CN110414207A - A kind of APP interface authority control method - Google Patents
A kind of APP interface authority control method Download PDFInfo
- Publication number
- CN110414207A CN110414207A CN201910703475.XA CN201910703475A CN110414207A CN 110414207 A CN110414207 A CN 110414207A CN 201910703475 A CN201910703475 A CN 201910703475A CN 110414207 A CN110414207 A CN 110414207A
- Authority
- CN
- China
- Prior art keywords
- app
- page
- party
- authorization code
- access
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 34
- 238000013475 authorization Methods 0.000 claims abstract description 64
- 238000012790 confirmation Methods 0.000 claims description 9
- 230000004044 response Effects 0.000 claims description 7
- 230000001360 synchronised effect Effects 0.000 claims description 3
- 238000011161 development Methods 0.000 abstract description 3
- 230000003993 interaction Effects 0.000 abstract description 3
- 230000000694 effects Effects 0.000 abstract description 2
- 238000005457 optimization Methods 0.000 abstract description 2
- 230000005540 biological transmission Effects 0.000 description 4
- 238000012795 verification Methods 0.000 description 3
- 238000010586 diagram Methods 0.000 description 2
- 230000007246 mechanism Effects 0.000 description 2
- 230000008569 process Effects 0.000 description 2
- 241000208340 Araliaceae Species 0.000 description 1
- 235000005035 Panax pseudoginseng ssp. pseudoginseng Nutrition 0.000 description 1
- 235000003140 Panax quinquefolius Nutrition 0.000 description 1
- 230000001934 delay Effects 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000002708 enhancing effect Effects 0.000 description 1
- 235000008434 ginseng Nutrition 0.000 description 1
- 238000007689 inspection Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/33—User authentication using certificates
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/45—Structures or tools for the administration of authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2141—Access rights, e.g. capability lists, access control lists, access tables, access matrices
Abstract
The invention discloses a kind of APP interface authority control methods, which comprises the third party H5 page initiates authorization code acquisition request 1 to APP, and the authorization code acquisition request 1 carries customer information;It returns to authorization code and gives third party's H5 page;Third party's H5 page obtains access token using the authorization code;And interface access authority is obtained using the access token.A kind of APP interface authority control method of the present invention can carry out dynamic authority configuration to the H5 page of access, enhance APP and externally provide the safety of interface, preferably guarantee user information safety;By cache access authority information to the local APP, the frequency of interaction on business and backstage is greatly reduced, is conducive to improve business access speed.Meanwhile the timeliness activity need of APP Quick thread can be met, reduce development difficulty, Optimization Work efficiency.
Description
Technical field
The invention belongs to computer security technical fields, and in particular to a kind of APP interface authority control method.
Background technique
In APP application, often to pass through the H5 page for third party's exploitation that Web-view is loaded.With the increasing of business
More, APP provides more and more primary functional interfaces, user information interface for the H5 page, how by permission control to carry out reality
Existing limitation of the APP interface to H5 page access has weight to preventing user information from leaking and illegally call primary functional interface
The meaning wanted.Meanwhile a large number of services can generate with backstage and frequently interact, how to improve business using in interface calling procedure
One of handle access speed, and need the emphasis considered.
Summary of the invention
The purpose of the present invention is to provide a kind of APP interface authority control methods, are controlled by permission and realize APP interface pair
The access of third party's H5 page limits, and realizes the legal primary functional interface of calling, ensures user information safety and improves business and visits
Ask speed.
To realize the above goal of the invention, the technical solution adopted is that:
A kind of APP interface authority control method, which comprises
The third party H5 page initiates authorization code acquisition request 1 to APP, and the authorization code acquisition request 1 carries customer information;
It returns to authorization code and gives third party's H5 page;
Third party's H5 page obtains access token using the authorization code;And interface access right is obtained using the access token
Limit.
Further, specific step is as follows for the method:
(1) APP is opened, APP is to the service background synchronous service time;
(2) the APP loading third-party H5 page;
(3) the third party H5 page initiates authorization code acquisition request 1 to APP;
(4) APP initiates authorization code acquisition request 2 to service background;
(5) service background returns to authorization code and authorization code is returned to third party's H5 page to APP, APP;
(6) third party H5 application backstage sends authorization code, client id and key to service background, requests access to token;
(7) service background backward reference token gives third party's H5 page;
(8) when the third party H5 page need to use APP interface, access token and client id are passed to APP;
(9) APP receives the incoming access token of the third party H5 page and client id, and inquires the access token to service background
Whether the permission of access interface is had;
(10) whether service background backward reference token has the response bag data of access authority to APP;
(11) APP is indicated according to the data that service background returns, response or refusal call request.
