CN113395326B - Network service-based login method, device and computer-readable storage medium - Google Patents

Network service-based login method, device and computer-readable storage medium Download PDF

Info

Publication number
CN113395326B
CN113395326B CN202110554369.7A CN202110554369A CN113395326B CN 113395326 B CN113395326 B CN 113395326B CN 202110554369 A CN202110554369 A CN 202110554369A CN 113395326 B CN113395326 B CN 113395326B
Authority
CN
China
Prior art keywords
login
client
request
network service
service
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202110554369.7A
Other languages
Chinese (zh)
Other versions
CN113395326A (en
Inventor
王俊杰
高胜杰
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Netease Hangzhou Network Co Ltd
Original Assignee
Netease Hangzhou Network Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Netease Hangzhou Network Co Ltd filed Critical Netease Hangzhou Network Co Ltd
Priority to CN202110554369.7A priority Critical patent/CN113395326B/en
Publication of CN113395326A publication Critical patent/CN113395326A/en
Application granted granted Critical
Publication of CN113395326B publication Critical patent/CN113395326B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/02Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0815Network architectures or network communication protocols for network security for authentication of entities providing single-sign-on or federations
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/56Provisioning of proxy services

Abstract

The application relates to the field of computer networks, and provides a login method, equipment and a computer readable storage medium based on network services, which realize the login of a plurality of platforms in an enterprise by using a client account and a client password. The method comprises the following steps: the client initiating the first login request is redirected to an address represented by a third login request through a login interface provided by a login proxy service, so that the network service returns a login page to the browser; redirecting a callback request initiated by a client to a login proxy service to an internal platform through a callback interface provided by the login proxy service, wherein the callback request is initiated after a browser receives a network service unified client account and a password input by a user through a login page and logs in the network service; and returning user information to the client through a user information interface provided by the login agent service to confirm that the user successfully logs in the internal platform. According to the technical scheme, the management cost of the client account and the password of the network service is reduced.

Description

Network service-based login method, device and computer-readable storage medium
Technical Field
The present invention relates to the field of computer networks, and in particular, to a login method and device based on a network service, and a computer-readable storage medium.
Background
In order to record user personal information when using a Web application and provide more convenient service, each user needs to register a corresponding account. With the increase of Web applications, the account number of each user is also rapidly increased. To address the above issues, the Open Authorization protocol version 2.0 (Open Authorization of the 2) nd version, OAuth 2) should be taken over. OAuth2 is an open network protocol for authorization that allows a user to have a third party application access to resources that the user stores on a website without having to provide the third party application with a username and password.
In the development of the internal platform of the enterprise, login verification is carried out based on the OAuth2 service of the company. In order to log in these internal platforms, each internal platform is used as a client in advance, and applies for a corresponding client account (client id) and client password (client secret) from the OAuth2 service. Because each internal platform has different environments such as a development environment, a test environment, a production environment and the like, a large number of client accounts and client passwords need to be applied, and management cost is increased.
Disclosure of Invention
The application provides a login method, equipment and a computer readable storage medium based on network service, which realize the login of a plurality of platforms in an enterprise by using a client account and a client password.
In one aspect, the present application provides a login method based on a network service, including:
redirecting a client initiating a first login request to an address represented by a third login request through a login interface provided by a login proxy service so as to enable a network service to return a login page to the client, wherein the first login request is used for logging in an internal platform;
redirecting a callback request initiated by the client to the login proxy service to the internal platform through a callback interface provided by the login proxy service, wherein the callback request is initiated after the client receives a uniform network service client account and a password input by a user through the login page and logs in the network service;
and returning user information to the client through a user information interface provided by the login proxy service to confirm that the user successfully logs in the internal platform.
Optionally, the redirecting, through a login interface provided by the login proxy service, the client that initiated the first login request to an address represented by a third login request, so that the network service returns a login page to the client, includes: according to the first login request, the client is redirected to an address represented by a second login request; after the client is redirected to an address represented by a second login request, receiving the second login request through a login interface provided by the login proxy service, wherein the second login request comprises a callback address of the internal platform and a login address of the login proxy service; and redirecting the client to the address represented by the third login request according to the second login request so that the network service returns a login page to the client.
Optionally, the redirecting, according to the second login request, the client to an address indicated by a third login request, so that the network service returns a login page to the client includes: recording the callback address of the internal platform in the callback address of the login proxy service in the form of a request parameter, recording the callback address of the login proxy service in the form of a request parameter in a request path formed by the login address of the network service to form an address represented by a third login request, and returning the address to the client through a login interface, so that the client sends the third login request to the network service according to the request path, and the network service returns a login page to the client.
Optionally, the redirecting, to the internal platform, a callback request initiated by the client to the login broker service through a callback interface provided by the login broker service includes: receiving a first callback request initiated to the login proxy service by the client through a callback interface provided by the login proxy service; and the client is enabled to redirect the first callback request to the internal platform, so that the client initiates a second callback request to the internal platform.
Optionally, the redirecting the first callback request to the internal platform by the client to cause the client to initiate a second callback request to the internal platform includes: and recording the token in a request path in the form of a request parameter to form a second callback request, and returning the second callback request to the client through a callback interface so that the client initiates the second callback request to the internal platform.
Optionally, the returning, to the client, user information through a user information interface provided by the login agent service to confirm that the user successfully logs in the internal platform includes: receiving a token through a user information interface provided by the login agent service, wherein the token is returned to the client by the network service after the user successfully logs in the internal platform; sending the token to the network service to request the user information; and sending the user information to the internal platform through the user information interface, and returning the user information to the client by the internal platform to confirm that the user successfully logs in the internal platform.
In another aspect, the present application provides a login method based on OAuth2 service, where the method includes: receiving a first login request for logging in an internal platform sent by a client; redirecting the client initiating the first login request to an address represented by a third login request so that the network service returns a login page to the client; receiving a callback request initiated by the client after the client receives the network service unified client account and the password input by the user through the login page and logs in the network service; and sending the token to the login agent service through a user information interface provided by the login agent service so that the network service returns the user information and then returns the user information to the client to confirm that the user successfully logs in the internal platform.
In a third aspect, the present application provides a login device based on a web service, including:
the first interface processing module is used for redirecting the client initiating the first login request to an address represented by a third login request through a login interface provided by the login proxy service so as to enable the network service to return a login page to the client, wherein the first login request is used for logging in an internal platform;
the second interface processing module is used for redirecting a callback request initiated by the client to the login proxy service to the internal platform through a callback interface provided by the login proxy service, wherein the callback request is initiated after the client receives a uniform network service client account and a password which are input by a user through the login page and logs in the network service;
and the third interface processing module is used for returning user information to the client through a user information interface provided by the login agent service so as to confirm that the user successfully logs in the internal platform.
In a fourth aspect, the present application provides a login device based on a web service, including:
the first receiving module is used for receiving a first login request which is sent by a client and used for logging in an internal platform;
the first login request re-determining module is used for re-determining the address represented by the third login request to the client which initiates the first login request so as to enable the network service to return a login page to the client;
the second receiving module is used for receiving a callback request initiated by the client after the client receives the uniform client account and the password of the network service input by the user through the login page so that the user successfully logs in the network service;
and the sending module is used for sending the token to the login agent service through a user information interface provided by the login agent service so as to enable the network service to return the user information to the client after returning the user information, and thus the user is confirmed to successfully log in the internal platform.
In a fifth aspect, the present application provides a computer device, which includes a memory and a processor, where the memory stores a computer program, and the processor executes the steps in the network service-based login method according to any of the above embodiments by calling the computer program stored in the memory.
In a sixth aspect, the present application provides a computer-readable storage medium, which stores a computer program, where the computer program is suitable for being loaded by a processor to execute the steps in the network service-based login method according to any of the above embodiments.
According to the technical scheme provided by the application, on one hand, the login agent service provides services through the three interfaces, namely the login interface, the callback interface, the user information interface and the like, and a developer of the internal platform only needs to use the interfaces, so that the developer of the internal platform focuses on the development of the functions of the internal platform, and therefore the cost loss can be saved; on the other hand, users of all internal platforms can log in the internal platform through the login proxy service only by inputting the unified client account and password of the network service through the login page, and the fact that each internal platform needs one or more client accounts and passwords of the network service in the prior art is not needed, so that the management cost of the client accounts and passwords of the network service is reduced.
Drawings
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present application, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts.
FIG. 1 is a flowchart of a login method based on a web service according to an embodiment of the present application;
FIG. 2 is a flowchart of a login method based on web services according to another embodiment of the present application;
FIG. 3 is a schematic diagram illustrating interaction among modules in a login method based on a web service according to an embodiment of the present application;
FIG. 4 is a schematic structural diagram of a login device based on a web service according to an embodiment of the present application;
FIG. 5 is a schematic structural diagram of a login device based on a web service according to another embodiment of the present application;
fig. 6 is a schematic structural diagram of an apparatus provided in an embodiment of the present application.
Detailed Description
The technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are only a part of the embodiments of the present application, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
In this specification, adjectives such as first and second may only be used to distinguish one element or action from another, without necessarily requiring or implying any actual such relationship or order. References to an element or component or step (etc.) should not be construed as limited to only one of the element, component, or step, but rather to one or more of the element, component, or step, etc., where the context permits.
In the present specification, the sizes of the respective portions shown in the drawings are not drawn in an actual proportional relationship for the convenience of description.
The embodiment of the application provides a login method based on a network service, as shown in fig. 1. The method illustrated in fig. 1 is implemented by using a login proxy service as an execution subject, and mainly includes steps S101 to S103, which are detailed as follows:
step S101: and redirecting the client initiating the first login request to an address represented by the third login request through a login interface provided by the login proxy service so as to enable the network service to return a login page to the client, wherein the first login request is used for logging in the internal platform.
In the embodiment of the application, the internal platforms are enterprise internal platforms and generally have a plurality of internal platforms, the internal platforms are used as clients of the network service, a client account (client id) and a password (client secret) are required when the network service is logged in, and the first login request carries information such as a login address of the internal platform input by a user through the client. Specifically, as an embodiment of the present application, the redirecting the client to the address indicated by the third login request through the login interface provided by the login proxy service so that the network service returns the login page to the client may be: according to the first login request, the client is redirected to the address represented by the second login request; after the client is redirected to the address represented by the second login request, the second login request is received through a login interface provided by the login proxy service; and redirecting the client to the address represented by the third login request according to the second login request so that the network service returns a login page to the client, wherein the second login request carries information such as a callback address of the internal platform and a login address of the login proxy service.
In the above embodiment, redirecting the client to the address indicated by the third login request according to the second login request, so that the network service returns the login page to the client specifically may be: recording the callback address of the internal platform in the callback address of the login proxy service in the form of request parameters, recording the callback address of the login proxy service in the form of request parameters in a request path formed by the login address of the network service to form an address represented by a third login request, and returning the address to the client through the login interface, so that the client sends the third login request to the network service according to the request path, and the network service returns a login page to the client. Obviously, the third login request sent to the network service carries the callback address of the internal platform and the callback address of the login proxy service.
It should be noted that, in the embodiment of the present application, the client initiating the first login request may be an application program such as a browser, and the network service may be an OAuth2 service, that is, an Open Authorization protocol based version 2.0 (Open Authorization of the 2) nd version, OAuth 2).
Step S102: and redirecting a callback request initiated by the client to the login proxy service to the internal platform through a callback interface provided by the login proxy service, wherein the callback request is initiated after the client receives a network service unified client account and a password input by a user through a login page and logs in the network service.
Through the step S101, the login proxy service obtains the callback address of the internal platform, and sends the callback address of the internal platform and the callback address of the login proxy service to the network service, and the network service obtains the callback address of the internal platform and the callback address of the login proxy service, and returns a login page to the client. And after the client receives the unified client account and the password of the network service input by the user through the login page and the user successfully logs in the network service, the client initiates a callback request to the login proxy service. Here, after the user successfully logs in to the network service, the network service returns a token to the client.
As an embodiment of the present application, redirecting a callback request initiated by a client to a login proxy service to an internal platform through a callback interface provided by the login proxy service may be: receiving a first callback request initiated to a login proxy service by a client through a callback interface provided by the login proxy service; the client is caused to redirect the first callback request to the internal platform such that the client initiates a second callback request to the internal platform. In the above embodiment, the redirecting the first callback request to the internal platform by the client, so that the client initiates the second callback request to the internal platform may be: and recording the token in a callback address of the internal platform in a request parameter form to form a second callback request, and returning the second callback request to the client through the callback interface so that the client initiates the second callback request to the internal platform.
Step S103: and returning user information to the client through a user information interface provided by the login agent service to confirm that the user successfully logs in the internal platform.
As an embodiment of the present application, returning the user information to the client through the user information interface provided by the login agent service to confirm that the user successfully logs in the internal platform may be: receiving a token through a user information interface provided by a login proxy service; sending the token to the network service to request user information; and sending the user information to the internal platform through the user information interface, and returning the user information to the client by the internal platform to confirm that the user successfully logs in the internal platform, wherein the token is returned to the client by the network service after the user successfully logs in the internal platform.
As can be seen from the above login method based on the web service illustrated in fig. 1, on one hand, the login proxy service provides services through three interfaces, i.e., a login interface, a callback interface, and a user information interface, and a developer of the internal platform only needs to use these interfaces, so that the developer of the internal platform focuses on the development of the functions of the internal platform, and thus the cost loss can be reduced; on the other hand, users of all internal platforms can log in the network service through the login proxy service only by inputting the unified client account and the password of the network service through the login page, and the user of each internal platform does not need the client account and the password of the network service like the prior art, so that the management cost of the client account and the password of the network service is reduced.
Referring to fig. 2, a login method based on a web service according to another embodiment of the present application is provided. The method illustrated in fig. 2 is implemented by using an internal platform as an execution subject, and mainly includes steps S201 to S204, which are detailed as follows:
step S201: receiving a first login request sent by a client for logging in an internal platform.
As described above, the first login request carries information such as a login address of the internal platform, and is input by the user through the client.
Step S202: and redirecting the client initiating the first login request to the address represented by the third login request so that the network service returns a login page to the client.
Step S203: and receiving a callback request initiated by a client after the client receives a unified network service client account and a password input by a user through a login page so that the user successfully logs in the network service.
The unified client account and password of the network service mean that the client account and password are used as the unique account and password for logging in the network service no matter how many internal platforms exist, and no matter how many development environments, test environments and production environments are contained in the internal platforms.
Step S204: and sending the token to the network service through a user information interface provided by the login agent service so that the network service returns the user information and then returns the user information to the client to confirm that the user successfully logs in the internal platform.
As described above, the token is returned to the client by the network service after the user successfully logs in the internal platform, and the token sends the internal platform, the unified client account and the password of the network service to the login proxy service through the user information interface provided by the login proxy service, so that the network service returns the user information and then returns the user information to the client to confirm that the user successfully logs in the internal platform.
To further explain the technical solution of the present application, fig. 3 provides an interaction process between the client, the internal platform, the login agent service and the network service, which mainly includes steps S301 to S318, and the following detailed description is provided:
step S301: and receiving a login address of the internal platform input by a user.
The internal platform shown in fig. 3 is multiple, and the client receives the login address of the internal platform input by the user.
Step S302: a first login request is sent to the internal platform.
The client sends a first login request to the internal platform, wherein the first login request carries information such as a login address of the internal platform.
Step S303: the client is redirected to the address represented by the second login request.
The address indicated by the second login request for client redirection may specifically be: the internal platform records the callback address of the internal platform in a request path formed by the login address of the login proxy service in the form of a request parameter to form an address represented by a second login request, and returns the second login request to the client so that the client sends the second login request to the login proxy service according to the address represented by the second login request.
Step S304: a second login request to login to the login proxy service is received.
And the login proxy service receives a second login request for logging in the login proxy service, wherein the second login request carries information such as a callback address of the internal platform and a login address of the login proxy service.
Step S305: the client is redirected to the address indicated by the third login request.
The method specifically comprises the following steps: recording the callback address of the internal platform in the callback address of the login proxy service in the form of request parameters, recording the callback address of the login proxy service in the form of request parameters in a request path formed by the login address of the network service to form an address represented by a third login request, and returning the address to the client through the login interface, so that the client sends the third login request to the network service according to the request path, and the network service returns a login page to the client.
Step S306: a third login request to the network service is sent to the network service to login to the network service.
And a third login request for logging in the network service, which is sent to the network service by the client, carries a callback address of the internal platform and a callback address of the login proxy service, and the callback addresses are recorded in a request path of the third login request in the form of request parameters.
Step S307: and returning the login page to the client.
Step S308: receiving a network service unified client account and a password input by a user.
The client receives a network service unified client account and a password input by a user. It should be noted that, in the embodiment of the present application, the network service unifies the client account and the password for sharing by multiple internal platforms.
Step S309: and initiating a form submission POST request.
The client submits a POST request to a form initiated by the network service to carry the unified client account and password of the network service.
Step S310: a request is initiated to a login proxy service.
When the network service receives the unified client account and password of the network service and verifies the client account and password correctly, the client is redirected, a request is sent to the login proxy service, and the token is recorded in the callback address of the login proxy service in the form of request parameters.
Step S311: a first callback request initiated by a client to a logon proxy service is received.
The login proxy service receives a first callback request initiated by the client to the login proxy service.
Step S312: the client is caused to redirect the first callback request to the internal platform.
The method specifically comprises the following steps: and recording the token in a callback address of the internal platform in a request parameter form to form a second callback request, and returning the second callback request to the client through the callback interface so that the client initiates the second callback request to the internal platform.
Step S313: and receiving a second callback request initiated by the client to the internal platform.
And the internal platform receives a second callback request initiated by the client to the internal platform.
Step S314: a request for user information is sent to a login proxy service.
And in the request of the user information sent to the login proxy service by the internal platform, the token carried by the internal platform is sent to the login proxy service.
Step S315: a request for user information is initiated to a network service.
The logon proxy service uses the received token to initiate a request for user information to the network service.
Step S316: user information is returned to the logon proxy service.
The network service returns user information to the logon proxy service.
Step S317: and returning the user information to the internal platform.
The login agent service returns user information to the internal platform.
Step S318: and returning the user information to the client.
And the internal platform returns the user information to the client, and the client displays the user information after receiving the user information so as to confirm that the user successfully logs in the internal platform.
Referring to fig. 4, a login apparatus based on a web service according to an embodiment of the present application may include a first interface processing module 401, a second interface processing module 402, and a third interface processing module 403, which are described in detail as follows:
a first interface processing module 401, configured to redirect, through a login interface provided by a login proxy service, a client initiating a first login request to an address indicated by a third login request, so that a network service returns a login page to the client, where the first login request is used to log in an internal platform;
a second interface processing module 402, configured to redirect, to the internal platform, a callback request initiated by the client to the login proxy service through a callback interface provided by the login proxy service, where the callback request is initiated after the client receives a network service unified client account and password input by the user through a login page and logs in the network service;
and a third interface processing module 403, configured to return user information to the client through a user information interface provided by the login agent service to confirm that the user successfully logs in the internal platform.
As can be seen from the description of the above technical solutions, on one hand, the login proxy service provides services with three interfaces, such as a login interface, a callback interface, and a user information interface, and a developer of the internal platform only needs to use these interfaces, so that the developer of the internal platform focuses on the development of the functions of the internal platform, thereby saving the cost loss; on the other hand, users of all internal platforms can log in the internal platform through the login proxy service only by inputting the unified client account and password of the network service through the login page, and the fact that each internal platform needs one or more client accounts and passwords of the network service in the prior art is not needed, so that the management cost of the client accounts and passwords of the network service is reduced.
Optionally, in the apparatus illustrated in fig. 4, the first interface processing module 401 may include a second login request receiving unit and a first redirection unit, where:
a second login request receiving unit, configured to receive a second login request through a login interface provided by the login proxy service after the client is redirected to an address indicated by the second login request, where the second login request includes a callback address of the internal platform and a login address of the login proxy service;
and the first redirection unit is used for redirecting the client to the address represented by the third login request according to the second login request so that the network service returns a login page to the client.
Optionally, the first redirection unit is specifically configured to record a callback address of the internal platform in a callback address of the login proxy service in a form of a request parameter, record the callback address of the login proxy service in a request path formed by the login address of the network service in a form of a request parameter, form an address represented by a third login request, and return the address to the client through the login interface, so that the client sends the third login request to the network service according to the request path, so that the network service returns a login page to the client.
Optionally, in the apparatus illustrated in fig. 4, the second interface processing module 402 may include a third redirection unit, a first callback request receiving unit, and a second redirection unit, where:
the third redirection unit is used for redirecting the client to the address represented by the second login request according to the first login request;
the first callback request receiving unit is used for receiving a first callback request initiated by a client to the login proxy service through a callback interface provided by the login proxy service;
and the second redirection unit is used for enabling the client to redirect the first callback request to the internal platform by the third redirection unit so as to enable the client to initiate a second callback request to the internal platform.
Optionally, the second redirection unit is specifically configured to record the token in a request path in the form of a request parameter to form a second callback request, and return the second callback request to the client through the callback interface, so that the client initiates the second callback request to the internal platform.
Optionally, in the apparatus illustrated in fig. 4, the third interface processing module 403 may include an authentication information receiving unit, a first sending unit, and a second sending unit, where:
the authentication information receiving unit is used for receiving a token through a user information interface provided by the login proxy service, wherein the token is returned to the client by the network service after the user successfully logs in the internal platform;
a first sending unit for sending the token to the network service to request the user information;
and the second sending unit is used for sending the user information to the internal platform through the user information interface, and the internal platform returns the user information to the client to confirm that the user successfully logs in the internal platform.
Referring to fig. 5, a network service based login apparatus according to another embodiment of the present application may include a first receiving module 501, a first login request re-determining module 502, a second receiving module 503, and a sending module 504, which are described in detail as follows:
a first receiving module 501, configured to receive a first login request sent by a client to login an internal platform;
a first login request redirection module 502, configured to redirect the client initiating the first login request to an address indicated by the third login request, so that the network service returns a login page to the client;
a second receiving module 503, configured to receive a callback request initiated by a client after the client receives a unified client account and a password of the network service, where the unified client account and the password are input by a user through a login page, so that the user successfully logs in the network service;
the sending module 504 is configured to send the token to the login proxy service through a user information interface provided by the login proxy service, so that the network service returns the user information and then returns the user information to the client, so as to confirm that the user successfully logs in the internal platform.
As can be seen from the description of the above technical solutions, on one hand, the login proxy service provides services with three interfaces, such as a login interface, a callback interface, and a user information interface, and a developer of the internal platform only needs to use these interfaces, so that the developer of the internal platform focuses on the development of the functions of the internal platform, thereby saving the cost loss; on the other hand, users of all internal platforms can log in the internal platform through the login proxy service only by inputting the unified client account and password of the network service through the login page, and the fact that each internal platform needs one or more client accounts and passwords of the network service in the prior art is not needed, so that the management cost of the client accounts and passwords of the network service is reduced.
Fig. 6 is a schematic structural diagram of a computer device according to an embodiment of the present application. As shown in fig. 6, the computer device 6 of this embodiment mainly includes: a processor 60, a memory 61 and a computer program 62, e.g. a program based login method for a web service, stored in the memory 61 and executable on the processor 60. The processor 60, when executing the computer program 62, implements the steps in the above-described network service based login method embodiment, such as steps S101 to S103 shown in fig. 1 or steps S201 to S204 shown in fig. 2. Alternatively, the processor 60 implements the functions of each module/unit in each device embodiment described above when executing the computer program 62, for example, the functions of the first interface processing module 401, the second interface processing module 402, and the third interface processing module 403 shown in fig. 4 or the functions of the first receiving module 501, the first login request redirecting module 502, the second receiving module 503, and the sending module 504 shown in fig. 5.
Illustratively, the computer program 62 of the network service based login method mainly includes: the method comprises the steps that a client initiating a first login request is redirected to an address represented by a third login request through a login interface provided by a login proxy service, so that a network service returns a login page to the client, wherein the first login request is used for logging in an internal platform; redirecting a callback request initiated by a client to the login proxy service to the internal platform through a callback interface provided by the login proxy service, wherein the callback request is initiated after the client receives a network service unified client account and a password input by a user through a login page and logs in the network service; returning user information to the client through a user information interface provided by the login agent service to confirm that the user successfully logs in the internal platform; alternatively, the computer program 62 of the login method based on the web service mainly includes: receiving a first login request for logging in an internal platform sent by a client; redirecting the client initiating the first login request to an address represented by the third login request so that the network service returns a login page to the client; receiving a callback request initiated by a client after the client receives a network service unified client account and a password input by a user through a login page so that the user successfully logs in the network service; and sending the token to the login agent service through a user information interface provided by the login agent service so that the network service returns the user information and then returns the user information to the client to confirm that the user successfully logs in the internal platform. The computer program 62 may be partitioned into one or more modules/units, which are stored in the memory 61 and executed by the processor 60 to accomplish the present application. One or more of the modules/units may be a series of computer program instruction segments capable of performing specific functions that describe the execution of the computer program 62 in the computer device 6. For example, the computer program 62 may be divided into functions of a first interface processing module 401, a second interface processing module 402, and a third interface processing module 403 (modules in a virtual device), and the specific functions of each module are as follows: a first interface processing module 401, configured to redirect, through a login interface provided by a login proxy service, a client initiating a first login request to an address indicated by a third login request, so that a network service returns a login page to the client, where the first login request is used to log in an internal platform; a second interface processing module 402, configured to redirect, to the internal platform, a callback request initiated by the client to the login proxy service through a callback interface provided by the login proxy service, where the callback request is initiated after the client receives a network service unified client account and password input by the user through a login page and logs in the network service; a third interface processing module 403, configured to return user information to the client through a user information interface provided by the login agent service to confirm that the user successfully logs in the internal platform; alternatively, the computer program 62 may be divided into functions of the first receiving module 501, the first registration request resetting module 502, the second receiving module 503, and the sending module 504 (modules in the virtual device), and specific functions of each module are as follows: a first receiving module 501, configured to receive a first login request sent by a client to login an internal platform; a first login request redirection module 502, configured to redirect the client initiating the first login request to an address indicated by the third login request, so that the network service returns a login page to the client; a second receiving module 503, configured to receive a callback request initiated by a client after the client receives a unified client account and a password of the network service, where the unified client account and the password are input by a user through a login page, and the user successfully logs in the network service; the sending module 504 is configured to send the token to the login proxy service through a user information interface provided by the login proxy service, so that the network service returns the user information and then returns the user information to the client, so as to confirm that the user successfully logs in the internal platform.
