CN111526111B

CN111526111B - Control method, device and equipment for logging in light application and computer storage medium

Info

Publication number: CN111526111B
Application number: CN201910106528.XA
Authority: CN
Inventors: 李帅
Original assignee: Tencent Technology Shenzhen Co Ltd
Current assignee: Tencent Technology Shenzhen Co Ltd
Priority date: 2019-02-02
Filing date: 2019-02-02
Publication date: 2021-10-22
Anticipated expiration: 2039-02-02
Also published as: CN111526111A

Abstract

The invention discloses a control method, a control device and control equipment for logging in a light application and a computer storage medium, relates to the technical field of computers, and aims to reduce the workload required by development, adjustment or maintenance of the light application. The method comprises the following steps: receiving an authorized login request sent by a user through a target light application in a first application, wherein the authorized login request carries a service Identification (ID) of the target light application; when the service ID is confirmed to be the service ID of the light application passing the validity verification, acquiring the user identification of the target account from the application server corresponding to the first application; generating a login state indication identifier of a target account in the target light application, wherein the login state indication identifier corresponds to the user identifier and is encrypted in a preset encryption mode and is used for indicating that the user identifier which allows the target account to be used logs in the target light application; and returning a login response message to the target light application, wherein the login response message carries the user identifier and the login state indication identifier.

Description

Control method, device and equipment for logging in light application and computer storage medium

Technical Field

The present invention relates to the field of computer technologies, and in particular, to a method, an apparatus, and a device for controlling login of a light application, and a computer storage medium.

Background

Currently, a variety of customized items can be provided for advertisers in an instant messaging application to facilitate the use of the application functions of the advertisers in the instant messaging application, such as small programs in WeChat, or QQ interconnection applications. Taking the applet in the WeChat as an example, one or more independent applets can be made for the advertiser according to the customization requirements of the advertiser, and the development and operation of the applet can be completed by the applet making party. Generally, an applet can be logged in quickly through a WeChat account number so that a user can start using the applet more conveniently and quickly, and login authorization and authentication of the applet are almost indispensable functions.

However, the existing applets are generally developed independently, that is, authorized login and authentication of different applets are independent from each other, so that with the increasing of the number of applets, the applet information is increasing and dispersed in each applet project, which is not beneficial to the comprehensive management of the applet information.

Disclosure of Invention

The embodiment of the invention provides a control method, a device and equipment for logging in light applications and a computer storage medium, which are used for realizing unified logging authorization and management of light applications such as applets and the like and reducing the workload required by development, adjustment or maintenance of the light applications.

In one aspect, a method for controlling login of a light application is provided, and the method includes:

receiving an authorized login request sent by a user through a target light application in a first application, wherein the authorized login request is used for requesting to login the target light application by using a logged-in target account in the first application, and the authorized login request carries a service Identifier (ID) of the target light application;

when the service ID is confirmed to be the service ID of the light application passing the validity verification, acquiring the user identification of the target account from the application server corresponding to the first application;

generating a login state indication identifier of the target account in the target light application, wherein the login state indication identifier corresponds to the user identifier and is encrypted in a preset encryption mode and is used for indicating that the user identifier using the target account is allowed to login in the target light application;

and returning a login response message to the target light application, wherein the login response message carries the user identifier and the login state indication identifier, so that the target light application can authenticate the service request of the user by using the user identifier and the login state indication identifier.

when receiving an authorization indication of logging in a target light application in a first application by using a target account which is logged in the first application, sending an authorization login request carrying a service ID of the target light application to a login authentication server;

receiving a login response message returned by the login authentication server, wherein the login response message carries a user identifier of the target account and a login state indication identifier, the login state indication identifier is generated after the login authentication server verifies that the service ID passes, the login state indication identifier corresponds to the user identifier and is encrypted by adopting a preset encryption mode, and the login state indication identifier is used for indicating that the user identifier using the target account is allowed to login in the target light application;

and calling a display page corresponding to the login response message for display.

In one aspect, a control device for logging in a light application is provided, and is applied to a login authentication server, and includes:

the system comprises a receiving and sending unit, a service identification of a identification;

an obtaining unit, configured to obtain, when it is determined that the service ID is a service ID of a light application that passes validity verification, a user identifier of the target account from an application server corresponding to the first application;

a generating unit, configured to generate a login state indication identifier of the target account in the target light application, where the login state indication identifier corresponds to the user identifier and is encrypted in a preset encryption manner, and is used to indicate that the user identifier that uses the target account is allowed to login in the target light application;

the receiving and sending unit is further configured to return a login response message to the target light application, where the login response message carries the user identifier and the login state indication identifier, so that the target light application can authenticate the service request of the user by using the user identifier and the login state indication identifier.

In one aspect, a control device for logging in a light application is provided, and is applied to a user terminal, and includes:

the system comprises a receiving and sending unit, a login authentication server and a processing unit, wherein the receiving and sending unit is used for sending an authorized login request carrying a service ID of a target light application to the login authentication server when receiving an authorized instruction of the target light application logged in the first application by using a target account number logged in the first application;

the receiving and sending unit is further configured to receive a login response message returned by the login authentication server, where the login response message carries a user identifier of the target account and a login state indication identifier, the login state indication identifier is generated after the login authentication server verifies that the service ID passes, and the login state indication identifier corresponds to the user identifier and is encrypted in a preset encryption manner, so as to indicate that the user identifier that allows the target account to be used logs in the target light application;

and the calling unit is used for calling the display page corresponding to the login response message for display.

In one aspect, a computer device is provided,

at least one processor; and

a memory communicatively coupled to the at least one processor; wherein the content of the first and second substances,

the memory stores instructions executable by the at least one processor to enable the at least one processor to perform the method of the above aspect.

In one aspect, a computer-readable storage medium is provided,

the computer readable storage medium stores computer instructions which, when executed on a computer, cause the computer to perform the method of the above aspect.

In the embodiment of the invention, when the target light application is requested to be logged in through the target account of the first application, the service ID of the target light application can be carried, so that after the service ID is verified, authorized login service can be provided for the target light application, namely, a login state indication identifier which indicates that the user identifier which allows the target account to be used is logged in the target light application is generated for the target account, and the login state indication identifier is returned to the target light application. That is to say, in the embodiment of the present invention, the service ID is allocated to each light application, and after the user authorizes to log in the light application, whether the light application that is requested to log in is a legitimate light application can be verified through the service ID, and whether an authorized login service is provided for the light application is further determined, so that a uniform authorized login service can be provided for a plurality of legitimate light applications, and the light applications can be distinguished and verified through the service ID, thereby facilitating uniform management of each light application. In addition, because the plurality of light application authorized login services are the same, when the light application is developed, the existing authorized login service can be directly adopted for authorized login without redevelopment, and when the operation logic in the light application needs to be adjusted or the light application needs to be maintained, the unified service only needs to be adjusted or maintained, so that the workload required by the adjustment or maintenance of the light application is reduced, and the burden of operation and maintenance personnel is reduced.

Drawings

In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, and it is obvious that the drawings in the following description are only embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the provided drawings without creative efforts.

FIG. 1 is a diagram illustrating an architecture of an applet providing service in the prior art;

fig. 2 is a schematic view of an application scenario provided in an embodiment of the present invention;

fig. 3 is a schematic flow chart of light application access provided in the embodiment of the present invention;

FIG. 4 is a flowchart illustrating an authorized login process according to an embodiment of the present invention;

FIG. 5 is a schematic diagram of a display interface for requesting a user to authorize login according to an embodiment of the present invention;

fig. 6 is a schematic flowchart of an authentication process according to an embodiment of the present invention;

fig. 7 is another schematic flow chart of an authentication process according to an embodiment of the present invention;

fig. 8 is a schematic structural diagram of a control device for logging in a light application according to an embodiment of the present invention;

fig. 9 is a schematic structural diagram of a control apparatus for logging in a light application according to an embodiment of the present invention;

fig. 10 is a schematic structural diagram of a computer device according to an embodiment of the present invention.

Detailed Description

In order to make the objects, technical solutions and advantages of the present invention more apparent, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention. The embodiments and features of the embodiments of the present invention may be arbitrarily combined with each other without conflict. Also, while a logical order is shown in the flow diagrams, in some cases, the steps shown or described may be performed in an order different than here.

In order to facilitate understanding of the technical solutions provided by the embodiments of the present invention, some key terms used in the embodiments of the present invention are explained first:

light application: the light application is a full-function application program which is searched and used without downloading, and one of the characteristics is that the light application is convenient to use, does not need to be manually installed in an operating system of the terminal, has user experience which is comparable to or even superior to that of a locally installed application program, and has the characteristics of being capable of being retrieved and intelligently distributed of a webpage application program. The most representative light applications are applets, such as wechat applets, paypal applets, and Baidu light applications, and also, wechat public numbers and QQ interconnect applications, which also have the characteristics of light applications, can be regarded as a light application.

The first application is as follows: refers to an application that can run a light application in the application, and the first application may be an instant messaging application such as QQ or WeChat; alternatively, the first application may also have other possible applications, for example, the running of the applet is not limited to the instant messaging application, and the applet may also be run in the applications such as pay pal, hundredth, and the like. And (3) authorized login: the method includes the steps that after a user opens a light application in a first application, the light application requests to acquire user information of a logged account in the first application, and after the user authorizes the light application, a login state indication mark indicating that the account logs in the light application is generated for the account.

Authentication: the method refers to a process of verifying the validity of the login state indication identifier of the user when the user uses the service in the light application after the login is successfully authorized.

In addition, the term "and/or" herein is only one kind of association relationship describing an associated object, and means that there may be three kinds of relationships, for example, a and/or B, which may mean: a exists alone, A and B exist simultaneously, and B exists alone. In addition, the character "/" in this document generally indicates that the preceding and following related objects are in an "or" relationship unless otherwise specified.

Currently, services provided for respective applets are independent from each other, for example, as shown in fig. 1, an architecture diagram of the services provided for the applets in the prior art is shown. The method comprises the steps that two applets are taken as an example, namely an applet 1 and an applet 2, an authorization login interface 1 and an authentication interface 1 are respectively used for providing authorization login service and authentication service for the applet 1, an authorization login interface 2 and an authentication interface 2 are respectively used for providing authorization login service and authentication service for the applet 2, and an application server is a background server applied to instant messaging where the applet is located.

In practical application, if the applet 1 is added in the instant messaging application, the authorization login interface 1 and the authentication interface 1 for providing services for the applet 1 need to be developed, if the applet 2 is added in the instant messaging application, the authorization login interface 2 and the authentication interface 2 for providing services for the applet 2 need to be developed, the authorization login interface 1 and the authentication interface 1, and the authorization login interface 2 and the authentication interface 2 are independent and do not interfere with each other, so that the applet information continuously increases with the increase of the number of the applets and is dispersed in each applet project, which is not beneficial to the comprehensive management of the applet information, and in addition, when the authorization login interface or the authentication interface of the applet needs to be adjusted or maintained, the authorization login interface or the authentication interface of each applet needs to be adjusted or maintained, the process is complicated and the time consumption is long.

The inventor analyzes the prior art and finds that the existing method for providing mutually independent authorized login service and authentication service for light applications represented by applets can only be applied to scenes with a small number of light applications, while the light applications are gradually accepted by most users, and the number of the light applications is rapidly increasing, so that the method for providing mutually independent authorized login service and authentication service for each light application is not applicable any more, and therefore, in order to solve the above problems, the authorized login service and the authentication service of each light application need to be unified, therefore, the invention considers that the logics of the authorized login service and the authentication service of the light applications are substantially similar, so that the light applications can be provided with services through the unified authorized login service and the authentication service, and in order to distinguish different light applications, service Identification (ID) of the light application is introduced, and when the light application needs to use the service, whether the light application is a legitimate light application, that is, whether the light application can be serviced, is confirmed by the service ID. Furthermore, based on the service requirement of the light application, a validity period can be set for the login state indicator of the light application, and after the validity period is exceeded, the login state indicator automatically fails, so that the safety of using the light application in the first application by the user is improved.

In view of this, the inventor of the present invention provides a method for controlling a login light application, where in the method, when a request is made to login a target light application through a target account of a first application, a service ID of the target light application may be carried, so that after the service ID is verified, an authorized login service may be provided for the target light application, that is, a login state indication identifier indicating that a user identifier that allows the target account to be used is logged in the target light application is generated for the target account, and is returned to the target light application. That is to say, in the embodiment of the present invention, the service ID is allocated to each light application, and after the user authorizes to log in the light application, whether the light application that is requested to log in is a legitimate light application can be verified through the service ID, and whether an authorized login service is provided for the light application is further determined, so that a uniform authorized login service can be provided for a plurality of legitimate light applications, and the light applications can be distinguished and verified through the service ID, thereby facilitating uniform management of each light application. In addition, since the plurality of light applications are authorized to log in the same service, when the operation logic in the light applications needs to be adjusted or the light applications need to be maintained, only the unified service needs to be adjusted or maintained, so that the workload required for adjusting or maintaining the light applications is reduced, and the burden of operation and maintenance personnel is reduced.