Further, the step (5) is specific as follows:
(51) service background returns to confirmation authorization page to APP;
(52) APP shows confirmation authorization page;
(53) user clicks " confirmation authorization ";
(54) APP submits user to confirm authorization requests to service background;
(55) service background returns to authorization code to APP;
(56) APP uses checking parameter encrypted authorization code;
(57) authorization code of encryption is returned to third party's H5 page by APP;
Further, between the step (4) and the step (5) further include:
Service background returns to " user is not landed " result;
APP shows landing page;
User inputs Account Logon;
After logining successfully, APP initiates authorization code acquisition request to service background again.
Further, the step (11) further include:
Whether APP cache access token has access authority to locally.
Further, the authorization code acquisition request 1 includes client id.
Further, the authorization code acquisition request 2 includes client id and User ID.
Further, it before whether the APP has the permission of access interface to service background queried access token, also wraps
It includes:
Whether inquiry APP first is locally cached with corresponding access token,
If so, whether the corresponding access token for then verifying caching is effective;
If whether effectively, check the access token that corresponding effective access token is passed to third party's H5 page equal;
If equal, the call request of third party's H5 page is responded.
A kind of APP interface authority control method of the invention, has the advantages that
(1) a kind of APP interface authority control method of the present invention can carry out dynamic authority configuration, enhancing to the H5 page of access
APP externally provides the safety of interface, preferably guarantee user information safety.
(2) a kind of APP interface authority control method of the present invention drops significantly by cache access authority information to the local APP
The low frequency of interaction of business and backstage is conducive to improve business access speed.Meanwhile the timeliness of APP Quick thread can be met
Sexuality demand reduces development difficulty, Optimization Work efficiency.
Detailed description of the invention
Fig. 1 is a kind of APP interface authority control method flow chart of the present invention.
Fig. 2 is access token caching query schematic diagram of mechanism of the present invention.
Specific embodiment
In order to make the objectives, technical solutions, and advantages of the present invention clearer, with reference to the accompanying drawings and embodiments, right
The present invention is further elaborated.It should be appreciated that the specific embodiments described herein are merely illustrative of the present invention, and
It is not used in the restriction present invention.
The purpose of the present invention is to provide a kind of APP interface authority control methods, are controlled by permission and realize APP interface pair
The access of third party's H5 page limits, and realizes the legal primary functional interface of calling, ensures user information safety and improves business and visits
Ask speed.
A kind of principle and embodiment of APP interface authority control method of the invention described in detail below, makes ability
Field technique personnel do not need creative work and are appreciated that technology contents of the invention.
Fig. 1 is a kind of APP interface authority control method flow chart of the present invention.As shown in Figure 1, APP interface authority of the present invention
Control method process is as follows:
(1) APP is opened, APP is to the service background synchronous service time;
(2) the APP loading third-party H5 page;
(3) the third party H5 page initiates authorization code acquisition request 1 to APP, includes client id in authorization code acquisition request 1
(Client-ID), client id is allocated by service background is sent to third party's H5 page;
(4) APP receives the authorization code acquisition request 1 of third party's H5 page transmission, initiates authorization code then to service background and obtains
Request 2 is taken, includes client id (Client-ID) and User ID (User-ID) in authorization code acquisition request 2, wherein user
ID is generated when being user's registration APP;
(5) service background receives the authorization code acquisition request 2 of APP transmission, is then returned to authorization code to APP, APP again will authorization
Code returns to third party's H5 page, and detailed process is as follows:
(51) service background receives the authorization code acquisition request 2 of APP transmission, veritifies Client-ID and User-ID, after qualified,
Confirmation authorization page is returned to APP;
(52) APP shows confirmation authorization page;
(53) user clicks " confirmation authorization ";
(54) then, APP submits user to confirm authorization requests to service background;
(55) user that service background receives APP transmission confirms authorization requests, that is, can return to authorization code to APP;
(56) APP receives the authorization code of service background return, checking parameter encrypted authorization code is then used, in return parameters
Check code is provided, therefore third party H5 can be enable to judge whether the source of sensitive data is legal;
(57) after, the authorization code of encryption is returned to third party's H5 page by APP;
After third party's H5 authorized access code, token is requested access to using authorization code, specific as follows:
(6) third party H5 application backstage sends authorization code, Client-ID and key to service background, requests access to token;
(7) service background receives authorization code, Client-ID and the key that third party H5 application backstage is sent, and verifies its conjunction
Method, i.e. backward reference token gives third party's H5 page after verifying is qualified;
(8) the third party H5 page obtains access token, and when needing using APP interface, incoming access token and Client-ID are given
APP;
(9) APP receives the incoming access token and Client-ID of the third party H5 page, sends the access then to service background
Token and Client-ID inquire the related access authority of the access token;
(10) after service background receives the access token and Client-ID that APP is sent, the validity of the access token is checked,
It whether there is including access token, and before the deadline etc. whether, after inspection, whether backward reference token has access
The response bag data of permission is to APP;
(11) APP is indicated according to the data that service background returns, response or refusal call request;If data instruction access token has
Permission access interface then responds the call request of third party's H5 page;If data instruction access token does not have permission access interface,
Then refuse to respond request.
