本發明實施例提供了一種回饋、獲取使用者資源的方法、裝置及電子設備,以保護使用者的資源不被洩露。
為解決上述技術問題,本發明實施例是這樣實現的:
第一態樣,提出了一種獲取使用者資源的方法,所述方法包括:
向目標使用者發送授權請求,所述授權請求用於請求獲取所述目標使用者的預設資源的存取權限,所述預設資源儲存在預設社交應用的資源伺服器中;
接收所述目標使用者確認授予所述存取權限後回饋的授權憑證;
基於所述授權憑證,向所述預設社交應用的認證伺服器申請獲取所述預設資源的授權資訊,所述授權資訊包括存取符記和所述目標使用者的身份標識;
基於所述存取符記和所述身份標識,存取所述資源伺服器獲取所述預設資源。
第二態樣,提出了一種回饋使用者資源的方法,所述方法包括:
接收第三方應用發送的授權資訊申請請求,所述授權資訊申請請求中攜帶有授權憑證,所述授權憑證是目標使用者確認所述第三方應用具有所述目標使用者的預設資源的存取權限的憑證;
向所述第三方應用回饋用於獲取所述預設資源的授權資訊,所述授權資訊包括存取符記和所述目標使用者的身份標識;
接收所述第三方應用發送的資源獲取請求,所述資源獲取請求中攜帶有所述存取符記和所述身份標識;
基於所述存取符記和所述身份標識,向所述第三方應用回饋所述預設資源。
第三態樣,提出了一種獲取使用者資源的裝置,所述裝置包括:
授權請求發送模組,用於向目標使用者發送授權請求,所述授權請求用於請求獲取所述目標使用者的預設資源的存取權限,所述預設資源儲存在預設社交應用的資源伺服器中;
授權憑證接收模組,用於接收所述目標使用者確認授予所述權限後回饋的授權憑證;
授權資訊申請模組,用於基於所述授權憑證,向所述預設社交應用的認證伺服器申請獲取所述預設資源的授權資訊,所述授權資訊包括存取符記和所述目標使用者的身份標識;
資源獲取模組,用於基於所述存取符記和所述身份標識,存取所述資源伺服器獲取所述預設資源。
第四態樣,提出了一種回饋使用者資源的裝置,所述裝置包括:
第一請求接收模組,用於接收第三方應用發送的授權資訊申請請求,所述授權資訊申請請求中攜帶有授權憑證,所述授權憑證是目標使用者確認所述第三方應用具有所述目標使用者的預設資源的存取權限的憑證;
授權資訊發送模組,用於向所述第三方應用回饋用於獲取所述預設資源的授權資訊,所述授權資訊包括存取符記和所述目標使用者的身份標識;
第二請求接收模組,用於接收所述第三方應用發送的資源獲取請求,所述資源獲取請求中攜帶有所述存取符記和所述身份標識;
資源回饋模組,用於基於所述存取符記和所述身份標識,向所述第三方應用回饋所述預設資源。
第五態樣,提出了一種電子設備,包括:
處理器;以及
被安排成儲存電腦可執行指令的儲存器,所述可執行指令在被執行時使所述處理器執行以下操作:
向目標使用者發送授權請求,所述授權請求用於請求獲取所述目標使用者的預設資源的存取權限,所述預設資源儲存在預設社交應用的資源伺服器中;
接收所述目標使用者確認授予所述存取權限後回饋的授權憑證;
基於所述授權憑證,向所述預設社交應用的認證伺服器申請獲取所述預設資源的授權資訊,所述授權資訊包括存取符記和所述目標使用者的身份標識;
基於所述存取符記和所述身份標識,存取所述資源伺服器獲取所述預設資源。
第六態樣,提出了一種電腦可讀儲存媒體,所述電腦可讀儲存媒體儲存一個或多個程式,所述一個或多個程式當被包括多個應用程式的電子設備執行時,使得所述電子設備執行以下操作:
向目標使用者發送授權請求,所述授權請求用於請求獲取所述目標使用者的預設資源的存取權限,所述預設資源儲存在預設社交應用的資源伺服器中;
接收所述目標使用者確認授予所述存取權限後回饋的授權憑證;
基於所述授權憑證,向所述預設社交應用的認證伺服器申請獲取所述預設資源的授權資訊,所述授權資訊包括存取符記和所述目標使用者的身份標識;
基於所述存取符記和所述身份標識,存取所述資源伺服器獲取所述預設資源。
第七態樣,提出了一種電子設備,包括:
處理器;以及
被安排成儲存電腦可執行指令的儲存器,所述可執行指令在被執行時使所述處理器執行以下操作:
接收第三方應用發送的授權資訊申請請求,所述授權資訊申請請求中攜帶有授權憑證,所述授權憑證是目標使用者確認所述第三方應用具有所述目標使用者的預設資源的存取權限的憑證;
向所述第三方應用回饋用於獲取所述預設資源的授權資訊,所述授權資訊包括存取符記和所述目標使用者的身份標識;
接收所述第三方應用發送的資源獲取請求,所述資源獲取請求中攜帶有所述存取符記和所述身份標識;
基於所述存取符記和所述身份標識,向所述第三方應用回饋所述預設資源。
第八態樣,提出了一種電腦可讀儲存媒體,所述電腦可讀儲存媒體儲存一個或多個程式,所述一個或多個程式當被包括多個應用程式的電子設備執行時,使得所述電子設備執行以下操作:
接收第三方應用發送的授權資訊申請請求,所述授權資訊申請請求中攜帶有授權憑證,所述授權憑證是目標使用者確認所述第三方應用具有所述目標使用者的預設資源的存取權限的憑證;
向所述第三方應用回饋用於獲取所述預設資源的授權資訊,所述授權資訊包括存取符記和所述目標使用者的身份標識;
接收所述第三方應用發送的資源獲取請求,所述資源獲取請求中攜帶有所述存取符記和所述身份標識;
基於所述存取符記和所述身份標識,向所述第三方應用回饋所述預設資源。
由以上本發明實施例提供的技術方案可見,本發明實施例提供的方案至少具備如下一種技術效果:由於第三方應用可以在目標使用者授予存取權限的情況下,透過存取預設社交應用的資源伺服器就可以獲取目標使用者預先儲存的預設資源,而不需要他人手動地向第三方應用提交目標使用者的預設資源。因此,可以避免目標使用者的預設資源在不同人員之間傳遞的情況發生,進而可以保護目標使用者的個人隱私和敏感資訊等資源不被洩露。The embodiment of the present invention provides a method, device and electronic equipment for repaying and obtaining user resources, so as to protect the user's resources from being leaked.
To solve the above technical problems, the embodiments of the present invention are implemented as follows:
In the first aspect, a method for obtaining user resources is proposed, and the method includes:
Sending an authorization request to the target user, where the authorization request is used to request access to the target user's preset resource, and the preset resource is stored in a resource server of a preset social application;
Receiving the authorization certificate returned by the target user after confirming that the access authority is granted;
Based on the authorization certificate, apply to the authentication server of the default social application to obtain authorization information of the preset resource, where the authorization information includes an access token and the identity of the target user;
Based on the access token and the identity identifier, access the resource server to obtain the preset resource.
In the second aspect, a method of repaying user resources is proposed, and the method includes:
Receive an authorization information application request sent by a third-party application, the authorization information application request carries an authorization certificate, and the authorization certificate is the target user's confirmation that the third-party application has access to the target user's preset resources Certificate of authority;
Feeding back to the third-party application authorization information for obtaining the preset resource, the authorization information including an access token and the target user's identity;
Receiving a resource acquisition request sent by the third-party application, where the resource acquisition request carries the access token and the identity identifier;
Based on the access token and the identity, the preset resource is fed back to the third-party application.
In a third aspect, a device for acquiring user resources is proposed, and the device includes:
The authorization request sending module is used to send an authorization request to a target user, the authorization request is used to request access to the target user's preset resource, and the preset resource is stored in the preset social application Resource server;
The authorization certificate receiving module is used to receive the authorization certificate returned after the target user confirms the authorization of the authorization;
The authorization information application module is used to apply to the authentication server of the default social application to obtain authorization information of the default resource based on the authorization certificate, the authorization information includes an access token and the target usage The identity of the person;
The resource acquisition module is configured to access the resource server to acquire the preset resource based on the access token and the identity identifier.
In a fourth aspect, a device for repaying user resources is proposed, and the device includes:
The first request receiving module is configured to receive an authorization information application request sent by a third-party application, the authorization information application request carries an authorization certificate, and the authorization certificate is the target user confirming that the third-party application has the target The certificate of the user's access authority to the default resource;
The authorization information sending module is used to return authorization information for obtaining the preset resource to the third-party application, the authorization information including an access token and the target user's identity;
The second request receiving module is configured to receive a resource acquisition request sent by the third-party application, and the resource acquisition request carries the access token and the identity identifier;
The resource feedback module is configured to return the preset resource to the third-party application based on the access token and the identity identifier.
In the fifth aspect, an electronic device is proposed, including:
Processor; and
Arranged as a storage for storing computer-executable instructions, which when executed, cause the processor to perform the following operations:
Sending an authorization request to the target user, where the authorization request is used to request access to the target user's preset resource, and the preset resource is stored in a resource server of a preset social application;
Receiving the authorization certificate returned by the target user after confirming that the access authority is granted;
Based on the authorization certificate, apply to the authentication server of the default social application to obtain authorization information of the preset resource, where the authorization information includes an access token and the identity of the target user;
Based on the access token and the identity identifier, access the resource server to obtain the preset resource.
In a sixth aspect, a computer-readable storage medium is provided. The computer-readable storage medium stores one or more programs that, when executed by an electronic device including multiple application programs, cause all The electronic device performs the following operations:
Sending an authorization request to the target user, where the authorization request is used to request access to the target user's preset resource, and the preset resource is stored in a resource server of a preset social application;
Receiving the authorization certificate returned by the target user after confirming that the access authority is granted;
Based on the authorization certificate, apply to the authentication server of the default social application to obtain authorization information of the preset resource, where the authorization information includes an access token and the identity of the target user;
Based on the access token and the identity identifier, access the resource server to obtain the preset resource.
In the seventh aspect, an electronic device is proposed, including:
Processor; and
Arranged as a storage for storing computer-executable instructions, which when executed, cause the processor to perform the following operations:
Receive an authorization information application request sent by a third-party application, the authorization information application request carries an authorization certificate, and the authorization certificate is the target user's confirmation that the third-party application has access to the target user's preset resources Certificate of authority;
Feeding back to the third-party application authorization information for obtaining the preset resource, the authorization information including an access token and the target user's identity;
Receiving a resource acquisition request sent by the third-party application, where the resource acquisition request carries the access token and the identity identifier;
Based on the access token and the identity, the preset resource is fed back to the third-party application.
In an eighth aspect, a computer-readable storage medium is provided. The computer-readable storage medium stores one or more programs that, when executed by an electronic device including multiple application programs, cause all The electronic device performs the following operations:
Receive an authorization information application request sent by a third-party application, the authorization information application request carries an authorization certificate, and the authorization certificate is the target user's confirmation that the third-party application has access to the target user's preset resources Certificate of authority;
Feeding back to the third-party application authorization information for obtaining the preset resource, the authorization information including an access token and the target user's identity;
Receiving a resource acquisition request sent by the third-party application, where the resource acquisition request carries the access token and the identity identifier;
Based on the access token and the identity, the preset resource is fed back to the third-party application.
It can be seen from the technical solutions provided by the above embodiments of the present invention that the solutions provided by the embodiments of the present invention have at least one of the following technical effects: because third-party applications can access preset social applications when the target user grants access permissions The resource server can obtain the preset resources pre-stored by the target user, without the need for others to manually submit the preset resources of the target user to the third-party application. Therefore, it is possible to prevent the transmission of the target user's preset resources between different persons from occurring, and to protect the target user's personal privacy and sensitive information from being leaked.
為使本發明的目的、技術方案和優點更加清楚,下面將結合本發明具體實施例及相應的附圖對本發明技術方案進行清楚、完整地描述。顯然,所描述的實施例僅是本發明一部分實施例,而不是全部的實施例。基於本發明中的實施例,本領域普通技術人員在沒有做出進步性勞動前提下所獲得的所有其他實施例,都屬本發明保護的範圍。
為了保護使用者的資源不被洩露,本說明書實施例提供一種獲取使用者資源的方法及裝置,以及一種回饋使用者資源的方法及裝置。其中,一種獲取使用者資源的方法及裝置可以應用於需要獲取使用者資源的第三方應用中,例如,可以應用於需要獲取無責方的相關證件資訊的保險公司網路服務平臺中。其中,一種回饋使用者資源的方法及裝置可以應用預設社交應用中,例如,可以應用於微信、支付寶等具有社交功能的應用中。
下面結合附圖1至圖3對本說明書實施例提供的一種獲取使用者資源的方法進行詳細的說明。
如圖1所示,本說明書實施例提供的一種獲取使用者資源的方法,可以應用於第三方應用,該方法可以包括如下步驟:
步驟102、向目標使用者發送授權請求,所述授權請求用於請求獲取所述目標使用者的預設資源的存取權限,所述預設資源儲存在預設社交應用的資源伺服器中。
目標使用者,可以是需要向第三方應用提交預設資源的使用者,例如,本說明書背景技術中所述的交通事故中的無責方。
第三方應用,例如可以是保險公司的網路服務平臺。
預設資源,可以是需要目標使用者向第三方應用提交的任意資源,例如可以是需要目標使用者向保險公司的網路服務平臺提交的相關證件資訊。其中,無責方的相關證件資訊,例如可以是無責方的身份證資訊、駕駛證資訊,等等。
預設社交應用,可以是任何具有社交功能的應用。可選地,預設社交應用,可以是具有開放平臺的社交應用,例如,具有公眾號的微信,具有生活號的支付寶,等等。
在一個例子中,步驟101中的“向目標使用者發送授權請求”可以包括:透過向目標使用者發送簡訊或透過向目標使用者的即時通信帳號發送資訊,以向目標使用者發送授權請求。例如,可以透過簡訊向目標使用者發送引導使用者授予所述存取權限的鏈接,目標使用者點擊該鏈接之後,可以選擇是否授予所述存取權限。
在另一個例子中,步驟101中的“向目標使用者發送授權請求”可以包括:直接透過上述預設社交應用向所述目標使用者發送所述授權請求,所述目標使用者為所述社交應用的註冊使用者。
可選地,在該例子的一種具體實施方式中,在透過所述預設社交應用向所述目標使用者發送所述授權請求之前,圖1所示的方法還可以包括:在所述預設社交應用中註冊公眾服務號,例如,假設預設社交應用為支付寶,可以在支付寶的開放平臺上註冊一個支付寶生活號;在此基礎上,上述透過上述預設社交應用向所述目標使用者發送所述授權請求,可以包括:透過所述公眾服務號向所述目標使用者發送所述授權請求,例如透過支付寶生活號向目標使用者推送所述授權請求。
更進一步地,在透過所述預設社交應用向所述目標使用者發送所述授權請求之前,圖1所示的方法還可以包括:獲取目標使用者在所述社交應用中註冊的帳號,例如,獲取目標使用者在支付寶中註冊的帳號,該帳號一般是目標使用者的手機號。在此基礎上,上述透過所述公眾服務號向所述目標使用者發送所述授權請求,可以包括:透過所述公眾服務號,向所述目標使用者的所述帳號發送所述授權請求,例如向目標使用者的支付寶帳號發送所述授權請求。
步驟104、接收所述目標使用者確認授予所述存取權限後回饋的授權憑證。
其中,授權憑證可以是授權碼。可以理解,當目標使用者確認授予上述存取權限之後,預設社交應用可以相應的產生一個授權碼。
步驟106、基於所述授權憑證,向所述預設社交應用的認證伺服器申請獲取所述預設資源的授權資訊,所述授權資訊包括存取符記和所述目標使用者的身份標識。
在此步驟中,第三方應用可以將授權憑證發送給預設社交應用的認證伺服器,利用授權憑證從所述認證伺服器中置換得到授權資訊。相應的,在一種實施方式中,預設社交應用的認證伺服器可以維護一張目標使用者的身份標識(Identity,ID)與存取符記的對應關係表,當認證伺服器根據授權憑證確定第三方應用具有獲取目標使用者的預設資源的存取權限時,將存取符記及其對應的身份標識作為授權資訊回饋給第三方應用。
步驟108、基於所述存取符記和所述身份標識,存取所述資源伺服器獲取所述預設資源。
作為一個例子,步驟108可以包括:基於所述存取符記,獲取存取所述資源伺服器的預設介面的權限,所述預設介面下儲存有所述預設資源;基於所述身份標識,獲取存取所述預設介面下的所述預設資源的權限;存取所述預設介面獲取所述預設資源。
上述步驟102至步驟108可以基於開放協議OAuth(Open Authorization)實現。下面結合圖2,對本發明實施例中第三方應用獲得目標使用者的授權、獲得預設社交應用的認證伺服器發放的授權資訊,以及利用授權資訊獲取預設資源的原理進行說明。
如圖2所示:①第三方應用1的用戶端11(Client)向預設社交應用2的資源擁有者(Resource Owner)21(目標使用者)發送授權請求(Authorization Request),所述授權請求用於請求獲取所述目標使用者的預設資源的存取權限,所述預設資源儲存在預設社交應用2的資源伺服器23中;②目標使用者21同意授予第三方應用1所述存取權限,且預設社交應用2向第三方應用1的用戶端11回饋授權憑證(Authorization Grant);③第三方應用1的用戶端11根據所述授權憑證向預設社交應用2的認證伺服器(Authorization Server)22申請獲取授權資訊,該授權資訊包括存取符記(Access Token)和目標使用者的ID;④認證伺服器22對上述授權憑證驗證透過後,向第三方應用1的用戶端11發送授權資訊;⑤第三方應用1的用戶端11向預設社交應用1的資源伺服器(Resource Server)23發送資源查詢請求,該資源查詢請求中攜帶有存取符記和目標使用者的ID;⑥資源伺服器23根據存取符記和目標使用者的ID確認第三方應用1具有上述存取權限時,向第三方應用1的用戶端11開放預設介面,並透過預設介面向第三方應用1的用戶端11回饋預設資源。
需要說明的是,在實際應用中,預設社交應用1的認證伺服器22和資源伺服器23可以是同一伺服器,也可以是不同的伺服器,但這兩者所要實現的功能可以由預設社交應用1的不同業務域實現。例如,當預設社交應用為支付寶,預設資源為目標使用者的證件資訊,資源伺服器23回饋預設資源的過程可以由支付寶的會員域實現,因為會員域對應的伺服器中保存了目標使用者的身份證號等證件資訊;而認證伺服器22進行權限認證和回饋授權資訊的過程可以由支付寶的開放平臺實現。
當然,在實際應用中,預設社交應用還可以專門建立一個證件庫,第三方應用可以透過存取該證件庫獲取預設資源。
圖1所示的實施例提供的一種獲取使用者資源的方法,由於第三方應用可以在目標使用者授予存取權限的情況下,透過存取預設社交應用的資源伺服器就可以獲取目標使用者預先儲存的預設資源,而不需要他人手動地向第三方應用提交目標使用者的預設資源。因此,可以避免目標使用者的預設資源在不同人員之間傳遞的情況發生,進而可以保護目標使用者的個人隱私和敏感資訊等資源不被洩露。
為了更清楚的理解本說明書實施例提供的一種獲取使用者的資源的方法,下面結合圖3,以保險公司的網路服務平臺獲取交通事故中的無責方的相關證件資訊為例進行說明。
如圖3所示,在該實施例中,第三方應用為保險公司的網路服務平臺(為了方便理解,在圖3中用保險公司5代替表示),預設社交應用為支付寶4,目標使用者為交通事故中的無責方6,需要獲取的預設資源為無責方6的相關證件資訊,獲取目標使用者的相關件資訊的流程由交通事故中的責任方3觸發。並且,在該實施例中,保險公司5可以透過支付寶4來存取。
如圖3所示,本說明書實施例提供的一種獲取使用者資源的方法,可以包括如下步驟:
步驟31、交通事故中的責任方3在支付寶4的保險服務中選擇保險公司5,並填寫無責方6的支付寶帳號(例如填寫無責方6的手機號)。
步驟32、支付寶4基於責任方3的操作向保險公司5報案。
步驟33、保險公司5審核責任方3透過支付寶4提交的報案材料,並在審核透過後透過支付寶4向無責方6發送授權請求,所述授權請求用於請求獲取無責方6的相關證件資訊的存取權限,無責方6的相關證件資訊儲存在支付寶4的資源伺服器中。
步驟34、無責方6同意授予保險公司5所述存取權限。
步驟35、支付寶4產生授權憑證並回饋給保險公司5。
步驟36、保險公司5基於所述授權憑證,向支付寶4的認證伺服器申請獲取授權資訊,授權資訊包括存取符記和無責方6的ID。
步驟37、支付寶4的認證伺服器向保險公司5回饋所述授權資訊。
步驟38、保險公司5基於授權資訊中的存取符記的ID,存取支付寶4的資源伺服器獲取無責方6的相關證件資訊。
步驟39、支付寶4的資源伺服器向保險公司5回饋無責方6的相關證件資訊。
圖3所示的實施例提供的一種獲取使用者資源的方法,由於保險公司5可以在無責方6授予存取權限的情況下,透過存取支付寶4的資源伺服器就可以獲取無責方6的相關證件資訊,而不需要責任方3手動地向保險公司5提交責任方6的相關證件資訊。因此,可以避免無責方6的相關證件資訊洩露給責任方3,保護了無責方6的個人隱私和敏感資訊等資源的安全。
以上是對本說明書提供一種獲取使用者資源的方法的說明,下面對本說明書提供的一種回饋使用者資源的方法進行介紹。
如圖4所示,本說明書實施例提供的一種回饋使用者資源的方法,可以應用於預設社交應用,該方法可以包括:
步驟402、接收第三方應用發送的授權資訊申請請求,所述授權資訊申請請求中攜帶有授權憑證,所述授權憑證是目標使用者確認所述第三方應用具有所述目標使用者的預設資源的存取權限的憑證。
例如,支付寶的認證伺服器可以接收保險公司的網路服務平臺發送的授權資訊申請請求。
步驟404、向所述第三方應用回饋用於獲取所述預設資源的授權資訊,所述授權資訊包括存取符記和所述目標使用者的身份標識。
例如,支付寶的認證伺服器可以向保險公司的網路服務平臺回饋用於獲取所述預設資源的授權資訊。
步驟406、接收所述第三方應用發送的資源獲取請求,所述資源獲取請求中攜帶有所述存取符記和所述身份標識。
例如,支付寶的資源伺服器可以接收保險公司的網路服務平臺發送的資源獲取請求。
步驟408、基於所述存取符記和所述身份標識,向所述第三方應用回饋所述預設資源。
例如,支付寶的資源伺服器可以向保險公司的網路服務平臺回饋所述預設資源。
在一種具體實施方式中,步驟408可以包括:基於所述存取符記,向所述第三方應用開放所述資源伺服器的預設介面的存取權限,所述預設介面下儲存有所述預設資源;基於所述身份標識,向所述第三方應用開放存取所述預設介面下的所述預設資源的權限;透過所述預設介面向所述第三方應用回饋所述預設資源。
需要說明的是,在本實施例中,步驟402和步驟404可以由預設社交應用的認證伺服器(可以對應預設社交應用的開放平臺業務域)執行,步驟406和步驟408可以由預設社交應用的資源伺服器(可以對應預設社交應用的會員域)執行,且預設社交應用的認證伺服器和資源伺服器可以是同一伺服器,也可以是不同的伺服器。
圖4所示的實施例提供的一種回饋使用者資源的方法,由於預設社交應用的資源伺服器可以在第三方應用獲取目標使用者授予的存取權限的情況下,向第三方應用回饋目標使用者儲存在預設社交應用的資源伺服器上的預設資源,而不需要他人手動地向第三方應用提交目標使用者的預設資源。因此,可以避免目標使用者的預設資源在不同人員之間傳遞的情況發生,進而可以保護目標使用者的個人隱私和敏感資訊等資源不被洩露。
以上是對本說明書提供一種回饋使用者資源的方法的說明,下面對本說明書提供的電子設備進行介紹。
圖5是本說明書的一個實施例提供的電子設備的結構示意圖。請參考圖5,在硬體層面,該電子設備包括處理器,可選地還包括內部匯流排、網路介面、儲存器。其中,儲存器可能包含內存,例如高速隨機存取儲存器(Random-Access Memory,RAM),也可能還包括非揮發性儲存器(non-volatile memory),例如至少1個磁碟儲存器等。當然,該電子設備還可能包括其他業務所需要的硬體。
處理器、網路介面和儲存器可以透過內部匯流排相互連接,該內部匯流排可以是ISA(Industry Standard Architecture,工業標準架構)匯流排、PCI(Peripheral Component Interconnect,週邊組件互連)匯流排或EISA(Extended Industry Standard Architecture,延伸工業標準架構)匯流排等。所述匯流排可以分為位址匯流排、資料匯流排、控制匯流排等。為便於表示,圖5中僅用一個雙向箭頭表示,但並不表示僅有一根匯流排或一種類型的匯流排。
儲存器,用於存放程式。具體地,程式可以包括程式碼,所述程式碼包括電腦操作指令。儲存器可以包括內存和非揮發性儲存器,並向處理器提供指令和資料。
處理器從非揮發性儲存器中讀取對應的電腦程式到內存中然後運行,在邏輯層面上形成獲取使用者資源的裝置。處理器,執行儲存器所存放的程式,並具體用於執行以下操作:
向目標使用者發送授權請求,所述授權請求用於請求獲取所述目標使用者的預設資源的存取權限,所述預設資源儲存在預設社交應用的資源伺服器中;
接收所述目標使用者確認授予所述存取權限後回饋的授權憑證;
基於所述授權憑證,向所述預設社交應用的認證伺服器申請獲取所述預設資源的授權資訊,所述授權資訊包括存取符記和所述目標使用者的身份標識;
基於所述存取符記和所述身份標識,存取所述資源伺服器獲取所述預設資源。
上述如本說明書圖1所示實施例揭示的獲取使用者資源的方法可以應用於圖5所示的處理器中,或者由處理器實現。處理器可能是一種積體電路晶片,具有信號的處理能力。在實現過程中,上述方法的各步驟可以透過處理器中的硬體的整合邏輯電路或者軟體形式的指令完成。上述的處理器可以是通用處理器,包括中央處理器(Central Processing Unit,CPU)、網路處理器(Network Processor,NP)等;還可以是數位信號處理器(Digital Signal Processor,DSP)、專用積體電路(Application Specific Integrated Circuit,ASIC)、現場可程式化閘陣列(Field-Programmable Gate Array,FPGA)或者其他可編程邏輯裝置、分散式閘極或者晶體管邏輯裝置、分立硬體組件。可以實現或者執行本說明書一個或多個實施例中的公開的各方法、步驟及邏輯方塊圖。通用處理器可以是微處理器或者該處理器也可以是任何常規的處理器等。結合本說明書一個或多個實施例所公開的方法的步驟可以直接體現為硬體解碼處理器執行完成,或者用解碼處理器中的硬體及軟體模組組合執行完成。軟體模組可以位於隨機儲存器,快閃記憶體、唯讀儲存器,可編程唯讀儲存器或者電可擦寫可編程儲存器、暫存器等本領域成熟的儲存媒體中。該儲存媒體位於儲存器,處理器讀取儲存器中的資訊,結合其硬體完成上述方法的步驟。
圖5所示的電子設備還可執行圖1的獲取使用者資源的方法,本說明書在此不再贅述。
圖6是本說明書的另一個實施例提供的電子設備的結構示意圖。圖6所示的設備與圖5所示的電子設備的不同之處在於,處理器執行儲存器所存放的程式,並具體用於執行以下操作:
接收第三方應用發送的授權資訊申請請求,所述授權資訊申請請求中攜帶有授權憑證,所述授權憑證是目標使用者確認所述第三方應用具有所述目標使用者的預設資源的存取權限的憑證;
向所述第三方應用回饋用於獲取所述預設資源的授權資訊,所述授權資訊包括存取符記和所述目標使用者的身份標識;
接收所述第三方應用發送的資源獲取請求,所述資源獲取請求中攜帶有所述存取符記和所述身份標識;
基於所述存取符記和所述身份標識,向所述第三方應用回饋所述預設資源。
圖6所示的電子設備還可執行圖4的回饋使用者資源的方法,本說明書在此不再贅述。
當然,除了軟體實現方式之外,本說明書的電子設備並不排除其他實現方式,比如邏輯裝置抑或軟硬體結合的方式等等,也就是說以下處理流程的執行主體並不限定於各個邏輯單元,也可以是硬體或邏輯裝置。
本說明書實施例還提出了一種電腦可讀儲存媒體,該電腦可讀儲存媒體儲存一個或多個程式,該一個或多個程式包括指令,該指令當被包括多個應用程式的可攜式電子設備執行時,能夠使該可攜式電子設備執行圖1所示實施例的方法,並具體用於執行以下操作:
向目標使用者發送授權請求,所述授權請求用於請求獲取所述目標使用者的預設資源的存取權限,所述預設資源儲存在預設社交應用的資源伺服器中;
接收所述目標使用者確認授予所述存取權限後回饋的授權憑證;
基於所述授權憑證,向所述預設社交應用的認證伺服器申請獲取所述預設資源的授權資訊,所述授權資訊包括存取符記和所述目標使用者的身份標識;
基於所述存取符記和所述身份標識,存取所述資源伺服器獲取所述預設資源。
在另一實施例中,本說明書實施例還提出了一種電腦可讀儲存媒體,該電腦可讀儲存媒體儲存一個或多個程式,該一個或多個程式包括指令,該指令當被包括多個應用程式的可攜式電子設備執行時,能夠使該可攜式電子設備執行圖1所示實施例的方法,並具體用於執行以下操作:
接收第三方應用發送的授權資訊申請請求,所述授權資訊申請請求中攜帶有授權憑證,所述授權憑證是目標使用者確認所述第三方應用具有所述目標使用者的預設資源的存取權限的憑證;
向所述第三方應用回饋用於獲取所述預設資源的授權資訊,所述授權資訊包括存取符記和所述目標使用者的身份標識;
接收所述第三方應用發送的資源獲取請求,所述資源獲取請求中攜帶有所述存取符記和所述身份標識;
基於所述存取符記和所述身份標識,向所述第三方應用回饋所述預設資源。
下面對本說明書提供的一種獲取使用者資源的裝置進行說明。
圖7是本說明書提供的獲取使用者資源的裝置700的結構示意圖。請參考圖7,在一種軟體實施方式中,獲取使用者資源的裝置700可包括:授權請求發送模組701、授權憑證接收模組702、授權資訊申請模組703和資源獲取模組704。
授權請求發送模組701,用於向目標使用者發送授權請求,所述授權請求用於請求獲取所述目標使用者的預設資源的存取權限,所述預設資源儲存在預設社交應用的資源伺服器中。
可選地,在一個例子中,授權請求發送模組701,可用於透過向目標使用者發送簡訊或透過向目標使用者的即時通信帳號發送資訊,以向目標使用者發送授權請求。
可選地,在另一個例子中,授權請求發送模組701,可用於透過上述預設社交應用向所述目標使用者發送所述授權請求,所述目標使用者為所述社交應用的註冊使用者。
進一步地,在該例子的基礎上,獲取使用者資源的裝置700還可以包括:註冊模組,用於在透過所述預設社交應用向所述目標使用者發送所述授權請求之前,在所述預設社交應用中註冊公眾服務號。相應的,授權請求發送模組701,可用於透過所述公眾服務號向所述目標使用者發送所述授權請求,例如透過支付寶生活號向目標使用者推送所述授權請求。
更進一步地,在該例子的基礎上,獲取使用者資源的裝置700還可以包括:獲取模組,用於在透過所述預設社交應用向所述目標使用者發送所述授權請求之前,獲取目標使用者在所述社交應用中註冊的帳號。相應的,授權請求發送模組701,可用於透過所述公眾服務號,向所述目標使用者的所述帳號發送所述授權請求。
授權憑證接收模組702,用於接收所述目標使用者確認授予所述權限後回饋的授權憑證。
授權資訊申請模組703,用於基於所述授權憑證,向所述預設社交應用的認證伺服器申請獲取所述預設資源的授權資訊,所述授權資訊包括存取符記和所述目標使用者的身份標識。
資源獲取模組704,用於基於所述存取符記和所述身份標識,存取所述資源伺服器獲取所述預設資源。
作為一個具體的例子,資源獲取模組704,可用於基於所述存取符記,獲取存取所述資源伺服器的預設介面的權限,所述預設介面下儲存有所述預設資源;基於所述身份標識,獲取存取所述預設介面下的所述預設資源的權限;存取所述預設介面獲取所述預設資源。
圖7所示的實施例提供的一種獲取使用者資源的裝置700,由於第三方應用可以在目標使用者授予存取權限的情況下,透過存取預設社交應用的資源伺服器就可以獲取目標使用者預先儲存的預設資源,而不需要他人手動地向第三方應用提交目標使用者的預設資源。因此,可以避免目標使用者的預設資源在不同人員之間傳遞的情況發生,進而可以保護目標使用者的個人隱私和敏感資訊等資源不被洩露。
需要說明的是,獲取使用者資源的裝置700能夠實現圖1的方法實施例的方法,具體可參考圖1所示實施例的獲取使用者資源的方法,不再贅述。
圖8是本說明書提供的回饋使用者資源的裝置800的結構示意圖。請參考圖8,在一種軟體實施方式中,回饋使用者資源的裝置800可包括:第一請求接收模組801、授權資訊發送模組802、第二請求接收模組803和資源回饋模組804。
第一請求接收模組801,用於接收第三方應用發送的授權資訊申請請求,所述授權資訊申請請求中攜帶有授權憑證,所述授權憑證是目標使用者確認所述第三方應用具有所述目標使用者的預設資源的存取權限的憑證。
授權資訊發送模組802,用於向所述第三方應用回饋用於獲取所述預設資源的授權資訊,所述授權資訊包括存取符記和所述目標使用者的身份標識。
第二請求接收模組803,用於接收所述第三方應用發送的資源獲取請求,所述資源獲取請求中攜帶有所述存取符記和所述身份標識。
資源回饋模組804,用於基於所述存取符記和所述身份標識,向所述第三方應用回饋所述預設資源。
在一種具體實施方式中,資源回饋模組804,可用於基於所述存取符記,向所述第三方應用開放所述資源伺服器的預設介面的存取權限,所述預設介面下儲存有所述預設資源;基於所述身份標識,向所述第三方應用開放存取所述預設介面下的所述預設資源的權限;透過所述預設介面向所述第三方應用回饋所述預設資源。
圖8所示的實施例提供的一種回饋使用者資源的裝置800,由於預設社交應用的資源伺服器可以在第三方應用獲取目標使用者授予的存取權限的情況下,向第三方應用回饋目標使用者儲存在預設社交應用的資源伺服器上的預設資源,而不需要他人手動地向第三方應用提交目標使用者的預設資源。因此,可以避免目標使用者的預設資源在不同人員之間傳遞的情況發生,進而可以保護目標使用者的個人隱私和敏感資訊等資源不被洩露。
需要說明的是,獲取使用者資源的裝置800能夠實現圖4的方法實施例的方法,具體可參考圖4所示實施例的獲取使用者資源的方法,不再贅述。
總之,以上所述僅為本說明書的較佳實施例而已,並非用於限定本說明書的保護範圍。凡在本說明書一個或多個實施例的精神和原則之內,所作的任何修改、等同替換、改進等,均應包含在本說明書一個或多個實施例的保護範圍之內。
上述實施例闡明的系統、裝置、模組或單元,具體可以由電腦晶片或實體實現,或者由具有某種功能的產品來實現。一種典型的實現設備為電腦。具體的,電腦例如可以為個人電腦、膝上型電腦、蜂巢式電話、相機電話、智慧型電話、個人數位助理、媒體播放器、導航設備、電子郵件設備、遊戲控制台、平板電腦、可穿戴設備或者這些設備中的任何設備的組合。
電腦可讀媒體包括永久性和非永久性、可行動和非可行動媒體可以由任何方法或技術來實現資訊儲存。資訊可以是電腦可讀指令、資料結構、程式的模組或其他資料。電腦的儲存媒體的例子包括,但不限於相變記憶體(PRAM)、靜態隨機存取儲存器(SRAM)、動態隨機存取儲存器(DRAM)、其他類型的隨機存取儲存器(RAM)、唯讀儲存器(ROM)、電可抹除可編程唯讀記憶體唯讀(EEPROM)、快閃記憶體或其他內存技術、唯讀光碟唯讀儲存器(CD-ROM)、數位多功能光碟(DVD)或其他光學儲存、磁卡式磁帶,磁碟磁帶式磁碟儲存器或其他磁性儲存設備或任何其他非傳輸媒體,可用於儲存可以被電腦設備存取的資訊。按照本文中的界定,電腦可讀媒體不包括暫存電腦可讀媒體(transitory media),如調變的資料信號和載波。
還需要說明的是,術語“包括”、“包含”或者其任何其他變體意在涵蓋非排他性的包含,從而使得包括一系列要素的過程、方法、商品或者設備不僅包括那些要素,而且還包括沒有明確列出的其他要素,或者是還包括為這種過程、方法、商品或者設備所固有的要素。在沒有更多限制時,由語句“包括一個……”限定的要素,並不排除在包括所述要素的過程、方法、商品或者設備中還存在另外的相同要素。
本說明書中的各個實施例均採用循序的方式描述,各個實施例之間相同相似的部分互相參見即可,每個實施例重點說明的都是與其他實施例的不同之處。尤其,對於系統實施例而言,由於其基本相似於方法實施例,所以描述的比較簡單,相關之處參見方法實施例的部分說明即可。In order to make the objectives, technical solutions and advantages of the present invention clearer, the technical solutions of the present invention will be described clearly and completely below in conjunction with specific embodiments of the present invention and the corresponding drawings. Obviously, the described embodiments are only a part of the embodiments of the present invention, rather than all the embodiments. Based on the embodiments of the present invention, all other embodiments obtained by a person of ordinary skill in the art without making progressive work fall within the protection scope of the present invention.
In order to protect the user's resources from being leaked, the embodiments of this specification provide a method and device for obtaining user resources, and a method and device for returning user resources. Among them, a method and device for obtaining user resources can be applied to third-party applications that need to obtain user resources, for example, can be applied to an insurance company network service platform that needs to obtain relevant credential information of irresponsible parties. Among them, a method and device for repaying user resources can be applied to preset social applications, for example, can be applied to applications with social functions such as WeChat and Alipay.
Hereinafter, a method for obtaining user resources provided by the embodiments of this specification will be described in detail with reference to FIGS. 1 to 3.
As shown in Figure 1, the method for obtaining user resources provided by the embodiment of this specification can be applied to third-party applications, and the method can include the following steps:
Step 102: Send an authorization request to the target user, where the authorization request is used to request access to a preset resource of the target user, and the preset resource is stored in a resource server of a preset social application.
The target user may be a user who needs to submit a preset resource to a third-party application, for example, the irresponsible party in a traffic accident described in the background art of this specification.
The third-party application, for example, can be the online service platform of an insurance company.
The default resource can be any resource that needs to be submitted by the target user to a third-party application, for example, it can be related certificate information that needs to be submitted by the target user to the online service platform of the insurance company. Among them, the relevant document information of the irresponsible party may be, for example, the identity information of the irresponsible party, driver's license information, etc.
The preset social application can be any application with social functions. Optionally, the preset social application may be a social application with an open platform, for example, WeChat with an official account, Alipay with a life account, and so on.
In an example, the "sending authorization request to the target user" in step 101 may include sending an authorization request to the target user by sending a text message to the target user or sending information to the target user's instant messaging account. For example, a link that guides the user to grant the access permission can be sent to the target user through a short message, and after the target user clicks the link, he can choose whether to grant the access permission.
In another example, "sending an authorization request to the target user" in step 101 may include: directly sending the authorization request to the target user through the aforementioned preset social application, and the target user is the social Registered users of the application.
Optionally, in a specific implementation of this example, before sending the authorization request to the target user through the preset social application, the method shown in FIG. 1 may further include: Register a public service account in social applications. For example, assuming that the default social application is Alipay, you can register an Alipay life account on Alipay’s open platform; on this basis, the above-mentioned preset social application sends to the target user The authorization request may include: sending the authorization request to the target user through the public service account, for example, pushing the authorization request to the target user through an Alipay account.
Furthermore, before sending the authorization request to the target user through the preset social application, the method shown in FIG. 1 may further include: obtaining an account registered by the target user in the social application, such as , Obtain the account of the target user registered in Alipay, which is usually the target user’s mobile phone number. On this basis, the foregoing sending the authorization request to the target user through the public service account may include: sending the authorization request to the account of the target user through the public service account, For example, the authorization request is sent to the Alipay account of the target user.
Step 104: Receive an authorization certificate returned by the target user after confirming that the access authority is granted.
Wherein, the authorization certificate may be an authorization code. It can be understood that after the target user confirms that the above access permission is granted, the default social application can generate an authorization code accordingly.
Step 106: Based on the authorization certificate, apply to the authentication server of the preset social application to obtain authorization information of the preset resource, where the authorization information includes an access token and the identity of the target user.
In this step, the third-party application can send the authorization certificate to the authentication server of the default social application, and use the authorization certificate to replace the authorization information from the authentication server. Correspondingly, in one embodiment, the authentication server of the default social application can maintain a table of correspondence between the target user’s identity (ID) and the access token, when the authentication server determines according to the authorization certificate When the third-party application has the access authority to obtain the preset resource of the target user, the access token and its corresponding identity identifier are fed back to the third-party application as authorization information.
Step 108: Based on the access token and the identity, access the resource server to obtain the preset resource.
As an example, step 108 may include: obtaining permission to access a preset interface of the resource server based on the access token, where the preset resource is stored under the preset interface; and based on the identity The identifier is used to obtain the authority to access the preset resource under the preset interface; to access the preset interface to obtain the preset resource.
The above steps 102 to 108 may be implemented based on the open protocol OAuth (Open Authorization). In the following, in conjunction with FIG. 2, the principles of obtaining authorization from a target user by a third-party application in an embodiment of the present invention, obtaining authorization information issued by an authentication server of a default social application, and using authorization information to obtain a default resource are described.
As shown in Figure 2: ① The client 11 (Client) of the third-party application 1 sends an authorization request (Authorization Request) to the Resource Owner 21 (target user) of the preset social application 2. The authorization request Used to request access to the target user’s preset resource, which is stored in the resource server 23 of the default social application 2; ②The target user 21 agrees to grant the third-party application 1 Access permission, and the default social application 2 returns an authorization certificate (Authorization Grant) to the client 11 of the third-party application 1; ③The client 11 of the third-party application 1 sends the authentication server of the default social application 2 according to the authorization certificate The authorization server (Authorization Server) 22 applies for obtaining authorization information, which includes the access token (Access Token) and the ID of the target user; ④After the authentication server 22 has verified the above authorization certificate, it will apply to the user of the third party application 1. Terminal 11 sends authorization information; ⑤The client terminal 11 of the third-party application 1 sends a resource query request to the resource server 23 of the default social application 1, and the resource query request carries the access token and the target user When the resource server 23 confirms that the third-party application 1 has the above-mentioned access rights according to the access token and the ID of the target user, it opens the default interface to the client 11 of the third-party application 1 and uses the default interface The preset resources are fed back to the client 11 of the third-party application 1.
It should be noted that in practical applications, the authentication server 22 and resource server 23 of the default social application 1 can be the same server or different servers, but the functions to be implemented by the two can be pre-defined Set the realization of different business domains of social application 1. For example, when the default social application is Alipay and the default resource is the credential information of the target user, the process of the resource server 23 returning the default resource can be implemented by the member domain of Alipay, because the target is stored in the server corresponding to the member domain The user's ID number and other credential information; and the process of the authentication server 22 performing authorization authentication and returning the authorization information can be implemented by the open platform of Alipay.
Of course, in actual applications, the default social application can also create a certificate library, and third-party applications can obtain preset resources by accessing the certificate library.
The embodiment shown in FIG. 1 provides a method for obtaining user resources, because third-party applications can obtain target usage by accessing the resource server of the default social application when the target user grants access permissions The user does not need to manually submit the target user’s preset resources to the third-party application. Therefore, it is possible to prevent the transmission of the target user's preset resources between different persons from occurring, and to protect the target user's personal privacy and sensitive information from being leaked.
In order to have a clearer understanding of a method for obtaining user resources provided by the embodiments of the present specification, the following describes with reference to FIG. 3, taking the insurance company's network service platform to obtain relevant certificate information of the irresponsible party in a traffic accident as an example.
As shown in Figure 3, in this embodiment, the third-party application is the network service platform of the insurance company (for ease of understanding, insurance company 5 is used instead of representation in Figure 3), the default social application is Alipay 4, and the target is The person is the irresponsible party 6 in the traffic accident, the preset resource that needs to be obtained is the relevant certificate information of the irresponsible party 6, and the process of obtaining the relevant document information of the target user is triggered by the responsible party 3 in the traffic accident. Moreover, in this embodiment, the insurance company 5 can access through Alipay 4.
As shown in Fig. 3, a method for obtaining user resources provided by an embodiment of this specification may include the following steps:
Step 31: The responsible party 3 in the traffic accident selects the insurance company 5 in the insurance service of Alipay 4, and fills in the Alipay account number of the irresponsible party 6 (for example, fills in the mobile phone number of the irresponsible party 6).
Step 32: Alipay 4 reports to the insurance company 5 based on the operation of the responsible party 3.
Step 33. The insurance company 5 reviews the report materials submitted by the responsible party 3 through Alipay 4, and sends an authorization request through Alipay 4 to the irresponsible party 6 after the review is passed. The authorization request is used to request the relevant certificates of the irresponsible party 6 Information access rights, the relevant certificate information of the irresponsible party 6 is stored in the resource server of Alipay 4.
Step 34: The irresponsible party 6 agrees to grant the insurance company 5 the access authority.
Step 35: Alipay 4 generates an authorization certificate and returns it to the insurance company 5.
Step 36: Based on the authorization certificate, the insurance company 5 applies to the authentication server of Alipay 4 to obtain authorization information. The authorization information includes the access token and the ID of the irresponsible party 6.
Step 37: The authentication server of Alipay 4 returns the authorization information to the insurance company 5.
Step 38: The insurance company 5 accesses the resource server of Alipay 4 to obtain the relevant certificate information of the irresponsible party 6 based on the ID of the access token in the authorization information.
Step 39: The resource server of Alipay 4 returns the relevant certificate information of the irresponsible party 6 to the insurance company 5.
The embodiment shown in FIG. 3 provides a method for obtaining user resources, because the insurance company 5 can obtain the irresponsible party by accessing the resource server of Alipay 4 when the irresponsible party 6 grants access rights. The relevant certificate information of the responsible party 6 does not require the responsible party 3 to manually submit the relevant certificate information of the responsible party 6 to the insurance company 5. Therefore, it is possible to prevent the relevant credential information of the irresponsible party 6 from leaking to the responsible party 3, and protect the privacy of the irresponsible party 6 and the security of resources such as sensitive information.
The above is an explanation of a method for obtaining user resources provided by this manual, and a method for returning user resources provided by this manual is introduced below.
As shown in FIG. 4, the method for repaying user resources provided by the embodiment of this specification can be applied to a preset social application, and the method may include:
Step 402: Receive an authorization information application request sent by a third-party application, where the authorization information application request carries an authorization certificate, and the authorization certificate is the target user's confirmation that the third-party application has the target user's preset resources The credentials for access rights.
For example, the authentication server of Alipay can receive the authorization information application request sent by the online service platform of the insurance company.
Step 404: Return authorization information for obtaining the preset resource to the third-party application, where the authorization information includes an access token and the target user's identity.
For example, the authentication server of Alipay can return authorization information for obtaining the preset resource to the network service platform of the insurance company.
Step 406: Receive a resource acquisition request sent by the third-party application, where the resource acquisition request carries the access token and the identity identifier.
For example, the resource server of Alipay can receive the resource acquisition request sent by the network service platform of the insurance company.
Step 408: Based on the access token and the identity, feedback the preset resource to the third-party application.
For example, the resource server of Alipay may return the preset resource to the network service platform of the insurance company.
In a specific embodiment, step 408 may include: based on the access token, opening the access permission of the default interface of the resource server to the third-party application, and the default interface stores some The preset resource; based on the identity, the third-party application is open to access the preset resource under the preset interface; and the third-party application is fed back to the third-party application through the preset interface Preset resources.
It should be noted that in this embodiment, step 402 and step 404 can be performed by the authentication server of the preset social application (which can correspond to the open platform business domain of the preset social application), and step 406 and step 408 can be preset by The resource server of the social application (which can correspond to the member domain of the default social application) is executed, and the authentication server and the resource server of the default social application can be the same server or different servers.
The embodiment shown in FIG. 4 provides a method for repaying user resources, because the resource server of the default social application can return the target to the third-party application when the third-party application obtains the access permission granted by the target user The user saves the default resources on the resource server of the default social application, without requiring others to manually submit the target user's default resources to the third-party application. Therefore, it is possible to prevent the transmission of the target user's preset resources between different persons from occurring, and to protect the target user's personal privacy and sensitive information from being leaked.
The above is the description of this manual providing a method of repaying the user's resources, and the following is an introduction to the electronic equipment provided in this manual.
Fig. 5 is a schematic structural diagram of an electronic device provided by an embodiment of this specification. Please refer to FIG. 5, at the hardware level, the electronic device includes a processor, optionally an internal bus, a network interface, and a storage. Among them, the storage may include memory, such as a high-speed random access memory (Random-Access Memory, RAM), or may also include a non-volatile memory (non-volatile memory), such as at least one magnetic disk storage. Of course, the electronic equipment may also include hardware required by other businesses.
The processor, network interface, and memory can be connected to each other through an internal bus. The internal bus can be an ISA (Industry Standard Architecture) bus, PCI (Peripheral Component Interconnect) bus or EISA (Extended Industry Standard Architecture, extended industry standard architecture) bus, etc. The bus can be divided into address bus, data bus, control bus, etc. For ease of presentation, only one double-headed arrow is used to indicate in FIG. 5, but it does not mean that there is only one busbar or one type of busbar.
Storage, used to store programs. Specifically, the program may include program code, and the program code includes computer operation instructions. The storage may include memory and non-volatile storage, and provide instructions and data to the processor.
The processor reads the corresponding computer program from the non-volatile memory to the memory and then runs it to form a device for obtaining user resources on a logical level. The processor executes the program stored in the memory, and is specifically used to perform the following operations:
Sending an authorization request to the target user, where the authorization request is used to request access to the target user's preset resource, and the preset resource is stored in a resource server of a preset social application;
Receiving the authorization certificate returned by the target user after confirming that the access authority is granted;
Based on the authorization certificate, apply to the authentication server of the default social application to obtain authorization information of the preset resource, where the authorization information includes an access token and the identity of the target user;
Based on the access token and the identity identifier, access the resource server to obtain the preset resource.
The foregoing method for obtaining user resources disclosed in the embodiment shown in FIG. 1 of this specification may be applied to the processor shown in FIG. 5 or implemented by the processor. The processor may be an integrated circuit chip with signal processing capabilities. In the implementation process, the steps of the above method can be completed through the integrated logic circuit of the hardware in the processor or the instructions in the form of software. The above-mentioned processor may be a general-purpose processor, including a central processing unit (Central Processing Unit, CPU), a network processor (Network Processor, NP), etc.; it may also be a digital signal processor (DSP), a dedicated Integrated circuits (Application Specific Integrated Circuit, ASIC), Field-Programmable Gate Array (FPGA) or other programmable logic devices, distributed gate or transistor logic devices, discrete hardware components. The methods, steps, and logic block diagrams disclosed in one or more embodiments of this specification can be implemented or executed. The general-purpose processor may be a microprocessor or the processor may also be any conventional processor or the like. The steps of the method disclosed in combination with one or more embodiments of this specification can be directly embodied as being executed by a hardware decoding processor, or executed by a combination of hardware and software modules in the decoding processor. The software module can be located in random storage, flash memory, read-only storage, programmable read-only storage, or electrically erasable programmable storage, register and other mature storage media in the field. The storage medium is located in the storage, and the processor reads the information in the storage and completes the steps of the above method in combination with its hardware.
The electronic device shown in FIG. 5 can also execute the method of obtaining user resources in FIG. 1, which will not be repeated in this specification.
Fig. 6 is a schematic structural diagram of an electronic device provided by another embodiment of this specification. The difference between the device shown in FIG. 6 and the electronic device shown in FIG. 5 is that the processor executes the program stored in the memory, and is specifically used to perform the following operations:
Receive an authorization information application request sent by a third-party application, the authorization information application request carries an authorization certificate, and the authorization certificate is the target user's confirmation that the third-party application has access to the target user's preset resources Certificate of authority;
Feeding back to the third-party application authorization information for obtaining the preset resource, the authorization information including an access token and the target user's identity;
Receiving a resource acquisition request sent by the third-party application, where the resource acquisition request carries the access token and the identity identifier;
Based on the access token and the identity, the preset resource is fed back to the third-party application.
The electronic device shown in FIG. 6 can also execute the method of returning user resources in FIG. 4, which will not be repeated in this specification.
Of course, in addition to the software implementation, the electronic equipment in this specification does not exclude other implementations, such as logic devices or a combination of software and hardware, etc., which means that the execution body of the following processing flow is not limited to each logic unit , It can also be a hardware or logic device.
The embodiment of this specification also proposes a computer-readable storage medium, the computer-readable storage medium stores one or more programs, and the one or more programs include instructions. When the instructions are included in a portable electronic device that includes multiple application programs When the device is executed, the portable electronic device can be made to execute the method of the embodiment shown in FIG. 1, and is specifically used to execute the following operations:
Sending an authorization request to the target user, where the authorization request is used to request access to the target user's preset resource, and the preset resource is stored in a resource server of a preset social application;
Receiving the authorization certificate returned by the target user after confirming that the access authority is granted;
Based on the authorization certificate, apply to the authentication server of the default social application to obtain authorization information of the preset resource, where the authorization information includes an access token and the identity of the target user;
Based on the access token and the identity identifier, access the resource server to obtain the preset resource.
In another embodiment, the embodiment of this specification also provides a computer-readable storage medium, the computer-readable storage medium stores one or more programs, the one or more programs include instructions, and the instructions include multiple When the portable electronic device of the application is executed, the portable electronic device can execute the method of the embodiment shown in FIG. 1, and is specifically used to perform the following operations:
Receive an authorization information application request sent by a third-party application, the authorization information application request carries an authorization certificate, and the authorization certificate is the target user's confirmation that the third-party application has access to the target user's preset resources Certificate of authority;
Feeding back to the third-party application authorization information for obtaining the preset resource, the authorization information including an access token and the target user's identity;
Receiving a resource acquisition request sent by the third-party application, where the resource acquisition request carries the access token and the identity identifier;
Based on the access token and the identity, the preset resource is fed back to the third-party application.
The following describes a device for obtaining user resources provided in this specification.
FIG. 7 is a schematic structural diagram of an apparatus 700 for obtaining user resources provided in this specification. Referring to FIG. 7, in a software implementation, the device 700 for acquiring user resources may include: an authorization request sending module 701, an authorization certificate receiving module 702, an authorization information application module 703, and a resource acquisition module 704.
The authorization request sending module 701 is configured to send an authorization request to a target user, the authorization request is used to request access to the target user's preset resource, and the preset resource is stored in a preset social application In the resource server.
Optionally, in an example, the authorization request sending module 701 can be used to send an authorization request to the target user by sending a short message to the target user or sending information to the target user's instant messaging account.
Optionally, in another example, the authorization request sending module 701 can be used to send the authorization request to the target user through the aforementioned preset social application, and the target user is a registered user of the social application By.
Further, on the basis of this example, the apparatus 700 for acquiring user resources may further include: a registration module, which is used to send the authorization request to the target user through the preset social application before sending the authorization request to the target user. The public service account registered in the preset social application is described. Correspondingly, the authorization request sending module 701 can be used to send the authorization request to the target user through the public service account, for example, push the authorization request to the target user through the Alipay life account.
Furthermore, on the basis of this example, the apparatus 700 for obtaining user resources may further include: an obtaining module, configured to obtain before sending the authorization request to the target user through the preset social application The account registered by the target user in the social application. Correspondingly, the authorization request sending module 701 can be used to send the authorization request to the account of the target user through the public service account.
The authorization certificate receiving module 702 is configured to receive the authorization certificate returned by the target user after confirming that the authorization is granted.
The authorization information application module 703 is configured to apply to the authentication server of the default social application to obtain authorization information of the default resource based on the authorization certificate, the authorization information includes an access token and the target The identity of the user.
The resource acquisition module 704 is configured to access the resource server to acquire the preset resource based on the access token and the identity identifier.
As a specific example, the resource acquisition module 704 can be used to acquire the permission to access the default interface of the resource server based on the access token, and the default resource is stored under the default interface Based on the identity, obtaining the authority to access the preset resource under the preset interface; accessing the preset interface to obtain the preset resource.
The embodiment shown in FIG. 7 provides an apparatus 700 for obtaining user resources. Because a third-party application can obtain the target by accessing the resource server of the default social application when the target user grants access permission. The user’s pre-stored default resources without the need for others to manually submit the target user’s default resources to the third-party application. Therefore, it is possible to prevent the transmission of the target user's preset resources between different persons from occurring, and to protect the target user's personal privacy and sensitive information from being leaked.
It should be noted that the apparatus 700 for obtaining user resources can implement the method of the method embodiment in FIG. 1. For details, please refer to the method for obtaining user resources in the embodiment shown in FIG. 1, which will not be repeated.
FIG. 8 is a schematic structural diagram of an apparatus 800 for repaying user resources provided in this specification. Referring to FIG. 8, in a software implementation, the device 800 for repaying user resources may include: a first request receiving module 801, an authorization information sending module 802, a second request receiving module 803, and a resource feedback module 804 .
The first request receiving module 801 is configured to receive an authorization information application request sent by a third-party application. The authorization information application request carries an authorization certificate, and the authorization certificate is the target user confirming that the third-party application has the The certificate of the access permission of the target user's default resource
The authorization information sending module 802 is used for feeding back authorization information for obtaining the preset resource to the third-party application. The authorization information includes an access token and the target user's identity.
The second request receiving module 803 is configured to receive a resource acquisition request sent by the third-party application, and the resource acquisition request carries the access token and the identity identifier.
The resource feedback module 804 is configured to return the preset resource to the third-party application based on the access token and the identity identifier.
In a specific implementation, the resource feedback module 804 can be used to open the access permissions of the default interface of the resource server to the third-party application based on the access token, and the default interface is Storing the preset resource; based on the identity, open to the third-party application access to the preset resource under the preset interface; facing the third-party application through the preset interface Give back the preset resources.
The embodiment shown in FIG. 8 provides an apparatus 800 for repaying user resources, because the resource server of the default social application can repay the third-party application when the third-party application obtains the access permission granted by the target user The target user saves the default resources on the resource server of the default social application, without the need for others to manually submit the target user's default resources to the third-party application. Therefore, it is possible to prevent the transmission of the target user's preset resources between different persons from occurring, and to protect the target user's personal privacy and sensitive information from being leaked.
It should be noted that the apparatus 800 for obtaining user resources can implement the method of the method embodiment in FIG. 4, and for details, please refer to the method for obtaining user resources in the embodiment shown in FIG. 4, which will not be repeated.
In short, the above descriptions are only preferred embodiments of this specification, and are not intended to limit the protection scope of this specification. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of one or more embodiments of this specification shall be included in the protection scope of one or more embodiments of this specification.
The systems, devices, modules or units explained in the above embodiments may be implemented by computer chips or entities, or implemented by products with certain functions. A typical implementation device is a computer. Specifically, the computer may be, for example, a personal computer, a laptop computer, a cellular phone, a camera phone, a smart phone, a personal digital assistant, a media player, a navigation device, an email device, a game console, a tablet computer, a wearable Device or any combination of these devices.
Computer-readable media include permanent and non-permanent, movable and non-movable media, and information storage can be realized by any method or technology. Information can be computer-readable instructions, data structures, program modules, or other data. Examples of computer storage media include, but are not limited to, phase change memory (PRAM), static random access memory (SRAM), dynamic random access memory (DRAM), and other types of random access memory (RAM) , Read-only memory (ROM), electrically erasable programmable read-only memory (EEPROM), flash memory or other memory technology, read-only CD-ROM (CD-ROM), digital multi-function Optical discs (DVD) or other optical storage, magnetic cassettes, magnetic tape storage or other magnetic storage devices, or any other non-transmission media, can be used to store information that can be accessed by computer equipment. According to the definition in this article, computer-readable media does not include transitory media, such as modulated data signals and carrier waves.
It should also be noted that the terms "include", "include" or any other variants thereof are intended to cover non-exclusive inclusion, so that a process, method, product or equipment including a series of elements not only includes those elements, but also includes Other elements that are not explicitly listed, or include elements inherent to this process, method, commodity, or equipment. When there are no more restrictions, the element defined by the sentence "including a..." does not exclude the existence of other identical elements in the process, method, commodity or equipment that includes the element.
The various embodiments in this specification are described in a sequential manner, and the same or similar parts between the various embodiments can be referred to each other, and each embodiment focuses on the differences from other embodiments. In particular, as for the system embodiment, since it is basically similar to the method embodiment, the description is relatively simple, and for related parts, please refer to the part of the description of the method embodiment.
