WO2021237676A1 - Request processing method and apparatus, and device and storage medium - Google Patents

Request processing method and apparatus, and device and storage medium Download PDF

Info

Publication number
WO2021237676A1
WO2021237676A1 PCT/CN2020/093264 CN2020093264W WO2021237676A1 WO 2021237676 A1 WO2021237676 A1 WO 2021237676A1 CN 2020093264 W CN2020093264 W CN 2020093264W WO 2021237676 A1 WO2021237676 A1 WO 2021237676A1
Authority
WO
WIPO (PCT)
Prior art keywords
access token
token
internet
request
storage resource
Prior art date
Application number
PCT/CN2020/093264
Other languages
French (fr)
Chinese (zh)
Inventor
吕小强
Original Assignee
Oppo广东移动通信有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Oppo广东移动通信有限公司 filed Critical Oppo广东移动通信有限公司
Priority to PCT/CN2020/093264 priority Critical patent/WO2021237676A1/en
Priority to CN202080099653.3A priority patent/CN115398858A/en
Publication of WO2021237676A1 publication Critical patent/WO2021237676A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials

Definitions

  • This application relates to the technical field of the Internet of Things, and in particular to a request processing method, device, equipment, and storage medium.
  • the Internet of Things devices usually need to be registered to the cloud platform before they can be operated. After the registration is completed, the Internet of Things devices can publish the resources they need to be discovered and accessed to the cloud platform to facilitate control of the device
  • the cloud platform can be used to discover and control IoT devices.
  • Some interactions between IoT devices and cloud platforms require the use of access tokens, and access tokens are generally allocated by the cloud platform during the registration process of the IoT devices.
  • the access token may become invalid, so the cloud platform needs to re-allocate the access token to the IoT device. After the access token is re-allocated, how to realize the interaction between the IoT device and the cloud platform based on the re-allocated access token has become a hot research topic.
  • the embodiments of the present application provide a request processing method, device, device, and storage medium, which can be used to solve the problem of how to realize the interaction between the Internet of Things device and the cloud platform based on the re-allocated access token.
  • the technical solution is as follows:
  • a request processing method includes:
  • the first access token is updated to the target storage resource, where the target storage resource is a resource used to manage the state of the Internet of Things device on the cloud platform.
  • a request processing method includes:
  • Target request from an Internet of Things device, the target request carrying an access token and account information;
  • the account information determine a corresponding access token from a target storage resource, where the target storage resource is a resource used to manage the state of the Internet of Things device on the cloud platform;
  • the operation requested by the target request is executed.
  • a request processing device including:
  • a receiving module configured to receive a token update request from an Internet of Things device, where the token update request carries the first refresh token
  • An allocation module configured to allocate a first access token to the Internet of Things device based on the first refresh token
  • the update module is configured to update the first access token to a target storage resource, where the target storage resource is a resource used to manage the state of the Internet of Things device on the cloud platform.
  • a request processing device including:
  • a receiving module for receiving a target request from an Internet of Things device, the target request carrying an access token and account information;
  • a determining module configured to determine a corresponding access token from a target storage resource according to the account information, where the target storage resource is a resource used to manage the state of the Internet of Things device on the cloud platform;
  • the execution module is configured to execute the operation requested by the target request if the access token determined from the target storage resource matches the access token carried in the target request.
  • a device in another aspect, includes a processor and a memory, the memory stores at least one instruction, and the at least one instruction is configured to be executed by the processor to implement any one of the above aspects
  • a computer-readable storage medium stores at least one instruction, and the at least one instruction is configured to be executed by a processor to implement the method provided in any one of the above aspects.
  • Request processing method or implement the request processing method provided by any one of the above-mentioned other aspects.
  • a computer program product in another aspect, includes one or more computer programs.
  • the computer program When the computer program is executed by a processor, it is used to implement the request processing provided in any one of the above aspects. Method, or implement the request processing method provided by any one of the above-mentioned other aspects.
  • the token update request is used to request reallocation of the access token.
  • the first access token is allocated to the Internet of Things device, and the first access token is updated to the target storage resource.
  • the target storage resource is a resource used to manage the state of the IoT device on the cloud platform. Therefore, when subsequent IoT devices use the first access token to initiate a request to the cloud platform, the cloud platform can be based on the target storage resource.
  • the data in and the first access token determine how to respond to the request of the Internet of Things device, so as to realize the interaction between the Internet of Things device and the cloud platform.
  • Fig. 1 is a schematic diagram of an implementation environment provided by an exemplary embodiment of the present application
  • Fig. 2 is a flowchart of a request processing method provided by an exemplary embodiment of the present application
  • Fig. 3 is a flowchart of a request processing method provided by another exemplary embodiment of the present application.
  • Fig. 4 is a flowchart of a request processing method provided by another exemplary embodiment of the present application.
  • Fig. 5 is a flowchart of a request processing method provided by another exemplary embodiment of the present application.
  • Fig. 6 is a flowchart of a request processing method provided by another exemplary embodiment of the present application.
  • Fig. 7 is a flowchart of a request processing method provided by another exemplary embodiment of the present application.
  • FIG. 8 is a schematic structural diagram of a request processing apparatus provided by an exemplary embodiment of the present application.
  • FIG. 9 is a schematic structural diagram of a request processing apparatus provided by another exemplary embodiment of the present application.
  • Fig. 10 is a schematic structural diagram of a server provided by another exemplary embodiment of the present application.
  • FIG. 1 is a schematic diagram showing an implementation environment according to an exemplary embodiment.
  • the implementation environment may include an IoT device 110 and a cloud platform 120.
  • the IoT device 110 can establish a communication connection with the cloud platform 120.
  • the Internet of Things device 110 usually needs to be registered in the cloud platform 120 before being controlled, so that the control device can discover and control the Internet of Things device 110 through the cloud platform 120.
  • the Internet of Things device 110 may be a smart home device such as a smart air conditioner, a smart TV, and a smart refrigerator.
  • the cloud platform 120 usually includes multiple storage resources, and different storage resources have different management functions.
  • the cloud platform 120 includes /oic/rd resources.
  • the IoT device 120 After the IoT device 120 is registered on the cloud platform, it can publish its discoverable resources, accessible resources, and other resource information to the cloud platform's /oic/ In the rd resource, for example, the resource information published to the /oic/rd resource includes the first resource information, the second resource information, and other functional resource information of the Internet of Things device.
  • the first resource information includes links to discoverable resources of the Internet of Things device, links to the second resource information, etc.
  • the second resource information includes device attribute information of the Internet of Things device
  • the device attribute information includes device name, device Identification and other information.
  • the other functional resource information refers to resource information related to the capabilities of IoT devices, for example, including temperature information, humidity information, and so on.
  • the cloud platform 120 may be one server, or may also be a cluster composed of multiple servers, which is not limited in the embodiment of the present application.
  • FIG. 2 is a flowchart of a request processing method according to an exemplary embodiment.
  • the method can be applied to the implementation environment shown in FIG. 1 and is mainly executed by a cloud platform. It can include the following implementation steps:
  • Step 201 Receive a token update request from an Internet of Things device, where the token update request carries a first refresh token.
  • the first refresh token may be allocated by the cloud platform during the registration process of the IoT device.
  • the IoT device usually needs to be registered on the cloud platform before being controlled.
  • the IoT device can send a registration request to the cloud platform, and the registration request can carry account information.
  • the account information may include the device identification of the Internet of Things device, and/or the account information may include the user identification of the user logging in the Internet of Things device.
  • the device identifier can be used to uniquely identify an IoT device, for example, the device ID is Device ID; the user ID can be used to uniquely identify a user, for example, the user ID is User ID.
  • the cloud platform After the cloud platform receives the registration request, it allocates the first refresh token and the second access token to the IoT device, and the cloud platform can send the first refresh token and the second access token to the IoT device, so , The IoT device can use the first refresh token and the second access token to initiate a request to the cloud platform.
  • the cloud platform may also store the first refresh token, the second access token, and the account information correspondingly, for example, they may be correspondingly stored in a token refresh resource, and the token refresh resource is a /tokenrefresh resource.
  • the cloud platform stores Device ID, User ID, refresh token, and access token in the /tokenrefresh resource correspondingly.
  • the cloud platform when the cloud platform allocates the second access token, it can also allocate the expiration date of the second access token, send the expiration date of the second access token to the physical network device, and send the second access token
  • the validity period of is stored in the token refresh resource corresponding to the first refresh token, the second access token, and the account information.
  • the IoT device can no longer use the second access token. For this reason, the IoT device is approaching the second access token.
  • the cloud platform may be requested to reassign an access token, that is, the Internet of Things device sends a token update request to the cloud platform, and the token update request carries the first refresh token.
  • the token update request is sent when the difference between the expiration date and the expiration date of the second access token is less than the specified threshold, and the second access token is the expiration date of the IoT device.
  • the access token used before expiration can be set according to actual needs.
  • the expiration date of the second access token may be the length of time during which the second access token is used by the Internet of Things device.
  • the expiration date corresponds to a period of time.
  • the expiration date of the second access token is 2 hours, the validity period is 5 hours.
  • the expiration date of the second access token may be the current moment when the Internet of Things device uses the second access token, that is, the expiration date is a point in time, and correspondingly, the expiration date corresponds to a point in time, for example, , The expiration date of the second access token is 5:00, and the expiration date is 12:00.
  • the difference between the expiration date and the expiration date of the second access token refers to the time point difference. If the expiration date of the second access token is a duration, and the expiration date is a duration, the difference between the expiration date and the expiration date of the second access token refers to the difference in duration.
  • the Internet of Things device sends a token update request carrying the first refresh token to the cloud platform.
  • the difference between the expiration date and the expiration date of the second access token generally refers to an absolute value.
  • judging whether the difference between the expiration date of the second access token and the expiration date is less than a specified threshold may include: subtracting the expiration date of the second access token from the expiration date to obtain the first difference, and determining Whether the absolute value of the first difference is less than a specified threshold; or, subtract the validity period from the expiration of the second access token to obtain a second difference, and determine whether the second difference is less than the specified threshold. For example, if the expiration date of the second access token is T1 and the expiration date is T2, it is determined whether the absolute value of T1-T2 is less than a specified threshold, or whether T2-T1 is less than a specified threshold.
  • the token update request may also carry account information, that is, the token update request may include the first refresh token and account information.
  • the account information includes the device identification of the Internet of Things device; and/or, the account information includes the user identification of the Internet of Things device.
  • Step 202 Based on the first refresh token, a first access token is allocated to the Internet of Things device.
  • the cloud platform performs authentication based on the first refresh token, that is, determines whether the first refresh token is valid. For example, the cloud platform can query whether the first refresh token exists in the above-mentioned token refresh resource. If it exists, the authentication is passed, if it does not exist, the authentication is not passed. After the authentication is passed, the cloud platform reassigns an access token to the Internet of Things device. In order to distinguish it from the foregoing second access token, the re-allocated access token is referred to herein as the first access token.
  • the realization of allocating a first access token to the Internet of Things device may include: based on the first refresh token and account information, Allocate a first access token to the Internet of Things device.
  • the cloud platform performs authentication based on the first refresh token and the account information, that is, it determines whether the first refresh token and the account information are valid.
  • the cloud platform can query the above token refresh Whether the first refresh token and the account information exist in the resource, if they exist, the authentication is passed, and if they do not exist, the authentication fails. After confirming that the authentication is passed, the cloud platform reassigns an access token to the Internet of Things device, that is, assigns the first access token.
  • the cloud platform sends an update failure message to the IoT device to notify the IoT device that the access token update fails.
  • Step 203 Update the first access token to the target storage resource, where the target storage resource is a resource used to manage the state of the Internet of Things device on the cloud platform.
  • the status of the IoT device on the cloud platform includes but is not limited to registration status, online status, and offline status. That is, the target storage resource can be used to manage the logout, online or offline operations of the IoT device on the cloud platform.
  • the cloud platform After the cloud platform allocates the first access token to the Internet of Things device, the first access token can be updated to the target storage resource, and the cloud platform can send the first access token to the Internet of Things device.
  • the networked device stores the first access token, so that when subsequent IoT devices use the first access token to log out, go online, or go offline, the cloud platform can authenticate the first access token.
  • the cloud platform determines the validity period of the first access token, and updates the validity period of the first access token to the target storage resource.
  • the cloud platform When the cloud platform allocates the first access token to the Internet of Things device, it can also set an expiration date for the first access token, and update the expiration date of the first access token to the target storage resource, for example, , The first access token and the validity period of the first access token can be correspondingly updated to the target storage resource.
  • the expiration date of the first access token may also be sent to the IoT device.
  • the cloud platform may send the first access token and the expiration date to the IoT device.
  • the validity period of the first access token is sent to the Internet of Things device together.
  • a second refresh token is allocated, and the second refresh token is updated to the target storage resource.
  • the cloud platform can also allocate a second refresh token, that is, update the first refresh token of the Internet of Things device, and also update the second refresh token.
  • Update to the target storage resource for example, the first access token and the second refresh token can be correspondingly updated to the target storage resource.
  • the second refresh token may also be sent to the Internet of Things device.
  • the cloud platform may combine the first access token with the second refresh token. Send to this IoT device.
  • the cloud platform sets an expiration date for the first access token and allocates the second refresh token. Afterwards, the first access token, the validity period of the first access token, and the second refresh token are updated to the target storage resource. In addition, the cloud platform sends the first access token, the expiration date of the first access token, and the second refresh token to the Internet of Things device.
  • the IoT device can use the allocated first access token to initiate a request to the cloud platform.
  • a token update request from the Internet of Things device is received, and the token update request is used to request reallocation of the access token.
  • the first access token is allocated to the Internet of Things device, and the first access token is updated to the target storage resource.
  • the target storage resource is a resource used to manage the state of the IoT device on the cloud platform. Therefore, when subsequent IoT devices use the first access token to initiate a request to the cloud platform, the cloud platform can be based on the target storage resource
  • the data in and the first access token determine how to respond to the request of the Internet of Things device, so as to realize the interaction between the Internet of Things device and the cloud platform.
  • the aforementioned token update request is sent by the IoT device when the expiration date of the second access token is approaching.
  • the IoT device will choose to re-register on the cloud platform so that the cloud platform can redistribute the access token. Avoid the situation that the request to the cloud platform fails due to the failure to successfully receive the re-allocated first access token and the IoT device continues to use the second access token to initiate the request.
  • FIG. 3 is a flowchart of a request processing method according to another exemplary embodiment.
  • the method can be applied to the implementation environment shown in FIG. 1.
  • the method can include the following implementation steps:
  • Step A1 Receive a token update request from the Internet of Things device, where the token update request carries the first refresh token.
  • step A1 For the specific implementation of step A1, refer to the specific implementation of step 201 in FIG. 2 above.
  • Step A2 Based on the first refresh token, a first access token is allocated to the Internet of Things device.
  • step A2 For the specific implementation of step A2, refer to the specific implementation of step 202 in FIG. 2 described above.
  • Step A3 Send a token update response to the Internet of Things device, where the token update response carries the first access token.
  • the cloud platform after the cloud platform allocates the first access token, it can send the first access token to the Internet of Things device through a token update response, and the Internet of Things device stores the first access token.
  • the token update response may also carry the validity period of the first access token.
  • the token update response may also carry the second refresh token.
  • the cloud platform when the cloud platform allocates the first access token, it sets the validity period for the first access token and allocates the second refresh token.
  • the token update response may also carry the value of the first access token. The expiration date and the second refresh token.
  • Step A4 If a reception success message sent by the Internet of Things device is received, the first access token is updated to the target storage resource, and the reception success message is used to indicate that the token update response is successfully received.
  • reception success message sent by the IoT device it means that the first access token has been successfully sent to the IoT device. In this case, it can be considered that subsequent IoT devices will use the first access token to send the cloud to the cloud.
  • the platform initiates the request, so the first access token can be updated to the target storage resource, so as to ensure that subsequent requests initiated by the IoT device can be accurately responded to.
  • the cloud platform allocates the first access token
  • the validity period is set for the first access token, and then the first access token and the validity period of the first access token are updated to the target storage resource middle.
  • the cloud platform allocates the first access token and also allocates the second refresh token
  • the first access token and the second refresh token are updated to the target storage resource.
  • the cloud platform is allocating the first access token
  • the validity period is set for the first access token
  • the second refresh token is allocated, then the first access token and the first access token
  • the validity period and the second refresh token are updated to the target storage resource.
  • a token update request from the Internet of Things device is received, and the token update request is used to request reallocation of the access token.
  • the first access token is allocated to the Internet of Things device, and the first access token is updated to the target storage resource.
  • the target storage resource is a resource used to manage the state of the IoT device on the cloud platform. Therefore, when subsequent IoT devices use the first access token to initiate a request to the cloud platform, the cloud platform can be based on the target storage resource
  • the data in and the first access token determine how to respond to the request of the Internet of Things device, so as to realize the interaction between the Internet of Things device and the cloud platform.
  • the first access token is updated and stored in the target storage resource, so as to ensure that subsequent requests to the IoT device can be initiated Respond accurately.
  • FIG. 4 is a flowchart of a request processing method according to another exemplary embodiment.
  • the method can be applied to the implementation environment shown in FIG. 1.
  • the method may include the following implementation steps:
  • Step B1 Receive a token update request from the Internet of Things device, where the token update request carries the first refresh token.
  • step B1 For the specific implementation of step B1, refer to the specific implementation of step 201 in FIG. 2 above.
  • Step B2 Based on the first refresh token, a first access token is allocated to the Internet of Things device.
  • step B2 For the specific implementation of step B2, refer to the specific implementation of step 202 in FIG. 2 above.
  • Step B3 Send a token update response to the Internet of Things device, where the token update response carries the first access token.
  • the cloud platform after the cloud platform allocates the first access token, it can send the first access token to the Internet of Things device through a token update response, and the Internet of Things device stores the first access token.
  • the token update response may also carry the expiration date of the first access token.
  • the token update response may also carry the second refresh token.
  • the cloud platform when the cloud platform allocates the first access token, it sets the validity period for the first access token and allocates the second refresh token.
  • the token update response may also carry the value of the first access token. The expiration date and the second refresh token.
  • Step B4 If a re-registration request sent by the Internet of Things device is received, the first access token carried in the re-registration request is updated to the target storage resource.
  • a re-registration request sent by an IoT device is received, it means that the IoT device needs to be re-registered on the cloud platform.
  • the first access token carried can be obtained from the re-registration request. In this case It can be considered that subsequent IoT devices will use the first access token to initiate requests to the cloud platform. Therefore, the first access token can be updated to the target storage resource to ensure that subsequent requests to the IoT device can be initiated Respond accurately.
  • the cloud platform when the cloud platform is allocating the first access token, it sets an expiration date for the first access token, and the re-registration request may also carry the expiration date of the first access token. At this time, the The first access token and the validity period of the first access token are updated to the target storage resource.
  • the cloud platform when the cloud platform allocates the first access token, it also allocates a second refresh token.
  • the re-registration request may also carry the second refresh token.
  • the first access token And the second refresh token is updated to the target storage resource.
  • the cloud platform when the cloud platform allocates the first access token, it sets the validity period for the first access token and allocates the second refresh token.
  • the re-registration request may also carry the validity of the first access token.
  • the expiration date and the second refresh token At this time, the first access token, the validity period of the first access token, and the second refresh token are updated to the target storage resource.
  • a token update request from the Internet of Things device is received, and the token update request is used to request reallocation of the access token.
  • the first access token is allocated to the Internet of Things device, and the first access token is updated to the target storage resource.
  • the target storage resource is a resource used to manage the state of the IoT device on the cloud platform. Therefore, when subsequent IoT devices use the first access token to initiate a request to the cloud platform, the cloud platform can be based on the target storage resource
  • the data in and the first access token determine how to respond to the request of the Internet of Things device, so as to realize the interaction between the Internet of Things device and the cloud platform.
  • the first access token carried in the re-registration request is updated to the target storage resource, so as to ensure that subsequent requests initiated by the IoT device can be accurately performed ⁇ responsive.
  • the status of the IoT device on the cloud platform can include but is not limited to registration, deregistration, online and offline.
  • the target storage resource includes different types of resources.
  • the target storage resource includes the first A storage resource and/or a second storage resource, where the first storage resource is used to manage the registration status of the Internet of Things device on the cloud platform, and the second storage resource is used to manage the Internet of Things device on the cloud platform On-line status and off-line status.
  • FIG. 5 is a flowchart of a request processing method according to another exemplary embodiment.
  • the method can be applied to the implementation environment shown in FIG.
  • the status on the cloud platform includes the registration status as an example.
  • the method may include the following implementation steps:
  • Step C1 Receive a token update request from the Internet of Things device, where the token update request carries the first refresh token.
  • step C1 For the specific implementation of step C1, refer to the specific implementation of step 201 in FIG. 2 above.
  • Step C2 Based on the first refresh token, a first access token is allocated to the Internet of Things device.
  • step C2 For the specific implementation of step C2, refer to the specific implementation of step 202 in FIG. 2 above.
  • Step C3 Update the first access token to the first storage resource, where the first storage resource is a resource used to manage the registration status of the Internet of Things device on the cloud platform.
  • the first storage resource is unreadable, that is, other devices cannot read the content of the first storage resource, and it is mainly used to manage the registration of IoT devices.
  • the first storage resource is the /account resource. The corresponding relationship between the account information, the first access token, and the first refresh token is maintained in the first storage resource.
  • the cloud platform is allocating the first access token
  • the expiration date is set for the first access token
  • the expiration date of the first access token and the first access token are updated to the first storage Resources.
  • the cloud platform allocates the first access token and also allocates a second refresh token
  • the first access token and the second refresh token are updated to the first storage resource.
  • the cloud platform is allocating the first access token
  • the validity period is set for the first access token
  • the second refresh token is allocated, then the first access token and the first access token
  • the expiration date and the second refresh token are updated to the first storage resource.
  • Step C4 Receive a logout request of the Internet of Things device, where the logout request carries the first access token and account information.
  • the logout request carries the first access token, that is, carries the updated access token instead of the original second access token.
  • the account information may include the device identification of the Internet of Things device, and/or the account information may include the user identification of the user logging in the Internet of Things device.
  • the logout request may also carry the first refresh token, or, if the second refresh token is allocated when the first access token is allocated, the logout request carries the second refresh token.
  • Step C5 Based on the account information, determine the corresponding access token from the first storage resource.
  • the cloud platform obtains information from the first storage resource based on the account information. Determine the corresponding access token in.
  • Step C6 If the access token determined from the first storage resource matches the first access token, log out the Internet of Things device.
  • matching the access token determined from the first storage resource with the first access token includes: the access token determined from the first storage resource is the same as the first access token.
  • the implementation of deregistering the Internet of Things device may be to delete all information related to the Internet of Things device from the first storage resource, for example, if the first storage resource stores a first access command If the validity period of the first access token, account information, the second refresh token, and the first access token are deleted, the validity period of the first access token, account information, the second refresh token, and the first access token are deleted.
  • a token update request from the Internet of Things device is received, and the token update request is used to request reallocation of the access token.
  • the first access token is allocated to the Internet of Things device, and the first access token is updated to the target storage resource.
  • the target storage resource is a resource used to manage the state of the IoT device on the cloud platform. Therefore, when subsequent IoT devices use the first access token to initiate a request to the cloud platform, the cloud platform can be based on the target storage resource
  • the data in and the first access token determine how to respond to the request of the Internet of Things device, so as to realize the interaction between the Internet of Things device and the cloud platform.
  • FIG. 6 is a flowchart of a request processing method according to another exemplary embodiment.
  • the method can be applied to the implementation environment shown in FIG.
  • the state on the cloud platform includes the online state/offline state as an example.
  • the method may include the following implementation steps:
  • Step D1 Receive a token update request from the Internet of Things device, where the token update request carries the first refresh token.
  • step D1 For the specific implementation of step D1, refer to the specific implementation of step 201 in FIG. 2 above.
  • Step D2 Based on the first refresh token, a first access token is allocated to the Internet of Things device.
  • step D2 refers to the specific implementation of step 202 in FIG. 2 above.
  • Step D3 Update the first access token to the second storage resource, where the second storage resource is a resource used to manage the online/offline status of the IoT device on the cloud platform.
  • the second storage resource is unreadable, that is, other devices cannot read the content of the second storage resource, and it is mainly used to manage the online and/or offline of IoT devices.
  • the second storage resource is /session resources.
  • the corresponding relationship between account information, first access token, first refresh token, and login status is maintained in the second storage resource.
  • the login state may be set to true, and when the Internet of Things device is in an offline state, the login state may be set to false.
  • the cloud platform is allocating the first access token
  • the expiration date is set for the first access token, and then the expiration date of the first access token and the first access token are updated to the second storage Resources.
  • the cloud platform allocates the first access token and also allocates a second refresh token
  • the first access token and the second refresh token are updated to the second storage resource.
  • the cloud platform is allocating the first access token
  • the validity period is set for the first access token
  • the second refresh token is allocated, then the first access token and the first access token
  • the expiration date and the second refresh token are updated to the second storage resource.
  • an online request of the Internet of Things device is received, where the online request carries the first access token and account information. Based on the account information, the corresponding access token is determined from the second storage resource, and if the access token determined from the second storage resource matches the first access token, control the Internet of Things device to go online.
  • the online request carries the first access token, that is, carries the updated access token instead of the original second access token.
  • the account information may include the device identification of the Internet of Things device, and/or the account information may include the user identification of the user logging in the Internet of Things device.
  • the online request may also carry the first refresh token, or, if the second refresh token is allocated when the first access token is allocated, the online request carries the second refresh token.
  • the cloud platform determines the corresponding access token from the second storage resource based on the account information. If the access token determined from the second storage resource matches the first access token, it can be determined that the authentication of the first access token is passed. In this case, the Internet of Things device can be controlled to go online.
  • the implementation of controlling the Internet of Things device to go online may be: setting the login status of the Internet of Things device to true.
  • the offline request of the Internet of Things device is received, the offline request carries the first access token and account information, and the corresponding access token is determined from the second storage resource based on the account information. If the access token determined from the second storage resource matches the first access token, control the IoT device to go offline.
  • the IoT device initiates a offline request to the cloud platform
  • the first access token is carried in the offline request, that is, the updated access token is carried instead of the original second access token .
  • the account information may include the device identification of the Internet of Things device, and/or the account information may include the user identification of the user logging in the Internet of Things device.
  • the offline request may also carry the first refresh token, or, if the second refresh token is allocated when the first access token is allocated, the offline request carries the second refresh token.
  • the cloud platform determines the corresponding access token from the second storage resource based on the account information. If the access token determined from the second storage resource matches the first access token, it can be determined that the authentication of the first access token is passed, and in this case, the IoT device can be controlled to go offline.
  • the implementation of controlling the offline of the Internet of Things device may be: setting the login status of the Internet of Things device to false.
  • a token update request from the Internet of Things device is received, and the token update request is used to request reallocation of the access token.
  • the first access token is allocated to the Internet of Things device, and the first access token is updated to the target storage resource.
  • the target storage resource is a resource used to manage the state of the IoT device on the cloud platform. Therefore, when subsequent IoT devices use the first access token to initiate a request to the cloud platform, the cloud platform can be based on the target storage resource
  • the data in and the first access token determine how to respond to the request of the Internet of Things device, so as to realize the interaction between the Internet of Things device and the cloud platform.
  • FIG. 7 is a flowchart of a request processing method according to an exemplary embodiment.
  • the method may be applied to the implementation environment shown in FIG. 1, and the method may include the following implementation steps:
  • Step 701 Receive a target request from an Internet of Things device, where the target request carries an access token and account information.
  • the target request may be a logout request, or the target request may be an online request, or alternatively, the target request may be a offline request.
  • the access token may be allocated by the cloud platform during the registration process of the Internet of Things device.
  • the account information may include the device identification of the Internet of Things device, and/or the account information may include the user identification of the user logging in the Internet of Things device.
  • the device identifier can be used to uniquely identify an IoT device.
  • the device identifier can be Device ID
  • the user ID can be used to uniquely identify a user.
  • the user ID can be User ID.
  • the target request may also carry a refresh token, which is allocated by the cloud platform in the process of allocating the above-mentioned access token.
  • Step 702 According to the account information, determine the corresponding access token from the target storage resource, the target storage resource is a resource used to manage the state of the Internet of Things device on the cloud platform.
  • the target storage resource may include a first storage resource and/or a second storage resource
  • the first storage resource may be used for registration management
  • the second storage resource may be used for online/offline management
  • the first storage resource is a /account resource.
  • the corresponding relationship between the access token and account information is stored in the first storage resource, or the corresponding relationship between the access token, account information, and the refresh token is stored in the first storage resource, or, the The first storage resource stores the corresponding relationship between the access token, account information, refresh token and the validity period of the access token.
  • the second storage resource is a /session resource.
  • the first storage resource stores the correspondence between the access token, account information, and the login status, or the first storage resource stores the correspondence between the access token, account information, refresh token, and the login status
  • the relationship, or alternatively, the corresponding relationship between the access token, the account information, the refresh token, the validity period of the access token, and the login status is stored in the first storage resource.
  • the cloud platform determines the access token corresponding to the account information from the first storage resource.
  • the cloud platform determines the access token corresponding to the account information from the second storage resource.
  • the corresponding access token is determined from the target storage resource according to the access token and the refresh token carried in the target request.
  • Step 703 If the access token determined from the target storage resource matches the access token carried in the target request, perform the operation requested by the target request.
  • the access token determined from the target storage resource matches the access token carried in the target request, it can be determined that the access token carried in the target request is authenticated.
  • the operation requested by the target request can be performed . For example, if the target request is a logout request, then the IoT device is logged out; another example, if the target request is an online request, then the IoT device is controlled to go online; another example, if the target request is a offline request, Then control the IoT device to go offline.
  • the access token determined from the target storage resource does not match the access token carried in the target request, then the corresponding access token is obtained from the token refresh resource based on the account information; If the access token obtained in the card refresh resource matches the access token carried in the target request, the operation requested by the target request is executed.
  • the token refresh resource is used to update the access token used by the IoT device to access the cloud platform.
  • the token refresh resource is the /tokenrefresh resource.
  • the corresponding relationship between Device ID, User ID, refresh token, and access token is stored in the /tokenrefresh resource.
  • the access token determined from the target storage resource does not match the access token carried in the target request, it may be because the access token carried in the target request has been updated, but the updated access token is not stored In the target storage resource, at this time, instead of directly determining that the authentication fails, you can obtain the corresponding access token from the token refresh resource, and determine the access token obtained from the token refresh resource and the target request Whether the carried access token matches, if it matches, it is determined that the authentication is passed, and the operation requested by the target request is executed. Of course, if there is no match, it is determined that the authentication has not passed, and a request failure message can be returned at this time.
  • a target request from an Internet of Things device is received, and the target request carries the access token and account information.
  • the account information the corresponding access token is determined from the target storage resource. If the determined access token matches the access token carried in the target request, the authentication is passed, so the operation requested by the target request can be performed. So as to realize the interaction between the cloud platform and the Internet of Things devices.
  • FIG. 8 is a schematic structural diagram of a request processing apparatus according to an exemplary embodiment.
  • the apparatus may include:
  • the receiving module 810 is configured to receive a token update request from an Internet of Things device, where the token update request carries the first refresh token;
  • An allocation module 820 configured to allocate a first access token to the Internet of Things device based on the first refresh token
  • the update module 830 is configured to update the first access token to a target storage resource, where the target storage resource is a resource used to manage the state of the Internet of Things device on the cloud platform.
  • the update module 830 is used to:
  • the first access token is updated to the target storage resource, and the reception success message is used to indicate that the token update response is successfully received.
  • the update module 830 is used to:
  • the first access token carried in the re-registration request is updated to the target storage resource.
  • the token update request is sent when the difference between the expiration date and the expiration date of the second access token is less than a specified threshold, and the second access token It is an access token used by the Internet of Things device before the expiration date.
  • the state of the IoT device on the cloud platform includes a registration state, and the target storage resource includes a first storage resource;
  • the update module 830 is also used for:
  • the state of the Internet of Things device on the cloud platform includes an online state
  • the target storage resource includes a second storage resource
  • the update module 830 is also used for:
  • the state of the Internet of Things device on the cloud platform includes an offline state
  • the target storage resource includes a second storage resource
  • the update module 830 is also used for:
  • the update module 830 is used to:
  • the validity period of the first access token is updated to the target storage resource.
  • the update module 830 is used to:
  • the second refresh token is updated to the target storage resource.
  • the token update request also carries account information
  • the account information includes the device identification of the Internet of Things device; and/or,
  • the account information includes a user identification for logging in to the Internet of Things device.
  • a token update request from the Internet of Things device is received, and the token update request is used to request reallocation of the access token.
  • the first access token is allocated to the Internet of Things device, and the first access token is updated to the target storage resource.
  • the target storage resource is a resource used to manage the state of the IoT device on the cloud platform. Therefore, when subsequent IoT devices use the first access token to initiate a request to the cloud platform, the cloud platform can be based on the target storage resource
  • the data in and the first access token determine how to respond to the request of the Internet of Things device, so as to realize the interaction between the Internet of Things device and the cloud platform.
  • FIG. 9 is a schematic structural diagram of a request processing apparatus according to an exemplary embodiment.
  • the apparatus may include:
  • the receiving module 910 is configured to receive a target request from an Internet of Things device, the target request carrying an access token and account information;
  • the determining module 920 is configured to determine a corresponding access token from a target storage resource according to the account information, where the target storage resource is a resource used to manage the state of the Internet of Things device on the cloud platform;
  • the execution module 930 is configured to perform the operation requested by the target request if the access token determined from the target storage resource matches the access token carried in the target request.
  • the execution module 930 is further configured to:
  • the access token determined from the target storage resource does not match the access token carried in the target request, based on the account information, obtain the corresponding access token from the token refresh resource;
  • the operation requested by the target request is performed.
  • a target request from an Internet of Things device is received, and the target request carries the access token and account information.
  • the account information the corresponding access token is determined from the target storage resource. If the determined access token matches the access token carried in the target request, it means that the authentication is passed, so the operation requested by the target request can be performed. So as to realize the interaction between the cloud platform and the Internet of Things devices.
  • FIG. 10 shows a schematic structural diagram of a server provided by an exemplary embodiment of the present application.
  • the server includes: a processor 1001, a receiver 1002, a transmitter 1003, a memory 1004, and a bus 1005.
  • the processor 1001 includes one or more processing cores, and the processor 1001 executes various functional applications and information processing by running software programs and modules.
  • the receiver 1002 and the transmitter 1003 may be implemented as a communication component, and the communication component may be a communication chip.
  • the memory 1004 is connected to the processor 1001 through a bus 1005.
  • the memory 1004 may be used to store at least one instruction, and the processor 1001 is used to execute the at least one instruction, so as to implement each step executed by the server in the foregoing method embodiments.
  • the memory 1004 can be implemented by any type of volatile or non-volatile storage device or a combination thereof.
  • the volatile or non-volatile storage device includes, but is not limited to: magnetic disks or optical disks, EEPROM (Electrically Erasable Programmable Read -Only Memory, Erasable Programmable Read-Only Memory with Electricity), EPROM (Electrically Programmable Read Only Memory, Erasable Programmable Read-Only Memory), SRAM (Static Random Access Memory), ROM (Read Only Memory, magnetic memory, flash memory, PROM (Programmable Read Only Memory).
  • the present application provides a computer-readable storage medium in which at least one instruction is stored, and the at least one instruction is loaded and executed by the processor to implement the methods provided in the foregoing method embodiments.
  • This application also provides a computer program product, which when the computer program product runs on a computer, causes the computer to execute the methods provided in the foregoing method embodiments.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Information Transfer Between Computers (AREA)

Abstract

Provided are a request processing method and apparatus, and a device and a storage medium, which relate to the technical field of Internet of Things. The method comprises: receiving a token update request from an Internet of Things device; allocating a first access token to the Internet of Things device according to a first refresh token carried in the token update request; and updating the first access token to a target storage resource, wherein the target storage resource is a resource for managing the state of the Internet of Things device on a cloud platform. Therefore, when the Internet of Things device subsequently initiates a request to the cloud platform by using the first access token, the cloud platform can determine, on the basis of data in the target storage resource and the first access token, how to respond to the request from the Internet of Things device, thereby realizing the interaction between the Internet of Things device and the cloud platform.

Description

请求处理方法、装置、设备及存储介质Request processing method, device, equipment and storage medium 技术领域Technical field
本申请涉及物联网技术领域,特别涉及一种请求处理方法、装置、设备及存储介质。This application relates to the technical field of the Internet of Things, and in particular to a request processing method, device, equipment, and storage medium.
背景技术Background technique
在物联网中,物联网设备在可以被操作之前,通常需要注册到云平台中,完成注册之后,物联网设备可以将自己需要被发现、被访问的资源发布到云平台上,以便于控制设备可以通过云平台来发现及控制物联网设备。In the Internet of Things, the Internet of Things devices usually need to be registered to the cloud platform before they can be operated. After the registration is completed, the Internet of Things devices can publish the resources they need to be discovered and accessed to the cloud platform to facilitate control of the device The cloud platform can be used to discover and control IoT devices.
物联网设备与云平台之间的一些交互需要使用访问令牌,访问令牌一般是由云平台在物联网设备注册的过程中分配的。在一些情况下,访问令牌可能会失效,如此,云平台需要重新为物联网设备分配访问令牌。在重新分配访问令牌后,如何基于重新分配的访问令牌来实现物联网设备与云平台的交互成为研究的热点。Some interactions between IoT devices and cloud platforms require the use of access tokens, and access tokens are generally allocated by the cloud platform during the registration process of the IoT devices. In some cases, the access token may become invalid, so the cloud platform needs to re-allocate the access token to the IoT device. After the access token is re-allocated, how to realize the interaction between the IoT device and the cloud platform based on the re-allocated access token has become a hot research topic.
发明内容Summary of the invention
本申请实施例提供了一种请求处理方法、装置、设备及存储介质,可以用于解决如何基于重新分配的访问令牌来实现物联网设备与云平台的交互的问题。所述技术方案如下:The embodiments of the present application provide a request processing method, device, device, and storage medium, which can be used to solve the problem of how to realize the interaction between the Internet of Things device and the cloud platform based on the re-allocated access token. The technical solution is as follows:
一方面,提供了一种请求处理方法,所述方法包括:In one aspect, a request processing method is provided, and the method includes:
接收来自物联网设备的令牌更新请求,所述令牌更新请求携带第一刷新令牌;Receiving a token update request from the Internet of Things device, where the token update request carries the first refresh token;
基于所述第一刷新令牌,为所述物联网设备分配第一访问令牌;Allocating a first access token to the Internet of Things device based on the first refresh token;
将所述第一访问令牌更新至目标存储资源中,其中,所述目标存储资源为用于管理物联网设备在云平台上的状态的资源。The first access token is updated to the target storage resource, where the target storage resource is a resource used to manage the state of the Internet of Things device on the cloud platform.
另一方面,提供了一种请求处理方法,所述方法包括:In another aspect, a request processing method is provided, and the method includes:
接收来自物联网设备的目标请求,所述目标请求携带访问令牌和账号信息;Receiving a target request from an Internet of Things device, the target request carrying an access token and account information;
根据所述账号信息,从目标存储资源中确定对应的访问令牌,所述目标存储资源为用于管理物联网设备在云平台上的状态的资源;According to the account information, determine a corresponding access token from a target storage resource, where the target storage resource is a resource used to manage the state of the Internet of Things device on the cloud platform;
若从所述目标存储资源中确定的访问令牌与所述目标请求携带的访问令牌匹配,则执行所述目标请求所请求的操作。If the access token determined from the target storage resource matches the access token carried in the target request, the operation requested by the target request is executed.
另一方面,提供了一种请求处理装置,所述装置包括:In another aspect, a request processing device is provided, the device including:
接收模块,用于接收来自物联网设备的令牌更新请求,所述令牌更新请求携带第一刷新令牌;A receiving module, configured to receive a token update request from an Internet of Things device, where the token update request carries the first refresh token;
分配模块,用于基于所述第一刷新令牌,为所述物联网设备分配第一访问令牌;An allocation module, configured to allocate a first access token to the Internet of Things device based on the first refresh token;
更新模块,用于将所述第一访问令牌更新至目标存储资源中,其中,所述目标存储资源为用于管理物联网设备在云平台上的状态的资源。The update module is configured to update the first access token to a target storage resource, where the target storage resource is a resource used to manage the state of the Internet of Things device on the cloud platform.
另一方面,提供了一种请求处理装置,所述装置包括:In another aspect, a request processing device is provided, the device including:
接收模块,用于接收来自物联网设备的目标请求,所述目标请求携带访问令牌和账号信息;A receiving module for receiving a target request from an Internet of Things device, the target request carrying an access token and account information;
确定模块,用于根据所述账号信息,从目标存储资源中确定对应的访问令牌,所述目标存储资源为用于管理物联网设备在云平台上的状态的资源;A determining module, configured to determine a corresponding access token from a target storage resource according to the account information, where the target storage resource is a resource used to manage the state of the Internet of Things device on the cloud platform;
执行模块,用于若从所述目标存储资源中确定的访问令牌与所述目标请求携带的访问令牌匹配,则执行所述目标请求所请求的操作。The execution module is configured to execute the operation requested by the target request if the access token determined from the target storage resource matches the access token carried in the target request.
另一方面,提供了一种设备,所述设备包括处理器和存储器,所述存储器存储有至少一条指令,所述至少一条指令用于被所述处理器执行以实现上述一方面中任一项所提供的请求处理方法,或者,实现上述另一方面中任一项所提供的请求处理方法。In another aspect, a device is provided, the device includes a processor and a memory, the memory stores at least one instruction, and the at least one instruction is configured to be executed by the processor to implement any one of the above aspects The provided request processing method, or implement the request processing method provided in any one of the above-mentioned other aspects.
另一方面,提供了一种计算机可读存储介质,所述计算机可读存储介质存储有至少一条指令,所述至少一条指令用于被处理器执行以实现上述一方面中任一项所提供的请求处理方法,或者,实现上述另一方面中任一项所提供的请求处理方法。In another aspect, a computer-readable storage medium is provided, and the computer-readable storage medium stores at least one instruction, and the at least one instruction is configured to be executed by a processor to implement the method provided in any one of the above aspects. Request processing method, or implement the request processing method provided by any one of the above-mentioned other aspects.
另一方面,提供了一种计算机程序产品,所述计算机程序产品包括一个或多个计算机程序,所述计算机程序被处理器执行时,用于实现上述一方面中任一项所提供的请求处理方法,或者,实现上述另一方面中任一项所提供的请求处理方法。In another aspect, a computer program product is provided. The computer program product includes one or more computer programs. When the computer program is executed by a processor, it is used to implement the request processing provided in any one of the above aspects. Method, or implement the request processing method provided by any one of the above-mentioned other aspects.
本申请实施例提供的技术方案带来的有益效果至少包括:The beneficial effects brought about by the technical solutions provided by the embodiments of the present application include at least:
接收来自物联网设备的令牌更新请求,该令牌更新请求用于请求重新分配访问令牌。根据该令牌更新请求中携带的第一刷新令牌,为该物联网设备分配第一访问令牌,并将该第一访问令牌更新至目标存储资源中。其中,该目标存储资源为用于管理物联网设备在云平台上的状态的资源,所以,后续物联网设备在使用该第一访问令牌向云平台发起请求时,云平台可以基于目标存储资源中的数据和该第一访问令牌,确定如何响应物联网设备的请求,从而实现物联网设备与云平台之间的交互。Receive a token update request from the Internet of Things device, where the token update request is used to request reallocation of the access token. According to the first refresh token carried in the token update request, the first access token is allocated to the Internet of Things device, and the first access token is updated to the target storage resource. Wherein, the target storage resource is a resource used to manage the state of the IoT device on the cloud platform. Therefore, when subsequent IoT devices use the first access token to initiate a request to the cloud platform, the cloud platform can be based on the target storage resource The data in and the first access token determine how to respond to the request of the Internet of Things device, so as to realize the interaction between the Internet of Things device and the cloud platform.
附图说明Description of the drawings
为了更清楚地说明本申请实施例中的技术方案,下面将对实施例描述中所需要使用的附图作简单地介绍,显而易见地,下面描述中的附图仅仅是本申请的一些实施例,对于本领域普通技术人员来讲,在不付出创造性劳动的前提下,还可以根据这些附图获得其他的附图。In order to explain the technical solutions in the embodiments of the present application more clearly, the following will briefly introduce the drawings needed in the description of the embodiments. Obviously, the drawings in the following description are only some embodiments of the present application. For those of ordinary skill in the art, other drawings can be obtained based on these drawings without creative work.
图1是本申请一个示例性实施例提供的实施环境的示意图;Fig. 1 is a schematic diagram of an implementation environment provided by an exemplary embodiment of the present application;
图2是本申请一个示例性实施例提供的请求处理方法的流程图;Fig. 2 is a flowchart of a request processing method provided by an exemplary embodiment of the present application;
图3是本申请另一个示例性实施例提供的请求处理方法的流程图;Fig. 3 is a flowchart of a request processing method provided by another exemplary embodiment of the present application;
图4是本申请另一个示例性实施例提供的请求处理方法的流程图;Fig. 4 is a flowchart of a request processing method provided by another exemplary embodiment of the present application;
图5是本申请另一个示例性实施例提供的请求处理方法的流程图;Fig. 5 is a flowchart of a request processing method provided by another exemplary embodiment of the present application;
图6是本申请另一个示例性实施例提供的请求处理方法的流程图;Fig. 6 is a flowchart of a request processing method provided by another exemplary embodiment of the present application;
图7是本申请另一个示例性实施例提供的请求处理方法的流程图;Fig. 7 is a flowchart of a request processing method provided by another exemplary embodiment of the present application;
图8是本申请一个示例性实施例提供的请求处理装置的结构示意图;FIG. 8 is a schematic structural diagram of a request processing apparatus provided by an exemplary embodiment of the present application;
图9是本申请另一个示例性实施例提供的请求处理装置的结构示意图;FIG. 9 is a schematic structural diagram of a request processing apparatus provided by another exemplary embodiment of the present application;
图10是本申请另一个示例性实施例提供的服务器的结构示意图。Fig. 10 is a schematic structural diagram of a server provided by another exemplary embodiment of the present application.
具体实施方式Detailed ways
为使本申请的目的、技术方案和优点更加清楚,下面将结合附图对本申请实施方式作进一步地详细描述。In order to make the purpose, technical solutions, and advantages of the present application clearer, the implementation manners of the present application will be further described in detail below in conjunction with the accompanying drawings.
在对本申请实施例提供的请求处理方法进行详细介绍之前,先对本申请实施例涉及的应用场景进行简单介绍。Before describing in detail the request processing method provided by the embodiment of the present application, a brief introduction to the application scenarios involved in the embodiment of the present application will be given first.
请参考图1,图1是根据一示例性实施例示出的实施环境的示意图,该实施环境中可以包括物联网设备110和云平台120。该物联网设备110可以与云平台120建立通信连接。Please refer to FIG. 1, which is a schematic diagram showing an implementation environment according to an exemplary embodiment. The implementation environment may include an IoT device 110 and a cloud platform 120. The IoT device 110 can establish a communication connection with the cloud platform 120.
物联网设备110在被控制之前通常需要注册到云平台120中,以便于控制设备通过云平台120能够发现、控制该物联网设备110。作为一种示例,该物联网设备110可以为诸如智能空调、智能电视、智能冰箱之类的智能家居设备。The Internet of Things device 110 usually needs to be registered in the cloud platform 120 before being controlled, so that the control device can discover and control the Internet of Things device 110 through the cloud platform 120. As an example, the Internet of Things device 110 may be a smart home device such as a smart air conditioner, a smart TV, and a smart refrigerator.
其中,云平台120中通常包括多种存储资源,不同的存储资源具有不同的管理作用。示例性的,云平台120中包括/oic/rd资源,物联网设备120在注册到云平台上之后,可以把自己的可发现资源、可访问资源等资源信息都发布到云平台的/oic/rd资源中,比如发布到该/oic/rd资源中的资源信息包括物联网设备的第一资源信息、第二资源信息和其他功能性资源信息。其中,该第一资源信息包括了物联网设备的可发现资源的链接、该第二资源信息的链接等,第二资源信息包括物联网设备的设备属性信息,该设备属性信息包括设备名称、设备 标识等信息,该其他功能性资源信息是指与物联网设备的能力相关的资源信息,譬如,包括温度信息、湿度信息等。Among them, the cloud platform 120 usually includes multiple storage resources, and different storage resources have different management functions. Exemplarily, the cloud platform 120 includes /oic/rd resources. After the IoT device 120 is registered on the cloud platform, it can publish its discoverable resources, accessible resources, and other resource information to the cloud platform's /oic/ In the rd resource, for example, the resource information published to the /oic/rd resource includes the first resource information, the second resource information, and other functional resource information of the Internet of Things device. Wherein, the first resource information includes links to discoverable resources of the Internet of Things device, links to the second resource information, etc., and the second resource information includes device attribute information of the Internet of Things device, and the device attribute information includes device name, device Identification and other information. The other functional resource information refers to resource information related to the capabilities of IoT devices, for example, including temperature information, humidity information, and so on.
作为一种示例,该云平台120可以为一台服务器,或者,也可以为由多台服务器组成的集群,本申请实施例对此不做限定。As an example, the cloud platform 120 may be one server, or may also be a cluster composed of multiple servers, which is not limited in the embodiment of the present application.
在介绍完本申请实施例涉及的实施环境后,接下来将结合附图对本申请实施例提供的请求处理方法进行详细介绍。After introducing the implementation environment involved in the embodiments of the present application, the request processing method provided by the embodiments of the present application will be described in detail below with reference to the accompanying drawings.
请参考图2,该图2是根据一示例性实施例示出的一种请求处理方法的流程图,该方法可以应用于上述图1所示的实施环境中,主要由云平台来执行,该方法可以包括如下几个实现步骤:Please refer to FIG. 2, which is a flowchart of a request processing method according to an exemplary embodiment. The method can be applied to the implementation environment shown in FIG. 1 and is mainly executed by a cloud platform. It can include the following implementation steps:
步骤201:接收来自物联网设备的令牌更新请求,该令牌更新请求携带第一刷新令牌。Step 201: Receive a token update request from an Internet of Things device, where the token update request carries a first refresh token.
其中,该第一刷新令牌(refresh token)可以是由云平台在物联网设备注册的过程中分配的。如前文所述,物联网设备在被控制之前,通常需要注册到云平台上,作为一种示例,物联网设备可以向云平台发送注册请求,该注册请求中可以携带有账号信息。示例性的,该账号信息可以包括该物联网设备的设备标识,和/或,该账号信息可以包括登录该物联网设备的用户标识。其中,该设备标识可以用于唯一标识一个物联网设备,如该设备标识为Device ID;该用户标识可以用于唯一标识一个用户,如该用户标识为User ID。Wherein, the first refresh token (refresh token) may be allocated by the cloud platform during the registration process of the IoT device. As mentioned above, the IoT device usually needs to be registered on the cloud platform before being controlled. As an example, the IoT device can send a registration request to the cloud platform, and the registration request can carry account information. Exemplarily, the account information may include the device identification of the Internet of Things device, and/or the account information may include the user identification of the user logging in the Internet of Things device. Among them, the device identifier can be used to uniquely identify an IoT device, for example, the device ID is Device ID; the user ID can be used to uniquely identify a user, for example, the user ID is User ID.
云平台接收到该注册请求后,为该物联网设备分配第一刷新令牌和第二访问令牌,云平台可以将该第一刷新令牌和第二访问令牌发送给物联网设备,如此,物联网设备即可使用该第一刷新令牌和该第二访问令牌向云平台发起请求。另外,云平台还可以将该第一刷新令牌、第二访问令牌和账号信息对应存储,譬如,可以对应存储至令牌刷新资源中,该令牌刷新资源为/tokenrefresh资源。示例性的,云平台将Device ID、User ID、refresh token和access token对应存储至/tokenrefresh资源中。After the cloud platform receives the registration request, it allocates the first refresh token and the second access token to the IoT device, and the cloud platform can send the first refresh token and the second access token to the IoT device, so , The IoT device can use the first refresh token and the second access token to initiate a request to the cloud platform. In addition, the cloud platform may also store the first refresh token, the second access token, and the account information correspondingly, for example, they may be correspondingly stored in a token refresh resource, and the token refresh resource is a /tokenrefresh resource. Exemplarily, the cloud platform stores Device ID, User ID, refresh token, and access token in the /tokenrefresh resource correspondingly.
另外,云平台在分配第二访问令牌时,还可以分配该第二访问令牌的有效期限,将该第二访问令牌的有效期限发送给物理网设备,并将该第二访问令牌的有效期限与第一刷新令牌、第二访问令牌和账号信息对应存储至令牌刷新资源中。In addition, when the cloud platform allocates the second access token, it can also allocate the expiration date of the second access token, send the expiration date of the second access token to the physical network device, and send the second access token The validity period of is stored in the token refresh resource corresponding to the first refresh token, the second access token, and the account information.
若第二访问令牌的期限大于其有效期限,即该第二访问令牌已到期,物联网设备就无法再使用该第二访问令牌,为此,物联网设备在临近该第二访问令牌的有效期限时,可以请求云平台重新为其分配一个访问令牌,即该物联网设备向云平台发送令牌更新请求,该令牌更新请求中携带有该第一刷新令牌。If the expiration date of the second access token is greater than its expiration date, that is, the second access token has expired, the IoT device can no longer use the second access token. For this reason, the IoT device is approaching the second access token. When the validity period of the token is reached, the cloud platform may be requested to reassign an access token, that is, the Internet of Things device sends a token update request to the cloud platform, and the token update request carries the first refresh token.
也即是,该令牌更新请求是在第二访问令牌的期限与有效期限之间的差值小于指定阈值的情况下发送的,该第二访问令牌是该物联网设备在其有效期限到期之前使用的访问令牌。其中,该指定阈值可以根据实际需求进行设置。That is, the token update request is sent when the difference between the expiration date and the expiration date of the second access token is less than the specified threshold, and the second access token is the expiration date of the IoT device. The access token used before expiration. Among them, the specified threshold can be set according to actual needs.
可选地,该第二访问令牌的期限可以为物联网设备使用该第二访问令牌的时长,相应的,该有效期限也对应是一个时长,譬如,该第二访问令牌的期限为2小时,该有效期限为5小时。Optionally, the expiration date of the second access token may be the length of time during which the second access token is used by the Internet of Things device. Correspondingly, the expiration date corresponds to a period of time. For example, the expiration date of the second access token is 2 hours, the validity period is 5 hours.
可选地,该第二访问令牌的期限可以为物联网设备使用该第二访问令牌的当前时刻,即该期限为一个时间点,相应的,该有效期限也对应是一个时间点,譬如,该第二访问令牌的期限为5:00,该有效期限为12:00。Optionally, the expiration date of the second access token may be the current moment when the Internet of Things device uses the second access token, that is, the expiration date is a point in time, and correspondingly, the expiration date corresponds to a point in time, for example, , The expiration date of the second access token is 5:00, and the expiration date is 12:00.
如此,若第二访问令牌的期限为一个时间点,以及该有效期限为一个时间点,则该第二访问令牌的期限与有效期限之间的差值是指时间点的差值。若第二访问令牌的期限为时长,以及该有效期限为时长,则该第二访问令牌的期限与有效期限之间的差值是指时长的差值。In this way, if the expiration date of the second access token is a time point and the expiration date is a time point, the difference between the expiration date and the expiration date of the second access token refers to the time point difference. If the expiration date of the second access token is a duration, and the expiration date is a duration, the difference between the expiration date and the expiration date of the second access token refers to the difference in duration.
如果所使用的第二访问令牌的期限与有效期限之间的差值小于指定阈值,说明临近该第二访问令牌的有效期限,或者说,该第二访问令牌即将过期,在该种情况下,该物联网设备向云平台发送携带该第一刷新令牌的令牌更新请求。If the difference between the expiration date and the expiration date of the second access token used is less than the specified threshold, it means that the expiration date of the second access token is approaching, or that the second access token is about to expire. In this case, the Internet of Things device sends a token update request carrying the first refresh token to the cloud platform.
可选地,该第二访问令牌的期限与有效期限之间的差值一般是指绝对值。作为一种示例, 判断该第二访问令牌的期限与有效期限之间的差值是否小于指定阈值可以包括:将第二访问令牌的期限与有效期限相减,得到第一差值,判断该第一差值的绝对值是否小于指定阈值;或者,将有效期限与该第二访问令牌的期限相减,得到第二差值,判断该第二差值是否小于指定阈值。譬如,若该第二访问令牌的期限为T1,该有效期限为T2,则判断T1-T2的绝对值是否小于指定阈值,或者,判断T2-T1是否小于指定阈值。Optionally, the difference between the expiration date and the expiration date of the second access token generally refers to an absolute value. As an example, judging whether the difference between the expiration date of the second access token and the expiration date is less than a specified threshold may include: subtracting the expiration date of the second access token from the expiration date to obtain the first difference, and determining Whether the absolute value of the first difference is less than a specified threshold; or, subtract the validity period from the expiration of the second access token to obtain a second difference, and determine whether the second difference is less than the specified threshold. For example, if the expiration date of the second access token is T1 and the expiration date is T2, it is determined whether the absolute value of T1-T2 is less than a specified threshold, or whether T2-T1 is less than a specified threshold.
进一步地,令牌更新请求中还可以携带账号信息,也即是,该令牌更新请求中可以包括第一刷新令牌和账号信息。其中,该账号信息包括物联网设备的设备标识;和/或,该账号信息包括登录该物联网设备的用户标识。Further, the token update request may also carry account information, that is, the token update request may include the first refresh token and account information. Wherein, the account information includes the device identification of the Internet of Things device; and/or, the account information includes the user identification of the Internet of Things device.
步骤202:基于该第一刷新令牌,为该物联网设备分配第一访问令牌。Step 202: Based on the first refresh token, a first access token is allocated to the Internet of Things device.
在实施中,云平台基于该第一刷新令牌进行鉴权,即判断该第一刷新令牌是否有效,示例性地,云平台可以查询上述令牌刷新资源中是否存在该第一刷新令牌,若存在,则鉴权通过,若不存在,则鉴权未通。在鉴权通过后,云平台为该物联网设备重新分配一个访问令牌,为了与上述第二访问令牌区分,这里将重新分配的访问令牌称为第一访问令牌。In implementation, the cloud platform performs authentication based on the first refresh token, that is, determines whether the first refresh token is valid. For example, the cloud platform can query whether the first refresh token exists in the above-mentioned token refresh resource. If it exists, the authentication is passed, if it does not exist, the authentication is not passed. After the authentication is passed, the cloud platform reassigns an access token to the Internet of Things device. In order to distinguish it from the foregoing second access token, the re-allocated access token is referred to herein as the first access token.
进一步地,当令牌刷新请求中还携带账号信息时,基于该第一刷新令牌,为该物联网设备分配第一访问令牌的实现可以包括:基于该第一刷新令牌和账号信息,为该物联网设备分配第一访问令牌。Further, when the token refresh request also carries account information, based on the first refresh token, the realization of allocating a first access token to the Internet of Things device may include: based on the first refresh token and account information, Allocate a first access token to the Internet of Things device.
在该种情况下,云平台基于该第一刷新令牌和该账号信息进行鉴权,即判断该第一刷新令牌和该账号信息是否有效,示例性地,云平台可以查询上述令牌刷新资源中是否存在该第一刷新令牌和该账号信息,若存在,则鉴权通过,若不存在,则鉴权未通过。在确定鉴权通过后,云平台为该物联网设备重新分配一个访问令牌,即分配第一访问令牌。In this case, the cloud platform performs authentication based on the first refresh token and the account information, that is, it determines whether the first refresh token and the account information are valid. Illustratively, the cloud platform can query the above token refresh Whether the first refresh token and the account information exist in the resource, if they exist, the authentication is passed, and if they do not exist, the authentication fails. After confirming that the authentication is passed, the cloud platform reassigns an access token to the Internet of Things device, that is, assigns the first access token.
当然,若鉴权未通过,则云平台向物联网设备发送更新失败消息,以通知物联网设备访问令牌更新失败。Of course, if the authentication fails, the cloud platform sends an update failure message to the IoT device to notify the IoT device that the access token update fails.
步骤203:将该第一访问令牌更新至目标存储资源中,其中,该目标存储资源为用于管理物联网设备在云平台上的状态的资源。Step 203: Update the first access token to the target storage resource, where the target storage resource is a resource used to manage the state of the Internet of Things device on the cloud platform.
其中,物联网设备在云平台上的状态包括但不限于注册状态、上线状态、下线状态。也即是,该目标存储资源可以用于管理物联网设备在云平台上的注销、上线或下线操作。Among them, the status of the IoT device on the cloud platform includes but is not limited to registration status, online status, and offline status. That is, the target storage resource can be used to manage the logout, online or offline operations of the IoT device on the cloud platform.
云平台为该物联网设备分配第一访问令牌后,可以将该第一访问令牌更新至目标存储资源中,并且,该云平台可以将该第一访问令牌发送给物联网设备,物联网设备对该第一访问令牌进行存储,以便于后续物联网设备在使用该第一访问令牌进行注销、上线或下线时,云平台可以对该第一访问令牌进行鉴权。After the cloud platform allocates the first access token to the Internet of Things device, the first access token can be updated to the target storage resource, and the cloud platform can send the first access token to the Internet of Things device. The networked device stores the first access token, so that when subsequent IoT devices use the first access token to log out, go online, or go offline, the cloud platform can authenticate the first access token.
进一步地,云平台确定该第一访问令牌的有效期限,将该第一访问令牌的有效期限更新至该目标存储资源中。Further, the cloud platform determines the validity period of the first access token, and updates the validity period of the first access token to the target storage resource.
云平台在为该物联网设备分配第一访问令牌时,还可以为该第一访问令牌设置有效期限,并将该第一访问令牌的有效期限也更新至该目标存储资源中,譬如,可以将该第一访问令牌和该第一访问令牌的有效期限对应更新至该目标存储资源中。When the cloud platform allocates the first access token to the Internet of Things device, it can also set an expiration date for the first access token, and update the expiration date of the first access token to the target storage resource, for example, , The first access token and the validity period of the first access token can be correspondingly updated to the target storage resource.
另外,云平台在为该第一访问令牌设置有效期限后,还可以将该第一访问令牌的有效期限也发送给物联网设备,示例性的,云平台将该第一访问令牌和该第一访问令牌的有效期限一起发送给该物联网设备。In addition, after the cloud platform sets the expiration date for the first access token, the expiration date of the first access token may also be sent to the IoT device. For example, the cloud platform may send the first access token and the expiration date to the IoT device. The validity period of the first access token is sent to the Internet of Things device together.
进一步地,在分配该第一访问令牌的过程中,分配第二刷新令牌,将该第二刷新令牌更新至该目标存储资源中。Further, in the process of allocating the first access token, a second refresh token is allocated, and the second refresh token is updated to the target storage resource.
云平台在为该物联网设备分配第一访问令牌的过程中,还可以分配第二刷新令牌,即对物联网设备的第一刷新令牌进行更新,并将该第二刷新令牌也更新至该目标存储资源中,譬如,可以将该第一访问令牌和第二刷新令牌对应更新至该目标存储资源中。In the process of assigning the first access token to the Internet of Things device, the cloud platform can also allocate a second refresh token, that is, update the first refresh token of the Internet of Things device, and also update the second refresh token. Update to the target storage resource, for example, the first access token and the second refresh token can be correspondingly updated to the target storage resource.
另外,云平台在分配第二刷新令牌后,还可以将该第二刷新令牌也发送给物联网设备,示例性的,该云平台将该第一访问令牌和第二刷新令牌一起发送给该物联网设备。In addition, after the cloud platform allocates the second refresh token, the second refresh token may also be sent to the Internet of Things device. For example, the cloud platform may combine the first access token with the second refresh token. Send to this IoT device.
进一步地,云平台在分配第一访问令牌的过程中,为该第一访问令牌设置有效期限,并 分配第二刷新令牌。之后,将该第一访问令牌、该第一访问令牌的有效期限、以及该第二刷新令牌更新至该目标存储资源中。并且,云平台将该第一访问令牌、该第一访问令牌的有效期限、以及该第二刷新令牌发送给物联网设备。Further, in the process of allocating the first access token, the cloud platform sets an expiration date for the first access token and allocates the second refresh token. Afterwards, the first access token, the validity period of the first access token, and the second refresh token are updated to the target storage resource. In addition, the cloud platform sends the first access token, the expiration date of the first access token, and the second refresh token to the Internet of Things device.
之后,物联网设备即可使用所分配的第一访问令牌,向云平台发起请求。After that, the IoT device can use the allocated first access token to initiate a request to the cloud platform.
在本申请实施例中,接收来自物联网设备的令牌更新请求,该令牌更新请求用于请求重新分配访问令牌。根据该令牌更新请求中携带的第一刷新令牌,为该物联网设备分配第一访问令牌,并将该第一访问令牌更新至目标存储资源中。其中,该目标存储资源为用于管理物联网设备在云平台上的状态的资源,所以,后续物联网设备在使用该第一访问令牌向云平台发起请求时,云平台可以基于目标存储资源中的数据和该第一访问令牌,确定如何响应物联网设备的请求,从而实现物联网设备与云平台之间的交互。In the embodiment of the present application, a token update request from the Internet of Things device is received, and the token update request is used to request reallocation of the access token. According to the first refresh token carried in the token update request, the first access token is allocated to the Internet of Things device, and the first access token is updated to the target storage resource. Wherein, the target storage resource is a resource used to manage the state of the IoT device on the cloud platform. Therefore, when subsequent IoT devices use the first access token to initiate a request to the cloud platform, the cloud platform can be based on the target storage resource The data in and the first access token determine how to respond to the request of the Internet of Things device, so as to realize the interaction between the Internet of Things device and the cloud platform.
另外,上述令牌更新请求是物联网设备在临近该第二访问令牌的有效期限时发送的,如此,即便后续为物联网设备分配的第一访问令牌未能成功发送给物联网设备,由于第二访问令牌的期限即将大于有效期限,所以物联网设备会选择重新在云平台上进行注册,以便于云平台重新分配访问令牌。避免由于未能成功接收重新分配的第一访问令牌,且物联网设备继续使用第二访问令牌发起请求导致向云平台请求失败的情况。In addition, the aforementioned token update request is sent by the IoT device when the expiration date of the second access token is approaching. In this way, even if the first access token allocated to the IoT device is not successfully sent to the IoT device, because The expiration date of the second access token is about to be greater than the expiration date, so the IoT device will choose to re-register on the cloud platform so that the cloud platform can redistribute the access token. Avoid the situation that the request to the cloud platform fails due to the failure to successfully receive the re-allocated first access token and the IoT device continues to use the second access token to initiate the request.
请参考图3,图3是根据另一示例性实施例提供的一种请求处理方法的流程图,该方法可以应用于图1所示的实施环境中,该方法可以包括如下几个实现步骤:Please refer to FIG. 3. FIG. 3 is a flowchart of a request processing method according to another exemplary embodiment. The method can be applied to the implementation environment shown in FIG. 1. The method can include the following implementation steps:
步骤A1:接收来自物联网设备的令牌更新请求,该令牌更新请求携带第一刷新令牌。Step A1: Receive a token update request from the Internet of Things device, where the token update request carries the first refresh token.
该步骤A1的具体实现可以参见上述图2中步骤201的具体实现。For the specific implementation of step A1, refer to the specific implementation of step 201 in FIG. 2 above.
步骤A2:基于该第一刷新令牌,为该物联网设备分配第一访问令牌。Step A2: Based on the first refresh token, a first access token is allocated to the Internet of Things device.
该步骤A2的具体实现可以参见上述图2中步骤202的具体实现。For the specific implementation of step A2, refer to the specific implementation of step 202 in FIG. 2 described above.
步骤A3:向该物联网设备发送令牌更新响应,该令牌更新响应携带该第一访问令牌。Step A3: Send a token update response to the Internet of Things device, where the token update response carries the first access token.
也即是,云平台分配第一访问令牌后,可以通过令牌更新响应,将该第一访问令牌发送给物联网设备,物联网设备对该第一访问令牌进行存储。That is, after the cloud platform allocates the first access token, it can send the first access token to the Internet of Things device through a token update response, and the Internet of Things device stores the first access token.
进一步地,当云平台在分配第一访问令牌时,为该第一访问令牌设置有效限,则该令牌更新响应中还可以携带该第一访问令牌的有效期限。Further, when the cloud platform allocates the first access token and sets the validity limit for the first access token, the token update response may also carry the validity period of the first access token.
进一步地,当云平台在分配第一访问令牌时,还分配了第二刷新令牌,则该令牌更新响应中还可以携带该第二刷新令牌。Further, when the cloud platform allocates the first access token, it also allocates a second refresh token, the token update response may also carry the second refresh token.
进一步地,当云平台在分配第一访问令牌时,为该第一访问令牌设置有效期限,并分配第二刷新令牌,该令牌更新响应中还可以携带该第一访问令牌的有效期限和该第二刷新令牌。Further, when the cloud platform allocates the first access token, it sets the validity period for the first access token and allocates the second refresh token. The token update response may also carry the value of the first access token. The expiration date and the second refresh token.
步骤A4:若接收到该物联网设备发送的接收成功消息,将该第一访问令牌更新至该目标存储资源中,该接收成功消息用于指示成功接收该令牌更新响应。Step A4: If a reception success message sent by the Internet of Things device is received, the first access token is updated to the target storage resource, and the reception success message is used to indicate that the token update response is successfully received.
如果接收到物联网设备发送的接收成功消息,说明已经成功将该第一访问令牌发送给物联网设备,在该种情况下,可以认为后续物联网设备会使用该第一访问令牌向云平台发起请求,所以,可以将该第一访问令牌更新至目标存储资源中,从而保证后续能够对该物联网设备发起的请求进行准确地响应。If the reception success message sent by the IoT device is received, it means that the first access token has been successfully sent to the IoT device. In this case, it can be considered that subsequent IoT devices will use the first access token to send the cloud to the cloud. The platform initiates the request, so the first access token can be updated to the target storage resource, so as to ensure that subsequent requests initiated by the IoT device can be accurately responded to.
进一步地,当云平台在分配第一访问令牌时,为该第一访问令牌设置有效期限,则将该第一访问令牌和该第一访问令牌的有效期限更新至该目标存储资源中。Further, when the cloud platform allocates the first access token, the validity period is set for the first access token, and then the first access token and the validity period of the first access token are updated to the target storage resource middle.
进一步地,当云平台在分配第一访问令牌时,还分配了第二刷新令牌,则将该第一访问令牌和该第二刷新令牌更新至该目标存储资源中。Further, when the cloud platform allocates the first access token and also allocates the second refresh token, the first access token and the second refresh token are updated to the target storage resource.
进一步地,当云平台在分配第一访问令牌时,为该第一访问令牌设置有效期限,并分配第二刷新令牌,则将该第一访问令牌、该第一访问令牌的有效期限、以及该第二刷新令牌更新至该目标存储资源中。Further, when the cloud platform is allocating the first access token, the validity period is set for the first access token, and the second refresh token is allocated, then the first access token and the first access token The validity period and the second refresh token are updated to the target storage resource.
在本申请实施例中,接收来自物联网设备的令牌更新请求,该令牌更新请求用于请求重新分配访问令牌。根据该令牌更新请求中携带的第一刷新令牌,为该物联网设备分配第一访 问令牌,并将该第一访问令牌更新至目标存储资源中。其中,该目标存储资源为用于管理物联网设备在云平台上的状态的资源,所以,后续物联网设备在使用该第一访问令牌向云平台发起请求时,云平台可以基于目标存储资源中的数据和该第一访问令牌,确定如何响应物联网设备的请求,从而实现物联网设备与云平台之间的交互。In the embodiment of the present application, a token update request from the Internet of Things device is received, and the token update request is used to request reallocation of the access token. According to the first refresh token carried in the token update request, the first access token is allocated to the Internet of Things device, and the first access token is updated to the target storage resource. Wherein, the target storage resource is a resource used to manage the state of the IoT device on the cloud platform. Therefore, when subsequent IoT devices use the first access token to initiate a request to the cloud platform, the cloud platform can be based on the target storage resource The data in and the first access token determine how to respond to the request of the Internet of Things device, so as to realize the interaction between the Internet of Things device and the cloud platform.
另外,在确定将该第一访问令牌成功发送给物联网设备的情况下,在目标存储资源中对该第一访问令牌进行更新存储,从而可以保证后续能够对该物联网设备发起的请求进行准确地响应。In addition, when it is determined that the first access token is successfully sent to the IoT device, the first access token is updated and stored in the target storage resource, so as to ensure that subsequent requests to the IoT device can be initiated Respond accurately.
请参考图4,图4是根据另一示例性实施例提供的一种请求处理方法的流程图,该方法可以应用于图1所示的实施环境中,该方法可以包括如下几个实现步骤:Please refer to FIG. 4, which is a flowchart of a request processing method according to another exemplary embodiment. The method can be applied to the implementation environment shown in FIG. 1. The method may include the following implementation steps:
步骤B1:接收来自物联网设备的令牌更新请求,该令牌更新请求携带第一刷新令牌。Step B1: Receive a token update request from the Internet of Things device, where the token update request carries the first refresh token.
该步骤B1的具体实现可以参见上述图2中步骤201的具体实现。For the specific implementation of step B1, refer to the specific implementation of step 201 in FIG. 2 above.
步骤B2:基于该第一刷新令牌,为该物联网设备分配第一访问令牌。Step B2: Based on the first refresh token, a first access token is allocated to the Internet of Things device.
该步骤B2的具体实现可以参见上述图2中步骤202的具体实现。For the specific implementation of step B2, refer to the specific implementation of step 202 in FIG. 2 above.
步骤B3:向该物联网设备发送令牌更新响应,该令牌更新响应携带该第一访问令牌。Step B3: Send a token update response to the Internet of Things device, where the token update response carries the first access token.
也即是,云平台分配第一访问令牌后,可以通过令牌更新响应,将该第一访问令牌发送给物联网设备,物联网设备对该第一访问令牌进行存储。That is, after the cloud platform allocates the first access token, it can send the first access token to the Internet of Things device through a token update response, and the Internet of Things device stores the first access token.
进一步地,当云平台在分配第一访问令牌时,为该第一访问令牌设置有效期限,则该令牌更新响应中还可以携带该第一访问令牌的有效期限。Further, when the cloud platform allocates the first access token and sets the expiration date for the first access token, the token update response may also carry the expiration date of the first access token.
进一步地,当云平台在分配第一访问令牌时,还分配了第二刷新令牌,则该令牌更新响应中还可以携带该第二刷新令牌。Further, when the cloud platform allocates the first access token, it also allocates a second refresh token, the token update response may also carry the second refresh token.
进一步地,当云平台在分配第一访问令牌时,为该第一访问令牌设置有效期限,并分配第二刷新令牌,该令牌更新响应中还可以携带该第一访问令牌的有效期限和该第二刷新令牌。Further, when the cloud platform allocates the first access token, it sets the validity period for the first access token and allocates the second refresh token. The token update response may also carry the value of the first access token. The expiration date and the second refresh token.
步骤B4:若接收到物联网设备发送的重注册请求,将该重注册请求中携带的第一访问令牌更新至目标存储资源中。Step B4: If a re-registration request sent by the Internet of Things device is received, the first access token carried in the re-registration request is updated to the target storage resource.
如果接收到物联网设备发送的重注册请求,说明物联网设备需要重新注册到该云平台上,此时,可以从该重注册请求中获取所携带的第一访问令牌,在该种情况下,可以认为后续物联网设备会使用该第一访问令牌向云平台发起请求,所以,可以将该第一访问令牌更新至目标存储资源中,从而保证后续能够对该物联网设备发起的请求进行准确地响应。If a re-registration request sent by an IoT device is received, it means that the IoT device needs to be re-registered on the cloud platform. At this time, the first access token carried can be obtained from the re-registration request. In this case It can be considered that subsequent IoT devices will use the first access token to initiate requests to the cloud platform. Therefore, the first access token can be updated to the target storage resource to ensure that subsequent requests to the IoT device can be initiated Respond accurately.
进一步地,当云平台在分配第一访问令牌时,为该第一访问令牌设置有效期限,该重注册请求中还可以携带该第一访问令牌的有效期限,此时,可以将该第一访问令牌和该第一访问令牌的有效期限更新至该目标存储资源中。Further, when the cloud platform is allocating the first access token, it sets an expiration date for the first access token, and the re-registration request may also carry the expiration date of the first access token. At this time, the The first access token and the validity period of the first access token are updated to the target storage resource.
进一步地,当云平台在分配第一访问令牌时,还分配了第二刷新令牌,该重注册请求中还可以携带该第二刷新令牌,此时,则将该第一访问令牌和该第二刷新令牌更新至该目标存储资源中。Further, when the cloud platform allocates the first access token, it also allocates a second refresh token. The re-registration request may also carry the second refresh token. At this time, the first access token And the second refresh token is updated to the target storage resource.
进一步地,当云平台在分配第一访问令牌时,为该第一访问令牌设置有效期限,并分配第二刷新令牌,该重注册请求中还可以携带该第一访问令牌的有效期限和该第二刷新令牌,此时,则将该第一访问令牌、该第一访问令牌的有效期限、以及该第二刷新令牌更新至该目标存储资源中。Further, when the cloud platform allocates the first access token, it sets the validity period for the first access token and allocates the second refresh token. The re-registration request may also carry the validity of the first access token. The expiration date and the second refresh token. At this time, the first access token, the validity period of the first access token, and the second refresh token are updated to the target storage resource.
在本申请实施例中,接收来自物联网设备的令牌更新请求,该令牌更新请求用于请求重新分配访问令牌。根据该令牌更新请求中携带的第一刷新令牌,为该物联网设备分配第一访问令牌,并将该第一访问令牌更新至目标存储资源中。其中,该目标存储资源为用于管理物联网设备在云平台上的状态的资源,所以,后续物联网设备在使用该第一访问令牌向云平台发起请求时,云平台可以基于目标存储资源中的数据和该第一访问令牌,确定如何响应物联网设备的请求,从而实现物联网设备与云平台之间的交互。In the embodiment of the present application, a token update request from the Internet of Things device is received, and the token update request is used to request reallocation of the access token. According to the first refresh token carried in the token update request, the first access token is allocated to the Internet of Things device, and the first access token is updated to the target storage resource. Wherein, the target storage resource is a resource used to manage the state of the IoT device on the cloud platform. Therefore, when subsequent IoT devices use the first access token to initiate a request to the cloud platform, the cloud platform can be based on the target storage resource The data in and the first access token determine how to respond to the request of the Internet of Things device, so as to realize the interaction between the Internet of Things device and the cloud platform.
另外,在接收到物联网设备发送的重注册请求时,将该重注册请求中携带的第一访问令 牌更新至目标存储资源中,从而可以保证后续能够对该物联网设备发起的请求进行准确地响应。In addition, when a re-registration request sent by an IoT device is received, the first access token carried in the re-registration request is updated to the target storage resource, so as to ensure that subsequent requests initiated by the IoT device can be accurately performed地responsive.
如前文所述,物联网设备在云平台上的状态可以包括但不限于注册、注销、上线和下线,根据该状态不同,目标存储资源包括的资源种类不同,譬如,该目标存储资源包括第一存储资源和/或第二存储资源,其中,该第一存储资源用于管理该物联网设备在该云平台上的注册状态,该第二存储资源用于管理该物联网设备在该云平台上的上线状态、下线状态。接下来将分别通过如下几个实施例分别进行说明。As mentioned above, the status of the IoT device on the cloud platform can include but is not limited to registration, deregistration, online and offline. Depending on the status, the target storage resource includes different types of resources. For example, the target storage resource includes the first A storage resource and/or a second storage resource, where the first storage resource is used to manage the registration status of the Internet of Things device on the cloud platform, and the second storage resource is used to manage the Internet of Things device on the cloud platform On-line status and off-line status. The following will be described separately through the following embodiments.
请参考图5所示,该图5是根据另一示例性实施例示出的一种请求处理方法的流程图,该方法可以应用于上述图1所示的实施环境中,这里以该物联网设备在云平台上的状态包括注册状态为例进行说明,该方法可以包括如下实现步骤:Please refer to FIG. 5, which is a flowchart of a request processing method according to another exemplary embodiment. The method can be applied to the implementation environment shown in FIG. The status on the cloud platform includes the registration status as an example. The method may include the following implementation steps:
步骤C1:接收来自物联网设备的令牌更新请求,该令牌更新请求携带第一刷新令牌。Step C1: Receive a token update request from the Internet of Things device, where the token update request carries the first refresh token.
该步骤C1的具体实现可以参见上述图2中步骤201的具体实现。For the specific implementation of step C1, refer to the specific implementation of step 201 in FIG. 2 above.
步骤C2:基于该第一刷新令牌,为该物联网设备分配第一访问令牌。Step C2: Based on the first refresh token, a first access token is allocated to the Internet of Things device.
该步骤C2的具体实现可以参见上述图2中步骤202的具体实现。For the specific implementation of step C2, refer to the specific implementation of step 202 in FIG. 2 above.
步骤C3:将该第一访问令牌更新至第一存储资源中,其中,该第一存储资源为用于管理物联网设备在云平台上的注册状态的资源。Step C3: Update the first access token to the first storage resource, where the first storage resource is a resource used to manage the registration status of the Internet of Things device on the cloud platform.
该第一存储资源是不可读取的,即其他设备无法读取该第一存储资源的内容,主要用来管理物联网设备的注册,示例性的,该第一存储资源为/account资源。在该第一存储资源中会维护账号信息、第一访问令牌和第一刷新令牌的对应关系。The first storage resource is unreadable, that is, other devices cannot read the content of the first storage resource, and it is mainly used to manage the registration of IoT devices. Illustratively, the first storage resource is the /account resource. The corresponding relationship between the account information, the first access token, and the first refresh token is maintained in the first storage resource.
进一步地,当云平台在分配第一访问令牌时,为该第一访问令牌设置有效期限,则将该第一访问令牌和该第一访问令牌的有效期限更新至该第一存储资源中。Further, when the cloud platform is allocating the first access token, the expiration date is set for the first access token, and the expiration date of the first access token and the first access token are updated to the first storage Resources.
进一步地,当云平台在分配第一访问令牌时,还分配了第二刷新令牌,则将该第一访问令牌和该第二刷新令牌更新至该第一存储资源中。Further, when the cloud platform allocates the first access token and also allocates a second refresh token, the first access token and the second refresh token are updated to the first storage resource.
进一步地,当云平台在分配第一访问令牌时,为该第一访问令牌设置有效期限,并分配第二刷新令牌,则将该第一访问令牌、该第一访问令牌的有效期限、以及该第二刷新令牌更新至该第一存储资源中。Further, when the cloud platform is allocating the first access token, the validity period is set for the first access token, and the second refresh token is allocated, then the first access token and the first access token The expiration date and the second refresh token are updated to the first storage resource.
步骤C4:接收该物联网设备的注销请求,该注销请求携带该第一访问令牌和账号信息。Step C4: Receive a logout request of the Internet of Things device, where the logout request carries the first access token and account information.
也即是,当物联网设备在向云平台发起注销请求时,在该注销请求中携带该第一访问令牌,即携带更新后的访问令牌,而不是原来的第二访问令牌。That is, when the IoT device initiates a logout request to the cloud platform, the logout request carries the first access token, that is, carries the updated access token instead of the original second access token.
作为一种示例,该账号信息可以包括该物联网设备的设备标识,和/或,该账号信息可以包括登录该物联网设备的用户标识。As an example, the account information may include the device identification of the Internet of Things device, and/or the account information may include the user identification of the user logging in the Internet of Things device.
进一步地,该注销请求中还可以携带第一刷新令牌,或者,若在分配第一访问令牌时,分配了第二刷新令牌,则该注销请求中携带第二刷新令牌。Further, the logout request may also carry the first refresh token, or, if the second refresh token is allocated when the first access token is allocated, the logout request carries the second refresh token.
步骤C5:基于该账号信息,从该第一存储资源中确定对应的访问令牌。Step C5: Based on the account information, determine the corresponding access token from the first storage resource.
由于该第一存储资源用于对该物联网设备进行注册管理,即该第一存储资源中存储有该账号信息对应的访问令牌,所以,云平台基于该账号信息,从该第一存储资源中确定对应的访问令牌。Since the first storage resource is used for registration and management of the Internet of Things device, that is, the access token corresponding to the account information is stored in the first storage resource. Therefore, the cloud platform obtains information from the first storage resource based on the account information. Determine the corresponding access token in.
步骤C6:若从该第一存储资源中确定的访问令牌与该第一访问令牌匹配,对该物联网设备进行注销。Step C6: If the access token determined from the first storage resource matches the first access token, log out the Internet of Things device.
作为一种示例,从该第一存储资源中确定的访问令牌与该第一访问令牌匹配包括:从该第一存储资源中确定的访问令牌与该第一访问令牌相同。As an example, matching the access token determined from the first storage resource with the first access token includes: the access token determined from the first storage resource is the same as the first access token.
如果从该第一存储资源中确定的访问令牌与该第一访问令牌匹配,可以确定对该第一访问令牌鉴权通过,在该种情况下,可以对该物联网设备进行注销。作为一种示例,对该物联网设备进行注销的实现可以为,从该第一存储资源中删除与该物联网设备相关的所有信息,譬如,若该第一存储资源中存储有第一访问令牌、账号信息、第二刷新令牌和第一访问令牌 的有效期限,则删除第一访问令牌、账号信息、第二刷新令牌和第一访问令牌的有效期限。If the access token determined from the first storage resource matches the first access token, it can be determined that the authentication of the first access token is passed, and in this case, the IoT device can be deregistered. As an example, the implementation of deregistering the Internet of Things device may be to delete all information related to the Internet of Things device from the first storage resource, for example, if the first storage resource stores a first access command If the validity period of the first access token, account information, the second refresh token, and the first access token are deleted, the validity period of the first access token, account information, the second refresh token, and the first access token are deleted.
在本申请实施例中,接收来自物联网设备的令牌更新请求,该令牌更新请求用于请求重新分配访问令牌。根据该令牌更新请求中携带的第一刷新令牌,为该物联网设备分配第一访问令牌,并将该第一访问令牌更新至目标存储资源中。其中,该目标存储资源为用于管理物联网设备在云平台上的状态的资源,所以,后续物联网设备在使用该第一访问令牌向云平台发起请求时,云平台可以基于目标存储资源中的数据和该第一访问令牌,确定如何响应物联网设备的请求,从而实现物联网设备与云平台之间的交互。In the embodiment of the present application, a token update request from the Internet of Things device is received, and the token update request is used to request reallocation of the access token. According to the first refresh token carried in the token update request, the first access token is allocated to the Internet of Things device, and the first access token is updated to the target storage resource. Wherein, the target storage resource is a resource used to manage the state of the IoT device on the cloud platform. Therefore, when subsequent IoT devices use the first access token to initiate a request to the cloud platform, the cloud platform can be based on the target storage resource The data in and the first access token determine how to respond to the request of the Internet of Things device, so as to realize the interaction between the Internet of Things device and the cloud platform.
请参考图6所示,该图6是根据另一示例性实施例示出的一种请求处理方法的流程图,该方法可以应用于上述图1所示的实施环境中,这里以该物联网设备在云平台上的状态包括上线状态/下线状态为例进行说明,该方法可以包括如下实现步骤:Please refer to FIG. 6, which is a flowchart of a request processing method according to another exemplary embodiment. The method can be applied to the implementation environment shown in FIG. The state on the cloud platform includes the online state/offline state as an example. The method may include the following implementation steps:
步骤D1:接收来自物联网设备的令牌更新请求,该令牌更新请求携带第一刷新令牌。Step D1: Receive a token update request from the Internet of Things device, where the token update request carries the first refresh token.
该步骤D1的具体实现可以参见上述图2中步骤201的具体实现。For the specific implementation of step D1, refer to the specific implementation of step 201 in FIG. 2 above.
步骤D2:基于该第一刷新令牌,为该物联网设备分配第一访问令牌。Step D2: Based on the first refresh token, a first access token is allocated to the Internet of Things device.
该步骤D2的具体实现可以参见上述图2中步骤202的具体实现。For the specific implementation of step D2, refer to the specific implementation of step 202 in FIG. 2 above.
步骤D3:将该第一访问令牌更新至第二存储资源中,其中,该第二存储资源为用于管理物联网设备在云平台上的上线状态/下线状态的资源。Step D3: Update the first access token to the second storage resource, where the second storage resource is a resource used to manage the online/offline status of the IoT device on the cloud platform.
该第二存储资源是不可读取的,即其他设备无法读取该第二存储资源的内容,主要用来管理物联网设备的上线和/或下线,示例性的,该第二存储资源为/session资源。在该第二存储资源中会维护账号信息、第一访问令牌、第一刷新令牌以及登录状态的对应关系。示例性的,当物联网设备处于在线状态,该登录状态可以设置为true,当物联网设备处于离线状态,该登录状态可以设置为false。The second storage resource is unreadable, that is, other devices cannot read the content of the second storage resource, and it is mainly used to manage the online and/or offline of IoT devices. Exemplarily, the second storage resource is /session resources. The corresponding relationship between account information, first access token, first refresh token, and login status is maintained in the second storage resource. Exemplarily, when the Internet of Things device is in an online state, the login state may be set to true, and when the Internet of Things device is in an offline state, the login state may be set to false.
进一步地,当云平台在分配第一访问令牌时,为该第一访问令牌设置有效期限,则将该第一访问令牌和该第一访问令牌的有效期限更新至该第二存储资源中。Further, when the cloud platform is allocating the first access token, the expiration date is set for the first access token, and then the expiration date of the first access token and the first access token are updated to the second storage Resources.
进一步地,当云平台在分配第一访问令牌时,还分配了第二刷新令牌,则将该第一访问令牌和该第二刷新令牌更新至该第二存储资源中。Further, when the cloud platform allocates the first access token and also allocates a second refresh token, the first access token and the second refresh token are updated to the second storage resource.
进一步地,当云平台在分配第一访问令牌时,为该第一访问令牌设置有效期限,并分配第二刷新令牌,则将该第一访问令牌、该第一访问令牌的有效期限、以及该第二刷新令牌更新至该第二存储资源中。Further, when the cloud platform is allocating the first access token, the validity period is set for the first access token, and the second refresh token is allocated, then the first access token and the first access token The expiration date and the second refresh token are updated to the second storage resource.
作为一种示例,接收该物联网设备的上线请求,该上线请求携带该第一访问令牌和账号信息。基于该账号信息,从该第二存储资源中确定对应的访问令牌,若从该第二存储资源中确定的访问令牌与该第一访问令牌匹配,控制该物联网设备上线。As an example, an online request of the Internet of Things device is received, where the online request carries the first access token and account information. Based on the account information, the corresponding access token is determined from the second storage resource, and if the access token determined from the second storage resource matches the first access token, control the Internet of Things device to go online.
也即是,当物联网设备在向云平台发起上线请求时,在该上线请求中携带该第一访问令牌,即携带更新后的访问令牌,而不是原来的第二访问令牌。That is, when the IoT device initiates an online request to the cloud platform, the online request carries the first access token, that is, carries the updated access token instead of the original second access token.
作为一种示例,该账号信息可以包括该物联网设备的设备标识,和/或,该账号信息可以包括登录该物联网设备的用户标识。As an example, the account information may include the device identification of the Internet of Things device, and/or the account information may include the user identification of the user logging in the Internet of Things device.
进一步地,该上线请求中还可以携带第一刷新令牌,或者,若在分配第一访问令牌时,分配了第二刷新令牌,则该上线请求中携带第二刷新令牌。Further, the online request may also carry the first refresh token, or, if the second refresh token is allocated when the first access token is allocated, the online request carries the second refresh token.
由于该第二存储资源用于对该物联网设备进行上线、下线管理,所以,云平台基于该账号信息,从该第二存储资源中确定对应的访问令牌。如果从该第二存储资源中确定的访问令牌与该第一访问令牌匹配,可以确定对该第一访问令牌鉴权通过,在该种情况下,可以控制该物联网设备上线。作为一种示例,控制物联网设备上线的实现可以为:设置该物联网设备的登录状态为ture。Since the second storage resource is used for online and offline management of the Internet of Things device, the cloud platform determines the corresponding access token from the second storage resource based on the account information. If the access token determined from the second storage resource matches the first access token, it can be determined that the authentication of the first access token is passed. In this case, the Internet of Things device can be controlled to go online. As an example, the implementation of controlling the Internet of Things device to go online may be: setting the login status of the Internet of Things device to true.
作为另一种示例,接收该物联网设备的下线请求,该下线请求携带该第一访问令牌和账号信息,基于该账号信息,从该第二存储资源中确定对应的访问令牌。若从该第二存储资源中确定的访问令牌与该第一访问令牌匹配,控制该物联网设备下线。As another example, the offline request of the Internet of Things device is received, the offline request carries the first access token and account information, and the corresponding access token is determined from the second storage resource based on the account information. If the access token determined from the second storage resource matches the first access token, control the IoT device to go offline.
也即是,当物联网设备在向云平台发起下线请求时,在该下线请求中携带该第一访问令牌,即携带更新后的访问令牌,而不是原来的第二访问令牌。That is, when the IoT device initiates a offline request to the cloud platform, the first access token is carried in the offline request, that is, the updated access token is carried instead of the original second access token .
作为一种示例,该账号信息可以包括该物联网设备的设备标识,和/或,该账号信息可以包括登录该物联网设备的用户标识。As an example, the account information may include the device identification of the Internet of Things device, and/or the account information may include the user identification of the user logging in the Internet of Things device.
进一步地,该下线请求中还可以携带第一刷新令牌,或者,若在分配第一访问令牌时,分配了第二刷新令牌,则该下线请求中携带第二刷新令牌。Further, the offline request may also carry the first refresh token, or, if the second refresh token is allocated when the first access token is allocated, the offline request carries the second refresh token.
由于该第二存储资源用于对该物联网设备进行上线、下线管理,所以,云平台基于该账号信息,从该该第二存储资源中确定对应的访问令牌。如果从该第二存储资源中确定的访问令牌与该第一访问令牌匹配,可以确定对该第一访问令牌鉴权通过,在该种情况下,可以控制该物联网设备下线。作为一种示例,控制物联网设备下线的实现可以为:设置该物联网设备的登录状态为false。Since the second storage resource is used for online and offline management of the Internet of Things device, the cloud platform determines the corresponding access token from the second storage resource based on the account information. If the access token determined from the second storage resource matches the first access token, it can be determined that the authentication of the first access token is passed, and in this case, the IoT device can be controlled to go offline. As an example, the implementation of controlling the offline of the Internet of Things device may be: setting the login status of the Internet of Things device to false.
在本申请实施例中,接收来自物联网设备的令牌更新请求,该令牌更新请求用于请求重新分配访问令牌。根据该令牌更新请求中携带的第一刷新令牌,为该物联网设备分配第一访问令牌,并将该第一访问令牌更新至目标存储资源中。其中,该目标存储资源为用于管理物联网设备在云平台上的状态的资源,所以,后续物联网设备在使用该第一访问令牌向云平台发起请求时,云平台可以基于目标存储资源中的数据和该第一访问令牌,确定如何响应物联网设备的请求,从而实现物联网设备与云平台之间的交互。In the embodiment of the present application, a token update request from the Internet of Things device is received, and the token update request is used to request reallocation of the access token. According to the first refresh token carried in the token update request, the first access token is allocated to the Internet of Things device, and the first access token is updated to the target storage resource. Wherein, the target storage resource is a resource used to manage the state of the IoT device on the cloud platform. Therefore, when subsequent IoT devices use the first access token to initiate a request to the cloud platform, the cloud platform can be based on the target storage resource The data in and the first access token determine how to respond to the request of the Internet of Things device, so as to realize the interaction between the Internet of Things device and the cloud platform.
需要说明的是,上述各个实施例中的部分或者全部内容可以互为共用。It should be noted that part or all of the content in the foregoing embodiments may be shared with each other.
请参考图7,该图7是根据一示例性实施例示出的一种请求处理方法的流程图,该方法可以应用于上述图1所示的实施环境中,该方法可以包括如下实现步骤:Please refer to FIG. 7, which is a flowchart of a request processing method according to an exemplary embodiment. The method may be applied to the implementation environment shown in FIG. 1, and the method may include the following implementation steps:
步骤701:接收来自物联网设备的目标请求,该目标请求携带访问令牌和账号信息。Step 701: Receive a target request from an Internet of Things device, where the target request carries an access token and account information.
作为一种示例,该目标请求可以为注销请求,或者,该目标请求可以为上线请求,再或者,该目标请求可以为下线请求。As an example, the target request may be a logout request, or the target request may be an online request, or alternatively, the target request may be a offline request.
其中,该访问令牌可以是由云平台在物联网设备注册的过程中分配的。Wherein, the access token may be allocated by the cloud platform during the registration process of the Internet of Things device.
其中,该账号信息可以包括物联网设备的设备标识,和/或,该账号信息可以包括登录该物联网设备的用户标识。其中,该设备标识可以用于唯一标识一个物联网设备,譬如,设备标识可以为Device ID,该用户标识可以用于唯一标识一个用户,譬如,用户标识可以为User ID。Wherein, the account information may include the device identification of the Internet of Things device, and/or the account information may include the user identification of the user logging in the Internet of Things device. The device identifier can be used to uniquely identify an IoT device. For example, the device identifier can be Device ID, and the user ID can be used to uniquely identify a user. For example, the user ID can be User ID.
进一步地,该目标请求还可以携带刷新令牌,该刷新令牌是云平台在分配上述访问令牌的过程中分配的。Further, the target request may also carry a refresh token, which is allocated by the cloud platform in the process of allocating the above-mentioned access token.
步骤702:根据该账号信息,从目标存储资源中确定对应的访问令牌,该目标存储资源为用于管理物联网设备在云平台上的状态的资源。Step 702: According to the account information, determine the corresponding access token from the target storage resource, the target storage resource is a resource used to manage the state of the Internet of Things device on the cloud platform.
作为一种示例,该目标存储资源可以包括第一存储资源和/或第二存储资源,该第一存储资源可以用于注册管理,该第二存储资源可以用于上线/下线管理。As an example, the target storage resource may include a first storage resource and/or a second storage resource, the first storage resource may be used for registration management, and the second storage resource may be used for online/offline management.
示例性的,该第一存储资源为/account资源。该第一存储资源中存储有访问令牌和账号信息之间的对应关系,或者,该第一存储资源中存储有访问令牌、账号信息和刷新令牌之间的对应关系,再或者,该第一存储资源中存储有访问令牌、账号信息、刷新令牌和访问令牌的有效期限之间的对应关系。Exemplarily, the first storage resource is a /account resource. The corresponding relationship between the access token and account information is stored in the first storage resource, or the corresponding relationship between the access token, account information, and the refresh token is stored in the first storage resource, or, the The first storage resource stores the corresponding relationship between the access token, account information, refresh token and the validity period of the access token.
示例性的,该第二存储资源为/session资源。该第一存储资源中存储有访问令牌、账号信息和登录状态之间的对应关系,或者,该第一存储资源中存储有访问令牌、账号信息、刷新令牌和登录状态之间的对应关系,再或者,该第一存储资源中存储有访问令牌、账号信息、刷新令牌、访问令牌的有效期限、以及登录状态之间的对应关系。Exemplarily, the second storage resource is a /session resource. The first storage resource stores the correspondence between the access token, account information, and the login status, or the first storage resource stores the correspondence between the access token, account information, refresh token, and the login status The relationship, or alternatively, the corresponding relationship between the access token, the account information, the refresh token, the validity period of the access token, and the login status is stored in the first storage resource.
譬如,若该目标请求为注销请求,则云平台从第一存储资源中确定该账号信息对应的访问令牌。For example, if the target request is a logout request, the cloud platform determines the access token corresponding to the account information from the first storage resource.
再如,若该目标请求为上线请求,或者,该目标请求为下线请求,则云平台从第二存储 资源中确定该账号信息对应的访问令牌。For another example, if the target request is an online request, or the target request is an offline request, the cloud platform determines the access token corresponding to the account information from the second storage resource.
进一步地,若该目标请求中还携带刷新令牌,则根据该目标请求中携带的访问令牌和刷新令牌,从该目标存储资源中确定对应的访问令牌。Further, if the target request also carries a refresh token, the corresponding access token is determined from the target storage resource according to the access token and the refresh token carried in the target request.
步骤703:若从该目标存储资源中确定的访问令牌与该目标请求携带的访问令牌匹配,则执行该目标请求所请求的操作。Step 703: If the access token determined from the target storage resource matches the access token carried in the target request, perform the operation requested by the target request.
若从该目标存储资源中确定的访问令牌与该目标请求携带的访问令牌匹配,可以确定对该目标请求携带的访问令牌鉴权通过,此时,可以执行该目标请求所请求的操作。譬如,若该目标请求为注销请求,则对该物联网设备进行注销;再如,若该目标请求为上线请求,则控制该物联网设备上线;又如,若该目标请求为下线请求,则控制该物联网设备下线。If the access token determined from the target storage resource matches the access token carried in the target request, it can be determined that the access token carried in the target request is authenticated. At this time, the operation requested by the target request can be performed . For example, if the target request is a logout request, then the IoT device is logged out; another example, if the target request is an online request, then the IoT device is controlled to go online; another example, if the target request is a offline request, Then control the IoT device to go offline.
进一步地,若从该目标存储资源中确定的访问令牌与该目标请求携带的访问令牌不匹配,则基于该账号信息,从令牌刷新资源中获取对应的访问令牌;若从该令牌刷新资源中获取的访问令牌与该目标请求携带的访问令牌匹配,则执行该目标请求所请求的操作。Further, if the access token determined from the target storage resource does not match the access token carried in the target request, then the corresponding access token is obtained from the token refresh resource based on the account information; If the access token obtained in the card refresh resource matches the access token carried in the target request, the operation requested by the target request is executed.
其中,该令牌刷新资源用于更新物联网设备访问云平台所使用的访问令牌,譬如,该令牌刷新资源为/tokenrefresh资源。示例性的,/tokenrefresh资源中存储有Device ID、User ID、refresh token和access token的对应关系。The token refresh resource is used to update the access token used by the IoT device to access the cloud platform. For example, the token refresh resource is the /tokenrefresh resource. Exemplarily, the corresponding relationship between Device ID, User ID, refresh token, and access token is stored in the /tokenrefresh resource.
若从该目标存储资源中确定的访问令牌与该目标请求携带的访问令牌不匹配,可能是因为该目标请求中携带的访问令牌被更新过,但被更新后的访问令牌未存储在该目标存储资源中,此时,不是直接确定鉴权失败,而是可以从令牌刷新资源中获取对应的访问令牌,并判断从令牌刷新资源中获取的访问令牌与该目标请求携带的访问令牌是否匹配,如果匹配,确定鉴权通过,执行该目标请求所请求的操作。当然,若不匹配,确定鉴权未通过,此时可以返回请求失败消息。If the access token determined from the target storage resource does not match the access token carried in the target request, it may be because the access token carried in the target request has been updated, but the updated access token is not stored In the target storage resource, at this time, instead of directly determining that the authentication fails, you can obtain the corresponding access token from the token refresh resource, and determine the access token obtained from the token refresh resource and the target request Whether the carried access token matches, if it matches, it is determined that the authentication is passed, and the operation requested by the target request is executed. Of course, if there is no match, it is determined that the authentication has not passed, and a request failure message can be returned at this time.
在本申请实施例中,接收来自物联网设备的目标请求,该目标请求中携带访问令牌和账号信息。根据该账号信息,从目标存储资源中确定对应的访问令牌,如果所确定的访问令牌与目标请求携带的访问令牌匹配,说明鉴权通过,所以可以执行该目标请求所请求的操作,从而实现云平台与物联网设备之间的交互。In this embodiment of the application, a target request from an Internet of Things device is received, and the target request carries the access token and account information. According to the account information, the corresponding access token is determined from the target storage resource. If the determined access token matches the access token carried in the target request, the authentication is passed, so the operation requested by the target request can be performed. So as to realize the interaction between the cloud platform and the Internet of Things devices.
请参考图8,该图8是根据一示例性实施例提供的一种请求处理装置的结构示意图,该装置可以包括:Please refer to FIG. 8, which is a schematic structural diagram of a request processing apparatus according to an exemplary embodiment. The apparatus may include:
接收模块810,用于接收来自物联网设备的令牌更新请求,所述令牌更新请求携带第一刷新令牌;The receiving module 810 is configured to receive a token update request from an Internet of Things device, where the token update request carries the first refresh token;
分配模块820,用于基于所述第一刷新令牌,为所述物联网设备分配第一访问令牌;An allocation module 820, configured to allocate a first access token to the Internet of Things device based on the first refresh token;
更新模块830,用于将所述第一访问令牌更新至目标存储资源中,其中,所述目标存储资源为用于管理物联网设备在云平台上的状态的资源。The update module 830 is configured to update the first access token to a target storage resource, where the target storage resource is a resource used to manage the state of the Internet of Things device on the cloud platform.
在本申请一种可能的实现方式中,所述更新模块830用于:In a possible implementation manner of this application, the update module 830 is used to:
向所述物联网设备发送令牌更新响应,所述令牌更新响应携带所述第一访问令牌;Sending a token update response to the Internet of Things device, where the token update response carries the first access token;
若接收到所述物联网设备发送的接收成功消息,将所述第一访问令牌更新至所述目标存储资源中,所述接收成功消息用于指示成功接收所述令牌更新响应。If a reception success message sent by the Internet of Things device is received, the first access token is updated to the target storage resource, and the reception success message is used to indicate that the token update response is successfully received.
在本申请一种可能的实现方式中,所述更新模块830用于:In a possible implementation manner of this application, the update module 830 is used to:
向所述物联网设备发送令牌更新响应,所述令牌更新响应携带所述第一访问令牌;Sending a token update response to the Internet of Things device, where the token update response carries the first access token;
若接收到所述物联网设备发送的重注册请求,将所述重注册请求中携带的第一访问令牌更新至所述目标存储资源中。If a re-registration request sent by the Internet of Things device is received, the first access token carried in the re-registration request is updated to the target storage resource.
在本申请一种可能的实现方式中,所述令牌更新请求是在第二访问令牌的期限与有效期限之间的差值小于指定阈值的情况下发送的,所述第二访问令牌是所述物联网设备在所述有效期限到期之前使用的访问令牌。In a possible implementation manner of the present application, the token update request is sent when the difference between the expiration date and the expiration date of the second access token is less than a specified threshold, and the second access token It is an access token used by the Internet of Things device before the expiration date.
在本申请一种可能的实现方式中,所述物联网设备在云平台上的状态包括注册状态,所述目标存储资源包括第一存储资源;In a possible implementation manner of the present application, the state of the IoT device on the cloud platform includes a registration state, and the target storage resource includes a first storage resource;
所述更新模块830还用于:The update module 830 is also used for:
接收所述物联网设备的注销请求,所述注销请求携带所述第一访问令牌和账号信息;Receiving a logout request of the Internet of Things device, where the logout request carries the first access token and account information;
基于所述账号信息,从所述第一存储资源中确定对应的访问令牌;Determining a corresponding access token from the first storage resource based on the account information;
若从所述第一存储资源中确定的访问令牌与所述第一访问令牌匹配,对所述物联网设备进行注销。If the access token determined from the first storage resource matches the first access token, log off the Internet of Things device.
在本申请一种可能的实现方式中,所述物联网设备在云平台上的状态包括上线状态,所述目标存储资源包括第二存储资源;In a possible implementation manner of the present application, the state of the Internet of Things device on the cloud platform includes an online state, and the target storage resource includes a second storage resource;
所述更新模块830还用于:The update module 830 is also used for:
接收所述物联网设备的上线请求,所述上线请求携带所述第一访问令牌和账号信息;Receiving an online request of the Internet of Things device, where the online request carries the first access token and account information;
基于所述账号信息,从所述第二存储资源中确定对应的访问令牌;Determine a corresponding access token from the second storage resource based on the account information;
若从所述第二存储资源中确定的访问令牌与所述第一访问令牌匹配,控制所述物联网设备上线。If the access token determined from the second storage resource matches the first access token, control the Internet of Things device to go online.
在本申请一种可能的实现方式中,所述物联网设备在云平台上的状态包括下线状态,所述目标存储资源包括第二存储资源;In a possible implementation manner of the present application, the state of the Internet of Things device on the cloud platform includes an offline state, and the target storage resource includes a second storage resource;
所述更新模块830还用于:The update module 830 is also used for:
接收所述物联网设备的下线请求,所述下线请求携带所述第一访问令牌和账号信息;Receiving a offline request of the Internet of Things device, where the offline request carries the first access token and account information;
基于所述账号信息,从所述第二存储资源中确定对应的访问令牌;Determine a corresponding access token from the second storage resource based on the account information;
若从所述第二存储资源中确定的访问令牌与所述第一访问令牌匹配,控制所述物联网设备下线。If the access token determined from the second storage resource matches the first access token, control the Internet of Things device to go offline.
在本申请一种可能的实现方式中,所述更新模块830用于:In a possible implementation manner of this application, the update module 830 is used to:
确定所述第一访问令牌的有效期限;Determining the validity period of the first access token;
将所述第一访问令牌的有效期限更新至所述目标存储资源中。The validity period of the first access token is updated to the target storage resource.
在本申请一种可能的实现方式中,所述更新模块830用于:In a possible implementation manner of this application, the update module 830 is used to:
在分配所述第一访问令牌的过程中,分配第二刷新令牌;In the process of allocating the first access token, allocating a second refresh token;
将所述第二刷新令牌更新至所述目标存储资源中。The second refresh token is updated to the target storage resource.
在本申请一种可能的实现方式中,所述令牌更新请求还携带账号信息;In a possible implementation manner of this application, the token update request also carries account information;
所述账号信息包括所述物联网设备的设备标识;和/或,The account information includes the device identification of the Internet of Things device; and/or,
所述账号信息包括登录所述物联网设备的用户标识。The account information includes a user identification for logging in to the Internet of Things device.
在本申请实施例中,接收来自物联网设备的令牌更新请求,该令牌更新请求用于请求重新分配访问令牌。根据该令牌更新请求中携带的第一刷新令牌,为该物联网设备分配第一访问令牌,并将该第一访问令牌更新至目标存储资源中。其中,该目标存储资源为用于管理物联网设备在云平台上的状态的资源,所以,后续物联网设备在使用该第一访问令牌向云平台发起请求时,云平台可以基于目标存储资源中的数据和该第一访问令牌,确定如何响应物联网设备的请求,从而实现物联网设备与云平台之间的交互。In the embodiment of the present application, a token update request from the Internet of Things device is received, and the token update request is used to request reallocation of the access token. According to the first refresh token carried in the token update request, the first access token is allocated to the Internet of Things device, and the first access token is updated to the target storage resource. Wherein, the target storage resource is a resource used to manage the state of the IoT device on the cloud platform. Therefore, when subsequent IoT devices use the first access token to initiate a request to the cloud platform, the cloud platform can be based on the target storage resource The data in and the first access token determine how to respond to the request of the Internet of Things device, so as to realize the interaction between the Internet of Things device and the cloud platform.
请参考图9,该图9是根据一示例性实施例提供的一种请求处理装置的结构示意图,该装置可以包括:Please refer to FIG. 9, which is a schematic structural diagram of a request processing apparatus according to an exemplary embodiment. The apparatus may include:
接收模块910,用于接收来自物联网设备的目标请求,所述目标请求携带访问令牌和账号信息;The receiving module 910 is configured to receive a target request from an Internet of Things device, the target request carrying an access token and account information;
确定模块920,用于根据所述账号信息,从目标存储资源中确定对应的访问令牌,所述目标存储资源为用于管理物联网设备在云平台上的状态的资源;The determining module 920 is configured to determine a corresponding access token from a target storage resource according to the account information, where the target storage resource is a resource used to manage the state of the Internet of Things device on the cloud platform;
执行模块930,用于若从所述目标存储资源中确定的访问令牌与所述目标请求携带的访问令牌匹配,则执行所述目标请求所请求的操作。The execution module 930 is configured to perform the operation requested by the target request if the access token determined from the target storage resource matches the access token carried in the target request.
在本申请一种可能的实现方式中,所述执行模块930还用于:In a possible implementation manner of this application, the execution module 930 is further configured to:
若从所述目标存储资源中确定的访问令牌与所述目标请求携带的访问令牌不匹配,则基于所述账号信息,从令牌刷新资源中获取对应的访问令牌;If the access token determined from the target storage resource does not match the access token carried in the target request, based on the account information, obtain the corresponding access token from the token refresh resource;
若从所述令牌刷新资源中获取的访问令牌与所述目标请求携带的访问令牌匹配,则执行所述目标请求所请求的操作。If the access token obtained from the token refresh resource matches the access token carried in the target request, the operation requested by the target request is performed.
在本申请实施例中,接收来自物联网设备的目标请求,该目标请求中携带访问令牌和账号信息。根据该账号信息,从目标存储资源中确定对应的访问令牌,如果所确定的访问令牌与目标请求携带的访问令牌匹配,说明鉴权通过,所以可以执行该目标请求所请求的操作,从而实现云平台与物联网设备之间的交互。In this embodiment of the application, a target request from an Internet of Things device is received, and the target request carries the access token and account information. According to the account information, the corresponding access token is determined from the target storage resource. If the determined access token matches the access token carried in the target request, it means that the authentication is passed, so the operation requested by the target request can be performed. So as to realize the interaction between the cloud platform and the Internet of Things devices.
请参考图10,其示出了本申请一个示例性实施例提供的服务器的结构示意图。该服务器包括:处理器1001、接收器1002、发射器1003、存储器1004和总线1005。Please refer to FIG. 10, which shows a schematic structural diagram of a server provided by an exemplary embodiment of the present application. The server includes: a processor 1001, a receiver 1002, a transmitter 1003, a memory 1004, and a bus 1005.
处理器1001包括一个或者一个以上处理核心,处理器1001通过运行软件程序以及模块,从而执行各种功能应用以及信息处理。The processor 1001 includes one or more processing cores, and the processor 1001 executes various functional applications and information processing by running software programs and modules.
接收器1002和发射器1003可以实现为一个通信组件,该通信组件可以是一块通信芯片。The receiver 1002 and the transmitter 1003 may be implemented as a communication component, and the communication component may be a communication chip.
存储器1004通过总线1005与处理器1001相连。The memory 1004 is connected to the processor 1001 through a bus 1005.
存储器1004可用于存储至少一个指令,处理器1001用于执行该至少一个指令,以实现上述各个方法实施例中的服务器执行的各个步骤。The memory 1004 may be used to store at least one instruction, and the processor 1001 is used to execute the at least one instruction, so as to implement each step executed by the server in the foregoing method embodiments.
此外,存储器1004可以由任何类型的易失性或非易失性存储设备或者它们的组合实现,易失性或非易失性存储设备包括但不限于:磁盘或光盘,EEPROM(Electrically Erasable Programmable Read-Only Memory,带电可擦除可编程只读存储器),EPROM(Electrically Programmable Read Only Memory,可擦除可编程只读存储器),SRAM(Static Random Access Memory,静态随时存取存储器),ROM(Read Only Memory,只读存储器),磁存储器,快闪存储器,PROM(Programmable Read Only Memory,可编程只读存储器)。In addition, the memory 1004 can be implemented by any type of volatile or non-volatile storage device or a combination thereof. The volatile or non-volatile storage device includes, but is not limited to: magnetic disks or optical disks, EEPROM (Electrically Erasable Programmable Read -Only Memory, Erasable Programmable Read-Only Memory with Electricity), EPROM (Electrically Programmable Read Only Memory, Erasable Programmable Read-Only Memory), SRAM (Static Random Access Memory), ROM (Read Only Memory, magnetic memory, flash memory, PROM (Programmable Read Only Memory).
本申请提供了一种计算机可读存储介质,所述存储介质中存储有至少一条指令,所述至少一条指令由所述处理器加载并执行以实现上述各个方法实施例提供的方法。The present application provides a computer-readable storage medium in which at least one instruction is stored, and the at least one instruction is loaded and executed by the processor to implement the methods provided in the foregoing method embodiments.
本申请还提供了一种计算机程序产品,当计算机程序产品在计算机上运行时,使得计算机执行上述各个方法实施例提供的方法。This application also provides a computer program product, which when the computer program product runs on a computer, causes the computer to execute the methods provided in the foregoing method embodiments.
本领域普通技术人员可以理解实现上述实施例的全部或部分步骤可以通过硬件来完成,也可以通过程序来指令相关的硬件完成,所述的程序可以存储于一种计算机可读存储介质中,上述提到的存储介质可以是只读存储器,磁盘或光盘等。Those of ordinary skill in the art can understand that all or part of the steps in the foregoing embodiments can be implemented by hardware, or by a program instructing relevant hardware to be completed. The program can be stored in a computer-readable storage medium. The storage medium mentioned can be a read-only memory, a magnetic disk or an optical disk, etc.
以上所述仅为本申请的可选实施例,并不用以限制本申请,凡在本申请的精神和原则之内,所作的任何修改、等同替换、改进等,均应包含在本申请的保护范围之内。The above are only optional embodiments of this application and are not intended to limit this application. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of this application shall be included in the protection of this application. Within range.

Claims (26)

  1. 一种请求处理方法,其特征在于,所述方法包括:A request processing method, characterized in that the method includes:
    接收来自物联网设备的令牌更新请求,所述令牌更新请求携带第一刷新令牌;Receiving a token update request from the Internet of Things device, where the token update request carries the first refresh token;
    基于所述第一刷新令牌,为所述物联网设备分配第一访问令牌;Allocating a first access token to the Internet of Things device based on the first refresh token;
    将所述第一访问令牌更新至目标存储资源中,其中,所述目标存储资源为用于管理物联网设备在云平台上的状态的资源。The first access token is updated to the target storage resource, where the target storage resource is a resource used to manage the state of the Internet of Things device on the cloud platform.
  2. 如权利要求1所述的方法,其特征在于,所述方法还包括:The method of claim 1, wherein the method further comprises:
    向所述物联网设备发送令牌更新响应,所述令牌更新响应携带所述第一访问令牌;Sending a token update response to the Internet of Things device, where the token update response carries the first access token;
    所述将所述第一访问令牌更新至目标存储资源中,包括:The updating the first access token to the target storage resource includes:
    若接收到所述物联网设备发送的接收成功消息,将所述第一访问令牌更新至所述目标存储资源中,所述接收成功消息用于指示成功接收所述令牌更新响应。If a reception success message sent by the Internet of Things device is received, the first access token is updated to the target storage resource, and the reception success message is used to indicate that the token update response is successfully received.
  3. 如权利要求1所述的方法,其特征在于,所述方法还包括:The method of claim 1, wherein the method further comprises:
    向所述物联网设备发送令牌更新响应,所述令牌更新响应携带所述第一访问令牌;Sending a token update response to the Internet of Things device, where the token update response carries the first access token;
    所述将所述第一访问令牌更新至目标存储资源中,包括:The updating the first access token to the target storage resource includes:
    若接收到所述物联网设备发送的重注册请求,将所述重注册请求中携带的第一访问令牌更新至所述目标存储资源中。If a re-registration request sent by the Internet of Things device is received, the first access token carried in the re-registration request is updated to the target storage resource.
  4. 如权利要求1所述的方法,其特征在于,所述令牌更新请求是在第二访问令牌的期限与有效期限之间的差值小于指定阈值的情况下发送的,所述第二访问令牌是所述物联网设备在所述有效期限到期之前使用的访问令牌。The method of claim 1, wherein the token update request is sent when the difference between the expiration date of the second access token and the expiration date is less than a specified threshold, and the second access token The token is an access token used by the Internet of Things device before the expiration date.
  5. 如权利要求1所述的方法,其特征在于,所述物联网设备在云平台上的状态包括注册状态,所述目标存储资源包括第一存储资源;The method of claim 1, wherein the status of the Internet of Things device on the cloud platform includes a registration status, and the target storage resource includes a first storage resource;
    所述方法还包括:The method also includes:
    接收所述物联网设备的注销请求,所述注销请求携带所述第一访问令牌和账号信息;Receiving a logout request of the Internet of Things device, where the logout request carries the first access token and account information;
    基于所述账号信息,从所述第一存储资源中确定对应的访问令牌;Determining a corresponding access token from the first storage resource based on the account information;
    若从所述第一存储资源中确定的访问令牌与所述第一访问令牌匹配,对所述物联网设备进行注销。If the access token determined from the first storage resource matches the first access token, log off the Internet of Things device.
  6. 如权利要求1所述的方法,其特征在于,所述物联网设备在云平台上的状态包括上线状态,所述目标存储资源包括第二存储资源;The method of claim 1, wherein the status of the Internet of Things device on the cloud platform includes an online status, and the target storage resource includes a second storage resource;
    所述方法还包括:The method also includes:
    接收所述物联网设备的上线请求,所述上线请求携带所述第一访问令牌和账号信息;Receiving an online request of the Internet of Things device, where the online request carries the first access token and account information;
    基于所述账号信息,从所述第二存储资源中确定对应的访问令牌;Determine a corresponding access token from the second storage resource based on the account information;
    若从所述第二存储资源中确定的访问令牌与所述第一访问令牌匹配,控制所述物联网设备上线。If the access token determined from the second storage resource matches the first access token, control the Internet of Things device to go online.
  7. 如权利要求1所述的方法,其特征在于,所述物联网设备在云平台上的状态包括下线状态,所述目标存储资源包括第二存储资源;The method of claim 1, wherein the state of the Internet of Things device on the cloud platform includes an offline state, and the target storage resource includes a second storage resource;
    所述方法还包括:The method also includes:
    接收所述物联网设备的下线请求,所述下线请求携带所述第一访问令牌和账号信息;Receiving a offline request of the Internet of Things device, where the offline request carries the first access token and account information;
    基于所述账号信息,从所述第二存储资源中确定对应的访问令牌;Determine a corresponding access token from the second storage resource based on the account information;
    若从所述第二存储资源中确定的访问令牌与所述第一访问令牌匹配,控制所述物联网设 备下线。If the access token determined from the second storage resource matches the first access token, control the IoT device to go offline.
  8. 如权利要求1-7中任一项所述的方法,其特征在于,所述方法还包括:The method according to any one of claims 1-7, wherein the method further comprises:
    确定所述第一访问令牌的有效期限;Determining the validity period of the first access token;
    将所述第一访问令牌的有效期限更新至所述目标存储资源中。The validity period of the first access token is updated to the target storage resource.
  9. 如权利要求1-8中任一项所述的方法,其特征在于,所述方法还包括:8. The method according to any one of claims 1-8, wherein the method further comprises:
    在分配所述第一访问令牌的过程中,分配第二刷新令牌;In the process of allocating the first access token, allocating a second refresh token;
    将所述第二刷新令牌更新至所述目标存储资源中。The second refresh token is updated to the target storage resource.
  10. 如权利要求1-9中任一项所述的方法,其特征在于,所述令牌更新请求还携带账号信息;The method according to any one of claims 1-9, wherein the token update request also carries account information;
    所述账号信息包括所述物联网设备的设备标识;和/或,The account information includes the device identification of the Internet of Things device; and/or,
    所述账号信息包括登录所述物联网设备的用户标识。The account information includes a user identification for logging in to the Internet of Things device.
  11. 一种请求处理方法,其特征在于,所述方法包括:A request processing method, characterized in that the method includes:
    接收来自物联网设备的目标请求,所述目标请求携带访问令牌和账号信息;Receiving a target request from an Internet of Things device, the target request carrying an access token and account information;
    根据所述账号信息,从目标存储资源中确定对应的访问令牌,所述目标存储资源为用于管理物联网设备在云平台上的状态的资源;According to the account information, determine a corresponding access token from a target storage resource, where the target storage resource is a resource used to manage the state of the Internet of Things device on the cloud platform;
    若从所述目标存储资源中确定的访问令牌与所述目标请求携带的访问令牌匹配,则执行所述目标请求所请求的操作。If the access token determined from the target storage resource matches the access token carried in the target request, the operation requested by the target request is executed.
  12. 如权利要求11所述的方法,其特征在于,所述方法还包括:The method of claim 11, wherein the method further comprises:
    若从所述目标存储资源中确定的访问令牌与所述目标请求携带的访问令牌不匹配,则基于所述账号信息,从令牌刷新资源中获取对应的访问令牌;If the access token determined from the target storage resource does not match the access token carried in the target request, based on the account information, obtain the corresponding access token from the token refresh resource;
    若从所述令牌刷新资源中获取的访问令牌与所述目标请求携带的访问令牌匹配,则执行所述目标请求所请求的操作。If the access token obtained from the token refresh resource matches the access token carried in the target request, the operation requested by the target request is performed.
  13. 一种请求处理装置,其特征在于,所述装置包括:A request processing device, characterized in that the device includes:
    接收模块,用于接收来自物联网设备的令牌更新请求,所述令牌更新请求携带第一刷新令牌;A receiving module, configured to receive a token update request from an Internet of Things device, where the token update request carries the first refresh token;
    分配模块,用于基于所述第一刷新令牌,为所述物联网设备分配第一访问令牌;An allocation module, configured to allocate a first access token to the Internet of Things device based on the first refresh token;
    更新模块,用于将所述第一访问令牌更新至目标存储资源中,其中,所述目标存储资源为用于管理物联网设备在云平台上的状态的资源。The update module is configured to update the first access token to a target storage resource, where the target storage resource is a resource used to manage the state of the Internet of Things device on the cloud platform.
  14. 如权利要求13所述的装置,其特征在于,所述更新模块用于:The device according to claim 13, wherein the update module is used for:
    向所述物联网设备发送令牌更新响应,所述令牌更新响应携带所述第一访问令牌;Sending a token update response to the Internet of Things device, where the token update response carries the first access token;
    若接收到所述物联网设备发送的接收成功消息,将所述第一访问令牌更新至所述目标存储资源中,所述接收成功消息用于指示成功接收所述令牌更新响应。If a reception success message sent by the Internet of Things device is received, the first access token is updated to the target storage resource, and the reception success message is used to indicate that the token update response is successfully received.
  15. 如权利要求13所述的装置,其特征在于,所述更新模块用于:The device according to claim 13, wherein the update module is used for:
    向所述物联网设备发送令牌更新响应,所述令牌更新响应携带所述第一访问令牌;Sending a token update response to the Internet of Things device, where the token update response carries the first access token;
    若接收到所述物联网设备发送的重注册请求,将所述重注册请求中携带的第一访问令牌更新至所述目标存储资源中。If a re-registration request sent by the Internet of Things device is received, the first access token carried in the re-registration request is updated to the target storage resource.
  16. 如权利要求13所述的装置,其特征在于,所述令牌更新请求是在第二访问令牌的期 限与有效期限之间的差值小于指定阈值的情况下发送的,所述第二访问令牌是所述物联网设备在所述有效期限到期之前使用的访问令牌。The apparatus according to claim 13, wherein the token update request is sent when the difference between the expiration date and the expiration date of the second access token is less than a specified threshold, and the second access token The token is an access token used by the Internet of Things device before the expiration date.
  17. 如权利要求13所述的装置,其特征在于,所述物联网设备在云平台上的状态包括注册状态,所述目标存储资源包括第一存储资源;The apparatus of claim 13, wherein the status of the Internet of Things device on the cloud platform includes a registration status, and the target storage resource includes a first storage resource;
    所述更新模块还用于:The update module is also used for:
    接收所述物联网设备的注销请求,所述注销请求携带所述第一访问令牌和账号信息;Receiving a logout request of the Internet of Things device, where the logout request carries the first access token and account information;
    基于所述账号信息,从所述第一存储资源中确定对应的访问令牌;Determining a corresponding access token from the first storage resource based on the account information;
    若从所述第一存储资源中确定的访问令牌与所述第一访问令牌匹配,对所述物联网设备进行注销。If the access token determined from the first storage resource matches the first access token, log off the Internet of Things device.
  18. 如权利要求13所述的装置,其特征在于,所述物联网设备在云平台上的状态包括上线状态,所述目标存储资源包括第二存储资源;The apparatus of claim 13, wherein the status of the Internet of Things device on the cloud platform includes an online status, and the target storage resource includes a second storage resource;
    所述更新模块还用于:The update module is also used for:
    接收所述物联网设备的上线请求,所述上线请求携带所述第一访问令牌和账号信息;Receiving an online request of the Internet of Things device, where the online request carries the first access token and account information;
    基于所述账号信息,从所述第二存储资源中确定对应的访问令牌;Determine a corresponding access token from the second storage resource based on the account information;
    若从所述第二存储资源中确定的访问令牌与所述第一访问令牌匹配,控制所述物联网设备上线。If the access token determined from the second storage resource matches the first access token, control the Internet of Things device to go online.
  19. 如权利要求13所述的装置,其特征在于,所述物联网设备在云平台上的状态包括下线状态,所述目标存储资源包括第二存储资源;The apparatus of claim 13, wherein the state of the Internet of Things device on the cloud platform includes an offline state, and the target storage resource includes a second storage resource;
    所述更新模块还用于:The update module is also used for:
    接收所述物联网设备的下线请求,所述下线请求携带所述第一访问令牌和账号信息;Receiving a offline request of the Internet of Things device, where the offline request carries the first access token and account information;
    基于所述账号信息,从所述第二存储资源中确定对应的访问令牌;Determine a corresponding access token from the second storage resource based on the account information;
    若从所述第二存储资源中确定的访问令牌与所述第一访问令牌匹配,控制所述物联网设备下线。If the access token determined from the second storage resource matches the first access token, control the Internet of Things device to go offline.
  20. 如权利要求13-19中任一项所述的装置,其特征在于,所述更新模块用于:The device according to any one of claims 13-19, wherein the update module is configured to:
    确定所述第一访问令牌的有效期限;Determining the validity period of the first access token;
    将所述第一访问令牌的有效期限更新至所述目标存储资源中。The validity period of the first access token is updated to the target storage resource.
  21. 如权利要求13-20中任一项所述的装置,其特征在于,所述更新模块用于:The device according to any one of claims 13-20, wherein the update module is configured to:
    在分配所述第一访问令牌的过程中,分配第二刷新令牌;In the process of allocating the first access token, allocating a second refresh token;
    将所述第二刷新令牌更新至所述目标存储资源中。The second refresh token is updated to the target storage resource.
  22. 如权利要求13-21中任一项所述的装置,其特征在于,所述令牌更新请求还携带账号信息;The device according to any one of claims 13-21, wherein the token update request also carries account information;
    所述账号信息包括所述物联网设备的设备标识;和/或,The account information includes the device identification of the Internet of Things device; and/or,
    所述账号信息包括登录所述物联网设备的用户标识。The account information includes a user identification for logging in to the Internet of Things device.
  23. 一种请求处理装置,其特征在于,所述装置包括:A request processing device, characterized in that the device includes:
    接收模块,用于接收来自物联网设备的目标请求,所述目标请求携带访问令牌和账号信息;A receiving module for receiving a target request from an Internet of Things device, the target request carrying an access token and account information;
    确定模块,用于根据所述账号信息,从目标存储资源中确定对应的访问令牌,所述目标存储资源为用于管理物联网设备在云平台上的状态的资源;A determining module, configured to determine a corresponding access token from a target storage resource according to the account information, where the target storage resource is a resource used to manage the state of the Internet of Things device on the cloud platform;
    执行模块,用于若从所述目标存储资源中确定的访问令牌与所述目标请求携带的访问令 牌匹配,则执行所述目标请求所请求的操作。The execution module is configured to execute the operation requested by the target request if the access token determined from the target storage resource matches the access token carried in the target request.
  24. 如权利要求23所述的装置,其特征在于,所述执行模块还用于:The device of claim 23, wherein the execution module is further configured to:
    若从所述目标存储资源中确定的访问令牌与所述目标请求携带的访问令牌不匹配,则基于所述账号信息,从令牌刷新资源中获取对应的访问令牌;If the access token determined from the target storage resource does not match the access token carried in the target request, based on the account information, obtain the corresponding access token from the token refresh resource;
    若从所述令牌刷新资源中获取的访问令牌与所述目标请求携带的访问令牌匹配,则执行所述目标请求所请求的操作。If the access token obtained from the token refresh resource matches the access token carried in the target request, the operation requested by the target request is performed.
  25. 一种设备,其特征在于,所述设备包括处理器和存储器,所述存储器存储有至少一条指令,所述至少一条指令用于被所述处理器执行以实现权利要求1-10中任一项所提供的请求处理方法,或者,实现权利要求11或12所提供的请求处理方法。A device, wherein the device includes a processor and a memory, the memory stores at least one instruction, and the at least one instruction is used to be executed by the processor to implement any one of claims 1-10 The provided request processing method, or implements the request processing method provided in claim 11 or 12.
  26. 一种计算机可读存储介质,其特征在于,所述计算机可读存储介质存储有至少一条指令,所述至少一条指令用于被处理器执行以实现权利要求1-10中任一项所提供的请求处理方法,或者,实现权利要求11或12所提供的请求处理方法。A computer-readable storage medium, characterized in that, the computer-readable storage medium stores at least one instruction, and the at least one instruction is used to be executed by a processor to implement what is provided in any one of claims 1-10 Request processing method, or implement the request processing method provided in claim 11 or 12.
PCT/CN2020/093264 2020-05-29 2020-05-29 Request processing method and apparatus, and device and storage medium WO2021237676A1 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
PCT/CN2020/093264 WO2021237676A1 (en) 2020-05-29 2020-05-29 Request processing method and apparatus, and device and storage medium
CN202080099653.3A CN115398858A (en) 2020-05-29 2020-05-29 Request processing method, device, equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CN2020/093264 WO2021237676A1 (en) 2020-05-29 2020-05-29 Request processing method and apparatus, and device and storage medium

Publications (1)

Publication Number Publication Date
WO2021237676A1 true WO2021237676A1 (en) 2021-12-02

Family

ID=78745486

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2020/093264 WO2021237676A1 (en) 2020-05-29 2020-05-29 Request processing method and apparatus, and device and storage medium

Country Status (2)

Country Link
CN (1) CN115398858A (en)
WO (1) WO2021237676A1 (en)

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20130222839A1 (en) * 2012-02-29 2013-08-29 Canon Kabushiki Kaisha Systems and methods for enterprise sharing of a printing device
CN104350501A (en) * 2012-05-25 2015-02-11 佳能株式会社 Authorization server and client apparatus, server cooperative system, and token management method
US20150236908A1 (en) * 2014-02-19 2015-08-20 Samsung Electronics Co., Ltd. Method and apparatus for managing access information for registration of device in smart home service
US9178868B1 (en) * 2013-06-24 2015-11-03 Google Inc. Persistent login support in a hybrid application with multilogin and push notifications
US20150350186A1 (en) * 2014-05-30 2015-12-03 Oracle International Corporation Authorization token cache system and method
US20160080383A1 (en) * 2014-09-11 2016-03-17 International Business Machines Corporation Recovery from rolling security token loss

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20130222839A1 (en) * 2012-02-29 2013-08-29 Canon Kabushiki Kaisha Systems and methods for enterprise sharing of a printing device
CN104350501A (en) * 2012-05-25 2015-02-11 佳能株式会社 Authorization server and client apparatus, server cooperative system, and token management method
US9178868B1 (en) * 2013-06-24 2015-11-03 Google Inc. Persistent login support in a hybrid application with multilogin and push notifications
US20150236908A1 (en) * 2014-02-19 2015-08-20 Samsung Electronics Co., Ltd. Method and apparatus for managing access information for registration of device in smart home service
US20150350186A1 (en) * 2014-05-30 2015-12-03 Oracle International Corporation Authorization token cache system and method
US20160080383A1 (en) * 2014-09-11 2016-03-17 International Business Machines Corporation Recovery from rolling security token loss

Also Published As

Publication number Publication date
CN115398858A (en) 2022-11-25

Similar Documents

Publication Publication Date Title
US10666661B2 (en) Authorization processing method and device
CN112511611B (en) Communication method, device and system of node cluster and electronic equipment
US10148493B1 (en) API gateway for network policy and configuration management with public cloud
US7287077B2 (en) Reservation of TCP/UDP ports using UID, GID or process name
US8184631B2 (en) Method for specifying a MAC identifier for a network-interface-device
US9515987B2 (en) Method, apparatus, and system for network address translation
CN109791499A (en) Distributed Container Management system based on event-driven strategy
US7200678B1 (en) Selecting network address offered by a plurality of servers based on server identification information
CN103944883A (en) System and method for cloud application access control under cloud computing environment
CN110716787A (en) Container address setting method, apparatus, and computer-readable storage medium
WO2017054129A1 (en) Network function virtualization resource processing method and virtualized network function manager
US20160337470A1 (en) Method and server for assigning relative order to message by using vector clock and delivering the message based on the assigned relative order under distributed environment
CN116996908A (en) Fusion management method, device, equipment and medium of master-slave gateway and wireless AP
WO2015192583A1 (en) Internet protocol (ip) address allocation method and apparatus, server and terminal
EP4087206A1 (en) Internet-of-things device registration method and apparatus, device and storage medium
WO2021237676A1 (en) Request processing method and apparatus, and device and storage medium
KR20200046942A (en) Method for authenticating legacy service based on token and platform service server supporting the same
US20110196990A1 (en) Systems and methods for auto addressing in a control network
CN110493175B (en) Information processing method, electronic equipment and storage medium
US20170279880A1 (en) Peer corresponding to the domain in multi-domain environment and method for controlling the same
US10523766B2 (en) Resolving path state conflicts in internet small computer system interfaces
CN110933199B (en) Address allocation method and device
CN115486033B (en) Equipment access method and device in Internet of things, computer equipment and storage medium
CN115525442A (en) Remote command execution method and device
CN107959674B (en) Gateway equipment, and method and system for controlling access to third-party LDAP server user

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 20938277

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 20938277

Country of ref document: EP

Kind code of ref document: A1