CN118381626A - Inter-application authentication method, device and readable storage medium - Google Patents
Inter-application authentication method, device and readable storage medium Download PDFInfo
- Publication number
- CN118381626A CN118381626A CN202410358404.1A CN202410358404A CN118381626A CN 118381626 A CN118381626 A CN 118381626A CN 202410358404 A CN202410358404 A CN 202410358404A CN 118381626 A CN118381626 A CN 118381626A
- Authority
- CN
- China
- Prior art keywords
- application
- authentication
- request
- information
- authentication center
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 65
- 238000012795 verification Methods 0.000 claims abstract description 95
- 238000013475 authorization Methods 0.000 claims description 53
- 238000004590 computer program Methods 0.000 claims description 5
- 230000005540 biological transmission Effects 0.000 description 9
- 238000004891 communication Methods 0.000 description 9
- 230000009286 beneficial effect Effects 0.000 description 8
- 230000000875 corresponding effect Effects 0.000 description 7
- 230000008569 process Effects 0.000 description 6
- 238000012423 maintenance Methods 0.000 description 5
- 238000011161 development Methods 0.000 description 4
- 238000010586 diagram Methods 0.000 description 4
- 230000006870 function Effects 0.000 description 3
- 230000003993 interaction Effects 0.000 description 3
- 238000005516 engineering process Methods 0.000 description 2
- 230000003287 optical effect Effects 0.000 description 2
- 238000012545 processing Methods 0.000 description 2
- 230000004044 response Effects 0.000 description 2
- KLDZYURQCUYZBL-UHFFFAOYSA-N 2-[3-[(2-hydroxyphenyl)methylideneamino]propyliminomethyl]phenol Chemical compound OC1=CC=CC=C1C=NCCCN=CC1=CC=CC=C1O KLDZYURQCUYZBL-UHFFFAOYSA-N 0.000 description 1
- 241000282326 Felis catus Species 0.000 description 1
- 241001614181 Phera Species 0.000 description 1
- 230000009471 action Effects 0.000 description 1
- 238000013459 approach Methods 0.000 description 1
- 238000003491 array Methods 0.000 description 1
- 201000001098 delayed sleep phase syndrome Diseases 0.000 description 1
- 208000033921 delayed sleep phase type circadian rhythm sleep disease Diseases 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 230000037361 pathway Effects 0.000 description 1
- 230000002093 peripheral effect Effects 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
- 238000012360 testing method Methods 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
Landscapes
- Storage Device Security (AREA)
Abstract
The invention relates to an inter-application authentication method, equipment and a readable storage medium, belonging to the technical field of application authentication, wherein the method comprises the following steps: the second application user accesses a sub-application of the first application based on the specific link, and the sub-application of the first application obtains login request information of the second application user and sends the login request information to an authentication center of the first application; the authentication center of the first application sends a unified authentication request to the authentication center of the second application based on the login request information, the authentication center of the second application carries out unified authentication on the login information according to the unified authentication request, and after the authentication passes, the authentication center of the first application sends identity information to the authentication center of the first application; the authentication center of the first application returns the identity information to the sub-application of the first application, the sub-application of the first application performs login verification based on the user information, and after the login verification is passed, the request page is displayed. The scheme has the effect of realizing multi-application authentication under a plurality of authentication centers or application platforms.
Description
Technical Field
The present invention relates to the field of application authentication, and in particular, to a method and apparatus for authentication between applications, and a readable storage medium.
Background
As the application products of the internet are more and more abundant, the accounts of the applications registered by the user are more and more, and the user information corresponding to each account is not necessarily the same. Accordingly, the user information acquired by each server providing the service of the corresponding application is not accurate enough, and thus a method of logging in across applications occurs.
At present, the method for realizing cross-application login is a multi-application authentication method under the same authentication center or application platform, for example, a single sign On (SI NGL E SIGN-On, SSO) technology allows a user to access all authorized applications only by performing a login operation once when using a plurality of applications.
However, for the multi-application authentication method under two or more authentication centers or application platforms, the same account system cannot be used for logging in a plurality of application platforms or application centers, even sub-applications under a plurality of application platforms, and the multi-account system is maintained in the case of wide micro-service application today, which means that the account synchronization problem under different account systems needs to be maintained, thus adding additional burden to operation and maintenance and seriously affecting the development efficiency of a new system.
Disclosure of Invention
The technical problems to be solved by the invention are as follows: the multi-application authentication method under a plurality of authentication centers or application platforms is realized.
The technical scheme for solving the technical problems is as follows:
In a first aspect, the present application provides an inter-application authentication method, which is applied to a sub-application of a first application, and adopts the following technical scheme:
an inter-application authentication method applied to a sub-application of a first application, the method comprising:
responding to a page access request sent by a second application user based on a specific link, and performing login verification on the second application user, wherein the specific link is used for triggering a sub-application of the first application to perform login verification;
If the login verification of the second application user fails, redirecting the second application user to a login page of the first application;
acquiring login request information input by the second application user through the login page, and sending the login request information to an authentication center of the first application, wherein the login request information comprises an account name, a password and a unified authentication identifier;
Acquiring user information returned by an authentication center of the first application according to the login request information so as to perform login verification based on the user information;
and if the login verification of the second application user is passed, displaying a request page to the second application user.
The beneficial effects of the invention are as follows: and verifying the second application user information through the authentication center, wherein only the authorized and authenticated second application user can access the sub-application of the first application and the first application. User information management is performed through a unified authentication center, so that user data synchronization and maintenance work among a plurality of applications are simplified. The unified login verification flow reduces the complexity of system maintenance, improves the management efficiency and accuracy, realizes a multi-application authentication method under a plurality of authentication centers or application platforms, ensures the uniqueness of an account system and ensures that the account system is easy to maintain.
Further, the sending the login request information to the authentication center of the first application includes:
encrypting the login request based on a first preset public key, and sending the encrypted login request information to an authentication center of the first application, wherein the first preset public key is a public key of the authentication center of the first application.
The beneficial effects of adopting the further scheme are as follows: the login request information is ensured to be encrypted in the transmission process through asymmetric encryption, so that the data is prevented from being intercepted or tampered in the transmission process. It is ensured that the login request information is indeed sent to the authentication center of the first application instead of being redirected to another malicious server.
Further, the logging in based on the user information includes:
and generating a session token based on the user information to log in according to the session token, wherein the session token is used for identifying the session state of the second application user.
The beneficial effects of adopting the further scheme are as follows: the session token is a unique identifier assigned to the user by the system after he has logged in and is used to verify the identity and session state of the user in a subsequent request. The use of session tokens may reduce security risks due to password leakage or guessing as compared to traditional authentication approaches based on user names and passwords. The use of session tokens allows a user to access different parts of an application or perform different operations without having to log in repeatedly over a period of time. This reduces the trouble of frequent user name and password input by the user, and improves the usability and user experience of the application. By means of the session token, the system can easily track and manage the session state of the user. For example, the system may determine whether the user has logged in, whether the session has expired, etc., based on the session token, and take corresponding action accordingly, such as automatically extending the session time or prompting the user to re-login.
In a second aspect, the present application provides an inter-application authentication method, applied to an authentication center of a first application, and adopting the following technical scheme:
Acquiring login request information sent by a sub-application of a first application, wherein the login request information comprises an account name, a password and a unified authentication identifier;
Based on the login request information, a unified authentication request is sent to an authentication center of a second application, wherein the unified authentication request carries an authorization information identifier, and the authorization information identifier is used for authorizing the authentication center of the second application to verify the unified authentication request;
acquiring an authorization code sent by an authentication center of the second application based on the authorization information identifier;
Generating a first request based on the authorization code, and acquiring verification information from an authentication center of the second application based on the first request, wherein the verification information comprises an access token;
Performing first effective verification on the verification information, after the first effective verification of the verification information passes, generating a second request based on the verification information, and acquiring identity information from an authentication center of the second application based on the second request, wherein the second request carries the access token and the account name;
and sending the identity information to a sub-application of the first application to perform login verification based on the user information.
The beneficial effects of the invention are as follows: user identity authentication and authority management among different applications are realized through interaction between an authentication center of a first application and an authentication center of a second application, and the authentication center can ensure the authenticity and reliability of the user identity by verifying the identity information sent by the authentication center of the second application. After the authentication passes, the authentication center sends the authentication information to the sub-application of the first application, so that the sub-application can accurately identify and manage the user, different applications can share the user information, a multi-application authentication method under a plurality of authentication centers or application platforms is realized, the uniqueness of an account system is ensured, and the account system is easy to maintain.
Further, before the step of sending a unified authentication request to the authentication center of the second application based on the login request information, the unified authentication request carries the authorization information identifier, the method further includes:
and sending a configuration request to an authentication center of the second application, wherein the configuration request comprises an application account of the first application.
The beneficial effects of adopting the further scheme are as follows: before a unified authentication request is sent, a connection is established between the configuration request and an authentication center of a second application, key information such as an application account number is transmitted, automatic configuration and authorization management among the applications are realized, and development is facilitated.
Further, the obtaining login request information sent by the sub-application of the first application includes:
Decrypting the encrypted login request information sent by the sub-application of the first application based on a preset private key to obtain the login request information;
the sending a unified authentication request to an authentication center of the second application based on the login request information comprises the following steps:
encrypting the unified authentication request based on a second preset public key, and sending the encrypted unified authentication request to an authentication center of the second application, wherein the second preset public key is the public key of the authentication center of the second application.
The beneficial effects of adopting the further scheme are as follows: the encrypted login request information is decrypted by using the preset private key, so that the content of the login request information can be ensured to be correctly acquired only by an authentication center with the corresponding private key. This effectively prevents data from being illegally intercepted and parsed during transmission.
In a third aspect, the present application provides an inter-application authentication method, which is applied to an authentication center of a second application, and adopts the following technical scheme:
an inter-application authentication method applied to an authentication center of a second application, the method comprising:
Acquiring an authentication center of a first application and sending a unified authentication request, wherein the unified authentication request carries an authorization information identifier;
Carrying out authentication on a first application user based on the authorization information identifier, and generating an authorization code after the authentication of the first application user passes;
Transmitting the authorization code to an authentication center of a second application, and receiving a first request transmitted by the authentication center of the first application based on the authorization code;
Performing second valid verification on the first request, and generating verification information after the second valid verification of the first request passes, wherein the verification information comprises an access token;
acquiring a second request generated by an authentication center of the first application based on the access token and the account name;
And carrying out third effective verification on the second request, inquiring identity information associated with the account name based on the account name after the third effective verification of the second request is passed, and sending the identity information to an authentication center of the first application so as to carry out login verification based on the user information.
The beneficial effects of the invention are as follows: the authentication center of the second application performs identity authentication on the first application user through the authentication authorization information identifier, so that only authorized users can access the resources of the second application, and unauthorized access and data leakage are effectively prevented. In the authentication and request authentication processes, mechanisms such as authorization codes, access tokens and the like are used, so that the security and reliability of the authentication process are further enhanced, and the potential security risk is reduced. By querying identity information associated with the account name based on the account name and sending the identity information to an authentication center of the first application. User identity management and information sharing among the cross-application are realized, a multi-application authentication method under a plurality of authentication centers or application platforms is realized, the uniqueness of the account system is ensured, and the account system is easy to maintain.
Further, before the authentication center for acquiring the first application sends the unified authentication request, the method further includes:
and receiving a configuration request sent by an authentication center of the first application, and adding an application account of the first application to an authorization list.
The beneficial effects of adopting the further scheme are as follows: before the unified authentication request is acquired, a connection is established between the configuration request and an authentication center of the second application, key information such as an application account number is added to the system, automatic configuration and authorization management among the applications are realized, and development is facilitated.
In a fourth aspect, the present application provides an electronic device, which adopts the following technical scheme:
an electronic device comprising a memory and a processor, the memory having stored thereon a computer program capable of being loaded by the processor and executing the inter-application authentication method according to any one of the first, second and third aspects.
In a fifth aspect, the present application provides a computer readable storage medium, which adopts the following technical solutions:
a computer-readable storage medium storing a computer program capable of being loaded by a processor and executing the inter-application authentication method according to any one of the first aspect, the second aspect, and the third aspect.
Drawings
FIG. 1 is a schematic diagram of an inter-application authentication method of the present invention;
FIG. 2 is a schematic flow chart of an inter-application authentication method of the present invention applied to a sub-application of a first application;
FIG. 3 is a schematic flow chart of an inter-application authentication method of the present invention applied to an authentication center of a first application;
FIG. 4 is a schematic flow chart of an inter-application authentication method of the present invention applied to an authentication center of a second application;
fig. 5 is a block diagram of an electronic device according to the present invention.
Detailed Description
The present application will be described in further detail with reference to the accompanying drawings.
For the purpose of making the objects, technical solutions and advantages of the embodiments of the present application more apparent, the technical solutions of the embodiments of the present application will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present application, and it is apparent that the described embodiments are some embodiments of the present application, but not all embodiments of the present application. All other embodiments, which can be made by those skilled in the art based on the embodiments of the application without making any inventive effort, are intended to be within the scope of the application.
In addition, the terms "first," "second," are used for descriptive purposes only and are not to be construed as indicating or implying relative importance or implicitly indicating the number of technical features indicated. Thus, a feature defining "a first" or "a second" may explicitly or implicitly include at least one such feature. In the description of the present invention, the meaning of "plurality" means at least two, for example, two, three, etc., unless specifically defined otherwise.
Fig. 1 is a schematic diagram of an authentication method between applications according to the present invention.
As shown in fig. 1, the second application user client accesses the page of the sub-application of the first application, and the second application user requests the page of the sub-application of the first application to be transferred to the first application because the second application user does not have a login state, and the second application user cannot directly complete authentication with the first application to access the sub-application of the first application because the second application user does not belong to the first application. It should be noted that, the first application is a main application, and the first application has a plurality of sub-applications, in the present application, each sub-application has different functions and rights, for example, the first application may be a comprehensive online shopping platform, and the sub-applications of the first application may be a shopping cart management sub-application, an order management sub-application, a commodity searching sub-application, and the like. The second application is another independent application.
Fig. 2 is a flow chart of an inter-application authentication method applied to a sub-application of a first application according to an embodiment of the present application.
As shown in fig. 1 and 2, the main flow of the method is described as follows (steps S11 to S14):
Step S11, a sub-application of a first application responds to a page access request sent by a second application user based on a specific link, and carries out login verification on the second application user, wherein the specific link is used for triggering the sub-application of the first application to carry out login verification;
step S12, if the login verification of the second application user fails, redirecting the second application user to a login page of the first application;
step S13, obtaining login request information input by the second application user through a login page, and sending the login request information to an authentication center of the first application, wherein the login request information comprises an account name, a password and a unified authentication identifier;
Step S14, user information returned by the authentication center of the first application according to the login request information is obtained, so that login verification is performed based on the user information;
And step S15, if the login verification of the second application user is passed, displaying a request page to the second application user.
In the embodiment of the application, the specific link is a URL pointing to a sub-application of the first application, which contains parameters required to trigger login authentication.
The second application user accesses the page of the sub-application of the first application through the client, the second application user can access the page by clicking a specific link website at the client, the specific link can be https:// sub_app_b.com/i ndex, the sub-application of the second application responds to the specific link triggering action of the second application user to carry out login verification on the second application user, and the login verification comprises the step of checking the session state, the token or the user information of the user and the like.
If the login verification of the second application user fails (e.g., the user is not logged in, or the login status has expired), the sub-application of the first application will redirect the second application user to the login page of the first application, which is a standard form page for the user to enter account name, password, and check out the unified authentication.
On the login page, the second application user inputs login request information, wherein the login request comprises an account name, a password and a unified authentication identifier. The sub-application of the first application receives the login request information and sends the login request to the authentication center of the first application for verification. Wherein the request address may be https://app_b.com/br i dgeusername=username&type=remote_auth&red i r ect_ur l=http://sub_app_b.com/remote_auth.
The authentication center is a component responsible for handling login requests, verifying user identity and authorizing access rights.
The authentication center of the first application forwards the login request information to the authentication center of the second application after receiving the login request information, and the authentication center of the second application performs verification operations, such as checking whether the account name and the password are matched, and whether the user has authority to access the requested resource. If the verification is passed, the authentication center of the second application will send user information (such as a user name, a user role, a right, etc.) to the authentication center of the first application, and the authentication center of the first application returns the user information to the sub-application. The sub-application performs login verification again based on user information to ensure that the user has access to the requested page, once verification is passed, the sub-application can display the requested page to a second application user, and the sub-application generates a session token based on the user information to perform filling of a login state according to the session token, wherein the session token is used for identifying the session state of the second application user, and when the second application user performs login again, the login state can be filled by verifying the session token, different parts of the application can be accessed or different operations can be executed without repeated login, so that the trouble that the user frequently inputs user names and passwords is reduced, and the usability and user experience of the application are improved.
The session state refers to the interaction state and information between the user and the application program during a specific user session, and includes the identity, authority, starting time and ending time of the session, and operations performed by the user during the session.
In the transmission process, the first application, the sub-application of the first application and the second application perform data transmission based on the HTTPS connection, and agree on an encryption mode, and asymmetric encryption is adopted, a public key of the first application is issued to the second application, the second application encrypts the transmitted information by using the public key, and after receiving a return value of the second application, the first application performs decryption operation by using its own private key, thereby obtaining plaintext information. The plain text format is stored using the json data format commonly used in requests.
Specifically, the sending the login request information to the authentication center of the first application includes:
The sub-application of the first application encrypts the login request based on a first preset public key, and sends the encrypted login request information to an authentication center of the first application, wherein the first preset public key is a public key of the authentication center of the first application. And the public key and the private key carry out encryption operation on the transmission data by using an https transmission mode and an asymmetric encryption mode for the data in the transmission process, so that the security of the data transmission process is ensured.
Fig. 3 is a schematic flow chart of an inter-application authentication method applied to an authentication center of a first application according to an embodiment of the present application.
As shown in fig. 1 and 3, the main flow of the method is described as follows (steps S21 to S26):
Step S21, obtaining login request information sent by a sub-application of a first application, wherein the login request information comprises an account name, a password and a unified authentication identifier;
Step S22, based on the login request information, a unified authentication request is sent to an authentication center of a second application, wherein the unified authentication request carries an authorization information identifier, and the authorization information identifier is used for verifying the source, authority and validity of the unified authentication request by the authentication center of the second application;
step S23, acquiring an authorization code sent by an authentication center of the second application based on the authorization information identifier;
Step S24, generating a first request based on the authorization code, and acquiring verification information from an authentication center of the second application based on the first request, wherein the verification information comprises an access token;
Step S25, performing first effective verification on the verification information, generating a second request based on the verification information after the first effective verification of the verification information is passed, and acquiring identity information from an authentication center of the second application based on the second request, wherein the second request carries the access token and the account name;
Step S26, the identity information is sent to a sub-application of the first application to perform login verification based on the user information.
In the embodiment of the application, when the sub-application of the first application receives the login request information of the second application user, the sub-application of the first application sends the login request information to the authentication center of the first application for processing. The sub-application of the first application receives the login request information, starts the unified authentication operation, and sends a unified authentication request to an authentication center of the first application, wherein the request address can be https:// app_a.com/oauthtype =code & red i rect_url=https:// app_b.com/remote_auth. The purpose of the request is to confirm the login status of the user. To ensure the security of the request, the request will carry an identification of the authorization information, which is typically an encrypted token or signature, used to verify the origin and integrity of the request.
And after receiving the unified authentication request, the authentication center of the second application verifies based on the authorization information identifier. If the verification is passed, the code is sent back to the authentication center of the first application. The forwarded address may be https:// app_b.com/remote_auth and carries a code parameter, the code is a random string, the length is not limited, the code is used to obtain the basis that the request token access_token can be obtained from the authentication center of the second application, and the code can only be used once, and the plaintext is transmitted.
The authentication center of the second application, upon receiving the code, uses it to generate a first request. This request is sent to the authentication center of the second application in order to obtain verification information, including the access token. An access token is a credential for accessing a protected resource that has a timeliness and scope of restriction. The access_token is a random string, and is stored by the authentication center of the second application, and ensures that the access_token is unique and valid for the first application in the function of acquiring user information, and the access_token usually sets an expiration time, for example, 2 hours, and needs to be acquired again by the first application to the second application after the access_token fails.
After the authentication center of the first application obtains the verification information, the authentication center performs first effective verification on the verification information to confirm the authenticity and the validity of the information. If the verification is passed, the authentication center of the first application generates a second request based on the verification information, in particular the access token, and sends it again to the authentication center of the second application. To obtain user identity information such as user name, role, etc. The second request includes the account name in addition to the access token, so that the authentication center of the second application can accurately locate and return the corresponding identity information. And then the authentication center of the first application sends the acquired identity information back to the sub-application of the first application. Thus, the sub-application can perform operations such as login verification, authorization and resource access control of the user based on the information.
In the application, the premise that the authentication center of the first application forwards the unified authentication request of the user is that the first application has completed registration in the second application.
Specifically, before sending a unified authentication request to the authentication center of the second application based on the login request information, the method further includes: and sending a configuration request to an authentication center of the second application, wherein the configuration request comprises an application account number of the first application and allows the authentication center of the second application to perform authority verification and configuration according to the account number. And after receiving the configuration request, the authentication center of the second application verifies whether the application account number in the authentication center is valid. If the verification is passed, generating or acquiring a related authorization information identifier for an authentication center of the first application according to the configuration information of the account. The authorization information identifier is a key credential for a subsequent unified authentication request. After the configuration is completed, the authentication center of the second application sends a configuration response back to the authentication center of the first application. The response answer contains necessary information such as authorization information identification, configuration parameters and the like, so that the subsequent unified authentication request can be smoothly carried out.
Further, the authentication center of the first application decrypts the encrypted login request information sent by the sub-application of the first application based on a preset private key to obtain the login request information;
the sending a unified authentication request to an authentication center of the second application based on the login request information comprises the following steps: encrypting the unified authentication request based on a second preset public key, and sending the encrypted unified authentication request to an authentication center of the second application, wherein the second preset public key is the public key of the authentication center of the second application.
Fig. 4 is a schematic flow chart of an application of an inter-application authentication method on an authentication center of a second application according to an embodiment of the present application.
As shown in fig. 1 and 4, the main flow of the method is described as follows (steps S31 to S36):
Step S31, an authentication center of a first application is acquired to send a unified authentication request, wherein the unified authentication request carries an authorization information identifier;
step S32, carrying out identity verification on the first application user based on the authorization information identifier, and generating an authorization code after the first application user passes the identity verification;
Step S33, the authorization code is sent to an authentication center of a second application, and a first request sent by the authentication center of the first application based on the authorization code is received;
step S34, performing second effective verification on the first request, and generating verification information after the second effective verification of the first request passes, wherein the verification information comprises an access token;
step S35, obtaining a second request generated by an authentication center of the first application based on the access token and the account name;
Step S36, performing a third valid verification on the second request, after the third valid verification of the second request is passed, querying identity information associated with the account name based on the account name, and sending the identity information to an authentication center of the first application to perform login verification based on the user information.
In the embodiment of the application, the authentication center of the second application receives a unified authentication request sent by the authentication center of the first application. The unified authentication request comprises an authorization information identifier, and after the unified authentication request is received, the authentication center of the second application can carry out identity verification on the user of the first application based on the authorization information identifier, wherein the identity verification comprises the steps of checking the account state, authority and other information of the user, so that the user is legal and authorized to log in across applications.
If the verification is passed, the authentication center generates an authorization code, which is an important credential for acquiring verification information in a subsequent step. The authentication center of the second application sends it back to the authentication center of the first application. At the same time, the authentication center may be ready to accept the first request sent by the authentication center of the first application based on the authorization code. The first request is to obtain further authentication information in order to complete login authentication across applications. When the first request is received, the authentication center of the second application performs a second effective verification on the first request, including checking the format of the request, the validity of the authorization code, and the like. If the verification is passed, the authentication center generates an access token, and after generating the verification information, the authentication center of the second application waits for a second request sent by the authentication center of the first application based on the access token and an account name, wherein the account name is a unique identification of the user. The second request is to obtain identity information associated with the account name so that the first application can identify and manage the user. After receiving the second request, the authentication center of the second application performs second validity verification to ensure validity and legitimacy of the request. If the verification is passed, the authentication center queries corresponding identity information according to the account name and sends the information back to the authentication center of the first application. In this way, the first application can complete login authentication and authorization operations of the user based on the information. If the verification is not passed, an error is returned.
In the application, before the authentication center of the second application obtains the unified authentication request sent by the authentication center of the first application, the authentication center of the second application further comprises: and receiving a configuration request sent by an authentication center of the first application, and adding an application account of the first application to an authorization list. Once the application account of the first application is successfully added to the authorization list, the configuration process is completed. Through such a configuration process, a trust relationship is established between the authentication centers of the two applications, and it is ensured that only authorized applications can initiate an effective cross-application login verification request. The automatic configuration and authorization management among the applications are realized, and the development is convenient.
The method realizes user identity authentication and authority management between different applications by interaction between the authentication center of the first application and the authentication center of the second application, and only the authorized authenticated second application user can access the sub-application of the first application and the first application. User information management is performed through a unified authentication center, so that user data synchronization and maintenance work among a plurality of applications are simplified. The unified login verification flow reduces the complexity of system maintenance, improves the management efficiency and accuracy, realizes a multi-application authentication method under a plurality of authentication centers or application platforms, ensures the uniqueness of an account system and ensures that the account system is easy to maintain.
Fig. 5 is a block diagram of an electronic device 300 according to an embodiment of the application.
As shown in fig. 5, the electronic device 300 includes a processor 301 and a memory 302, and may further include one or more of an information input/information output (I/O) interface 303 and a communication component 304.
Wherein the processor 301 is configured to control the overall operation of the electronic device 300 to complete all or part of the steps in the authentication method between applications described above; the memory 302 is used to store various types of data to support operation at the electronic device 300, which may include, for example, instructions for any application or method operating on the electronic device 300, as well as application-related data. The Memory 302 may be implemented by any type or combination of volatile or non-volatile Memory devices, such as one or more of static random access Memory (Stat i c Random Access Memory, SRAM), electrically erasable programmable Read-only Memory (E L ECTR I CA L L Y Erasab l e Programmab l e Read-On y Memory, EEPROM), erasable programmable Read-only Memory (Erasab l e Programmab l e Read-On y Memory, EPROM), programmable Read-only Memory (Programmab l e Read-On y Memory, PROM), read-only Memory (Read-On l yMemory, ROM), magnetic Memory, flash Memory, magnetic disk, or optical disk.
The I/O interface 303 provides an interface between the processor 301 and other interface modules, which may be a keyboard, mouse, buttons, etc. These buttons may be virtual buttons or physical buttons. The communication component 304 is used to test wired or wireless communication between the electronic device 300 and other devices. Wireless communication, such as Wi-F i, bluetooth, near field communication (NEAR F I E L D Commun i cat i on, NFC for short), 2G, 3G, or 4G, or a combination of one or more thereof, the corresponding communication component 304 may thus comprise: wi-F i parts, bluetooth parts, NFC parts.
Communication bus 305 may include a pathway to transfer information between the aforementioned components. The communication bus 305 may be a PC I (PER I PHERA L Component I nterconnect, peripheral component interconnect standard) bus or an eisa (Extended I ndustry STANDARD ARCH itecture ) bus, or the like. The communication bus 305 may be divided into an address bus, a data bus, a control bus, and the like.
The electronic device 300 may be implemented by one or more application specific integrated circuits (APP L I CAT I on SPEC I FI C I NTEGRATED CI rcu I t, abbreviated AS ic), digital signal processors (D I GITA L S I GNA L Processor, abbreviated AS DSP), digital signal processing devices (D I G ITA L S I GNA L Processor I NG DEV I CE, abbreviated AS DSPD), programmable logic devices (Programmab l e Logi C Dev I ce, abbreviated AS PLD), field programmable gate arrays (F I e l d Programmab L E GATE ARRAY, abbreviated AS FPGA), controllers, microcontrollers, microprocessors, or other electronic components for performing the inter-application authentication methods AS set forth in the above embodiments.
The electronic device 300 may include, but is not limited to, a mobile terminal such as a digital broadcast receiver, a PDA (personal digital assistant), a PMP (portable multimedia player), etc., and a fixed terminal such as a digital TV, a desktop computer, etc., and may also be a server, etc.
The following describes a computer readable storage medium provided in an embodiment of the present application, and the computer readable storage medium described below and the authentication method described above may be referred to correspondingly.
The application also provides a computer readable storage medium, on which a computer program is stored, which when executed by a processor implements the steps of the authentication method between applications described above.
The computer readable storage medium may include: u disk, removable hard disk, read-only memory (R ead-On l yMemory, ROM), random access memory (Random Access Memory, RAM), magnetic or optical disk, etc.
The terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus.
The above description is only illustrative of the preferred embodiments of the present application and of the principles of the technology employed. It will be appreciated by persons skilled in the art that the scope of the application is not limited to the specific combinations of the features described above, but also covers other embodiments which may be formed by any combination of the features described above or their equivalents without departing from the spirit of the application. Such as the above-mentioned features and the technical features having similar functions (but not limited to) applied for in the present application are replaced with each other.
Claims (10)
1. An inter-application authentication method, applied to a sub-application of a first application, the first application including a plurality of sub-applications, the method comprising:
responding to a page access request sent by a second application user based on a specific link, and performing login verification on the second application user, wherein the specific link is used for triggering a sub-application of the first application to perform login verification;
If the login verification of the second application user fails, redirecting the second application user to a login page of the first application;
acquiring login request information input by the second application user through the login page, and sending the login request information to an authentication center of the first application, wherein the login request information comprises an account name, a password and a unified authentication identifier;
Acquiring user information returned by an authentication center of the first application according to the login request information so as to perform login verification based on the user information;
and if the login verification of the second application user is passed, displaying a request page to the second application user.
2. The method for authenticating applications according to claim 1, wherein the step of transmitting the login request information to the authentication center of the first application comprises:
encrypting the login request based on a first preset public key, and sending the encrypted login request information to an authentication center of the first application, wherein the first preset public key is a public key of the authentication center of the first application.
3. The method for authentication between applications according to claim 1, wherein said logging in based on said user information comprises:
and generating a session token based on the user information to log in according to the session token, wherein the session token is used for identifying the session state of the second application user.
4. An inter-application authentication method, applied to an authentication center of a first application, the method comprising:
Acquiring login request information sent by a sub-application of a first application, wherein the login request information comprises an account name, a password and a unified authentication identifier;
Based on the login request information, a unified authentication request is sent to an authentication center of a second application, wherein the unified authentication request carries an authorization information identifier, and the authorization information identifier is used for authorizing the authentication center of the second application to verify the unified authentication request;
acquiring an authorization code sent by an authentication center of the second application based on the authorization information identifier;
Generating a first request based on the authorization code, and acquiring verification information from an authentication center of the second application based on the first request, wherein the verification information comprises an access token;
Performing first effective verification on the verification information, after the first effective verification of the verification information passes, generating a second request based on the verification information, and acquiring identity information from an authentication center of the second application based on the second request, wherein the second request carries the access token and the account name;
and sending the identity information to a sub-application of the first application to perform login verification based on the user information.
5. The method according to claim 4, wherein before sending a unified authentication request to an authentication center of the second application based on the login request information, the unified authentication request carries an authorization information identifier, the method further comprises:
and sending a configuration request to an authentication center of the second application, wherein the configuration request comprises an application account of the first application.
6. The method for authenticating applications according to claim 4, wherein the obtaining login request information sent by the sub-application of the first application includes:
Decrypting the encrypted login request information sent by the sub-application of the first application based on a preset private key to obtain the login request information;
the sending a unified authentication request to an authentication center of the second application based on the login request information comprises the following steps:
encrypting the unified authentication request based on a second preset public key, and sending the encrypted unified authentication request to an authentication center of the second application, wherein the second preset public key is the public key of the authentication center of the second application.
7. An inter-application authentication method applied to an authentication center of a second application, the method comprising:
Acquiring an authentication center of a first application and sending a unified authentication request, wherein the unified authentication request carries an authorization information identifier;
Carrying out authentication on a first application user based on the authorization information identifier, and generating an authorization code after the authentication of the first application user passes;
Transmitting the authorization code to an authentication center of a second application, and receiving a first request transmitted by the authentication center of the first application based on the authorization code;
Performing second valid verification on the first request, and generating verification information after the second valid verification of the first request passes, wherein the verification information comprises an access token;
acquiring a second request generated by an authentication center of the first application based on the access token and the account name;
And carrying out third effective verification on the second request, inquiring identity information associated with the account name based on the account name after the third effective verification of the second request is passed, and sending the identity information to an authentication center of the first application so as to carry out login verification based on the user information.
8. The method for authentication between applications according to claim 7, further comprising, before the authentication center that obtains the first application sends the unified authentication request:
and receiving a configuration request sent by an authentication center of the first application, and adding an application account of the first application to an authorization list.
9. An electronic device comprising a processor coupled to a memory;
The processor is configured to execute a computer program stored in the memory to cause the electronic device to perform the method of any one of claims 1 to 8.
10. A computer readable storage medium comprising a computer program or instructions which, when run on a computer, cause the computer to perform the method of any of claims 1-8.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202410358404.1A CN118381626A (en) | 2024-03-27 | 2024-03-27 | Inter-application authentication method, device and readable storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202410358404.1A CN118381626A (en) | 2024-03-27 | 2024-03-27 | Inter-application authentication method, device and readable storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN118381626A true CN118381626A (en) | 2024-07-23 |
Family
ID=91903040
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202410358404.1A Pending CN118381626A (en) | 2024-03-27 | 2024-03-27 | Inter-application authentication method, device and readable storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN118381626A (en) |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109936579A (en) * | 2019-03-21 | 2019-06-25 | 广东瑞恩科技有限公司 | Single-point logging method, device, equipment and computer readable storage medium |
| CN110612528A (en) * | 2017-05-10 | 2019-12-24 | 微软技术许可有限责任公司 | Securely authenticating an automated program user |
| CN112333198A (en) * | 2020-11-17 | 2021-02-05 | 中国银联股份有限公司 | Secure cross-domain login method, system and server |
| CN113342543A (en) * | 2021-05-24 | 2021-09-03 | 杭州数梦工场科技有限公司 | Authentication center docking method, device, system and storage medium |
| US20220337583A1 (en) * | 2021-04-20 | 2022-10-20 | Toyota Jidosha Kabushiki Kaisha | Authentication system |
-
2024
- 2024-03-27 CN CN202410358404.1A patent/CN118381626A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110612528A (en) * | 2017-05-10 | 2019-12-24 | 微软技术许可有限责任公司 | Securely authenticating an automated program user |
| CN109936579A (en) * | 2019-03-21 | 2019-06-25 | 广东瑞恩科技有限公司 | Single-point logging method, device, equipment and computer readable storage medium |
| CN112333198A (en) * | 2020-11-17 | 2021-02-05 | 中国银联股份有限公司 | Secure cross-domain login method, system and server |
| US20220337583A1 (en) * | 2021-04-20 | 2022-10-20 | Toyota Jidosha Kabushiki Kaisha | Authentication system |
| CN113342543A (en) * | 2021-05-24 | 2021-09-03 | 杭州数梦工场科技有限公司 | Authentication center docking method, device, system and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| KR102429633B1 (en) | Automatic login method and device between multiple websites | |
| CN110324276B (en) | Method, system, terminal and electronic device for logging in application | |
| EP2684330B1 (en) | Method and system for granting access to a secured website | |
| CN111917773B (en) | Service data processing method and device and server | |
| US20210092108A1 (en) | Non-custodial tool for building decentralized computer applications | |
| US20170244676A1 (en) | Method and system for authentication | |
| EP2696557B1 (en) | System and method for accessing third-party applications based on cloud platform | |
| US9197420B2 (en) | Using information in a digital certificate to authenticate a network of a wireless access point | |
| CN110365684B (en) | Access control method and device for application cluster and electronic equipment | |
| CN105991614B (en) | It is a kind of it is open authorization, resource access method and device, server | |
| KR20190028787A (en) | A method and device for providing and obtaining graphics code information, | |
| CN109873805A (en) | Cloud desktop login method, device, equipment and storage medium based on cloud security | |
| AU2003223153A1 (en) | Secure object for convenient identification | |
| US9998288B2 (en) | Management of secret data items used for server authentication | |
| KR20210095093A (en) | Method for providing authentification service by using decentralized identity and server using the same | |
| KR20120080283A (en) | Otp certification device | |
| KR102372503B1 (en) | Method for providing authentification service by using decentralized identity and server using the same | |
| KR102012262B1 (en) | Key management method and fido authenticator software authenticator | |
| US11977620B2 (en) | Attestation of application identity for inter-app communications | |
| US20240089249A1 (en) | Method and system for verification of identify of a user | |
| JP7079528B2 (en) | Service provision system and service provision method | |
| KR20190012026A (en) | System and method for login authentication processing | |
| CN118381626A (en) | Inter-application authentication method, device and readable storage medium | |
| KR102542840B1 (en) | Method and system for providing finance authentication service based on open api | |
| CN114697137B (en) | Application program login method, device, equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |