CN114745124A - Method and system for establishing and acquiring three-party resource authentication based on CI engine - Google Patents
Method and system for establishing and acquiring three-party resource authentication based on CI engine Download PDFInfo
- Publication number
- CN114745124A CN114745124A CN202210209720.3A CN202210209720A CN114745124A CN 114745124 A CN114745124 A CN 114745124A CN 202210209720 A CN202210209720 A CN 202210209720A CN 114745124 A CN114745124 A CN 114745124A
- Authority
- CN
- China
- Prior art keywords
- engine
- module
- authentication server
- authentication
- code
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 22
- 238000013475 authorization Methods 0.000 claims abstract description 52
- 238000012795 verification Methods 0.000 claims description 12
- 238000012790 confirmation Methods 0.000 claims description 6
- 238000006243 chemical reaction Methods 0.000 claims description 3
- 238000010200 validation analysis Methods 0.000 claims 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000004069 differentiation Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 238000012360 testing method Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3226—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
- H04L9/3228—One-time or temporary data, i.e. information which is sent for every authentication or authorization, e.g. one-time-password, one-time-token or one-time-key
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
Abstract
The invention discloses a method and a system for establishing and acquiring three-party resource authentication based on a CI engine, belonging to the field of software development service pipelines; the method comprises the following specific steps: s1, using the CI engine as a third player to guide the user to jump to the authorization interface of the authentication server; s2, the user logs in the source code library system and selects whether to open the authority of the source code library to the CI engine; s3 the authentication server generates a code and redirects the user to the specified url; the returned code information is used in the S4CI engine to the position of the authentication server for exchanging the token; s5 the authentication server will return the authorization access token to the CI engine; by using the method and the device, a solution for single sign-on authentication of the three-party source code library is provided for the user. And a one-key login mode is adopted for each user, so that the operation flow is greatly optimized, and the efficiency is improved.
Description
Technical Field
The invention discloses a method and a system for establishing and acquiring three-party resource authentication based on a CI engine, and relates to the technical field of software development service pipelines.
Background
In the CI building process, all the user needs to do is to pull the item code from the third-party code library for building and compiling. And the code in the three-party library is acquired by the user who must log in the three-party library to take the token information corresponding to the user, and the token information is copied and stored in the CI component, so that the operation process is very complicated. In order to solve the problems and optimize the operation, the invention provides a method and a system for constructing and acquiring three-party resource authentication based on a CI engine.
Disclosure of Invention
Aiming at the problems in the prior art, the invention provides a method and a system for establishing and acquiring three-party resource authentication based on a CI engine, wherein the adopted technical scheme is as follows: a method for constructing and acquiring three-party resource authentication based on a CI engine comprises the following specific steps:
s1, using the CI engine as a third player to guide the user to jump to the authorization interface of the authentication server;
s2, the user logs in the source code library system and selects whether to open the authority of the source code library to the CI engine;
s3 the authentication server generates a code and redirects the user to the specified url; '
The returned code information is used in the S4CI engine to the position of the authentication server for exchanging the token;
s5 the authentication server returns an authorization access token to the CI engine.
The specific steps of the S1 using the CI engine as a third player to guide the user to jump to the authorization interface of the authentication server are as follows:
s101, establishing a link of an interface open skip source code library authentication address at the front end of the CI;
s102 directs the user to jump to an authorization interface of the authentication service.
The specific steps of the S3 authentication server generating a code and redirecting the user to the specified url are as follows:
s301, the authentication server generates a short-term code;
s302 redirects the code to a specified url address of the system configuration in a url manner.
Using the returned code information in the S4CI engine to the position of using the code to the authentication server for exchanging a token;
s401CI verifying the correctness of the engine statec parameter;
s402, exchanging the token access _ token to the source code library authentication server by using the code information.
The specific steps that the authentication server of S5 will return the authorized access _ token to the CI engine are as follows:
s501, verifying the legitimacy of the unique parameter of the authentication server;
s502 generates a globally unique access token and returns it to the CI engine.
A system for constructing and acquiring three-party resource authentication based on a CI engine specifically comprises an interface skip module, an authorization confirmation module and an authentication operation module:
an interface skip module: using the CI engine as a third player to guide the user to jump to an authorization interface of the authentication server;
an authorization confirmation module: a user logs in a source code library system and selects whether to open the authority of the source code library to a CI engine;
an authentication operation module: the authentication server generates a code and redirects the user to the specified url; '
A token redemption module: using the returned code information in the CI engine to the position where the code is used to be the authentication server for exchanging for the token;
an information return module: the authentication server will return the authorization access token to the CI engine.
The interface skip module specifically comprises a link opening module and a skip operation module:
a link opening module: constructing a link of an interface open skip source code library authentication address at the front end of the CI;
a skip operation module: and guiding the user to jump to an authorization interface of the authentication service.
The authentication operation module specifically comprises an authorization code generation module and an authentication configuration module:
an authorization code generation module: the authentication server generates a short-term code;
an authentication configuration module: and redirecting the code to a specified url address of the system configuration in a url mode.
The token exchange module specifically comprises a parameter verification module and an exchange operation module:
a parameter verification module: the correctness of the CI engine statec parameter is verified;
the conversion operation module: and exchanging the token access _ token to the source code library authentication server by using the code information.
The information return module specifically comprises a legal verification module and a return operation module:
a legal verification module: verifying the legality of the unique parameters of the authentication server;
and returning to the operation module: a globally unique access token is generated and returned to the CI engine.
The invention has the beneficial effects that: the method of the invention uses an authorization code mode for authentication, wherein the authorization code mode is a mode with the most detailed and rigorous step flow; the user accesses the client, the latter leads the former to the authentication server, and supposing that the user gives authorization, the authentication server leads the user to a 'redirection URI' (redirection URI) which is specified in advance by the client, and meanwhile, an authorization code is attached; by using the method and the device, a solution for single sign-on authentication of the three-party source code library is provided for the user. And a one-key login mode is adopted for each user, so that the operation process is greatly optimized, and the efficiency is improved.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings needed to be used in the description of the embodiments or the prior art will be briefly introduced below, and it is obvious that the drawings in the following description are some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to these drawings without creative efforts.
FIG. 1 is a flow chart of an embodiment of the present invention.
Detailed Description
The present invention is further described below in conjunction with the following figures and specific examples so that those skilled in the art may better understand the present invention and practice it, but the examples are not intended to limit the present invention.
The first embodiment is as follows:
a method for constructing and acquiring three-party resource authentication based on a CI engine comprises the following specific steps:
s1, using the CI engine as a third player to guide the user to jump to the authorization interface of the authentication server;
s2, the user logs in the source code library system and selects whether to open the authority of the source code library to the CI engine;
s3 the authentication server generates a code and redirects the user to the specified url; '
The returned code information is used in the S4CI engine to the position of the authentication server for exchanging the token;
s5 the authentication server will return the authorization access token to the CI engine;
firstly, establishing a link for opening and skipping an authentication address of a source code library at the front end of the CI, and skipping to an authorization interface of a source code library authentication server by a user in a click connection mode;
secondly, the user logs in the source code library system and selects whether to open the authority of the source code library to the CI engine;
then, the authentication server generates a short-term code and redirects the code to a specified url address configured by the system in a url mode;
next, exchanging the token access _ token from the system to a source code library authentication server by using the returned code information;
finally, the authentication server returns an authorized access _ token to the CI engine, and the token can be used for normally accessing corresponding information of the source code library; it should be noted that the token is not the same token type as the token manually obtained from the source code library by the user, and their authentication mode is different; differentiation is required when different token types are used;
the method of the invention uses an authorization code mode for authentication, wherein the authorization code mode is a mode with the most detailed and rigorous step flow;
the user accesses the client, the latter leads the former to the authentication server, and supposing that the user gives authorization, the authentication server leads the user to a 'redirection URI' (redirection URI) which is specified in advance by the client, and meanwhile, an authorization code is attached;
the client receives the authorization code, attaches the previous "redirect URI", applies for a token to the authentication server: GET/oauth/token response _ type ═ code & client _ id ═ test & redirect _ uri ═ redirect page link; the code authorization code is successfully returned when the request is made, and the general effective time is 10 minutes;
the authentication server checks the authorization code and the redirect URI, and sends an access token and the redirect URI to the client after the authentication server confirms that the authorization code and the redirect URI are correct
Updating the token;
by using the invention, a solution for single sign-on authentication of the three-party source code library is provided for the user; a one-key login mode is adopted for each user, so that the operation flow is greatly optimized, and the efficiency is improved;
further, the specific steps of the S1 using the CI engine as a third player to guide the user to jump to the authorization interface of the authentication server are as follows:
s101, establishing a link of an interface open skip source code library authentication address at the front end of the CI;
s102, guiding a user to jump to an authorization interface of the authentication service;
parameters need to be carried when the jump is guided: response _ type: a type of authorization; in the authorization code mode, the code is fixed; app _ id: an identity id of the third party application; redirect _ uri: redirecting uri, namely an address for the authentication server to redirect the user after successful authorization; scope: an authorization scope; and state: a transparent verification parameter;
further, the specific steps of the S3 authentication server generating a code and redirecting the user to the designated url are as follows:
s301, the authentication server generates a short-term code;
s302, redirecting the code to a specified url address configured by the system in a url mode;
further, the S4CI engine uses the returned code information to exchange code for token at the authentication server;
s401CI verifying the correctness of the engine statec parameter;
s402, exchanging the token access _ token from the source code library authentication server by using the code information;
still further, the step of the S5 authentication server returning the authorized access _ token to the CI engine is as follows:
s501, verifying the legitimacy of the unique parameter of the authentication server;
s502 generates a globally unique access token and returns it to the CI engine.
The second embodiment:
a system for constructing and acquiring three-party resource authentication based on a CI engine specifically comprises an interface skip module, an authorization confirmation module and an authentication operation module:
an interface skip module: using the CI engine as a third player to guide the user to jump to an authorization interface of the authentication server;
an authorization confirmation module: a user logs in a source code library system and selects whether to open the authority of the source code library to a CI engine;
an authentication operation module: the authentication server generates a code and redirects the user to the specified url; '
A token redemption module: using the returned code information in the CI engine to the position where the code is used to be the authentication server for exchanging for the token;
an information return module: the authentication server will return the authorization access token to the CI engine;
further, the interface jump module specifically includes a link opening module and a jump operation module:
a link opening module: constructing a link of an interface open skip source code library authentication address at the front end of the CI;
a skip operation module: guiding the user to jump to an authorization interface of the authentication service;
further, the authentication operation module specifically includes an authorization code generation module and an authentication configuration module:
an authorization code generation module: the authentication server generates a short-term code;
an authentication configuration module: redirecting the code to a specified url address configured by the system in a url mode;
further, the token redemption module specifically includes a parameter verification module and a redemption operation module:
a parameter verification module: the correctness of the CI engine statec parameter is verified;
the conversion operation module: exchanging the token access _ token at the source code library authentication server by using the code information;
still further, the information returning module specifically includes a legal verification module and a returning operation module:
a legal verification module: verifying the legality of the unique parameters of the authentication server;
returning to the operation module: a globally unique access token is generated and returned to the CI engine.
Finally, it should be noted that: the above examples are only intended to illustrate the technical solution of the present invention, but not to limit it; although the present invention has been described in detail with reference to the foregoing embodiments, it should be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; and such modifications or substitutions do not depart from the spirit and scope of the corresponding technical solutions of the embodiments of the present invention.
Claims (10)
1. A method for constructing and acquiring three-party resource authentication based on a CI engine is characterized by comprising the following specific steps:
s1, using the CI engine as a third player to guide the user to jump to the authorization interface of the authentication server;
s2, the user logs in the source code library system and selects whether to open the authority of the source code library to the CI engine;
s3 the authentication server generates a code and redirects the user to the specified url; '
The returned code information is used in the S4CI engine to the position of the authentication server for exchanging the token;
s5 the authentication server returns an authorization access token to the CI engine.
2. The method as claimed in claim 1, wherein the step of S1 using the CI engine as a third player to guide the user to jump to the authorization interface of the authentication server comprises the following steps:
s101, establishing a link of an interface open skip source code library authentication address at the front end of a CI;
s102, guiding the user to jump to an authorization interface of the authentication service.
3. The method as claimed in claim 2, wherein the step of S3 generating a code by the authentication server and redirecting the user to the designated url comprises the steps of:
s301, the authentication server generates a short-term code;
s302 redirects the code to a specified url address of the system configuration in a url mode.
4. The method as claimed in claim 3, wherein the returned code information is used in the S4CI engine to exchange code for token;
s401CI verifying the correctness of the engine statec parameter;
s402, exchanging the token access _ token to the source code library authentication server by using the code information.
5. The method as claimed in claim 4, wherein the step of the S5 authentication server returning the authorized access token to the CI engine comprises the following steps:
s501, verifying the legitimacy of the unique parameter of the authentication server;
s502 generates a globally unique access token and returns it to the CI engine.
6. A system for constructing and acquiring three-party resource authentication based on a CI engine is characterized by specifically comprising an interface skip module, an authorization confirmation module, an authentication operation module:
an interface skip module: using the CI engine as a third player to guide the user to jump to an authorization interface of the authentication server;
an authorization confirmation module: a user logs in a source code library system and selects whether to open the authority of the source code library to a CI engine;
an authentication operation module: the authentication server generates a code and redirects the user to the specified url; '
A token redemption module: using the returned code information in the CI engine to the position where the code is used to be the authentication server for exchanging for the token;
an information return module: the authentication server will return the authorization access token to the CI engine.
7. The system as claimed in claim 6, wherein the interface jump module specifically includes a link opening module and a jump operation module:
a link opening module: constructing a link of an interface open skip source code library authentication address at the front end of the CI;
a skip operation module: and guiding the user to jump to an authorization interface of the authentication service.
8. The system according to claim 7, wherein the authentication operation module specifically includes an authorization code generation module and an authentication configuration module:
an authorization code generation module: the authentication server generates a short-term code;
an authentication configuration module: and redirecting the code to a specified url address of the system configuration in a url mode.
9. The method as claimed in claim 8, wherein the token redemption module specifically comprises a parameter validation module and a redemption operation module:
a parameter verification module: the correctness of the CI engine statec parameter is verified;
the conversion operation module: and exchanging the token access _ token to the source code library authentication server by using the code information.
10. The system of claim 9, wherein the information return module specifically comprises a legality verification module and a return operation module:
a legal verification module: verifying the legality of the unique parameters of the authentication server;
returning to the operation module: a globally unique access token is generated and returned to the CI engine.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210209720.3A CN114745124A (en) | 2022-03-03 | 2022-03-03 | Method and system for establishing and acquiring three-party resource authentication based on CI engine |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210209720.3A CN114745124A (en) | 2022-03-03 | 2022-03-03 | Method and system for establishing and acquiring three-party resource authentication based on CI engine |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN114745124A true CN114745124A (en) | 2022-07-12 |
Family
ID=82275477
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210209720.3A Pending CN114745124A (en) | 2022-03-03 | 2022-03-03 | Method and system for establishing and acquiring three-party resource authentication based on CI engine |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114745124A (en) |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20140033279A1 (en) * | 2012-07-25 | 2014-01-30 | Oracle International Corporation | System and method of extending oauth server(s) with third party authentication/authorization |
| CN106936853A (en) * | 2017-04-26 | 2017-07-07 | 河海大学 | A kind of system-oriented integrated cross-domain single login system and method |
| CN111010375A (en) * | 2019-11-28 | 2020-04-14 | 浪潮金融信息技术有限公司 | Distributed authentication and authorization method for allowing third-party application to access resources |
| CN111988318A (en) * | 2020-08-21 | 2020-11-24 | 上海浦东发展银行股份有限公司 | Authorization authentication system and method thereof |
| CN112328263A (en) * | 2020-11-26 | 2021-02-05 | 杭州安恒信息安全技术有限公司 | Jenkins-based front-end project deployment method and device in intranet environment |
| US11238138B1 (en) * | 2019-11-08 | 2022-02-01 | BlueOwl, LLC | Systems and methods to facilitate authorization key obfuscation validation |
-
2022
- 2022-03-03 CN CN202210209720.3A patent/CN114745124A/en active Pending
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20140033279A1 (en) * | 2012-07-25 | 2014-01-30 | Oracle International Corporation | System and method of extending oauth server(s) with third party authentication/authorization |
| CN106936853A (en) * | 2017-04-26 | 2017-07-07 | 河海大学 | A kind of system-oriented integrated cross-domain single login system and method |
| US11238138B1 (en) * | 2019-11-08 | 2022-02-01 | BlueOwl, LLC | Systems and methods to facilitate authorization key obfuscation validation |
| CN111010375A (en) * | 2019-11-28 | 2020-04-14 | 浪潮金融信息技术有限公司 | Distributed authentication and authorization method for allowing third-party application to access resources |
| CN111988318A (en) * | 2020-08-21 | 2020-11-24 | 上海浦东发展银行股份有限公司 | Authorization authentication system and method thereof |
| CN112328263A (en) * | 2020-11-26 | 2021-02-05 | 杭州安恒信息安全技术有限公司 | Jenkins-based front-end project deployment method and device in intranet environment |
Non-Patent Citations (1)
| Title |
|---|
| 快看大灰机: "CodeIgniter中的auth权限管理,鉴权写法,CI", Retrieved from the Internet <URL:https://blog.csdn.net/u014391889/article/details/91128692> * |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN106612290B (en) | Cross-domain single sign-on method oriented to system integration | |
| CN102710640B (en) | Authorization requesting method, device and system | |
| US7827318B2 (en) | User enrollment in an e-community | |
| US7665127B1 (en) | System and method for providing access to protected services | |
| EP2558973B1 (en) | Streaming insertion of tokens into content to protect against csrf | |
| CN110147240B (en) | Cloud storage-based application program installation method, system and storage medium | |
| CN111475795A (en) | Method and device for unified authentication and authorization facing to multiple applications | |
| WO2016173199A1 (en) | Mobile application single sign-on method and device | |
| CN104065616A (en) | Single sign-on method and system | |
| CN112800411B (en) | Multi-protocol and multi-mode supporting safe and reliable identity authentication method and device | |
| CN1668998A (en) | Application generator | |
| CN110958119A (en) | Identity verification method and device | |
| CN107196909A (en) | Invitation registration method and device | |
| WO2023093500A1 (en) | Access verification method and apparatus | |
| CN110708313B (en) | System supporting multi-mode single sign-on | |
| CN110944021A (en) | Method and system for campus unified authentication and single sign-on | |
| CN101714993B (en) | P2P verification system, P2P verification method and BOSS server | |
| CN112131535B (en) | Integrated small program authorization method for multi-deployment environment | |
| CN114745124A (en) | Method and system for establishing and acquiring three-party resource authentication based on CI engine | |
| CN115225354A (en) | Multi-application single sign-on method, device, computer equipment and medium | |
| CN115310067A (en) | Login method and device, storage medium and electronic equipment | |
| CN111245803B (en) | Method for acquiring MAC address of computer equipment through browser | |
| CN110177096B (en) | Client authentication method, device, medium and computing equipment | |
| CN112632491A (en) | Method for realizing account system shared by multiple information systems | |
| CN112364308A (en) | Online authorized android APK signature method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |