Cross-application authentication on a content management system
First Claim
1. A method comprising:
- establishing a communication channel through a content management system, between a client application at a client device and a website associated with the content management system, wherein establishing the communication channel comprises;
receiving, by the client application, from a browser application at the client device, a first message comprising a first nonce; and
sending, from the client application to the content management system, a second message comprising the first nonce, wherein the first nonce associates the client application with the browser application to yield an association, wherein the association enables the content management system to relay one or more communications between the client application and the website;
receiving, by the client application from the content management system via the communication channel, a request by the website for the client application to authenticate with the content management system under a user account used by the browser application at the client device to authenticate a current session between the browser application at the client device and the website with the content management system; and
sending, from the client application to the browser application, a command comprising a uniform resource locator (URL) and the first nonce, the command instructing the browser application to use the URL and the first nonce to authenticate the client application with the content management system under the user account used by the browser application to authenticate the current session between the browser application and the website and verify the association of client application and browser application to the content management system.
3 Assignments
0 Petitions
Accused Products
Abstract
Systems, methods, and computer-readable media for cross-application authentication on a content management system. A client application running at a client device that is not authenticated with a content management system can receive, from a web site associated with the content management system, a request to authenticate with the content management system under a user account used to authenticate a current session between a browser application at the client device and the website with the content management system. The client application can then obtain a uniform resource locator (URL) with a nonce associated with the client application, and send a command to the browser application including the URL and nonce. The command can trigger the browser application to use the URL and nonce to authenticate the client application with the content management system under the user account with which the current session between the browser application and the website is currently authenticated.
20 Citations
20 Claims
-
1. A method comprising:
-
establishing a communication channel through a content management system, between a client application at a client device and a website associated with the content management system, wherein establishing the communication channel comprises; receiving, by the client application, from a browser application at the client device, a first message comprising a first nonce; and sending, from the client application to the content management system, a second message comprising the first nonce, wherein the first nonce associates the client application with the browser application to yield an association, wherein the association enables the content management system to relay one or more communications between the client application and the website; receiving, by the client application from the content management system via the communication channel, a request by the website for the client application to authenticate with the content management system under a user account used by the browser application at the client device to authenticate a current session between the browser application at the client device and the website with the content management system; and sending, from the client application to the browser application, a command comprising a uniform resource locator (URL) and the first nonce, the command instructing the browser application to use the URL and the first nonce to authenticate the client application with the content management system under the user account used by the browser application to authenticate the current session between the browser application and the website and verify the association of client application and browser application to the content management system. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A system comprising:
-
one or more processors; and at least one computer-readable medium storing computer-readable instructions that when executed cause the one or more processors to; run a client application associated with a content management system in unauthenticated mode; establish a communication channel through the content management system between the client application and a website associated with the content management system, wherein establishing the communication channel comprises; receiving, by the client application, from a browser application on the system, a first message comprising a unique identifier associated with the browser application; and sending, from the client application to the content management system, a second message comprising the unique identifier, wherein the unique identifier associates the client application with the browser application to yield an association, wherein the association enables the content management system to relay one or more communications between the client application and the website; receive, via the communication channel, a request by the website for the client application to authenticate with the content management system under a user account used to authenticate a session between the browser application running at the system and the website with the content management system; obtain, by the client application, a uniform resource locator (URL) including a nonce comprising the unique identifier associated with the browser application; and send, from the client application to the browser application, a command comprising the URL and nonce, the command triggering the browser application to use the URL and nonce to authenticate the client application with the content management system under the user account. - View Dependent Claims (10, 11, 12, 13)
-
-
14. A content management system comprising:
-
one or more processors; and at least one computer-readable medium storing computer-readable instructions that when executed cause the content management system to; determine that a client application running at a client device is not authenticated with the content management system, to yield a first determination; determine that a session between a browser application at the client device and a website associated with the content management system is authenticated with the content management system, to yield a second determination; based on the first determination and the second determination, obtain, from the website, a first message for the client application at the client device, the first message requesting the client application to authenticate with the content management system under a user account used to authenticate the session between the browser application at the client device and the website with the content management system; relay at least part of the first message from the website to the client application; send, to the client application, a nonce associated with the client application; receive, from the website, a second message comprising the nonce and a request to authenticate the client application under the user account used to authenticate the session between the browser application and the website; and in response to the second message, authenticate the client application under the user account. - View Dependent Claims (15, 16, 17, 18, 19, 20)
-
Specification