CN114710295A

CN114710295A - Token updating method, device, electronic equipment and medium

Info

Publication number: CN114710295A
Application number: CN202210483838.5A
Authority: CN
Inventors: 刘少耿; 张永乐; 张鉴石; 李康
Original assignee: Apollo Zhilian Beijing Technology Co Ltd
Current assignee: Apollo Zhilian Beijing Technology Co Ltd
Priority date: 2022-05-05
Filing date: 2022-05-05
Publication date: 2022-07-05

Abstract

The disclosure provides a token updating method, a token updating device, electronic equipment and a token updating medium, and relates to the technical field of computers. The specific implementation scheme is as follows: receiving a first updating request sent by a client; responding to the validity of the first updating token, updating the first access token associated with the first updating token to obtain a second access token for updating the first access token; sending a first update response to the client; and in response to receiving the first confirmation response sent by the client, setting the state of the first updating token to be an invalid state. Therefore, the authentication server invalidates the first update token only when the client receives the second access token definitely according to the first confirmation response sent by the client, and the situation that the client cannot update the first access token according to the first update token due to invalidation of the first update token under the condition that the client does not receive the second access token can be avoided, so that the problem of repeated login of the client can be avoided.

Description

Token updating method, device, electronic equipment and medium

Technical Field

The present disclosure relates to the field of computer technologies, and in particular, to the field of network security technologies, and in particular, to a token updating method and apparatus, an electronic device, and a medium.

Background

The Open Authorization protocol provides a secure, Open and simple standard for Authorization of resources, and under the framework of the Open protocol, a user (Resource Owner) is allowed to authorize a third-party application (or a Client) to access resources (such as photos, videos, contact lists, and the like) stored on a Resource Server (also referred to as a service provider) by the user (or a Client)) without providing a user account and a password to the third-party application, and without sharing access permission of the user or all resources of the user, access and use of the resources by the third-party application can be controlled.

Currently, when the OAuth protocol is used for resource authorization, a token (token) authentication mode is usually adopted for resource authorization, so that a corresponding resource can be obtained from a resource server according to the authenticated token. Wherein the token has a corresponding validity period. When the token is invalid, if the token cannot be updated in time, the user needs to log in again for authorization authentication, the operation is complicated, and the user experience is poor.

Therefore, when the token fails, it is very important how to realize automatic updating of the token to avoid frequent login of the user.

Disclosure of Invention

The disclosure provides a token updating method, a token updating device, an electronic device and a medium.

According to an aspect of the present disclosure, there is provided a token updating method including:

receiving a first updating request sent by a client, wherein the first updating request is generated according to a first updating token when a first access token stored by the client is invalid;

in response to the first update token being valid, updating the first access token associated with the first update token to obtain a second access token for updating the first access token;

sending a first update response to the client, wherein the first update response comprises the second access token;

and in response to receiving a first confirmation response sent by the client, setting the state of the first update token to be an invalid state, wherein the first confirmation response is sent by the client according to the second access token.

According to another aspect of the present disclosure, there is provided a token updating method including:

when the stored first access token is invalid, sending a first updating request to an authentication server, wherein the first updating request carries a first updating token;

in response to receiving a first update response sent by the authentication server, sending a first confirmation response to the authentication server;

the first updating response is generated by the authentication server responding to the validity of the first updating token, updating the first access token associated with the first updating token to obtain a second access token used for updating the first access token, and generating the second access token according to the second access token; the first confirmation response is used for the authentication server to set the state of the first update token to a failure state.

According to still another aspect of the present disclosure, there is provided a token updating apparatus including:

the client comprises a first receiving module and a second receiving module, wherein the first receiving module is used for receiving a first updating request sent by a client, and the first updating request is generated according to a first updating token when a first access token stored by the client is invalid;

an update module, configured to update the first access token associated with the first update token in response to the first update token being valid, to obtain a second access token for updating the first access token;

a first sending module, configured to send a first update response to the client, where the first update response includes the second access token;

and the first setting module is used for setting the state of the first update token to be a failure state in response to receiving a first confirmation response sent by the client, wherein the first confirmation response is sent by the client according to the second access token.

the authentication server comprises a first sending module, a first updating module and a second sending module, wherein the first sending module is used for sending a first updating request to the authentication server when a stored first access token is invalid, and the first updating request carries a first updating token;

the second sending module is used for responding to the first updating response sent by the authentication server and sending a first confirmation response to the authentication server;

According to still another aspect of the present disclosure, there is provided an electronic device including:

at least one processor; and

a memory communicatively coupled to the at least one processor; wherein the content of the first and second substances,

the memory stores instructions executable by the at least one processor to enable the at least one processor to perform a method for token updating as set forth in the above-mentioned one aspect of the disclosure or to perform a method for token updating as set forth in the above-mentioned another aspect of the disclosure.

According to yet another aspect of the present disclosure, there is provided a non-transitory computer readable storage medium of computer instructions for causing a computer to perform the token updating method set forth in the above-mentioned one aspect of the present disclosure or perform the token updating method set forth in the above-mentioned another aspect of the present disclosure.

According to yet another aspect of the present disclosure, there is provided a computer program product comprising a computer program which, when executed by a processor, implements the token updating method proposed by the above-mentioned aspect of the present disclosure, or implements the token updating method proposed by the above-mentioned aspect of the present disclosure.

It should be understood that the statements in this section do not necessarily identify key or critical features of the embodiments of the present disclosure, nor do they limit the scope of the present disclosure. Other features of the present disclosure will become apparent from the following description.

Drawings

The drawings are included to provide a better understanding of the present solution and are not to be construed as limiting the present disclosure. Wherein:

FIG. 1 is a schematic diagram of the membership and authorization principles of the OAuth protocol;

FIG. 2 is a schematic diagram of a process for a client to obtain a new access token using an update token;

fig. 3 is a flowchart illustrating a token updating method according to an embodiment of the disclosure;

fig. 4 is a flowchart illustrating a token updating method according to a second embodiment of the disclosure;

FIG. 5 is a schematic diagram of an access token update process with a handshake mechanism provided by the present disclosure;

fig. 6 is a flowchart illustrating a token updating method according to a third embodiment of the disclosure;

fig. 7 is a schematic flowchart of a token updating method according to a fourth embodiment of the disclosure;

fig. 8 is a schematic flowchart of a token updating method according to a fifth embodiment of the present disclosure;

fig. 9 is a schematic flowchart of a token updating method according to a sixth embodiment of the present disclosure;

fig. 10 is a schematic flowchart of a token updating method according to a seventh embodiment of the present disclosure;

fig. 11 is a schematic structural diagram of a token updating apparatus according to an eighth embodiment of the present disclosure;

fig. 12 is a schematic structural diagram of a token updating apparatus according to a ninth embodiment of the present disclosure;

FIG. 13 shows a schematic block diagram of an example electronic device that may be used to implement embodiments of the present disclosure.

Detailed Description

Exemplary embodiments of the present disclosure are described below with reference to the accompanying drawings, in which various details of the embodiments of the disclosure are included to assist understanding, and which are to be considered as merely exemplary. Accordingly, those of ordinary skill in the art will recognize that various changes and modifications of the embodiments described herein can be made without departing from the scope and spirit of the present disclosure. Also, descriptions of well-known functions and constructions are omitted in the following description for clarity and conciseness.

At present, the members of OAuth protocol and authorization principle are shown in fig. 1, where the members of OAuth protocol include a Resource Owner (i.e. user), a Client (i.e. third-party application platform), a Resource Server (Resource Server), and an Authentication Server (Authentication Server), and the authorization step may include:

(A) after a resource owner (user) opens a client, the client requests the resource owner to give authorization.

(B) The resource owner agrees to give authorization to the client.

(C) And (C) the client applies for a token from the authentication server by using the authorization information and the authentication information (account and password) obtained in the step (B).

(D) And the authentication server authenticates the client according to the authentication information, if the client passes the authentication, the client agrees to issue the token, and if the client fails the authentication, the client refuses to issue the token.

(E) And the client applies for acquiring the resources from the resource server by using the token sent by the authentication server.

(F) And the resource server confirms that the token is correct and agrees to open the resource matched with the authorization information to the client.

The authentication server may send two tokens to the client at the same time, where one token is an access token (access token) for accessing a resource in the resource server, and the other token is an update token (refresh token) for obtaining a new access token. When the validity period of the access token expires, as shown in fig. 2, the client may generate an update request (such as a Hyper Text Transfer Protocol (HTTP) request) according to the update token, and send the update request to the authentication server to apply for obtaining a new access token.

As an example, the following parameters may be included in the update request:

first, granttype: the authorization mode used is shown, and the value of the parameter can be fixed as 'refresh _ token', which is a necessary option;

for example, granttype may be as follows:

grant _ type ═ refresh _ token & refresh _ token ═ xGzv3JOkF0 XWIA; wherein the string "xGzv 3JOkF0 XWIA" represents the content of the update token.

Second, refresh _ token: indicating an update token received earlier, a mandatory option.

Third, scope: the authorization scope of the application cannot exceed the authorization scope of the last application of the client, and if the parameter is omitted, the authorization scope of the last application is consistent with the authorization scope of the last application.

In the related art, when the access token stored in the client fails, the client may send an update request to the authentication server according to the update token, and after the authentication server receives the update request and sends a new access token to the client in response to the update request, the update token stored in the authentication server fails, that is, after the authentication server returns the new access token and the new update token to the client, the authentication server fails the original update token.

However, in the process that the authentication server returns a new access token to the client, if the new access token is lost, because the original update token is invalid at this time, the client cannot acquire the new access token by using the original update token any more, and the user must log in again to acquire the new access token.

In the manner, the user needs to log in again to obtain a new access token, the operation is complicated, the user experience is poor, and the efficiency of accessing resources by the user is influenced by repeated login.

For example, in the process that the authentication server returns a new access token to the client, if the network is interrupted, so that the client does not receive the new access token, because the original update token is invalid at this time, the client cannot use the original update token to obtain the new access token any more, and the user must log in again to obtain the new access token.

Due to the situation, the user needs to log in again and repeatedly perform authorization authentication to acquire the new access token, so that the user cannot acquire the corresponding resource in the resource server in time, and the user experience is poor.

In order to solve the above problems, the present disclosure provides a token updating method, apparatus, electronic device, and medium.

Token update methods, apparatuses, electronic devices, and media according to embodiments of the present disclosure are described below with reference to the accompanying drawings.

Fig. 3 is a flowchart illustrating a token updating method according to an embodiment of the disclosure.

The token updating method of the embodiment of the disclosure can be applied to an authentication server.

As shown in fig. 3, the token updating method may include the steps of:

step 301, receiving a first update request sent by a client, where the first update request is generated according to a first update token when a first access token stored by the client is invalid.

In an example embodiment, the first access token and the first update token are generated by the authentication server and sent to the client, and the client may store the first access token and the first update token in association after receiving the first access token and the first update token.

In an example embodiment, the first access token has a corresponding validity period, i.e. the access token has an expiration of the valid state. For example, the authentication server may set a validity period for the first access token, for example, after generating the first access token and the first update token, the authentication server may set the validity period for the first access token and send the first update token and the first access token with the validity period to the client, so that the client may correspondingly store the first update token and the first access token with the validity period.

In order to avoid frequent login of the user and/or increase the processing load of the authentication server in order to avoid frequent update request transmission by the client, the duration of the validity period of the first access token should not be set to be short, for example, the duration of the validity period of the first access token may be 1h (hour), 1d (day ), 1w (week), and the like, which is not limited by the disclosure.

Taking the duration of the validity period of the first access token as 1d for example, assuming that the time when the authentication server generates the first access token is 07:56:00 of month No. 1 of a year, the expiration time of the validity state of the first access token is 07:56:00 of month No. 2 of the year. I.e. when the number 07:56:00 of month 2 of the year is reached, the first access token is invalidated.

It should be noted that the duration of the validity period of the first access token may be dynamically adjusted according to an actual application scenario and an application requirement, which is not limited by the present disclosure.

In an example embodiment, upon expiration of a first access token stored by the client, the client may generate a first update request based on the first update token and send the first update request to the authentication server to request the authentication server to update the first access token. Wherein the first update request may carry a first update token.

As an example, a first update request is taken as an HTTP request carrying a first update token, and the first update request may include the following parameters:

grant _ type: indicating the authorization mode used.

refresh _ token: representing a first update token.

scope: and if the parameter is omitted, the authorization range of the current application is consistent with the authorization range of the last application.

For example, the first update request sent by the client to the authentication server may be:

POST/token HTTP/1.1

Host:server.example.com

Authorization:Basic czZCaGRSa3F0MzpnWDFmQmF0M2JW

Content-Type:application/x-www-form-urlencoded

grant_type＝refresh_token&refresh_token＝JOkF0XG5Qx2T

wherein, the meanings of the above items are as follows:

the/token represents an API (Application Programming Interface) address required to be provided by the authentication server, and the client requests the address by using a POST (POST) mode;

authorization represents an Authorization credential to access a protected resource;

Content-Type, which represents the encoding format of the first updating request and is a default form Type;

grant _ type: representing the authorization mode used, the value of the parameter can be fixed as "refresh _ token";

refresh _ token represents a first update token whose content is, for example, "JOkF 0XG5Qx 2T".

In an example embodiment, an authentication server may receive a first update request sent by a client.

It should be noted that, in practical application, the first update request may also be generated according to the first update token when the first access token is about to fail, that is, in the present disclosure, the client may generate the first update request according to the first update token in response to reaching a target time, where the target time is within a set time period before an expiration time of a valid state of the first access token stored by the client.

The duration of the set time period is preset, for example, the duration of the set time period may be 8 minutes, 10 minutes, 15 minutes, and the like, which is not limited by the disclosure.

Still taking the example above, assuming that the expiration time of the validity state of the first access token is 07:56:00 of month 2 of the year, and the set period is 10 minutes in duration, the set period may be a time period of 07:46:00 to 07:56:00 of month 2 of the year, and if the target time is between 07:46:00 to 07:56:00 of month 2 of the year, the first update request may be generated based on the first update token associated with the first access token.

Step 302, in response to the first update token being valid, updating the first access token associated with the first update token to obtain a second access token for updating the first access token.

In an example embodiment, the authentication server, upon receiving the first update request, may parse the first update request to obtain the first update token. After the first update token is obtained through analysis, the first update token may be checked to determine whether the first update token is valid and whether the content of the first update token is correct, and under the condition that the first update token is determined to be valid and the content of the first update token is checked to be correct, the first access token associated with the first update token may be updated, so as to obtain a second access token for updating the first access token.

Optionally, the authentication server may also set a validity period for the second access token, i.e. set an expiration time for the validity state of the second access token. For example, taking the duration of the validity period of the second access token as 1d as an example, assuming that the time when the authentication server generates the second access token is 08:00:00 of month No. 1 of a year, the expiration time of the validity period of the second access token is 08:00:00 of month No. 2 of the year, that is, the second access token is invalid at 08:00:00 of month No. 2 of the year.

Step 303, sending a first update response to the client, wherein the first update response includes the second access token.

In an example embodiment, the authentication server may generate a first update response from the second access token and may send the first update response to the client, where the first update response may include the second access token.

And step 304, in response to receiving a first confirmation response sent by the client, setting the state of the first update token to be an invalid state, wherein the first confirmation response is sent by the client according to the second access token.

In an example embodiment, the client, after receiving the first update response, may parse the first update response to obtain the second access token from the first update response. Therefore, after the client acquires the second access token, a first confirmation response can be generated according to the second access token, wherein the first confirmation response is used for indicating that the client receives the second access token. After generating the first acknowledgement response, the client may send the first acknowledgement response to the authentication server, and accordingly, the authentication server may receive the first acknowledgement response sent by the client. When the authentication server receives the first determination response, it may confirm that the client has received the second access token, and at this time, since the client has already acquired the new access token (i.e., the second access token), it may continue to access the resource in the resource server according to the new access token, and therefore, the old update token (i.e., the first update token) is useless, and therefore, the authentication server may set the state of the first update token to the disabled state.

According to the token updating method, a first updating request sent by a client is received, wherein the first updating request is generated according to a first updating token when a first access token stored by the client is invalid; in response to the first update token being valid, updating a first access token associated with the first update token to obtain a second access token for updating the first access token; sending a first update response to the client, wherein the first update response comprises a second access token; and in response to receiving a first confirmation response sent by the client, setting the state of the first updating token to be a failure state, wherein the first confirmation response is sent by the client according to the second access token. Therefore, the authentication server invalidates the first update token under the condition that the client receives the second access token definitely according to the first confirmation response sent by the client, so that the condition that the client cannot update the first access token according to the first update token due to invalidation of the first update token under the condition that the client does not receive the second access token can be avoided, the problem of repeated login of the client can be avoided, and the use experience of the user can be effectively improved.

In order to clearly illustrate how the authentication server generates the first access token and the first update token in the above embodiments of the present disclosure, the present disclosure also provides a token update method.

Fig. 4 is a flowchart illustrating a token updating method according to a second embodiment of the disclosure.

As shown in fig. 4, the token updating method may include the steps of:

step 401, receiving a token acquisition request sent by a client, where the token acquisition request carries authorization information and authentication information.

In an example embodiment, the token obtaining request may be used to obtain an access token and an update token, and the token obtaining request may carry authorization information and authentication information. The authorization information may include information such as the resource authorization range and authorization type of the application; the authentication information may include information such as a user account and a password, where the user account may be a mobile phone number, a mailbox number, and the like, which is not limited in this disclosure.

In an example embodiment, the client may send a token obtaining request to the authentication server, and accordingly, the authentication server may receive the token obtaining request sent by the client, where the token obtaining request may carry the authorization information and the authentication information.

And 402, authenticating the client according to the authentication information.

In an example embodiment, after receiving the token obtaining request, the authentication server may parse the token obtaining request to obtain the authentication information and the authorization information from the token obtaining request, and may authenticate the client according to the obtained authentication information.

And step 403, responding to the client authentication, and sending a token obtaining response to the client, where the token obtaining response includes a first access token and a first update token, and the first access token is used for accessing the target resource matched with the authorization information in the resource server.

In an example embodiment, the target resource may be a resource in the resource server that matches the authorization information parsed from the token acquisition request.

In an example embodiment, in the case that the client passes the authentication, the authentication server may generate a first access token according to the authorization information, where the first access token is used to access the target resource in the resource server that matches the authorization information, and may also generate a first update token, where the first update token is used to update the first access token. After generating the first update token and the first access token, the authentication server may generate a token obtaining response according to the first update token and the first update token, and send the token obtaining response to the client. The token obtaining response may include the first access token and the first update token.

In one possible implementation of the example embodiment, after the authentication server generates the first access token and the first update token, the authentication server may further set the state of the first update token to a valid state, and may store the first update token in association with the first access token.

Therefore, when the first access token stored by the client fails, the client can generate an update request according to the valid first update token to request the authentication server to update the first access token associated with the first update token, so that the situation that the user information and resources are leaked due to the fact that the authentication server updates other access tokens (for example, the access tokens not associated with the first update token are not updated) can be avoided, that is, the situation that the user information and resources are leaked due to the fact that other access tokens are updated by mistake can be avoided, and the safety of the user resources can be improved.

Step 404, receiving a first update request sent by the client, where the first update request is generated according to a first update token when a first access token stored by the client fails.

Step 405, in response to the first update token being valid, updating the first access token associated with the first update token to obtain a second access token for updating the first access token.

Step 406, sending a first update response to the client, wherein the first update response includes the second access token.

The execution process of steps 404 to 406 may refer to the execution process of any embodiment of the present disclosure, and is not described herein again.

In any of the embodiments of the example, in order to further avoid the problem of repeated login of the client, in this example, when the authentication server updates the first access token associated with the first update token, the authentication server may further update the first update token to obtain a second update token, and send the second update token to the client. Wherein the second update token is used to update the second access token.

After receiving the second update token, the client may perform associated storage on the second update token and the second access token, so that when the second access token stored by the client is invalid, a new update request may be generated according to the second update token, and the new update request is sent to the authentication server, so that the authentication server updates the second access token associated with the second update token according to the second update token in the new update request, and obtains a third access token for updating the second access token.

That is, in an example embodiment, the first update response may include not only the second access token but also a second update token, where the second update token is used to update the second access token. The authentication server may set the state of the second update token to a valid state, and may store the second update token in association with the second access token.

Therefore, when the second access token is invalid, the client can apply for updating the second access token to the authentication server according to the valid second update token, and the authentication server can timely and effectively update the second access token according to the valid second update token so as to prevent the client from obtaining the updated access token in a re-login manner. In addition, the failure of the second access token can be avoided, and the client applies for updating the second access token to the authentication server according to the first updating token which is not associated with the second access token, so that the situation that the second access token cannot be updated is avoided, and the problem that the client logs in repeatedly can be further avoided.

Step 407, in response to receiving a first confirmation response sent by the client, setting the state of the first update token to be an invalid state, where the first confirmation response is sent by the client according to the second access token.

The execution process of step 407 may refer to the execution process of any embodiment of the present disclosure, which is not described herein again.

As an example, the interaction information between the client and the authentication server may be as shown in fig. 5, wherein the authentication server may store the update token and the access token association into a remote dictionary service Redis. When the first access token (i.e., the old access token) stored by the client is invalid, the client may generate a first update request using a first update token associated with the first access token, and send the first update request to the authentication server, wherein the first update request is used to obtain a new access token (i.e., a second access token) to update the first access token with the second access token. After the client obtains the second access token, a callback "confirm" operation may be synchronized to the authentication server, i.e., the client may send a first confirm response to the authentication server to indicate to the authentication server that the client has received the second access token. The authentication server can determine that the client has received the second access token according to the first confirmation response, and at this time, the state of the first update token can be set to be a failure state, that is, in this example, a two-way feedback handshake mechanism can be added between the client and the authentication server, so that a situation that the client fails to update the first access token according to the first update token due to failure of the first update token when the client does not receive the second access token can be avoided, thereby avoiding a problem that the client logs in repeatedly, and improving use experience of the user.

The token updating method of the embodiment of the disclosure receives a token acquisition request sent by a client, wherein the token acquisition request carries authorization information and authentication information; authenticating the client according to the authentication information; and responding to the passing of the client authentication, and sending a token acquisition response to the client, wherein the token acquisition response comprises a first access token and a first updating token, and the first access token is used for accessing the target resource matched with the authorization information in the resource server. Therefore, the authentication server authenticates the client according to the authentication information sent by the client, and sends the first access token and the first update token to the client only when the client passes the authentication, so that the condition that the resource in the resource server is accessed by an unauthorized client can be avoided, and the safety of the resource in the resource server is improved. In addition, the first access token can only be used for accessing the target resource matched with the authorization information corresponding to the client in the resource server, so that the client can be prevented from accessing the resource which is not authorized by the client in the resource server, and the security of the resource owner can be improved.

In one possible implementation of the example embodiment, the authentication server may also set a validity period of the first update token, i.e. set an expiration time of the validity state of the first update token. For example, the authentication server may set the expiration time of the valid state of the first update token while sending the first update response to the client, i.e., the authentication server may set the expiration time of the corresponding valid state for the first update token.

As an example, the authentication server may set the expiration time of the valid state of the first update token according to the second set duration while sending the first update response to the client. The second set time period may be a preset time period, for example, the second set time period may be 4 minutes, 5 minutes, 6 minutes, 7 minutes, and the like, which is not limited in this disclosure.

For example, assuming that the time when the authentication server sends the first update response to the client is 08:00:00 and the second set time period is 5 minutes, the authentication server may set the expiration time of the valid state of the first update token to 08:00: 05.

In an example embodiment, if the authentication server receives the first confirmation response before the expiration time of the first update token is not reached, the state of the first update token may be set to the failed state upon receiving the first update response; and if the authentication server does not receive the first confirmation response when the expiration time of the first update token is reached, setting the state of the first update token to a failure state in response to the expiration time of the first update token being reached.

It should be noted that, during actual application, a network abnormality may also occur, which may cause the client to unsuccessfully receive the first update response, and at this time, the client may further continue to send an update request to the authentication server according to the first update token, so as to update the first access token. Correspondingly, after receiving the update request, the authentication server can judge whether the first update token is valid according to the expiration time of the valid state of the first update token, and if the first update token is valid, the authentication server can continue to send the updated second access token to the client, so as to avoid the problem of repeated login of the client. The above process is explained in detail with reference to fig. 6.

Fig. 6 is a flowchart illustrating a token updating method according to a third embodiment of the disclosure.

As shown in fig. 6, the token updating method may include the steps of:

step 601, receiving a first update request sent by a client, where the first update request is generated according to a first update token when a first access token stored by the client is invalid.

Step 602, in response to the first update token being valid, updating the first access token associated with the first update token to obtain a second access token for updating the first access token.

Step 603, sending a first update response to the client, wherein the first update response includes the second access token.

The execution process of steps 601 to 603 may refer to the execution process of any embodiment of the present disclosure, and is not described herein again.

Step 604, in response to the deadline that does not reach the first update token, receiving a second update request from the client, where the second update request is generated according to the first update token when the client does not receive the first update response within a first set time period after sending the first update request.

In an example embodiment, the first set time period may be a preset time period, for example, the first set time period may be 1 minute, 2 minutes, 3 minutes, and the like, which is not limited by the present disclosure.

It should be noted that the second set time period is longer than the first set time period, for example, the first set time period is 2 minutes, and the second set time period may be 4 minutes, 5 minutes, and so on, which is not limited by the present disclosure.

In an example embodiment, when the client does not receive the first update response within the first set time period after sending the first update request to the authentication server, the client may generate a second update request according to the first update token again, where the second update request is used to update the first access token associated with the first update request.

In an example embodiment, when the authentication server receives the second update request sent by the client at the expiration time when the first update token has not been reached, at this time, since the first update token has not expired, step 605 may be performed.

It is understood that, in practice, the following may also exist: when the expiration time of the first update token is reached and the second update request or the first confirmation response sent by the client is not yet received, the authentication server may set the state of the first update token to a failure state. That is, in a possible implementation manner of the example embodiment, when the expiration time of the first update token is reached, the authentication server still does not receive the second update request or the first confirmation response sent by the client, at this time, the authentication server may set the state of the first update token to a failure state, that is, the authentication server may set the state of the first update token to a failure state instead of immediately setting the state of the first update token to a failure state when the authentication server sends the first update response, that is, appropriately extending the validity period of the first update token, which may avoid a situation in the related art where the authentication server fails the first update token immediately after sending the first update response including the second access token to the client, resulting in that the client cannot update the first access token according to the first update token without receiving the second access token, therefore, the problem of repeated login of the client can be avoided.

Step 605, sending a second update response to the client, where the second update response includes the second access token.

In an example embodiment, in the case that the second update request sent by the client is received when the expiration time of the first update token is not reached, at this time, because the first update token in the second update request has not yet expired, the authentication server may send a second update response to the client, where the second update response may include the second access token obtained in step 602.

It is to be understood that, when the authentication server updates the first access token associated with the first update token, the authentication server may further update the first update token to obtain a second update token, where the second update token is used to update the second access token. After the authentication server generates the second update token, the authentication server may further send the second update token to the client, so that when the second access token stored in the client is invalid, the client may apply for obtaining a third access token for updating the second access token from the authentication server according to the second update token. Therefore, in one possible implementation manner of the example embodiment, the second update response may include not only the second access token but also the second update token.

Therefore, after receiving the second update response, the client analyzes the second update response to obtain a second update token and a second access token, and can store the second update token and the second access token in an associated manner, and when the second access token stored by the client is invalid, the client can apply for obtaining a third access token for updating the second access token from the authentication server again according to the second update token, so that the client does not need to obtain a new access token in a re-login manner, operation steps of a user can be reduced, and use experience of the user is improved. In addition, the failure of the second access token can be avoided, and the client applies for updating the second access token to the authentication server according to the first updating token which is not associated with the second access token, so that the situation that the second access token cannot be updated is avoided, and the problem that the client logs in repeatedly can be further avoided.

In another possible implementation manner of the example embodiment, the authentication server may reset the expiration time of the valid state for the first update token according to a second set time length while sending the second update response to the client. Therefore, when the client does not receive the second updating response, the client can update the first access token again according to the first updating token.

In an example embodiment, the authentication server may reset the expiration time of the valid state of the first update token according to a second set duration while sending the second update response to the client. For example, assuming that the time at which the authentication server sends the second update response to the client is 08:00:04 and the second set time period is 5 minutes, the authentication server may set the expiration time of the valid state of the first update token to 08:00: 09.

In summary, by the authentication server responding to the second update response sent to the client and resetting the expiration time of the valid state of the first update token, the validity period of the first update token can be properly prolonged, and the situation that the client cannot update the first access token according to the first update token due to the fact that the first update token is invalid when the client does not receive the second access token can be avoided, so that the problem of repeated login of the client can be avoided.

As an example, as shown in fig. 5, the client may send a first update request to the authentication server by invoking an interface that obtains new tokens (i.e., a second access token and a second update token). In order to prevent the client from failing to acquire the second access token and failing to update the first access token according to the first update token, in this example, the validity period of the first update token, that is, the expiration time of the valid state of the first update token, may be set on the authentication server side, for example, the duration of the validity period of the first update token (which is denoted as a second set duration in this disclosure, for example, 5 minutes), so that the expiration time of the valid state of the first update token may be set according to the time when the first update response is sent and the second set duration.

If the client does not receive the first update response within the first set time length after sending the first update request, wherein the first set time length is less than the second set time length, the client may call an interface for obtaining a new token (i.e., the second access token and the second update token) according to the first update token again, and send the second update request to the authentication server.

When the authentication server sends a new token to the client, the expiration time of the valid state of the first update token can be set again according to the second set time length, and if the client does not receive the new token before the expiration time of the first update token, the client can continue to call the interface for obtaining the new token and send an update request to the authentication server.

If, however, the authentication server has not received the second update request by the time the expiration of the first update token is reached, the first update token may be invalidated. The authentication server may refresh the validity period of the first update token by updating the expiry time (expire value) of the validity state of the first update token in the Redis.

In the token updating method of the embodiment of the disclosure, a second updating request sent by the client is received by responding to the deadline of not reaching the first updating token, and a second updating response is sent to the client, wherein the second updating response includes a second access token, and the second updating request is generated according to the first updating token when the client does not receive the first updating response within a first set time after sending the first updating request. Therefore, when the client does not receive the first update response within the first set time length after sending the first update request, the client can send the second update request for updating the first access token to the authentication server again, so that after receiving the second update request, if the authentication server determines that the first update token is not invalid according to the deadline of the first update token, that is, the deadline of the first update token is not reached, the authentication server can send the second update response containing the second update token for updating the first access token to the client again, thereby not only improving the success rate of obtaining the second update token by the client, but also avoiding the condition that the client cannot update the first access token according to the first update token due to invalidation of the first update token under the condition that the client does not receive the second access token, therefore, the problem of repeated login of the client can be avoided.

For clarity of explanation of any of the above embodiments of the present disclosure, the present disclosure further provides a token updating method.

Fig. 7 is a flowchart illustrating a token updating method according to a fourth embodiment of the disclosure.

As shown in fig. 7, the token updating method may include the steps of:

step 701, receiving a first update request sent by a client, where the first update request is generated according to a first update token when a first access token stored by the client is invalid.

Step 702, in response to the first update token being valid, updating the first access token associated with the first update token to obtain a second access token for updating the first access token.

Step 703, sending a first update response to the client, where the first update response includes the second access token.

Step 704, in response to the expiration time of the first update token not being reached, a second update request from the client end is received, and a second update response is sent to the client end.

Wherein the second update response includes the second access token.

And the second updating request is generated according to the first updating token under the condition that the client does not receive the first updating response within the first set time length after the client sends the first updating request.

The execution process of steps 701 to 704 may refer to the execution process of any embodiment of the present disclosure, and is not described herein again.

Step 705, in response to that the deadline of the first update token is not reached, a second confirmation response sent by the client is received, and the state of the first update token is set to be a failure state.

The second confirmation response is generated by the client when receiving the second update response, for example, the second confirmation response may be generated by the client according to the second access token in the second update response, and is used to indicate that the client has received the second access token.

In an example embodiment, the client, upon receiving the second update response, may parse the second update response to obtain the second access token from the second update response. After obtaining the second access token, the client may send a second confirmation response to the authentication server to indicate that the client has received the second access token.

In an example embodiment, when the authentication server receives a second confirmation response sent by the client at a time when the expiration time of the first update token has not been reached, the authentication server may set the state of the first update token to the failure state.

Step 706, in response to the expiration time of the first update token being reached and the second acknowledgement response not being received, setting the state of the first update token to a failure state.

In an example embodiment, in the case where the authentication server has not received the second confirmation response by the time the expiration time of the first update token is reached, the authentication server may set the state of the first update token to the disabled state at this time.

It should be noted that, when the expiration time of the first update token is reached and the authentication server does not receive the second acknowledgement response yet, the authentication server sets the state of the first update token to the disabled state, instead of immediately setting the state of the first update token to the disabled state when the authentication server sends the second update response, that is, by extending the validity period of the first update token, when the client does not acquire the second access token used for updating the first access token, the client can update the first access token again according to the valid first update token, so that the success rate of acquiring the second access token by the client is improved, and thus the number of times of repeated login by the client can be reduced.

It should be noted that step 705 and step 706 are implemented in parallel, and may be alternatively executed in actual applications.

In the token updating method of the embodiment of the disclosure, in response to the expiration time of the first update token not being reached, a second confirmation response sent by the client is received, and the state of the first update token is set to be a failure state, wherein the second confirmation response is generated when the client receives the second update response; and in response to the expiration time of the first update token being reached and the second confirmation response not being received, setting the state of the first update token to a failure state. Therefore, when the authentication server confirms that the client receives the second access token or does not receive the second confirmation response sent by the client when the deadline of the first update token is reached, the authentication server invalidates the first update token instead of immediately invalidating the first update token when the first update response and/or the second update response are sent, so that the situation that the client cannot update the first access token according to the first update token due to invalidation of the first update token under the condition that the client does not receive the second access token can be avoided, and the problem of repeated login of the client can be avoided.

The above is a method embodiment executed by the authentication server, and the present disclosure further provides a method embodiment executed by the client.

Fig. 8 is a flowchart illustrating a token updating method according to a fifth embodiment of the disclosure.

As shown in fig. 8, the token updating method may include the steps of:

step 801, when the stored first access token is invalid, sending a first update request to the authentication server, where the first update request carries the first update token.

In an example embodiment, the first access token has a corresponding validity period, i.e. the access token has an expiration of the valid state. The explanation of the validity period (i.e. the expiration time of the validity state) of the first access token is the same as the validity period of the first access token in step 301, and is not described herein again.

In an example embodiment, when a first access token stored by a client expires, the client may generate a first update request according to the first update token, and send the first update request to an authentication server, where the first update request may carry the first update token and is used to update the first access token.

It should be noted that, in practical application, when the first access token is about to fail, the first update request may also be generated according to the first update token, that is, in this example, the client may generate the first update request according to the first update token in response to reaching a target time, where the target time is within a set time period before an expiration time of a valid state of the first access token stored by the client.

The explanation of the setting time period is the same as that of the setting time period in step 301, and is not repeated here.

Step 802, in response to receiving the first update response sent by the authentication server, sending a first confirmation response to the authentication server.

The first updating response is generated according to a second access token used for updating the first access token after the authentication server updates the first access token associated with the first updating token to obtain the second access token under the condition that the first updating token is valid; the first validation response may be used for the authentication server to set the state of the first update token to a failed state.

In an example embodiment, after receiving a first update request sent by a client, an authentication server may parse the first update request to obtain a first update token. After the first update token is obtained through analysis, the first update token may be checked to determine whether the first update token is valid and whether the content of the first update token is correct, and under the condition that the first update token is determined to be valid and the content of the first update token is checked to be correct, the first access token associated with the first update token may be updated, so as to obtain a second access token for updating the first access token.

In an example embodiment, after updating the first access token to obtain the second access token, the authentication server may generate a first update response according to the second access token, and send the first update response to the client, where the first update response may include the second access token.

In an example embodiment, the client may receive a first update response sent by the authentication server. After receiving the first update response, the client may parse the first update response to obtain the second access token from the first update response. Therefore, after the client acquires the second access token, the client can generate a first confirmation response according to the second access token, wherein the first confirmation response is used for indicating that the client has received the second access token, and the authentication server can set the state of the first update token to be a failure state. The client may send the first confirmation response to the authentication server after generating the first confirmation response.

According to the token updating method, when a stored first access token is invalid, a first updating request is sent to an authentication server, wherein the first updating request carries the first updating token; and in response to receiving the first updating response sent by the authentication server, sending a first confirmation response to the authentication server. Therefore, according to the first confirmation response sent by the client, the authentication server fails the first update token under the condition that the authentication server confirms that the client has received the second access token, so that the condition that the client cannot update the first access token according to the first update token due to the failure of the first update token under the condition that the client does not receive the second access token can be avoided, the problem of repeated login of the client can be avoided, and the use experience of the user can be effectively improved.

In order to clearly illustrate how the client obtains the first access token and the second access token in the above embodiments of the present disclosure, the present disclosure further provides a token updating method.

Fig. 9 is a flowchart illustrating a token updating method according to a sixth embodiment of the disclosure.

As shown in fig. 9, the token updating method may include the steps of:

step 901, sending a token acquisition request to an authentication server, where the token acquisition request carries authorization information and authentication information.

In an example embodiment, the token obtaining request may be used to obtain the access token and the update token, and authorization information and authentication information may be carried in the token obtaining request. The authorization information may include information such as the resource authorization range and authorization type of the application; the authentication information may include information such as a user account and a password, where the user account may be a mobile phone number, a mailbox number, and the like, which is not limited in this disclosure.

In an example embodiment, the client may generate a token acquisition request and may send the token acquisition request to the authentication server to apply for acquisition of the first access token and the first update token from the authentication server.

Step 902, receiving a token obtaining response sent by the authentication server.

In an example embodiment, after receiving the token obtaining request, the authentication server may parse the token obtaining request, and obtain the authentication information and the authorization information from the token obtaining request, so that the authentication server authenticates the client according to the obtained authentication information. After the client passes the authentication, the authentication server may generate a first access token according to the acquired authorization information, where the first access token is used to access a target resource in the resource server that matches the authorization information, and may also generate a first update token, where the first update token is used to update the first access token. After generating the first update token and the first access token, the authentication server may generate a corresponding token obtaining response according to the first access token and the first update token, and may send the token obtaining response to the client. The token obtaining response may include the first access token and the first update token.

In an example embodiment, the client may receive the token acquisition response sent by the authentication server.

Step 903, when the stored first access token is invalid, sending a first update request to the authentication server, where the first update request carries the first update token.

The execution process of step 903 may refer to the execution process of any of the above embodiments of the present disclosure, and is not described herein again.

Step 904, in response to receiving the first update response sent by the authentication server, sends a first confirmation response to the authentication server.

In an example embodiment, after receiving a first update request sent by a client, an authentication server may update a first access token associated with a first update token to obtain a second access token for updating the first access token if the first update token is valid, and may generate a first update response according to the second access token and may send the first update response to the client. Accordingly, the client may receive the first update response.

In any of the embodiments of the example, in order to further avoid the problem of repeated login of the client, in this example, the first update response may include not only the second access token but also the second update token, where the second update token is obtained by updating the first update token and may be used to update the second access token.

That is, in this example, after receiving the first update response including the second access token and the second update token, the client may parse the first update response to obtain the second access token and the second update token from the first update response, and may store the second update token and the second access token in an associated manner. Therefore, when the second access token is invalid, the client can generate a new update request according to the second update token and send the new update request to the authentication server, so that the authentication server updates the second access token associated with the second update token according to the second update token in the new update request, and obtains a third access token for updating the second access token.

Therefore, when the second access token is invalid, the client can apply for updating the second access token to the authentication server according to the effective second update token, the authentication server can timely and effectively update the second access token according to the effective second update token, the client is prevented from obtaining the updated access token in a re-login mode, and the use experience of a user can be effectively improved.

In an example embodiment, the client may generate a first confirmation response after receiving the first update response sent by the authentication server, and may send the first confirmation response to the authentication server to indicate that the client has received the second access token for updating the first access token. Accordingly, the authentication server, upon receiving the first confirmation response, may confirm that the client has received the second access token, at which point the state of the first update token may be set to a stale state.

As a possible implementation manner, after the client acquires the second access token, and under the condition that the second access token is not invalid, the client may access the target resource in the resource server according to the second access token, where the target resource is matched with the authorization information corresponding to the second access token.

Therefore, the client can access the target resource in the resource server again through the updated second access token, the actual access requirement of the user can be met, the updated second access token can be obtained without repeated login of the user for authorization authentication, the time for the user to obtain the resource can be saved, and the use experience of the user is improved.

It should be noted that, the explanation of the method executed by the authentication server in any of the foregoing embodiments is also applicable to this embodiment, and the implementation principle thereof is similar and will not be described herein again.

The token acquisition method of the embodiment of the disclosure transmits a token acquisition request to an authentication server, wherein the token acquisition request carries authorization information and authentication information; and receiving a token acquisition response sent by the authentication server. Therefore, the authentication server authenticates the client according to the authentication information sent by the client, and sends the first access token and the first update token to the client only when the client passes the authentication, so that the condition that the resource in the resource server is accessed by an unauthorized client can be avoided, and the safety of the resource in the resource server is improved. In addition, the first access token can only be used for accessing the target resource matched with the authorization information corresponding to the client in the resource server, so that the client can be prevented from accessing the resource which is not authorized by the client in the resource server, and the security of the resource owner can be improved.

In one possible implementation of the example embodiment, the first update token may have a corresponding expiration time of the valid state, which is described in detail below in conjunction with fig. 10.

Fig. 10 is a flowchart illustrating a token updating method according to a seventh embodiment of the disclosure.

As shown in fig. 10, the token updating method may include the steps of:

step 1001, when the stored first access token is invalid, sending a first update request to the authentication server, where the first update request carries the first update token.

The execution process of step 1001 may refer to the execution process of any of the above embodiments of the present disclosure, and is not described herein again.

Step 1002, in response to that the first update response is not received within a first set time period after the first update request is sent, sending a second update request to the authentication server, where the second update request is used to update the first access token.

In an example embodiment, after receiving a first update request sent by a client, an authentication server may parse the first update request to obtain a first update token. After the first update token is obtained through analysis, the first update token may be checked to determine whether the first update token is valid and whether the content of the first update token is correct, and under the condition that the first update token is determined to be valid and the content of the first update token is checked to be correct, the first access token associated with the first update token may be updated, so as to obtain a second access token for updating the first access token. After generating the second access token, the authentication server may generate a first update response according to the second access token, and may send the first update response to the client, where the first update response may include the second access token.

In an example embodiment, when the client does not receive the first update response within the first set time period after sending the first update request to the authentication server, the client may generate a second update request according to the first update token again, and may send the second update request to the authentication server, where the second update request is used to update the first access token associated with the first update request.

Step 1003, in response to receiving the second update response sent by the authentication server, sending a second confirmation response to the authentication server.

In an example embodiment, the authentication server may determine whether the first update token is invalid according to the expiration time of the first update token, i.e., whether the expiration time of the first update token is reached after receiving the second update request. When the expiration time of the first update token is not reached, i.e., the authentication server determines that the first update token is not expired, a second update response may be generated and may be sent to the client. Wherein the second update response may comprise a second access token for updating the first access token associated with the first update token.

In an example embodiment, the client may receive a second update response sent by the authentication server. After receiving the second update response, the client may parse the second update response to obtain the second access token from the second update response. Therefore, after the client acquires the second access token, a second confirmation response can be generated according to the second access token, wherein the second confirmation response is used for indicating that the client has received the second access token. The client may send the second confirmation message to the authentication server after generating the second confirmation response. Accordingly, the authentication server may receive the first acknowledgement response sent by the client. The authentication server, upon receiving the first determined response, may confirm that the client has received the second access token. At this time, since the client has already acquired the new access token (i.e., the second access token), and can continue to access the resource in the resource server according to the new access token, the old update token (i.e., the first update token) is not used, and therefore, the authentication server can set the state of the first update token to the disabled state.

The token updating method disclosed by the invention is characterized in that a second updating request is sent to an authentication server by responding to the fact that a first updating response is not received within a first set time length of sending the first updating request, wherein the second updating request is used for updating a first access token; and in response to receiving the second updating response sent by the authentication server, sending a second confirmation response to the authentication server. Therefore, when the client does not receive the first update response within the first set time after sending the first update request, the client can send the second update request for updating the first access token to the authentication server again, so that after receiving the second update request, if the authentication server determines that the first update token is not invalid according to the deadline of the first update token, that is, the deadline of the first update token is not reached, the authentication server can send the second update response containing the second update token for updating the first access token to the client again, thereby not only improving the success rate of obtaining the second update token by the client, but also avoiding the situation that the client cannot update the first access token according to the first update token due to the fact that the first update token is invalid under the condition that the client does not receive the second access token, therefore, the problem of repeated login of the client can be avoided.

Corresponding to the token updating method provided in the embodiments of fig. 3 to 7, the present disclosure also provides a token updating apparatus, and since the token updating apparatus provided in the embodiments of the present disclosure corresponds to the token updating method provided in the embodiments of fig. 3 to 7, the implementation of the token updating method is also applicable to the token updating apparatus provided in the embodiments of the present disclosure, and will not be described in detail in the embodiments of the present disclosure.

Fig. 11 is a schematic structural diagram of a token updating apparatus according to an eighth embodiment of the present disclosure.

As shown in fig. 11, the token updating apparatus 1100 may include: the device comprises a first receiving module 1101, an updating module 1102, a first sending module 1103 and a first setting module 1104.

The first receiving module 1101 is configured to receive a first update request sent by a client, where the first update request is generated according to a first update token when a first access token stored by the client fails.

The updating module 1102 is configured to update the first access token associated with the first update token in response to the first update token being valid, so as to obtain a second access token for updating the first access token.

A first sending module 1103, configured to send a first update response to the client, where the first update response includes the second access token.

The first setting module 1104 is configured to set a state of the first update token to an invalid state in response to receiving a first acknowledgement response sent by the client, where the first acknowledgement response is sent by the client according to the second access token.

In a possible implementation manner of the example embodiment, the token updating apparatus 1100 may further include:

and the second receiving module is used for receiving a token acquisition request sent by the client, wherein the token acquisition request carries authorization information and authentication information.

And the authentication module is used for authenticating the client according to the authentication information.

And the second sending module is used for responding to the passing of the client authentication and sending a token obtaining response to the client, wherein the token obtaining response comprises a first access token and a first updating token, and the first access token is used for accessing the target resource matched with the authorization information in the resource server.

and the second setting module is used for setting the state of the first access token to be a valid state.

And the first storage module is used for storing the first updating token and the first access token in an associated manner.

In a possible implementation manner of the example embodiment, the first update response further includes a second update token, where the second update token is obtained by updating the first update token and is used to update the second access token, and the token updating apparatus 1100 may further include:

and the third setting module is used for setting the state of the second updating token to be a valid state.

And the second storage module is used for storing the second access token and the second updating token in an associated manner.

In one possible implementation manner of the example embodiment, the first update token has a corresponding expiration time of the valid state, and the token updating apparatus 1100 may further include:

the third sending module is used for responding to the fact that the deadline of the first updating token is not reached, receiving a second updating request sent by the client and sending a second updating response to the client, wherein the second updating response comprises a second access token;

In a possible implementation manner of the example embodiment, the second update response further includes a second update token, and the second update token is obtained by updating the first update token and is used for updating the second access token.

and the fourth setting module is used for resetting the expiration time of the valid state for the first updating token according to a second set time length, wherein the second set time length is longer than the first set time length.

the fifth setting module is used for responding to the situation that the deadline of the first updating token is not reached, receiving a second confirmation response sent by the client and setting the state of the first updating token to be a failure state;

wherein the second confirmation response is sent by the client according to the second access token.

and the sixth setting module is used for setting the state of the first update token to be a failure state in response to the fact that the deadline of the first update token is reached and the second confirmation response is not received.

The token updating device of the embodiment of the disclosure receives a first updating request sent by a client, wherein the first updating request is generated according to a first updating token when a first access token stored by the client is invalid; in response to the first update token being valid, updating a first access token associated with the first update token to obtain a second access token for updating the first access token; sending a first update response to the client, wherein the first update response comprises a second access token; and in response to receiving a first confirmation response sent by the client, setting the state of the first updating token to be a failure state, wherein the first confirmation response is sent by the client according to the second access token. Therefore, the authentication server invalidates the first update token under the condition that the client receives the second access token definitely according to the first confirmation response sent by the client, so that the condition that the client cannot update the first access token according to the first update token due to invalidation of the first update token under the condition that the client does not receive the second access token can be avoided, the problem of repeated login of the client can be avoided, and the use experience of the user can be effectively improved.

Corresponding to the token updating method provided in the embodiments of fig. 8 to 10, the present disclosure also provides a token updating apparatus, and since the token updating apparatus provided in the embodiments of the present disclosure corresponds to the token updating method provided in the embodiments of fig. 8 to 10, the implementation of the token updating method is also applicable to the token updating apparatus provided in the embodiments of the present disclosure, and will not be described in detail in the embodiments of the present disclosure.

Fig. 12 is a schematic structural diagram of a token updating apparatus according to a ninth embodiment of the present disclosure.

As shown in fig. 12, the token updating apparatus 1200 may include: a first transmission module 1201 and a second transmission module 1202.

The first sending module 1201 is configured to send a first update request to the authentication server when the stored first access token fails, where the first update request carries the first update token.

A second sending module 1202, configured to send a first confirmation response to the authentication server in response to receiving the first update response sent by the authentication server; the first updating response is generated by the authentication server responding to the validity of the first updating token, updating the first access token associated with the first updating token to obtain a second access token for updating the first access token, and generating the second access token according to the second access token; the first validation response is used for the authentication server to set the state of the first update token to a disabled state.

In a possible implementation manner of the example embodiment, the token updating apparatus 1200 may further include:

and the third sending module is used for sending a token obtaining request to the authentication server, wherein the token obtaining request carries the authorization information and the authentication information.

The first receiving module is used for receiving a token obtaining response sent by the authentication server, wherein the token obtaining response is generated when the authentication server performs authentication according to the authentication information and passes the authentication, the token obtaining response comprises a first access token and a first update token, and the first access token is used for accessing a target resource matched with the authorization information in the resource server.

In one possible implementation manner of the example embodiment, the first update token has a corresponding expiration time of the valid state, and the token updating apparatus 1200 may further include:

and the fourth sending module is used for sending a second updating request to the authentication server in response to that the first updating response is not received within a first set time length after the first updating request is sent, wherein the second updating request is used for updating the first access token.

A fifth sending module, configured to send a second acknowledgement response to the authentication server in response to receiving the second update response sent by the authentication server; the second updating response is generated by the authentication server under the condition that the first updating token is not invalid according to the deadline of the first updating token, and comprises a second access token; the second validation response is used for the authentication server to set the state of the first update token to a failed state.

In a possible implementation manner of the example embodiment, the first update response further includes a second update token, and the second update token is obtained by updating the first update token and is used for updating the second access token.

and the access module is used for accessing the target resource in the resource server according to the second access token when the second access token is not invalid, wherein the target resource is matched with the authorization information corresponding to the second access token.

The token updating device of the embodiment of the disclosure sends a first updating request to the authentication server when the stored first access token is invalid, wherein the first updating request carries the first updating token; and in response to receiving the first updating response sent by the authentication server, sending a first confirmation response to the authentication server. Therefore, according to the first confirmation response sent by the client, the authentication server fails the first update token under the condition that the client definitely receives the second access token, so that the condition that the client cannot update the first access token according to the first update token due to the failure of the first update token under the condition that the client does not receive the second access token can be avoided, the problem of repeated login of the client can be avoided, and the use experience of the user can be effectively improved.

To implement the above embodiments, the present disclosure also provides an electronic device, which may include at least one processor; and a memory communicatively coupled to the at least one processor; wherein the memory stores instructions executable by the at least one processor, the instructions being executable by the at least one processor to enable the at least one processor to perform the token updating method set forth in any one of the above-described embodiments of the present disclosure.

To achieve the above embodiments, the present disclosure also provides a non-transitory computer-readable storage medium storing computer instructions for causing a computer to execute the token updating method proposed in any one of the above embodiments of the present disclosure.

To achieve the above embodiments, the present disclosure further provides a computer program product, which includes a computer program, and when the computer program is executed by a processor, the computer program implements the token updating method proposed by any one of the above embodiments of the present disclosure.

The present disclosure also provides an electronic device, a readable storage medium, and a computer program product according to embodiments of the present disclosure.

FIG. 13 shows a schematic block diagram of an example electronic device that may be used to implement embodiments of the present disclosure. Electronic devices are intended to represent various forms of digital computers, such as laptops, desktops, workstations, personal digital assistants, servers, blade servers, mainframes, and other appropriate computers. Electronic devices may also represent various forms of mobile devices, such as personal digital processors, cellular telephones, smart phones, wearable devices, and other similar computing devices. The components shown herein, their connections and relationships, and their functions, are meant to be examples only, and are not intended to limit implementations of the disclosure described and/or claimed herein.

As shown in fig. 13, the electronic apparatus 1300 includes a computing unit 1301 that can perform various appropriate actions and processes in accordance with a computer program stored in a ROM (Read-Only Memory) 1302 or a computer program loaded from a storage unit 1308 into a RAM (Random Access Memory) 1303. In the RAM 1303, various programs and data necessary for the operation of the electronic device 1300 can also be stored. The calculation unit 1301, the ROM 1302, and the RAM 1303 are connected to each other via a bus 1304. An I/O (Input/Output) interface 1305 is also connected to the bus 1304.

A number of components in the electronic device 1300 are connected to the I/O interface 1305, including: an input unit 1306 such as a keyboard, a mouse, or the like; an output unit 1307 such as various types of displays, speakers, and the like; storage unit 1308, such as a magnetic disk, optical disk, or the like; and a communication unit 1309 such as a network card, modem, wireless communication transceiver, etc. The communication unit 1309 allows the electronic device 1300 to exchange information/data with other devices through a computer network such as the internet and/or various telecommunication networks.

Computing unit 1301 may be a variety of general and/or special purpose processing components with processing and computing capabilities. Some examples of the computing Unit 1301 include, but are not limited to, a CPU (Central Processing Unit), a GPU (graphics Processing Unit), various dedicated AI (Artificial Intelligence) computing chips, various computing Units running machine learning model algorithms, a DSP (Digital Signal Processor), and any suitable Processor, controller, microcontroller, and the like. The calculation unit 1301 performs the respective methods and processes described above, such as the above-described token update method or text classification method. For example, in some embodiments, the token update methods or text classification methods described above may be implemented as a computer software program tangibly embodied in a machine-readable medium, such as storage unit 1308. In some embodiments, part or all of the computer program can be loaded and/or installed onto the electronic device 1300 via the ROM 1302 and/or the communication unit 1309. When loaded into RAM 1303 and executed by computing unit 1301, a computer program may perform one or more of the steps of the token update method or text classification method described above. Alternatively, in other embodiments, computing unit 1301 may be configured in any other suitable manner (e.g., by way of firmware) to perform the token updating method or text classification method described above.

Various implementations of the systems and techniques described here above may be implemented in digital electronic circuitry, Integrated circuitry, FPGAs (Field Programmable Gate arrays), ASICs (Application-Specific Integrated circuits), ASSPs (Application Specific Standard products), SOCs (System On Chip), CPLDs (Complex Programmable Logic devices), computer hardware, firmware, software, and/or combinations thereof. These various embodiments may include: implemented in one or more computer programs that are executable and/or interpretable on a programmable system including at least one programmable processor, which may be special or general purpose, receiving data and instructions from, and transmitting data and instructions to, a storage system, at least one input device, and at least one output device.

Program code for implementing the methods of the present disclosure may be written in any combination of one or more programming languages. These program code may be provided to a processor or controller of a general purpose computer, special purpose computer, or other programmable data processing apparatus, such that the program code, when executed by the processor or controller, causes the functions/acts specified in the flowchart and/or block diagram to be performed. The program code may execute entirely on the machine, partly on the machine, as a stand-alone software package, partly on the machine and partly on a remote machine or entirely on the remote machine or server.

In the context of this disclosure, a machine-readable medium may be a tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. The machine-readable medium may be a machine-readable signal medium or a machine-readable storage medium. A machine-readable medium may include, but is not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any suitable combination of the foregoing. More specific examples of a machine-readable storage medium would include an electrical connection based on one or more wires, a portable computer diskette, a hard disk, a RAM, a ROM, an EPROM (Electrically Programmable Read-Only-Memory) or flash Memory, an optical fiber, a CD-ROM (Compact Disc Read-Only-Memory), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.

To provide for interaction with a user, the systems and techniques described here can be implemented on a computer having: a Display device (e.g., a CRT (Cathode Ray Tube) or LCD (Liquid Crystal Display) monitor) for displaying information to a user; and a keyboard and a pointing device (e.g., a mouse or a trackball) by which a user can provide input to the computer. Other kinds of devices may also be used to provide for interaction with a user; for example, feedback provided to the user can be any form of sensory feedback (e.g., visual feedback, auditory feedback, or tactile feedback); and input from the user may be received in any form, including acoustic, speech, or tactile input.

The systems and techniques described here can be implemented in a computing system that includes a back-end component (e.g., as a data server), or that includes a middleware component (e.g., an application server), or that includes a front-end component (e.g., a user computer having a graphical user interface or a web browser through which a user can interact with an implementation of the systems and techniques described here), or any combination of such back-end, middleware, or front-end components. The components of the system can be interconnected by any form or medium of digital data communication (e.g., a communication network). Examples of communication networks include: LAN (Local Area Network), WAN (Wide Area Network), internet, and blockchain Network.

The computer system may include clients and servers. A client and server are generally remote from each other and typically interact through a communication network. The relationship of client and server arises by virtue of computer programs running on the respective computers and having a client-server relationship to each other. The Server may be a cloud Server, which is also called a cloud computing Server or a cloud host, and is a host product in a cloud computing service system, so as to solve the defects of high management difficulty and weak service expansibility in a conventional physical host and a VPS (Virtual Private Server). The server may also be a server of a distributed system, or a server incorporating a blockchain.

It should be noted that artificial intelligence is a subject for studying a computer to simulate some human thinking processes and intelligent behaviors (such as learning, reasoning, thinking, planning, etc.), and includes both hardware and software technologies. Artificial intelligence hardware technologies generally include technologies such as sensors, dedicated artificial intelligence chips, cloud computing, distributed storage, big data processing, and the like; the artificial intelligence software technology mainly comprises a computer vision technology, a voice recognition technology, a natural language processing technology, machine learning/deep learning, a big data processing technology, a knowledge map technology and the like.

According to the technical scheme of the embodiment of the disclosure, a first updating request sent by a client is received, wherein the first updating request is generated according to a first updating token when a first access token stored by the client is invalid; in response to the first update token being valid, updating a first access token associated with the first update token to obtain a second access token for updating the first access token; sending a first update response to the client, wherein the first update response comprises a second access token; and in response to receiving a first confirmation response sent by the client, setting the state of the first updating token to be a failure state, wherein the first confirmation response is sent by the client according to the second access token. Therefore, the authentication server invalidates the first update token under the condition that the client receives the second access token definitely according to the first confirmation response sent by the client, so that the condition that the client cannot update the first access token according to the first update token due to invalidation of the first update token under the condition that the client does not receive the second access token can be avoided, the problem of repeated login of the client can be avoided, and the use experience of the user can be effectively improved.

It should be understood that various forms of the flows shown above, reordering, adding or deleting steps, may be used. For example, the steps described in the present disclosure may be executed in parallel or sequentially or in different orders, and are not limited herein as long as the desired results of the technical solutions proposed in the present disclosure can be achieved.

The above detailed description should not be construed as limiting the scope of the disclosure. It should be understood by those skilled in the art that various modifications, combinations, sub-combinations and substitutions may be made in accordance with design requirements and other factors. Any modification, equivalent replacement, and improvement made within the spirit and principle of the present disclosure should be included in the scope of protection of the present disclosure.

Claims

1. A token update method, comprising:

2. The method of claim 1, wherein prior to receiving the first update request sent by the client, the method further comprises:

receiving a token acquisition request sent by the client, wherein the token acquisition request carries authorization information and authentication information;

authenticating the client according to the authentication information;

and responding to the passing of the client authentication, and sending a token acquisition response to the client, wherein the token acquisition response comprises the first access token and the first updating token, and the first access token is used for accessing the target resource matched with the authorization information in the resource server.

3. The method of claim 2, wherein the method further comprises:

setting the state of the first access token to be a valid state;

and storing the first updating token and the first access token in an associated manner.

4. The method of claim 1, wherein the first update response further comprises a second update token, the second update token being updated from the first update token for updating the second access token, the method further comprising:

setting the state of the second update token to a valid state;

and storing the second access token and the second updating token in an associated manner.

5. The method of claim 1, wherein the first update token has an expiration time of a corresponding valid state, the method further comprising:

responding to the deadline that the first update token is not reached, and receiving a second update request sent by the client, wherein the second update request is generated according to the first update token under the condition that the client does not receive the first update response within a first set time length after sending the first update request;

sending a second update response to the client, wherein the second update response includes the second access token.

6. The method of claim 5, wherein the second update response further comprises a second update token, the second update token updated from the first update token for updating the second access token.

7. The method of claim 5, wherein after the sending the second update response to the client, the method further comprises:

and resetting the expiration time of the valid state for the first updating token according to a second set time length, wherein the second set time length is longer than the first set time length.

8. The method of any of claims 5-7, wherein after the sending the second update response to the client, the method further comprises:

receiving a second confirmation response sent by the client in response to the expiration time of the first update token not being reached, wherein the second confirmation response is sent by the client according to the second access token;

setting the state of the first update token to an invalid state.

9. The method of any of claims 5-7, wherein after the sending the second update response to the client, the method further comprises:

setting the state of the first update token to a failure state in response to reaching the expiration time of the first update token and not receiving the second confirmation response.

10. A token update method, comprising:

11. The method of claim 10, wherein prior to said sending the first update request to the authentication server, the method further comprises:

sending a token acquisition request to the authentication server, wherein the token acquisition request carries authorization information and authentication information;

and receiving a token acquisition response sent by the authentication server, wherein the token acquisition response is generated when the authentication server performs authentication according to the authentication information and passes the authentication, the token acquisition response comprises the first access token and the first update token, and the first access token is used for accessing the target resource matched with the authorization information in the resource server.

12. The method of claim 10, wherein the first update token has an expiration time of a corresponding valid state, the method further comprising:

sending a second updating request to the authentication server in response to the first updating response not being received within a first set time length after the first updating request is sent, wherein the second updating request is used for updating the first access token;

in response to receiving a second update response sent by the authentication server, sending a second confirmation response to the authentication server;

the second update response is generated when the authentication server judges whether the first update token is invalid according to the deadline of the first update token and the first update token is not invalid, and the second update response comprises the second access token; the second confirmation response is used for the authentication server to set the state of the first update token to a failure state.

13. The method according to any of claims 10-12, wherein the first update response further comprises a second update token, the second update token being updated from the first update token for updating the second access token.

14. The method according to any one of claims 10-12, wherein the method further comprises:

and when the second access token is not invalid, accessing a target resource in a resource server according to the second access token, wherein the target resource is matched with authorization information corresponding to the second access token.

15. A token updating apparatus, comprising:

16. The apparatus of claim 15, wherein the apparatus further comprises:

the second receiving module is used for receiving a token acquisition request sent by the client, wherein the token acquisition request carries authorization information and authentication information;

the authentication module is used for authenticating the client according to the authentication information;

and a second sending module, configured to send a token obtaining response to the client in response to the client passing authentication, where the token obtaining response includes the first access token and the first update token, and the first access token is used to access the target resource in the resource server, where the target resource is matched with the authorization information.

17. The apparatus of claim 16, wherein the apparatus further comprises:

the second setting module is used for setting the state of the first access token to be a valid state;

18. The apparatus of claim 15, wherein the first update response further comprises a second update token, the second update token updated from the first update token for updating the second access token, the apparatus further comprising:

a third setting module, configured to set a state of the second update token to a valid state;

19. The apparatus of claim 15, wherein the first update token has an expiration time of a corresponding valid state, the apparatus further comprising:

a third sending module, configured to receive a second update request sent by the client in response to the expiration time of the first update token not being reached, and send a second update response to the client, where the second update response includes the second access token;

the second update request is generated according to the first update token under the condition that the client does not receive the first update response within a first set time length after the client sends the first update request.

20. The apparatus of claim 19, wherein the second update response further comprises a second update token, the second update token updated from the first update token for updating the second access token.

21. The apparatus of claim 19, wherein the apparatus further comprises:

and the fourth setting module is used for resetting the expiration time of the valid state for the first update token according to a second set time length, wherein the second set time length is longer than the first set time length.

22. The apparatus of any one of claims 19-21, wherein the apparatus further comprises:

a fifth setting module, configured to receive a second acknowledgement response sent by the client in response to the expiration time of the first update token not being reached, and set the state of the first update token to a failure state;

wherein the second confirmation response is sent by the client in accordance with the second access token.

23. The apparatus of any one of claims 19-21, wherein the apparatus further comprises:

a sixth setting module, configured to set the state of the first update token to a failure state in response to that the expiration time of the first update token is reached and the second acknowledgement response is not received.

24. A token updating apparatus, comprising:

the first update response is generated by the authentication server responding to the validity of the first update token, updating the first access token associated with the first update token to obtain a second access token used for updating the first access token, and generating the second access token according to the second access token; the first confirmation response is used for the authentication server to set the state of the first update token to a failure state.

25. The apparatus of claim 24, wherein the apparatus further comprises:

a third sending module, configured to send a token obtaining request to the authentication server, where the token obtaining request carries authorization information and authentication information;

a first receiving module, configured to receive a token obtaining response sent by the authentication server, where the token obtaining response is generated when the authentication server performs authentication according to the authentication information and passes authentication, and the token obtaining response includes the first access token and the first update token, and the first access token is used to access the target resource in the resource server, where the target resource is matched with the authorization information.

26. The apparatus of claim 24, wherein the first update token has an expiration time of a corresponding valid state, the apparatus further comprising:

a fourth sending module, configured to send a second update request to the authentication server in response to that the first update response is not received within a first set time period after the first update request is sent, where the second update request is used to update the first access token;

a fifth sending module, configured to send a second acknowledgement response to the authentication server in response to receiving the second update response sent by the authentication server;

the second update response is generated by the authentication server under the condition that the first update token is not invalid, wherein the second update response is generated by judging whether the first update token is invalid or not according to the deadline of the first update token, and comprises the second access token; the second confirmation response is used for the authentication server to set the state of the first update token to a failure state.

27. The apparatus of any of claims 24-26, wherein the first update response further comprises a second update token, the second update token updated from the first update token for updating the second access token.

28. The apparatus of any one of claims 24-26, wherein the apparatus further comprises:

and the access module is used for accessing a target resource in a resource server according to the second access token when the second access token is not invalid, wherein the target resource is matched with the authorization information corresponding to the second access token.

29. An electronic device, comprising:

at least one processor; and

the memory stores instructions executable by the at least one processor to enable the at least one processor to perform the method of any one of claims 1-9 or to perform the method of any one of claims 10-14.

30. A non-transitory computer readable storage medium having stored thereon computer instructions for causing the computer to perform the method of any one of claims 1-9 or the method of any one of claims 10-14.

31. A computer program product comprising a computer program which, when executed by a processor, carries out the steps of the method according to any one of claims 1-9, or carries out the steps of the method according to any one of claims 10-14.