The control method of logging in a light application in the embodiment of the present invention may be applied to an application scenario as shown in fig. 2, where the application scenario includes the terminal device 10, the login authentication server 20, the light application server 30, and the application server 40.

The terminal device 10 may be any terminal device installed with the first application, for example, a tablet Computer (PAD), a mobile phone, a notebook Computer, or a Personal Computer (PC), and of course, other possible devices may also be used, which is not limited in this embodiment of the present invention. The light applications can be used in a first application, for example, the first application can be an application such as WeChat or QQ, and when the first application is WeChat, the light application can be an applet or WeChat public number; when the first application is QQ, the light application may be, for example, a QQ interconnect application.

The login authentication server 20 is a server that provides services such as authorized login and authentication for the light application in the first application. In practical application, the login authentication server 20 may be a server cluster formed by a plurality of servers, where the plurality of servers share the authorized login task and the authentication task, or a part of the servers may be used to execute the authorized login task and a part of the servers may be used to execute the authentication task, and of course, other implementation manners may be adopted, which is not limited in this embodiment of the present invention.

The light application server 30 is a background server of the light application in the first application, and for different light applications, the light application server 30 may be different, for example, the mei-qu applet and the mei-qu takeout applet are different applets of the same advertiser, so that the applet servers 30 corresponding to the mei-qu applet and the mei-qu takeout applet may be the same, and the mei-qu applet and the applet which is hungry are applets of different advertisers, so that the applet servers 30 corresponding to the mei-qu applet and the applet which is hungry may be different. The application server 40 is a background server for the first application.

The data transmission among the terminal device 10, the login authentication server 20, the light application server 30, and the application server 40 may be performed through a network, which may be a wireless network (wireless network) or a wired network, where the wireless network may be, for example, a wireless local area network (wireless lan, WLAN) or a cellular network.

Of course, the method provided in the embodiment of the present invention is not limited to be used in the application scenario shown in fig. 2, and may also be used in other possible application scenarios, which is not limited in the embodiment of the present invention. The functions that can be implemented by each device in the application scenario shown in fig. 2 will be described in the following method embodiments, and will not be described in detail herein.

To further illustrate the technical solutions provided by the embodiments of the present invention, the following detailed description is made with reference to the accompanying drawings and the specific embodiments. Although embodiments of the present invention provide method steps as shown in the following embodiments or figures, more or fewer steps may be included in the method based on conventional or non-inventive efforts. In steps where no necessary causal relationship exists logically, the order of execution of the steps is not limited to that provided by embodiments of the present invention. The method can be executed in sequence or in parallel according to the method shown in the embodiment or the figure when the method is executed in an actual processing procedure or a device.

Since the light application needs to be accessed into the management system of the light application according to the embodiment of the present invention before being used, the specific management work of the management system of the light application can be performed by logging in the authentication server. Fig. 3 is a schematic flow chart of the light application access.

Step 301: and allocating appid and appsecret for the newly added light application.

The light application ID (appid or appkey) and the light application key (appexecute) are identities of the light application in the first application, and the light application is enabled to call some program interfaces in the first application through the cooperative use of the appid and the appexecute, so that some functions of the first application are used. Therefore, in order to enable the light application to be used in the first application, the advertiser needs to lift a registration application of the light application on a public platform of the first application, and then the public platform of the first application can allocate the appid and the appsecret to the light application of the advertiser, and the appid and the appsecret allocation can be executed by a background server of the first application, for example, since the processes are the same as those in the prior art, redundant description is omitted.

Step 302: the light application is assigned a service ID.

In addition to the above-mentioned assignment of appid and appsect to the light application, the light application also needs to be registered in a management system of the light application, and the management work of the light application can be specifically performed by logging in an authentication server. During specific registration, the management system of the light application can register the appid, appsecret, the name of the light application and other information of the light application, and assigns the corresponding service ID for the light application, wherein the service ID of each light application has uniqueness and can be used as the identity of each light application for calling the authorization login and the authentication service.

Step 303: when the user uses the light application, an authorized login and authentication service is invoked based on the service ID.

After the service ID assignment is completed, the newly added light application may perform authorization login and invocation of the authentication service based on the service ID assigned to the newly added light application, and both the authorization login and the authentication service may be performed by the login authentication server according to the embodiment of the present invention, and the specific process of this step will be described in detail later, so that redundant description will not be repeated here.

In the embodiment of the invention, the authorization login and the authentication service of the light application are processed by the login authentication server, and the light application is managed by the service ID, so that the light application is increased, the light application can be directly provided with the service by the login authentication server, and the function development of the authorization login and the authentication service is not required again.

In the embodiment of the present invention, when the light application is used, the authorization login and authentication process is an indispensable function, and certainly, in the use process of the light application, other services may also be included, and the following description mainly takes the authorization login and authentication process as an example.

Fig. 4 is a schematic flow chart of an authorized login process according to an embodiment of the present invention.

Step 401: the target light application requests the user to authorize the login.

In the embodiment of the invention, when a user needs to use a certain light application, the target light application needs to be found and opened in the first application, generally, when the user enters the target light application for the first time or does not use the target light application for a long time, the user is in an unregistered state, and the target light application needs to acquire the unique identifier of the user when the target light application is used for certain services, namely, the user needs to log in, so that the target light application generally requests the user to perform authorized login, wherein the authorized login refers to requesting the user to authorize the target light application to log in by using a target account currently logged in the first application. Taking the wechat as an example, the target light Application may call a "wx.logic" Interface in an Application Programming Interface (API) of the light Application to request the user to authorize to log in the target light Application with a wechat account.

Specifically, as shown in fig. 5, a schematic diagram of a display interface for requesting a user to authorize login is shown. The first application is a first application, and the light application requesting authorization for login is the first light application, so that the first light application can acquire relevant information of a target account in the first application, such as a nickname, a head portrait and the like, so that login is performed in the first light application through the account, and a plurality of operable options can be provided for a user, such as 'reject' and 'allow' options shown in fig. 5; if the user selects the "allow" option, the light application may obtain an authorization indication of the user, that is, authorization to log in the target light application, specifically, the first light application, with the target account.

Step 402: the targeted light application receives an indication of authorization of the user.

In the embodiment of the present invention, if the user agrees to the authorization, a corresponding operation of agreeing to the authorization may be performed on the page of the light application, for example, an "allow" option in fig. 5 is operated, and the target light application may receive an authorization indication of the user.

Specifically, after the user agrees to the authorization, the target light application may obtain relevant information of the target account from the first application, where the relevant information may include user information such as a nickname and a head portrait, and a login code (code) of the target account, where the login code is a credential that the user agrees to log in the target light application with the target account, and the target light application may obtain the login code from the first application only after the user agrees to the authorization.

Step 403: the target light application sends an authorized login request to the login authentication server, and the login authentication server receives the authorized login request.

In the embodiment of the invention, after the user agrees to authorization, the target light application can send an authorized login request to the login authentication server. The authorized login request can carry the service ID and the login code of the target light application.

Specifically, the target light application runs in the user terminal, that is, essentially sends an authorized login request to the login authentication through the user terminal.

Step 404: the login authentication server verifies whether the service ID is valid.

In the embodiment of the present invention, in order to prevent a malicious request sent by an unaccessed light application or a web page, an authorized login request sent by a target light application needs to be verified to verify whether the authorized login request is an authorized login request sent by a light application that passes validity verification. The light application passing the validity verification means the light application registered in the management system of the light application, and since each light application has a unique service ID, the validity of the target light application sending the authorized login request can be verified by verifying whether the service ID is valid.

Specifically, after the light application is registered in the management system of the light application, the service ID of the light application may be added to the preset service ID library, and then when it is verified whether the service ID is valid, it may be determined whether the preset service ID library includes the service ID carried in the authorization login request, if it is determined that the preset service ID library includes the service ID carried in the authorization login request, it is determined that the service ID of the target light application is valid, and then the target light application is the light application passing the validity verification, and if it is determined that the preset service ID library does not include the service ID carried in the authorization login request, it is determined that the service ID of the target light application is invalid, and then the target light application is not the light application passing the validity verification.

In the embodiment of the present invention, if the verification result in step 404 is negative, that is, if the login authentication server determines that the target light application is not the light application verified by the validity, the login authentication server may refuse to provide service for the target light application, so as to prevent the target light application from being a malicious light application, and provide a certain guarantee for the security of the system.

Specifically, the login authentication server may return a response message of denial of service to the target light application, and of course, may enter processing of performing a subsequent request without any response.

Step 405: if the verification result in step 404 is yes, the login authentication server sends a user information acquisition request to the application server.

In the embodiment of the invention, when the login authentication server confirms that the target light application is the light application passing the validity verification, the login authentication server can provide the authorized login service for the target light application.

Specifically, when logging in, the user information of the target account needs to be used for logging in, so that the login authentication server may send a user information acquisition request to the application server to acquire the user information required for logging in. The application server is a background server of the first application. The user information required for logging in the target light application may include a user identifier, where the user identifier is an identity identifier of the target account in the first application, and the user identifier is unique, so that the user can log in the target light application through the user identifier. For example, taking the first application as the WeChat as an example, the user identifier may be openid.

In specific implementation, in order to ensure the security of the user information, the application server obviously does not give the user information at will, so that the user information acquisition request sent by the login authentication server may carry the login code as a credential for acquiring the user information, so that the user information can be successfully acquired from the application server.

Step 406: the application server sends the user information to the login authentication server, and the login authentication server receives the user information.

In the embodiment of the invention, the request is obtained from the user information of the application server, the user information of the target account is obtained according to the login code in the request, and the user information is returned to the login authentication server. The user information may specifically be a user identifier.

Step 407: and the login authentication server generates a login state indication identifier.

In the embodiment of the invention, after the login authentication server acquires the user information, the login state indication identifier of the target account in the target light application can be generated based on the acquired user information.

Taking the user information as the user identifier as an example, the login state indication identifier generated by the login authentication server corresponds to the user identifier and is generated by encrypting in a preset encryption mode, and is used for indicating that the user identifier allowing to use the target account number is logged in the target light application.

Specifically, after the login authentication server obtains the user identifier, the login authentication server allocates a key to the target account, stores the allocated key in the login authentication server, and encrypts the key by using a preset encryption method based on the user identifier and the key to generate a login state indication identifier. The preset encryption method may be, for example, a fifth version of a Message Digest Algorithm (MD 5), and since the MD5 cannot perform reverse decryption after encryption, the generated login state indicator is theoretically unforgeable, and the security of the login state indicator is higher. Taking the first application as the WeChat as an example, if the user identifier may be openid, then MD5 encryption may be performed based on the openid and the distributed key, so as to obtain a token, where the token is the login state indication identifier.

Step 408: and the login authentication server returns a login response message to the target light application, and the target light application receives the login response message.

In the embodiment of the invention, the login response message returned by the login authentication server can carry the user identifier and the login state indication identifier, so that the target light application can know that the login is successful after receiving the login response message.

In the actual application process, in order to further improve the safety of using the light application by the user, a validity period can be set for the login state indicator.

Specifically, the login authentication server may carry the validity period information together with the login response message and send the login response message to the target light application when returning the login response message to the target light application, for example, a plurality of fields are added to the login response message to carry the validity period information, and the target light application may obtain the validity period of the login state indicator based on the contents of the plurality of fields. The login authentication server may set different validity periods for the login status indicators of different light applications, or may set the same validity period for all light applications according to a default of the system, for example, the validity periods of the login status indicators are all 2 hours or 2 days.

Specifically, the login authentication server may further add expiration date information to the user identifier after acquiring the user identifier, so that the login state indication identifier generated based on the user identifier to which the expiration date information is added may have the same expiration date. For example, taking the user identifier as openid as an example, and the validity period information is identified by the time parameter, the validity period information may be added to the user identifier by a separator, and the user identifier to which the validity period information is added may be represented in the form of "openid + separator + time".

In actual application, when the login authentication server agrees a fixed validity period for the target light application, the validity period information may only include a time when the login state indication identifier is generated, or a time when the validity period information is added to the user, and if the login authentication server does not agree the fixed validity period for the target light application, the validity period information may include the time when the login state indication identifier is generated, or the time when the validity period information is added to the user, and may also include valid duration information, and of course, may also include other possible information.

Step 409: and the target light application calls the display page corresponding to the login response message for display.

For example, when the login response message indicates that the login is successful, the home page of the target light application may be directly called to display, or an indication page indicating that the login is successful is displayed for the user, and after a preset time length, the home page of the target light application is automatically entered.

In the embodiment of the invention, after the target light application is logged in, the user can use all functions of the target light application in the first application, and when the service of the target light application is used in the use process of the target light application, the login state indication identifier of the target light application needs to be verified to prevent malicious requests, so that the authentication service of the login authentication server needs to be used. Especially when important functions of the target light application are used, such as payment-related functions, it is necessary to verify the login state indicator of the target light application. Fig. 6 is a schematic flow chart of an authentication process according to an embodiment of the present invention.

Step 601: and the target light application sends a service request to the light application server, and the light application server receives the service request.

In the embodiment of the present invention, when a user uses a target light application, for example, when a service function in the target light application is used, a back-end service interface of the light application needs to be called, that is, interaction with a background server of the target light application needs to be performed. For example, when the target light application is the takeout of mei group, the user places an order in the takeout of mei group, and a service request is generated, and here, specifically, the order request is sent to a background server of the takeout of mei group.

Specifically, the service request may carry a service ID, a user identifier, and a login state indication identifier of the target light application, and certainly, may also carry necessary service related information, and the role of each carried information will be introduced one by one in the following description, which is not repeated here.

Step 602: the light application server sends an authentication request to the login authentication server, and the login authentication server receives the authentication request.

In the embodiment of the invention, at present, most of the light applications run by the agent of the manufacturer of the first application or a related manufacturer, so that the information management of the light applications is not directly managed by the background server of the light applications, and therefore, the light application server cannot distinguish the login state of the target account, and therefore, an authentication request needs to be sent to the login authentication server to request the login authentication server to verify the authenticity of the login state indication identifier carried in the service request.

Specifically, the authentication request may carry a service ID, a user identifier, and a login status indication identifier of the target light application.

Step 603: the login authentication server verifies whether the service ID is valid.

In the embodiment of the present invention, in order to prevent a malicious request sent by an unaccessed light application or a web page, the validity of a target light application needs to be verified, so as to determine whether to provide an authentication service for the target light application.

Specifically, the login authentication server may confirm whether the preset service ID library includes the service ID of the target light application, and if it is confirmed that the preset service ID library includes the service ID of the target light application, it is confirmed that the service ID of the target light application is valid, and the target light application is the light application passing the validity verification, and if it is confirmed that the preset service ID library does not include the service ID of the target light application, it is confirmed that the service ID of the target light application is invalid, and the target light application is not the light application passing the validity verification.

In the embodiment of the present invention, if the verification result of step 603 is negative, that is, if the login authentication server determines that the target light application is not the light application verified by the validity, the login authentication server may refuse to provide service for the target light application, so as to prevent the target light application from being a malicious light application, and provide a certain guarantee for the security of the system.

Specifically, the login authentication server may return an indication result indicating that the authentication is not passed to the light application server, and of course, may enter the process of performing the subsequent request without any response.

Step 604: if the verification result in the step 603 is yes, the login authentication server obtains a login state verification identifier corresponding to the user identifier by adopting a preset encryption mode.

In the embodiment of the invention, the login authentication server already stores the key distributed for the target account, so the login state verification identifier can be generated by adopting a preset encryption mode according to the user identifier and the key stored in the login authentication server. The preset encryption mode is the same as the encryption mode adopted for generating the login state indicating identification, so that if the login state indicating identification is true, the preset encryption mode is consistent with the login state verification identification, and the login state indicating identification is verified.

Step 605: the login authentication server confirms whether the login state indication identification is consistent with the login state verification identification.

Step 606: and the login authentication server returns an indication result to the light application server.

In the embodiment of the present invention, when the confirmation result of step 606 is yes, the login authentication server returns an indication result indicating that the authentication passes to the light application server; if the confirmation result in step 606 is no, the login authentication server returns an indication result indicating that the authentication is not passed to the light application server.

Step 607: the light application server executes the business logic based on the indication result.

Step 608: and the light application server sends a service response message to the target light application, and the target light application receives the service response message.

In the embodiment of the present invention, the light application server may execute the subsequent service logic according to the indication result of the authentication process, for example, when the authentication passes, the light application server may allow the service operation of the user, otherwise, the light application server rejects. Since this part may be the same as the existing business logic, it is not described in too much detail.

Step 609: and the target light application calls a display page corresponding to the service response message for display.

For example, when the service response message indicates that the service is successful, a page with successful service may be called to display, for example, when the service is to make payment, the payment is successful, or when the service response message indicates that the service is failed, a page with failed service may be called to display, for example, when the service is to make payment, the payment failure may be displayed, and the error code may be displayed.

In the embodiment of the invention, when the login state indicating identifier has the validity period, the validity period of the login state indicating identifier needs to be verified in addition to verifying the authenticity of the login state indicating identifier. Fig. 7 is a schematic flow chart illustrating an authentication process when the login status indicator has a validity period.

Step 701: and the target light application sends a service request to the light application server, and the light application server receives the service request.

Specifically, when authorized login is performed, and the validity period information is carried in the login response message and is directly sent, the service request may also carry the validity period information in addition to the service ID, the user identifier, and the login state indication identifier of the target light application.

Specifically, when the user identifier is added with validity information during authorized login, the user identifier carried in the service request may be the user identifier added with the validity information.

Step 702: the light application server sends an authentication request to the login authentication server, and the login authentication server receives the authentication request.

Correspondingly, the authentication request can carry the service ID, the user identification, the login state indication identification and the valid period information of the target light application; or the authentication request carries the user identification added with the validity period information.

Step 703: the login authentication server verifies whether the service ID is valid.

In the embodiment of the present invention, the processes of steps 701 to 703 are substantially the same as those of steps 601 to 603, and therefore, the description of these steps can refer to the above steps 601 to 603, and will not be repeated here.

Step 704: if the verification result in step 703 is yes, the login authentication server verifies whether the login state indication identifier is located within the validity period.

In the embodiment of the invention, if the authentication request directly carries the valid period information, whether the login state indication mark is positioned in the valid period can be directly verified according to the valid period information.

For example, when the validity period information is the time when the login-state indication identifier is generated, and the default validity period is 2 days, the current time may be compared with the time indicated by the validity period information, so as to determine whether the time exceeds 2 days, if so, it is determined that the login-state indication identifier is located in the validity period, otherwise, it is determined that the login-state indication identifier is not located in the validity period.

If the authentication request carries the user identifier added with the validity information, the validity information needs to be separated from the user identifier added with the validity information, and then whether the login state indication identifier is located in the validity period is verified according to the validity information. Taking the user identifier as openid as an example, the user identifier added with the validity information can be represented in a form of 'openid + separator + time', and the login authentication server can use the separator to decompose the user identifier added with the validity information into openid and time, so as to obtain the validity information.

Step 705: if the verification result in step 704 is yes, a login state verification identifier corresponding to the user identifier is obtained by using a preset encryption mode.

Step 706: the login authentication server confirms whether the login state indication identification is consistent with the login state verification identification.

Step 707: and the login authentication server returns an indication result to the light application server.

In the embodiment of the present invention, when the confirmation result of step 706 is yes, the login authentication server returns an indication result indicating that the authentication passes to the light application server; if the verification result in step 705 is no or the confirmation result in step 706 is no, the login authentication server returns an indication result indicating that the authentication is not passed to the light application server.

Step 708: the light application server executes the business logic based on the indication result.

Step 709: and the light application server sends a service response message to the target light application, and the target light application receives the service response message.

In the embodiment of the present invention, the light application server may execute the subsequent service logic according to the indication result of the authentication process, for example, when the authentication passes, the light application server may allow the service operation of the user, otherwise, the light application server rejects.

Step 710: and the target light application calls a display page corresponding to the service response message for display.

In summary, the embodiments of the present invention provide a method for controlling login light applications, where a service ID is allocated to each light application, and after a user authorizes login of a light application, whether the light application that requested login is a legitimate light application can be verified through the service ID, and whether an authorized login service is provided for the light application is further determined, so that a uniform authorized login service can be provided for multiple legitimate light applications, and differentiation and verification are performed through the service ID, thereby facilitating uniform management of each light application. In addition, since the plurality of light applications are authorized to log in the same service, when the operation logic in the light applications needs to be adjusted or the light applications need to be maintained, only the unified service needs to be adjusted or maintained, so that the workload required for adjusting or maintaining the light applications is reduced, and the burden of operation and maintenance personnel is reduced.

In addition, the unified authorization login and authentication service enables service monitoring to be more convenient, so that more stable service is provided for users, and the unified authorization login and authentication service enables the use condition statistics of the light application to be more convenient.

Referring to fig. 8, based on the same inventive concept, an embodiment of the present invention further provides a control apparatus for logging in a light application, which is applied in a login authentication server, and includes:

the receiving and sending unit 801 is configured to receive an authorized login request sent by a user through a target light application in the first application, where the authorized login request is used to request to log in the target light application through a logged-in target account in the first application, and the authorized login request carries a service identifier ID of the target light application;

an obtaining unit 802, configured to obtain a user identifier of a target account from an application server corresponding to a first application when it is determined that the service ID is a service ID of a light application that passes validity verification;

a generating unit 803, configured to generate a login state indication identifier of the target account in the target light application, where the login state indication identifier corresponds to the user identifier and is encrypted in a preset encryption manner, and is used to indicate that the user identifier allowing to use the target account logs in the target light application;

the transceiving unit 801 is further configured to return a login response message to the target light application, where the login response message carries the user identifier and the login state indication identifier, so that the target light application can authenticate the service request of the user by using the user identifier and the login state indication identifier.

Alternatively to this, the first and second parts may,

the transceiving unit 801 is further configured to receive an authentication request sent by a light application server of the target light application, where the authentication request is generated based on a service request of the target light application received by the light application server, and the authentication request carries a service ID, a user identifier, and a login state indication identifier;

the generating unit 803 is further configured to, when it is determined that the service ID is the service ID of the legally accessed light application, obtain a login state verification identifier corresponding to the user identifier in a preset encryption manner;

the transceiving unit 801 is further configured to return an indication result that the authentication is passed to the light application server when the login state indication identifier is verified to be consistent with the login state verification identifier.

Optionally, the user identifier has a set validity period; and the login response message contains the expiration information.

Optionally, the login state indication identifier is encrypted information obtained by encrypting the user identifier and the validity period information in a preset encryption mode;

the generating unit 803 is specifically configured to: obtaining validity period information corresponding to the user identification; when the login state indication identification of the user identification is confirmed to be within the validity period according to the obtained validity period information, encrypting the user identification and the obtained validity period information by adopting a preset encryption mode, and taking the encrypted information as a login state verification identification;

the transceiving unit 801 is further configured to, when it is determined that the login state indication identifier of the user identifier is not within the validity period according to the obtained validity period information, return an indication result that the authentication fails to pass to the light application server.

Optionally, the apparatus further comprises a confirming unit 804, configured to:

and when the preset service ID library comprises the service ID, confirming that the service ID is the service ID of the light application which is legally accessed, wherein the preset ID library stores the service ID corresponding to each light application which is legally verified in advance.

Optionally, if the authorized login request further carries a login code obtained by the target light application from the first application, the transceiver 801 is further configured to:

sending a user identification acquisition request carrying a login code to an application server;

and receiving the user identification returned by the application server based on the login code.

The device may be configured to execute the method that can be executed by the login authentication server in the embodiments shown in fig. 3 to 7, and therefore, for functions and the like that can be realized by each functional module of the device, reference may be made to the description of the embodiments shown in fig. 3 to 7, which is not repeated. Although confirmation section 804 is also shown in fig. 8, confirmation section 804 is shown by a broken line in fig. 8, since confirmation section 804 is not an indispensable functional section.

Referring to fig. 9, based on the same inventive concept, an embodiment of the present invention further provides a control apparatus for logging in a light application, which is applied in a user terminal, and includes:

a transceiving unit 901, configured to send an authorized login request carrying a service ID of a target light application to a login authentication server when receiving an authorization instruction for logging in the target light application in a first application by using a target account already logged in the first application;

the transceiver 901 is further configured to receive a login response message returned by the login authentication server, where the login response message carries a user identifier of the target account and a login state indicator, the login state indicator is generated after the login authentication server passes the verification service ID, and the login state indicator corresponds to the user identifier and is encrypted in a preset encryption manner, so as to indicate that the user identifier that allows the target account to be used logs in the target light application;

and an invoking unit 902, configured to invoke a display page corresponding to the login response message for display.

Alternatively to this, the first and second parts may,

the transceiving unit 901 is further configured to send a service request to a light application server of a target light application when receiving a service operation instruction performed in the target light application, where the service request carries a service ID, a user identifier, and a login state indication identifier; receiving a service response message sent by the light application server;

the calling unit 902 is further configured to call a display page corresponding to the service response message for display; the service response message is generated according to an authentication passing indication result returned after the login authentication server verifies that the service ID passes after the light application server sends an authentication request carrying the service ID to the login authentication server.

The apparatus may be configured to execute the method that can be executed by the target light application side in the embodiments shown in fig. 3 to 7, and therefore, for functions and the like that can be realized by each functional module of the apparatus, reference may be made to the description of the embodiments shown in fig. 3 to 7, which is not repeated.

Referring to fig. 10, based on the same technical concept, an embodiment of the present invention further provides a computer apparatus 100, which may include a memory 1001 and a processor 1002.

The memory 1001 is used for storing computer programs executed by the processor 1002. The memory 1001 may mainly include a storage program area and a storage data area, wherein the storage program area may store an operating system, an application program required for at least one function, and the like; the storage data area may store data created according to use of the computer device, and the like. The processor 1002 may be a Central Processing Unit (CPU), a digital processing unit, or the like. The embodiment of the present invention does not limit the specific connection medium between the memory 1001 and the processor 1002. In fig. 10, the memory 1001 and the processor 1002 are connected by a bus 1003, the bus 1003 is shown by a thick line in fig. 10, and the connection manner between other components is only schematically illustrated and is not limited. The bus 1003 may be divided into an address bus, a data bus, a control bus, and the like. For ease of illustration, only one thick line is shown in FIG. 10, but this is not intended to represent only one bus or type of bus.

Memory 1001 may be a volatile memory (volatile memory), such as a random-access memory (RAM); the memory 1001 may also be a non-volatile memory (non-volatile memory) such as, but not limited to, a read-only memory (rom), a flash memory (flash memory), a Hard Disk Drive (HDD) or a solid-state drive (SSD), or any other medium which can be used to carry or store desired program code in the form of instructions or data structures and which can be accessed by a computer. The memory 1001 may be a combination of the above memories.

A processor 1002 for executing the method performed by the device in the embodiments shown in fig. 3-7 when invoking the computer program stored in said memory 1001.

In some possible embodiments, various aspects of the methods provided by the present invention may also be implemented in the form of a program product including program code for causing a computer device to perform the steps of the methods according to various exemplary embodiments of the present invention described above in this specification when the program product is run on the computer device, for example, the computer device may perform the methods performed by the devices in the embodiments shown in fig. 3-7.

The program product may employ any combination of one or more readable media. The readable medium may be a readable signal medium or a readable storage medium. A readable storage medium may be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination of the foregoing. More specific examples (a non-exhaustive list) of the readable storage medium include: an electrical connection having one or more wires, a portable disk, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.

The program product of the method of embodiments of the present invention may employ a portable compact disc read only memory (CD-ROM) and include program code, and may be run on a computing device. However, the program product of the present invention is not limited in this regard and, in the present document, a readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device.

A readable signal medium may include a propagated data signal with readable program code embodied therein, for example, in baseband or as part of a carrier wave. Such a propagated data signal may take any of a variety of forms, including, but not limited to, electro-magnetic, optical, or any suitable combination thereof. A readable signal medium may also be any readable medium that is not a readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device.

Program code embodied on a readable medium may be transmitted using any appropriate medium, including but not limited to wireless, wireline, optical fiber cable, RF, etc., or any suitable combination of the foregoing.

Program code for carrying out operations for aspects of the present invention may be written in any combination of one or more programming languages, including an object oriented programming language such as Java, C + + or the like and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computing device, partly on the user's device, as a stand-alone software package, partly on the user's computing device and partly on a remote computing device, or entirely on the remote computing device or server. In the case of a remote computing device, the remote computing device may be connected to the user computing device over any kind of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or may be connected to an external computing device (e.g., over the internet using an internet service provider).

It should be noted that although several units or sub-units of the apparatus are mentioned in the above detailed description, such division is merely exemplary and not mandatory. Indeed, the features and functions of two or more of the units described above may be embodied in one unit, according to embodiments of the invention. Conversely, the features and functions of one unit described above may be further divided into embodiments by a plurality of units.

Moreover, while the operations of the method of the invention are depicted in the drawings in a particular order, this does not require or imply that the operations must be performed in this particular order, or that all of the illustrated operations must be performed, to achieve desirable results. Additionally or alternatively, certain steps may be omitted, multiple steps combined into one step execution, and/or one step broken down into multiple step executions.

As will be appreciated by one skilled in the art, embodiments of the present invention may be provided as a method, system, or computer program product. Accordingly, the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.

The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.

These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.

These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.

While preferred embodiments of the present invention have been described, additional variations and modifications in those embodiments may occur to those skilled in the art once they learn of the basic inventive concepts. Therefore, it is intended that the appended claims be interpreted as including preferred embodiments and all such alterations and modifications as fall within the scope of the invention.

It will be apparent to those skilled in the art that various changes and modifications may be made in the present invention without departing from the spirit and scope of the invention. Thus, if such modifications and variations of the present invention fall within the scope of the claims of the present invention and their equivalents, the present invention is also intended to include such modifications and variations.

Claims

1. A control method for logging in light application is characterized in that the control method is applied to a login authentication server in a light application management system, and the login authentication server provides uniform authorized login service for all light applications which are registered in the light application management system; the method comprises the following steps:

receiving an authorized login request sent by a user through a target light application in a first application, wherein the authorized login request is used for requesting to login the target light application by using a logged-in target account in the first application, and the authorized login request carries a service Identifier (ID) of the target light application; when the target light application is registered in the light application management system, the light application management system registers based on an application identifier appid of the target light application, and allocates a corresponding service ID to the target light application, wherein the service ID is used as an identity for calling the authorized login service by the target light application;

when the service ID is confirmed to be the service ID of the light application passing the validity verification, acquiring the user identification of the target account from the application server corresponding to the first application; the light application with validity verification is a light application registered in the light application management system;

2. The method of claim 1, further comprising:

receiving an authentication request sent by a light application server of the target light application, wherein the authentication request is generated based on a service request of the target light application received by the light application server, and the authentication request carries the service ID, the user identifier and the login state indication identifier;

when the service ID is confirmed to be the service ID of the light application which is legally accessed, a login state verification identifier corresponding to the user identifier is obtained in the preset encryption mode;

and when the login state indication identification is verified to be consistent with the login state verification identification, returning an indication result of passing authentication to the light application server.

3. The method of claim 2, wherein the user identifier has a set validity period; and the login response message contains the expiration information.

4. The method according to claim 3, wherein the login status indicator is encrypted information obtained by encrypting the user identifier and the validity period information in a preset encryption manner;

the obtaining of the login state verification identifier corresponding to the user identifier specifically includes:

obtaining validity period information corresponding to the user identification;

when the login state indication identification of the user identification is confirmed to be within the validity period according to the obtained validity period information, encrypting the user identification and the obtained validity period information by adopting the preset encryption mode, and taking the encrypted information as the login state verification identification; and

and when the login state indication mark of the user mark is confirmed not to be in the validity period according to the obtained validity period information, returning an indication result that the authentication is not passed to the light application server.

5. The method according to any of claims 1 to 4, wherein the confirming that the service ID is a service ID of a legally accessed light application comprises:

6. The method according to any one of claims 1 to 4, wherein the authorized login request further carries a login code obtained by the target light application from the first application, and then obtaining the user identifier of the target account from an application server corresponding to the first application comprises:

sending a user identification acquisition request carrying the login code to the application server;

7. A method for controlling login of a light application, the method comprising:

when receiving an authorization indication of logging in a target light application in a first application by using a target account which is logged in the first application, sending an authorization login request carrying a service ID of the target light application to a login authentication server; the login authentication server provides a uniform authorized login service for all light applications which are registered in the light application management system, and when the target light application is registered in the light application management system, the light application management system registers based on an application identifier (appid) of the target light application, allocates a corresponding service ID for the target light application, and uses the service ID as an identity identifier for calling the authorized login service by the target light application;

receiving a login response message returned by the login authentication server, wherein the login response message carries a user identifier of the target account and a login state indication identifier, the login state indication identifier is generated after the login authentication server verifies that the service ID is a service ID of a light application which passes validity verification, and the login state indication identifier corresponds to the user identifier and is encrypted by adopting a preset encryption mode and is used for indicating that the user identifier which uses the target account is allowed to login in the target light application; the light application with validity verification is a light application registered in a management system of the light application;

8. The method of claim 7, wherein after said receiving a login response message returned by said login authentication server, said method further comprises:

when receiving a service operation instruction in the target light application, sending a service request to a light application server of the target light application, wherein the service request carries the service ID, the user identifier and the login state indication identifier;

receiving a service response message sent by the light application server, and calling a display page corresponding to the service response message for display; and the service response message is generated according to an authentication passing indication result returned after the login authentication server verifies that the service ID passes after the light application server sends an authentication request carrying the service ID to the login authentication server.

9. A control device for logging in light application, which is applied to a login authentication server in a light application management system, and is characterized in that the login authentication server provides a uniform authorized login service for all light applications registered in the light application management system, and the device comprises:

the system comprises a receiving and sending unit, a service identification of a identification; when the target light application is registered in the light application management system, the light application management system registers based on an application identifier appid of the target light application, and allocates a corresponding service ID to the target light application, wherein the service ID is used as an identity for calling the authorized login service by the target light application;

an obtaining unit, configured to obtain, when it is determined that the service ID is a service ID of a light application that passes validity verification, a user identifier of the target account from an application server corresponding to the first application; the light application with validity verification is a light application registered in a management system of the light application;

10. The apparatus of claim 9,

the receiving and sending unit is further configured to receive an authentication request sent by a light application server of the target light application, where the authentication request is generated based on a service request of the target light application received by the light application server, and the authentication request carries the service ID, the user identifier, and the login state indicator;

the generating unit is further configured to obtain a login state verification identifier corresponding to the user identifier in the preset encryption manner when the service ID is determined to be the service ID of the legally accessed light application;

and the transceiver unit is further configured to return an indication result that the authentication is passed to the light application server when the login state indication identifier is verified to be consistent with the login state verification identifier.

11. The apparatus of claim 10, wherein the user identification has a set validity period; and the login response message contains the expiration information.

12. The apparatus of claim 11, wherein the login status indicator is encrypted information obtained by encrypting the user identifier and the validity period information in a preset encryption manner;

the generating unit is specifically configured to: obtaining validity period information corresponding to the user identification; when the login state indication identification of the user identification is confirmed to be within the validity period according to the obtained validity period information, encrypting the user identification and the obtained validity period information by adopting the preset encryption mode, and taking the encrypted information as the login state verification identification;

and the transceiver unit is further configured to return an indication result indicating that the authentication fails to pass to the light application server when the login state indication identifier of the user identifier is determined not to be within the validity period according to the obtained validity period information.

13. A control device for logging in a light application, which is applied to a user terminal, is characterized by comprising:

the system comprises a receiving and sending unit, a login authentication server and a processing unit, wherein the receiving and sending unit is used for sending an authorized login request carrying a service ID of a target light application to the login authentication server when receiving an authorized instruction of the target light application logged in the first application by using a target account number logged in the first application; the login authentication server provides a uniform authorized login service for all light applications which are registered in the light application management system, and when the target light application is registered in the light application management system, the light application management system registers based on an application identifier (appid) of the target light application, allocates a corresponding service ID for the target light application, and uses the service ID as an identity identifier for calling the authorized login service by the target light application;

the receiving and sending unit is further configured to receive a login response message returned by the login authentication server, where the login response message carries a user identifier of the target account and a login state indication identifier, the login state indication identifier is generated after the login authentication server verifies that the service ID is a service ID of a light application which passes validity verification, and the login state indication identifier corresponds to the user identifier and is encrypted in a preset encryption manner to indicate that the user identifier of the target account is allowed to login in the target light application; the light application with validity verification is a light application registered in a management system of the light application;

14. A computer device, comprising:

at least one processor; and

the memory stores instructions executable by the at least one processor to enable the at least one processor to perform the method of any one of claims 1-6 or 7-8.

15. A computer storage medium comprising, in combination,

the computer storage medium stores computer instructions that, when executed on a computer, cause the computer to perform the method of any of claims 1-6 or 7-8.