It in another embodiment, further include user's logon step between step (4) and step (5), specific as follows:
Service background returns to " user is not landed " result, and --- APP shows landing page --- user inputs Account Logon --- APP
User information is submitted to service background --- the user information that service background verifying APP is submitted returns if user information is qualified
Log in success;If user information is unqualified, return logs in failure.
After logging in successfully, APP then initiates authorization code acquisition request 2 to service background again.
In another embodiment, step (11) further include:
Whether APP receives the response bag data that service background returns, then have access authority to be cached to local access token.It is logical
Often, access token can be used for multiple times before the deadline, locally be conducive to subtract by whether access token has access authority to be buffered in
Its few subsequent verifying used is time-consuming, optimizes user experience.
Fig. 2 is access token caching query schematic diagram of mechanism of the present invention.
APP is passed from third party's H5 page and is obtained access token and Client-ID in ginseng, and whether inquiry APP first locally delays
There is access token corresponding with the Client-ID that third party's H5 page is passed to, if so, then further verifying corresponding correlation
Whether access token is effective, i.e., before the deadline whether corresponding access token;If effectively, checking corresponding and effective access
Whether token is equal with the access token that third party's H5 page is passed to;If equal, the call request of third party's H5 page is responded.
If being turned to through the local access token not corresponding with the Client-ID that third party's H5 page is passed to of inquiry APP
Service background requests verification access token;Although right if locally having access token corresponding with Client-ID through inquiry APP
The access token answered not before the deadline, although the access token that is passed to before the deadline with third party's H5 page not
It is equal, it is same to turn to service background requests verification access token.APP to service background requests verification access token, if request at
Function and service background pass through verifying, and APP then replaces access token and saves, and responds the call request of third party's H5 page;
If requesting failure or service background verifying not to pass through to service background, APP refuses the call request of third party's H5 page.
It from the above technical scheme, can be to the third party of access using a kind of APP interface authority control method of the present invention
The H5 page carries out dynamic rights configuration, enhances APP and externally provides the safety of interface, preferably guarantee user information safety;
By cache access authority information to the local APP, the frequency of interaction on business and backstage is greatly reduced, is conducive to the visit of raising business
Ask speed.It using the method for the present invention, can also meet the timeliness activity need of APP Quick thread, reduce development difficulty, optimize work
Make efficiency.
It is understood that the principle that embodiment of above is intended to be merely illustrative of the present and the exemplary implementation that uses
Mode, however the present invention is not limited thereto.All within the spirits and principles of the present invention, it is made it is any modification, equally replace
It changes and improves, should be included within the scope of the present invention.
Claims (8)
1. a kind of APP interface authority control method, which is characterized in that the described method includes:
The third party H5 page initiates authorization code acquisition request 1 to APP, and the authorization code acquisition request 1 carries customer information;
It returns to authorization code and gives third party's H5 page;
Third party's H5 page obtains access token using the authorization code;And interface access right is obtained using the access token
Limit.
2. APP interface authority control method according to claim 1, which is characterized in that specific step is as follows for the method:
(1) APP is opened, APP is to the service background synchronous service time;
(2) the APP loading third-party H5 page;
(3) the third party H5 page initiates authorization code acquisition request 1 to APP;
(4) APP initiates authorization code acquisition request 2 to service background;
(5) service background returns to authorization code and authorization code is returned to third party's H5 page to APP, APP;
(6) third party H5 application backstage sends authorization code, client id and key to service background, requests access to token;
(7) service background backward reference token gives third party's H5 page;
(8) when the third party H5 page need to use APP interface, access token and client id are passed to APP;
(9) APP receives the incoming access token of the third party H5 page and client id, and inquires the access token to service background
Whether the permission of access interface is had;
(10) whether service background backward reference token has the response bag data of access authority to APP;
(11) APP is indicated according to the data that service background returns, response or refusal call request.
3. APP interface authority control method according to claim 2, which is characterized in that the step (5) is specific as follows:
(51) service background returns to confirmation authorization page to APP;
(52) APP shows confirmation authorization page;
(53) user clicks " confirmation authorization ";
(54) APP submits user to confirm authorization requests to service background;
(55) service background returns to authorization code to APP;
(56) APP uses checking parameter encrypted authorization code;
(57) authorization code of encryption is returned to third party's H5 page by APP.
4. APP interface authority control method according to claim 2, which is characterized in that the step (4) and the step
(5) between further include:
Service background returns to " user is not landed " result;
APP shows landing page;
User inputs Account Logon;
After logining successfully, APP initiates authorization code acquisition request to service background again.
5. APP interface authority control method according to claim 2, which is characterized in that the step (11) further include:
Whether APP cache access token has access authority to locally.
6. APP interface authority control method according to claim 2, which is characterized in that the authorization code acquisition request 1 is wrapped
Contain client id.
7. APP interface authority control method according to claim 2, which is characterized in that the authorization code acquisition request 2 is wrapped
Contain client id and User ID.
8. APP interface authority control method according to claim 2 or 5, which is characterized in that the APP is to service background
Whether queried access token has before the permission of access interface, further includes:
Whether inquiry APP first is locally cached with corresponding access token,
If so, whether the corresponding access token for then verifying caching is effective;
If whether effectively, check the access token that corresponding effective access token is passed to third party's H5 page equal;
If equal, the call request of third party's H5 page is responded.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910703475.XA CN110414207A (en) | 2019-07-31 | 2019-07-31 | A kind of APP interface authority control method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910703475.XA CN110414207A (en) | 2019-07-31 | 2019-07-31 | A kind of APP interface authority control method |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN110414207A true CN110414207A (en) | 2019-11-05 |
Family
ID=68364928
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910703475.XA Pending CN110414207A (en) | 2019-07-31 | 2019-07-31 | A kind of APP interface authority control method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110414207A (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111552987A (en) * | 2020-04-16 | 2020-08-18 | 重庆富民银行股份有限公司 | Page access authority control method |
| CN111950001A (en) * | 2020-07-31 | 2020-11-17 | 银盛支付服务股份有限公司 | Authority control method and system based on H5 application in APP |
| CN111988318A (en) * | 2020-08-21 | 2020-11-24 | 上海浦东发展银行股份有限公司 | Authorization authentication system and method thereof |
| CN113507459A (en) * | 2021-06-28 | 2021-10-15 | 上海浦东发展银行股份有限公司 | Mobile terminal APP secure interaction system and method thereof |
Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102624739A (en) * | 2012-03-30 | 2012-08-01 | 奇智软件(北京)有限公司 | Authentication and authorization method and system applied to client platform |
| CN103051630A (en) * | 2012-12-21 | 2013-04-17 | 微梦创科网络科技(中国)有限公司 | Method, device and system for implementing authorization of third-party application based on open platform |
| CN105207974A (en) * | 2014-06-18 | 2015-12-30 | 中国电信股份有限公司 | Method for realizing user resource differentiated openness, platform, application and system |
| CN105897668A (en) * | 2015-10-22 | 2016-08-24 | 乐视致新电子科技(天津)有限公司 | Third party account authorization method, device, server and system |
| CN106295394A (en) * | 2016-07-22 | 2017-01-04 | 飞天诚信科技股份有限公司 | Resource authorization method and system and authorization server and method of work |
| CN106534175A (en) * | 2016-12-07 | 2017-03-22 | 西安电子科技大学 | Open platform authorization and authentication system and method based on OAuth protocol |
| CN108011717A (en) * | 2016-11-11 | 2018-05-08 | 北京车和家信息技术有限责任公司 | A kind of method, apparatus and system for asking user data |
| CN109218298A (en) * | 2018-09-04 | 2019-01-15 | 中钞信用卡产业发展有限公司杭州区块链技术研究院 | A kind of application data access method and system |
-
2019
- 2019-07-31 CN CN201910703475.XA patent/CN110414207A/en active Pending
Patent Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102624739A (en) * | 2012-03-30 | 2012-08-01 | 奇智软件(北京)有限公司 | Authentication and authorization method and system applied to client platform |
| CN103051630A (en) * | 2012-12-21 | 2013-04-17 | 微梦创科网络科技(中国)有限公司 | Method, device and system for implementing authorization of third-party application based on open platform |
| CN105207974A (en) * | 2014-06-18 | 2015-12-30 | 中国电信股份有限公司 | Method for realizing user resource differentiated openness, platform, application and system |
| CN105897668A (en) * | 2015-10-22 | 2016-08-24 | 乐视致新电子科技(天津)有限公司 | Third party account authorization method, device, server and system |
| CN106295394A (en) * | 2016-07-22 | 2017-01-04 | 飞天诚信科技股份有限公司 | Resource authorization method and system and authorization server and method of work |
| CN108011717A (en) * | 2016-11-11 | 2018-05-08 | 北京车和家信息技术有限责任公司 | A kind of method, apparatus and system for asking user data |
| CN106534175A (en) * | 2016-12-07 | 2017-03-22 | 西安电子科技大学 | Open platform authorization and authentication system and method based on OAuth protocol |
| CN109218298A (en) * | 2018-09-04 | 2019-01-15 | 中钞信用卡产业发展有限公司杭州区块链技术研究院 | A kind of application data access method and system |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111552987A (en) * | 2020-04-16 | 2020-08-18 | 重庆富民银行股份有限公司 | Page access authority control method |
| CN111950001A (en) * | 2020-07-31 | 2020-11-17 | 银盛支付服务股份有限公司 | Authority control method and system based on H5 application in APP |
| CN111988318A (en) * | 2020-08-21 | 2020-11-24 | 上海浦东发展银行股份有限公司 | Authorization authentication system and method thereof |
| CN113507459A (en) * | 2021-06-28 | 2021-10-15 | 上海浦东发展银行股份有限公司 | Mobile terminal APP secure interaction system and method thereof |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110414207A (en) | A kind of APP interface authority control method | |
| US10055561B2 (en) | Identity risk score generation and implementation | |
| US7865931B1 (en) | Universal authorization and access control security measure for applications | |
| CN104350501B9 (en) | Authorization server and client apparatus, server cooperative system, and token management method | |
| US8141140B2 (en) | Methods and systems for single sign on with dynamic authentication levels | |
| US9792425B2 (en) | System and method for controlling state tokens | |
| CN106713271B (en) | Web system login constraint method based on single sign-on | |
| CN100361435C (en) | System and method for server security and entitlement processing | |
| CN102104607B (en) | Method, device and system for controlling safety of service access | |
| CN101247395B (en) | ISAPI access control system for Session ID fully transparent transmission | |
| US9769137B2 (en) | Extensible mechanism for securing objects using claims | |
| US20060242688A1 (en) | Supporting statements for credential based access control | |
| US20070271618A1 (en) | Securing access to a service data object | |
| US11886425B2 (en) | Blockchain registry scaling | |
| US7013388B2 (en) | Vault controller context manager and methods of operation for securely maintaining state information between successive browser connections in an electronic business system | |
| CN105262780A (en) | Authority control method and system | |
| CA3032876A1 (en) | System for managing jointly accessible data | |
| CN101702724A (en) | Safe control method and device of network access | |
| CN110309213B (en) | Database access control method, device, system, medium and equipment | |
| CN115422526B (en) | Role authority management method, device and storage medium | |
| CN111682934A (en) | Storage, access and sharing method and system for comprehensive energy metering data | |
| CN109905383A (en) | Delegable management method and device based on PMI | |
| WO2023185386A1 (en) | Service data processing method and apparatus, device, storage medium and program product | |
| US11520909B1 (en) | Role-based object identifier schema | |
| CN1494253A (en) | Method of information providing end data protection |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| WD01 | Invention patent application deemed withdrawn after publication | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20191105 |