The computer device 6 may include, but is not limited to, a processor 60, a memory 61. Those skilled in the art will appreciate that fig. 6 is merely an example of a computing device 6 and is not intended to limit the computing device 6 and may include more or fewer components than shown, or some of the components may be combined, or different components, e.g., the computing device may also include an input-output computing device, a network access computing device, a bus, etc.
The Processor 60 may be a Central Processing Unit (CPU), other general purpose Processor, a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), an off-the-shelf Programmable Gate Array (FPGA) or other Programmable logic device, discrete Gate or transistor logic, discrete hardware components, etc. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like.
The storage 61 may be an internal storage unit of the computer device 6, such as a hard disk or a memory of the computer device 6. The memory 61 may also be an external storage computer device of the computer device 6, such as a plug-in hard disk provided on the computer device 6, a Smart Media Card (SMC), a Secure Digital (SD) Card, a Flash memory Card (Flash Card), and the like. Further, the memory 61 may also include both an internal storage unit of the computer device 6 and an external storage computer device. The memory 61 is used for storing computer programs and other programs and data required by the computer device. The memory 61 may also be used to temporarily store data that has been output or is to be output.
It will be apparent to those skilled in the art that, for convenience and brevity of description, only the above-mentioned division of the functional units and modules is illustrated, and in practical applications, the above-mentioned functions may be distributed as required to different functional units and modules, that is, the internal structure of the apparatus may be divided into different functional units or modules to implement all or part of the functions described above. Each functional unit and module in the embodiments may be integrated in one processing unit, or each unit may exist alone physically, or two or more units are integrated in one unit, and the integrated unit may be implemented in a form of hardware, or in a form of software functional unit. In addition, specific names of the functional units and modules are only for convenience of distinguishing from each other, and are not used for limiting the protection scope of the present application. The specific working processes of the units and modules in the above-mentioned apparatus may refer to the corresponding processes in the foregoing method embodiments, and are not described herein again.
In the above embodiments, the descriptions of the respective embodiments have respective emphasis, and reference may be made to the related descriptions of other embodiments for parts that are not described or illustrated in a certain embodiment.
Those of ordinary skill in the art will appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware, or combinations of computer software and electronic hardware. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the implementation. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present application.
In the embodiments provided in the present application, it should be understood that the disclosed apparatus/computer device and method may be implemented in other ways. For example, the above-described apparatus/computer device embodiments are merely illustrative, and for example, a module or a unit may be divided into only one logical function, and may be implemented in other ways, for example, a plurality of units or components may be combined or integrated into another apparatus, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be through some interfaces, indirect coupling or communication connection of devices or units, and may be in an electrical, mechanical or other form.
Units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
In addition, functional units in the embodiments of the present application may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit can be realized in a form of hardware, and can also be realized in a form of a software functional unit.
The integrated modules/units, if implemented in the form of software functional units and sold or used as separate products, may be stored in a non-transitory computer readable storage medium. Based on such understanding, all or part of the processes in the method of the embodiments described above may also be implemented by instructing related hardware through a computer program, where the computer program of the login method based on the web service may be stored in a computer readable storage medium, and when being executed by a processor, the computer program may implement the steps of the embodiments of the methods described above, that is, redirecting, through a login interface provided by a login proxy service, a client initiating a first login request to an address indicated by a third login request, so that the web service returns a login page to the client, where the first login request is used for logging in an internal platform; redirecting a callback request initiated by a client to the login proxy service to the internal platform through a callback interface provided by the login proxy service, wherein the callback request is initiated after the client receives a network service unified client account and a password input by a user through a login page and logs in the network service; returning user information to the client through a user information interface provided by the login agent service to confirm that the user successfully logs in the internal platform; alternatively, a computer program of a login method based on a web service may be stored in a computer readable storage medium, and when being executed by a processor, the computer program may implement the steps of the above embodiments of the method, that is, the computer program 62 of the login method based on the web service mainly includes: receiving a first login request for logging in an internal platform sent by a client; redirecting the client initiating the first login request to an address represented by the third login request so that the network service returns a login page to the client; receiving a callback request initiated by a client after a network service unified client account and a password input by a user through a login page are logged in a network service; and sending the token to the login agent service through a user information interface provided by the login agent service so that the network service returns the user information and then returns the user information to the client to confirm that the user successfully logs in the internal platform. Wherein the computer program comprises computer program code, which may be in the form of source code, object code, an executable file or some intermediate form, etc. The non-transitory computer readable medium may include: any entity or device capable of carrying computer program code, recording medium, U.S. disk, removable hard disk, magnetic disk, optical disk, computer Memory, read-Only Memory (ROM), random Access Memory (RAM), electrical carrier wave signals, telecommunications signals, software distribution media, and the like. It should be noted that the non-transitory computer readable medium may contain content that is subject to appropriate increase or decrease as required by legislation and patent practice in jurisdictions, for example, in some jurisdictions, non-transitory computer readable media does not include electrical carrier signals and telecommunications signals as subject to legislation and patent practice. The above embodiments are only used to illustrate the technical solutions of the present application, and not to limit the same; although the present application has been described in detail with reference to the foregoing embodiments, it should be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; such modifications and substitutions do not depart from the spirit and scope of the embodiments of the present application, and they should be construed as being included in the present application.
The above-mentioned embodiments, objects, technical solutions and advantages of the present application are described in further detail, it should be understood that the above-mentioned embodiments are merely exemplary embodiments of the present application, and are not intended to limit the scope of the present application, and any modifications, equivalent substitutions, improvements and the like made within the spirit and principle of the present application should be included in the scope of the present invention.

Claims (11)

1. A login method based on network service is characterized in that the method comprises the following steps:
the method includes the steps that a client initiating a first login request is redirected to an address represented by a third login request through a login interface provided by a login agent service, so that a network service receives the third login request sent by the client and returns a login page to the client according to the third login request, the first login request is used for logging in an internal platform, the network service is a service based on an open authorization protocol, the internal platform is the client of the network service, the first login request carries a login address of the internal platform input by a user through the client, the client initiating the first login request is an application program, the client initiating the first login request is redirected to the address represented by the third login request through the login interface provided by the login agent service, and the method comprises the following steps: receiving a second login request initiated by the client, and redirecting the second login request to an address represented by a third login request according to the login interface, wherein the second login request is used for logging in the login proxy service, and the second login request carries the address represented by the second login request returned by the internal platform to the client based on the received first login request;
redirecting a callback request initiated by the client to the login proxy service to the internal platform through a callback interface provided by the login proxy service, wherein the callback request is initiated after the client receives a network service unified client account and a password input by a user through the login page and logs in the network service, the internal platform logs in the network service through the network service unified client account and password, and different internal platforms log in the network service through the same network service unified client account and password;
and returning user information to the client through a user information interface provided by the login agent service to confirm that the user successfully logs in the internal platform.
2. The method for login based on network service according to claim 1, wherein the redirecting the client initiating the first login request to the address represented by the third login request through the login interface provided by the login proxy service, so that the network service receives the third login request sent by the client and returns a login page to the client according to the third login request, comprises:
according to the first login request, the client is redirected to an address represented by a second login request;
after the client is redirected to an address represented by a second login request, receiving the second login request through a login interface provided by the login proxy service, wherein the second login request comprises a callback address of the internal platform and a login address of the login proxy service;
and redirecting the client to the address represented by the third login request according to the second login request so that the network service returns a login page to the client.
3. The method for web service-based login according to claim 2, wherein said redirecting the client to the address represented by the third login request according to the second login request to make the web service return the login page to the client comprises: recording the callback address of the internal platform in the callback address of the login proxy service in the form of request parameters, recording the callback address of the login proxy service in the form of request parameters in a request path formed by the login address of the network service to form an address represented by a third login request, and returning the address to the client through a login interface, so that the client sends the third login request to the network service according to the request path, and the network service returns a login page to the client.
4. The web service-based login method of claim 1, wherein said redirecting a callback request initiated by said client to said login proxy service to said internal platform via a callback interface provided by said login proxy service comprises:
receiving a first callback request initiated by the client to the login proxy service through a callback interface provided by the login proxy service;
and the client is enabled to redirect the first callback request to the internal platform, so that the client initiates a second callback request to the internal platform.
5. The web service-based login method of claim 4, wherein said causing the client to redirect the first callback request to the internal platform to cause the client to initiate a second callback request to the internal platform comprises: and recording the token in a request path in the form of a request parameter to form a second callback request, and returning the second callback request to the client through a callback interface so that the client initiates the second callback request to the internal platform.
6. The method as claimed in claim 1, wherein the step of returning user information to the client via the user information interface provided by the login agent service to confirm that the user successfully logs in the internal platform comprises:
receiving a token through a user information interface provided by the login agent service, wherein the token is returned to the client by the network service after the user successfully logs in the internal platform;
sending the token to the network service to request the user information;
and sending the user information to the internal platform through the user information interface, and returning the user information to the client by the internal platform to confirm that the user successfully logs in the internal platform.
7. A login method based on network service is characterized in that the method comprises the following steps:
receiving a first login request for logging in an internal platform, wherein the first login request is sent by a client, the first login request carries a login address of the internal platform input by a user through the client, and the client is an application program;
redirecting the client initiating the first login request to an address represented by a third login request, so that a network service receives the third login request sent by the client and returns a login page to the client according to the third login request, wherein the network service is a service based on an open authorization protocol, and redirecting the client initiating the first login request to the address represented by the third login request comprises: redirecting the client to an address represented by a second login request according to the first login request, so that the client sends the second login request carrying the address represented by the second login request to a login proxy service, and receives the address represented by the third login request redirected by the login proxy service through a login interface;
receiving a callback request initiated after the client receives a network service unified client account and a password input by a user through the login page and logs in the network service, wherein the internal platform logs in the network service through the network service unified client account and the password, and different internal platforms log in the network service through the same network service unified client account and the password;
and sending the token to the login agent service through a user information interface provided by the login agent service so that the network service returns the user information and then returns the user information to the client to confirm that the user successfully logs in the internal platform.
8. A login apparatus based on a web service, the apparatus comprising:
a first interface processing module, configured to redirect, through a login interface provided by a login agent service, a client initiating a first login request to an address represented by a third login request, so that a network service receives the third login request sent by the client and returns a login page to the client according to the third login request, where the first login request is used to log in an internal platform, the network service is a service based on an open authorization protocol, the internal platform is a client of the network service, the first login request carries a login address of the internal platform input by a user through the client, and the client initiating the first login request is an application program, where the login interface provided by the login agent service redirects, to the address represented by the third login request, and the first interface processing module includes: receiving a second login request initiated by the client, and redirecting the second login request to an address represented by a third login request according to the login interface, wherein the second login request is used for logging in the login proxy service, and the second login request carries the address represented by the second login request returned by the internal platform to the client based on the received first login request;
a second interface processing module, configured to redirect, to the internal platform, a callback request initiated by the client to the login proxy service through a callback interface provided by the login proxy service, where the callback request is initiated after the client receives a unified client account and a password of the network service, which are input by a user through the login page, and logs in the network service, where the internal platform unifies a client account and a password through the network service, and different internal platforms log in the network service through the same unified client account and password of the network service;
and the third interface processing module is used for returning user information to the client through a user information interface provided by the login agent service so as to confirm that the user successfully logs in the internal platform.
9. A login apparatus based on a web service, the apparatus comprising:
the system comprises a first receiving module, a second receiving module and a third receiving module, wherein the first receiving module is used for receiving a first login request which is sent by a client and used for logging in an internal platform, the first login request carries a login address of the internal platform input by a user through the client, and the client is an application program;
a first login request redirecting module, configured to redirect a client that initiates the first login request to an address represented by a third login request, so that a network service receives the third login request sent by the client and returns a login page to the client according to the third login request, where the network service is a service based on an open authorization protocol, the internal platform is the client of the network service, the first login request carries a login address of the internal platform input by the user through the client, and the client that initiates the first login request is an application program, where the client that initiates the first login request is redirected to the address represented by the third login request through a login interface provided by a login proxy service, and the method includes: receiving a second login request initiated by the client, and redirecting the second login request to an address represented by a third login request according to the login interface, wherein the second login request is used for logging in the login proxy service, and the second login request carries an address represented by the second login request which is returned to the client by the internal platform based on the received first login request;
a second receiving module, configured to receive a callback request initiated by the client after the client receives a unified client account and a password of the network service, where the client account and the password are input by the user through the login page, and the user successfully logs in the network service, where the internal platforms log in the network service through the unified client account and the password of the network service, and different internal platforms log in the network service through the unified client account and the password of the same network service;
and the sending module is used for sending the token to the login agent service through a user information interface provided by the login agent service so as to enable the network service to return the user information to the client after returning the user information, and thus the user is confirmed to successfully log in the internal platform.
10. A computer arrangement comprising a memory, a processor and a computer program stored in the memory and being executable on the processor, wherein the processor implements the steps of the network service based login method according to any of the claims 1 to 6 when executing the computer program or implements the steps of the network service based login method according to claim 7 when executing the computer program.
11. A computer-readable storage medium, in which a computer program is stored, which, when being executed by a processor, carries out the steps of the network service based login method according to one of the claims 1 to 6 or carries out the steps of the network service based login method according to claim 7.
CN202110554369.7A 2021-05-20 2021-05-20 Network service-based login method, device and computer-readable storage medium Active CN113395326B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110554369.7A CN113395326B (en) 2021-05-20 2021-05-20 Network service-based login method, device and computer-readable storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110554369.7A CN113395326B (en) 2021-05-20 2021-05-20 Network service-based login method, device and computer-readable storage medium

Publications (2)

Publication Number Publication Date
CN113395326A CN113395326A (en) 2021-09-14
CN113395326B true CN113395326B (en) 2023-03-24

Family

ID=77618448

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110554369.7A Active CN113395326B (en) 2021-05-20 2021-05-20 Network service-based login method, device and computer-readable storage medium

Country Status (1)

Country Link
CN (1) CN113395326B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114726917B (en) * 2022-05-12 2022-09-20 北京搜狐新动力信息技术有限公司 Redirection processing method and system

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2015135331A1 (en) * 2014-03-10 2015-09-17 百度在线网络技术(北京)有限公司 Authorization method, apparatus and system for authentication

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103220344B (en) * 2013-03-29 2016-08-31 新浪技术(中国)有限公司 Microblogging licenses method and system
CN103269349A (en) * 2013-06-13 2013-08-28 百度在线网络技术(北京)有限公司 Social log-in method, system and device
CN103347002B (en) * 2013-06-13 2016-10-26 百度在线网络技术(北京)有限公司 Socialization's login method, system and device
US10356080B2 (en) * 2017-03-17 2019-07-16 Verizon Patent And Licensing Inc. System and method for centralized authentication and authorization for cloud platform with multiple deployments
CN109286633A (en) * 2018-10-26 2019-01-29 深圳市华云中盛科技有限公司 Single sign-on method, device, computer equipment and storage medium
CN109936565A (en) * 2019-01-28 2019-06-25 平安科技(深圳)有限公司 Log in the method, apparatus, computer equipment and storage medium of multiple service clusters

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2015135331A1 (en) * 2014-03-10 2015-09-17 百度在线网络技术(北京)有限公司 Authorization method, apparatus and system for authentication

Also Published As

Publication number Publication date
CN113395326A (en) 2021-09-14

Similar Documents

Publication Publication Date Title
CN111062024B (en) Application login method and device
US11218590B2 (en) Systems and methods for providing call verification
CN108718337B (en) Website account login, verification and verification information processing method, device and system
CN102594817A (en) Password agent method, user terminal equipment and password agent server
CN111163130B (en) Network service system and data transmission method thereof
CN112039826B (en) Login method and device applied to applet end, electronic equipment and readable medium
CN104636924A (en) Safe payment method, server and system
CN113347206A (en) Network access method and device
CN109891415B (en) Securing a Web server for an unauthorized client application
CN112702336A (en) Security control method and device for government affair service, security gateway and storage medium
CN111163052B (en) Method, device, medium and electronic equipment for connecting Internet of things platform
CN113395326B (en) Network service-based login method, device and computer-readable storage medium
US20160248773A1 (en) Authorizations For Computing Devices To Access A Protected Resource
CN109951487A (en) A kind of portal authentication method and device
CN111666590A (en) Distributed file secure transmission method, device and system
CN103559430A (en) Application account management method and device based on android system
CN113079085B (en) Business service interaction method, business service interaction device, business service interaction equipment and storage medium
CN104714760A (en) Method and device for read and write storage device
EP3329650B1 (en) Providing multi-factor authentication credentials via device notifications
CN113904774A (en) Block chain address authentication method and device and computer equipment
CN113055186A (en) Cross-system service processing method, device and system
CN113132400A (en) Business processing method, device, computer system and storage medium
CN105427100A (en) Bank card transaction method, apparatus and system
CN105656879A (en) Method for lending account to others and corresponding system
CN112311716A (en) Data access control method and device based on openstack and server

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant