus of claim 6, wherein the first request comprises a protocol IP address of an interconnection between networks of the first-party system;
the processing unit is specifically configured to:
before determining that the first request is verified, determining that the IP address of the first party system is in a preset IP white list.
8. An apparatus for secure login to a third party system, comprising:
the receiving and sending unit is used for receiving an access request sent by a client; the access request is generated after a client receives a first response sent by a user resource system through a first party system, and the access request records a first token; the first response is generated after the user resource system passes the verification of the first request; the first request is sent by the first party system after the successful login of the client is verified;
the processing unit is used for generating a second request recorded with a second token according to the access request, and controlling the transceiver unit to send the second request to the user resource system;
the receiving and sending unit is further configured to receive a third token sent by the user resource system; the third token is generated by the user resource system after determining that the first token and the second token are consistent;
the processing unit is further configured to acquire user information from the user resource system according to the third token and complete user registration;
the transceiver unit is further configured to send an access success response to the client.
9. A computing device, comprising:
a memory for storing program instructions;
a processor for calling program instructions stored in said memory to execute the method of any one of claims 1 to 4 in accordance with the obtained program.
10. A computer-readable non-transitory storage medium including computer-readable instructions which, when read and executed by a computer, cause the computer to perform the method of any one of claims 1 to 4.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910353596.6A CN110069909B (en) | 2019-04-29 | 2019-04-29 | Method and device for login of third-party system without secret |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910353596.6A CN110069909B (en) | 2019-04-29 | 2019-04-29 | Method and device for login of third-party system without secret |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN110069909A CN110069909A (en) | 2019-07-30 |
| CN110069909B true CN110069909B (en) | 2020-10-13 |
Family
ID=67369568
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910353596.6A Active CN110069909B (en) | 2019-04-29 | 2019-04-29 | Method and device for login of third-party system without secret |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110069909B (en) |
Families Citing this family (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113034154A (en) * | 2019-09-17 | 2021-06-25 | 创新先进技术有限公司 | Identity authentication method, method for realizing login-free authorization component and respective devices |
| CN112039889B (en) * | 2020-08-31 | 2022-11-29 | 康键信息技术(深圳)有限公司 | Password-free login method, device, equipment and storage medium |
| CN112491848B (en) * | 2020-11-18 | 2022-07-08 | 山东浪潮通软信息科技有限公司 | Method and equipment for supporting extensible secure docking of third-party system |
| CN112492028B (en) * | 2020-11-26 | 2024-02-09 | 中国人寿保险股份有限公司 | Cloud desktop login method and device, electronic equipment and storage medium |
| WO2023092316A1 (en) * | 2021-11-24 | 2023-06-01 | 国云科技股份有限公司 | Third-party service login method and apparatus, terminal device, and storage medium |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103457738A (en) * | 2013-08-30 | 2013-12-18 | 优视科技有限公司 | Method and system for login processing based on browser |
| CN106453414A (en) * | 2016-11-29 | 2017-02-22 | 迈普通信技术股份有限公司 | Third party login authentication method and system, proxy server and client |
| CN108475312A (en) * | 2015-10-02 | 2018-08-31 | 华睿泰科技有限责任公司 | Single-point logging method for equipment safety shell |
| CN109089264A (en) * | 2018-08-02 | 2018-12-25 | 江苏满运软件科技有限公司 | A kind of mobile terminal exempts from the method and system of close login |
Family Cites Families (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| AU2015219267A1 (en) * | 2014-02-18 | 2016-09-22 | Secureauth Corporation | Fingerprint based authentication for single sign on |
| CN106453378A (en) * | 2016-11-03 | 2017-02-22 | 东软集团股份有限公司 | Data authentication method, apparatus and system |
| US10750364B2 (en) * | 2017-10-19 | 2020-08-18 | Microsoft Technology Licensing, Llc | Single sign-in for IoT devices |
| CN108200060B (en) * | 2018-01-03 | 2020-07-14 | 深圳壹账通智能科技有限公司 | Single sign-on verification method based on web subsystem, server and storage medium |
-
2019
- 2019-04-29 CN CN201910353596.6A patent/CN110069909B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103457738A (en) * | 2013-08-30 | 2013-12-18 | 优视科技有限公司 | Method and system for login processing based on browser |
| CN108475312A (en) * | 2015-10-02 | 2018-08-31 | 华睿泰科技有限责任公司 | Single-point logging method for equipment safety shell |
| CN106453414A (en) * | 2016-11-29 | 2017-02-22 | 迈普通信技术股份有限公司 | Third party login authentication method and system, proxy server and client |
| CN109089264A (en) * | 2018-08-02 | 2018-12-25 | 江苏满运软件科技有限公司 | A kind of mobile terminal exempts from the method and system of close login |
Non-Patent Citations (1)
| Title |
|---|
| 基于Web_Service的单点登录系统的设计与实现;黄宝君;《中国优秀硕士学位论文全文数据库 信息科技辑》;20121015;I139-274 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN110069909A (en) | 2019-07-30 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11882108B2 (en) | Application user single sign-on | |
| CN110069909B (en) | Method and device for login of third-party system without secret | |
| CN107948201B (en) | Authority authentication method and system for Docker mirror warehouse | |
| CN105187362B (en) | Method and device for connection authentication between desktop cloud client and server | |
| WO2018145605A1 (en) | Authentication method and server, and access control device | |
| CN111131242A (en) | Authority control method, device and system | |
| CN111556006B (en) | Third-party application system login method, device, terminal and SSO service platform | |
| EP3453136B1 (en) | Methods and apparatus for device authentication and secure data exchange between a server application and a device | |
| CN110784433B (en) | User access processing method, device and equipment | |
| CN106790238B (en) | Cross-site request forgery CSRF defense authentication method and device | |
| US10206099B1 (en) | Geolocation-based two-factor authentication | |
| CN105007280A (en) | Application sign-on method and device | |
| CN103384237A (en) | Method for sharing IaaS cloud account, shared platform and network device | |
| CN104954330A (en) | Method of accessing data resources, device and system | |
| CN112559993B (en) | Identity authentication method, device and system and electronic equipment | |
| WO2014048749A1 (en) | Inter-domain single sign-on | |
| CN106161475B (en) | Method and device for realizing user authentication | |
| CN111669351B (en) | Authentication method, service server, client and computer readable storage medium | |
| TW201638822A (en) | Method and device for identity authentication of process | |
| CN106302606A (en) | A kind of across application access method and device | |
| US20220377556A1 (en) | Internet-of-things device registration method and apparatus, device, and storage medium | |
| JP7159461B2 (en) | Authorization Method, Auxiliary Authorization Component, Management Server, and Computer Readable Medium | |
| TW201328284A (en) | System for accessing and identifying among different software development platforms and method thereof | |
| CN112118209B (en) | Account operation method and device of vehicle equipment | |
| CN111988262B (en) | Authentication method, authentication device, server and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |