WO2021208744A1 - Authorized login for application program - Google Patents

Authorized login for application program Download PDF

Info

Publication number
WO2021208744A1
WO2021208744A1 PCT/CN2021/084644 CN2021084644W WO2021208744A1 WO 2021208744 A1 WO2021208744 A1 WO 2021208744A1 CN 2021084644 W CN2021084644 W CN 2021084644W WO 2021208744 A1 WO2021208744 A1 WO 2021208744A1
Authority
WO
WIPO (PCT)
Prior art keywords
application
authorization
server
sdk
authentication
Prior art date
Application number
PCT/CN2021/084644
Other languages
French (fr)
Chinese (zh)
Inventor
王坤
丁靓子
杨孝强
Original Assignee
支付宝(杭州)信息技术有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 支付宝(杭州)信息技术有限公司 filed Critical 支付宝(杭州)信息技术有限公司
Publication of WO2021208744A1 publication Critical patent/WO2021208744A1/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • G06F21/107License processing; Key processing
    • G06F21/1078Logging; Metering
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/448Execution paradigms, e.g. implementations of programming paradigms
    • G06F9/4482Procedural
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/46Multiprogramming arrangements
    • G06F9/54Interprogram communication
    • G06F9/543User-generated data transfer, e.g. clipboards, dynamic data exchange [DDE], object linking and embedding [OLE]

Definitions

  • This document relates to the field of Internet technology, and in particular to an authorized login method, device and system for application programs.
  • the prior art provides a way to quickly log in using open authorization.
  • Third-party applications specifically, allow users to authorize third-party applications to access their account and password for login, so that when the target application is in the login state, the user can authorize the account and password to the third-party application to enable the third party
  • the application completes quick login based on the account and password.
  • the purpose of one or more embodiments of this specification is to provide an authorized login method for an application program.
  • the authorized login method of the application includes: after detecting the authorized login request, the first application invokes the pre-integrated preset software development kit SDK of the second application, and the authorized login request includes an account that is authorized to use the second application.
  • the first application obtains the authentication credential for requesting authorization to log in from the second application through the SDK and using the preset inter-process communication method; the first application passes all The SDK sends the authentication credential to the second server corresponding to the second application, so that the second server verifies whether the authentication credential is legal, and when it is determined that the authentication credential is legal Return the authorization data information; the first application renders the corresponding authorization confirmation page based on the received authorization data information through the SDK; after receiving the user's confirmation information for the authorization confirmation page, triggers the The first server corresponding to the first application executes a corresponding authorized login operation for the first application.
  • the purpose of one or more embodiments of this specification is to provide an authorized login method for an application program.
  • the authorization login method of the application includes: the second server corresponding to the second application receives the authentication credential sent by the first application through the pre-integrated preset software development kit SDK of the second application, wherein the The authentication credential is obtained by the first application from the second application by invoking the SDK and using a preset inter-process communication method; the second server verifies the legality of the authentication credential to obtain the corresponding Legality verification result; if the legality verification result is that the authentication voucher is valid, return authorization data information to the first application, so that the first application renders based on the authorization data information through the SDK Corresponding authorization confirmation page, and trigger the first server corresponding to the first application to perform a corresponding authorization login operation for the first application.
  • the purpose of one or more embodiments of this specification is to provide an authorized login device for application programs.
  • the authorization login device of the application program includes: an SDK calling module, which after detecting the authorization login request, the first application calls the pre-integrated preset software development kit SDK of the second application, and the authorization login request includes open authorization to use A request for the account information of the second application to log in to the first application; an authentication credential obtaining module, the first application of which obtains from the second application through the SDK and using a preset inter-process communication method for requesting authorization to log in The authentication certificate; the authentication certificate sending module, the first application of which sends the authentication certificate to the second server corresponding to the second application through the SDK, so that the second server can verify Verifying whether the authentication certificate is legal, and returning authorization data information when it is determined that the authentication certificate is legal; an authorization page rendering module, whose first application passes through the SDK, based on the received authorization data information, Render the corresponding authorization confirmation page; the application authorization login module triggers the first server corresponding to the
  • the purpose of one or more embodiments of this specification is to provide an authorized login device for application programs.
  • the authorization login device of the application includes: an authentication credential receiving module, the second server corresponding to the second application of the second application receives the authentication sent by the first application through the pre-integrated preset software development kit SDK of the second application.
  • the authentication certificate wherein the authentication certificate is obtained by the first application from the second application by invoking the SDK and using a preset inter-process communication mode; the authentication certificate verification module, the second server Perform a legality check on the authentication voucher to obtain a corresponding legality verification result; an authorization information sending module, if the legality verification result is that the authentication voucher is legal, it returns an authorization to the first application Data information, so that the first application renders the corresponding authorization confirmation page based on the authorization data information through the SDK, and triggers the first server corresponding to the first application to perform corresponding authorization for the first application Login operation.
  • the purpose of one or more embodiments of this specification is to provide an authorized login system for application programs.
  • the authorized login system of the application includes a client, a first server corresponding to the first application, and a second server corresponding to the second application.
  • the client is installed with the first application and the second application.
  • the first application after detecting the authorization login request, invokes the pre-integrated preset software development kit SDK of the second application, the authorization login request includes the authorization to use the account information of the second application to log in to the first application Request; and, through the SDK and using a preset inter-process communication method, to obtain an authentication credential for requesting authorized login from the second application.
  • the second server receives the authentication certificate sent by the first application through the SDK, verifies whether the authentication certificate is legal, and sends the authentication certificate to the first application when it is determined that the authentication certificate is legal.
  • the application returns the authorization data information.
  • the first application receives the authorization data information through the SDK, and renders the corresponding authorization confirmation page based on the authorization data information; and, after receiving the user's confirmation information for the authorization confirmation page, trigger
  • the first server corresponding to the first application executes a corresponding authorized login operation for the first application.
  • the purpose of one or more embodiments of this specification is to provide an authorized login device for an application program, including: a processor; and a memory arranged to store computer-executable instructions.
  • the computer-executable instructions when executed, cause the processor to: after detecting an authorized login request, the first application invokes the pre-integrated preset software development kit SDK of the second application, and the authorized login request includes open A request to authorize the use of the account information of the second application to log in to the first application; the first application obtains the authentication credential for requesting authorization to log in from the second application through the SDK and using a preset inter-process communication method;
  • the first application sends the authentication credential to the second server corresponding to the second application through the SDK, so that the second server verifies whether the authentication credential is legal, and confirms When the authentication certificate is valid, the authorization data information is returned; the first application renders the corresponding authorization confirmation page based on the received authorization data information through the SDK; After the information is confirmed, the first server corresponding to the first application is
  • the purpose of one or more embodiments of this specification is to provide an authorized login device for an application program, including: a processor; and a memory arranged to store computer-executable instructions.
  • the processor When the computer-executable instructions are executed, the processor: the second server corresponding to the second application receives the authentication sent by the first application through the pre-integrated preset software development kit SDK of the second application.
  • the authentication certificate wherein the authentication certificate is obtained by the first application from the second application by invoking the SDK and using a preset inter-process communication method; the second server performs legal authentication on the authentication certificate The corresponding legality verification result is obtained; if the legality verification result is that the authentication certificate is legal, then the authorization data information is returned to the first application so that the first application can pass the SDK Rendering a corresponding authorization confirmation page based on the authorization data information, and triggering the first server corresponding to the first application to perform a corresponding authorization login operation for the first application.
  • the purpose of one or more embodiments of this specification is to provide a storage medium for storing computer-executable instructions.
  • the executable instruction is executed by the processor: after detecting the authorization login request, the first application invokes the pre-integrated preset software development kit SDK of the second application, and the authorization login request includes the open authorization to use the second application.
  • the account information of the application is a request to log in to the first application; the first application obtains the authentication credential for requesting authorization to log in from the second application through the SDK and using a preset inter-process communication method;
  • the application sends the authentication voucher to the second server corresponding to the second application through the SDK, so that the second server verifies whether the authentication voucher is legal, and determines whether the authentication voucher is valid or not.
  • the authorization data information is returned; the first application renders the corresponding authorization confirmation page based on the received authorization data information through the SDK; after receiving the user's confirmation information for the authorization confirmation page, The first server corresponding to the first application is triggered to perform a corresponding authorized login operation for the first application.
  • the purpose of one or more embodiments of this specification is to provide a storage medium for storing computer-executable instructions.
  • the executable instruction is executed by the processor: the second server corresponding to the second application receives the authentication certificate sent by the first application through the pre-integrated pre-integrated software development kit SDK of the second application, where The authentication credential is obtained by the first application from the second application by invoking the SDK and using a preset inter-process communication method; the second server verifies the legality of the authentication credential, Obtain the corresponding legality verification result; if the legality verification result is that the authentication voucher is legal, then the authorization data information is returned to the first application, so that the first application passes the SDK based on the authorization The data information renders the corresponding authorization confirmation page, and triggers the first server corresponding to the first application to perform a corresponding authorization login operation for the first application.
  • FIG. 1 is a schematic diagram of an application scenario of an authorized login system for an application program provided in one or more embodiments of this specification;
  • FIG. 2 is a schematic diagram of the first flow chart of the authorized login method for an application provided by one or more embodiments of this specification;
  • FIG. 3 is a schematic diagram of the second flow chart of the application authorization login method provided by one or more embodiments of this specification;
  • FIG. 4 is a schematic diagram of a third flow chart of an application authorization login method provided by one or more embodiments of this specification;
  • FIG. 5 is a schematic diagram of the multi-terminal interaction process involved in the authorization login method for an application provided by one or more embodiments of this specification;
  • FIG. 6 is a schematic flowchart of an authorization login method applied to an application program of a second server provided in one or more embodiments of this specification;
  • FIG. 7 is a schematic diagram of the first type of module composition of the authorized login device for application programs provided in one or more embodiments of this specification;
  • FIG. 8 is a schematic diagram showing the composition of a second type of module of the authorized login device for an application program provided in one or more embodiments of this specification;
  • Fig. 9 is a schematic structural diagram of an authorized login device for an application provided by one or more embodiments of this specification.
  • One or more embodiments of this specification provide an authorized login method, device, and system for an application program.
  • the first application to be logged in invokes the pre-integrated preset software development kit SDK of the second application, and uses the preset process Communicate with the second application in the underlying communication mode to obtain the authentication credential for requesting authorized login from the second application; and then send the obtained authentication credential to the second server corresponding to the second application to trigger the second application.
  • the second server verifies the validity of the authentication certificate, and after the second server verifies that the authentication certificate is legal, the first application receives the authorization data information returned by the second server, and then passes the SDK of the second application, based on the The authorization data information is rendered and the corresponding authorization confirmation page is displayed; based on the user's confirmation information for the authorization confirmation page, the first server corresponding to the first application is triggered to control the first application to complete the authorization login, which can realize the first application and the first application.
  • the bottom layer communication between the two applications is to obtain the authentication credentials, so that the process of obtaining the authentication credentials and rendering the authorization confirmation page is completed in the first application, and there is no need to jump to the second application, eliminating the need for the first application and the second application.
  • the multiple jumps between the two applications not only improve the user experience, but also simplify the business link for application authorization login and improve the authorization login success rate.
  • FIG. 1 is a schematic diagram of an application scenario of an application authorization login system provided by one or more embodiments of this specification.
  • the system includes a client, a first server corresponding to a first application, and a second application The corresponding second server.
  • the client has a first application and a second application installed.
  • the client can be a mobile terminal such as a smart phone or a tablet computer.
  • the client can also be a terminal device such as a personal computer, the first server and the second server can be background servers for providing a certain business service, and the first server and the second server can be independent servers, It can also be a server cluster composed of multiple servers.
  • the specific process of application authorization login is:
  • the above-mentioned authorized login request includes a request to openly authorize the use of the account information of the second application to log in to the first application.
  • a plurality of different SDKs of the second application are integrated in the data package of the first application in advance, and according to the user's touch operation Determine the second application targeted by the authorized login request;
  • the first application obtains the authentication credential for requesting authorized login from the second application through the SDK of the above-mentioned second application and using the preset inter-process communication method;
  • the aforementioned preset inter-process communication method may include any one of Messenger, AIDL, Content Provider, Broadcast Receiver, file sharing, and scoket; specifically, through the SDK of the second application and the preset inter-process communication method, the first Underlying communication between the application and the second application to obtain authentication credentials, so that there is no need to jump multiple times between the first application and the second application;
  • the first application sends the obtained authentication credential to the second server through the SDK of the second application;
  • the second server After receiving the authentication certificate sent by the first application through the SDK of the second application, the second server verifies whether the authentication certificate is legal, and obtains the corresponding authentication certificate verification result;
  • the second server since the authentication certificate is signed by the second server using the private key and then distributed to the second application, the second server uses the corresponding public key to verify the obtained authentication certificate, if If the verification is passed, it is determined that the authentication certificate is legal;
  • the second server If the verification result of the above authentication certificate is that the authentication certificate is valid, the second server returns the authorization data information to the first application;
  • the above-mentioned authorization data information includes the user authorization range, that is, the attribute field of the second application authorized by the user to the first application.
  • the user authorization range may be an avatar, account, nickname, etc.;
  • the first application receives the authorization data information returned by the second server through the SDK of the second application, and renders the corresponding authorization confirmation page based on the authorization data information through the SDK of the second application;
  • a prompt message for prompting the user to confirm whether to authorize the avatar, account, and nickname of the second application to the first application is displayed on the authorization confirmation page;
  • the first application After the first application detects the user's confirmation information for the authorization confirmation page, it requests the second server to obtain the authorization authentication code through the SDK of the second application;
  • the first application sends the authorization authentication code returned by the second server to the first server;
  • the first server requests the second server for the attribute information of the second application authorized to the first application based on the received authorization authentication code, and performs corresponding authorization for the first application based on the attribute information of the second application Login operation; wherein, the attribute information of the second application authorized to the first application is the value of the attribute field indicated by the authorization scope of the authorization data information.
  • the first application to be logged in calls the pre-integrated preset software development kit SDK of the second application, and uses the preset inter-process communication method to communicate with the second application at the bottom level.
  • Obtain the authentication credential used to request authorized login from the second application then send the obtained authentication credential to the second server corresponding to the second application to trigger the second server to verify the legality of the authentication credential ,
  • the first application receives the authorization data information returned by the second server, and then renders and displays the corresponding authorization confirmation page based on the authorization data information through the SDK of the second application;
  • the first server corresponding to the first application is triggered to control the first application to complete the authorization login, which can realize the underlying communication between the first application and the second application to obtain the authentication credentials , So that the process of obtaining authentication credentials and rendering the authorization confirmation page is completed in the first application, without
  • FIG. 2 is a schematic diagram of the first flow chart of the authorization login method for an application provided by one or more embodiments of this specification.
  • the method in FIG. 2 can be executed by the first application installed in the client shown in FIG. 1, as shown in FIG. As shown in 2, the method includes at least the following steps:
  • the first application invokes the pre-integrated preset software development kit SDK of the second application, where the authorization login request includes the authorization to use the account information of the second application to log in to the first application. ask;
  • multiple different SDKs of the second application are integrated in the data package of the first application in advance.
  • the user can select any second application as the target of open authorization to log in to the first application. application;
  • the login interface of the first application is displayed, where multiple candidate application icons for requesting quick login are displayed in the login interface. If one target application icon is selected from the candidate application icons, it is determined that the account information of the second application corresponding to the target application icon is open to be authorized to log in to the first application; and an authorized login request is generated, that is, the user is in multiple candidate application icons
  • the application corresponding to the selected target application icon is determined to be the second application to be opened for authorization, and the preset software development kit SDK of the second application is invoked to exchange information with the second application and the second server through the SDK;
  • the first application is a travel application
  • the second application is a social application.
  • the account information of the second application can be authorized to quickly log in to the first application.
  • the travel application calls the preset software development kit SDK of the pre-integrated social application to interact with the social application and the server corresponding to the social application through the SDK.
  • the first application obtains an authentication credential for requesting authorized login from the second application through the SDK of the second application and using a preset inter-process communication method;
  • the first application and the second application can communicate with each other at the bottom to obtain the authentication credential, without awakening the second application, without jumping to the second application, and There is no need to open the interactive interface of the second application. Therefore, after the user confirms the authorization is detected, the process of calling the first application from the second application is also omitted.
  • the first application sends the obtained authentication credential to the second server corresponding to the second application through the SDK of the second application, so that the second server verifies whether the authentication credential is legal, and determines whether the authentication credential is legal or not. Return the corresponding authorization data information when the authentication certificate is legal;
  • the first application renders a corresponding authorization confirmation page based on the received authorization data information through the SDK of the second application;
  • the above authorization confirmation page contains prompt information for prompting the user to confirm whether to authorize the user authorization range corresponding to the authorization data information to the first application; specifically, open the authorization confirmation page directly in the first application without awakening the second application , No need to jump to the second application, and no need to open the interactive interface of the second application, therefore, after detecting that the user confirms the authorization, the process of transferring back to the first application from the second application is also omitted;
  • the first application obtains the authorization authentication code from the second server through the SDK of the second application, and sends the obtained authorization authentication code to the first server, and the first server sends the authorization authentication code to the second server based on the authorization authentication code.
  • the second server obtains the target login information required to authorize the login to the first application, and authorizes the login to the first application based on the target login information.
  • the first application to be logged in invokes the pre-integrated preset software development kit SDK of the second application, and uses the preset inter-process communication method to communicate with the second application at the bottom level.
  • the second application obtains the authentication credential used to request authorized login; then sends the obtained authentication credential to the second server corresponding to the second application to trigger the second server to verify the legality of the authentication credential, And after the second server verifies that the authentication certificate is legal, the first application receives the authorization data information returned by the second server, and then renders and displays the corresponding authorization confirmation page based on the authorization data information through the SDK of the second application; Based on the user's confirmation information for the authorization confirmation page, the first server corresponding to the first application is triggered to control the first application to complete the authorization login, which enables the underlying communication between the first application and the second application to obtain authentication credentials, In this way, the process of obtaining authentication credentials and rendering the authorization confirmation page is completed in the first application, without jumping to the second application, eliminating multiple jump
  • the second application obtains the authentication credential used to request authorized login, which specifically includes:
  • the first application sends an authentication credential acquisition request to the second application through the SDK of the second application and using a preset inter-process communication method;
  • the first application receives the authentication credential for requesting authorized login that is returned by the second application using the preset inter-process communication method through the SDK of the second application.
  • the first application uses the SDK of the second application pre-integrated in its data packet, and uses the preset inter-process communication method to communicate with the second application at the bottom, eliminating the need for multiple times between the first application and the second application The process of jumping.
  • the above S210 after receiving the user's confirmation information for the authorization confirmation page, triggers the first server corresponding to the first application to respond to the first application.
  • An application performs corresponding authorized login operations, including:
  • the second server assigns the corresponding authorization authentication code authcode to the first application, so that the first application requests authorization to log in based on the authorization authentication code authcode.
  • the login information of the target is the authorization authentication code acquisition request of the first application.
  • S2102 The first application receives the authorization authentication code returned by the second server through the SDK of the second application;
  • the first application Based on the obtained authorization authentication code, the first application triggers the first server corresponding to the first application to perform a corresponding authorized login operation for the first application.
  • the first application triggers the first server corresponding to the first application to perform the corresponding authorization login for the first application based on the obtained authorization authentication code.
  • Operations including:
  • Step 1 The first application sends the obtained authorization authentication code to the first server corresponding to the first application, so that the first server sends the authorization authentication code to the second server based on the second server
  • the returned authorization token and digital identity perform a corresponding authorized login operation for the first application
  • the first application sends the obtained authorization authentication code authcode to the first server.
  • the first server After receiving the authorization authentication code, the first server sends the authorization authentication code to the second server; correspondingly, the second server After receiving the authorization authentication code, verify the authenticity of the authorization authentication code, and if it is determined that the authorization authentication code is credible, return the corresponding authorization token accesstoken and the digital identity openID to the first server; correspondingly Yes, the first server performs a corresponding authorized login operation on the first application based on the received authorization token and digital identity;
  • the first server creates and maps an application login account for the first application based on the received digital identity openID; and based on the received authorization token accesstoken, obtains the target login information required to authorize the login to the first application.
  • the target login information includes attribute information of the second application authorized to the first application, for example, the avatar, account, and nickname of the second application; and authorization to log in to the first application based on the acquired target login information.
  • Step 2 The first application receives and displays the authorized login result information returned by the first server;
  • the first server After the first server completes the authorization login of the first application based on the attribute information of the authorization field of the second application, it returns the authorization login result information to the first application, so that the client can display the information used to signify the successful login of the first application. Prompt information.
  • the first application calls the pre-integrated pre-integrated second application.
  • the software development kit SDK Before the software development kit SDK is set, it also includes: determining the security requirement level of the second application according to the attribute information of the calling object to which the business service of the second application is oriented; 2. The preset inter-process communication mode corresponding to the security requirement level of the application.
  • the corresponding inter-process communication method is selected. For example, for the situation that the security requirement level of the second application is relatively high, the inter-process communication method with identity verification function is adopted as the preliminary Set the method of inter-process communication. For example, if the security requirement level of the second application reaches the preset security level, AIDL is determined as the preset inter-process communication method; if the security requirement level of the second application is lower than the preset security level, broadcastreceiver , Or contentprovider is determined as the preset inter-process communication method.
  • the first application sends the authentication certificate to the second application through the SDK of the second application and using the preset inter-process communication method.
  • the acquisition request specifically includes: the first application sends an authentication credential acquisition request to the second application through the SDK of the second application and uses a preset inter-process communication method, so that the second application triggers the corresponding second server to contact the second application.
  • An application performs credibility verification and returns an authentication certificate after the credibility verification is passed.
  • FIG. 5 a schematic diagram of the multi-terminal interaction process in the application authorization login method is provided, which specifically includes:
  • the first application obtains an authentication credential for requesting authorized login from the second application through the SDK of the second application and using a preset inter-process communication method;
  • S503 The first application sends the obtained authentication credential to the second server through the SDK of the second application.
  • S505 If the verification result of the authentication certificate is that the authentication certificate is valid, the second server returns authorization data information to the first application; specifically, the first application receives the authorization data returned by the second server through the SDK of the second application information;
  • the first application renders a corresponding authorization confirmation page based on the received authorization data information through the SDK of the second application;
  • the second server After receiving the authorization authentication code acquisition request, the second server returns a corresponding authorization authentication code to the first application; specifically, the first application receives the authorization authentication code returned by the second server through the SDK of the second application;
  • the first application sends the authorization authentication code received through the SDK of the second application to the first server.
  • S510 The first server sends the authorization authentication code of the first application to the second server.
  • S511 The second server performs a credibility check on the received authorization authentication code, and obtains a corresponding credibility check result;
  • the first server performs a corresponding authorized login operation on the first application based on the received authorization token and digital identity;
  • S514 The first server returns the authorized login success information to the first application, so that the first application displays the authorized login success information.
  • the authorized login method of the application program calls the pre-integrated preset software development kit SDK of the second application, and uses the preset inter-process communication method to communicate with the second application.
  • the application performs underlying communication to obtain the authentication credential for requesting authorized login from the second application; and then sends the obtained authentication credential to the second server corresponding to the second application to trigger the second server to authenticate the authentication.
  • the first application After verifying the validity of the authorization certificate, and verifying that the authentication certificate is legal on the second server, the first application receives the authorization data information returned by the second server, and then renders and displays the authorization data information through the SDK of the second application Corresponding authorization confirmation page; based on the user's confirmation information for the authorization confirmation page, trigger the first server corresponding to the first application to control the first application to complete the authorization login, so that the bottom layer between the first application and the second application can be realized Communication to obtain the authentication credentials, so that the process of obtaining the authentication credentials and rendering the authorization confirmation page is completed in the first application, without jumping to the second application, which saves much effort between the first application and the second application.
  • the second jump not only improves the user experience, but also simplifies the business link for application authorization login and improves the authorization login success rate.
  • Figure 6 is one or more of the application authorization login methods.
  • the second server corresponding to the second application receives the authentication credential sent by the first application through the pre-integrated preset software development kit SDK of the second application, where the authentication credential is the authentication credential sent by the first application by calling
  • the SDK is obtained from the second application using a preset inter-process communication method
  • the second server performs a legality check on the obtained authentication certificate, and obtains a corresponding legality verification result.
  • the first application to be logged in invokes the pre-integrated preset software development kit SDK of the second application, and uses the preset inter-process communication method to communicate with the second application at the bottom level.
  • the second application obtains the authentication credential used to request authorized login; then sends the obtained authentication credential to the second server corresponding to the second application to trigger the second server to verify the legality of the authentication credential, And after the second server verifies that the authentication certificate is legal, the first application receives the authorization data information returned by the second server, and then renders and displays the corresponding authorization confirmation page based on the authorization data information through the SDK of the second application; Based on the user's confirmation information for the authorization confirmation page, the first server corresponding to the first application is triggered to control the first application to complete the authorization login, which can realize the underlying communication between the first application and the second application to obtain the authentication credentials, In this way, the process of obtaining authentication credentials and rendering of the authorization confirmation page is completed in the first application, without jumping to the second application, eliminating
  • the method further includes: the second server receiving the authorization authentication sent by the first application through the SDK of the second application Code acquisition request; in response to the received authorization authentication code acquisition request, the second server returns the corresponding authorization authentication code to the first application, so that the first application is based on the authorization authentication code received through the SDK of the second application, The first server corresponding to the first application is triggered to perform a corresponding authorized login operation for the first application.
  • the method further includes: the second server receives the authorization authentication code sent by the first server; second The server verifies the credibility of the received authorization authentication code, and obtains the corresponding credibility verification result; if the credibility verification result is that the verification is passed, the authorization token and the digital identity are returned to the first server, In order to enable the first server to perform a corresponding authorized login operation for the first application based on the received authorization token and digital identity.
  • the above-mentioned preset inter-process communication method is determined by the following method: determining the security requirement level of the second application according to the attribute information of the calling object to which the business service of the second application is oriented; and communicating methods among multiple alternative processes Select the preset inter-process communication method corresponding to the above-mentioned security requirement level.
  • the authorized login method of the application program calls the pre-integrated preset software development kit SDK of the second application, and uses the preset inter-process communication method to communicate with the second application.
  • the application performs underlying communication to obtain the authentication credential for requesting authorized login from the second application; and then sends the obtained authentication credential to the second server corresponding to the second application to trigger the second server to authenticate the authentication.
  • the first application After verifying the validity of the authorization certificate, and verifying that the authentication certificate is legal on the second server, the first application receives the authorization data information returned by the second server, and then renders and displays the authorization data information through the SDK of the second application Corresponding authorization confirmation page; based on the user's confirmation information for the authorization confirmation page, trigger the first server corresponding to the first application to control the first application to complete the authorization login, so that the bottom layer between the first application and the second application can be realized Communication to obtain the authentication credentials, so that the process of obtaining the authentication credentials and rendering the authorization confirmation page is completed in the first application, without jumping to the second application, which saves much effort between the first application and the second application.
  • the second jump not only improves the user experience, but also simplifies the business link for application authorization login and improves the authorization login success rate.
  • Figure 7 is one or more of this specification.
  • a schematic diagram of the module composition of an application authorization login device provided in one embodiment. The device is set on the client side and is used to execute the application authorization login method described in FIGS. 2 to 5. As shown in FIG. 7, the device includes:
  • the SDK invocation module 701 after detecting the authorization login request, the first application invokes the pre-integrated preset software development kit SDK of the second application.
  • the authorization login request includes the authorization to use the account information of the second application to log in the first application.
  • An authentication credential obtaining module 702 in which the first application obtains an authentication credential for requesting authorized login from the second application through the SDK and using a preset inter-process communication method;
  • Authentication voucher sending module 703 wherein the first application sends the authentication voucher to the second server corresponding to the second application through the SDK, so that the second server verifies the authentication Whether the authorization certificate is legal, and return authorization data information when it is determined that the authentication certificate is legal;
  • An authorization page rendering module 704 the first application of which renders a corresponding authorization confirmation page based on the received authorization data information through the SDK;
  • the application authorization login module 705 after receiving the user's confirmation information for the authorization confirmation page, triggers the first server corresponding to the first application to perform a corresponding authorization login operation for the first application.
  • the first application to be logged in invokes the pre-integrated preset software development kit SDK of the second application, and uses the preset inter-process communication method to communicate with the second application at the bottom level.
  • the second application obtains the authentication credential used to request authorized login; then sends the obtained authentication credential to the second server corresponding to the second application to trigger the second server to verify the legality of the authentication credential, And after the second server verifies that the authentication certificate is legal, the first application receives the authorization data information returned by the second server, and then renders and displays the corresponding authorization confirmation page based on the authorization data information through the SDK of the second application; Based on the user's confirmation information for the authorization confirmation page, the first server corresponding to the first application is triggered to control the first application to complete the authorization login, which enables the underlying communication between the first application and the second application to obtain authentication credentials, In this way, the process of obtaining authentication credentials and rendering the authorization confirmation page is completed in the first application, without jumping to the second application, eliminating multiple jump
  • the authentication credential obtaining module 702 is configured to: the first application sends an authentication credential obtaining request to the second application through the SDK and using a preset inter-process communication method; Through the SDK, the application receives the authentication credential for requesting authorized login returned by the second application using the preset inter-process communication mode.
  • the application authorization login module 705 which: after receiving the user's confirmation information for the authorization confirmation page, the first application sends an authorization authentication code to the second server through the SDK Obtaining request; the first application receives the authorization authentication code returned by the second server through the SDK; the first application triggers the first server corresponding to the first application based on the authorization authentication code Perform a corresponding authorized login operation for the first application.
  • the application authorization login module 705 wherein: the first application sends the authorization authentication code to the first server corresponding to the first application, so that the first server will The authorization authentication code is sent to the second server, and a corresponding authorized login operation is performed for the first application based on the authorization token and digital identity returned by the second server; the first application receives and displays The authorized login result information returned by the first server.
  • the above-mentioned apparatus further includes an inter-process communication determining module, which: determines the security requirement level of the second application according to the attribute information of the calling object to which the business service of the second application is oriented; In the inter-process communication mode, a preset inter-process communication mode corresponding to the security requirement level is selected.
  • the authentication credential acquisition module 702 which: the first application passes the SDK and uses a preset inter-process communication method , Sending an authentication voucher acquisition request to the second application, so that the second application triggers the corresponding second server to verify the credibility of the first application, and return the authentication after the credibility verification is passed. Certificate of authority.
  • the first application to be logged in calls the pre-integrated preset software development kit SDK of the second application, and uses the preset inter-process communication method to communicate with the second application.
  • the application performs underlying communication to obtain the authentication credential for requesting authorized login from the second application; and then sends the obtained authentication credential to the second server corresponding to the second application to trigger the second server to authenticate the authentication.
  • the first application After verifying the validity of the authorization certificate, and verifying that the authentication certificate is legal on the second server, the first application receives the authorization data information returned by the second server, and then renders and displays the authorization data information through the SDK of the second application Corresponding authorization confirmation page; based on the user's confirmation information for the authorization confirmation page, trigger the first server corresponding to the first application to control the first application to complete the authorization login, so that the bottom layer between the first application and the second application can be realized Communication to obtain the authentication credentials, so that the process of obtaining the authentication credentials and rendering the authorization confirmation page is completed in the first application, without jumping to the second application, which saves much effort between the first application and the second application.
  • the second jump not only improves the user experience, but also simplifies the business link for application authorization login and improves the authorization login success rate.
  • one or more embodiments of this specification also provide an application authorization login device.
  • a schematic diagram of the module composition of an application authorization login device provided by one embodiment, the device is set on the second server corresponding to the second application, and is used to execute the application authorization login method described in FIGS. 2 to 5, as shown in FIG. 8 As shown, the device includes:
  • the second server corresponding to the second application receives the authentication voucher sent by the first application through the pre-integrated preset software development kit SDK of the second application, wherein the authentication The right certificate is obtained by the first application from the second application by calling the SDK and using a preset inter-process communication method;
  • An authentication certificate verification module 802 the second server of which performs a legality check on the authentication certificate, and obtains a corresponding legality verification result;
  • the authorization information sending module 803 if the legality verification result is that the authentication credential is legal, it returns authorization data information to the first application, so that the first application is based on the authorization data through the SDK The information renders the corresponding authorization confirmation page, and triggers the first server corresponding to the first application to perform a corresponding authorization login operation for the first application.
  • the first application to be logged in invokes the pre-integrated preset software development kit SDK of the second application, and uses the preset inter-process communication method to communicate with the second application at the bottom level.
  • the second application obtains the authentication credential used to request authorized login; then sends the obtained authentication credential to the second server corresponding to the second application to trigger the second server to verify the legality of the authentication credential, And after the second server verifies that the authentication certificate is legal, the first application receives the authorization data information returned by the second server, and then renders and displays the corresponding authorization confirmation page based on the authorization data information through the SDK of the second application; Based on the user's confirmation information for the authorization confirmation page, the first server corresponding to the first application is triggered to control the first application to complete the authorization login, which enables the underlying communication between the first application and the second application to obtain authentication credentials, In this way, the process of obtaining authentication credentials and rendering the authorization confirmation page is completed in the first application, without jumping to the second application, eliminating multiple jump
  • the above-mentioned apparatus further includes an authorization authentication code sending module, wherein: the second server receives the authorization authentication code acquisition request sent by the first application through the SDK; the second server responds to the The authorization authentication code acquisition request returns the corresponding authorization authentication code to the first application, so that the first application triggers the first application corresponding to the first application based on the authorization authentication code received through the SDK.
  • the server performs a corresponding authorized login operation for the first application.
  • the above device further includes an authorization token sending module, wherein: the second server receives the authorization authentication code sent by the first server; the second server trusts the authorization authentication code To obtain the corresponding credibility verification result; if the credibility verification result is passed, the authorization token and the digital identity are returned to the first server, so that the first server is based on The authorization token and the digital identity perform a corresponding authorized login operation for the first application.
  • the preset inter-process communication mode is determined by the following method: determining the security requirement level of the second application according to the attribute information of the calling object to which the business service of the second application is oriented; Among the alternative inter-process communication methods, a preset inter-process communication method corresponding to the security requirement level is selected.
  • the first application to be logged in calls the pre-integrated preset software development kit SDK of the second application, and uses the preset inter-process communication method to communicate with the second application.
  • the application performs underlying communication to obtain the authentication credential for requesting authorized login from the second application; and then sends the obtained authentication credential to the second server corresponding to the second application to trigger the second server to authenticate the authentication.
  • the first application After verifying the validity of the authorization certificate, and verifying that the authentication certificate is legal on the second server, the first application receives the authorization data information returned by the second server, and then renders and displays the authorization data information through the SDK of the second application Corresponding authorization confirmation page; based on the user's confirmation information for the authorization confirmation page, trigger the first server corresponding to the first application to control the first application to complete the authorization login, so that the bottom layer between the first application and the second application can be realized Communication to obtain the authentication credentials, so that the process of obtaining the authentication credentials and rendering the authorization confirmation page is completed in the first application, without jumping to the second application, which saves much effort between the first application and the second application.
  • the second jump not only improves the user experience, but also simplifies the business link for application authorization login and improves the authorization login success rate.
  • one or more embodiments of this specification also provide an application authorization login system for executing FIGS. 2 to 6
  • the described application authorization login method the system includes a client, a first server corresponding to the first application, and a second server corresponding to the second application.
  • the client is installed with the first application and the second application.
  • the first application after detecting the authorization login request, invokes the pre-integrated preset software development kit SDK of the second application, the authorization login request includes the authorization to use the account information of the second application to log in to the first application Request; and, through the SDK and using a preset inter-process communication method, to obtain an authentication credential for requesting authorized login from the second application.
  • the second server receives the authentication certificate sent by the first application through the SDK, verifies whether the authentication certificate is legal, and sends the authentication certificate to the first application when it is determined that the authentication certificate is legal.
  • the application returns the authorization data information.
  • the first application receives the authorization data information through the SDK, and renders the corresponding authorization confirmation page based on the authorization data information; and, after receiving the user's confirmation information for the authorization confirmation page, trigger
  • the first server corresponding to the first application executes a corresponding authorized login operation for the first application.
  • the first application to be logged in calls the pre-integrated preset software development kit SDK of the second application, and uses the preset inter-process communication method to communicate with the second application.
  • the application performs underlying communication to obtain the authentication credential for requesting authorized login from the second application; and then sends the obtained authentication credential to the second server corresponding to the second application to trigger the second server to authenticate the authentication.
  • the first application After verifying the validity of the authorization certificate, and verifying that the authentication certificate is legal on the second server, the first application receives the authorization data information returned by the second server, and then renders and displays the authorization data information through the SDK of the second application Corresponding authorization confirmation page; based on the user's confirmation information for the authorization confirmation page, trigger the first server corresponding to the first application to control the first application to complete the authorization login, so that the bottom layer between the first application and the second application can be realized Communication to obtain the authentication credentials, so that the process of obtaining the authentication credentials and rendering the authorization confirmation page is completed in the first application, without jumping to the second application, which saves much effort between the first application and the second application.
  • the second jump not only improves the user experience, but also simplifies the business link for application authorization login and improves the authorization login success rate.
  • one or more embodiments of this specification also provide an application authorization login device, which is used to execute the above application
  • the authorized login method is shown in Figure 9.
  • Authorized login devices for application programs may have relatively large differences due to different configurations or performances, and may include one or more processors 901 and a memory 902, and the memory 902 may store one or more stored application programs or data. Among them, the memory 902 may be short-term storage or persistent storage.
  • the application program stored in the memory 902 may include one or more modules (not shown in the figure), and each module may include a series of computer-executable instructions to authorize the login device for the application program.
  • the processor 901 may be configured to communicate with the memory 902, and execute a series of computer-executable instructions in the memory 902 on the device authorized to log in to the application program.
  • the authorized login device of the application program may also include one or more power sources 903, one or more wired or wireless network interfaces 904, one or more input and output interfaces 905, one or more keyboards 906, and so on.
  • the authorized login device of the application program includes a memory and one or more programs, wherein one or more programs are stored in the memory, and the one or more programs may include one or more modules , And each module may include a series of computer-executable instructions in the device authorized to log in to the application program, and is configured to be executed by one or more processors.
  • the one or more programs include computer-executable instructions for performing the following : After detecting the authorization login request, the first application invokes the pre-integrated preset software development kit SDK of the second application, and the authorization login request includes a request to openly authorize the use of the account information of the second application to log in to the first application; The first application obtains the authentication credential for requesting authorized login from the second application through the SDK and using the preset inter-process communication mode; the first application sends the authentication certificate to the second application through the SDK The second server corresponding to the application sends the authentication credential, so that the second server verifies whether the authentication credential is legal, and returns authorization data information when it is determined that the authentication credential is legal; An application renders a corresponding authorization confirmation page based on the received authorization data information through the SDK; after receiving the user's confirmation information for the authorization confirmation page, triggers the first service corresponding to the first application The terminal performs a corresponding authorized login operation for the first application.
  • the first application to be logged in invokes the pre-integrated preset software development kit SDK of the second application, and uses the preset inter-process communication method to communicate with the second application at the bottom level.
  • the second application obtains the authentication credential used to request authorized login; then sends the obtained authentication credential to the second server corresponding to the second application to trigger the second server to verify the legality of the authentication credential, And after the second server verifies that the authentication certificate is legal, the first application receives the authorization data information returned by the second server, and then renders and displays the corresponding authorization confirmation page based on the authorization data information through the SDK of the second application; Based on the user's confirmation information for the authorization confirmation page, the first server corresponding to the first application is triggered to control the first application to complete the authorization login, which enables the underlying communication between the first application and the second application to obtain authentication credentials, In this way, the process of obtaining authentication credentials and rendering the authorization confirmation page is completed in the first application, without jumping to the second application, eliminating multiple jump
  • the first application obtains the authentication credential for requesting authorized login from the second application through the SDK and using a preset inter-process communication method, including: The first application sends an authentication credential acquisition request to the second application through the SDK and uses a preset inter-process communication method; the first application receives the second application using the SDK through the SDK The authentication credential used to request authorized login returned by the preset inter-process communication method.
  • the first server corresponding to the first application when the computer-executable instruction is executed, after receiving the user's confirmation information for the authorization confirmation page, trigger the first server corresponding to the first application to execute the corresponding authorization for the first application
  • the login operation includes: after receiving the user's confirmation information for the authorization confirmation page, the first application sends an authorization authentication code acquisition request to the second server through the SDK; the first application passes The SDK receives the authorization authentication code returned by the second server; the first application triggers the first server corresponding to the first application to execute the corresponding authentication code for the first application based on the authorization authentication code Authorize login operations.
  • the first application triggers the first server corresponding to the first application to perform a corresponding authorized login operation for the first application based on the authorization authentication code
  • the method includes: the first application sends the authorization authentication code to a first server corresponding to the first application, so that the first server sends the authorization authentication code to the second server, And perform a corresponding authorized login operation for the first application based on the authorization token and digital identity returned by the second server; the first application receives and displays the authorized login result information returned by the first server .
  • the instructions further include: according to the invocation of the business service of the second application The object attribute information determines the security requirement level of the second application; among a plurality of candidate inter-process communication modes, a preset inter-process communication mode corresponding to the security requirement level is selected.
  • the first application passes the SDK and uses a preset inter-process communication method to
  • the second application sending an authentication credential acquisition request includes: the first application sends an authentication credential acquisition request to the second application through the SDK and using a preset inter-process communication method, so that the first application
  • the second application triggers the corresponding second server to perform credibility verification on the first application, and returns an authentication certificate after the credibility verification is passed.
  • the first application to be logged in calls the pre-integrated preset software development kit SDK of the second application, and uses the preset inter-process communication method to communicate with the second application.
  • the application performs underlying communication to obtain the authentication credential for requesting authorized login from the second application; and then sends the obtained authentication credential to the second server corresponding to the second application to trigger the second server to authenticate the authentication.
  • the first application After verifying the validity of the authorization certificate, and verifying that the authentication certificate is legal on the second server, the first application receives the authorization data information returned by the second server, and then renders and displays the authorization data information through the SDK of the second application Corresponding authorization confirmation page; based on the user's confirmation information for the authorization confirmation page, trigger the first server corresponding to the first application to control the first application to complete the authorization login, so that the bottom layer between the first application and the second application can be realized Communication to obtain the authentication credentials, so that the process of obtaining the authentication credentials and rendering the authorization confirmation page is completed in the first application, without jumping to the second application, which saves much effort between the first application and the second application.
  • the second jump not only improves the user experience, but also simplifies the business link for application authorization login and improves the authorization login success rate.
  • the authorized login device of the application program includes a memory and one or more programs, wherein one or more programs are stored in the memory, and the one or more programs may include one or more programs.
  • Modules, and each module may include a series of computer-executable instructions in the device authorized to log in to the application program, and is configured to be executed by one or more processors.
  • the one or more programs include the following computer-executable instructions: Instruction: The second server corresponding to the second application receives the authentication certificate sent by the first application through the pre-integrated preset software development kit SDK of the second application, where the authentication certificate is the first application Obtained from the second application by invoking the SDK and using a preset inter-process communication method; the second server verifies the legality of the authentication voucher to obtain the corresponding legality verification result; If the legality verification result is that the authentication voucher is legal, the authorization data information is returned to the first application, so that the first application renders the corresponding authorization confirmation page based on the authorization data information through the SDK, and The first server corresponding to the first application is triggered to perform a corresponding authorized login operation for the first application.
  • the first application to be logged in invokes the pre-integrated preset software development kit SDK of the second application, and uses the preset inter-process communication method to communicate with the second application at the bottom level.
  • the second application obtains the authentication credential used to request authorized login; then sends the obtained authentication credential to the second server corresponding to the second application to trigger the second server to verify the legality of the authentication credential, And after the second server verifies that the authentication certificate is legal, the first application receives the authorization data information returned by the second server, and then renders and displays the corresponding authorization confirmation page based on the authorization data information through the SDK of the second application; Based on the user's confirmation information for the authorization confirmation page, the first server corresponding to the first application is triggered to control the first application to complete the authorization login, which enables the underlying communication between the first application and the second application to obtain authentication credentials, In this way, the process of obtaining authentication credentials and rendering the authorization confirmation page is completed in the first application, without jumping to the second application, eliminating multiple jump
  • the method further includes: the second server receiving the authorization authentication code sent by the first application through the SDK Acquisition request; in response to the authorization authentication code acquisition request, the second server returns a corresponding authorization authentication code to the first application, so that the first application is based on the authorization received through the SDK
  • the authentication code triggers the first server corresponding to the first application to perform a corresponding authorized login operation for the first application.
  • the second server when the computer executable instruction is executed, after the second server returns a corresponding authorization authentication code to the first application in response to the authorization authentication code acquisition request, it further includes: the first application
  • the second server receives the authorization authentication code sent by the first server; the second server verifies the credibility of the authorized authentication code to obtain the corresponding credibility verification result; if the credibility is verified If the result is that the verification is passed, an authorization token and a digital identity are returned to the first server, so that the first server executes corresponding actions on the first application based on the authorization token and the digital identity.
  • Authorized login operation when the computer executable instruction is executed, after the second server returns a corresponding authorization authentication code to the first application in response to the authorization authentication code acquisition request, it further includes: the first application
  • the second server receives the authorization authentication code sent by the first server; the second server verifies the credibility of the authorized authentication code to obtain the corresponding credibility verification result; if the credibility is verified If the result is that the verification is passed, an authorization token and a digital identity are returned to the first
  • the preset inter-process communication mode is determined in the following way: determining the second The security requirement level of the application; among the multiple alternative inter-process communication modes, a preset inter-process communication mode corresponding to the security requirement level is selected.
  • the first application to be logged in calls the pre-integrated preset software development kit SDK of the second application, and uses the preset inter-process communication method to communicate with the second application.
  • the application performs underlying communication to obtain the authentication credential for requesting authorized login from the second application; and then sends the obtained authentication credential to the second server corresponding to the second application to trigger the second server to authenticate the authentication.
  • the first application After verifying the validity of the authorization certificate, and verifying that the authentication certificate is legal on the second server, the first application receives the authorization data information returned by the second server, and then renders and displays the authorization data information through the SDK of the second application Corresponding authorization confirmation page; based on the user's confirmation information for the authorization confirmation page, trigger the first server corresponding to the first application to control the first application to complete the authorization login, so that the bottom layer between the first application and the second application can be realized Communication to obtain the authentication credentials, so that the process of obtaining the authentication credentials and rendering the authorization confirmation page is completed in the first application, without jumping to the second application, which saves much effort between the first application and the second application.
  • the second jump not only improves the user experience, but also simplifies the business link for application authorization login and improves the authorization login success rate.
  • one or more embodiments of this specification also provide a storage medium for storing computer-executable instructions, a specific implementation
  • the storage medium may be a U disk, an optical disk, a hard disk, etc.
  • the authorization login request includes a request to open the authorization to use the account information of the second application to log in to the first application
  • the first application passes through the SDK and uses the preset process
  • the first application sends the authentication credential to the second server corresponding to the second application through the SDK, So that the second server verifies whether the authentication certificate is legal, and returns authorization data information when it is determined that the authentication certificate is legal
  • the first application passes through the SDK
  • the first application to be logged in invokes the pre-integrated preset software development kit SDK of the second application, and uses the preset inter-process communication method to communicate with the second application at the bottom level.
  • the second application obtains the authentication credential used to request authorized login; then sends the obtained authentication credential to the second server corresponding to the second application to trigger the second server to verify the legality of the authentication credential, And after the second server verifies that the authentication certificate is legal, the first application receives the authorization data information returned by the second server, and then renders and displays the corresponding authorization confirmation page based on the authorization data information through the SDK of the second application; Based on the user's confirmation information for the authorization confirmation page, the first server corresponding to the first application is triggered to control the first application to complete the authorization login, which enables the underlying communication between the first application and the second application to obtain authentication credentials, In this way, the process of obtaining authentication credentials and rendering the authorization confirmation page is completed in the first application, without jumping to the second application, eliminating multiple jump
  • the first application uses the SDK and uses a preset inter-process communication method to obtain information from the second application for requesting authorization to log in
  • the authentication credential includes: the first application sends an authentication credential acquisition request to the second application through the SDK and using a preset inter-process communication mode; the first application receives the authentication credential through the SDK
  • the second application uses the authentication credential returned by the preset inter-process communication method for requesting authorized login.
  • the processor when the computer-executable instructions stored in the storage medium are executed by the processor, after receiving confirmation information from the user for the authorization confirmation page, trigger the first server corresponding to the first application to respond to the The first application performs the corresponding authorization login operation, including: after receiving the user's confirmation information for the authorization confirmation page, the first application sends an authorization authentication code acquisition request to the second server through the SDK The first application receives the authorization authentication code returned by the second server through the SDK; the first application triggers the first server corresponding to the first application to respond to the authorization authentication code based on the authorization authentication code The first application executes the corresponding authorized login operation.
  • the first application triggers the first server corresponding to the first application to target the first application based on the authorization authentication code.
  • Performing the corresponding authorized login operation includes: the first application sends the authorization authentication code to the first server corresponding to the first application, so that the first server sends the authorization authentication code to The second server performs a corresponding authorized login operation for the first application based on the authorization token and digital identity returned by the second server; the first application receives and displays the first service Authorized login result information returned by the terminal.
  • the method further includes: according to the second application The attribute information of the calling object to which the business service is oriented to determine the security requirement level of the second application; among a plurality of alternative inter-process communication methods, a preset inter-process communication method corresponding to the security requirement level is selected .
  • sending an authentication voucher acquisition request to the second application includes: the first application sends an authentication voucher acquisition to the second application through the SDK and using a preset inter-process communication mode Request, so that the second application triggers the corresponding second server to perform credibility verification on the first application, and returns an authentication certificate after the credibility verification is passed.
  • the first application to be logged in calls the pre-integrated second application's preset software development kit SDK, and uses the pre-integrated software development kit SDK.
  • the inter-process communication mode communicates with the second application at the bottom level to obtain the authentication credential for requesting authorized login from the second application; and then send the obtained authentication credential to the second server corresponding to the second application to
  • the second server is triggered to verify the validity of the authentication certificate, and after the second server verifies that the authentication certificate is legal, the first application receives the authorization data information returned by the second server, and then passes the SDK of the second application, Render and display the corresponding authorization confirmation page based on the authorization data information; and then based on the user's confirmation information for the authorization confirmation page, trigger the first server corresponding to the first application to control the first application to complete the authorization login, so that the first application can be realized Perform bottom-level communication with the second application to obtain authentication credentials, so that the process of obtaining authentication credentials and rendering the authorization confirmation page is completed in the first application, without jumping to the second application, eliminating the need for the first application
  • the multiple jumps with the second application not only improve the user experience, but also simplify the business link for application authorization login and improve the authorization login
  • the storage medium may be a U disk, an optical disk, a hard disk, etc.
  • the computer executable instructions stored in the storage medium can implement the following process when executed by the processor:
  • the second server corresponding to the second application receives the authentication credential sent by the first application through the pre-integrated pre-integrated software development kit SDK of the second application, where the authentication credential is that the first application invokes The SDK is obtained from the second application by using a preset inter-process communication method;
  • the second server performs a legality check on the authentication certificate, and obtains a corresponding legality verification result
  • the legality verification result is that the authentication voucher is legal
  • return authorization data information to the first application so that the first application can render a corresponding authorization confirmation page based on the authorization data information through the SDK
  • trigger the first server corresponding to the first application to perform a corresponding authorized login operation for the first application.
  • the first application to be logged in invokes the pre-integrated preset software development kit SDK of the second application, and uses the preset inter-process communication method to communicate with the second application at the bottom level.
  • the second application obtains the authentication credential used to request authorized login; then sends the obtained authentication credential to the second server corresponding to the second application to trigger the second server to verify the legality of the authentication credential, And after the second server verifies that the authentication certificate is legal, the first application receives the authorization data information returned by the second server, and then renders and displays the corresponding authorization confirmation page based on the authorization data information through the SDK of the second application; Based on the user's confirmation information for the authorization confirmation page, the first server corresponding to the first application is triggered to control the first application to complete the authorization login, which enables the underlying communication between the first application and the second application to obtain authentication credentials, In this way, the process of obtaining authentication credentials and rendering the authorization confirmation page is completed in the first application, without jumping to the second application, eliminating multiple jump
  • the method further includes: the second server receiving the first application through the The authorization authentication code acquisition request sent by the SDK; the second server, in response to the authorization authentication code acquisition request, returns the corresponding authorization authentication code to the first application, so that the first application is based on the The authorization authentication code received by the SDK triggers the first server corresponding to the first application to perform a corresponding authorization login operation for the first application.
  • the second server responds to the authorization authentication code acquisition request and returns the corresponding authorization authentication code to the first application , Further including: the second server receiving the authorization authentication code sent by the first server; the second server performing credibility verification on the authorization authentication code to obtain a corresponding credibility verification result; If the credibility verification result is that the verification is passed, the authorization token and the digital identity are returned to the first server, so that the first server is directed to the first server based on the authorization token and the digital identity.
  • the first application executes a corresponding authorized login operation.
  • the preset inter-process communication mode is determined in the following manner: according to the calling object attribute of the business service of the second application Information to determine the security requirement level of the second application; among a plurality of candidate inter-process communication modes, a preset inter-process communication mode corresponding to the security requirement level is selected.
  • the first application to be logged in invokes the pre-integrated second application's preset software development kit SDK, and uses the preset software development kit SDK.
  • the inter-process communication mode communicates with the second application at the bottom level to obtain the authentication credential for requesting authorized login from the second application; and then send the obtained authentication credential to the second server corresponding to the second application to
  • the second server is triggered to verify the validity of the authentication certificate, and after the second server verifies that the authentication certificate is legal, the first application receives the authorization data information returned by the second server, and then passes the SDK of the second application, Render and display the corresponding authorization confirmation page based on the authorization data information; and then based on the user's confirmation information for the authorization confirmation page, trigger the first server corresponding to the first application to control the first application to complete the authorization login, so that the first application can be realized Perform bottom-level communication with the second application to obtain authentication credentials, so that the process of obtaining authentication credentials and rendering the authorization confirmation page is completed in the first application, without jumping to the second application, eliminating the need for the first application
  • the multiple jumps with the second application not only improve the user experience, but also simplify the business link for application authorization login and improve the authorization login
  • the improvement of a technology can be clearly distinguished between hardware improvements (for example, improvements in circuit structures such as diodes, transistors, switches, etc.) or software improvements (improvements in method flow).
  • hardware improvements for example, improvements in circuit structures such as diodes, transistors, switches, etc.
  • software improvements improvements in method flow.
  • the improvement of many methods and processes of today can be regarded as a direct improvement of the hardware circuit structure.
  • Designers almost always get the corresponding hardware circuit structure by programming the improved method flow into the hardware circuit. Therefore, it cannot be said that the improvement of a method flow cannot be realized by the hardware entity module.
  • a programmable logic device Programmable Logic Device, PLD
  • PLD Programmable Logic Device
  • FPGA Field Programmable Gate Array
  • HDL Hardware Description Language
  • ABEL Advanced Boolean Expression Language
  • AHDL Altera Hardware Description Language
  • HD Cal JHDL
  • Java Hardware Description Language Lava, Lola, My HDL, PALASM, RHDL (Ruby Hardware Description), etc.
  • VHDL Very-High-Speed Integrated Circuit Hardware Description Language
  • Verilog Verilog
  • the controller can be implemented in any suitable manner.
  • the controller can take the form of, for example, a microprocessor or a processor and a computer-readable medium storing computer-readable program codes (such as software or firmware) executable by the (micro)processor. , Logic gates, switches, application specific integrated circuits (ASICs), programmable logic controllers and embedded microcontrollers.
  • controllers include but are not limited to the following microcontrollers: ARC625D, Atmel AT91SAM, Microchip PIC18F26K20 and Silicon Labs C8051F320, the memory controller can also be implemented as a part of the control logic of the memory.
  • controllers in addition to implementing the controller in a purely computer-readable program code manner, it is entirely possible to program the method steps to make the controller use logic gates, switches, application-specific integrated circuits, programmable logic controllers, and embedded logic.
  • the same function can be realized in the form of a microcontroller or the like. Therefore, such a controller can be regarded as a hardware component, and the devices included in it for realizing various functions can also be regarded as a structure within the hardware component. Or even, the device for realizing various functions can be regarded as both a software module for realizing the method and a structure within a hardware component.
  • a typical implementation device is a computer.
  • the computer may be, for example, a personal computer, a laptop computer, a cell phone, a camera phone, a smart phone, a personal digital assistant, a media player, a navigation device, an email device, a game console, a tablet computer, a wearable device, or Any combination of these devices.
  • one or more of the embodiments in this specification can be provided as a method, a system, or a computer program product. Therefore, one or more of this specification may adopt the form of a complete hardware embodiment, a complete software embodiment, or an embodiment combining software and hardware. Moreover, one or more of this specification can adopt computer program products implemented on one or more computer-usable storage media (including but not limited to disk storage, CD-ROM, optical storage, etc.) containing computer-usable program codes. form.
  • computer-usable storage media including but not limited to disk storage, CD-ROM, optical storage, etc.
  • These computer program instructions can be provided to the processor of a general-purpose computer, a special-purpose computer, an embedded processor, or other programmable data processing equipment to generate a machine, so that the instructions executed by the processor of the computer or other programmable data processing equipment are used to generate It is a device that realizes the functions specified in one process or multiple processes in the flowchart and/or one block or multiple blocks in the block diagram.
  • These computer program instructions can also be stored in a computer-readable memory that can guide a computer or other programmable data processing equipment to work in a specific manner, so that the instructions stored in the computer-readable memory produce an article of manufacture including the instruction device.
  • the device implements the functions specified in one process or multiple processes in the flowchart and/or one block or multiple blocks in the block diagram.
  • These computer program instructions can also be loaded on a computer or other programmable data processing equipment, so that a series of operation steps are executed on the computer or other programmable equipment to produce computer-implemented processing, so as to execute on the computer or other programmable equipment.
  • the instructions provide steps for implementing the functions specified in one process or multiple processes in the flowchart and/or one block or multiple blocks in the block diagram.
  • the computing device includes one or more processors (CPUs), input/output interfaces, network interfaces, and memory.
  • processors CPUs
  • input/output interfaces network interfaces
  • memory volatile and non-volatile memory
  • the memory may include non-permanent memory in computer readable media, random access memory (RAM) and/or non-volatile memory, such as read-only memory (ROM) or flash memory (flash RAM). Memory is an example of computer readable media.
  • RAM random access memory
  • ROM read-only memory
  • flash RAM flash memory
  • Computer-readable media include permanent and non-permanent, removable and non-removable media, and information storage can be realized by any method or technology.
  • the information can be computer-readable instructions, data structures, program modules, or other data.
  • Examples of computer storage media include, but are not limited to, phase change memory (PRAM), static random access memory (SRAM), dynamic random access memory (DRAM), other types of random access memory (RAM), read-only memory (ROM), electrically erasable programmable read-only memory (EEPROM), flash memory or other memory technology, CD-ROM, digital versatile disc (DVD) or other optical storage, Magnetic cassettes, magnetic tape magnetic disk storage or other magnetic storage devices or any other non-transmission media can be used to store information that can be accessed by computing devices. According to the definition in this article, computer-readable media does not include transitory media, such as modulated data signals and carrier waves.
  • one or more of the embodiments in this specification can be provided as a method, a system, or a computer program product. Therefore, one or more of this specification may adopt the form of a complete hardware embodiment, a complete software embodiment, or an embodiment combining software and hardware. Moreover, one or more of this specification can adopt computer program products implemented on one or more computer-usable storage media (including but not limited to disk storage, CD-ROM, optical storage, etc.) containing computer-usable program codes. form.
  • computer-usable storage media including but not limited to disk storage, CD-ROM, optical storage, etc.
  • program modules include routines, programs, objects, components, data structures, etc. that perform specific tasks or implement specific abstract data types.
  • program modules can also be practiced in a distributed computing environment. In these distributed computing environments, tasks are performed by remote processing devices connected through a communication network. In a distributed computing environment, program modules can be located in local and remote computer storage media including storage devices.

Landscapes

  • Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Multimedia (AREA)
  • Technology Law (AREA)
  • Information Transfer Between Computers (AREA)

Abstract

An authorized login method, device and system for an application program, the method comprising: after detecting an authorized login request, a first application invokes a pre-integrated preset software development kit (SDK) for a second application (S202). The first application acquires an authentication certificate for requesting authorized login from the second application by means of the SDK and by using a preset inter-process communication mode (S204). The first application sends the authentication certificate to a second server corresponding to the second application by means of the SDK, so that the second server verifies whether the authentication certificate is valid, and returns authorization data information when it is determined that the authentication certificate is valid (S206). The first application renders a corresponding authorization confirmation page on the basis of the received authorization data information by means of the SDK (S208). Once confirmation information of a user for the authorization confirmation page is received, a first server corresponding to the first application is triggered to perform a corresponding authorization login operation for the first application (S210).

Description

应用程序的授权登录Authorized login of the application 技术领域Technical field
本文件涉及互联网技术领域,尤其涉及一种应用程序的授权登录方法、装置及系统。This document relates to the field of Internet technology, and in particular to an authorized login method, device and system for application programs.
背景技术Background technique
目前,随着互联网时代的到来,互联网在人们日常的学习、工作和生活中得到广泛的应用。人们日常的各种事务都可以通过互联网来处理和呈现。同时,随着移动互联网的快速发展,各互联网服务提供方通过开发各自的应用程序为用户提供相应的业务服务,用户可以根据各自的实际需求在智能手机中安装相应的应用程序,例如,视频应用、聊天应用、购物应用、支付应用等等。At present, with the advent of the Internet era, the Internet is widely used in people's daily study, work and life. People's daily affairs can be handled and presented through the Internet. At the same time, with the rapid development of the mobile Internet, various Internet service providers provide users with corresponding business services by developing their own applications. Users can install corresponding applications in their smartphones according to their actual needs, such as video applications. , Chat applications, shopping applications, payment applications, etc.
其中,为了提高应用程序的使用安全性,在用户请求使用应用程序时,需要用户先输入账号、密码登录应用程序。进一步的,考虑到用户可能存在忘记账号、密码、或者不愿意输入账号、密码的情况,为了确保用户能够快速完成应用程序的登录,现有技术中提供了一种采用开放授权的方式快捷登录第三方应用,具体的,允许用户授权第三方应用访问其用于登录的账号、密码,这样在目标应用程序处于登录状态时,用户可以通过将其账号、密码授权给第三方应用,以使第三方应用基于该账号、密码完成快速登录。然而,在此过程中,需要先从第三方应用跳转至目标应用程序后进行授权,在授权成功后再由目标应用程序跳回至第三方应用,因此,需要在目标应用程序和第三方应用之间进行至少两次跳转,才能够完成第三方应用的授权登录。Among them, in order to improve the use security of the application, when the user requests to use the application, the user is required to first enter the account number and password to log in to the application. Further, considering that the user may forget the account or password, or is unwilling to enter the account or password, in order to ensure that the user can quickly complete the application login, the prior art provides a way to quickly log in using open authorization. Third-party applications, specifically, allow users to authorize third-party applications to access their account and password for login, so that when the target application is in the login state, the user can authorize the account and password to the third-party application to enable the third party The application completes quick login based on the account and password. However, in this process, it is necessary to first jump from the third-party application to the target application and then perform authorization, and then jump back from the target application to the third-party application after the authorization is successful. Make at least two jumps in between to complete the authorized login of the third-party application.
由此可知,需要提供一种更加快速、便捷的应用程序的授权登录的技术方案。It can be seen from this that it is necessary to provide a faster and more convenient technical solution for application authorization login.
发明内容Summary of the invention
本说明书一个或多个实施例的目的是提供一种应用程序的授权登录方法。该应用程序的授权登录方法包括:在检测到授权登录请求后,第一应用调用预先集成的第二应用的预设软件开发工具包SDK,所述授权登录请求包括开放授权使用第二应用的账户信息登录第一应用的请求;所述第一应用通过所述SDK并利用预设进程间通信方式,向所述第二应用获取用于请求授权登录的鉴权凭证;所述第一应用通过所述SDK,向所述第二应用对应的第二服务端发送所述鉴权凭证,以使所述第二服务端校验所述鉴权凭证是否合法,并在确定所述鉴权凭证合法时返回授权数据信息;所述第一应用通过所述SDK, 基于接收到的所述授权数据信息,渲染相应的授权确认页面;在接收到用户针对所述授权确认页面的确认信息后,触发所述第一应用对应的第一服务端针对所述第一应用执行相应的授权登录操作。The purpose of one or more embodiments of this specification is to provide an authorized login method for an application program. The authorized login method of the application includes: after detecting the authorized login request, the first application invokes the pre-integrated preset software development kit SDK of the second application, and the authorized login request includes an account that is authorized to use the second application. Information log in to the first application; the first application obtains the authentication credential for requesting authorization to log in from the second application through the SDK and using the preset inter-process communication method; the first application passes all The SDK sends the authentication credential to the second server corresponding to the second application, so that the second server verifies whether the authentication credential is legal, and when it is determined that the authentication credential is legal Return the authorization data information; the first application renders the corresponding authorization confirmation page based on the received authorization data information through the SDK; after receiving the user's confirmation information for the authorization confirmation page, triggers the The first server corresponding to the first application executes a corresponding authorized login operation for the first application.
本说明书一个或多个实施例的目的是提供一种应用程序的授权登录方法。该应用程序的授权登录方法包括:第二应用对应的第二服务端接收第一应用通过预先集成的所述第二应用的预设软件开发工具包SDK所发送的鉴权凭证,其中,所述鉴权凭证是第一应用通过调用所述SDK并利用预设进程间通信方式从所述第二应用获取的;所述第二服务端对所述鉴权凭证进行合法性校验,得到相应的合法性验证结果;若所述合法性验证结果为所述鉴权凭证合法,则向所述第一应用返回授权数据信息,以使所述第一应用通过所述SDK基于所述授权数据信息渲染相应的授权确认页面,并触发所述第一应用对应的第一服务端针对所述第一应用执行相应的授权登录操作。The purpose of one or more embodiments of this specification is to provide an authorized login method for an application program. The authorization login method of the application includes: the second server corresponding to the second application receives the authentication credential sent by the first application through the pre-integrated preset software development kit SDK of the second application, wherein the The authentication credential is obtained by the first application from the second application by invoking the SDK and using a preset inter-process communication method; the second server verifies the legality of the authentication credential to obtain the corresponding Legality verification result; if the legality verification result is that the authentication voucher is valid, return authorization data information to the first application, so that the first application renders based on the authorization data information through the SDK Corresponding authorization confirmation page, and trigger the first server corresponding to the first application to perform a corresponding authorization login operation for the first application.
本说明书一个或多个实施例的目的是提供一种应用程序的授权登录装置。该应用程序的授权登录装置包括:SDK调用模块,其在检测到授权登录请求后,第一应用调用预先集成的第二应用的预设软件开发工具包SDK,所述授权登录请求包括开放授权使用第二应用的账户信息登录第一应用的请求;鉴权凭证获取模块,其所述第一应用通过所述SDK并利用预设进程间通信方式,向所述第二应用获取用于请求授权登录的鉴权凭证;鉴权凭证发送模块,其所述第一应用通过所述SDK,向所述第二应用对应的第二服务端发送所述鉴权凭证,以使所述第二服务端校验所述鉴权凭证是否合法,并在确定所述鉴权凭证合法时返回授权数据信息;授权页面渲染模块,其所述第一应用通过所述SDK,基于接收到的所述授权数据信息,渲染相应的授权确认页面;应用授权登录模块,其在接收到用户针对所述授权确认页面的确认信息后,触发所述第一应用对应的第一服务端针对所述第一应用执行相应的授权登录操作。The purpose of one or more embodiments of this specification is to provide an authorized login device for application programs. The authorization login device of the application program includes: an SDK calling module, which after detecting the authorization login request, the first application calls the pre-integrated preset software development kit SDK of the second application, and the authorization login request includes open authorization to use A request for the account information of the second application to log in to the first application; an authentication credential obtaining module, the first application of which obtains from the second application through the SDK and using a preset inter-process communication method for requesting authorization to log in The authentication certificate; the authentication certificate sending module, the first application of which sends the authentication certificate to the second server corresponding to the second application through the SDK, so that the second server can verify Verifying whether the authentication certificate is legal, and returning authorization data information when it is determined that the authentication certificate is legal; an authorization page rendering module, whose first application passes through the SDK, based on the received authorization data information, Render the corresponding authorization confirmation page; the application authorization login module triggers the first server corresponding to the first application to perform the corresponding authorization for the first application after receiving the user's confirmation information for the authorization confirmation page Login operation.
本说明书一个或多个实施例的目的是提供一种应用程序的授权登录装置。该应用程序的授权登录装置包括:鉴权凭证接收模块,其第二应用对应的第二服务端接收第一应用通过预先集成的所述第二应用的预设软件开发工具包SDK所发送的鉴权凭证,其中,所述鉴权凭证是第一应用通过调用所述SDK并利用预设进程间通信方式从所述第二应用获取的;鉴权凭证校验模块,其所述第二服务端对所述鉴权凭证进行合法性校验,得到相应的合法性验证结果;授权信息发送模块,其若所述合法性验证结果为所述鉴权凭证合法,则向所述第一应用返回授权数据信息,以使所述第一应用通过所述SDK基于所述授权数据信息渲染相应的授权确认页面,并触发所述第一应用对应的第一服务端针 对所述第一应用执行相应的授权登录操作。The purpose of one or more embodiments of this specification is to provide an authorized login device for application programs. The authorization login device of the application includes: an authentication credential receiving module, the second server corresponding to the second application of the second application receives the authentication sent by the first application through the pre-integrated preset software development kit SDK of the second application. The authentication certificate, wherein the authentication certificate is obtained by the first application from the second application by invoking the SDK and using a preset inter-process communication mode; the authentication certificate verification module, the second server Perform a legality check on the authentication voucher to obtain a corresponding legality verification result; an authorization information sending module, if the legality verification result is that the authentication voucher is legal, it returns an authorization to the first application Data information, so that the first application renders the corresponding authorization confirmation page based on the authorization data information through the SDK, and triggers the first server corresponding to the first application to perform corresponding authorization for the first application Login operation.
本说明书一个或多个实施例的目的是提供一种应用程序的授权登录系统。该应用程序的授权登录系统包括客户端、第一应用对应的第一服务端、第二应用对应的第二服务端。其中,所述客户端安装有所述第一应用和所述第二应用。所述第一应用,在检测到授权登录请求后,调用预先集成的第二应用的预设软件开发工具包SDK,所述授权登录请求包括开放授权使用第二应用的账户信息登录第一应用的请求;以及,通过所述SDK并利用预设进程间通信方式,向所述第二应用获取用于请求授权登录的鉴权凭证。所述第二服务端,接收所述第一应用通过所述SDK发送所述鉴权凭证,并校验所述鉴权凭证是否合法,并在确定所述鉴权凭证合法时向所述第一应用返回授权数据信息。所述第一应用,通过所述SDK接收所述授权数据信息,并基于所述授权数据信息,渲染相应的授权确认页面;以及,在接收到用户针对所述授权确认页面的确认信息后,触发所述第一应用对应的第一服务端针对所述第一应用执行相应的授权登录操作。The purpose of one or more embodiments of this specification is to provide an authorized login system for application programs. The authorized login system of the application includes a client, a first server corresponding to the first application, and a second server corresponding to the second application. Wherein, the client is installed with the first application and the second application. The first application, after detecting the authorization login request, invokes the pre-integrated preset software development kit SDK of the second application, the authorization login request includes the authorization to use the account information of the second application to log in to the first application Request; and, through the SDK and using a preset inter-process communication method, to obtain an authentication credential for requesting authorized login from the second application. The second server receives the authentication certificate sent by the first application through the SDK, verifies whether the authentication certificate is legal, and sends the authentication certificate to the first application when it is determined that the authentication certificate is legal. The application returns the authorization data information. The first application receives the authorization data information through the SDK, and renders the corresponding authorization confirmation page based on the authorization data information; and, after receiving the user's confirmation information for the authorization confirmation page, trigger The first server corresponding to the first application executes a corresponding authorized login operation for the first application.
本说明书一个或多个实施例的目的是提供一种应用程序的授权登录设备,包括:处理器;以及被安排成存储计算机可执行指令的存储器。所述计算机可执行指令在被执行时使所述处理器:在检测到授权登录请求后,第一应用调用预先集成的第二应用的预设软件开发工具包SDK,所述授权登录请求包括开放授权使用第二应用的账户信息登录第一应用的请求;所述第一应用通过所述SDK并利用预设进程间通信方式,向所述第二应用获取用于请求授权登录的鉴权凭证;所述第一应用通过所述SDK,向所述第二应用对应的第二服务端发送所述鉴权凭证,以使所述第二服务端校验所述鉴权凭证是否合法,并在确定所述鉴权凭证合法时返回授权数据信息;所述第一应用通过所述SDK,基于接收到的所述授权数据信息,渲染相应的授权确认页面;在接收到用户针对所述授权确认页面的确认信息后,触发所述第一应用对应的第一服务端针对所述第一应用执行相应的授权登录操作。The purpose of one or more embodiments of this specification is to provide an authorized login device for an application program, including: a processor; and a memory arranged to store computer-executable instructions. The computer-executable instructions, when executed, cause the processor to: after detecting an authorized login request, the first application invokes the pre-integrated preset software development kit SDK of the second application, and the authorized login request includes open A request to authorize the use of the account information of the second application to log in to the first application; the first application obtains the authentication credential for requesting authorization to log in from the second application through the SDK and using a preset inter-process communication method; The first application sends the authentication credential to the second server corresponding to the second application through the SDK, so that the second server verifies whether the authentication credential is legal, and confirms When the authentication certificate is valid, the authorization data information is returned; the first application renders the corresponding authorization confirmation page based on the received authorization data information through the SDK; After the information is confirmed, the first server corresponding to the first application is triggered to perform a corresponding authorized login operation for the first application.
本说明书一个或多个实施例的目的是提供一种应用程序的授权登录设备,包括:处理器;以及被安排成存储计算机可执行指令的存储器。所述计算机可执行指令在被执行时使所述处理器:第二应用对应的第二服务端接收第一应用通过预先集成的所述第二应用的预设软件开发工具包SDK所发送的鉴权凭证,其中,所述鉴权凭证是第一应用通过调用所述SDK并利用预设进程间通信方式从所述第二应用获取的;所述第二服务端对所述鉴权凭证进行合法性校验,得到相应的合法性验证结果;若所述合法性验证结果为所述鉴权凭证合法,则向所述第一应用返回授权数据信息,以使所述第一应用通过所 述SDK基于所述授权数据信息渲染相应的授权确认页面,并触发所述第一应用对应的第一服务端针对所述第一应用执行相应的授权登录操作。The purpose of one or more embodiments of this specification is to provide an authorized login device for an application program, including: a processor; and a memory arranged to store computer-executable instructions. When the computer-executable instructions are executed, the processor: the second server corresponding to the second application receives the authentication sent by the first application through the pre-integrated preset software development kit SDK of the second application. The authentication certificate, wherein the authentication certificate is obtained by the first application from the second application by invoking the SDK and using a preset inter-process communication method; the second server performs legal authentication on the authentication certificate The corresponding legality verification result is obtained; if the legality verification result is that the authentication certificate is legal, then the authorization data information is returned to the first application so that the first application can pass the SDK Rendering a corresponding authorization confirmation page based on the authorization data information, and triggering the first server corresponding to the first application to perform a corresponding authorization login operation for the first application.
本说明书一个或多个实施例的目的是提供一种存储介质,用于存储计算机可执行指令。所述可执行指令在被处理器执行时:在检测到授权登录请求后,第一应用调用预先集成的第二应用的预设软件开发工具包SDK,所述授权登录请求包括开放授权使用第二应用的账户信息登录第一应用的请求;所述第一应用通过所述SDK并利用预设进程间通信方式,向所述第二应用获取用于请求授权登录的鉴权凭证;所述第一应用通过所述SDK,向所述第二应用对应的第二服务端发送所述鉴权凭证,以使所述第二服务端校验所述鉴权凭证是否合法,并在确定所述鉴权凭证合法时返回授权数据信息;所述第一应用通过所述SDK,基于接收到的所述授权数据信息,渲染相应的授权确认页面;在接收到用户针对所述授权确认页面的确认信息后,触发所述第一应用对应的第一服务端针对所述第一应用执行相应的授权登录操作。The purpose of one or more embodiments of this specification is to provide a storage medium for storing computer-executable instructions. When the executable instruction is executed by the processor: after detecting the authorization login request, the first application invokes the pre-integrated preset software development kit SDK of the second application, and the authorization login request includes the open authorization to use the second application. The account information of the application is a request to log in to the first application; the first application obtains the authentication credential for requesting authorization to log in from the second application through the SDK and using a preset inter-process communication method; The application sends the authentication voucher to the second server corresponding to the second application through the SDK, so that the second server verifies whether the authentication voucher is legal, and determines whether the authentication voucher is valid or not. When the credential is valid, the authorization data information is returned; the first application renders the corresponding authorization confirmation page based on the received authorization data information through the SDK; after receiving the user's confirmation information for the authorization confirmation page, The first server corresponding to the first application is triggered to perform a corresponding authorized login operation for the first application.
本说明书一个或多个实施例的目的是提供一种存储介质,用于存储计算机可执行指令。所述可执行指令在被处理器执行时:第二应用对应的第二服务端接收第一应用通过预先集成的所述第二应用的预设软件开发工具包SDK所发送的鉴权凭证,其中,所述鉴权凭证是第一应用通过调用所述SDK并利用预设进程间通信方式从所述第二应用获取的;所述第二服务端对所述鉴权凭证进行合法性校验,得到相应的合法性验证结果;若所述合法性验证结果为所述鉴权凭证合法,则向所述第一应用返回授权数据信息,以使所述第一应用通过所述SDK基于所述授权数据信息渲染相应的授权确认页面,并触发所述第一应用对应的第一服务端针对所述第一应用执行相应的授权登录操作。The purpose of one or more embodiments of this specification is to provide a storage medium for storing computer-executable instructions. When the executable instruction is executed by the processor: the second server corresponding to the second application receives the authentication certificate sent by the first application through the pre-integrated pre-integrated software development kit SDK of the second application, where The authentication credential is obtained by the first application from the second application by invoking the SDK and using a preset inter-process communication method; the second server verifies the legality of the authentication credential, Obtain the corresponding legality verification result; if the legality verification result is that the authentication voucher is legal, then the authorization data information is returned to the first application, so that the first application passes the SDK based on the authorization The data information renders the corresponding authorization confirmation page, and triggers the first server corresponding to the first application to perform a corresponding authorization login operation for the first application.
附图说明Description of the drawings
为了更清楚地说明本说明书一个或多个实施例或现有技术中的技术方案,下面将对实施例或现有技术描述中所需要使用的附图作简单地介绍,显而易见地,下面描述中的附图仅仅是本说明书记载的一些实施例,对于本领域普通技术人员来讲,在不付出创造性劳动性的前提下,还可以根据这些附图获得其他的附图。In order to more clearly explain one or more embodiments of this specification or the technical solutions in the prior art, the following will briefly introduce the drawings that need to be used in the description of the embodiments or the prior art. Obviously, in the following description The accompanying drawings are only some embodiments described in this specification. For those of ordinary skill in the art, other drawings can be obtained based on these drawings without creative labor.
图1为本说明书一个或多个实施例提供的应用程序的授权登录系统的应用场景示意图;FIG. 1 is a schematic diagram of an application scenario of an authorized login system for an application program provided in one or more embodiments of this specification;
图2为本说明书一个或多个实施例提供的应用程序的授权登录方法的第一种流程示意图;2 is a schematic diagram of the first flow chart of the authorized login method for an application provided by one or more embodiments of this specification;
图3为本说明书一个或多个实施例提供的应用程序的授权登录方法的第二种流程示意图;FIG. 3 is a schematic diagram of the second flow chart of the application authorization login method provided by one or more embodiments of this specification;
图4为本说明书一个或多个实施例提供的应用程序的授权登录方法的第三种流程示意图;FIG. 4 is a schematic diagram of a third flow chart of an application authorization login method provided by one or more embodiments of this specification;
图5为本说明书一个或多个实施例提供的应用程序的授权登录方法中涉及的多端交互过程示意图;FIG. 5 is a schematic diagram of the multi-terminal interaction process involved in the authorization login method for an application provided by one or more embodiments of this specification;
图6为本说明书一个或多个实施例提供的应用于第二服务端的应用程序的授权登录方法的流程示意图;6 is a schematic flowchart of an authorization login method applied to an application program of a second server provided in one or more embodiments of this specification;
图7为本说明书一个或多个实施例提供的应用程序的授权登录装置的第一种模块组成示意图;FIG. 7 is a schematic diagram of the first type of module composition of the authorized login device for application programs provided in one or more embodiments of this specification;
图8为本说明书一个或多个实施例提供的应用程序的授权登录装置的第二种模块组成示意图;FIG. 8 is a schematic diagram showing the composition of a second type of module of the authorized login device for an application program provided in one or more embodiments of this specification; FIG.
图9为本说明书一个或多个实施例提供的应用程序的授权登录设备的结构示意图。Fig. 9 is a schematic structural diagram of an authorized login device for an application provided by one or more embodiments of this specification.
具体实施方式Detailed ways
为了使本技术领域的人员更好地理解本说明书的技术方案,下面将结合本说明书一个或多个实施例中的附图,对本说明书一个或多个实施例中的技术方案进行清楚、完整地描述,显然,所描述的实施例仅仅是本说明书一个或多个一部分实施例,而不是全部的实施例。基于本说明书一个或多个实施例,本领域普通技术人员在没有作出创造性劳动前提下所获得的所有其他实施例,都应当属于本本文件的保护范围。In order to enable those skilled in the art to better understand the technical solutions of this specification, the technical solutions in one or more embodiments of this specification will be clearly and completely described below in conjunction with the drawings in one or more embodiments of this specification. Description: Obviously, the described embodiments are only a part of one or more embodiments in this specification, rather than all the embodiments. Based on one or more embodiments of this specification, all other embodiments obtained by a person of ordinary skill in the art without creative work shall fall within the protection scope of this document.
在不冲突的情况下,本说明书中的一个或多个实施例以及实施例中的特征可以相互组合。下面将参考附图并结合实施例来详细说明本说明书一个或多个实施例。In the case of no conflict, one or more embodiments in this specification and features in the embodiments can be combined with each other. Hereinafter, one or more embodiments of this specification will be described in detail with reference to the drawings and in conjunction with the embodiments.
本说明书一个或多个实施例提供了一种应用程序的授权登录方法、装置及系统,待登录的第一应用通过调用预先集成的第二应用的预设软件开发工具包SDK,利用预设进程间通信方式与第二应用进行底层通信,以从第二应用获取用于请求授权登录的鉴权凭证;再将获取到的鉴权凭证发送至第二应用对应的第二服务端,以触发第二服务端对该鉴权凭证进行合法性验证,并且在第二服务端验证鉴权凭证合法后,第一应用接收第二服务端返回的授权数据信息,再通过第二应用的SDK,基于该授权数据信息渲染并显示相应的授权确认页面;再基于用户针对该授权确认页面的确认信息,触发第一应用对应 的第一服务端控制第一应用完成授权登录,这样能够实现第一应用与第二应用之间进行底层通信来获取鉴权凭证,以使鉴权凭证获取以及授权确认页面渲染的过程均在第一应用内完成,无需跳转至第二应用,省去了第一应用与第二应用之间的多次跳转,不仅提升了用户使用体验,还简化了应用授权登录的业务链路,提高了授权登录成功率。One or more embodiments of this specification provide an authorized login method, device, and system for an application program. The first application to be logged in invokes the pre-integrated preset software development kit SDK of the second application, and uses the preset process Communicate with the second application in the underlying communication mode to obtain the authentication credential for requesting authorized login from the second application; and then send the obtained authentication credential to the second server corresponding to the second application to trigger the second application. The second server verifies the validity of the authentication certificate, and after the second server verifies that the authentication certificate is legal, the first application receives the authorization data information returned by the second server, and then passes the SDK of the second application, based on the The authorization data information is rendered and the corresponding authorization confirmation page is displayed; based on the user's confirmation information for the authorization confirmation page, the first server corresponding to the first application is triggered to control the first application to complete the authorization login, which can realize the first application and the first application. The bottom layer communication between the two applications is to obtain the authentication credentials, so that the process of obtaining the authentication credentials and rendering the authorization confirmation page is completed in the first application, and there is no need to jump to the second application, eliminating the need for the first application and the second application. The multiple jumps between the two applications not only improve the user experience, but also simplify the business link for application authorization login and improve the authorization login success rate.
图1为本说明书一个或多个实施例提供的应用程序的授权登录系统的应用场景示意图,如图1所示,该系统包括客户端、第一应用对应的第一服务端、以及第二应用对应的第二服务端。该客户端安装有第一应用和第二应用。该客户端可是智能手机、平板电脑等移动终端。该客户端还可是个人计算机等终端设备,该第一服务端和第二服务端可是用于提供某一业务服务的后台服务端,该第一服务端和第二服务端可以是独立的服务器,也可是由多个服务器组成的服务器集群。应用程序的授权登录的具体过程为:Figure 1 is a schematic diagram of an application scenario of an application authorization login system provided by one or more embodiments of this specification. As shown in Figure 1, the system includes a client, a first server corresponding to a first application, and a second application The corresponding second server. The client has a first application and a second application installed. The client can be a mobile terminal such as a smart phone or a tablet computer. The client can also be a terminal device such as a personal computer, the first server and the second server can be background servers for providing a certain business service, and the first server and the second server can be independent servers, It can also be a server cluster composed of multiple servers. The specific process of application authorization login is:
(1)在检测到针对第一应用的授权登录请求后,调用预先集成在第一应用的数据包中且该授权登录请求所针对的第二应用的预设软件开发工具包SDK;(1) After detecting the authorization login request for the first application, call the preset software development kit SDK of the second application pre-integrated in the data package of the first application and the authorization login request is for the second application;
其中,上述授权登录请求包括开放授权使用第二应用的账户信息登录第一应用的请求,预先在第一应用的数据包内集成有多个不同的第二应用的SDK,根据用户的触控操作确定授权登录请求所针对的第二应用;Wherein, the above-mentioned authorized login request includes a request to openly authorize the use of the account information of the second application to log in to the first application. A plurality of different SDKs of the second application are integrated in the data package of the first application in advance, and according to the user's touch operation Determine the second application targeted by the authorized login request;
(2)第一应用通过上述第二应用的SDK并利用预设进程间通信方式,向第二应用获取用于请求授权登录的鉴权凭证;(2) The first application obtains the authentication credential for requesting authorized login from the second application through the SDK of the above-mentioned second application and using the preset inter-process communication method;
其中,上述预设进程间通信方式可以包括Messenger、AIDL、Content Provider、Broadcast Receiver、文件共享、scoket中任一种;具体的,通过第二应用的SDK及预设进程间通信方式,使得第一应用与第二应用之间进行底层通信来获取鉴权凭证,这样无需在第一应用与第二应用之间进行多次跳转;Among them, the aforementioned preset inter-process communication method may include any one of Messenger, AIDL, Content Provider, Broadcast Receiver, file sharing, and scoket; specifically, through the SDK of the second application and the preset inter-process communication method, the first Underlying communication between the application and the second application to obtain authentication credentials, so that there is no need to jump multiple times between the first application and the second application;
(3)第一应用通过上述第二应用的SDK将获取到的鉴权凭证发送至第二服务端;(3) The first application sends the obtained authentication credential to the second server through the SDK of the second application;
(4)第二服务端在接收到第一应用通过上述第二应用的SDK所发送的鉴权凭证后,校验该鉴权凭证是否合法,得到相应的鉴权凭证校验结果;(4) After receiving the authentication certificate sent by the first application through the SDK of the second application, the second server verifies whether the authentication certificate is legal, and obtains the corresponding authentication certificate verification result;
具体的,由于鉴权凭证是第二服务端利用私有密钥进行签名后再分配给第二应用的,第二服务端利用相应的公有密钥对获取到的鉴权凭证进行验签处理,若验签通过,则确定鉴权凭证合法;Specifically, since the authentication certificate is signed by the second server using the private key and then distributed to the second application, the second server uses the corresponding public key to verify the obtained authentication certificate, if If the verification is passed, it is determined that the authentication certificate is legal;
(5)若上述鉴权凭证校验结果为鉴权凭证合法,则第二服务端向第一应用返回授权数据信息;(5) If the verification result of the above authentication certificate is that the authentication certificate is valid, the second server returns the authorization data information to the first application;
其中,上述授权数据信息包括用户授权范围,即用户授权给第一应用的第二应用的属性字段,例如,用户授权范围可以是头像、账户、昵称等;Wherein, the above-mentioned authorization data information includes the user authorization range, that is, the attribute field of the second application authorized by the user to the first application. For example, the user authorization range may be an avatar, account, nickname, etc.;
(6)第一应用通过上述第二应用的SDK接收第二服务端返回的授权数据信息,并通过上述第二应用的SDK基于该授权数据信息,渲染相应的授权确认页面;(6) The first application receives the authorization data information returned by the second server through the SDK of the second application, and renders the corresponding authorization confirmation page based on the authorization data information through the SDK of the second application;
例如,若授权数据信息的用户授权范围为头像、账户、昵称,则在授权确认页面中显示用于提示用户确认是否将第二应用的头像、账户、昵称授权给第一应用的提示信息;For example, if the user authorization scope of the authorization data information is an avatar, account, and nickname, a prompt message for prompting the user to confirm whether to authorize the avatar, account, and nickname of the second application to the first application is displayed on the authorization confirmation page;
(7)第一应用在检测到用户针对授权确认页面的确认信息后,通过上述第二应用的SDK向第二服务端请求获取授权认证码;(7) After the first application detects the user's confirmation information for the authorization confirmation page, it requests the second server to obtain the authorization authentication code through the SDK of the second application;
具体的,在检测到用户针对使用第二应用授权登录第一应用的确认控件的点击操作后,通过上述第二应用的SDK向第二服务端发送授权认证码获取请求;Specifically, after detecting the user's click operation on the confirmation control of the first application authorized to log in to the first application using the second application, send an authorization authentication code acquisition request to the second server through the SDK of the second application;
(8)第一应用将第二服务端返回的授权认证码发送至第一服务端;(8) The first application sends the authorization authentication code returned by the second server to the first server;
(9)第一服务端基于接收到的授权认证码向第二服务端请求授权给第一应用的第二应用的属性信息,并基于该第二应用的属性信息针对第一应用执行相应的授权登录操作;其中,上述授权给第一应用的第二应用的属性信息即为授权数据信息的授权范围所指示的属性字段的取值。(9) The first server requests the second server for the attribute information of the second application authorized to the first application based on the received authorization authentication code, and performs corresponding authorization for the first application based on the attribute information of the second application Login operation; wherein, the attribute information of the second application authorized to the first application is the value of the attribute field indicated by the authorization scope of the authorization data information.
在上述应用程序的授权登录的过程中,待登录的第一应用通过调用预先集成的第二应用的预设软件开发工具包SDK,利用预设进程间通信方式与第二应用进行底层通信,以从第二应用获取用于请求授权登录的鉴权凭证;再将获取到的鉴权凭证发送至第二应用对应的第二服务端,以触发第二服务端对该鉴权凭证进行合法性验证,并且在第二服务端验证鉴权凭证合法后,第一应用接收第二服务端返回的授权数据信息,再通过第二应用的SDK,基于该授权数据信息渲染并显示相应的授权确认页面;再基于用户针对该授权确认页面的确认信息,触发第一应用对应的第一服务端控制第一应用完成授权登录,这样能够实现第一应用与第二应用之间进行底层通信来获取鉴权凭证,以使鉴权凭证获取以及授权确认页面渲染的过程均在第一应用内完成,无需跳转至第二应用,省去了第一应用与第二应用之间的多次跳转,不仅提升了用户使用体验,还简化了应用授权登录的业务链路,提高了授权登录成功率。During the authorization login process of the above-mentioned application, the first application to be logged in calls the pre-integrated preset software development kit SDK of the second application, and uses the preset inter-process communication method to communicate with the second application at the bottom level. Obtain the authentication credential used to request authorized login from the second application; then send the obtained authentication credential to the second server corresponding to the second application to trigger the second server to verify the legality of the authentication credential , And after the second server verifies that the authentication certificate is legal, the first application receives the authorization data information returned by the second server, and then renders and displays the corresponding authorization confirmation page based on the authorization data information through the SDK of the second application; Then based on the user's confirmation information for the authorization confirmation page, the first server corresponding to the first application is triggered to control the first application to complete the authorization login, which can realize the underlying communication between the first application and the second application to obtain the authentication credentials , So that the process of obtaining authentication credentials and rendering the authorization confirmation page is completed in the first application, without jumping to the second application, eliminating multiple jumps between the first application and the second application, which not only improves This improves the user experience, simplifies the business link for application authorization login, and improves the authorization login success rate.
图2为本说明书一个或多个实施例提供的应用程序的授权登录方法的第一种流程示意图,图2中的方法能够由图1所示的客户端中安装的第一应用执行,如图2所示,该方法至少包括以下步骤:FIG. 2 is a schematic diagram of the first flow chart of the authorization login method for an application provided by one or more embodiments of this specification. The method in FIG. 2 can be executed by the first application installed in the client shown in FIG. 1, as shown in FIG. As shown in 2, the method includes at least the following steps:
S202,在检测到授权登录请求后,第一应用调用预先集成的第二应用的预设软件开发工具包SDK,其中,该授权登录请求包括开放授权使用第二应用的账户信息登录第一应用的请求;S202. After detecting the authorization login request, the first application invokes the pre-integrated preset software development kit SDK of the second application, where the authorization login request includes the authorization to use the account information of the second application to log in to the first application. ask;
其中,预先根据业务的实际需求,预先在第一应用的数据包内集成有多个不同的第二应用的SDK,对应的,用户可以选择任一第二应用作为开放授权登录第一应用的目标应用;Among them, according to the actual needs of the business, multiple different SDKs of the second application are integrated in the data package of the first application in advance. Correspondingly, the user can select any second application as the target of open authorization to log in to the first application. application;
具体的,在检测到用户针对第一应用的登录请求后,显示第一应用的登录界面,其中,该登录界面中显示多个用于请求快捷登录的备选应用图标,若检测到用户针对多个备选应用图标中选取一个目标应用图标,则确定开放授权使用该目标应用图标对应的第二应用的账户信息登录第一应用;并生成授权登录请求,即将用户在多个备选应用图标中选择的目标应用图标对应的应用程序确定为待开放授权的第二应用,调用该第二应用的预设软件开发工具包SDK,以通过该SDK与第二应用和第二服务端进行信息交互;Specifically, after the user's login request for the first application is detected, the login interface of the first application is displayed, where multiple candidate application icons for requesting quick login are displayed in the login interface. If one target application icon is selected from the candidate application icons, it is determined that the account information of the second application corresponding to the target application icon is open to be authorized to log in to the first application; and an authorized login request is generated, that is, the user is in multiple candidate application icons The application corresponding to the selected target application icon is determined to be the second application to be opened for authorization, and the preset software development kit SDK of the second application is invoked to exchange information with the second application and the second server through the SDK;
例如,第一应用为出行应用,第二应用为社交应用,当第二应用处于登录状态时,在登录第一应用时,可以授权使用第二应用的账户信息快捷登录第一应用,具体的,出行应用调用预先集成的社交应用的预设软件开发工具包SDK,以通过该SDK与社交应用和社交应用对应的服务端进行信息交互。For example, the first application is a travel application, and the second application is a social application. When the second application is in the login state, when logging in to the first application, the account information of the second application can be authorized to quickly log in to the first application. Specifically, The travel application calls the preset software development kit SDK of the pre-integrated social application to interact with the social application and the server corresponding to the social application through the SDK.
S204,第一应用通过上述第二应用的SDK并利用预设进程间通信方式,向该第二应用获取用于请求授权登录的鉴权凭证;S204: The first application obtains an authentication credential for requesting authorized login from the second application through the SDK of the second application and using a preset inter-process communication method;
其中,通过第二应用的SDK及预设进程间通信方式,使得第一应用与第二应用之间进行底层通信来获取鉴权凭证,无需唤起第二应用,无需跳转至第二应用,也无需打开第二应用的交互界面,因此,在检测到用户确认授权后也省去了由第二应用调回第一应用的过程。Among them, through the SDK of the second application and the preset inter-process communication mode, the first application and the second application can communicate with each other at the bottom to obtain the authentication credential, without awakening the second application, without jumping to the second application, and There is no need to open the interactive interface of the second application. Therefore, after the user confirms the authorization is detected, the process of calling the first application from the second application is also omitted.
S206,第一应用通过上述第二应用的SDK,向第二应用对应的第二服务端发送获取到的鉴权凭证,以使第二服务端校验该鉴权凭证是否合法,并在确定该鉴权凭证合法时返回相应的授权数据信息;S206: The first application sends the obtained authentication credential to the second server corresponding to the second application through the SDK of the second application, so that the second server verifies whether the authentication credential is legal, and determines whether the authentication credential is legal or not. Return the corresponding authorization data information when the authentication certificate is legal;
S208,第一应用通过上述第二应用的SDK,基于接收到的授权数据信息,渲染相应的授权确认页面;S208: The first application renders a corresponding authorization confirmation page based on the received authorization data information through the SDK of the second application;
其中,上述授权确认页面中包含用于提示用户确认是否将授权数据信息对应的用户授权范围授权给第一应用的提示信息;具体的,直接在第一应用打开授权确认页面,无 需唤起第二应用,无需跳转至第二应用,也无需打开第二应用的交互界面,因此,在检测到用户确认授权后也省去了由第二应用调回第一应用的过程;Wherein, the above authorization confirmation page contains prompt information for prompting the user to confirm whether to authorize the user authorization range corresponding to the authorization data information to the first application; specifically, open the authorization confirmation page directly in the first application without awakening the second application , No need to jump to the second application, and no need to open the interactive interface of the second application, therefore, after detecting that the user confirms the authorization, the process of transferring back to the first application from the second application is also omitted;
S210,在接收到用户针对上述授权确认页面的确认信息后,触发第一应用对应的第一服务端针对第一应用执行相应的授权登录操作;S210: After receiving the user's confirmation information for the authorization confirmation page, trigger the first server corresponding to the first application to perform a corresponding authorization login operation for the first application;
具体的,第一应用通过上述第二应用的SDK,向第二服务端获取授权认证码,并将获取到的授权认证码发送给第一服务端,该第一服务端基于该授权认证码向第二服务端获取授权登录第一应用所需的目标登录信息,并基于该目标登录信息授权登录第一应用。Specifically, the first application obtains the authorization authentication code from the second server through the SDK of the second application, and sends the obtained authorization authentication code to the first server, and the first server sends the authorization authentication code to the second server based on the authorization authentication code. The second server obtains the target login information required to authorize the login to the first application, and authorizes the login to the first application based on the target login information.
本说明书一个或多个实施例中,待登录的第一应用通过调用预先集成的第二应用的预设软件开发工具包SDK,利用预设进程间通信方式与第二应用进行底层通信,以从第二应用获取用于请求授权登录的鉴权凭证;再将获取到的鉴权凭证发送至第二应用对应的第二服务端,以触发第二服务端对该鉴权凭证进行合法性验证,并且在第二服务端验证鉴权凭证合法后,第一应用接收第二服务端返回的授权数据信息,再通过第二应用的SDK,基于该授权数据信息渲染并显示相应的授权确认页面;再基于用户针对该授权确认页面的确认信息,触发第一应用对应的第一服务端控制第一应用完成授权登录,这样能够实现第一应用与第二应用之间进行底层通信来获取鉴权凭证,以使鉴权凭证获取以及授权确认页面渲染的过程均在第一应用内完成,无需跳转至第二应用,省去了第一应用与第二应用之间的多次跳转,不仅提升了用户使用体验,还简化了应用授权登录的业务链路,提高了授权登录成功率。In one or more embodiments of this specification, the first application to be logged in invokes the pre-integrated preset software development kit SDK of the second application, and uses the preset inter-process communication method to communicate with the second application at the bottom level. The second application obtains the authentication credential used to request authorized login; then sends the obtained authentication credential to the second server corresponding to the second application to trigger the second server to verify the legality of the authentication credential, And after the second server verifies that the authentication certificate is legal, the first application receives the authorization data information returned by the second server, and then renders and displays the corresponding authorization confirmation page based on the authorization data information through the SDK of the second application; Based on the user's confirmation information for the authorization confirmation page, the first server corresponding to the first application is triggered to control the first application to complete the authorization login, which enables the underlying communication between the first application and the second application to obtain authentication credentials, In this way, the process of obtaining authentication credentials and rendering the authorization confirmation page is completed in the first application, without jumping to the second application, eliminating multiple jumps between the first application and the second application, which not only improves The user experience also simplifies the business link for application authorization login, and improves the authorization login success rate.
其中,针对用于向第二服务端请求授权登录的鉴权凭证的获取过程,如图3所示,上述S204,第一应用通过上述第二应用的SDK并利用预设进程间通信方式,向该第二应用获取用于请求授权登录的鉴权凭证,具体包括:Among them, for the acquisition process of the authentication certificate used to request authorization to log in from the second server, as shown in FIG. The second application obtains the authentication credential used to request authorized login, which specifically includes:
S2041,第一应用通过上述第二应用的SDK并利用预设进程间通信方式,向第二应用发送鉴权凭证获取请求;S2041: The first application sends an authentication credential acquisition request to the second application through the SDK of the second application and using a preset inter-process communication method;
S2042,第一应用通过上述第二应用的SDK,接收第二应用利用预设进程间通信方式返回的用于请求授权登录的鉴权凭证。S2042: The first application receives the authentication credential for requesting authorized login that is returned by the second application using the preset inter-process communication method through the SDK of the second application.
第一应用通过预先集成在其数据包内的第二应用的SDK,并利用预设进程间通信方式与第二应用进行底层通信,省去了在第一应用与第二应用之间进行多次跳转的过程。The first application uses the SDK of the second application pre-integrated in its data packet, and uses the preset inter-process communication method to communicate with the second application at the bottom, eliminating the need for multiple times between the first application and the second application The process of jumping.
其中,为了确保第一应用的授权登录过程的安全性,如图4所示,上述S210,在接收到用户针对上述授权确认页面的确认信息后,触发第一应用对应的第一服务端针对第 一应用执行相应的授权登录操作,具体包括:In order to ensure the security of the authorization login process of the first application, as shown in FIG. 4, the above S210, after receiving the user's confirmation information for the authorization confirmation page, triggers the first server corresponding to the first application to respond to the first application. An application performs corresponding authorized login operations, including:
S2101,在接收到用户针对上述授权确认页面的确认信息后,第一应用通过上述第二应用的SDK,向第二服务端发送授权认证码获取请求;S2101: After receiving the user's confirmation information for the authorization confirmation page, the first application sends an authorization authentication code acquisition request to the second server through the SDK of the second application;
具体的,第二服务端在接收到第一应用的授权认证码获取请求后,向该第一应用分配相应的授权认证码authcode,以使第一应用基于该授权认证码authcode请求授权登录所需的目标登录信息。Specifically, after receiving the authorization authentication code acquisition request of the first application, the second server assigns the corresponding authorization authentication code authcode to the first application, so that the first application requests authorization to log in based on the authorization authentication code authcode. The login information of the target.
S2102,第一应用通过上述第二应用的SDK,接收第二服务端返回的授权认证码;S2102: The first application receives the authorization authentication code returned by the second server through the SDK of the second application;
S2103,第一应用基于获取到的授权认证码,触发第一应用对应的第一服务端针对第一应用执行相应的授权登录操作。S2103: Based on the obtained authorization authentication code, the first application triggers the first server corresponding to the first application to perform a corresponding authorized login operation for the first application.
具体的,针对基于授权认证码进行第一应用授权登录的过程,上述S2103,第一应用基于获取到的授权认证码,触发第一应用对应的第一服务端针对第一应用执行相应的授权登录操作,具体包括:Specifically, for the process of performing authorization login for the first application based on the authorization authentication code, in S2103, the first application triggers the first server corresponding to the first application to perform the corresponding authorization login for the first application based on the obtained authorization authentication code. Operations, including:
步骤一,第一应用将获取到的授权认证码发送至第一应用对应的第一服务端,以使该第一服务端将该授权认证码发送至第二服务端、并基于第二服务端返回的授权令牌和数字身份标识针对第一应用执行相应的授权登录操作;Step 1: The first application sends the obtained authorization authentication code to the first server corresponding to the first application, so that the first server sends the authorization authentication code to the second server based on the second server The returned authorization token and digital identity perform a corresponding authorized login operation for the first application;
第一应用将获取到的授权认证码authcode发送至第一服务端,第一服务端在接收到该授权认证码后,将该授权认证码发送至第二服务端;对应的,第二服务端在接收到该授权认证码后,对该授权认证码进行可信性校验,若确定该授权认证码可信,则向第一服务端返回相应的授权令牌accesstoken和数字身份标识openID;对应的,第一服务端基于接收到的授权令牌和数字身份标识,对第一应用执行相应的授权登录操作;The first application sends the obtained authorization authentication code authcode to the first server. After receiving the authorization authentication code, the first server sends the authorization authentication code to the second server; correspondingly, the second server After receiving the authorization authentication code, verify the authenticity of the authorization authentication code, and if it is determined that the authorization authentication code is credible, return the corresponding authorization token accesstoken and the digital identity openID to the first server; correspondingly Yes, the first server performs a corresponding authorized login operation on the first application based on the received authorization token and digital identity;
第一服务端基于接收到的数字身份标识openID,为第一应用创建并映射一个应用程序登录账号;以及基于接收到的授权令牌accesstoken,获取授权登录第一应用所需的目标登录信息,该目标登录信息包括授权给第一应用的第二应用的属性信息,例如,第二应用的头像、账户、昵称;以及基于获取到的目标登录信息授权登录第一应用。The first server creates and maps an application login account for the first application based on the received digital identity openID; and based on the received authorization token accesstoken, obtains the target login information required to authorize the login to the first application. The target login information includes attribute information of the second application authorized to the first application, for example, the avatar, account, and nickname of the second application; and authorization to log in to the first application based on the acquired target login information.
步骤二,第一应用接收并显示第一服务端返回的授权登录结果信息;Step 2: The first application receives and displays the authorized login result information returned by the first server;
第一服务端在基于第二应用的授权字段的属性信息完成第一应用的授权登录后,向第一应用返回授权登录结果信息,以使在客户端显示用于表征第一应用授权登录成功的提示信息。After the first server completes the authorization login of the first application based on the attribute information of the authorization field of the second application, it returns the authorization login result information to the first application, so that the client can display the information used to signify the successful login of the first application. Prompt information.
进一步的,考虑到第一应用调用第二应用的过程中可能存在一定安全风险,为了提高第二应用的调用安全性,基于此,在上述S202,第一应用调用预先集成的第二应用的预设软件开发工具包SDK之前,还包括:根据第二应用的业务服务所面向的调用对象属性信息,确定第二应用的安全性要求等级;在多个备选进程间通信方式中,选取与第二应用的安全性要求等级对应的预设进程间通信方式。Further, considering that there may be a certain security risk in the process of calling the second application by the first application, in order to improve the security of calling the second application, based on this, in the above S202, the first application calls the pre-integrated pre-integrated second application. Before the software development kit SDK is set, it also includes: determining the security requirement level of the second application according to the attribute information of the calling object to which the business service of the second application is oriented; 2. The preset inter-process communication mode corresponding to the security requirement level of the application.
具体的,根据第二应用的业务安全性等级,选取相应的进程间通信方式,例如,针对第二应用的安全性要求等级比较高的情况,采用具有身份校验功能的进程间通信方式作为预设进程间通信方式。例如,若第二应用的安全性要求等级达到预设安全性等级,则将AIDL确定为预设进程间通信方式;若第二应用的安全性要求等级低于预设安全性等级,则将broadcastreceiver、或contentprovider确定为预设进程间通信方式。Specifically, according to the business security level of the second application, the corresponding inter-process communication method is selected. For example, for the situation that the security requirement level of the second application is relatively high, the inter-process communication method with identity verification function is adopted as the preliminary Set the method of inter-process communication. For example, if the security requirement level of the second application reaches the preset security level, AIDL is determined as the preset inter-process communication method; if the security requirement level of the second application is lower than the preset security level, broadcastreceiver , Or contentprovider is determined as the preset inter-process communication method.
对应的,若上述第二应用的安全性要求等级达到预设安全性等级,上述S2041,第一应用通过上述第二应用的SDK并利用预设进程间通信方式,向第二应用发送鉴权凭证获取请求,具体包括:第一应用通过上述第二应用的SDK并利用预设进程间通信方式,向第二应用发送鉴权凭证获取请求,以使第二应用触发对应的第二服务端对第一应用进行可信性验证、并在可信性验证通过后返回鉴权凭证。Correspondingly, if the security requirement level of the second application reaches the preset security level, in S2041, the first application sends the authentication certificate to the second application through the SDK of the second application and using the preset inter-process communication method. The acquisition request specifically includes: the first application sends an authentication credential acquisition request to the second application through the SDK of the second application and uses a preset inter-process communication method, so that the second application triggers the corresponding second server to contact the second application. An application performs credibility verification and returns an authentication certificate after the credibility verification is passed.
在一个具体实施例中,如图5所示,给出了应用程序的授权登录方法中的多端交互过程的示意图,具体包括:In a specific embodiment, as shown in FIG. 5, a schematic diagram of the multi-terminal interaction process in the application authorization login method is provided, which specifically includes:
S501,在检测到授权登录请求后,第一应用调用预先集成的第二应用的SDK;S501: After detecting the authorized login request, the first application invokes the pre-integrated SDK of the second application;
S502,第一应用通过第二应用的SDK并利用预设进程间通信方式,向第二应用获取用于请求授权登录的鉴权凭证;S502: The first application obtains an authentication credential for requesting authorized login from the second application through the SDK of the second application and using a preset inter-process communication method;
S503,第一应用通过第二应用的SDK向第二服务端发送获取到的鉴权凭证;S503: The first application sends the obtained authentication credential to the second server through the SDK of the second application.
S504,第二服务端在接收到第一应用通过第二应用的SDK所发送的鉴权凭证后,校验该鉴权凭证是否合法,得到相应的鉴权凭证校验结果;S504: After receiving the authentication certificate sent by the first application through the SDK of the second application, the second server verifies whether the authentication certificate is legal, and obtains a corresponding authentication certificate verification result;
S505,若鉴权凭证校验结果为鉴权凭证合法,则第二服务端向第一应用返回授权数据信息;具体的,第一应用通过第二应用的SDK接收第二服务端返回的授权数据信息;S505: If the verification result of the authentication certificate is that the authentication certificate is valid, the second server returns authorization data information to the first application; specifically, the first application receives the authorization data returned by the second server through the SDK of the second application information;
S506,第一应用通过第二应用的SDK基于接收到的授权数据信息,渲染相应的授权确认页面;S506: The first application renders a corresponding authorization confirmation page based on the received authorization data information through the SDK of the second application;
S507,第一应用在检测到用户针对授权确认页面的确认信息后,通过第二应用的SDK 向第二服务端发送授权认证码获取请求;S507: After detecting the user's confirmation information for the authorization confirmation page, the first application sends an authorization authentication code acquisition request to the second server through the SDK of the second application;
S508,第二服务端在接收到授权认证码获取请求后,向第一应用返回相应的授权认证码;具体的,第一应用通过第二应用的SDK接收第二服务端返回的授权认证码;S508: After receiving the authorization authentication code acquisition request, the second server returns a corresponding authorization authentication code to the first application; specifically, the first application receives the authorization authentication code returned by the second server through the SDK of the second application;
S509,第一应用向第一服务端发送通过第二应用的SDK接收到的授权认证码;S509: The first application sends the authorization authentication code received through the SDK of the second application to the first server.
S510,第一服务端向第二服务端发送第一应用的授权认证码;S510: The first server sends the authorization authentication code of the first application to the second server.
S511,第二服务端对接收到的授权认证码进行可信性校验,得到相应的可信性校验结果;S511: The second server performs a credibility check on the received authorization authentication code, and obtains a corresponding credibility check result;
S512,若确定授权认证码可信,则第二服务端向第一服务端返回相应的授权令牌和数字身份标识;S512: If it is determined that the authorization authentication code is credible, the second server returns a corresponding authorization token and digital identity to the first server;
S513,第一服务端基于接收到的授权令牌和数字身份标识,对第一应用执行相应的授权登录操作;S513: The first server performs a corresponding authorized login operation on the first application based on the received authorization token and digital identity;
S514,第一服务端向第一应用返回授权登录成功信息,以使第一应用显示该授权登录成功信息。S514: The first server returns the authorized login success information to the first application, so that the first application displays the authorized login success information.
本说明书一个或多个实施例中的应用程序的授权登录方法,待登录的第一应用通过调用预先集成的第二应用的预设软件开发工具包SDK,利用预设进程间通信方式与第二应用进行底层通信,以从第二应用获取用于请求授权登录的鉴权凭证;再将获取到的鉴权凭证发送至第二应用对应的第二服务端,以触发第二服务端对该鉴权凭证进行合法性验证,并且在第二服务端验证鉴权凭证合法后,第一应用接收第二服务端返回的授权数据信息,再通过第二应用的SDK,基于该授权数据信息渲染并显示相应的授权确认页面;再基于用户针对该授权确认页面的确认信息,触发第一应用对应的第一服务端控制第一应用完成授权登录,这样能够实现第一应用与第二应用之间进行底层通信来获取鉴权凭证,以使鉴权凭证获取以及授权确认页面渲染的过程均在第一应用内完成,无需跳转至第二应用,省去了第一应用与第二应用之间的多次跳转,不仅提升了用户使用体验,还简化了应用授权登录的业务链路,提高了授权登录成功率。In one or more embodiments of this specification, the authorized login method of the application program, the first application to be logged in calls the pre-integrated preset software development kit SDK of the second application, and uses the preset inter-process communication method to communicate with the second application. The application performs underlying communication to obtain the authentication credential for requesting authorized login from the second application; and then sends the obtained authentication credential to the second server corresponding to the second application to trigger the second server to authenticate the authentication. After verifying the validity of the authorization certificate, and verifying that the authentication certificate is legal on the second server, the first application receives the authorization data information returned by the second server, and then renders and displays the authorization data information through the SDK of the second application Corresponding authorization confirmation page; based on the user's confirmation information for the authorization confirmation page, trigger the first server corresponding to the first application to control the first application to complete the authorization login, so that the bottom layer between the first application and the second application can be realized Communication to obtain the authentication credentials, so that the process of obtaining the authentication credentials and rendering the authorization confirmation page is completed in the first application, without jumping to the second application, which saves much effort between the first application and the second application. The second jump not only improves the user experience, but also simplifies the business link for application authorization login and improves the authorization login success rate.
对应上述图2至图5描述的应用程序的授权登录方法,基于相同的技术构思,本说明书一个或多个实施例还提供了一种应用程序的授权登录方法,图6为本说明书一个或多个实施例提供的应用程序的授权登录方法的流程示意图,图6中的方法能够由图1所示的第二应用对应的第二服务端执行,如图6所示,该方法至少包括以下步骤:Corresponding to the application authorization login method described in Figures 2 to 5, based on the same technical concept, one or more embodiments of this specification also provide an application authorization login method. Figure 6 is one or more of the application authorization login methods. A schematic flow chart of an application authorization login method provided by one embodiment. The method in FIG. 6 can be executed by the second server corresponding to the second application shown in FIG. 1. As shown in FIG. 6, the method includes at least the following steps :
S602,第二应用对应的第二服务端接收第一应用通过预先集成的第二应用的预设软件开 发工具包SDK所发送的鉴权凭证,其中,该鉴权凭证是第一应用通过调用所述SDK并利用预设进程间通信方式从第二应用获取的;S602. The second server corresponding to the second application receives the authentication credential sent by the first application through the pre-integrated preset software development kit SDK of the second application, where the authentication credential is the authentication credential sent by the first application by calling The SDK is obtained from the second application using a preset inter-process communication method;
S604,第二服务端对获取到的鉴权凭证进行合法性校验,得到相应的合法性验证结果;S604: The second server performs a legality check on the obtained authentication certificate, and obtains a corresponding legality verification result.
S606,若上述合法性验证结果为鉴权凭证合法,则向第一应用返回授权数据信息,以使第一应用通过第二应用的SDK基于该授权数据信息渲染相应的授权确认页面,并触发第一应用对应的第一服务端针对第一应用执行相应的授权登录操作。S606: If the above-mentioned legality verification result is that the authentication certificate is legal, return authorization data information to the first application, so that the first application renders the corresponding authorization confirmation page based on the authorization data information through the SDK of the second application, and triggers the first application. The first server corresponding to an application performs a corresponding authorized login operation for the first application.
本说明书一个或多个实施例中,待登录的第一应用通过调用预先集成的第二应用的预设软件开发工具包SDK,利用预设进程间通信方式与第二应用进行底层通信,以从第二应用获取用于请求授权登录的鉴权凭证;再将获取到的鉴权凭证发送至第二应用对应的第二服务端,以触发第二服务端对该鉴权凭证进行合法性验证,并且在第二服务端验证鉴权凭证合法后,第一应用接收第二服务端返回的授权数据信息,再通过第二应用的SDK,基于该授权数据信息渲染并显示相应的授权确认页面;再基于用户针对该授权确认页面的确认信息,触发第一应用对应的第一服务端控制第一应用完成授权登录,这样能够实现第一应用与第二应用之间进行底层通信来获取鉴权凭证,以使鉴权凭证获取以及授权确认页面渲染的过程均在第一应用内完成,无需跳转至第二应用,省去了第一应用与第二应用之间的多次跳转,不仅提升了用户使用体验,还简化了应用授权登录的业务链路,提高了授权登录成功率。In one or more embodiments of this specification, the first application to be logged in invokes the pre-integrated preset software development kit SDK of the second application, and uses the preset inter-process communication method to communicate with the second application at the bottom level. The second application obtains the authentication credential used to request authorized login; then sends the obtained authentication credential to the second server corresponding to the second application to trigger the second server to verify the legality of the authentication credential, And after the second server verifies that the authentication certificate is legal, the first application receives the authorization data information returned by the second server, and then renders and displays the corresponding authorization confirmation page based on the authorization data information through the SDK of the second application; Based on the user's confirmation information for the authorization confirmation page, the first server corresponding to the first application is triggered to control the first application to complete the authorization login, which can realize the underlying communication between the first application and the second application to obtain the authentication credentials, In this way, the process of obtaining authentication credentials and rendering of the authorization confirmation page is completed in the first application, without jumping to the second application, eliminating multiple jumps between the first application and the second application, which not only improves The user experience also simplifies the business link for application authorization login, and improves the authorization login success rate.
其中,在上述S606,若合法性验证结果为鉴权凭证合法,则向第一应用返回授权数据信息之后,还包括:第二服务端接收第一应用通过上述第二应用的SDK发送的授权认证码获取请求;第二服务端响应于接收到的授权认证码获取请求,向第一应用返回相应的授权认证码,以使第一应用基于通过上述第二应用的SDK接收到的授权认证码,触发第一应用对应的第一服务端针对第一应用执行相应的授权登录操作。Wherein, in the above-mentioned S606, if the legality verification result is that the authentication certificate is legal, after returning the authorization data information to the first application, the method further includes: the second server receiving the authorization authentication sent by the first application through the SDK of the second application Code acquisition request; in response to the received authorization authentication code acquisition request, the second server returns the corresponding authorization authentication code to the first application, so that the first application is based on the authorization authentication code received through the SDK of the second application, The first server corresponding to the first application is triggered to perform a corresponding authorized login operation for the first application.
其中,在第二服务端响应于接收到的授权认证码获取请求,向第一应用返回相应的授权认证码之后,还包括:第二服务端接收第一服务端发送的授权认证码;第二服务端对接收到的授权认证码进行可信性验证,得到相应的可信性验证结果;若上述可信性验证结果为验证通过,则向第一服务端返回授权令牌和数字身份标识,以使第一服务端基于接收到的授权令牌和数字身份标识针对第一应用执行相应的授权登录操作。Wherein, after the second server returns the corresponding authorization authentication code to the first application in response to the received authorization authentication code acquisition request, the method further includes: the second server receives the authorization authentication code sent by the first server; second The server verifies the credibility of the received authorization authentication code, and obtains the corresponding credibility verification result; if the credibility verification result is that the verification is passed, the authorization token and the digital identity are returned to the first server, In order to enable the first server to perform a corresponding authorized login operation for the first application based on the received authorization token and digital identity.
其中,上述预设进程间通信方式是通过如下方式确定的:根据第二应用的业务服务所面向的调用对象属性信息,确定第二应用的安全性要求等级;在多个备选进程间通信 方式中,选取与上述安全性要求等级对应的预设进程间通信方式。Wherein, the above-mentioned preset inter-process communication method is determined by the following method: determining the security requirement level of the second application according to the attribute information of the calling object to which the business service of the second application is oriented; and communicating methods among multiple alternative processes Select the preset inter-process communication method corresponding to the above-mentioned security requirement level.
本说明书一个或多个实施例中的应用程序的授权登录方法,待登录的第一应用通过调用预先集成的第二应用的预设软件开发工具包SDK,利用预设进程间通信方式与第二应用进行底层通信,以从第二应用获取用于请求授权登录的鉴权凭证;再将获取到的鉴权凭证发送至第二应用对应的第二服务端,以触发第二服务端对该鉴权凭证进行合法性验证,并且在第二服务端验证鉴权凭证合法后,第一应用接收第二服务端返回的授权数据信息,再通过第二应用的SDK,基于该授权数据信息渲染并显示相应的授权确认页面;再基于用户针对该授权确认页面的确认信息,触发第一应用对应的第一服务端控制第一应用完成授权登录,这样能够实现第一应用与第二应用之间进行底层通信来获取鉴权凭证,以使鉴权凭证获取以及授权确认页面渲染的过程均在第一应用内完成,无需跳转至第二应用,省去了第一应用与第二应用之间的多次跳转,不仅提升了用户使用体验,还简化了应用授权登录的业务链路,提高了授权登录成功率。In one or more embodiments of this specification, the authorized login method of the application program, the first application to be logged in calls the pre-integrated preset software development kit SDK of the second application, and uses the preset inter-process communication method to communicate with the second application. The application performs underlying communication to obtain the authentication credential for requesting authorized login from the second application; and then sends the obtained authentication credential to the second server corresponding to the second application to trigger the second server to authenticate the authentication. After verifying the validity of the authorization certificate, and verifying that the authentication certificate is legal on the second server, the first application receives the authorization data information returned by the second server, and then renders and displays the authorization data information through the SDK of the second application Corresponding authorization confirmation page; based on the user's confirmation information for the authorization confirmation page, trigger the first server corresponding to the first application to control the first application to complete the authorization login, so that the bottom layer between the first application and the second application can be realized Communication to obtain the authentication credentials, so that the process of obtaining the authentication credentials and rendering the authorization confirmation page is completed in the first application, without jumping to the second application, which saves much effort between the first application and the second application. The second jump not only improves the user experience, but also simplifies the business link for application authorization login and improves the authorization login success rate.
本说明书中该实施例与本说明书中上一实施例基于同一发明构思,因此该实施例的具体实施可以参见前述应用程序的授权登录方法的实施,重复之处不再赘述。This embodiment in this specification is based on the same inventive concept as the previous embodiment in this specification. Therefore, the specific implementation of this embodiment can refer to the implementation of the aforementioned application authorization login method, and the repetition will not be repeated.
对应上述图2至图5描述的应用程序的授权登录方法,基于相同的技术构思,本说明书一个或多个实施例还提供了一种应用程序的授权登录装置,图7为本说明书一个或多个实施例提供的应用程序的授权登录装置的模块组成示意图,该装置设置于客户端,用于执行图2至图5描述的应用程序的授权登录方法,如图7所示,该装置包括:Corresponding to the application authorization login method described in Figures 2 to 5 above, based on the same technical concept, one or more embodiments of this specification also provide an application authorization login device. Figure 7 is one or more of this specification. A schematic diagram of the module composition of an application authorization login device provided in one embodiment. The device is set on the client side and is used to execute the application authorization login method described in FIGS. 2 to 5. As shown in FIG. 7, the device includes:
SDK调用模块701,其在检测到授权登录请求后,第一应用调用预先集成的第二应用的预设软件开发工具包SDK,所述授权登录请求包括开放授权使用第二应用的账户信息登录第一应用的请求;The SDK invocation module 701, after detecting the authorization login request, the first application invokes the pre-integrated preset software development kit SDK of the second application. The authorization login request includes the authorization to use the account information of the second application to log in the first application. An application request;
鉴权凭证获取模块702,其所述第一应用通过所述SDK并利用预设进程间通信方式,向所述第二应用获取用于请求授权登录的鉴权凭证;An authentication credential obtaining module 702, in which the first application obtains an authentication credential for requesting authorized login from the second application through the SDK and using a preset inter-process communication method;
鉴权凭证发送模块703,其所述第一应用通过所述SDK,向所述第二应用对应的第二服务端发送所述鉴权凭证,以使所述第二服务端校验所述鉴权凭证是否合法,并在确定所述鉴权凭证合法时返回授权数据信息;Authentication voucher sending module 703, wherein the first application sends the authentication voucher to the second server corresponding to the second application through the SDK, so that the second server verifies the authentication Whether the authorization certificate is legal, and return authorization data information when it is determined that the authentication certificate is legal;
授权页面渲染模块704,其所述第一应用通过所述SDK,基于接收到的所述授权数据信息,渲染相应的授权确认页面;An authorization page rendering module 704, the first application of which renders a corresponding authorization confirmation page based on the received authorization data information through the SDK;
应用授权登录模块705,其在接收到用户针对所述授权确认页面的确认信息后,触发所 述第一应用对应的第一服务端针对所述第一应用执行相应的授权登录操作。The application authorization login module 705, after receiving the user's confirmation information for the authorization confirmation page, triggers the first server corresponding to the first application to perform a corresponding authorization login operation for the first application.
本说明书一个或多个实施例中,待登录的第一应用通过调用预先集成的第二应用的预设软件开发工具包SDK,利用预设进程间通信方式与第二应用进行底层通信,以从第二应用获取用于请求授权登录的鉴权凭证;再将获取到的鉴权凭证发送至第二应用对应的第二服务端,以触发第二服务端对该鉴权凭证进行合法性验证,并且在第二服务端验证鉴权凭证合法后,第一应用接收第二服务端返回的授权数据信息,再通过第二应用的SDK,基于该授权数据信息渲染并显示相应的授权确认页面;再基于用户针对该授权确认页面的确认信息,触发第一应用对应的第一服务端控制第一应用完成授权登录,这样能够实现第一应用与第二应用之间进行底层通信来获取鉴权凭证,以使鉴权凭证获取以及授权确认页面渲染的过程均在第一应用内完成,无需跳转至第二应用,省去了第一应用与第二应用之间的多次跳转,不仅提升了用户使用体验,还简化了应用授权登录的业务链路,提高了授权登录成功率。In one or more embodiments of this specification, the first application to be logged in invokes the pre-integrated preset software development kit SDK of the second application, and uses the preset inter-process communication method to communicate with the second application at the bottom level. The second application obtains the authentication credential used to request authorized login; then sends the obtained authentication credential to the second server corresponding to the second application to trigger the second server to verify the legality of the authentication credential, And after the second server verifies that the authentication certificate is legal, the first application receives the authorization data information returned by the second server, and then renders and displays the corresponding authorization confirmation page based on the authorization data information through the SDK of the second application; Based on the user's confirmation information for the authorization confirmation page, the first server corresponding to the first application is triggered to control the first application to complete the authorization login, which enables the underlying communication between the first application and the second application to obtain authentication credentials, In this way, the process of obtaining authentication credentials and rendering the authorization confirmation page is completed in the first application, without jumping to the second application, eliminating multiple jumps between the first application and the second application, which not only improves The user experience also simplifies the business link for application authorization login, and improves the authorization login success rate.
可选地,所述鉴权凭证获取模块702,其:所述第一应用通过所述SDK并利用预设进程间通信方式,向所述第二应用发送鉴权凭证获取请求;所述第一应用通过所述SDK,接收所述第二应用利用所述预设进程间通信方式返回的用于请求授权登录的鉴权凭证。Optionally, the authentication credential obtaining module 702 is configured to: the first application sends an authentication credential obtaining request to the second application through the SDK and using a preset inter-process communication method; Through the SDK, the application receives the authentication credential for requesting authorized login returned by the second application using the preset inter-process communication mode.
可选地,所述应用授权登录模块705,其:在接收到用户针对所述授权确认页面的确认信息后,所述第一应用通过所述SDK,向所述第二服务端发送授权认证码获取请求;所述第一应用通过所述SDK,接收所述第二服务端返回的授权认证码;所述第一应用基于所述授权认证码,触发所述第一应用对应的第一服务端针对所述第一应用执行相应的授权登录操作。Optionally, the application authorization login module 705, which: after receiving the user's confirmation information for the authorization confirmation page, the first application sends an authorization authentication code to the second server through the SDK Obtaining request; the first application receives the authorization authentication code returned by the second server through the SDK; the first application triggers the first server corresponding to the first application based on the authorization authentication code Perform a corresponding authorized login operation for the first application.
可选地,所述应用授权登录模块705,其:所述第一应用将所述授权认证码发送至所述第一应用对应的第一服务端,以使所述第一服务端将所述授权认证码发送至所述第二服务端、并基于所述第二服务端返回的授权令牌和数字身份标识针对所述第一应用执行相应的授权登录操作;所述第一应用接收并显示所述第一服务端返回的授权登录结果信息。Optionally, the application authorization login module 705, wherein: the first application sends the authorization authentication code to the first server corresponding to the first application, so that the first server will The authorization authentication code is sent to the second server, and a corresponding authorized login operation is performed for the first application based on the authorization token and digital identity returned by the second server; the first application receives and displays The authorized login result information returned by the first server.
可选地,上述装置还包括进程间通信确定模块,其:根据所述第二应用的业务服务所面向的调用对象属性信息,确定所述第二应用的安全性要求等级;在多个备选进程间通信方式中,选取与所述安全性要求等级对应的预设进程间通信方式。Optionally, the above-mentioned apparatus further includes an inter-process communication determining module, which: determines the security requirement level of the second application according to the attribute information of the calling object to which the business service of the second application is oriented; In the inter-process communication mode, a preset inter-process communication mode corresponding to the security requirement level is selected.
可选地,若所述第二应用的安全性要求等级达到预设安全性等级,所述鉴权凭证获 取模块702,其:所述第一应用通过所述SDK并利用预设进程间通信方式,向所述第二应用发送鉴权凭证获取请求,以使所述第二应用触发对应的第二服务端对所述第一应用进行可信性验证、并在可信性验证通过后返回鉴权凭证。Optionally, if the security requirement level of the second application reaches a preset security level, the authentication credential acquisition module 702, which: the first application passes the SDK and uses a preset inter-process communication method , Sending an authentication voucher acquisition request to the second application, so that the second application triggers the corresponding second server to verify the credibility of the first application, and return the authentication after the credibility verification is passed. Certificate of authority.
本说明书一个或多个实施例中的应用程序的授权登录装置,待登录的第一应用通过调用预先集成的第二应用的预设软件开发工具包SDK,利用预设进程间通信方式与第二应用进行底层通信,以从第二应用获取用于请求授权登录的鉴权凭证;再将获取到的鉴权凭证发送至第二应用对应的第二服务端,以触发第二服务端对该鉴权凭证进行合法性验证,并且在第二服务端验证鉴权凭证合法后,第一应用接收第二服务端返回的授权数据信息,再通过第二应用的SDK,基于该授权数据信息渲染并显示相应的授权确认页面;再基于用户针对该授权确认页面的确认信息,触发第一应用对应的第一服务端控制第一应用完成授权登录,这样能够实现第一应用与第二应用之间进行底层通信来获取鉴权凭证,以使鉴权凭证获取以及授权确认页面渲染的过程均在第一应用内完成,无需跳转至第二应用,省去了第一应用与第二应用之间的多次跳转,不仅提升了用户使用体验,还简化了应用授权登录的业务链路,提高了授权登录成功率。In one or more embodiments of this specification, in the authorized login device for an application program, the first application to be logged in calls the pre-integrated preset software development kit SDK of the second application, and uses the preset inter-process communication method to communicate with the second application. The application performs underlying communication to obtain the authentication credential for requesting authorized login from the second application; and then sends the obtained authentication credential to the second server corresponding to the second application to trigger the second server to authenticate the authentication. After verifying the validity of the authorization certificate, and verifying that the authentication certificate is legal on the second server, the first application receives the authorization data information returned by the second server, and then renders and displays the authorization data information through the SDK of the second application Corresponding authorization confirmation page; based on the user's confirmation information for the authorization confirmation page, trigger the first server corresponding to the first application to control the first application to complete the authorization login, so that the bottom layer between the first application and the second application can be realized Communication to obtain the authentication credentials, so that the process of obtaining the authentication credentials and rendering the authorization confirmation page is completed in the first application, without jumping to the second application, which saves much effort between the first application and the second application. The second jump not only improves the user experience, but also simplifies the business link for application authorization login and improves the authorization login success rate.
对应上述图2至图5描述的应用程序的授权登录方法,基于相同的技术构思,本说明书一个或多个实施例还提供了一种应用程序的授权登录装置,图8为本说明书一个或多个实施例提供的应用程序的授权登录装置的模块组成示意图,该装置设置于第二应用对应的第二服务端,用于执行图2至图5描述的应用程序的授权登录方法,如图8所示,该装置包括:Corresponding to the application authorization login method described in FIGS. 2 to 5, based on the same technical concept, one or more embodiments of this specification also provide an application authorization login device. A schematic diagram of the module composition of an application authorization login device provided by one embodiment, the device is set on the second server corresponding to the second application, and is used to execute the application authorization login method described in FIGS. 2 to 5, as shown in FIG. 8 As shown, the device includes:
鉴权凭证接收模块801,其第二应用对应的第二服务端接收第一应用通过预先集成的所述第二应用的预设软件开发工具包SDK所发送的鉴权凭证,其中,所述鉴权凭证是第一应用通过调用所述SDK并利用预设进程间通信方式从所述第二应用获取的;In the authentication voucher receiving module 801, the second server corresponding to the second application receives the authentication voucher sent by the first application through the pre-integrated preset software development kit SDK of the second application, wherein the authentication The right certificate is obtained by the first application from the second application by calling the SDK and using a preset inter-process communication method;
鉴权凭证校验模块802,其所述第二服务端对所述鉴权凭证进行合法性校验,得到相应的合法性验证结果;An authentication certificate verification module 802, the second server of which performs a legality check on the authentication certificate, and obtains a corresponding legality verification result;
授权信息发送模块803,其若所述合法性验证结果为所述鉴权凭证合法,则向所述第一应用返回授权数据信息,以使所述第一应用通过所述SDK基于所述授权数据信息渲染相应的授权确认页面,并触发所述第一应用对应的第一服务端针对所述第一应用执行相应的授权登录操作。The authorization information sending module 803, if the legality verification result is that the authentication credential is legal, it returns authorization data information to the first application, so that the first application is based on the authorization data through the SDK The information renders the corresponding authorization confirmation page, and triggers the first server corresponding to the first application to perform a corresponding authorization login operation for the first application.
本说明书一个或多个实施例中,待登录的第一应用通过调用预先集成的第二应用的 预设软件开发工具包SDK,利用预设进程间通信方式与第二应用进行底层通信,以从第二应用获取用于请求授权登录的鉴权凭证;再将获取到的鉴权凭证发送至第二应用对应的第二服务端,以触发第二服务端对该鉴权凭证进行合法性验证,并且在第二服务端验证鉴权凭证合法后,第一应用接收第二服务端返回的授权数据信息,再通过第二应用的SDK,基于该授权数据信息渲染并显示相应的授权确认页面;再基于用户针对该授权确认页面的确认信息,触发第一应用对应的第一服务端控制第一应用完成授权登录,这样能够实现第一应用与第二应用之间进行底层通信来获取鉴权凭证,以使鉴权凭证获取以及授权确认页面渲染的过程均在第一应用内完成,无需跳转至第二应用,省去了第一应用与第二应用之间的多次跳转,不仅提升了用户使用体验,还简化了应用授权登录的业务链路,提高了授权登录成功率。In one or more embodiments of this specification, the first application to be logged in invokes the pre-integrated preset software development kit SDK of the second application, and uses the preset inter-process communication method to communicate with the second application at the bottom level. The second application obtains the authentication credential used to request authorized login; then sends the obtained authentication credential to the second server corresponding to the second application to trigger the second server to verify the legality of the authentication credential, And after the second server verifies that the authentication certificate is legal, the first application receives the authorization data information returned by the second server, and then renders and displays the corresponding authorization confirmation page based on the authorization data information through the SDK of the second application; Based on the user's confirmation information for the authorization confirmation page, the first server corresponding to the first application is triggered to control the first application to complete the authorization login, which enables the underlying communication between the first application and the second application to obtain authentication credentials, In this way, the process of obtaining authentication credentials and rendering the authorization confirmation page is completed in the first application, without jumping to the second application, eliminating multiple jumps between the first application and the second application, which not only improves The user experience also simplifies the business link for application authorization login, and improves the authorization login success rate.
可选地,上述装置还包括授权认证码发送模块,其:所述第二服务端接收所述第一应用通过所述SDK发送的授权认证码获取请求;所述第二服务端响应于所述授权认证码获取请求,向所述第一应用返回相应的授权认证码,以使所述第一应用基于通过所述SDK接收到的所述授权认证码,触发所述第一应用对应的第一服务端针对所述第一应用执行相应的授权登录操作。Optionally, the above-mentioned apparatus further includes an authorization authentication code sending module, wherein: the second server receives the authorization authentication code acquisition request sent by the first application through the SDK; the second server responds to the The authorization authentication code acquisition request returns the corresponding authorization authentication code to the first application, so that the first application triggers the first application corresponding to the first application based on the authorization authentication code received through the SDK. The server performs a corresponding authorized login operation for the first application.
可选地,上述装置还包括授权令牌发送模块,其:所述第二服务端接收所述第一服务端发送的授权认证码;所述第二服务端对所述授权认证码进行可信性验证,得到相应的可信性验证结果;若所述可信性验证结果为验证通过,则向所述第一服务端返回授权令牌和数字身份标识,以使所述第一服务端基于所述授权令牌和所述数字身份标识针对所述第一应用执行相应的授权登录操作。Optionally, the above device further includes an authorization token sending module, wherein: the second server receives the authorization authentication code sent by the first server; the second server trusts the authorization authentication code To obtain the corresponding credibility verification result; if the credibility verification result is passed, the authorization token and the digital identity are returned to the first server, so that the first server is based on The authorization token and the digital identity perform a corresponding authorized login operation for the first application.
可选地,所述预设进程间通信方式是通过如下方式确定的:根据所述第二应用的业务服务所面向的调用对象属性信息,确定所述第二应用的安全性要求等级;在多个备选进程间通信方式中,选取与所述安全性要求等级对应的预设进程间通信方式。Optionally, the preset inter-process communication mode is determined by the following method: determining the security requirement level of the second application according to the attribute information of the calling object to which the business service of the second application is oriented; Among the alternative inter-process communication methods, a preset inter-process communication method corresponding to the security requirement level is selected.
本说明书一个或多个实施例中的应用程序的授权登录装置,待登录的第一应用通过调用预先集成的第二应用的预设软件开发工具包SDK,利用预设进程间通信方式与第二应用进行底层通信,以从第二应用获取用于请求授权登录的鉴权凭证;再将获取到的鉴权凭证发送至第二应用对应的第二服务端,以触发第二服务端对该鉴权凭证进行合法性验证,并且在第二服务端验证鉴权凭证合法后,第一应用接收第二服务端返回的授权数据信息,再通过第二应用的SDK,基于该授权数据信息渲染并显示相应的授权确认页面;再基于用户针对该授权确认页面的确认信息,触发第一应用对应的第一服务端控制第一 应用完成授权登录,这样能够实现第一应用与第二应用之间进行底层通信来获取鉴权凭证,以使鉴权凭证获取以及授权确认页面渲染的过程均在第一应用内完成,无需跳转至第二应用,省去了第一应用与第二应用之间的多次跳转,不仅提升了用户使用体验,还简化了应用授权登录的业务链路,提高了授权登录成功率。In one or more embodiments of this specification, in the authorized login device for an application program, the first application to be logged in calls the pre-integrated preset software development kit SDK of the second application, and uses the preset inter-process communication method to communicate with the second application. The application performs underlying communication to obtain the authentication credential for requesting authorized login from the second application; and then sends the obtained authentication credential to the second server corresponding to the second application to trigger the second server to authenticate the authentication. After verifying the validity of the authorization certificate, and verifying that the authentication certificate is legal on the second server, the first application receives the authorization data information returned by the second server, and then renders and displays the authorization data information through the SDK of the second application Corresponding authorization confirmation page; based on the user's confirmation information for the authorization confirmation page, trigger the first server corresponding to the first application to control the first application to complete the authorization login, so that the bottom layer between the first application and the second application can be realized Communication to obtain the authentication credentials, so that the process of obtaining the authentication credentials and rendering the authorization confirmation page is completed in the first application, without jumping to the second application, which saves much effort between the first application and the second application. The second jump not only improves the user experience, but also simplifies the business link for application authorization login and improves the authorization login success rate.
需要说明的是,本说明书中关于应用程序的授权登录装置的实施例与本说明书中关于应用程序的授权登录方法的实施例基于同一发明构思,因此该实施例的具体实施可以参见前述对应的应用程序的授权登录方法的实施,重复之处不再赘述。It should be noted that the embodiment of the application authorization login device in this specification is based on the same inventive concept as the embodiment of the application authorization login method in this specification, so the specific implementation of this embodiment can refer to the aforementioned corresponding application The implementation of the authorized login method of the program, the repetition will not be repeated.
对应上述图2至图6描述的应用程序的授权登录方法,基于相同的技术构思,本说明书一个或多个实施例还提供了一种应用程序的授权登录系统,用于执行图2至图6描述的应用程序的授权登录方法,该系统包括客户端、第一应用对应的第一服务端、第二应用对应的第二服务端。客户端安装有该第一应用和第二应用。所述第一应用,在检测到授权登录请求后,调用预先集成的第二应用的预设软件开发工具包SDK,所述授权登录请求包括开放授权使用第二应用的账户信息登录第一应用的请求;以及,通过所述SDK并利用预设进程间通信方式,向所述第二应用获取用于请求授权登录的鉴权凭证。所述第二服务端,接收所述第一应用通过所述SDK发送所述鉴权凭证,并校验所述鉴权凭证是否合法,并在确定所述鉴权凭证合法时向所述第一应用返回授权数据信息。所述第一应用,通过所述SDK接收所述授权数据信息,并基于所述授权数据信息,渲染相应的授权确认页面;以及,在接收到用户针对所述授权确认页面的确认信息后,触发所述第一应用对应的第一服务端针对所述第一应用执行相应的授权登录操作。Corresponding to the application authorization login method described in FIGS. 2 to 6 above, based on the same technical concept, one or more embodiments of this specification also provide an application authorization login system for executing FIGS. 2 to 6 The described application authorization login method, the system includes a client, a first server corresponding to the first application, and a second server corresponding to the second application. The client is installed with the first application and the second application. The first application, after detecting the authorization login request, invokes the pre-integrated preset software development kit SDK of the second application, the authorization login request includes the authorization to use the account information of the second application to log in to the first application Request; and, through the SDK and using a preset inter-process communication method, to obtain an authentication credential for requesting authorized login from the second application. The second server receives the authentication certificate sent by the first application through the SDK, verifies whether the authentication certificate is legal, and sends the authentication certificate to the first application when it is determined that the authentication certificate is legal. The application returns the authorization data information. The first application receives the authorization data information through the SDK, and renders the corresponding authorization confirmation page based on the authorization data information; and, after receiving the user's confirmation information for the authorization confirmation page, trigger The first server corresponding to the first application executes a corresponding authorized login operation for the first application.
本说明书一个或多个实施例中的应用程序的授权登录系统,待登录的第一应用通过调用预先集成的第二应用的预设软件开发工具包SDK,利用预设进程间通信方式与第二应用进行底层通信,以从第二应用获取用于请求授权登录的鉴权凭证;再将获取到的鉴权凭证发送至第二应用对应的第二服务端,以触发第二服务端对该鉴权凭证进行合法性验证,并且在第二服务端验证鉴权凭证合法后,第一应用接收第二服务端返回的授权数据信息,再通过第二应用的SDK,基于该授权数据信息渲染并显示相应的授权确认页面;再基于用户针对该授权确认页面的确认信息,触发第一应用对应的第一服务端控制第一应用完成授权登录,这样能够实现第一应用与第二应用之间进行底层通信来获取鉴权凭证,以使鉴权凭证获取以及授权确认页面渲染的过程均在第一应用内完成,无需跳转至第二应用,省去了第一应用与第二应用之间的多次跳转,不仅提升了用户使用体验,还简化了应用授权登录的业务链路,提高了授权登录成功率。In the authorized login system of the application program in one or more embodiments of this specification, the first application to be logged in calls the pre-integrated preset software development kit SDK of the second application, and uses the preset inter-process communication method to communicate with the second application. The application performs underlying communication to obtain the authentication credential for requesting authorized login from the second application; and then sends the obtained authentication credential to the second server corresponding to the second application to trigger the second server to authenticate the authentication. After verifying the validity of the authorization certificate, and verifying that the authentication certificate is legal on the second server, the first application receives the authorization data information returned by the second server, and then renders and displays the authorization data information through the SDK of the second application Corresponding authorization confirmation page; based on the user's confirmation information for the authorization confirmation page, trigger the first server corresponding to the first application to control the first application to complete the authorization login, so that the bottom layer between the first application and the second application can be realized Communication to obtain the authentication credentials, so that the process of obtaining the authentication credentials and rendering the authorization confirmation page is completed in the first application, without jumping to the second application, which saves much effort between the first application and the second application. The second jump not only improves the user experience, but also simplifies the business link for application authorization login and improves the authorization login success rate.
需要说明的是,本说明书中关于应用程序的授权登录系统的实施例与本说明书中关于应用程序的授权登录方法的实施例基于同一发明构思,因此该实施例的具体实施可以参见前述对应的应用程序的授权登录方法的实施,重复之处不再赘述。It should be noted that the embodiment of the application authorization login system in this specification and the embodiment of the application authorization login method in this specification are based on the same inventive concept, so the specific implementation of this embodiment can refer to the aforementioned corresponding application The implementation of the authorized login method of the program, the repetition will not be repeated.
进一步地,对应上述图2至图5所示的方法,基于相同的技术构思,本说明书一个或多个实施例还提供了一种应用程序的授权登录设备,该设备用于执行上述的应用程序的授权登录方法,如图9所示。Further, corresponding to the methods shown in FIGS. 2 to 5, based on the same technical concept, one or more embodiments of this specification also provide an application authorization login device, which is used to execute the above application The authorized login method is shown in Figure 9.
应用程序的授权登录设备可因配置或性能不同而产生比较大的差异,可以包括一个或一个以上的处理器901和存储器902,存储器902中可以存储有一个或一个以上存储应用程序或数据。其中,存储器902可以是短暂存储或持久存储。存储在存储器902的应用程序可以包括一个或一个以上模块(图示未示出),每个模块可以包括对应用程序的授权登录设备中的一系列计算机可执行指令。更进一步地,处理器901可以设置为与存储器902通信,在应用程序的授权登录设备上执行存储器902中的一系列计算机可执行指令。应用程序的授权登录设备还可以包括一个或一个以上电源903,一个或一个以上有线或无线网络接口904,一个或一个以上输入输出接口905,一个或一个以上键盘906等。Authorized login devices for application programs may have relatively large differences due to different configurations or performances, and may include one or more processors 901 and a memory 902, and the memory 902 may store one or more stored application programs or data. Among them, the memory 902 may be short-term storage or persistent storage. The application program stored in the memory 902 may include one or more modules (not shown in the figure), and each module may include a series of computer-executable instructions to authorize the login device for the application program. Furthermore, the processor 901 may be configured to communicate with the memory 902, and execute a series of computer-executable instructions in the memory 902 on the device authorized to log in to the application program. The authorized login device of the application program may also include one or more power sources 903, one or more wired or wireless network interfaces 904, one or more input and output interfaces 905, one or more keyboards 906, and so on.
在一个具体的实施例中,应用程序的授权登录设备包括有存储器,以及一个或一个以上的程序,其中一个或者一个以上程序存储于存储器中,且一个或者一个以上程序可以包括一个或一个以上模块,且每个模块可以包括对应用程序的授权登录设备中的一系列计算机可执行指令,且经配置以由一个或者一个以上处理器执行该一个或者一个以上程序包含用于进行以下计算机可执行指令:在检测到授权登录请求后,第一应用调用预先集成的第二应用的预设软件开发工具包SDK,所述授权登录请求包括开放授权使用第二应用的账户信息登录第一应用的请求;所述第一应用通过所述SDK并利用预设进程间通信方式,向所述第二应用获取用于请求授权登录的鉴权凭证;所述第一应用通过所述SDK,向所述第二应用对应的第二服务端发送所述鉴权凭证,以使所述第二服务端校验所述鉴权凭证是否合法,并在确定所述鉴权凭证合法时返回授权数据信息;所述第一应用通过所述SDK,基于接收到的所述授权数据信息,渲染相应的授权确认页面;在接收到用户针对所述授权确认页面的确认信息后,触发所述第一应用对应的第一服务端针对所述第一应用执行相应的授权登录操作。In a specific embodiment, the authorized login device of the application program includes a memory and one or more programs, wherein one or more programs are stored in the memory, and the one or more programs may include one or more modules , And each module may include a series of computer-executable instructions in the device authorized to log in to the application program, and is configured to be executed by one or more processors. The one or more programs include computer-executable instructions for performing the following : After detecting the authorization login request, the first application invokes the pre-integrated preset software development kit SDK of the second application, and the authorization login request includes a request to openly authorize the use of the account information of the second application to log in to the first application; The first application obtains the authentication credential for requesting authorized login from the second application through the SDK and using the preset inter-process communication mode; the first application sends the authentication certificate to the second application through the SDK The second server corresponding to the application sends the authentication credential, so that the second server verifies whether the authentication credential is legal, and returns authorization data information when it is determined that the authentication credential is legal; An application renders a corresponding authorization confirmation page based on the received authorization data information through the SDK; after receiving the user's confirmation information for the authorization confirmation page, triggers the first service corresponding to the first application The terminal performs a corresponding authorized login operation for the first application.
本说明书一个或多个实施例中,待登录的第一应用通过调用预先集成的第二应用的预设软件开发工具包SDK,利用预设进程间通信方式与第二应用进行底层通信,以从第 二应用获取用于请求授权登录的鉴权凭证;再将获取到的鉴权凭证发送至第二应用对应的第二服务端,以触发第二服务端对该鉴权凭证进行合法性验证,并且在第二服务端验证鉴权凭证合法后,第一应用接收第二服务端返回的授权数据信息,再通过第二应用的SDK,基于该授权数据信息渲染并显示相应的授权确认页面;再基于用户针对该授权确认页面的确认信息,触发第一应用对应的第一服务端控制第一应用完成授权登录,这样能够实现第一应用与第二应用之间进行底层通信来获取鉴权凭证,以使鉴权凭证获取以及授权确认页面渲染的过程均在第一应用内完成,无需跳转至第二应用,省去了第一应用与第二应用之间的多次跳转,不仅提升了用户使用体验,还简化了应用授权登录的业务链路,提高了授权登录成功率。In one or more embodiments of this specification, the first application to be logged in invokes the pre-integrated preset software development kit SDK of the second application, and uses the preset inter-process communication method to communicate with the second application at the bottom level. The second application obtains the authentication credential used to request authorized login; then sends the obtained authentication credential to the second server corresponding to the second application to trigger the second server to verify the legality of the authentication credential, And after the second server verifies that the authentication certificate is legal, the first application receives the authorization data information returned by the second server, and then renders and displays the corresponding authorization confirmation page based on the authorization data information through the SDK of the second application; Based on the user's confirmation information for the authorization confirmation page, the first server corresponding to the first application is triggered to control the first application to complete the authorization login, which enables the underlying communication between the first application and the second application to obtain authentication credentials, In this way, the process of obtaining authentication credentials and rendering the authorization confirmation page is completed in the first application, without jumping to the second application, eliminating multiple jumps between the first application and the second application, which not only improves The user experience also simplifies the business link for application authorization login, and improves the authorization login success rate.
可选地,计算机可执行指令在被执行时,所述第一应用通过所述SDK并利用预设进程间通信方式,向所述第二应用获取用于请求授权登录的鉴权凭证,包括:所述第一应用通过所述SDK并利用预设进程间通信方式,向所述第二应用发送鉴权凭证获取请求;所述第一应用通过所述SDK,接收所述第二应用利用所述预设进程间通信方式返回的用于请求授权登录的鉴权凭证。Optionally, when the computer-executable instructions are executed, the first application obtains the authentication credential for requesting authorized login from the second application through the SDK and using a preset inter-process communication method, including: The first application sends an authentication credential acquisition request to the second application through the SDK and uses a preset inter-process communication method; the first application receives the second application using the SDK through the SDK The authentication credential used to request authorized login returned by the preset inter-process communication method.
可选地,计算机可执行指令在被执行时,在接收到用户针对所述授权确认页面的确认信息后,触发所述第一应用对应的第一服务端针对所述第一应用执行相应的授权登录操作,包括:在接收到用户针对所述授权确认页面的确认信息后,所述第一应用通过所述SDK,向所述第二服务端发送授权认证码获取请求;所述第一应用通过所述SDK,接收所述第二服务端返回的授权认证码;所述第一应用基于所述授权认证码,触发所述第一应用对应的第一服务端针对所述第一应用执行相应的授权登录操作。Optionally, when the computer-executable instruction is executed, after receiving the user's confirmation information for the authorization confirmation page, trigger the first server corresponding to the first application to execute the corresponding authorization for the first application The login operation includes: after receiving the user's confirmation information for the authorization confirmation page, the first application sends an authorization authentication code acquisition request to the second server through the SDK; the first application passes The SDK receives the authorization authentication code returned by the second server; the first application triggers the first server corresponding to the first application to execute the corresponding authentication code for the first application based on the authorization authentication code Authorize login operations.
可选地,计算机可执行指令在被执行时,所述第一应用基于所述授权认证码,触发所述第一应用对应的第一服务端针对所述第一应用执行相应的授权登录操作,包括:所述第一应用将所述授权认证码发送至所述第一应用对应的第一服务端,以使所述第一服务端将所述授权认证码发送至所述第二服务端、并基于所述第二服务端返回的授权令牌和数字身份标识针对所述第一应用执行相应的授权登录操作;所述第一应用接收并显示所述第一服务端返回的授权登录结果信息。Optionally, when the computer-executable instruction is executed, the first application triggers the first server corresponding to the first application to perform a corresponding authorized login operation for the first application based on the authorization authentication code, The method includes: the first application sends the authorization authentication code to a first server corresponding to the first application, so that the first server sends the authorization authentication code to the second server, And perform a corresponding authorized login operation for the first application based on the authorization token and digital identity returned by the second server; the first application receives and displays the authorized login result information returned by the first server .
可选地,计算机可执行指令在被执行时,在第一应用调用预先集成的第二应用的预设软件开发工具包SDK之前,还包括:根据所述第二应用的业务服务所面向的调用对象属性信息,确定所述第二应用的安全性要求等级;在多个备选进程间通信方式中,选取与所述安全性要求等级对应的预设进程间通信方式。Optionally, when the computer-executable instructions are executed, before the first application invokes the pre-integrated preset software development kit SDK of the second application, the instructions further include: according to the invocation of the business service of the second application The object attribute information determines the security requirement level of the second application; among a plurality of candidate inter-process communication modes, a preset inter-process communication mode corresponding to the security requirement level is selected.
可选地,计算机可执行指令在被执行时,若所述第二应用的安全性要求等级达到预设安全性等级,所述第一应用通过所述SDK并利用预设进程间通信方式,向所述第二应用发送鉴权凭证获取请求,包括:所述第一应用通过所述SDK并利用预设进程间通信方式,向所述第二应用发送鉴权凭证获取请求,以使所述第二应用触发对应的第二服务端对所述第一应用进行可信性验证、并在可信性验证通过后返回鉴权凭证。Optionally, when the computer-executable instructions are executed, if the security requirement level of the second application reaches a preset security level, the first application passes the SDK and uses a preset inter-process communication method to The second application sending an authentication credential acquisition request includes: the first application sends an authentication credential acquisition request to the second application through the SDK and using a preset inter-process communication method, so that the first application The second application triggers the corresponding second server to perform credibility verification on the first application, and returns an authentication certificate after the credibility verification is passed.
本说明书一个或多个实施例中的应用程序的授权登录设备,待登录的第一应用通过调用预先集成的第二应用的预设软件开发工具包SDK,利用预设进程间通信方式与第二应用进行底层通信,以从第二应用获取用于请求授权登录的鉴权凭证;再将获取到的鉴权凭证发送至第二应用对应的第二服务端,以触发第二服务端对该鉴权凭证进行合法性验证,并且在第二服务端验证鉴权凭证合法后,第一应用接收第二服务端返回的授权数据信息,再通过第二应用的SDK,基于该授权数据信息渲染并显示相应的授权确认页面;再基于用户针对该授权确认页面的确认信息,触发第一应用对应的第一服务端控制第一应用完成授权登录,这样能够实现第一应用与第二应用之间进行底层通信来获取鉴权凭证,以使鉴权凭证获取以及授权确认页面渲染的过程均在第一应用内完成,无需跳转至第二应用,省去了第一应用与第二应用之间的多次跳转,不仅提升了用户使用体验,还简化了应用授权登录的业务链路,提高了授权登录成功率。For the authorized login device of the application program in one or more embodiments of this specification, the first application to be logged in calls the pre-integrated preset software development kit SDK of the second application, and uses the preset inter-process communication method to communicate with the second application. The application performs underlying communication to obtain the authentication credential for requesting authorized login from the second application; and then sends the obtained authentication credential to the second server corresponding to the second application to trigger the second server to authenticate the authentication. After verifying the validity of the authorization certificate, and verifying that the authentication certificate is legal on the second server, the first application receives the authorization data information returned by the second server, and then renders and displays the authorization data information through the SDK of the second application Corresponding authorization confirmation page; based on the user's confirmation information for the authorization confirmation page, trigger the first server corresponding to the first application to control the first application to complete the authorization login, so that the bottom layer between the first application and the second application can be realized Communication to obtain the authentication credentials, so that the process of obtaining the authentication credentials and rendering the authorization confirmation page is completed in the first application, without jumping to the second application, which saves much effort between the first application and the second application. The second jump not only improves the user experience, but also simplifies the business link for application authorization login and improves the authorization login success rate.
在另一个具体的实施例中,应用程序的授权登录设备包括有存储器,以及一个或一个以上的程序,其中一个或者一个以上程序存储于存储器中,且一个或者一个以上程序可以包括一个或一个以上模块,且每个模块可以包括对应用程序的授权登录设备中的一系列计算机可执行指令,且经配置以由一个或者一个以上处理器执行该一个或者一个以上程序包含用于进行以下计算机可执行指令:第二应用对应的第二服务端接收第一应用通过预先集成的所述第二应用的预设软件开发工具包SDK所发送的鉴权凭证,其中,所述鉴权凭证是第一应用通过调用所述SDK并利用预设进程间通信方式从所述第二应用获取的;所述第二服务端对所述鉴权凭证进行合法性校验,得到相应的合法性验证结果;若所述合法性验证结果为所述鉴权凭证合法,则向所述第一应用返回授权数据信息,以使所述第一应用通过所述SDK基于所述授权数据信息渲染相应的授权确认页面,并触发所述第一应用对应的第一服务端针对所述第一应用执行相应的授权登录操作。In another specific embodiment, the authorized login device of the application program includes a memory and one or more programs, wherein one or more programs are stored in the memory, and the one or more programs may include one or more programs. Modules, and each module may include a series of computer-executable instructions in the device authorized to log in to the application program, and is configured to be executed by one or more processors. The one or more programs include the following computer-executable instructions: Instruction: The second server corresponding to the second application receives the authentication certificate sent by the first application through the pre-integrated preset software development kit SDK of the second application, where the authentication certificate is the first application Obtained from the second application by invoking the SDK and using a preset inter-process communication method; the second server verifies the legality of the authentication voucher to obtain the corresponding legality verification result; If the legality verification result is that the authentication voucher is legal, the authorization data information is returned to the first application, so that the first application renders the corresponding authorization confirmation page based on the authorization data information through the SDK, and The first server corresponding to the first application is triggered to perform a corresponding authorized login operation for the first application.
本说明书一个或多个实施例中,待登录的第一应用通过调用预先集成的第二应用的预设软件开发工具包SDK,利用预设进程间通信方式与第二应用进行底层通信,以从第二应用获取用于请求授权登录的鉴权凭证;再将获取到的鉴权凭证发送至第二应用对应 的第二服务端,以触发第二服务端对该鉴权凭证进行合法性验证,并且在第二服务端验证鉴权凭证合法后,第一应用接收第二服务端返回的授权数据信息,再通过第二应用的SDK,基于该授权数据信息渲染并显示相应的授权确认页面;再基于用户针对该授权确认页面的确认信息,触发第一应用对应的第一服务端控制第一应用完成授权登录,这样能够实现第一应用与第二应用之间进行底层通信来获取鉴权凭证,以使鉴权凭证获取以及授权确认页面渲染的过程均在第一应用内完成,无需跳转至第二应用,省去了第一应用与第二应用之间的多次跳转,不仅提升了用户使用体验,还简化了应用授权登录的业务链路,提高了授权登录成功率。In one or more embodiments of this specification, the first application to be logged in invokes the pre-integrated preset software development kit SDK of the second application, and uses the preset inter-process communication method to communicate with the second application at the bottom level. The second application obtains the authentication credential used to request authorized login; then sends the obtained authentication credential to the second server corresponding to the second application to trigger the second server to verify the legality of the authentication credential, And after the second server verifies that the authentication certificate is legal, the first application receives the authorization data information returned by the second server, and then renders and displays the corresponding authorization confirmation page based on the authorization data information through the SDK of the second application; Based on the user's confirmation information for the authorization confirmation page, the first server corresponding to the first application is triggered to control the first application to complete the authorization login, which enables the underlying communication between the first application and the second application to obtain authentication credentials, In this way, the process of obtaining authentication credentials and rendering the authorization confirmation page is completed in the first application, without jumping to the second application, eliminating multiple jumps between the first application and the second application, which not only improves The user experience also simplifies the business link for application authorization login, and improves the authorization login success rate.
可选地,计算机可执行指令在被执行时,在向所述第一应用返回授权数据信息之后,还包括:所述第二服务端接收所述第一应用通过所述SDK发送的授权认证码获取请求;所述第二服务端响应于所述授权认证码获取请求,向所述第一应用返回相应的授权认证码,以使所述第一应用基于通过所述SDK接收到的所述授权认证码,触发所述第一应用对应的第一服务端针对所述第一应用执行相应的授权登录操作。Optionally, when the computer executable instruction is executed, after returning the authorization data information to the first application, the method further includes: the second server receiving the authorization authentication code sent by the first application through the SDK Acquisition request; in response to the authorization authentication code acquisition request, the second server returns a corresponding authorization authentication code to the first application, so that the first application is based on the authorization received through the SDK The authentication code triggers the first server corresponding to the first application to perform a corresponding authorized login operation for the first application.
可选地,计算机可执行指令在被执行时,在所述第二服务端响应于所述授权认证码获取请求,向所述第一应用返回相应的授权认证码之后,还包括:所述第二服务端接收所述第一服务端发送的授权认证码;所述第二服务端对所述授权认证码进行可信性验证,得到相应的可信性验证结果;若所述可信性验证结果为验证通过,则向所述第一服务端返回授权令牌和数字身份标识,以使所述第一服务端基于所述授权令牌和所述数字身份标识针对所述第一应用执行相应的授权登录操作。Optionally, when the computer executable instruction is executed, after the second server returns a corresponding authorization authentication code to the first application in response to the authorization authentication code acquisition request, it further includes: the first application The second server receives the authorization authentication code sent by the first server; the second server verifies the credibility of the authorized authentication code to obtain the corresponding credibility verification result; if the credibility is verified If the result is that the verification is passed, an authorization token and a digital identity are returned to the first server, so that the first server executes corresponding actions on the first application based on the authorization token and the digital identity. Authorized login operation.
可选地,计算机可执行指令在被执行时,所述预设进程间通信方式是通过如下方式确定的:根据所述第二应用的业务服务所面向的调用对象属性信息,确定所述第二应用的安全性要求等级;在多个备选进程间通信方式中,选取与所述安全性要求等级对应的预设进程间通信方式。Optionally, when the computer-executable instructions are executed, the preset inter-process communication mode is determined in the following way: determining the second The security requirement level of the application; among the multiple alternative inter-process communication modes, a preset inter-process communication mode corresponding to the security requirement level is selected.
本说明书一个或多个实施例中的应用程序的授权登录设备,待登录的第一应用通过调用预先集成的第二应用的预设软件开发工具包SDK,利用预设进程间通信方式与第二应用进行底层通信,以从第二应用获取用于请求授权登录的鉴权凭证;再将获取到的鉴权凭证发送至第二应用对应的第二服务端,以触发第二服务端对该鉴权凭证进行合法性验证,并且在第二服务端验证鉴权凭证合法后,第一应用接收第二服务端返回的授权数据信息,再通过第二应用的SDK,基于该授权数据信息渲染并显示相应的授权确认页面;再基于用户针对该授权确认页面的确认信息,触发第一应用对应的第一服务端控 制第一应用完成授权登录,这样能够实现第一应用与第二应用之间进行底层通信来获取鉴权凭证,以使鉴权凭证获取以及授权确认页面渲染的过程均在第一应用内完成,无需跳转至第二应用,省去了第一应用与第二应用之间的多次跳转,不仅提升了用户使用体验,还简化了应用授权登录的业务链路,提高了授权登录成功率。For the authorized login device of the application program in one or more embodiments of this specification, the first application to be logged in calls the pre-integrated preset software development kit SDK of the second application, and uses the preset inter-process communication method to communicate with the second application. The application performs underlying communication to obtain the authentication credential for requesting authorized login from the second application; and then sends the obtained authentication credential to the second server corresponding to the second application to trigger the second server to authenticate the authentication. After verifying the validity of the authorization certificate, and verifying that the authentication certificate is legal on the second server, the first application receives the authorization data information returned by the second server, and then renders and displays the authorization data information through the SDK of the second application Corresponding authorization confirmation page; based on the user's confirmation information for the authorization confirmation page, trigger the first server corresponding to the first application to control the first application to complete the authorization login, so that the bottom layer between the first application and the second application can be realized Communication to obtain the authentication credentials, so that the process of obtaining the authentication credentials and rendering the authorization confirmation page is completed in the first application, without jumping to the second application, which saves much effort between the first application and the second application. The second jump not only improves the user experience, but also simplifies the business link for application authorization login and improves the authorization login success rate.
需要说明的是,本说明书中关于应用程序的授权登录设备的实施例与本说明书中关于应用程序的授权登录方法的实施例基于同一发明构思,因此该实施例的具体实施可以参见前述对应的应用程序的授权登录方法的实施,重复之处不再赘述。It should be noted that the embodiment of the application authorization login device in this specification and the embodiment of the application authorization login method in this specification are based on the same inventive concept, so the specific implementation of this embodiment can refer to the aforementioned corresponding application The implementation of the authorized login method of the program, the repetition will not be repeated.
进一步地,对应上述图2至图5所示的方法,基于相同的技术构思,本说明书一个或多个实施例还提供了一种存储介质,用于存储计算机可执行指令,一种具体的实施例中,该存储介质可以为U盘、光盘、硬盘等,该存储介质存储的计算机可执行指令在被处理器执行时,能实现以下流程:在检测到授权登录请求后,第一应用调用预先集成的第二应用的预设软件开发工具包SDK,所述授权登录请求包括开放授权使用第二应用的账户信息登录第一应用的请求;所述第一应用通过所述SDK并利用预设进程间通信方式,向所述第二应用获取用于请求授权登录的鉴权凭证;所述第一应用通过所述SDK,向所述第二应用对应的第二服务端发送所述鉴权凭证,以使所述第二服务端校验所述鉴权凭证是否合法,并在确定所述鉴权凭证合法时返回授权数据信息;所述第一应用通过所述SDK,基于接收到的所述授权数据信息,渲染相应的授权确认页面;在接收到用户针对所述授权确认页面的确认信息后,触发所述第一应用对应的第一服务端针对所述第一应用执行相应的授权登录操作。Further, corresponding to the methods shown in FIGS. 2 to 5, based on the same technical concept, one or more embodiments of this specification also provide a storage medium for storing computer-executable instructions, a specific implementation In an example, the storage medium may be a U disk, an optical disk, a hard disk, etc., when the computer executable instructions stored in the storage medium are executed by the processor, the following process can be realized: after the authorized login request is detected, the first application calls The preset software development kit SDK of the integrated second application, the authorization login request includes a request to open the authorization to use the account information of the second application to log in to the first application; the first application passes through the SDK and uses the preset process By means of inter-communication, obtaining an authentication credential for requesting authorized login from the second application; the first application sends the authentication credential to the second server corresponding to the second application through the SDK, So that the second server verifies whether the authentication certificate is legal, and returns authorization data information when it is determined that the authentication certificate is legal; the first application passes through the SDK and is based on the received authorization Data information, rendering the corresponding authorization confirmation page; after receiving the user's confirmation information for the authorization confirmation page, trigger the first server corresponding to the first application to perform a corresponding authorization login operation for the first application.
本说明书一个或多个实施例中,待登录的第一应用通过调用预先集成的第二应用的预设软件开发工具包SDK,利用预设进程间通信方式与第二应用进行底层通信,以从第二应用获取用于请求授权登录的鉴权凭证;再将获取到的鉴权凭证发送至第二应用对应的第二服务端,以触发第二服务端对该鉴权凭证进行合法性验证,并且在第二服务端验证鉴权凭证合法后,第一应用接收第二服务端返回的授权数据信息,再通过第二应用的SDK,基于该授权数据信息渲染并显示相应的授权确认页面;再基于用户针对该授权确认页面的确认信息,触发第一应用对应的第一服务端控制第一应用完成授权登录,这样能够实现第一应用与第二应用之间进行底层通信来获取鉴权凭证,以使鉴权凭证获取以及授权确认页面渲染的过程均在第一应用内完成,无需跳转至第二应用,省去了第一应用与第二应用之间的多次跳转,不仅提升了用户使用体验,还简化了应用授权登录的业务链路,提高了授权登录成功率。In one or more embodiments of this specification, the first application to be logged in invokes the pre-integrated preset software development kit SDK of the second application, and uses the preset inter-process communication method to communicate with the second application at the bottom level. The second application obtains the authentication credential used to request authorized login; then sends the obtained authentication credential to the second server corresponding to the second application to trigger the second server to verify the legality of the authentication credential, And after the second server verifies that the authentication certificate is legal, the first application receives the authorization data information returned by the second server, and then renders and displays the corresponding authorization confirmation page based on the authorization data information through the SDK of the second application; Based on the user's confirmation information for the authorization confirmation page, the first server corresponding to the first application is triggered to control the first application to complete the authorization login, which enables the underlying communication between the first application and the second application to obtain authentication credentials, In this way, the process of obtaining authentication credentials and rendering the authorization confirmation page is completed in the first application, without jumping to the second application, eliminating multiple jumps between the first application and the second application, which not only improves The user experience also simplifies the business link for application authorization login, and improves the authorization login success rate.
可选地,该存储介质存储的计算机可执行指令在被处理器执行时,所述第一应用通过所述SDK并利用预设进程间通信方式,向所述第二应用获取用于请求授权登录的鉴权凭证,包括:所述第一应用通过所述SDK并利用预设进程间通信方式,向所述第二应用发送鉴权凭证获取请求;所述第一应用通过所述SDK,接收所述第二应用利用所述预设进程间通信方式返回的用于请求授权登录的鉴权凭证。Optionally, when the computer-executable instructions stored in the storage medium are executed by the processor, the first application uses the SDK and uses a preset inter-process communication method to obtain information from the second application for requesting authorization to log in The authentication credential includes: the first application sends an authentication credential acquisition request to the second application through the SDK and using a preset inter-process communication mode; the first application receives the authentication credential through the SDK The second application uses the authentication credential returned by the preset inter-process communication method for requesting authorized login.
可选地,该存储介质存储的计算机可执行指令在被处理器执行时,在接收到用户针对所述授权确认页面的确认信息后,触发所述第一应用对应的第一服务端针对所述第一应用执行相应的授权登录操作,包括:在接收到用户针对所述授权确认页面的确认信息后,所述第一应用通过所述SDK,向所述第二服务端发送授权认证码获取请求;所述第一应用通过所述SDK,接收所述第二服务端返回的授权认证码;所述第一应用基于所述授权认证码,触发所述第一应用对应的第一服务端针对所述第一应用执行相应的授权登录操作。Optionally, when the computer-executable instructions stored in the storage medium are executed by the processor, after receiving confirmation information from the user for the authorization confirmation page, trigger the first server corresponding to the first application to respond to the The first application performs the corresponding authorization login operation, including: after receiving the user's confirmation information for the authorization confirmation page, the first application sends an authorization authentication code acquisition request to the second server through the SDK The first application receives the authorization authentication code returned by the second server through the SDK; the first application triggers the first server corresponding to the first application to respond to the authorization authentication code based on the authorization authentication code The first application executes the corresponding authorized login operation.
可选地,该存储介质存储的计算机可执行指令在被处理器执行时,所述第一应用基于所述授权认证码,触发所述第一应用对应的第一服务端针对所述第一应用执行相应的授权登录操作,包括:所述第一应用将所述授权认证码发送至所述第一应用对应的第一服务端,以使所述第一服务端将所述授权认证码发送至所述第二服务端、并基于所述第二服务端返回的授权令牌和数字身份标识针对所述第一应用执行相应的授权登录操作;所述第一应用接收并显示所述第一服务端返回的授权登录结果信息。Optionally, when the computer-executable instructions stored in the storage medium are executed by the processor, the first application triggers the first server corresponding to the first application to target the first application based on the authorization authentication code. Performing the corresponding authorized login operation includes: the first application sends the authorization authentication code to the first server corresponding to the first application, so that the first server sends the authorization authentication code to The second server performs a corresponding authorized login operation for the first application based on the authorization token and digital identity returned by the second server; the first application receives and displays the first service Authorized login result information returned by the terminal.
可选地,该存储介质存储的计算机可执行指令在被处理器执行时,在第一应用调用预先集成的第二应用的预设软件开发工具包SDK之前,还包括:根据所述第二应用的业务服务所面向的调用对象属性信息,确定所述第二应用的安全性要求等级;在多个备选进程间通信方式中,选取与所述安全性要求等级对应的预设进程间通信方式。Optionally, when the computer executable instructions stored in the storage medium are executed by the processor, before the first application invokes the pre-integrated preset software development kit SDK of the second application, the method further includes: according to the second application The attribute information of the calling object to which the business service is oriented to determine the security requirement level of the second application; among a plurality of alternative inter-process communication methods, a preset inter-process communication method corresponding to the security requirement level is selected .
可选地,该存储介质存储的计算机可执行指令在被处理器执行时,若所述第二应用的安全性要求等级达到预设安全性等级,所述第一应用通过所述SDK并利用预设进程间通信方式,向所述第二应用发送鉴权凭证获取请求,包括:所述第一应用通过所述SDK并利用预设进程间通信方式,向所述第二应用发送鉴权凭证获取请求,以使所述第二应用触发对应的第二服务端对所述第一应用进行可信性验证、并在可信性验证通过后返回鉴权凭证。Optionally, when the computer-executable instructions stored in the storage medium are executed by the processor, if the security requirement level of the second application reaches a preset security level, the first application passes the SDK and uses the preset security level. Supposing an inter-process communication mode, sending an authentication voucher acquisition request to the second application includes: the first application sends an authentication voucher acquisition to the second application through the SDK and using a preset inter-process communication mode Request, so that the second application triggers the corresponding second server to perform credibility verification on the first application, and returns an authentication certificate after the credibility verification is passed.
本说明书一个或多个实施例中的存储介质存储的计算机可执行指令在被处理器执行时,待登录的第一应用通过调用预先集成的第二应用的预设软件开发工具包SDK, 利用预设进程间通信方式与第二应用进行底层通信,以从第二应用获取用于请求授权登录的鉴权凭证;再将获取到的鉴权凭证发送至第二应用对应的第二服务端,以触发第二服务端对该鉴权凭证进行合法性验证,并且在第二服务端验证鉴权凭证合法后,第一应用接收第二服务端返回的授权数据信息,再通过第二应用的SDK,基于该授权数据信息渲染并显示相应的授权确认页面;再基于用户针对该授权确认页面的确认信息,触发第一应用对应的第一服务端控制第一应用完成授权登录,这样能够实现第一应用与第二应用之间进行底层通信来获取鉴权凭证,以使鉴权凭证获取以及授权确认页面渲染的过程均在第一应用内完成,无需跳转至第二应用,省去了第一应用与第二应用之间的多次跳转,不仅提升了用户使用体验,还简化了应用授权登录的业务链路,提高了授权登录成功率。When the computer-executable instructions stored in the storage medium in one or more embodiments of this specification are executed by the processor, the first application to be logged in calls the pre-integrated second application's preset software development kit SDK, and uses the pre-integrated software development kit SDK. Suppose that the inter-process communication mode communicates with the second application at the bottom level to obtain the authentication credential for requesting authorized login from the second application; and then send the obtained authentication credential to the second server corresponding to the second application to The second server is triggered to verify the validity of the authentication certificate, and after the second server verifies that the authentication certificate is legal, the first application receives the authorization data information returned by the second server, and then passes the SDK of the second application, Render and display the corresponding authorization confirmation page based on the authorization data information; and then based on the user's confirmation information for the authorization confirmation page, trigger the first server corresponding to the first application to control the first application to complete the authorization login, so that the first application can be realized Perform bottom-level communication with the second application to obtain authentication credentials, so that the process of obtaining authentication credentials and rendering the authorization confirmation page is completed in the first application, without jumping to the second application, eliminating the need for the first application The multiple jumps with the second application not only improve the user experience, but also simplify the business link for application authorization login and improve the authorization login success rate.
在另一个具体的实施例中,该存储介质可以为U盘、光盘、硬盘等,该存储介质存储的计算机可执行指令在被处理器执行时,能实现以下流程:In another specific embodiment, the storage medium may be a U disk, an optical disk, a hard disk, etc., and the computer executable instructions stored in the storage medium can implement the following process when executed by the processor:
第二应用对应的第二服务端接收第一应用通过预先集成的所述第二应用的预设软件开发工具包SDK所发送的鉴权凭证,其中,所述鉴权凭证是第一应用通过调用所述SDK并利用预设进程间通信方式从所述第二应用获取的;The second server corresponding to the second application receives the authentication credential sent by the first application through the pre-integrated pre-integrated software development kit SDK of the second application, where the authentication credential is that the first application invokes The SDK is obtained from the second application by using a preset inter-process communication method;
所述第二服务端对所述鉴权凭证进行合法性校验,得到相应的合法性验证结果;The second server performs a legality check on the authentication certificate, and obtains a corresponding legality verification result;
若所述合法性验证结果为所述鉴权凭证合法,则向所述第一应用返回授权数据信息,以使所述第一应用通过所述SDK基于所述授权数据信息渲染相应的授权确认页面,并触发所述第一应用对应的第一服务端针对所述第一应用执行相应的授权登录操作。If the legality verification result is that the authentication voucher is legal, return authorization data information to the first application so that the first application can render a corresponding authorization confirmation page based on the authorization data information through the SDK , And trigger the first server corresponding to the first application to perform a corresponding authorized login operation for the first application.
本说明书一个或多个实施例中,待登录的第一应用通过调用预先集成的第二应用的预设软件开发工具包SDK,利用预设进程间通信方式与第二应用进行底层通信,以从第二应用获取用于请求授权登录的鉴权凭证;再将获取到的鉴权凭证发送至第二应用对应的第二服务端,以触发第二服务端对该鉴权凭证进行合法性验证,并且在第二服务端验证鉴权凭证合法后,第一应用接收第二服务端返回的授权数据信息,再通过第二应用的SDK,基于该授权数据信息渲染并显示相应的授权确认页面;再基于用户针对该授权确认页面的确认信息,触发第一应用对应的第一服务端控制第一应用完成授权登录,这样能够实现第一应用与第二应用之间进行底层通信来获取鉴权凭证,以使鉴权凭证获取以及授权确认页面渲染的过程均在第一应用内完成,无需跳转至第二应用,省去了第一应用与第二应用之间的多次跳转,不仅提升了用户使用体验,还简化了应用授权登录的业务链路,提高了授权登录成功率。In one or more embodiments of this specification, the first application to be logged in invokes the pre-integrated preset software development kit SDK of the second application, and uses the preset inter-process communication method to communicate with the second application at the bottom level. The second application obtains the authentication credential used to request authorized login; then sends the obtained authentication credential to the second server corresponding to the second application to trigger the second server to verify the legality of the authentication credential, And after the second server verifies that the authentication certificate is legal, the first application receives the authorization data information returned by the second server, and then renders and displays the corresponding authorization confirmation page based on the authorization data information through the SDK of the second application; Based on the user's confirmation information for the authorization confirmation page, the first server corresponding to the first application is triggered to control the first application to complete the authorization login, which enables the underlying communication between the first application and the second application to obtain authentication credentials, In this way, the process of obtaining authentication credentials and rendering the authorization confirmation page is completed in the first application, without jumping to the second application, eliminating multiple jumps between the first application and the second application, which not only improves The user experience also simplifies the business link for application authorization login, and improves the authorization login success rate.
可选地,该存储介质存储的计算机可执行指令在被处理器执行时,在向所述第一应用返回授权数据信息之后,还包括:所述第二服务端接收所述第一应用通过所述SDK发送的授权认证码获取请求;所述第二服务端响应于所述授权认证码获取请求,向所述第一应用返回相应的授权认证码,以使所述第一应用基于通过所述SDK接收到的所述授权认证码,触发所述第一应用对应的第一服务端针对所述第一应用执行相应的授权登录操作。Optionally, when the computer-executable instructions stored in the storage medium are executed by the processor, after returning authorization data information to the first application, the method further includes: the second server receiving the first application through the The authorization authentication code acquisition request sent by the SDK; the second server, in response to the authorization authentication code acquisition request, returns the corresponding authorization authentication code to the first application, so that the first application is based on the The authorization authentication code received by the SDK triggers the first server corresponding to the first application to perform a corresponding authorization login operation for the first application.
可选地,该存储介质存储的计算机可执行指令在被处理器执行时,在所述第二服务端响应于所述授权认证码获取请求,向所述第一应用返回相应的授权认证码之后,还包括:所述第二服务端接收所述第一服务端发送的授权认证码;所述第二服务端对所述授权认证码进行可信性验证,得到相应的可信性验证结果;若所述可信性验证结果为验证通过,则向所述第一服务端返回授权令牌和数字身份标识,以使所述第一服务端基于所述授权令牌和所述数字身份标识针对所述第一应用执行相应的授权登录操作。Optionally, when the computer executable instructions stored in the storage medium are executed by the processor, after the second server responds to the authorization authentication code acquisition request and returns the corresponding authorization authentication code to the first application , Further including: the second server receiving the authorization authentication code sent by the first server; the second server performing credibility verification on the authorization authentication code to obtain a corresponding credibility verification result; If the credibility verification result is that the verification is passed, the authorization token and the digital identity are returned to the first server, so that the first server is directed to the first server based on the authorization token and the digital identity. The first application executes a corresponding authorized login operation.
可选地,该存储介质存储的计算机可执行指令在被处理器执行时,所述预设进程间通信方式是通过如下方式确定的:根据所述第二应用的业务服务所面向的调用对象属性信息,确定所述第二应用的安全性要求等级;在多个备选进程间通信方式中,选取与所述安全性要求等级对应的预设进程间通信方式。Optionally, when the computer-executable instructions stored in the storage medium are executed by the processor, the preset inter-process communication mode is determined in the following manner: according to the calling object attribute of the business service of the second application Information to determine the security requirement level of the second application; among a plurality of candidate inter-process communication modes, a preset inter-process communication mode corresponding to the security requirement level is selected.
本说明书一个或多个实施例中的存储介质存储的计算机可执行指令在被处理器执行时,待登录的第一应用通过调用预先集成的第二应用的预设软件开发工具包SDK,利用预设进程间通信方式与第二应用进行底层通信,以从第二应用获取用于请求授权登录的鉴权凭证;再将获取到的鉴权凭证发送至第二应用对应的第二服务端,以触发第二服务端对该鉴权凭证进行合法性验证,并且在第二服务端验证鉴权凭证合法后,第一应用接收第二服务端返回的授权数据信息,再通过第二应用的SDK,基于该授权数据信息渲染并显示相应的授权确认页面;再基于用户针对该授权确认页面的确认信息,触发第一应用对应的第一服务端控制第一应用完成授权登录,这样能够实现第一应用与第二应用之间进行底层通信来获取鉴权凭证,以使鉴权凭证获取以及授权确认页面渲染的过程均在第一应用内完成,无需跳转至第二应用,省去了第一应用与第二应用之间的多次跳转,不仅提升了用户使用体验,还简化了应用授权登录的业务链路,提高了授权登录成功率。When the computer-executable instructions stored in the storage medium in one or more embodiments of this specification are executed by the processor, the first application to be logged in invokes the pre-integrated second application's preset software development kit SDK, and uses the preset software development kit SDK. Suppose that the inter-process communication mode communicates with the second application at the bottom level to obtain the authentication credential for requesting authorized login from the second application; and then send the obtained authentication credential to the second server corresponding to the second application to The second server is triggered to verify the validity of the authentication certificate, and after the second server verifies that the authentication certificate is legal, the first application receives the authorization data information returned by the second server, and then passes the SDK of the second application, Render and display the corresponding authorization confirmation page based on the authorization data information; and then based on the user's confirmation information for the authorization confirmation page, trigger the first server corresponding to the first application to control the first application to complete the authorization login, so that the first application can be realized Perform bottom-level communication with the second application to obtain authentication credentials, so that the process of obtaining authentication credentials and rendering the authorization confirmation page is completed in the first application, without jumping to the second application, eliminating the need for the first application The multiple jumps with the second application not only improve the user experience, but also simplify the business link for application authorization login and improve the authorization login success rate.
需要说明的是,本说明书中关于存储介质的实施例与本说明书中关于应用程序的授权登录方法的实施例基于同一发明构思,因此该实施例的具体实施可以参见前述对 应的应用程序的授权登录方法的实施,重复之处不再赘述。It should be noted that the embodiment of the storage medium in this specification and the embodiment of the application authorization login method in this specification are based on the same inventive concept, so the specific implementation of this embodiment can refer to the aforementioned corresponding application authorization login The implementation of the method will not repeat the repetition.
上述对本说明书特定实施例进行了描述。其它实施例在所附权利要求书的范围内。在一些情况下,在权利要求书中记载的动作或步骤可以按照不同于实施例中的顺序来执行并且仍然可以实现期望的结果。另外,在附图中描绘的过程不一定要求示出的特定顺序或者连续顺序才能实现期望的结果。在某些实施方式中,多任务处理和并行处理也是可以的或者可能是有利的。The foregoing describes specific embodiments of this specification. Other embodiments are within the scope of the appended claims. In some cases, the actions or steps described in the claims can be performed in a different order than in the embodiments and still achieve desired results. In addition, the processes depicted in the drawings do not necessarily require the specific order or sequential order shown in order to achieve the desired results. In some embodiments, multitasking and parallel processing are also possible or may be advantageous.
在20世纪90年代,对于一个技术的改进可以很明显地区分是硬件上的改进(例如,对二极管、晶体管、开关等电路结构的改进)还是软件上的改进(对于方法流程的改进)。然而,随着技术的发展,当今的很多方法流程的改进已经可以视为硬件电路结构的直接改进。设计人员几乎都通过将改进的方法流程编程到硬件电路中来得到相应的硬件电路结构。因此,不能说一个方法流程的改进就不能用硬件实体模块来实现。例如,可编程逻辑器件(Programmable Logic Device,PLD)(例如现场可编程门阵列(Field Programmable Gate Array,FPGA))就是这样一种集成电路,其逻辑功能由用户对器件编程来确定。由设计人员自行编程来把一个数字系统“集成”在一片PLD上,而不需要请芯片制造厂商来设计和制作专用的集成电路芯片。而且,如今,取代手工地制作集成电路芯片,这种编程也多半改用“逻辑编译器(logic compiler)”软件来实现,它与程序开发撰写时所用的软件编译器相类似,而要编译之前的原始代码也得用特定的编程语言来撰写,此称之为硬件描述语言(Hardware Description Language,HDL),而HDL也并非仅有一种,而是有许多种,如ABEL(Advanced Boolean Expression Language)、AHDL(Altera Hardware Description Language)、Confluence、CUPL(Cornell University Programming Language)、HD Cal、JHDL(Java Hardware Description Language)、Lava、Lola、My HDL、PALASM、RHDL(Ruby Hardware Description Language)等,目前最普遍使用的是VHDL(Very-High-Speed Integrated Circuit Hardware Description Language)与Verilog。本领域技术人员也应该清楚,只需要将方法流程用上述几种硬件描述语言稍作逻辑编程并编程到集成电路中,就可以很容易得到实现该逻辑方法流程的硬件电路。In the 1990s, the improvement of a technology can be clearly distinguished between hardware improvements (for example, improvements in circuit structures such as diodes, transistors, switches, etc.) or software improvements (improvements in method flow). However, with the development of technology, the improvement of many methods and processes of today can be regarded as a direct improvement of the hardware circuit structure. Designers almost always get the corresponding hardware circuit structure by programming the improved method flow into the hardware circuit. Therefore, it cannot be said that the improvement of a method flow cannot be realized by the hardware entity module. For example, a programmable logic device (Programmable Logic Device, PLD) (such as a Field Programmable Gate Array (Field Programmable Gate Array, FPGA)) is such an integrated circuit whose logic function is determined by the user's programming of the device. It is programmed by the designer to "integrate" a digital system on a PLD without requiring the chip manufacturer to design and manufacture a dedicated integrated circuit chip. Moreover, nowadays, instead of manually making integrated circuit chips, this kind of programming is mostly realized with "logic compiler" software, which is similar to the software compiler used in program development and writing, but before compilation The original code must also be written in a specific programming language, which is called Hardware Description Language (HDL), and there is not only one type of HDL, but many types, such as ABEL (Advanced Boolean Expression Language) , AHDL (Altera Hardware Description Language), Confluence, CUPL (Cornell University Programming Language), HD Cal, JHDL (Java Hardware Description Language), Lava, Lola, My HDL, PALASM, RHDL (Ruby Hardware Description), etc., currently the most Commonly used are VHDL (Very-High-Speed Integrated Circuit Hardware Description Language) and Verilog. It should also be clear to those skilled in the art that just a little bit of logic programming of the method flow in the above-mentioned hardware description languages and programming into an integrated circuit can easily obtain the hardware circuit that implements the logic method flow.
控制器可以按任何适当的方式实现,例如,控制器可以采取例如微处理器或处理器以及存储可由该(微)处理器执行的计算机可读程序代码(例如软件或固件)的计算机可读介质、逻辑门、开关、专用集成电路(Application Specific Integrated Circuit,ASIC)、可编程逻辑控制器和嵌入微控制器的形式,控制器的例子包括但不限于以下微控制器:ARC 625D、Atmel AT91SAM、Microchip PIC18F26K20以及Silicone Labs  C8051F320,存储器控制器还可以被实现为存储器的控制逻辑的一部分。本领域技术人员也知道,除了以纯计算机可读程序代码方式实现控制器以外,完全可以通过将方法步骤进行逻辑编程来使得控制器以逻辑门、开关、专用集成电路、可编程逻辑控制器和嵌入微控制器等的形式来实现相同功能。因此这种控制器可以被认为是一种硬件部件,而对其内包括的用于实现各种功能的装置也可以视为硬件部件内的结构。或者甚至,可以将用于实现各种功能的装置视为既可以是实现方法的软件模块又可以是硬件部件内的结构。The controller can be implemented in any suitable manner. For example, the controller can take the form of, for example, a microprocessor or a processor and a computer-readable medium storing computer-readable program codes (such as software or firmware) executable by the (micro)processor. , Logic gates, switches, application specific integrated circuits (ASICs), programmable logic controllers and embedded microcontrollers. Examples of controllers include but are not limited to the following microcontrollers: ARC625D, Atmel AT91SAM, Microchip PIC18F26K20 and Silicon Labs C8051F320, the memory controller can also be implemented as a part of the control logic of the memory. Those skilled in the art also know that, in addition to implementing the controller in a purely computer-readable program code manner, it is entirely possible to program the method steps to make the controller use logic gates, switches, application-specific integrated circuits, programmable logic controllers, and embedded logic. The same function can be realized in the form of a microcontroller or the like. Therefore, such a controller can be regarded as a hardware component, and the devices included in it for realizing various functions can also be regarded as a structure within the hardware component. Or even, the device for realizing various functions can be regarded as both a software module for realizing the method and a structure within a hardware component.
上述实施例阐明的系统、装置、模块或单元,具体可以由计算机芯片或实体实现,或者由具有某种功能的产品来实现。一种典型的实现设备为计算机。具体的,计算机例如可以为个人计算机、膝上型计算机、蜂窝电话、相机电话、智能电话、个人数字助理、媒体播放器、导航设备、电子邮件设备、游戏控制台、平板计算机、可穿戴设备或者这些设备中的任何设备的组合。The systems, devices, modules, or units illustrated in the above embodiments may be specifically implemented by computer chips or entities, or implemented by products with certain functions. A typical implementation device is a computer. Specifically, the computer may be, for example, a personal computer, a laptop computer, a cell phone, a camera phone, a smart phone, a personal digital assistant, a media player, a navigation device, an email device, a game console, a tablet computer, a wearable device, or Any combination of these devices.
为了描述的方便,描述以上装置时以功能分为各种单元分别描述。当然,在实施本说明书一个或多个时可以把各单元的功能在同一个或多个软件和/或硬件中实现。For the convenience of description, when describing the above device, the functions are divided into various units and described separately. Of course, when one or more of this specification is implemented, the functions of each unit can be implemented in the same one or more software and/or hardware.
本领域内的技术人员应明白,本说明书一个或多个的实施例可提供为方法、系统、或计算机程序产品。因此,本说明书一个或多个可采用完全硬件实施例、完全软件实施例、或结合软件和硬件方面的实施例的形式。而且,本说明书一个或多个可采用在一个或多个其中包含有计算机可用程序代码的计算机可用存储介质(包括但不限于磁盘存储器、CD-ROM、光学存储器等)上实施的计算机程序产品的形式。Those skilled in the art should understand that one or more of the embodiments in this specification can be provided as a method, a system, or a computer program product. Therefore, one or more of this specification may adopt the form of a complete hardware embodiment, a complete software embodiment, or an embodiment combining software and hardware. Moreover, one or more of this specification can adopt computer program products implemented on one or more computer-usable storage media (including but not limited to disk storage, CD-ROM, optical storage, etc.) containing computer-usable program codes. form.
本说明书一个或多个是参照根据本说明书一个或多个实施例的方法、设备(系统)、和计算机程序产品的流程图和/或方框图来描述的。应理解可由计算机程序指令实现流程图和/或方框图中的每一流程和/或方框、以及流程图和/或方框图中的流程和/或方框的结合。可提供这些计算机程序指令到通用计算机、专用计算机、嵌入式处理机或其他可编程数据处理设备的处理器以产生一个机器,使得通过计算机或其他可编程数据处理设备的处理器执行的指令产生用于实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能的装置。One or more of this specification is described with reference to flowcharts and/or block diagrams of methods, devices (systems), and computer program products according to one or more embodiments of this specification. It should be understood that each process and/or block in the flowchart and/or block diagram, and the combination of processes and/or blocks in the flowchart and/or block diagram can be realized by computer program instructions. These computer program instructions can be provided to the processor of a general-purpose computer, a special-purpose computer, an embedded processor, or other programmable data processing equipment to generate a machine, so that the instructions executed by the processor of the computer or other programmable data processing equipment are used to generate It is a device that realizes the functions specified in one process or multiple processes in the flowchart and/or one block or multiple blocks in the block diagram.
这些计算机程序指令也可存储在能引导计算机或其他可编程数据处理设备以特定方式工作的计算机可读存储器中,使得存储在该计算机可读存储器中的指令产生包括指令装置的制造品,该指令装置实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能。These computer program instructions can also be stored in a computer-readable memory that can guide a computer or other programmable data processing equipment to work in a specific manner, so that the instructions stored in the computer-readable memory produce an article of manufacture including the instruction device. The device implements the functions specified in one process or multiple processes in the flowchart and/or one block or multiple blocks in the block diagram.
这些计算机程序指令也可装载到计算机或其他可编程数据处理设备上,使得在计算机或其他可编程设备上执行一系列操作步骤以产生计算机实现的处理,从而在计算机或其他可编程设备上执行的指令提供用于实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能的步骤。These computer program instructions can also be loaded on a computer or other programmable data processing equipment, so that a series of operation steps are executed on the computer or other programmable equipment to produce computer-implemented processing, so as to execute on the computer or other programmable equipment. The instructions provide steps for implementing the functions specified in one process or multiple processes in the flowchart and/or one block or multiple blocks in the block diagram.
在一个典型的配置中,计算设备包括一个或多个处理器(CPU)、输入/输出接口、网络接口和内存。In a typical configuration, the computing device includes one or more processors (CPUs), input/output interfaces, network interfaces, and memory.
内存可能包括计算机可读介质中的非永久性存储器,随机存取存储器(RAM)和/或非易失性内存等形式,如只读存储器(ROM)或闪存(flash RAM)。内存是计算机可读介质的示例。The memory may include non-permanent memory in computer readable media, random access memory (RAM) and/or non-volatile memory, such as read-only memory (ROM) or flash memory (flash RAM). Memory is an example of computer readable media.
计算机可读介质包括永久性和非永久性、可移动和非可移动媒体可以由任何方法或技术来实现信息存储。信息可以是计算机可读指令、数据结构、程序的模块或其他数据。计算机的存储介质的例子包括,但不限于相变内存(PRAM)、静态随机存取存储器(SRAM)、动态随机存取存储器(DRAM)、其他类型的随机存取存储器(RAM)、只读存储器(ROM)、电可擦除可编程只读存储器(EEPROM)、快闪记忆体或其他内存技术、只读光盘只读存储器(CD-ROM)、数字多功能光盘(DVD)或其他光学存储、磁盒式磁带,磁带磁磁盘存储或其他磁性存储设备或任何其他非传输介质,可用于存储可以被计算设备访问的信息。按照本文中的界定,计算机可读介质不包括暂存电脑可读媒体(transitory media),如调制的数据信号和载波。Computer-readable media include permanent and non-permanent, removable and non-removable media, and information storage can be realized by any method or technology. The information can be computer-readable instructions, data structures, program modules, or other data. Examples of computer storage media include, but are not limited to, phase change memory (PRAM), static random access memory (SRAM), dynamic random access memory (DRAM), other types of random access memory (RAM), read-only memory (ROM), electrically erasable programmable read-only memory (EEPROM), flash memory or other memory technology, CD-ROM, digital versatile disc (DVD) or other optical storage, Magnetic cassettes, magnetic tape magnetic disk storage or other magnetic storage devices or any other non-transmission media can be used to store information that can be accessed by computing devices. According to the definition in this article, computer-readable media does not include transitory media, such as modulated data signals and carrier waves.
还需要说明的是,术语“包括”、“包含”或者其任何其他变体意在涵盖非排他性的包含,从而使得包括一系列要素的过程、方法、商品或者设备不仅包括那些要素,而且还包括没有明确列出的其他要素,或者是还包括为这种过程、方法、商品或者设备所固有的要素。在没有更多限制的情况下,由语句“包括一个……”限定的要素,并不排除在包括所述要素的过程、方法、商品或者设备中还存在另外的相同要素。It should also be noted that the terms "include", "include" or any other variants thereof are intended to cover non-exclusive inclusion, so that a process, method, commodity or equipment including a series of elements not only includes those elements, but also includes Other elements that are not explicitly listed, or also include elements inherent to such processes, methods, commodities, or equipment. If there are no more restrictions, the element defined by the sentence "including a..." does not exclude the existence of other identical elements in the process, method, commodity, or equipment that includes the element.
本领域技术人员应明白,本说明书一个或多个的实施例可提供为方法、系统或计算机程序产品。因此,本说明书一个或多个可采用完全硬件实施例、完全软件实施例或结合软件和硬件方面的实施例的形式。而且,本说明书一个或多个可采用在一个或多个其中包含有计算机可用程序代码的计算机可用存储介质(包括但不限于磁盘存储器、CD-ROM、光学存储器等)上实施的计算机程序产品的形式。Those skilled in the art should understand that one or more of the embodiments in this specification can be provided as a method, a system, or a computer program product. Therefore, one or more of this specification may adopt the form of a complete hardware embodiment, a complete software embodiment, or an embodiment combining software and hardware. Moreover, one or more of this specification can adopt computer program products implemented on one or more computer-usable storage media (including but not limited to disk storage, CD-ROM, optical storage, etc.) containing computer-usable program codes. form.
本说明书一个或多个可以在由计算机执行的计算机可执行指令的一般上下文中 描述,例如程序模块。一般地,程序模块包括执行特定任务或实现特定抽象数据类型的例程、程序、对象、组件、数据结构等等。也可以在分布式计算环境中实践本说明书一个或多个,在这些分布式计算环境中,由通过通信网络而被连接的远程处理设备来执行任务。在分布式计算环境中,程序模块可以位于包括存储设备在内的本地和远程计算机存储介质中。One or more of this specification may be described in the general context of computer-executable instructions executed by a computer, such as program modules. Generally, program modules include routines, programs, objects, components, data structures, etc. that perform specific tasks or implement specific abstract data types. One or more of this specification can also be practiced in a distributed computing environment. In these distributed computing environments, tasks are performed by remote processing devices connected through a communication network. In a distributed computing environment, program modules can be located in local and remote computer storage media including storage devices.
本说明书中的各个实施例均采用递进的方式描述,各个实施例之间相同相似的部分互相参见即可,每个实施例重点说明的都是与其他实施例的不同之处。尤其,对于系统实施例而言,由于其基本相似于方法实施例,所以描述的比较简单,相关之处参见方法实施例的部分说明即可。The various embodiments in this specification are described in a progressive manner, and the same or similar parts between the various embodiments can be referred to each other, and each embodiment focuses on the difference from other embodiments. In particular, as for the system embodiment, since it is basically similar to the method embodiment, the description is relatively simple, and for related parts, please refer to the part of the description of the method embodiment.
以上所述仅为本说明书一个或多个的实施例而已,并不用于限制本说明书一个或多个。对于本领域技术人员来说,本说明书一个或多个可以有各种更改和变化。凡在本说明书一个或多个的精神和原理之内所作的任何修改、等同替换、改进等,均应包含在本说明书一个或多个的权利要求范围之内。The above description is only one or more embodiments of this specification, and is not used to limit one or more of this specification. For those skilled in the art, one or more of this specification can have various modifications and changes. Any modification, equivalent replacement, improvement, etc. made within one or more of the spirit and principle of this specification shall be included in the scope of one or more of the claims of this specification.

Claims (17)

  1. 一种应用程序的授权登录方法,包括:An authorized login method for an application program, including:
    在检测到授权登录请求后,第一应用调用预先集成的第二应用的预设软件开发工具包SDK,所述授权登录请求包括开放授权使用第二应用的账户信息登录第一应用的请求;After detecting the authorized login request, the first application invokes the pre-integrated preset software development kit SDK of the second application, and the authorized login request includes a request to open the authorization to use the account information of the second application to log in to the first application;
    所述第一应用通过所述SDK并利用预设进程间通信方式,向所述第二应用获取用于请求授权登录的鉴权凭证;The first application obtains the authentication credential for requesting authorized login from the second application through the SDK and using a preset inter-process communication method;
    所述第一应用通过所述SDK,向所述第二应用对应的第二服务端发送所述鉴权凭证,以使所述第二服务端校验所述鉴权凭证是否合法,并在确定所述鉴权凭证合法时返回授权数据信息;The first application sends the authentication credential to the second server corresponding to the second application through the SDK, so that the second server verifies whether the authentication credential is legal, and confirms Return authorization data information when the authentication certificate is legal;
    所述第一应用通过所述SDK,基于接收到的所述授权数据信息,渲染相应的授权确认页面;The first application renders a corresponding authorization confirmation page based on the received authorization data information through the SDK;
    在接收到用户针对所述授权确认页面的确认信息后,触发所述第一应用对应的第一服务端针对所述第一应用执行相应的授权登录操作。After receiving the user's confirmation information for the authorization confirmation page, trigger the first server corresponding to the first application to perform a corresponding authorization login operation for the first application.
  2. 根据权利要求1所述的方法,其中,所述第一应用通过所述SDK并利用预设进程间通信方式,向所述第二应用获取用于请求授权登录的鉴权凭证,包括:The method according to claim 1, wherein the first application obtains the authentication credential for requesting authorized login from the second application through the SDK and using a preset inter-process communication method, comprising:
    所述第一应用通过所述SDK并利用预设进程间通信方式,向所述第二应用发送鉴权凭证获取请求;The first application sends an authentication credential acquisition request to the second application through the SDK and using a preset inter-process communication method;
    所述第一应用通过所述SDK,接收所述第二应用利用所述预设进程间通信方式返回的用于请求授权登录的鉴权凭证。Through the SDK, the first application receives an authentication credential for requesting authorized login that is returned by the second application using the preset inter-process communication method.
  3. 根据权利要求1所述的方法,其中,所述在接收到用户针对所述授权确认页面的确认信息后,触发所述第一应用对应的第一服务端针对所述第一应用执行相应的授权登录操作,包括:The method according to claim 1, wherein after receiving the user's confirmation information for the authorization confirmation page, triggering the first server corresponding to the first application to perform corresponding authorization for the first application Login operations, including:
    在接收到用户针对所述授权确认页面的确认信息后,所述第一应用通过所述SDK,向所述第二服务端发送授权认证码获取请求;After receiving the user's confirmation information for the authorization confirmation page, the first application sends an authorization authentication code acquisition request to the second server through the SDK;
    所述第一应用通过所述SDK,接收所述第二服务端返回的授权认证码;The first application receives the authorization authentication code returned by the second server through the SDK;
    所述第一应用基于所述授权认证码,触发所述第一应用对应的第一服务端针对所述第一应用执行相应的授权登录操作。The first application triggers the first server corresponding to the first application to perform a corresponding authorized login operation for the first application based on the authorization authentication code.
  4. 根据权利要求3所述的方法,其中,所述第一应用基于所述授权认证码,触发所述第一应用对应的第一服务端针对所述第一应用执行相应的授权登录操作,包括:The method according to claim 3, wherein the first application triggering the first server corresponding to the first application to perform a corresponding authorized login operation for the first application based on the authorization authentication code comprises:
    所述第一应用将所述授权认证码发送至所述第一应用对应的第一服务端,以使所述第一服务端将所述授权认证码发送至所述第二服务端、并基于所述第二服务端返回的授 权令牌和数字身份标识针对所述第一应用执行相应的授权登录操作;The first application sends the authorization authentication code to the first server corresponding to the first application, so that the first server sends the authorization authentication code to the second server based on The authorization token and the digital identity returned by the second server perform a corresponding authorized login operation for the first application;
    所述第一应用接收并显示所述第一服务端返回的授权登录结果信息。The first application receives and displays the authorized login result information returned by the first server.
  5. 根据权利要求2所述的方法,其中,在第一应用调用预先集成的第二应用的预设软件开发工具包SDK之前,还包括:The method according to claim 2, wherein before the first application invokes the pre-integrated preset software development kit SDK of the second application, the method further comprises:
    根据所述第二应用的业务服务所面向的调用对象属性信息,确定所述第二应用的安全性要求等级;Determine the security requirement level of the second application according to the attribute information of the calling object to which the business service of the second application is oriented;
    在多个备选进程间通信方式中,选取与所述安全性要求等级对应的预设进程间通信方式。Among the multiple candidate inter-process communication methods, a preset inter-process communication method corresponding to the security requirement level is selected.
  6. 根据权利要求5所述的方法,其中,若所述第二应用的安全性要求等级达到预设安全性等级,所述第一应用通过所述SDK并利用预设进程间通信方式,向所述第二应用发送鉴权凭证获取请求,包括:The method according to claim 5, wherein, if the security requirement level of the second application reaches a preset security level, the first application passes the SDK and uses a preset inter-process communication method to send the The second application sends an authentication credential acquisition request, including:
    所述第一应用通过所述SDK并利用预设进程间通信方式,向所述第二应用发送鉴权凭证获取请求,以使所述第二应用触发对应的第二服务端对所述第一应用进行可信性验证、并在可信性验证通过后返回鉴权凭证。The first application sends an authentication credential acquisition request to the second application through the SDK and using a preset inter-process communication method, so that the second application triggers the corresponding second server to contact the first application. The application performs credibility verification and returns an authentication certificate after the credibility verification is passed.
  7. 一种应用程序的授权登录方法,包括:An authorized login method for an application program, including:
    第二应用对应的第二服务端接收第一应用通过预先集成的所述第二应用的预设软件开发工具包SDK所发送的鉴权凭证,其中,所述鉴权凭证是第一应用通过调用所述SDK并利用预设进程间通信方式从所述第二应用获取的;The second server corresponding to the second application receives the authentication credential sent by the first application through the pre-integrated pre-integrated software development kit SDK of the second application, where the authentication credential is that the first application invokes The SDK is obtained from the second application by using a preset inter-process communication method;
    所述第二服务端对所述鉴权凭证进行合法性校验,得到相应的合法性验证结果;The second server performs a legality check on the authentication certificate, and obtains a corresponding legality verification result;
    若所述合法性验证结果为所述鉴权凭证合法,则向所述第一应用返回授权数据信息,以使所述第一应用通过所述SDK基于所述授权数据信息渲染相应的授权确认页面,并触发所述第一应用对应的第一服务端针对所述第一应用执行相应的授权登录操作。If the legality verification result is that the authentication voucher is legal, return authorization data information to the first application so that the first application can render a corresponding authorization confirmation page based on the authorization data information through the SDK , And trigger the first server corresponding to the first application to perform a corresponding authorized login operation for the first application.
  8. 根据权利要求7所述的方法,其中,在向所述第一应用返回授权数据信息之后,还包括:The method according to claim 7, wherein after returning the authorization data information to the first application, the method further comprises:
    所述第二服务端接收所述第一应用通过所述SDK发送的授权认证码获取请求;Receiving, by the second server, a request for obtaining an authorization authentication code sent by the first application through the SDK;
    所述第二服务端响应于所述授权认证码获取请求,向所述第一应用返回相应的授权认证码,以使所述第一应用基于通过所述SDK接收到的所述授权认证码,触发所述第一应用对应的第一服务端针对所述第一应用执行相应的授权登录操作。In response to the authorization authentication code acquisition request, the second server returns a corresponding authorization authentication code to the first application, so that the first application is based on the authorization authentication code received through the SDK, The first server corresponding to the first application is triggered to perform a corresponding authorized login operation for the first application.
  9. 根据权利要求8所述的方法,其中,在所述第二服务端响应于所述授权认证码获取请求,向所述第一应用返回相应的授权认证码之后,还包括:The method according to claim 8, wherein after the second server responds to the authorization authentication code acquisition request and returns a corresponding authorization authentication code to the first application, the method further comprises:
    所述第二服务端接收所述第一服务端发送的授权认证码;Receiving the authorization authentication code sent by the first server by the second server;
    所述第二服务端对所述授权认证码进行可信性验证,得到相应的可信性验证结果;The second server performs credibility verification on the authorization authentication code to obtain a corresponding credibility verification result;
    若所述可信性验证结果为验证通过,则向所述第一服务端返回授权令牌和数字身份标识,以使所述第一服务端基于所述授权令牌和所述数字身份标识针对所述第一应用执行相应的授权登录操作。If the credibility verification result is that the verification is passed, the authorization token and the digital identity are returned to the first server, so that the first server is directed to the first server based on the authorization token and the digital identity. The first application executes a corresponding authorized login operation.
  10. 根据权利要求7所述的方法,其中,所述预设进程间通信方式是通过如下方式确定的:The method according to claim 7, wherein the preset inter-process communication mode is determined in the following manner:
    根据所述第二应用的业务服务所面向的调用对象属性信息,确定所述第二应用的安全性要求等级;Determine the security requirement level of the second application according to the attribute information of the calling object to which the business service of the second application is oriented;
    在多个备选进程间通信方式中,选取与所述安全性要求等级对应的预设进程间通信方式。Among the multiple candidate inter-process communication methods, a preset inter-process communication method corresponding to the security requirement level is selected.
  11. 一种应用程序的授权登录装置,包括:An authorized login device for an application program, including:
    SDK调用模块,其在检测到授权登录请求后,第一应用调用预先集成的第二应用的预设软件开发工具包SDK,所述授权登录请求包括开放授权使用第二应用的账户信息登录第一应用的请求;The SDK calling module, after detecting the authorization login request, the first application calls the pre-integrated second application's preset software development kit SDK, and the authorization login request includes opening authorization to use the account information of the second application to log in to the first Application request;
    鉴权凭证获取模块,其所述第一应用通过所述SDK并利用预设进程间通信方式,向所述第二应用获取用于请求授权登录的鉴权凭证;An authentication credential obtaining module, where the first application obtains an authentication credential for requesting authorized login from the second application through the SDK and using a preset inter-process communication method;
    鉴权凭证发送模块,其所述第一应用通过所述SDK,向所述第二应用对应的第二服务端发送所述鉴权凭证,以使所述第二服务端校验所述鉴权凭证是否合法,并在确定所述鉴权凭证合法时返回授权数据信息;An authentication credential sending module, where the first application sends the authentication credential to the second server corresponding to the second application through the SDK, so that the second server verifies the authentication Whether the certificate is legal, and return authorization data information when it is determined that the authentication certificate is legal;
    授权页面渲染模块,其所述第一应用通过所述SDK,基于接收到的所述授权数据信息,渲染相应的授权确认页面;An authorization page rendering module, the first application of which renders a corresponding authorization confirmation page based on the received authorization data information through the SDK;
    应用授权登录模块,其在接收到用户针对所述授权确认页面的确认信息后,触发所述第一应用对应的第一服务端针对所述第一应用执行相应的授权登录操作。The application authorization login module triggers the first server corresponding to the first application to perform a corresponding authorization login operation for the first application after receiving the user's confirmation information for the authorization confirmation page.
  12. 一种应用程序的授权登录装置,包括:An authorized login device for an application program, including:
    鉴权凭证接收模块,其第二应用对应的第二服务端接收第一应用通过预先集成的所述第二应用的预设软件开发工具包SDK所发送的鉴权凭证,其中,所述鉴权凭证是第一应用通过调用所述SDK并利用预设进程间通信方式从所述第二应用获取的;The authentication voucher receiving module, the second server corresponding to the second application receives the authentication voucher sent by the first application through the pre-integrated pre-integrated software development kit SDK of the second application, wherein the authentication The credential is obtained by the first application from the second application by calling the SDK and using a preset inter-process communication method;
    鉴权凭证校验模块,其所述第二服务端对所述鉴权凭证进行合法性校验,得到相应的合法性验证结果;An authentication certificate verification module, the second server of which performs a legality check on the authentication certificate to obtain a corresponding legality verification result;
    授权信息发送模块,其若所述合法性验证结果为所述鉴权凭证合法,则向所述第一应用返回授权数据信息,以使所述第一应用通过所述SDK基于所述授权数据信息渲染 相应的授权确认页面,并触发所述第一应用对应的第一服务端针对所述第一应用执行相应的授权登录操作。The authorization information sending module, if the legality verification result is that the authentication voucher is legal, it returns authorization data information to the first application, so that the first application can use the SDK based on the authorization data information Render the corresponding authorization confirmation page, and trigger the first server corresponding to the first application to perform a corresponding authorization login operation for the first application.
  13. 一种应用程序的授权登录系统,包括客户端、第一应用对应的第一服务端、第二应用对应的第二服务端,所述客户端安装有所述第一应用和所述第二应用;An authorized login system for application programs, including a client, a first server corresponding to a first application, and a second server corresponding to a second application. The client is installed with the first application and the second application ;
    所述第一应用,在检测到授权登录请求后,调用预先集成的第二应用的预设软件开发工具包SDK,所述授权登录请求包括开放授权使用第二应用的账户信息登录第一应用的请求;以及,通过所述SDK并利用预设进程间通信方式,向所述第二应用获取用于请求授权登录的鉴权凭证;The first application, after detecting the authorization login request, invokes the pre-integrated preset software development kit SDK of the second application, and the authorization login request includes the authorization to use the account information of the second application to log in to the first application. Request; and, through the SDK and using a preset inter-process communication method, obtain an authentication credential for requesting authorized login from the second application;
    所述第二服务端,接收所述第一应用通过所述SDK发送所述鉴权凭证,并校验所述鉴权凭证是否合法,并在确定所述鉴权凭证合法时向所述第一应用返回授权数据信息;The second server receives the authentication certificate sent by the first application through the SDK, verifies whether the authentication certificate is legal, and sends the authentication certificate to the first application when it is determined that the authentication certificate is legal. The application returns the authorization data information;
    所述第一应用,通过所述SDK接收所述授权数据信息,并基于所述授权数据信息,渲染相应的授权确认页面;以及,在接收到用户针对所述授权确认页面的确认信息后,触发所述第一应用对应的第一服务端针对所述第一应用执行相应的授权登录操作。The first application receives the authorization data information through the SDK, and renders the corresponding authorization confirmation page based on the authorization data information; and, after receiving the user's confirmation information for the authorization confirmation page, trigger The first server corresponding to the first application executes a corresponding authorized login operation for the first application.
  14. 一种应用程序的授权登录设备,包括:An authorized login device for an application program, including:
    处理器;以及Processor; and
    被安排成存储计算机可执行指令的存储器,所述可执行指令在被执行时使所述处理器:A memory arranged to store computer-executable instructions which, when executed, cause the processor to:
    在检测到授权登录请求后,第一应用调用预先集成的第二应用的预设软件开发工具包SDK,所述授权登录请求包括开放授权使用第二应用的账户信息登录第一应用的请求;After detecting the authorized login request, the first application invokes the pre-integrated preset software development kit SDK of the second application, and the authorized login request includes a request to open the authorization to use the account information of the second application to log in to the first application;
    所述第一应用通过所述SDK并利用预设进程间通信方式,向所述第二应用获取用于请求授权登录的鉴权凭证;The first application obtains the authentication credential for requesting authorized login from the second application through the SDK and using a preset inter-process communication method;
    所述第一应用通过所述SDK,向所述第二应用对应的第二服务端发送所述鉴权凭证,以使所述第二服务端校验所述鉴权凭证是否合法,并在确定所述鉴权凭证合法时返回授权数据信息;The first application sends the authentication credential to the second server corresponding to the second application through the SDK, so that the second server verifies whether the authentication credential is legal, and confirms Return authorization data information when the authentication certificate is legal;
    所述第一应用通过所述SDK,基于接收到的所述授权数据信息,渲染相应的授权确认页面;The first application renders a corresponding authorization confirmation page based on the received authorization data information through the SDK;
    在接收到用户针对所述授权确认页面的确认信息后,触发所述第一应用对应的第一服务端针对所述第一应用执行相应的授权登录操作。After receiving the user's confirmation information for the authorization confirmation page, trigger the first server corresponding to the first application to perform a corresponding authorization login operation for the first application.
  15. 一种应用程序的授权登录设备,包括:An authorized login device for an application program, including:
    处理器;以及Processor; and
    被安排成存储计算机可执行指令的存储器,所述可执行指令在被执行时使所述处理 器:A memory arranged to store computer-executable instructions which, when executed, cause the processor to:
    第二应用对应的第二服务端接收第一应用通过预先集成的所述第二应用的预设软件开发工具包SDK所发送的鉴权凭证,其中,所述鉴权凭证是第一应用通过调用所述SDK并利用预设进程间通信方式从所述第二应用获取的;The second server corresponding to the second application receives the authentication credential sent by the first application through the pre-integrated pre-integrated software development kit SDK of the second application, where the authentication credential is that the first application invokes The SDK is obtained from the second application by using a preset inter-process communication method;
    所述第二服务端对所述鉴权凭证进行合法性校验,得到相应的合法性验证结果;The second server performs a legality check on the authentication certificate, and obtains a corresponding legality verification result;
    若所述合法性验证结果为所述鉴权凭证合法,则向所述第一应用返回授权数据信息,以使所述第一应用通过所述SDK基于所述授权数据信息渲染相应的授权确认页面,并触发所述第一应用对应的第一服务端针对所述第一应用执行相应的授权登录操作。If the legality verification result is that the authentication voucher is legal, return authorization data information to the first application so that the first application can render a corresponding authorization confirmation page based on the authorization data information through the SDK , And trigger the first server corresponding to the first application to perform a corresponding authorized login operation for the first application.
  16. 一种存储介质,用于存储计算机可执行指令,所述可执行指令在被处理器执行时实现以下方法:A storage medium for storing computer executable instructions, which implement the following methods when executed by a processor:
    在检测到授权登录请求后,第一应用调用预先集成的第二应用的预设软件开发工具包SDK,所述授权登录请求包括开放授权使用第二应用的账户信息登录第一应用的请求;After detecting the authorized login request, the first application invokes the pre-integrated preset software development kit SDK of the second application, and the authorized login request includes a request to open the authorization to use the account information of the second application to log in to the first application;
    所述第一应用通过所述SDK并利用预设进程间通信方式,向所述第二应用获取用于请求授权登录的鉴权凭证;The first application obtains the authentication credential for requesting authorized login from the second application through the SDK and using a preset inter-process communication method;
    所述第一应用通过所述SDK,向所述第二应用对应的第二服务端发送所述鉴权凭证,以使所述第二服务端校验所述鉴权凭证是否合法,并在确定所述鉴权凭证合法时返回授权数据信息;The first application sends the authentication credential to the second server corresponding to the second application through the SDK, so that the second server verifies whether the authentication credential is legal, and confirms Return authorization data information when the authentication certificate is legal;
    所述第一应用通过所述SDK,基于接收到的所述授权数据信息,渲染相应的授权确认页面;The first application renders a corresponding authorization confirmation page based on the received authorization data information through the SDK;
    在接收到用户针对所述授权确认页面的确认信息后,触发所述第一应用对应的第一服务端针对所述第一应用执行相应的授权登录操作。After receiving the user's confirmation information for the authorization confirmation page, trigger the first server corresponding to the first application to perform a corresponding authorization login operation for the first application.
  17. 一种存储介质,用于存储计算机可执行指令,所述可执行指令在被处理器执行时实现以下方法:A storage medium for storing computer executable instructions, which implement the following methods when executed by a processor:
    第二应用对应的第二服务端接收第一应用通过预先集成的所述第二应用的预设软件开发工具包SDK所发送的鉴权凭证,其中,所述鉴权凭证是第一应用通过调用所述SDK并利用预设进程间通信方式从所述第二应用获取的;The second server corresponding to the second application receives the authentication credential sent by the first application through the pre-integrated pre-integrated software development kit SDK of the second application, where the authentication credential is that the first application invokes The SDK is obtained from the second application by using a preset inter-process communication method;
    所述第二服务端对所述鉴权凭证进行合法性校验,得到相应的合法性验证结果;The second server performs a legality check on the authentication certificate, and obtains a corresponding legality verification result;
    若所述合法性验证结果为所述鉴权凭证合法,则向所述第一应用返回授权数据信息,以使所述第一应用通过所述SDK基于所述授权数据信息渲染相应的授权确认页面,并触发所述第一应用对应的第一服务端针对所述第一应用执行相应的授权登录操作。If the legality verification result is that the authentication voucher is legal, return authorization data information to the first application so that the first application can render a corresponding authorization confirmation page based on the authorization data information through the SDK , And trigger the first server corresponding to the first application to perform a corresponding authorized login operation for the first application.
PCT/CN2021/084644 2020-04-15 2021-03-31 Authorized login for application program WO2021208744A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN202010296858.2A CN111538965B (en) 2020-04-15 2020-04-15 Authorized login method, device and system of application program
CN202010296858.2 2020-04-15

Publications (1)

Publication Number Publication Date
WO2021208744A1 true WO2021208744A1 (en) 2021-10-21

Family

ID=71974967

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2021/084644 WO2021208744A1 (en) 2020-04-15 2021-03-31 Authorized login for application program

Country Status (2)

Country Link
CN (1) CN111538965B (en)
WO (1) WO2021208744A1 (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114944928A (en) * 2022-03-23 2022-08-26 北京奕斯伟计算技术股份有限公司 Authentication method and system for algorithm model in edge computing equipment
CN115396277A (en) * 2022-08-24 2022-11-25 数字广东网络建设有限公司 Login state management method, device, equipment and storage medium
CN116361770A (en) * 2023-02-23 2023-06-30 杭州幂链科技有限公司 Automatic API authentication method and system of integrated platform
WO2023168938A1 (en) * 2022-03-10 2023-09-14 中国银联股份有限公司 Payment method, terminal device, server, system and medium

Families Citing this family (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111538965B (en) * 2020-04-15 2021-10-12 支付宝(杭州)信息技术有限公司 Authorized login method, device and system of application program
CN112153032A (en) * 2020-09-15 2020-12-29 腾讯科技(深圳)有限公司 Information processing method, device, computer readable storage medium and system
CN113515735B (en) * 2020-10-10 2024-05-17 腾讯科技(深圳)有限公司 Data processing method, device, equipment and medium
CN113515318A (en) * 2020-10-10 2021-10-19 腾讯科技(深圳)有限公司 Login method, device and equipment for application program
CN112560009A (en) * 2020-12-22 2021-03-26 Oppo广东移动通信有限公司 Authentication method, terminal, client and computer storage medium
CN112800393B (en) * 2021-01-29 2022-08-26 深圳市商汤科技有限公司 Authorization authentication method, software development kit generation method, device and electronic equipment
CN115690921A (en) * 2021-05-27 2023-02-03 支付宝(杭州)信息技术有限公司 Biological identification method, device and equipment based on privacy protection
CN115102711B (en) * 2022-05-09 2024-01-02 支付宝(杭州)信息技术有限公司 Information authorization method, device and system
CN115175183B (en) * 2022-05-09 2023-09-19 中移互联网有限公司 Authentication method and authentication device based on 5G message
CN115277082B (en) * 2022-06-23 2024-01-12 支付宝(杭州)信息技术有限公司 Verification method and device for third party application
CN117667434A (en) * 2022-08-23 2024-03-08 华为技术有限公司 Method for accessing data and electronic equipment
CN117834158A (en) * 2022-09-28 2024-04-05 中移(成都)信息通信科技有限公司 Authorization information acquisition method and device, related equipment and storage medium

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102238007A (en) * 2010-04-20 2011-11-09 阿里巴巴集团控股有限公司 Method, device and system for acquiring session token of user by third-party application
US20140096205A1 (en) * 2011-11-23 2014-04-03 Tencent Technology (Shenzhen) Company Limited Login method, open platform identification method, open platform and open platform system
CN105827600A (en) * 2016-03-11 2016-08-03 腾讯科技(深圳)有限公司 Method and apparatus for logging in client
CN105897757A (en) * 2016-06-12 2016-08-24 上海携程商务有限公司 Authorization and authentication system and authorization and authentication method
CN111538965A (en) * 2020-04-15 2020-08-14 支付宝(杭州)信息技术有限公司 Authorized login method, device and system of application program

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103414684A (en) * 2013-06-05 2013-11-27 华南理工大学 Single sign-on method and system
US11196739B2 (en) * 2015-07-16 2021-12-07 Avaya Inc. Authorization activation
CN106357699B (en) * 2016-11-18 2019-12-20 上海爱数信息技术股份有限公司 Network system, service platform login method and system
CN108347471B (en) * 2018-01-02 2021-07-23 武汉斗鱼网络科技有限公司 Method, device and system for acquiring third-party user information
CN110324276B (en) * 2018-03-28 2022-01-07 腾讯科技(深圳)有限公司 Method, system, terminal and electronic device for logging in application
CN109218298A (en) * 2018-09-04 2019-01-15 中钞信用卡产业发展有限公司杭州区块链技术研究院 A kind of application data access method and system

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102238007A (en) * 2010-04-20 2011-11-09 阿里巴巴集团控股有限公司 Method, device and system for acquiring session token of user by third-party application
US20140096205A1 (en) * 2011-11-23 2014-04-03 Tencent Technology (Shenzhen) Company Limited Login method, open platform identification method, open platform and open platform system
CN105827600A (en) * 2016-03-11 2016-08-03 腾讯科技(深圳)有限公司 Method and apparatus for logging in client
CN105897757A (en) * 2016-06-12 2016-08-24 上海携程商务有限公司 Authorization and authentication system and authorization and authentication method
CN111538965A (en) * 2020-04-15 2020-08-14 支付宝(杭州)信息技术有限公司 Authorized login method, device and system of application program

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2023168938A1 (en) * 2022-03-10 2023-09-14 中国银联股份有限公司 Payment method, terminal device, server, system and medium
CN114944928A (en) * 2022-03-23 2022-08-26 北京奕斯伟计算技术股份有限公司 Authentication method and system for algorithm model in edge computing equipment
CN115396277A (en) * 2022-08-24 2022-11-25 数字广东网络建设有限公司 Login state management method, device, equipment and storage medium
CN115396277B (en) * 2022-08-24 2024-01-02 数字广东网络建设有限公司 Login state management method, device, equipment and storage medium
CN116361770A (en) * 2023-02-23 2023-06-30 杭州幂链科技有限公司 Automatic API authentication method and system of integrated platform
CN116361770B (en) * 2023-02-23 2024-01-16 杭州幂链科技有限公司 Automatic API authentication method and system of integrated platform

Also Published As

Publication number Publication date
CN111538965A (en) 2020-08-14
CN111538965B (en) 2021-10-12

Similar Documents

Publication Publication Date Title
WO2021208744A1 (en) Authorized login for application program
KR102511811B1 (en) Techniques for securely authenticating bot users
AU2019101605A4 (en) Blockchain system and data storage method and apparatus
JP6859513B2 (en) 2D code generation methods and devices, as well as 2D code recognition methods and devices
US9800573B1 (en) Authentication on a computing device
TW201909015A (en) Login information data processing
WO2021174930A1 (en) Service processing system and service processing method, apparatus and device
US20140337424A1 (en) Authorizing Push Notifications for Websites
US9391998B2 (en) Extended OAuth architecture supporting multiple types of consent based on multiple scopes and contextual information
US11218590B2 (en) Systems and methods for providing call verification
CN108965250B (en) Digital certificate installation method and system
CN111538980B (en) Account binding method, device and system for application program
TW202038164A (en) User verification method and device based on bank card quick pay subscription
WO2021143547A1 (en) Session establishing method and cross-border payment method, apparatus, and system
CN108960839B (en) Payment method and device
KR20190125335A (en) Quick Response (QR) code for secure provisioning of user devices to perform secure operations
US20200396223A1 (en) Client-server security enhancement using information accessed from access tokens
CN116167036A (en) Digital image processing method and device
JP2020024764A (en) Computer-readable recording medium, system, and method for executing authentication
CN113572827B (en) Registration processing method and device
CN113641983B (en) Account binding method, device and system of application program

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 21788929

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 21788929

Country of ref document: EP

Kind code of ref document: A1