WO2015135331A1 - Authorization method, apparatus and system for authentication - Google Patents

Authorization method, apparatus and system for authentication Download PDF

Info

Publication number
WO2015135331A1
WO2015135331A1 PCT/CN2014/090427 CN2014090427W WO2015135331A1 WO 2015135331 A1 WO2015135331 A1 WO 2015135331A1 CN 2014090427 W CN2014090427 W CN 2014090427W WO 2015135331 A1 WO2015135331 A1 WO 2015135331A1
Authority
WO
WIPO (PCT)
Prior art keywords
information
party application
server
user
account
Prior art date
Application number
PCT/CN2014/090427
Other languages
French (fr)
Chinese (zh)
Inventor
朱建庭
郑伟德
Original Assignee
百度在线网络技术(北京)有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 百度在线网络技术(北京)有限公司 filed Critical 百度在线网络技术(北京)有限公司
Publication of WO2015135331A1 publication Critical patent/WO2015135331A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/33User authentication using certificates
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2115Third party
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2141Access rights, e.g. capability lists, access control lists, access tables, access matrices

Definitions

  • the present invention relates to the field of computer technologies, and in particular, to an authentication method, apparatus, and system for authentication.
  • the display content and style of the login interface are completely limited by the platform side, and the platform side is basically difficult to customize the login interface for all third-party applications or sites. .
  • the third-party application or site is very much hope that the style of the login interface that the user sees is completely consistent with the interface style of the application or the site itself, or even the login interface that the user wants to see.
  • the content is completely controllable by itself to ensure and enhance the user experience in the application or site, especially in various online games (including end games, page games, mobile games).
  • the login interface is provided in the platform side page
  • the user account is not necessarily secure.
  • the Trojan virus in the user's computer the user is stolen by the Trojan when entering the password on the platform side page, for example, when the third party application
  • the third-party application can also obtain the password input by the user.
  • the root cause is because the user needs to enter a login authorization process. A reusable password that is insecure once the password is compromised.
  • the present invention aims to solve at least one of the technical problems in the related art to some extent.
  • the embodiments of the present invention provide an authorization method, apparatus, and system capable of simultaneously solving account security issues and third-party applications or sites that are fully customizable for the login interface.
  • the authorization method for authentication includes: receiving an authentication request sent by a server of a third-party application, where the authentication request carries account information, third-party application information, and information to be acquired that the user inputs on the login interface provided by the third-party application.
  • Privilege information parsing the authentication request, obtaining the parsing result, interacting with the corresponding application APP according to the parsing result and the correspondence between the pre-stored account information and the long connection channel information, generating an authorization code, and transmitting the authorization to the server of the third-party application
  • the information acquisition request that is sent by the server that receives the third-party application and includes the authorization code, and returns the corresponding user information to the server of the third-party application according to the information acquisition request, so that the server of the third-party application completes the authentication process according to the corresponding user information.
  • the authentication authorization method receives an authentication request including account information input by a user on a login interface provided by a third-party application, parses the authentication request, and obtains an authorization code by interacting with the corresponding application, and then According to the authorization code, the user information is returned to the server of the third-party application to complete the process of logging in to the user using the platform party account, so that the user login interface is completely provided by the third-party application or the site, and the user account and data security can be fully ensured. Therefore, multiple forms of login can be implemented, so that the user does not need to register and manage the login accounts of multiple websites, and only through an open platform registration account, it is authorized to access multiple websites, which provides convenience for the user, and Simple to implement.
  • the authentication device includes: a receiving module, configured to receive an authentication request sent by a server of a third-party application, where the authentication request carries the account information and the third-party application input by the user on the login interface provided by the third-party application.
  • the processing module is configured to parse the authentication request, obtain the parsing result, and interact with the corresponding application APP according to the parsing result and the correspondence between the pre-stored account information and the long connection channel information to generate an authorization code.
  • an authorization module configured to receive an information acquisition request that includes an authorization code sent by the server of the third-party application, and return the corresponding user information to the server of the third-party application according to the information acquisition request,
  • the server of the third-party application is configured to complete the authentication process according to the corresponding user information.
  • the authentication device receives the authentication request including the account information input by the user on the login interface provided by the third-party application, and the processing module parses the authentication request and performs the corresponding application through the corresponding application.
  • the authorization code is obtained interactively, and then the authorization module returns the user information to the server of the third-party application to complete the process of the user login using the platform party account, so that the user login interface is completely provided by the third-party application or the site, and the user can be fully guaranteed.
  • Account and data security thus enabling multiple forms of login, making Users do not need to register and manage login accounts of multiple websites. They only need to access multiple websites through an open platform registration account, which provides convenience for users and is simple to implement.
  • the authentication authorization system includes: a client of a third-party application, a server of a third-party application, an application APP running on the mobile terminal, and a platform-side server.
  • multiple forms of login can be implemented through the interaction between the client of the third-party application, the server of the third-party application, the APP running on the mobile terminal, and the platform-side server, so that Users do not need to register and manage login accounts of multiple websites. They only need to access multiple websites through an open platform registration account, which provides convenience for users and is simple to implement.
  • a storage medium is configured to store an application, and the application is used to execute an authorization method for authentication according to an embodiment of the present invention.
  • FIG. 1 is a flow chart of an authorization method of authentication according to an embodiment of the present invention
  • FIG. 2 is a signaling flow diagram of an authentication method of authentication according to an embodiment of the present invention.
  • FIG. 3 is a schematic structural diagram of an authentication apparatus for authentication according to an embodiment of the present invention.
  • FIG. 4 is a schematic structural diagram of an authentication system for authentication according to an embodiment of the present invention.
  • FIG. 1 is a flow chart of an authentication method of authentication according to an embodiment of the present invention, which is described from a platform side server, that is, a platform side login system server side.
  • the authorization method of the authentication includes the following steps:
  • S101 Receive an authentication request sent by a server of a third-party application, where the authentication request carries account information, third-party application information, and permission information to be obtained, which are input by the user on the login interface provided by the third-party application.
  • the client of the third-party application when the client of the third-party application chooses to log in using a certain platform party account, such as a Baidu account, the client of the third-party application redirects the user to the login interface provided by the third-party application.
  • a certain platform party account such as a Baidu account
  • the client of the third-party application redirects the user to the login interface provided by the third-party application.
  • the content displayed by this login interface, the style of the interface, etc. are completely controlled by the third-party application, and have nothing to do with the platform.
  • the user inputs the account information, such as the account name, and triggers the client of the third-party application to send a request for logging in to the Baidu account to the server of the third-party application, where the request carries the account name entered by the user; wherein the account name may be the user Name, mobile phone number, email address, etc.
  • the server of the third-party application After receiving the request from the corresponding client, the server of the third-party application assigns the account name and the platform party to the unique identifier and application key of the third-party application and the permission information to be obtained (that is, the third-party application wants the platform party and the user to grant The data access encapsulation is sent to the platform side server in the authentication request to obtain the user's authorization code.
  • S102 Parsing the authentication request, obtaining the parsing result, and interacting with the corresponding application (APP) according to the parsing result and the correspondence between the pre-stored account information and the long connection channel information, generating an authorization code, and sending the authorization code to the server of the third-party application.
  • APP application
  • the platform side server parses the authentication request, and obtains the account name, the third-party application information, and the permission information to be obtained.
  • the third-party application information may include the application identifier and the application key of the third-party application.
  • the method before obtaining the long connection channel information according to the account information and the correspondence between the pre-stored account information and the long connection channel information, the method further includes: the platform side server receiving the establishment request of the long connection channel sent by the APP, and The account information provided by the user is added to the APP; and then the account authentication request sent by the APP is received. After the authentication is passed, the account information carried in the account authentication request is used to save the correspondence between the account information and the long connection channel information, that is, the account and the APP are saved. Correspondence of long connection channels maintained by the platform side server.
  • the platform side server interacts with the APP, and the process of generating the authorization code may be: obtaining corresponding account information according to the account information, and obtaining a long correspondence according to the account information and the correspondence between the pre-stored account information and the long connection channel information.
  • Connect channel information send the parsing result to the corresponding application APP according to the long connection channel information, so that the APP Displaying the analysis result and the information to be confirmed to the user; after the user makes a selection according to the analysis result and the to-be-confirmed information, the user returns the user confirmation information to the platform side server, and the platform side server receives the user confirmation information returned by the APP, and when the user confirms the information as the consent information At the time, an authorization code is generated based on the analysis result.
  • the platform side server returns an error message to the server of the third party application.
  • S103 Receive an information acquisition request that includes an authorization code sent by a server of the third-party application, and return a corresponding user information to the server of the third-party application according to the information acquisition request, so that the server of the third-party application completes the authentication process according to the corresponding user information.
  • the server of the third-party application obtains the basic information of the currently logged-in user, such as the user identifier and the user name, from the platform-side server according to the authorization code, to complete the process of logging in to the application by using the platform-side account.
  • the authentication authorization method of the embodiment of the present invention receives an authentication request including account information input by a user on a login interface provided by a third-party application, parses the authentication request, and obtains an authorization code by interacting with the corresponding application, and then according to The authorization code returns the user information to the server of the third-party application to complete the process of the user login using the platform party account, so that the user login interface is completely provided by the third-party application or the site, and the user account and data security can be fully ensured; Therefore, multiple forms of login can be implemented, so that the user does not need to register and manage the login accounts of multiple websites, and only through an open platform registration account can access multiple websites after authorization, which provides convenience for the user and realizes simple.
  • the authorization process of the authentication includes the following steps:
  • the APP establishes and maintains a long connection channel with the platform side server.
  • the APP After the user starts the APP on his mobile device, the APP establishes and maintains a long connection channel with the platform side server in the background. If the long connection channel is interrupted for some reason, the APP will re-establish with the platform side server according to a certain policy. A new long connection channel.
  • the platform side server adds the account information provided by the user to the APP.
  • the user adds the user account registered in the platform to the account management module of the APP, the mobile device has certain privacy, and the current mainstream mobile device system is relatively safe (not so many trojan viruses), and The login process is done in the platform's own app, so this process is safe.
  • the platform side server saves the correspondence between the account and the long connection channel maintained by the APP and the platform side server.
  • the platform side server authenticates the account authentication request sent by the APP, if the authentication is passed, the correspondence between the account and the APP and the long connection channel maintained by the platform server is saved.
  • the client of the third-party application receives the account information input by the user on the login interface provided by the third-party application.
  • the client of the third-party application redirects the user to the login interface provided by the third-party application.
  • the content and interface style of the login interface are completely Three-party application control can have nothing to do with the platform.
  • the client of the third-party application sends a request for logging in to the Baidu account to the server of the third-party application.
  • the user enters an account name (which may be a user name, a mobile phone number, a mailbox, etc.) on the login interface, and triggers the client of the third-party application to send a request for logging in to the Baidu account to the server of the third-party application, where the request may carry the account entered by the user. name.
  • an account name which may be a user name, a mobile phone number, a mailbox, etc.
  • the server of the third-party application sends an authentication request to the platform-side server, where the authentication request carries account information, third-party application information, and permission information to be acquired.
  • the server of the third-party application sends the account name, the application identifier and the application key of the platform party to the third-party application, and the access operation authority granted by the third-party application to the platform party and the user to the platform server to obtain the user authorization code.
  • the platform side server authenticates the validity of the third-party application according to the application identifier and the application key of the third-party application. If invalid, returns the corresponding error information, otherwise, the process proceeds to step S208.
  • the platform side server obtains corresponding user account information according to the account name. If the account number does not exist, the corresponding error information is returned. Otherwise, the process proceeds to step S209.
  • the platform side server obtains a long connection channel between the platform side server and the APP corresponding to the account information. If the long connection channel does not exist, the corresponding error information is returned. Otherwise, the process proceeds to step S210.
  • the platform side server sends the user account information, the third-party application information, and the access operation authority information that the third-party application wants to obtain, to the user's APP through the long connection channel.
  • the APP displays the user account information, the third-party application information, and the access operation authority information that the third-party application wants to obtain to the user in a certain manner, and asks whether the user agrees to log in to the third-party application as an account and grants access to the third-party application. Operation authority, and return the user confirmation information to the platform side server after the user makes a selection.
  • the authorization code is generated and returned to the server of the third-party application, and if the user confirms that the information is the rejection information, an error message is returned.
  • the platform side server returns a corresponding error message to the server of the third-party application, otherwise, an authorization code is generated according to the user account information, the third-party application information, and the access operation authority information that the third-party application wants to obtain, and The authorization code is returned to the server of the third-party application.
  • the server of the third-party application obtains basic information or error information of the user from the platform side server by using an authorization code, and completes the authentication process according to the basic information of the user.
  • the corresponding error message is returned to the client of the third-party application, and the client prompts and guides the user for the corresponding, otherwise, according to the authorization
  • the code obtains the basic information of the currently logged-in user, such as the user ID and the user name, to complete the process of logging in to the application using the platform party account.
  • multiple forms of login can be implemented through interaction between the platform side server, the APP, the client of the third-party application, and the server of the third-party application, so that the user does not need to register and manage more.
  • the login account of each website can access multiple websites through authorization through a registered account of a platform, which provides convenience for the user and is simple to implement.
  • FIG. 3 is a block diagram showing the structure of an authentication device for authentication, which is located in a platform side server, in accordance with one embodiment of the present invention.
  • the authorization device includes a receiving module 31, a processing module 32, and an authorization module 33.
  • the receiving module 31 is configured to receive an authentication request sent by a server of a third-party application, where the authentication request carries account information, third-party application information, and permission information to be obtained, which are input by the user on the login interface provided by the third-party application.
  • the client of the third-party application when the client of the third-party application chooses to log in using a certain platform party account, such as a Baidu account, the client of the third-party application redirects the user to the login interface provided by the third-party application.
  • the content displayed by this login interface, the style of the interface, etc. are completely controlled by the third-party application, and have nothing to do with the platform.
  • the user inputs the account information, such as the account name, and triggers the client of the third-party application to send a request for logging in to the Baidu account to the server of the third-party application, where the request carries the account name entered by the user; wherein the account name may be the user Name, mobile phone number, email address, etc.
  • the server of the third-party application After receiving the request from the corresponding client, the server of the third-party application assigns the account name and the platform party to the unique identifier and application key of the third-party application and the permission information to be obtained (that is, the third-party application wants the platform party and the user to grant The data access encapsulation is sent to the platform side server in the authentication request to obtain the user's authorization code.
  • the processing module 32 is configured to parse the authentication request, obtain the parsing result, and interact with the corresponding application APP according to the parsing result and the correspondence between the pre-stored account information and the long connection channel information, generate an authorization code, and apply to the third party.
  • the server sends an authorization code.
  • the processing module 32 may be configured to: obtain corresponding account information according to the account information in the analysis result, obtain long connection channel information according to the account information and the correspondence between the pre-stored account information and the long connection channel information; and according to the long connection channel information Sending the parsing result to the corresponding application APP, so that the APP displays the parsing result and the to-be-confirmed information to the user; receiving the user confirmation information returned by the APP, and when the user confirms that the information is the consent information, generating an authorization code according to the parsing result. More specifically, the processing module 32 may obtain corresponding account information according to the account information after determining that the third-party application is valid according to the third-party application information. In addition, when the user confirms that the information is the rejection information, the processing module 32 may also return an error message to the server of the third-party application, so that the server of the third-party application returns the error information to the client of the third-party application.
  • the authorization module 33 is configured to receive an information acquisition request that includes an authorization code sent by a server of the third-party application, and return the corresponding user information to the server of the third-party application according to the information acquisition request, so that the server of the third-party application is based on the corresponding user.
  • the information completes the certification process.
  • the authorization device may further include: an adding module 34 and a saving module 35, wherein: the adding module 34 is used in the processing module 32.
  • the adding module 34 is used in the processing module 32.
  • the request for establishing the long connection channel sent by the APP is received, and the account information provided by the user is added to the APP; the saving module 35 is used for The account authentication request sent by the APP is received, and the correspondence between the account information and the long connection channel information is saved according to the account information carried in the account authentication request.
  • the implementation authentication process of the authorization device including the receiving module 31, the processing module 32, the authorization module 33, the adding module 34, and the saving module 35 can be referred to FIG. 1 and FIG. 2, and details are not described herein.
  • the authentication device of the embodiment of the present invention receives the authentication request including the account information input by the user on the login interface provided by the third-party application, and the processing module parses the authentication request and interacts with the corresponding application. Obtain an authorization code, and then return the user information to the server of the third-party application through the authorization module to complete the process of logging in using the platform party account, so that the user login interface is completely provided by the third-party application or the site, and the user account can be fully guaranteed. And data security; thus enabling multiple forms of login, so that users do not need to register and manage login accounts of multiple websites, just through an open platform registration account, authorized to access multiple websites for users It is convenient and easy to implement.
  • an embodiment of the present invention further provides an authentication authorization system.
  • the system includes a client 41 of a third-party application, a server 42 of a third-party application, an APP 43 and a platform side running on the mobile terminal.
  • Server 44 wherein:
  • the client 41 of the third-party application is configured to receive the account information input by the user on the login interface provided by the third-party application, and send the account information to the server of the third-party application;
  • the server 42 of the third-party application is configured to send the authentication to the platform-side server.
  • the request, the authentication request carries the account information, the third-party application information, and the permission information to be acquired; receives the authorization code sent by the platform side server; sends an information acquisition request including the authorization code to the platform side server, and receives the corresponding information returned by the platform side server.
  • the user information completes the authentication process according to the corresponding user information;
  • the APP 43 is used to interact with the platform side server;
  • the platform side server 44 includes the authenticated authorization device shown in FIG.
  • the APP 43 may be configured to: receive the parsing result sent by the platform side server 44, display the parsing result and the to-be-confirmed information to the user, and send the user confirming information to the platform side server 44.
  • the APP 43 may be further configured to: before receiving the parsing result sent by the platform side server, send a request for establishing a long connection channel to the platform side server, add the account information sent by the platform side server, and send the account information to the platform side server. Account authentication request.
  • server 44 of the third-party application may be further configured to: receive error information sent by the platform-side server, and return an error message to the client.
  • the mobile terminal may be a device such as a mobile phone or a tablet computer, and the third-party application may run on a computer (PC), a smart TV, a wearable device, or the like.
  • PC computer
  • smart TV smart TV
  • wearable device or the like.
  • the authentication authorization system of the embodiment of the present invention can implement multiple forms of login through the interaction between the client of the third-party application, the server of the third-party application, the APP running on the mobile terminal, and the platform-side server, so that the user is enabled. You don't need to register and manage the login accounts of multiple websites. You only need to access multiple websites through an open platform registration account, which provides users with convenience and simple implementation.
  • the present invention also provides a storage medium for storing an application for performing an authentication method of authentication according to any of the embodiments of the present invention.
  • portions of the invention may be implemented in hardware, software, firmware or a combination thereof.
  • multiple steps or methods may be implemented in software or firmware stored in a memory and executed by a suitable instruction execution system.
  • a suitable instruction execution system For example, if implemented in hardware, as in another embodiment, it can be implemented by any one or combination of the following techniques well known in the art: having logic gates for implementing logic functions on data signals. Discrete logic circuits, application specific integrated circuits with suitable combinational logic gates, programmable gate arrays (PGAs), field programmable gate arrays (FPGAs), etc.

Abstract

The present invention provides an authorization method, device and system for authentication. The authorization method comprises: receiving an authentication request transmitted by a server of a third-party application, the authentication request carrying account information, third-party application information and information of to-be-obtained authority that are input by a user on a login interface provided by the third-party application; parsing the authentication request to obtain a parsing result, interacting with the corresponding application according to the parsing result and a correspondence between pre-stored account information and persistent connection channel information, generating an authorization code, and transmitting the authorization code to the server of the third-party application; and receiving an information obtaining request comprising the authorization code and transmitted by the server of the third-party application, and returning corresponding user information to the server of the third-party application according to the information obtaining request, so as to enable the server of the third-party application to complete an authentication process according to the corresponding user information. The present invention can enable the user login interface to be completely provided by the third-party application, so as to ensure security of the account and data.

Description

认证的授权方法、装置及系统Authentication method, device and system
相关申请的交叉引用Cross-reference to related applications
本申请要求百度在线网络技术(北京)有限公司于2014年3月10日提交的、发明名称为“认证的授权方法、装置及系统”的、中国专利申请号“201410086413.6”的优先权。This application claims the priority of the Chinese Patent Application No. "201410086413.6" filed on March 10, 2014 by Baidu Online Network Technology (Beijing) Co., Ltd., entitled "Authorization Authorization Method, Apparatus and System".
技术领域Technical field
本发明涉及计算机技术领域,尤其涉及一种认证的授权方法、装置及系统。The present invention relates to the field of computer technologies, and in particular, to an authentication method, apparatus, and system for authentication.
背景技术Background technique
为了提升自身产品的用户注册量和登录量,从而加速产品发展,越来越多的应用或站点开始对接像新浪微博、QQ、百度这样的开放平台的账号体系,支持用这些平台方的账号登录自身产品。In order to increase the number of user registrations and logins of their products, thereby accelerating product development, more and more applications or sites are beginning to dock account systems such as Sina Weibo, QQ, Baidu and other open platforms, supporting the use of these platform accounts. Log in to your product.
为了避免第三方应用或站点接触到用户的账号密码以及用户在平台方站点上的登录会话信息,以保证用户账号及其用户数据的安全性,目前所有的开放平台都会基于一个开放授权机制(目前主流的是基于OAuth1.0a或OAuth2.0标准协议)来为第三方应用或站点提供账号登录功能。在这个开放授权机制中,第三方应用或站点在引导用户使用其在平台方的用户账号登录时,都会先将用户重定向到平台方提供的一个登录授权页面,用户在该页面中完成登录后,平台方会返回相应授权码给第三方应用,第三方应用再通过授权码和应用在平台方的唯一认证信息来最终获取到当前登录用户的基本信息,以完成整个登录过程。In order to prevent third-party applications or sites from accessing the user's account password and the user's login session information on the platform side site to ensure the security of the user account and its user data, all open platforms are currently based on an open authorization mechanism (currently The mainstream is based on the OAuth1.0a or OAuth2.0 standard protocol) to provide account login functions for third-party applications or sites. In this open authorization mechanism, when a third-party application or site guides a user to log in using the user account on the platform side, the user is first redirected to a login authorization page provided by the platform, after the user completes the login in the page. The platform side will return the corresponding authorization code to the third-party application, and the third-party application finally obtains the basic information of the currently logged-in user through the authorization code and the unique authentication information of the application on the platform side to complete the entire login process.
由于用户登录界面由平台方的页面提供,因此,登录界面的展示内容、样式风格等都完全受限于平台方,平台方也基本上难以针对所有第三方应用或站点做登录界面的个性化定制。而在大多数情况下,第三方应用或站点是非常希望用户所看到的登录界面的样式风格是与该应用或站点自身的界面样式风格保持完全统一的,甚至是希望用户看到的登录界面的内容都是完全能够由自己控制的,以保证和提升用户在该应用或站点内的用户体验,尤其是在各种网络游戏(包括端游、页游、手游)中。Since the user login interface is provided by the platform side of the platform, the display content and style of the login interface are completely limited by the platform side, and the platform side is basically difficult to customize the login interface for all third-party applications or sites. . In most cases, the third-party application or site is very much hope that the style of the login interface that the user sees is completely consistent with the interface style of the application or the site itself, or even the login interface that the user wants to see. The content is completely controllable by itself to ensure and enhance the user experience in the application or site, especially in various online games (including end games, page games, mobile games).
另外,即便是登录界面是在平台方页面中提供,用户账号也不一定安全,比如由于用户电脑中木马病毒,导致用户在平台方页面中输入密码时被木马窃取,再比如,当第三方应用是通过网页视图(webview)方式加载平台方的登录授权页面时,第三方应用其实也是可以获取到用户输入的密码的。究其根源,还是因为用户在登录授权过程中需要输入一个 可重复使用的密码,一旦密码泄漏,账号就不安全。In addition, even if the login interface is provided in the platform side page, the user account is not necessarily secure. For example, due to the Trojan virus in the user's computer, the user is stolen by the Trojan when entering the password on the platform side page, for example, when the third party application When the login authorization page of the platform side is loaded through the webview mode, the third-party application can also obtain the password input by the user. The root cause is because the user needs to enter a login authorization process. A reusable password that is insecure once the password is compromised.
发明内容Summary of the invention
本发明旨在至少在一定程度上解决相关技术中的技术问题之一。为此,本发明实施例提出一种能够同时解决账号安全性问题和第三方应用或站点对于登录界面完全可个性化定制需求的认证的授权方法、装置和系统。The present invention aims to solve at least one of the technical problems in the related art to some extent. To this end, the embodiments of the present invention provide an authorization method, apparatus, and system capable of simultaneously solving account security issues and third-party applications or sites that are fully customizable for the login interface.
根据本发明实施例的认证的授权方法包括:接收第三方应用的服务器发送的认证请求,认证请求中携带用户在第三方应用提供的登录界面上输入的账户信息、第三方应用信息和欲获取的权限信息;对认证请求进行解析,获得解析结果,根据解析结果和预存的账号信息与长连接通道信息的对应关系与对应的应用APP进行交互,生成授权码,并向第三方应用的服务器发送授权码;以及接收第三方应用的服务器发送的包含授权码的信息获取请求,根据信息获取请求向第三方应用的服务器返回对应的用户信息,以使第三方应用的服务器根据对应的用户信息完成认证过程。The authorization method for authentication according to the embodiment of the present invention includes: receiving an authentication request sent by a server of a third-party application, where the authentication request carries account information, third-party application information, and information to be acquired that the user inputs on the login interface provided by the third-party application. Privilege information; parsing the authentication request, obtaining the parsing result, interacting with the corresponding application APP according to the parsing result and the correspondence between the pre-stored account information and the long connection channel information, generating an authorization code, and transmitting the authorization to the server of the third-party application And the information acquisition request that is sent by the server that receives the third-party application and includes the authorization code, and returns the corresponding user information to the server of the third-party application according to the information acquisition request, so that the server of the third-party application completes the authentication process according to the corresponding user information. .
根据本发明实施例的认证的授权方法,接收包含用户在第三方应用提供的登录界面上输入的账户信息的认证请求,对认证请求进行解析,并通过与对应的应用进行交互获得授权码,然后根据授权码向第三方应用的服务器返回用户信息以完成用户使用平台方账号登录的过程,做到了用户登录界面完全由第三方应用或站点来提供,同时又能充分保证用户账号和数据的安全性;从而可以实现多种形态的登录,使得用户不需要注册和管理多个网站的登录账号,只需通过一个开放平台的注册账号,经过授权即可访问多个网站,为用户提供了方便,而且实现简单。The authentication authorization method according to the embodiment of the present invention receives an authentication request including account information input by a user on a login interface provided by a third-party application, parses the authentication request, and obtains an authorization code by interacting with the corresponding application, and then According to the authorization code, the user information is returned to the server of the third-party application to complete the process of logging in to the user using the platform party account, so that the user login interface is completely provided by the third-party application or the site, and the user account and data security can be fully ensured. Therefore, multiple forms of login can be implemented, so that the user does not need to register and manage the login accounts of multiple websites, and only through an open platform registration account, it is authorized to access multiple websites, which provides convenience for the user, and Simple to implement.
根据本发明实施例的认证的授权装置包括:接收模块,用于接收第三方应用的服务器发送的认证请求,认证请求中携带用户在第三方应用提供的登录界面上输入的账户信息、第三方应用信息和欲获取的权限信息;处理模块,用于对认证请求进行解析,获得解析结果,根据解析结果和预存的账号信息与长连接通道信息的对应关系与对应的应用APP进行交互,生成授权码,并向第三方应用的服务器发送授权码;以及授权模块,用于接收第三方应用的服务器发送的包含授权码的信息获取请求,根据信息获取请求向第三方应用的服务器返回对应的用户信息,以使第三方应用的服务器根据对应的用户信息完成认证过程。The authentication device according to the embodiment of the present invention includes: a receiving module, configured to receive an authentication request sent by a server of a third-party application, where the authentication request carries the account information and the third-party application input by the user on the login interface provided by the third-party application. The information and the permission information to be obtained; the processing module is configured to parse the authentication request, obtain the parsing result, and interact with the corresponding application APP according to the parsing result and the correspondence between the pre-stored account information and the long connection channel information to generate an authorization code. And sending an authorization code to the server of the third-party application; and an authorization module, configured to receive an information acquisition request that includes an authorization code sent by the server of the third-party application, and return the corresponding user information to the server of the third-party application according to the information acquisition request, The server of the third-party application is configured to complete the authentication process according to the corresponding user information.
根据本发明实施例的认证的授权装置,通过接收模块接收包含用户在第三方应用提供的登录界面上输入的账户信息的认证请求,通过处理模块对认证请求进行解析,并通过与对应的应用进行交互获得授权码,然后通过授权模块向第三方应用的服务器返回用户信息以完成用户使用平台方账号登录的过程,做到了用户登录界面完全由第三方应用或站点来提供,同时又能充分保证用户账号和数据的安全性;从而可以实现多种形态的登录,使得 用户不需要注册和管理多个网站的登录账号,只需通过一个开放平台的注册账号,经过授权即可访问多个网站,为用户提供了方便,而且实现简单。The authentication device according to the embodiment of the present invention receives the authentication request including the account information input by the user on the login interface provided by the third-party application, and the processing module parses the authentication request and performs the corresponding application through the corresponding application. The authorization code is obtained interactively, and then the authorization module returns the user information to the server of the third-party application to complete the process of the user login using the platform party account, so that the user login interface is completely provided by the third-party application or the site, and the user can be fully guaranteed. Account and data security; thus enabling multiple forms of login, making Users do not need to register and manage login accounts of multiple websites. They only need to access multiple websites through an open platform registration account, which provides convenience for users and is simple to implement.
根据本发明实施例的认证的授权系统包括:第三方应用的客户端、第三方应用的服务器、运行在移动终端上的应用APP和平台方服务器。The authentication authorization system according to an embodiment of the present invention includes: a client of a third-party application, a server of a third-party application, an application APP running on the mobile terminal, and a platform-side server.
根据本发明实施例的认证的授权系统,通过第三方应用的客户端、第三方应用的服务器、运行在移动终端上的APP和平台方服务器之间的交互,可以实现多种形态的登录,使得用户不需要注册和管理多个网站的登录账号,只需通过一个开放平台的注册账号,经过授权即可访问多个网站,为用户提供了方便,而且实现简单。According to the authentication authorization system of the embodiment of the present invention, multiple forms of login can be implemented through the interaction between the client of the third-party application, the server of the third-party application, the APP running on the mobile terminal, and the platform-side server, so that Users do not need to register and manage login accounts of multiple websites. They only need to access multiple websites through an open platform registration account, which provides convenience for users and is simple to implement.
根据本发明实施例的存储介质,用于存储应用程序,所述应用程序用于执行本发明实施例所述的认证的授权方法。A storage medium according to an embodiment of the present invention is configured to store an application, and the application is used to execute an authorization method for authentication according to an embodiment of the present invention.
本发明附加的方面和优点将在下面的描述中部分给出,部分将从下面的描述中变得明显,或通过本发明的实践了解到。The additional aspects and advantages of the invention will be set forth in part in the description which follows.
附图说明DRAWINGS
本发明上述的和/或附加的方面和优点从下面结合附图对实施例的描述中将变得明显和容易理解,其中,The above and/or additional aspects and advantages of the present invention will become apparent and readily understood from
图1是根据本发明一个实施例的认证的授权方法的流程图;1 is a flow chart of an authorization method of authentication according to an embodiment of the present invention;
图2是根据本发明一个实施例的认证的授权方法的信令流程图;2 is a signaling flow diagram of an authentication method of authentication according to an embodiment of the present invention;
图3是根据本发明一个实施例的认证的授权装置的结构示意图;3 is a schematic structural diagram of an authentication apparatus for authentication according to an embodiment of the present invention;
图4是根据本发明一个实施例的认证的授权系统的结构示意图。4 is a schematic structural diagram of an authentication system for authentication according to an embodiment of the present invention.
具体实施方式detailed description
下面详细描述本发明的实施例,所述实施例的示例在附图中示出,其中自始至终相同或类似的标号表示相同或类似的元件或具有相同或类似功能的元件。下面通过参考附图描述的实施例是示例性的,仅用于解释本发明,而不能理解为对本发明的限制。相反,本发明的实施例包括落入所附加权利要求书的精神和内涵范围内的所有变化、修改和等同物。The embodiments of the present invention are described in detail below, and the examples of the embodiments are illustrated in the drawings, wherein the same or similar reference numerals are used to refer to the same or similar elements or elements having the same or similar functions. The embodiments described below with reference to the accompanying drawings are intended to be illustrative of the invention and are not to be construed as limiting. Rather, the invention is to cover all modifications, modifications and equivalents within the spirit and scope of the appended claims.
在本发明的描述中,需要理解的是,术语“第一”、“第二”等仅用于描述目的,而不能理解为指示或暗示相对重要性。在本发明的描述中,需要说明的是,除非另有明确的规定和限定,术语“相连”、“连接”应做广义理解,例如,可以是固定连接,也可以是可拆卸连接,或一体地连接;可以是机械连接,也可以是电连接;可以是直接相连,也可以通过中间媒介间接相连。对于本领域的普通技术人员而言,可以具体情况理解上述术语在本发明中的具体含义。此外,在本发明的描述中,除非另有说明,“多个”的含义是两个或两个以上。 In the description of the present invention, it is to be understood that the terms "first", "second" and the like are used for descriptive purposes only and are not to be construed as indicating or implying relative importance. In the description of the present invention, it should be noted that the terms "connected" and "connected" are to be understood broadly, and may be, for example, a fixed connection, a detachable connection, or an integral, unless otherwise explicitly defined and defined. Ground connection; it can be mechanical connection or electrical connection; it can be directly connected or indirectly connected through an intermediate medium. The specific meaning of the above terms in the present invention can be understood in a specific case by those skilled in the art. Further, in the description of the present invention, the meaning of "a plurality" is two or more unless otherwise specified.
流程图中或在此以其他方式描述的任何过程或方法描述可以被理解为,表示包括一个或更多个用于实现特定逻辑功能或过程的步骤的可执行指令的代码的模块、片段或部分,并且本发明的优选实施方式的范围包括另外的实现,其中可以不按所示出或讨论的顺序,包括根据所涉及的功能按基本同时的方式或按相反的顺序,来执行功能,这应被本发明的实施例所属技术领域的技术人员所理解。Any process or method description in the flowcharts or otherwise described herein may be understood to represent a module, segment or portion of code that includes one or more executable instructions for implementing the steps of a particular logical function or process. And the scope of the preferred embodiments of the invention includes additional implementations, in which the functions may be performed in a substantially simultaneous manner or in an opposite order depending on the functions involved, in the order shown or discussed. It will be understood by those skilled in the art to which the embodiments of the present invention pertain.
图1是根据本发明一个实施例的认证的授权方法的流程图,该实施例从平台方服务器即平台方登录系统服务器端进行描述。1 is a flow chart of an authentication method of authentication according to an embodiment of the present invention, which is described from a platform side server, that is, a platform side login system server side.
如图1所示,该认证的授权方法包括以下步骤:As shown in FIG. 1, the authorization method of the authentication includes the following steps:
S101,接收第三方应用的服务器发送的认证请求,认证请求中携带用户在第三方应用提供的登录界面上输入的账户信息、第三方应用信息和欲获取的权限信息。S101. Receive an authentication request sent by a server of a third-party application, where the authentication request carries account information, third-party application information, and permission information to be obtained, which are input by the user on the login interface provided by the third-party application.
在本发明的实施例中,用户在第三方应用的客户端选择使用某一平台方账号例如百度账号登录时,第三方应用的客户端将用户重定向到由第三方应用提供的登录界面上,此登录界面展现的内容、界面样式风格等完全由第三方应用控制,与平台方可以无任何关系。In the embodiment of the present invention, when the client of the third-party application chooses to log in using a certain platform party account, such as a Baidu account, the client of the third-party application redirects the user to the login interface provided by the third-party application. The content displayed by this login interface, the style of the interface, etc. are completely controlled by the third-party application, and have nothing to do with the platform.
用户在该登录界面输入账户信息例如帐户名并触发第三方应用的客户端向第三方应用的服务器发送登录百度账号的请求,该请求中携带用户输入的帐户名;其中,该账户名可以是用户名、手机号、邮箱等。The user inputs the account information, such as the account name, and triggers the client of the third-party application to send a request for logging in to the Baidu account to the server of the third-party application, where the request carries the account name entered by the user; wherein the account name may be the user Name, mobile phone number, email address, etc.
第三方应用的服务器在接收到对应客户端的请求后,将帐户名、平台方分配给该第三方应用的唯一标识和应用密钥以及欲获取的权限信息(即第三方应用希望平台方和用户授予的访问操作权限)等数据封装在认证请求中发送给平台方服务器以获取用户的授权码。After receiving the request from the corresponding client, the server of the third-party application assigns the account name and the platform party to the unique identifier and application key of the third-party application and the permission information to be obtained (that is, the third-party application wants the platform party and the user to grant The data access encapsulation is sent to the platform side server in the authentication request to obtain the user's authorization code.
S102,对认证请求进行解析,获得解析结果,根据解析结果和预存的账号信息与长连接通道信息的对应关系与对应的应用(APP)进行交互,生成授权码,并向第三方应用的服务器发送授权码。S102: Parsing the authentication request, obtaining the parsing result, and interacting with the corresponding application (APP) according to the parsing result and the correspondence between the pre-stored account information and the long connection channel information, generating an authorization code, and sending the authorization code to the server of the third-party application. Authorization code.
平台方服务器对认证请求进行解析,获得帐户名、第三方应用信息和欲获取的权限信息,其中,第三方应用信息可以包括第三方应用的应用标识和应用密钥。The platform side server parses the authentication request, and obtains the account name, the third-party application information, and the permission information to be obtained. The third-party application information may include the application identifier and the application key of the third-party application.
在该实施例中,在根据账号信息和预存的账号信息与长连接通道信息的对应关系获得长连接通道信息之前,还可以包括:平台方服务器接收APP发送的长连接通道的建立请求,并将用户提供的账号信息添加至APP中;然后接收APP发送的账号认证请求,认证通过后,根据账号认证请求中携带的账号信息保存账号信息与长连接通道信息的对应关系,即保存账号与APP和平台方服务器所保持的长连接通道的对应关系。In this embodiment, before obtaining the long connection channel information according to the account information and the correspondence between the pre-stored account information and the long connection channel information, the method further includes: the platform side server receiving the establishment request of the long connection channel sent by the APP, and The account information provided by the user is added to the APP; and then the account authentication request sent by the APP is received. After the authentication is passed, the account information carried in the account authentication request is used to save the correspondence between the account information and the long connection channel information, that is, the account and the APP are saved. Correspondence of long connection channels maintained by the platform side server.
在该实施例中,平台方服务器通过与APP进行交互,生成授权码的过程可以为:根据账户信息获得对应的账号信息,根据账号信息和预存的账号信息与长连接通道信息的对应关系获得长连接通道信息;根据长连接通道信息向对应的应用APP发送解析结果,以使APP 向用户显示解析结果和待确认信息;用户根据解析结果和待确认信息做出选择后,向平台方服务器返回用户确认信息,平台方服务器接收APP返回的用户确认信息,当用户确认信息为同意信息时,根据解析结果生成授权码。当然,当用户确认信息为拒绝信息时,平台方服务器会向第三方应用的服务器返回错误信息。In this embodiment, the platform side server interacts with the APP, and the process of generating the authorization code may be: obtaining corresponding account information according to the account information, and obtaining a long correspondence according to the account information and the correspondence between the pre-stored account information and the long connection channel information. Connect channel information; send the parsing result to the corresponding application APP according to the long connection channel information, so that the APP Displaying the analysis result and the information to be confirmed to the user; after the user makes a selection according to the analysis result and the to-be-confirmed information, the user returns the user confirmation information to the platform side server, and the platform side server receives the user confirmation information returned by the APP, and when the user confirms the information as the consent information At the time, an authorization code is generated based on the analysis result. Of course, when the user confirms that the information is a rejection information, the platform side server returns an error message to the server of the third party application.
S103,接收第三方应用的服务器发送的包含授权码的信息获取请求,根据信息获取请求向第三方应用的服务器返回对应的用户信息,以使第三方应用的服务器根据对应的用户信息完成认证过程。S103. Receive an information acquisition request that includes an authorization code sent by a server of the third-party application, and return a corresponding user information to the server of the third-party application according to the information acquisition request, so that the server of the third-party application completes the authentication process according to the corresponding user information.
第三方应用的服务器根据授权码向平台方服务器获取当前登录用户的基本信息,如用户标识、用户名等,以完成使用平台方账号登录本应用的过程。The server of the third-party application obtains the basic information of the currently logged-in user, such as the user identifier and the user name, from the platform-side server according to the authorization code, to complete the process of logging in to the application by using the platform-side account.
本发明实施例的认证的授权方法,接收包含用户在第三方应用提供的登录界面上输入的账户信息的认证请求,对认证请求进行解析,并通过与对应的应用进行交互获得授权码,然后根据授权码向第三方应用的服务器返回用户信息以完成用户使用平台方账号登录的过程,做到了用户登录界面完全由第三方应用或站点来提供,同时又能充分保证用户账号和数据的安全性;从而可以实现多种形态的登录,使得用户不需要注册和管理多个网站的登录账号,只需通过一个开放平台的注册账号,经过授权即可访问多个网站,为用户提供了方便,而且实现简单。The authentication authorization method of the embodiment of the present invention receives an authentication request including account information input by a user on a login interface provided by a third-party application, parses the authentication request, and obtains an authorization code by interacting with the corresponding application, and then according to The authorization code returns the user information to the server of the third-party application to complete the process of the user login using the platform party account, so that the user login interface is completely provided by the third-party application or the site, and the user account and data security can be fully ensured; Therefore, multiple forms of login can be implemented, so that the user does not need to register and manage the login accounts of multiple websites, and only through an open platform registration account can access multiple websites after authorization, which provides convenience for the user and realizes simple.
下面以图2所示的信令流程图为例对本发明实施例的技术方案进行详细描述。The technical solution of the embodiment of the present invention is described in detail below by taking the signaling flowchart shown in FIG. 2 as an example.
如图2所示,该认证的授权过程包括以下步骤:As shown in Figure 2, the authorization process of the authentication includes the following steps:
S201,APP与平台方服务器建立并保持一个长连接通道。S201, the APP establishes and maintains a long connection channel with the platform side server.
用户在其移动设备上启动APP后,APP就在后台与平台方服务器建立并保持一个长连接通道,之后如果该长连接通道因为某些原因而中断,APP会按照一定策略与平台方服务器重新建立一个新的长连接通道。After the user starts the APP on his mobile device, the APP establishes and maintains a long connection channel with the platform side server in the background. If the long connection channel is interrupted for some reason, the APP will re-establish with the platform side server according to a certain policy. A new long connection channel.
S202,平台方服务器将用户提供的账号信息添加至APP中。S202. The platform side server adds the account information provided by the user to the APP.
用户将其在平台方注册的用户账号添加到APP的账号管理模块中,移动设备具有一定的私密性,加上目前的主流移动设备系统都还比较安全(没有那么多猖獗的木马病毒),以及登录过程是在平台方自己的APP里进行,因此这个过程是安全的。The user adds the user account registered in the platform to the account management module of the APP, the mobile device has certain privacy, and the current mainstream mobile device system is relatively safe (not so many trojan viruses), and The login process is done in the platform's own app, so this process is safe.
S203,平台方服务器保存账号与APP和平台方服务器所保持的长连接通道的对应关系。S203. The platform side server saves the correspondence between the account and the long connection channel maintained by the APP and the platform side server.
平台方服务器在认证APP发送的账号认证请求时,如果认证通过,则将账号与APP跟平台方服务器所保持的长连接通道的对应关系进行保存。When the platform side server authenticates the account authentication request sent by the APP, if the authentication is passed, the correspondence between the account and the APP and the long connection channel maintained by the platform server is saved.
S204,第三方应用的客户端接收用户在第三方应用提供的登录界面上输入的账户信息。S204. The client of the third-party application receives the account information input by the user on the login interface provided by the third-party application.
用户在第三方应用的客户端选择用百度账号登录时,第三方应用的客户端将用户重定向到由第三方应用提供的登录界面上,此登录界面展现的内容、界面样式风格等完全由第 三方应用控制,与平台方可以无任何关系。When the user of the third-party application chooses to log in with the Baidu account, the client of the third-party application redirects the user to the login interface provided by the third-party application. The content and interface style of the login interface are completely Three-party application control can have nothing to do with the platform.
S205,第三方应用的客户端向第三方应用的服务器发送登录百度账号的请求。S205. The client of the third-party application sends a request for logging in to the Baidu account to the server of the third-party application.
用户在登录界面上输入帐户名(可以是用户名、手机号、邮箱等)并触发第三方应用的客户端向第三方应用的服务器发送登录百度账号的请求,该请求中可以携带用户输入的帐户名。The user enters an account name (which may be a user name, a mobile phone number, a mailbox, etc.) on the login interface, and triggers the client of the third-party application to send a request for logging in to the Baidu account to the server of the third-party application, where the request may carry the account entered by the user. name.
S206,第三方应用的服务器向平台方服务器发送认证请求,该认证请求中携带账户信息、第三方应用信息和欲获取的权限信息。S206. The server of the third-party application sends an authentication request to the platform-side server, where the authentication request carries account information, third-party application information, and permission information to be acquired.
第三方应用的服务器将帐户名、平台方分配给第三方应用的应用标识和应用密钥、第三方应用希望平台方和用户授予的访问操作权限等数据发送给平台方服务器以获取用户授权码。The server of the third-party application sends the account name, the application identifier and the application key of the platform party to the third-party application, and the access operation authority granted by the third-party application to the platform party and the user to the platform server to obtain the user authorization code.
S207,平台方服务器根据第三方应用的应用标识及应用密钥认证第三方应用的有效性,若无效则返回相应错误信息,否则转向步骤S208。S207. The platform side server authenticates the validity of the third-party application according to the application identifier and the application key of the third-party application. If invalid, returns the corresponding error information, otherwise, the process proceeds to step S208.
S208,平台方服务器根据帐户名获取对应的用户账号信息,若账号不存在,则返回相应错误信息,否则,转向步骤S209。S208. The platform side server obtains corresponding user account information according to the account name. If the account number does not exist, the corresponding error information is returned. Otherwise, the process proceeds to step S209.
S209,平台方服务器根据账号信息获取与之对应的平台方服务器和APP之间的长连接通道,若长连接通道不存在,则返回相应错误信息,否则,转向步骤S210。S209. The platform side server obtains a long connection channel between the platform side server and the APP corresponding to the account information. If the long connection channel does not exist, the corresponding error information is returned. Otherwise, the process proceeds to step S210.
S210,平台方服务器将用户账号信息、第三方应用信息、第三方应用希望获取的访问操作权限信息等数据通过长连接通道发送到用户的APP上。S210: The platform side server sends the user account information, the third-party application information, and the access operation authority information that the third-party application wants to obtain, to the user's APP through the long connection channel.
S211,APP将用户账号信息、第三方应用信息及第三方应用希望获取的访问操作权限信息等按照一定方式展示给用户,并征询用户是否同意以账号身份登录第三方应用并给第三方应用授予访问操作权限,并在用户做出选择后将用户确认信息返回给平台方服务器。S211: The APP displays the user account information, the third-party application information, and the access operation authority information that the third-party application wants to obtain to the user in a certain manner, and asks whether the user agrees to log in to the third-party application as an account and grants access to the third-party application. Operation authority, and return the user confirmation information to the platform side server after the user makes a selection.
S212,若用户确认信息为同意信息,则生成授权码并返回给第三方应用的服务器,若用户确认信息为拒绝信息,则返回错误信息。S212. If the user confirms that the information is the consent information, the authorization code is generated and returned to the server of the third-party application, and if the user confirms that the information is the rejection information, an error message is returned.
若用户选择不同意,则平台方服务器返回相应错误信息给第三方应用的服务器,否则,根据用户账号信息、第三方应用信息、第三方应用希望获取的访问操作权限信息生成一个授权码,并将授权码返回给第三方应用的服务器。If the user chooses to disagree, the platform side server returns a corresponding error message to the server of the third-party application, otherwise, an authorization code is generated according to the user account information, the third-party application information, and the access operation authority information that the third-party application wants to obtain, and The authorization code is returned to the server of the third-party application.
S213,第三方应用的服务器通过授权码从平台方服务器获取用户的基本信息或错误信息,并根据用户的基本信息完成认证过程。S213. The server of the third-party application obtains basic information or error information of the user from the platform side server by using an authorization code, and completes the authentication process according to the basic information of the user.
若第三方应用的服务器接收到的平台方服务器的返回结果是错误信息,则将相应错误信息返回给第三方应用的客户端,并由客户端为用户做相应的提示和引导,否则,根据授权码向平台方服务器获取当前登录用户的基本信息,如用户标识、用户名等,以完成使用平台方账号登录本应用的过程。 If the result of the platform-side server received by the server of the third-party application is an error message, the corresponding error message is returned to the client of the third-party application, and the client prompts and guides the user for the corresponding, otherwise, according to the authorization The code obtains the basic information of the currently logged-in user, such as the user ID and the user name, to complete the process of logging in to the application using the platform party account.
本发明实施例的认证的授权方法,通过平台方服务器、APP、第三方应用的客户端和第三方应用的服务器之间的交互,可以实现多种形态的登录,使得用户不需要注册和管理多个网站的登录账号,只需通过一个平台的注册账号,经过授权即可访问多个网站,为用户提供了方便,而且实现简单。In the authentication authorization method of the embodiment of the present invention, multiple forms of login can be implemented through interaction between the platform side server, the APP, the client of the third-party application, and the server of the third-party application, so that the user does not need to register and manage more. The login account of each website can access multiple websites through authorization through a registered account of a platform, which provides convenience for the user and is simple to implement.
图3是根据本发明一个实施例的认证的授权装置的结构示意图,该授权装置位于平台方服务器中。3 is a block diagram showing the structure of an authentication device for authentication, which is located in a platform side server, in accordance with one embodiment of the present invention.
如图3所示,该授权装置包括接收模块31、处理模块32和授权模块33。As shown in FIG. 3, the authorization device includes a receiving module 31, a processing module 32, and an authorization module 33.
其中,接收模块31用于接收第三方应用的服务器发送的认证请求,认证请求中携带用户在第三方应用提供的登录界面上输入的账户信息、第三方应用信息和欲获取的权限信息。The receiving module 31 is configured to receive an authentication request sent by a server of a third-party application, where the authentication request carries account information, third-party application information, and permission information to be obtained, which are input by the user on the login interface provided by the third-party application.
在本发明的实施例中,用户在第三方应用的客户端选择使用某一平台方账号例如百度账号登录时,第三方应用的客户端将用户重定向到由第三方应用提供的登录界面上,此登录界面展现的内容、界面样式风格等完全由第三方应用控制,与平台方可以无任何关系。用户在该登录界面输入账户信息例如帐户名并触发第三方应用的客户端向第三方应用的服务器发送登录百度账号的请求,该请求中携带用户输入的帐户名;其中,该账户名可以是用户名、手机号、邮箱等。第三方应用的服务器在接收到对应客户端的请求后,将帐户名、平台方分配给该第三方应用的唯一标识和应用密钥以及欲获取的权限信息(即第三方应用希望平台方和用户授予的访问操作权限)等数据封装在认证请求中发送给平台方服务器以获取用户的授权码。In the embodiment of the present invention, when the client of the third-party application chooses to log in using a certain platform party account, such as a Baidu account, the client of the third-party application redirects the user to the login interface provided by the third-party application. The content displayed by this login interface, the style of the interface, etc. are completely controlled by the third-party application, and have nothing to do with the platform. The user inputs the account information, such as the account name, and triggers the client of the third-party application to send a request for logging in to the Baidu account to the server of the third-party application, where the request carries the account name entered by the user; wherein the account name may be the user Name, mobile phone number, email address, etc. After receiving the request from the corresponding client, the server of the third-party application assigns the account name and the platform party to the unique identifier and application key of the third-party application and the permission information to be obtained (that is, the third-party application wants the platform party and the user to grant The data access encapsulation is sent to the platform side server in the authentication request to obtain the user's authorization code.
其中,处理模块32用于对认证请求进行解析,获得解析结果,根据解析结果和预存的账号信息与长连接通道信息的对应关系与对应的应用APP进行交互,生成授权码,并向第三方应用的服务器发送授权码。The processing module 32 is configured to parse the authentication request, obtain the parsing result, and interact with the corresponding application APP according to the parsing result and the correspondence between the pre-stored account information and the long connection channel information, generate an authorization code, and apply to the third party. The server sends an authorization code.
具体地,处理模块32可以用于:根据解析结果中的账户信息获得对应的账号信息,根据账号信息和预存的账号信息与长连接通道信息的对应关系获得长连接通道信息;根据长连接通道信息向对应的应用APP发送解析结果,以使APP向用户显示解析结果和待确认信息;接收APP返回的用户确认信息,当用户确认信息为同意信息时,根据解析结果生成授权码。更具体地,处理模块32可以在根据第三方应用信息确定第三方应用有效后,根据账户信息获得对应的账号信息。另外,当用户确认信息为拒绝信息时,处理模块32还可以向第三方应用的服务器返回错误信息,以使第三方应用的服务器向第三方应用的客户端返回错误信息。Specifically, the processing module 32 may be configured to: obtain corresponding account information according to the account information in the analysis result, obtain long connection channel information according to the account information and the correspondence between the pre-stored account information and the long connection channel information; and according to the long connection channel information Sending the parsing result to the corresponding application APP, so that the APP displays the parsing result and the to-be-confirmed information to the user; receiving the user confirmation information returned by the APP, and when the user confirms that the information is the consent information, generating an authorization code according to the parsing result. More specifically, the processing module 32 may obtain corresponding account information according to the account information after determining that the third-party application is valid according to the third-party application information. In addition, when the user confirms that the information is the rejection information, the processing module 32 may also return an error message to the server of the third-party application, so that the server of the third-party application returns the error information to the client of the third-party application.
其中,授权模块33用于接收第三方应用的服务器发送的包含授权码的信息获取请求,根据信息获取请求向第三方应用的服务器返回对应的用户信息,以使第三方应用的服务器根据对应的用户信息完成认证过程。 The authorization module 33 is configured to receive an information acquisition request that includes an authorization code sent by a server of the third-party application, and return the corresponding user information to the server of the third-party application according to the information acquisition request, so that the server of the third-party application is based on the corresponding user. The information completes the certification process.
为了可以根据账号信息和预存的账号信息与长连接通道信息的对应关系获得长连接通道信息,该授权装置还可以包括:添加模块34和保存模块35,其中:添加模块34用于在处理模块32根据账号信息和预存的账号信息与长连接通道信息的对应关系获得长连接通道信息之前,接收APP发送的长连接通道的建立请求,将用户提供的账号信息添加至APP中;保存模块35用于接收APP发送的账号认证请求,根据账号认证请求中携带的账号信息保存账号信息与长连接通道信息的对应关系。In order to obtain the long connection channel information according to the account information and the corresponding relationship between the account information and the long connection channel information, the authorization device may further include: an adding module 34 and a saving module 35, wherein: the adding module 34 is used in the processing module 32. Before obtaining the long connection channel information according to the account information and the pre-stored account information and the long connection channel information, the request for establishing the long connection channel sent by the APP is received, and the account information provided by the user is added to the APP; the saving module 35 is used for The account authentication request sent by the APP is received, and the correspondence between the account information and the long connection channel information is saved according to the account information carried in the account authentication request.
包含接收模块31、处理模块32、授权模块33、添加模块34和保存模块35的授权装置的实现认证过程可参见图1和图2,此处不赘述。The implementation authentication process of the authorization device including the receiving module 31, the processing module 32, the authorization module 33, the adding module 34, and the saving module 35 can be referred to FIG. 1 and FIG. 2, and details are not described herein.
本发明实施例的认证的授权装置,通过接收模块接收包含用户在第三方应用提供的登录界面上输入的账户信息的认证请求,通过处理模块对认证请求进行解析,并通过与对应的应用进行交互获得授权码,然后通过授权模块向第三方应用的服务器返回用户信息以完成用户使用平台方账号登录的过程,做到了用户登录界面完全由第三方应用或站点来提供,同时又能充分保证用户账号和数据的安全性;从而可以实现多种形态的登录,使得用户不需要注册和管理多个网站的登录账号,只需通过一个开放平台的注册账号,经过授权即可访问多个网站,为用户提供了方便,而且实现简单。The authentication device of the embodiment of the present invention receives the authentication request including the account information input by the user on the login interface provided by the third-party application, and the processing module parses the authentication request and interacts with the corresponding application. Obtain an authorization code, and then return the user information to the server of the third-party application through the authorization module to complete the process of logging in using the platform party account, so that the user login interface is completely provided by the third-party application or the site, and the user account can be fully guaranteed. And data security; thus enabling multiple forms of login, so that users do not need to register and manage login accounts of multiple websites, just through an open platform registration account, authorized to access multiple websites for users It is convenient and easy to implement.
另外,本发明实施例还提供了一种认证的授权系统,如图4所示,该系统包括第三方应用的客户端41、第三方应用的服务器42、运行在移动终端上的APP43和平台方服务器44,其中:In addition, an embodiment of the present invention further provides an authentication authorization system. As shown in FIG. 4, the system includes a client 41 of a third-party application, a server 42 of a third-party application, an APP 43 and a platform side running on the mobile terminal. Server 44, wherein:
第三方应用的客户端41用于接收用户在第三方应用提供的登录界面上输入的账户信息,并向第三方应用的服务器发送账户信息;第三方应用的服务器42用于向平台方服务器发送认证请求,认证请求中携带账户信息、第三方应用信息和欲获取的权限信息;接收平台方服务器发送的授权码;向平台方服务器发送包含授权码的信息获取请求,并接收平台方服务器返回的对应的用户信息,根据对应的用户信息完成认证过程;APP43用于与平台方服务器进行交互;平台方服务器44包括图3所示的认证的授权装置。The client 41 of the third-party application is configured to receive the account information input by the user on the login interface provided by the third-party application, and send the account information to the server of the third-party application; the server 42 of the third-party application is configured to send the authentication to the platform-side server. The request, the authentication request carries the account information, the third-party application information, and the permission information to be acquired; receives the authorization code sent by the platform side server; sends an information acquisition request including the authorization code to the platform side server, and receives the corresponding information returned by the platform side server. The user information completes the authentication process according to the corresponding user information; the APP 43 is used to interact with the platform side server; the platform side server 44 includes the authenticated authorization device shown in FIG.
具体地,APP43可以用于:接收平台方服务器44发送的解析结果,并向用户显示解析结果和待确认信息,并向平台方服务器44发送用户确认信息。Specifically, the APP 43 may be configured to: receive the parsing result sent by the platform side server 44, display the parsing result and the to-be-confirmed information to the user, and send the user confirming information to the platform side server 44.
另外,APP43还可以用于:在接收平台方服务器发送的解析结果之前,向平台方服务器发送长连接通道的建立请求,添加平台方服务器发送的账号信息,并向平台方服务器发送携带账号信息的账号认证请求。In addition, the APP 43 may be further configured to: before receiving the parsing result sent by the platform side server, send a request for establishing a long connection channel to the platform side server, add the account information sent by the platform side server, and send the account information to the platform side server. Account authentication request.
进一步地,第三方应用的服务器44还可以用于:接收平台方服务器发送的错误信息,并向客户端返回错误信息。Further, the server 44 of the third-party application may be further configured to: receive error information sent by the platform-side server, and return an error message to the client.
上述第三方应用的客户端41、第三方应用的服务器42、运行在移动终端上的APP43和 平台方服务器44之间的交互过程如图2所示,此处不赘述。The client 41 of the third-party application, the server 42 of the third-party application, the APP 43 running on the mobile terminal, and The interaction process between the platform side servers 44 is as shown in FIG. 2, and details are not described herein.
上述移动终端可以为手机、平板电脑等设备,上述第三方应用可以运行在计算机(PC)、智能电视、可穿戴设备等设备上。The mobile terminal may be a device such as a mobile phone or a tablet computer, and the third-party application may run on a computer (PC), a smart TV, a wearable device, or the like.
本发明实施例的认证的授权系统,通过第三方应用的客户端、第三方应用的服务器、运行在移动终端上的APP和平台方服务器之间的交互,可以实现多种形态的登录,使得用户不需要注册和管理多个网站的登录账号,只需通过一个开放平台的注册账号,经过授权即可访问多个网站,为用户提供了方便,而且实现简单。The authentication authorization system of the embodiment of the present invention can implement multiple forms of login through the interaction between the client of the third-party application, the server of the third-party application, the APP running on the mobile terminal, and the platform-side server, so that the user is enabled. You don't need to register and manage the login accounts of multiple websites. You only need to access multiple websites through an open platform registration account, which provides users with convenience and simple implementation.
为了实现上述实施例,本发明还提出了一种存储介质,用于存储应用程序,该应用程序用于执行本发明任一项实施例所述的认证的授权方法。In order to implement the above embodiments, the present invention also provides a storage medium for storing an application for performing an authentication method of authentication according to any of the embodiments of the present invention.
应当理解,本发明的各部分可以用硬件、软件、固件或它们的组合来实现。在上述实施方式中,多个步骤或方法可以用存储在存储器中且由合适的指令执行系统执行的软件或固件来实现。例如,如果用硬件来实现,和在另一实施方式中一样,可用本领域公知的下列技术中的任一项或他们的组合来实现:具有用于对数据信号实现逻辑功能的逻辑门电路的离散逻辑电路,具有合适的组合逻辑门电路的专用集成电路,可编程门阵列(PGA),现场可编程门阵列(FPGA)等。It should be understood that portions of the invention may be implemented in hardware, software, firmware or a combination thereof. In the above-described embodiments, multiple steps or methods may be implemented in software or firmware stored in a memory and executed by a suitable instruction execution system. For example, if implemented in hardware, as in another embodiment, it can be implemented by any one or combination of the following techniques well known in the art: having logic gates for implementing logic functions on data signals. Discrete logic circuits, application specific integrated circuits with suitable combinational logic gates, programmable gate arrays (PGAs), field programmable gate arrays (FPGAs), etc.
在本说明书的描述中,参考术语“一个实施例”、“一些实施例”、“示例”、“具体示例”、或“一些示例”等的描述意指结合该实施例或示例描述的具体特征、结构、材料或者特点包含于本发明的多个实施例或示例中。在本说明书中,对上述术语的示意性表述不一定指的是相同的实施例或示例。而且,描述的具体特征、结构、材料或者特点可以在任何的一个或多个实施例或示例中以合适的方式结合。In the description of the present specification, the description with reference to the terms "one embodiment", "some embodiments", "example", "specific example", or "some examples" and the like means a specific feature described in connection with the embodiment or example. The structure, materials, or characteristics are included in various embodiments or examples of the invention. In the present specification, the schematic representation of the above terms does not necessarily mean the same embodiment or example. Furthermore, the particular features, structures, materials, or characteristics described may be combined in a suitable manner in any one or more embodiments or examples.
尽管已经示出和描述了本发明的实施例,本领域的普通技术人员可以理解:在不脱离本发明的原理和宗旨的情况下可以对这些实施例进行多种变化、修改、替换和变型,本发明的范围由权利要求及其等同物限定。 While the embodiments of the present invention have been shown and described, the embodiments of the invention may The scope of the invention is defined by the claims and their equivalents.

Claims (15)

  1. 一种认证的授权方法,其特征在于,所述方法包括:An authentication authorization method, characterized in that the method comprises:
    接收第三方应用的服务器发送的认证请求,所述认证请求中携带用户在第三方应用提供的登录界面上输入的账户信息、第三方应用信息和欲获取的权限信息;Receiving an authentication request sent by a server of the third-party application, where the authentication request carries account information, third-party application information, and permission information to be obtained, which are input by the user on the login interface provided by the third-party application;
    对所述认证请求进行解析,获得解析结果,根据所述解析结果和预存的账号信息与长连接通道信息的对应关系与对应的应用APP进行交互,生成授权码,并向所述第三方应用的服务器发送所述授权码;以及Parsing the authentication request, obtaining an analysis result, and interacting with the corresponding application APP according to the analysis result and the correspondence between the pre-stored account information and the long connection channel information, generating an authorization code, and applying the authorization code to the third party The server sends the authorization code;
    接收所述第三方应用的服务器发送的包含所述授权码的信息获取请求,根据所述信息获取请求向所述第三方应用的服务器返回对应的用户信息,以使所述第三方应用的服务器根据所述对应的用户信息完成认证过程。Receiving, by the server of the third-party application, an information acquisition request that includes the authorization code, and returning corresponding user information to the server of the third-party application according to the information acquisition request, so that the server of the third-party application is configured according to The corresponding user information completes the authentication process.
  2. 根据权利要求1所述的方法,其特征在于,所述根据所述解析结果和预存的账号信息与长连接通道信息的对应关系与对应的应用APP进行交互,生成授权码,包括:The method according to claim 1, wherein the interaction between the parsing result and the pre-stored account information and the long connection channel information and the corresponding application APP generates an authorization code, including:
    根据所述解析结果中的账户信息获得对应的账号信息,根据所述账号信息和预存的账号信息与长连接通道信息的对应关系获得所述长连接通道信息;Obtaining the corresponding account information according to the account information in the parsing result, and obtaining the long connection channel information according to the account information and the correspondence between the pre-stored account information and the long connection channel information;
    根据所述长连接通道信息向对应的应用APP发送所述解析结果,以使所述APP向所述用户显示所述解析结果和待确认信息;And sending the parsing result to the corresponding application APP according to the long connection channel information, so that the APP displays the parsing result and the to-be-confirmed information to the user;
    接收所述APP返回的用户确认信息,当所述用户确认信息为同意信息时,根据所述解析结果生成授权码。Receiving the user confirmation information returned by the APP, when the user confirmation information is the consent information, generating an authorization code according to the analysis result.
  3. 根据权利要求2所述的方法,其特征在于,在所述根据所述账号信息和预存的账号信息与长连接通道信息的对应关系获得所述长连接通道信息之前,还包括:The method according to claim 2, wherein before the obtaining the long connection channel information according to the account information and the correspondence between the pre-stored account information and the long connection channel information, the method further includes:
    接收APP发送的长连接通道的建立请求,将用户提供的账号信息添加至所述APP中;Receiving a request for establishing a long connection channel sent by the APP, and adding account information provided by the user to the APP;
    接收所述APP发送的账号认证请求,根据所述账号认证请求中携带的账号信息保存所述账号信息与长连接通道信息的对应关系。Receiving an account authentication request sent by the APP, and storing a correspondence between the account information and the long connection channel information according to the account information carried in the account authentication request.
  4. 根据权利要求2所述的方法,其特征在于,所述根据所述解析结果中的账户信息获得对应的账号信息包括:The method according to claim 2, wherein the obtaining the corresponding account information according to the account information in the parsing result comprises:
    根据所述第三方应用信息确定所述第三方应用有效后,根据所述账户信息获得对应的账号信息。After determining that the third-party application is valid according to the third-party application information, obtaining corresponding account information according to the account information.
  5. 根据权利要求2所述的方法,其特征在于,在所述接收所述APP返回的用户确认信息之后,还包括:The method according to claim 2, after the receiving the user confirmation information returned by the APP, further comprising:
    当所述用户确认信息为拒绝信息时,向所述第三方应用的服务器返回错误信息,以使所述第三方应用的服务器向所述第三方应用的客户端返回所述错误信息。 When the user confirmation information is the rejection information, the error information is returned to the server of the third-party application, so that the server of the third-party application returns the error information to the client of the third-party application.
  6. 一种认证的授权装置,其特征在于,所述装置包括:An authentication authorization device, characterized in that the device comprises:
    接收模块,用于接收第三方应用的服务器发送的认证请求,所述认证请求中携带用户在第三方应用提供的登录界面上输入的账户信息、第三方应用信息和欲获取的权限信息;a receiving module, configured to receive an authentication request sent by a server of a third-party application, where the authentication request carries account information, third-party application information, and permission information to be obtained, which are input by the user on a login interface provided by the third-party application;
    处理模块,用于对所述认证请求进行解析,获得解析结果,根据所述解析结果和预存的账号信息与长连接通道信息的对应关系与对应的应用APP进行交互,生成授权码,并向所述第三方应用的服务器发送所述授权码;以及The processing module is configured to parse the authentication request, obtain an analysis result, and interact with the corresponding application APP according to the parsing result and the corresponding relationship between the pre-stored account information and the long connection channel information to generate an authorization code, and generate an authorization code. Transmitting, by the server of the third-party application, the authorization code;
    授权模块,用于接收所述第三方应用的服务器发送的包含所述授权码的信息获取请求,根据所述信息获取请求向所述第三方应用的服务器返回对应的用户信息,以使所述第三方应用的服务器根据所述对应的用户信息完成认证过程。An authorization module, configured to receive an information acquisition request that is sent by the server of the third-party application and that includes the authorization code, and return corresponding user information to the server of the third-party application according to the information acquisition request, so that the first The server of the three-party application completes the authentication process according to the corresponding user information.
  7. 根据权利要求6所述的装置,其特征在于,所述处理模块,具体用于:The device according to claim 6, wherein the processing module is specifically configured to:
    根据所述解析结果中的账户信息获得对应的账号信息,根据所述账号信息和预存的账号信息与长连接通道信息的对应关系获得所述长连接通道信息;Obtaining the corresponding account information according to the account information in the parsing result, and obtaining the long connection channel information according to the account information and the correspondence between the pre-stored account information and the long connection channel information;
    根据所述长连接通道信息向对应的应用APP发送所述解析结果,以使所述APP向所述用户显示所述解析结果和待确认信息;And sending the parsing result to the corresponding application APP according to the long connection channel information, so that the APP displays the parsing result and the to-be-confirmed information to the user;
    接收所述APP返回的用户确认信息,当所述用户确认信息为同意信息时,根据所述解析结果生成授权码。Receiving the user confirmation information returned by the APP, when the user confirmation information is the consent information, generating an authorization code according to the analysis result.
  8. 根据权利要求7所述的装置,其特征在于,还包括:The device according to claim 7, further comprising:
    添加模块,用于在所述处理模块根据所述账号信息和预存的账号信息与长连接通道信息的对应关系获得所述长连接通道信息之前,接收APP发送的长连接通道的建立请求,将用户提供的账号信息添加至所述APP中;Adding a module, before the processing module obtains the long connection channel information according to the account information and the correspondence between the pre-stored account information and the long connection channel information, receiving a request for establishing a long connection channel sent by the APP, and the user is requested The provided account information is added to the APP;
    保存模块,用于接收所述APP发送的账号认证请求,根据所述账号认证请求中携带的账号信息保存所述账号信息与长连接通道信息的对应关系。The saving module is configured to receive an account authentication request sent by the APP, and save the correspondence between the account information and the long connection channel information according to the account information carried in the account authentication request.
  9. 根据权利要求8所述的装置,其特征在于,所述处理模块,具体用于:The device according to claim 8, wherein the processing module is specifically configured to:
    根据所述第三方应用信息确定所述第三方应用有效后,根据所述账户信息获得对应的账号信息。After determining that the third-party application is valid according to the third-party application information, obtaining corresponding account information according to the account information.
  10. 根据权利要求6所述的装置,其特征在于,所述处理模块,还用于:在所述接收所述APP返回的用户确认信息之后,当所述用户确认信息为拒绝信息时,向所述第三方应用的服务器返回错误信息,以使所述第三方应用的服务器向所述第三方应用的客户端返回所述错误信息。The device according to claim 6, wherein the processing module is further configured to: after receiving the user confirmation information returned by the APP, when the user confirmation information is a rejection information, to the The server of the third party application returns an error message to cause the server of the third party application to return the error information to the client of the third party application.
  11. 一种认证的授权系统,其特征在于,所述系统包括第三方应用的客户端、第三方应用的服务器、运行在移动终端上的应用APP和平台方服务器,其中:An authentication authorization system, characterized in that the system comprises a client of a third-party application, a server of a third-party application, an application APP running on the mobile terminal, and a platform-side server, wherein:
    所述第三方应用的客户端,用于接收用户在第三方应用提供的登录界面上输入的账户 信息,并向所述第三方应用的服务器发送所述账户信息;a client of the third-party application, configured to receive an account entered by a user on a login interface provided by a third-party application Information and transmitting the account information to a server of the third party application;
    所述第三方应用的服务器,用于向所述平台方服务器发送认证请求,所述认证请求中携带所述账户信息、第三方应用信息和欲获取的权限信息;接收所述平台方服务器发送的授权码;向所述平台方服务器发送包含所述授权码的信息获取请求,并接收所述平台方服务器返回的对应的用户信息,根据所述对应的用户信息完成认证过程;The server of the third-party application is configured to send an authentication request to the platform-side server, where the authentication request carries the account information, third-party application information, and permission information to be acquired; and receives the sent by the platform-side server. Sending an information acquisition request including the authorization code to the platform side server, and receiving corresponding user information returned by the platform side server, and completing an authentication process according to the corresponding user information;
    所述APP,用于与所述平台方服务器进行交互;The APP is configured to interact with the platform side server;
    所述平台方服务器包括如权利要求6-10任一权利要求所述的认证的授权装置。The platform side server includes the authenticated authorization device of any of claims 6-10.
  12. 根据权利要求11所述的系统,其特征在于,所述APP,具体用于:接收所述平台方服务器发送的所述解析结果,并向所述用户显示所述解析结果和待确认信息,并向所述平台方服务器发送用户确认信息。The system according to claim 11, wherein the APP is specifically configured to: receive the parsing result sent by the platform side server, and display the parsing result and the to-be-confirmed information to the user, and Sending user confirmation information to the platform side server.
  13. 根据权利要求12所述的系统,其特征在于,所述APP,还用于:在接收所述平台方服务器发送的所述解析结果之前,向所述平台方服务器发送长连接通道的建立请求,添加所述平台方服务器发送的所述账号信息,并向所述平台方服务器发送携带所述账号信息的账号认证请求。The system according to claim 12, wherein the APP is further configured to: before receiving the parsing result sent by the platform side server, send a request for establishing a long connection channel to the platform side server, Adding the account information sent by the platform side server, and sending an account authentication request carrying the account information to the platform side server.
  14. 根据权利要求11所述的系统,其特征在于,所述第三方应用的服务器,还用于:接收所述平台方服务器发送的错误信息,并向所述客户端返回所述错误信息。The system according to claim 11, wherein the server of the third-party application is further configured to: receive error information sent by the platform-side server, and return the error information to the client.
  15. 一种存储介质,其特征在于,用于存储应用程序,所述应用程序用于执行权利要求1至5中任一项所述的认证的授权方法。 A storage medium for storing an application for executing an authorization method of the authentication according to any one of claims 1 to 5.
PCT/CN2014/090427 2014-03-10 2014-11-06 Authorization method, apparatus and system for authentication WO2015135331A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201410086413.6 2014-03-10
CN201410086413.6A CN103888451B (en) 2014-03-10 2014-03-10 Authorization method, the apparatus and system of certification

Publications (1)

Publication Number Publication Date
WO2015135331A1 true WO2015135331A1 (en) 2015-09-17

Family

ID=50957171

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2014/090427 WO2015135331A1 (en) 2014-03-10 2014-11-06 Authorization method, apparatus and system for authentication

Country Status (2)

Country Link
CN (1) CN103888451B (en)
WO (1) WO2015135331A1 (en)

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105516166A (en) * 2015-12-22 2016-04-20 北京奇虎科技有限公司 Method and system for realizing login by using other account
CN105743904A (en) * 2016-03-14 2016-07-06 上海携程商务有限公司 Leakage detection method and system of user information of website
CN111049946A (en) * 2019-12-24 2020-04-21 深信服科技股份有限公司 Portal authentication method, Portal authentication system, electronic equipment and storage medium
CN112532590A (en) * 2020-11-06 2021-03-19 北京冠程科技有限公司 Software security boundary system and method
CN112953965A (en) * 2021-03-18 2021-06-11 杭州网易云音乐科技有限公司 Client login method and system, client, medium and computing device
CN113395326A (en) * 2021-05-20 2021-09-14 网易(杭州)网络有限公司 Network service-based login method, device and computer-readable storage medium
CN113904825A (en) * 2021-09-29 2022-01-07 百融至信(北京)征信有限公司 Multi-application unified access gateway method and system

Families Citing this family (34)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103888451B (en) * 2014-03-10 2017-09-26 百度在线网络技术(北京)有限公司 Authorization method, the apparatus and system of certification
CN105100030B (en) * 2014-05-23 2020-02-21 腾讯科技(北京)有限公司 Access control method, system and device
CN104113533B (en) * 2014-07-02 2017-10-27 百度在线网络技术(北京)有限公司 Log in authorization method and device
CN104168261B (en) * 2014-07-02 2018-09-07 百度在线网络技术(北京)有限公司 Dynamic password login method and device
CN104113534B (en) * 2014-07-02 2018-01-09 百度在线网络技术(北京)有限公司 The login system and method for application APP
CN104113549B (en) * 2014-07-28 2017-07-18 百度在线网络技术(北京)有限公司 A kind of platform authorization method, platform service end and applications client and system
CN104158802B (en) * 2014-07-28 2017-06-06 百度在线网络技术(北京)有限公司 A kind of platform authorization method, platform service end and applications client and system
CN104113552B (en) * 2014-07-28 2017-06-16 百度在线网络技术(北京)有限公司 A kind of platform authorization method, platform service end and applications client and system
CN105592109B (en) * 2014-10-20 2019-06-14 中国移动通信集团天津有限公司 A kind of register method, equipment and system
CN105704178B (en) * 2014-11-26 2019-12-10 腾讯科技(深圳)有限公司 Task platform access method and device
CN105721404B (en) * 2014-12-04 2019-01-29 阿里巴巴集团控股有限公司 Method for processing business and its device based on computer system
CN104869175B (en) * 2015-06-16 2018-07-27 腾讯科技(北京)有限公司 Cross-platform account resource-sharing implementation method, apparatus and system
CN106341234B (en) * 2015-07-17 2020-09-11 华为技术有限公司 Authorization method and device
CN106559384A (en) * 2015-09-25 2017-04-05 阿里巴巴集团控股有限公司 A kind of utilization public number realizes the method and device for logging in
CN105897668A (en) * 2015-10-22 2016-08-24 乐视致新电子科技(天津)有限公司 Third party account authorization method, device, server and system
CN105516163B (en) * 2015-12-18 2019-02-12 网易(杭州)网络有限公司 A kind of login method and terminal device and communication system
CN105657011B (en) * 2015-12-30 2018-11-23 东软集团股份有限公司 System integration method and device based on OAUTH technology
CN106503538A (en) * 2016-10-21 2017-03-15 武汉斗鱼网络科技有限公司 A kind of application login method and device
CN108389098B (en) * 2017-02-03 2021-02-26 北京京东尚科信息技术有限公司 Voice shopping method and system
CN107463839A (en) * 2017-08-16 2017-12-12 郑州云海信息技术有限公司 A kind of system and method for managing application program
CN107786540B (en) * 2017-09-21 2020-10-13 国家电网公司 Equipment information acquisition method and terminal equipment
CN109660487B (en) * 2017-10-10 2021-11-09 武汉斗鱼网络科技有限公司 Authorization method based on H5 webpage, storage medium, electronic device and system
CN108241980A (en) * 2018-01-02 2018-07-03 中国工商银行股份有限公司 Authorization and authentication method, system and the ebanking server of cross-terminal, Mobile Server
CN108200089B (en) * 2018-02-07 2022-06-07 腾讯云计算(北京)有限责任公司 Method, device and system for realizing information security and storage medium
CN110445745B (en) * 2018-05-02 2022-12-27 北京京东尚科信息技术有限公司 Information processing method and system, computer system and computer readable medium
CN111182015A (en) * 2018-11-12 2020-05-19 北京场景互娱传媒科技有限公司 User information acquisition and unification method and device and electronic equipment
CN110213229B (en) * 2019-04-25 2021-09-14 平安科技(深圳)有限公司 Identity authentication method, system, computer equipment and storage medium
CN110336840B (en) * 2019-08-12 2022-05-13 思必驰科技股份有限公司 Third party account registration method and system for voice conversation platform
CN110602052B (en) * 2019-08-15 2022-09-20 平安科技(深圳)有限公司 Micro-service processing method and server
CN110830263B (en) * 2019-11-06 2023-07-25 南京酷沃智行科技有限公司 Automatic login method and device for vehicle-mounted system
CN111416807B (en) * 2020-03-13 2022-06-07 苏州科达科技股份有限公司 Data acquisition method, device and storage medium
CN112380526B (en) * 2020-11-04 2021-12-10 广州市玄武无线科技股份有限公司 Authorization and authentication integration system and method based on domain model
CN113420941A (en) * 2021-07-16 2021-09-21 湖南快乐阳光互动娱乐传媒有限公司 Risk prediction method and device for user behavior
CN114979237A (en) * 2022-05-16 2022-08-30 咪咕文化科技有限公司 Long connection verification method, device, equipment and readable storage medium

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1878072A (en) * 2005-06-09 2006-12-13 腾讯科技(深圳)有限公司 Communication method and system based on group
CN102821085A (en) * 2011-11-23 2012-12-12 腾讯科技(深圳)有限公司 Third party authorization login method, open platform and system
CN103269349A (en) * 2013-06-13 2013-08-28 百度在线网络技术(北京)有限公司 Social log-in method, system and device
CN103888451A (en) * 2014-03-10 2014-06-25 百度在线网络技术(北京)有限公司 Method, device and system for certification authorization

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102238007A (en) * 2010-04-20 2011-11-09 阿里巴巴集团控股有限公司 Method, device and system for acquiring session token of user by third-party application
CN102394887B (en) * 2011-11-10 2014-07-09 杭州东信北邮信息技术有限公司 OAuth protocol-based safety certificate method of open platform and system thereof
CN102638473B (en) * 2012-05-04 2014-12-10 盛趣信息技术(上海)有限公司 User data authorization method, device and system
CN103067381B (en) * 2012-12-26 2015-11-25 百度在线网络技术(北京)有限公司 Usage platform side's account logs in the mthods, systems and devices of third party's service
CN103347002B (en) * 2013-06-13 2016-10-26 百度在线网络技术(北京)有限公司 Socialization's login method, system and device

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1878072A (en) * 2005-06-09 2006-12-13 腾讯科技(深圳)有限公司 Communication method and system based on group
CN102821085A (en) * 2011-11-23 2012-12-12 腾讯科技(深圳)有限公司 Third party authorization login method, open platform and system
CN103269349A (en) * 2013-06-13 2013-08-28 百度在线网络技术(北京)有限公司 Social log-in method, system and device
CN103888451A (en) * 2014-03-10 2014-06-25 百度在线网络技术(北京)有限公司 Method, device and system for certification authorization

Cited By (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105516166A (en) * 2015-12-22 2016-04-20 北京奇虎科技有限公司 Method and system for realizing login by using other account
CN105516166B (en) * 2015-12-22 2019-02-12 北京奇虎科技有限公司 A kind of method and system for borrowing other people accounts and realizing login
CN105743904A (en) * 2016-03-14 2016-07-06 上海携程商务有限公司 Leakage detection method and system of user information of website
CN111049946A (en) * 2019-12-24 2020-04-21 深信服科技股份有限公司 Portal authentication method, Portal authentication system, electronic equipment and storage medium
CN112532590A (en) * 2020-11-06 2021-03-19 北京冠程科技有限公司 Software security boundary system and method
CN112953965A (en) * 2021-03-18 2021-06-11 杭州网易云音乐科技有限公司 Client login method and system, client, medium and computing device
CN112953965B (en) * 2021-03-18 2022-11-01 杭州网易云音乐科技有限公司 Client login method and system, client, medium and computing device
CN113395326A (en) * 2021-05-20 2021-09-14 网易(杭州)网络有限公司 Network service-based login method, device and computer-readable storage medium
CN113395326B (en) * 2021-05-20 2023-03-24 网易(杭州)网络有限公司 Network service-based login method, device and computer-readable storage medium
CN113904825A (en) * 2021-09-29 2022-01-07 百融至信(北京)征信有限公司 Multi-application unified access gateway method and system

Also Published As

Publication number Publication date
CN103888451A (en) 2014-06-25
CN103888451B (en) 2017-09-26

Similar Documents

Publication Publication Date Title
WO2015135331A1 (en) Authorization method, apparatus and system for authentication
US11165581B2 (en) System for improved identification and authentication
US9038138B2 (en) Device token protocol for authorization and persistent authentication shared across applications
EP3162103B1 (en) Enterprise authentication via third party authentication support
EP3308525B1 (en) Single sign-on for unmanaged mobile devices
EP3047626B1 (en) Multiple resource servers with single, flexible, pluggable oauth server and oauth-protected restful oauth consent management service, and mobile application single sign on oauth service
KR101816863B1 (en) User and device authentication in enterprise systems
US10171447B2 (en) Single sign-on for unmanaged mobile devices
CN107743702B (en) Single sign-on for hosting mobile devices
US9882887B2 (en) Single sign-on for managed mobile devices
US8893255B1 (en) Device authentication using device-specific proxy addresses
US9348991B2 (en) User management of authentication tokens
US11057364B2 (en) Single sign-on for managed mobile devices
JP7225326B2 (en) Associating User Accounts with Corporate Workspaces
EP3001600B1 (en) Account login method, equipment and system
US11283793B2 (en) Securing user sessions
US20140304808A1 (en) Device-Specific Authentication Credentials
JP2022519221A (en) Methods, systems, and devices for improved multi-factor authentication in multi-app communication systems
US10148629B1 (en) User-friendly multifactor authentication
WO2023069854A1 (en) Limiting discovery of a protected resource in a zero trust access model
US10756899B2 (en) Access to software applications
EP3232695B1 (en) Provisioning enterprise services
WO2023056285A1 (en) External identity provider as a domain resource
AU2014101079A4 (en) Secure communication method

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 14885160

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 14885160

Country of ref document: EP

Kind code of ref document: A1