Authorization token cache system and method
First Claim
Patent Images
1. A method comprising:
- receiving, by a token client from a user, credentials information for a token service;
storing, by the token client in a token cache, credentials information and token metadata;
wherein the token metadata stored by the token client in the token cache indicates how to requestan access token from the token service and how to retrieve an accesstoken from access token responses received from the token service;
receiving, by the token client from an application executing on one or more computing devices, a request to initialize a new session;
generating, by the token client, a session identifier that maps to a cache key for retrieving the token metadata and the credentials information from the token cache;
returning, by the token client to the application executing on one or more computing devices, the session identifier;
receiving, by the token client from the application executing on one or more computing devices, a request to access a protected resource from a resource server, wherein the request includes the session identifier;
responsive to receiving the request, mapping, by the token client, the session identifier to the cache key for retrieving the token metadata and the credentials information from the token cache;
retrieving, by the token client using the cache key, the token metadata and credentials information from the token cache, wherein the credentials information are not provided by the token client to the application executing on one or more computing devices;
responsive to retrieving the token metadata and credentials information from the token cache, generating, by the token client based at least in part on the token metadata, a token request that identifies the credentials information;
sending, by the token client to the token service, the token request that identifies the credentials information;
receiving, by the token client from the token service, an access token response and retrieving a first access token from the access token response using the token metadata;
storing, by the token client in the token cache and in association with the cache key, the first access token, such that the cache key may be used to retrieve the first access token;
sending, by the token client to a resource server, a resource request to access the protected resource;
wherein the resource request includes the first access token;
receiving, by the token client from the resource server, a resource response that includes a representation of the protected resource; and
returning, by the token client to the application executing on one or more computing devices, the representation of the protected resource.
1 Assignment
0 Petitions
Accused Products
Abstract
A system includes one or more processors to request access tokens from a token service computer, cache the access tokens and related information in a token cache, transmit the access tokens with a resource request to a resource server, and receive requested resources in response to the resource request. The resource server transmits representations of requested resources to computing devices having valid tokens. The access tokens and related information including credentials information and token metadata are stored in the token cache.
65 Citations
20 Claims
-
1. A method comprising:
-
receiving, by a token client from a user, credentials information for a token service; storing, by the token client in a token cache, credentials information and token metadata; wherein the token metadata stored by the token client in the token cache indicates how to request an access token from the token service and how to retrieve an access token from access token responses received from the token service; receiving, by the token client from an application executing on one or more computing devices, a request to initialize a new session; generating, by the token client, a session identifier that maps to a cache key for retrieving the token metadata and the credentials information from the token cache; returning, by the token client to the application executing on one or more computing devices, the session identifier; receiving, by the token client from the application executing on one or more computing devices, a request to access a protected resource from a resource server, wherein the request includes the session identifier; responsive to receiving the request, mapping, by the token client, the session identifier to the cache key for retrieving the token metadata and the credentials information from the token cache; retrieving, by the token client using the cache key, the token metadata and credentials information from the token cache, wherein the credentials information are not provided by the token client to the application executing on one or more computing devices; responsive to retrieving the token metadata and credentials information from the token cache, generating, by the token client based at least in part on the token metadata, a token request that identifies the credentials information; sending, by the token client to the token service, the token request that identifies the credentials information; receiving, by the token client from the token service, an access token response and retrieving a first access token from the access token response using the token metadata; storing, by the token client in the token cache and in association with the cache key, the first access token, such that the cache key may be used to retrieve the first access token; sending, by the token client to a resource server, a resource request to access the protected resource; wherein the resource request includes the first access token; receiving, by the token client from the resource server, a resource response that includes a representation of the protected resource; and returning, by the token client to the application executing on one or more computing devices, the representation of the protected resource. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. One or more non-transitory computer-readable media storing one or more sequences of instructions, wherein the instructions include:
-
instructions, which when executed by one or more hardware processors, cause receiving, by a token client from a user, credentials information for a token service; instructions, which when executed by one or more hardware processors, cause storing, by a token client in a token cache, credentials information and token metadata; wherein the token metadata stored by the token client in the token cache indicates how7 to request an access token from a token service and how to retrieve an access token from access token responses received from the token service; instructions, which when executed by one or more hardware processors, cause receiving, by the token client from an application executing on one or more computing devices, a request to initialize a new session; instructions, which when executed by one or more hardware processors, cause generating, by the token client, a session identifier that maps to a cache key for retrieving the token metadata and the credentials information from the token cache; instructions, which when executed by one or more hardware processors, cause returning, by the token client to the application executing on one or more computing devices, the session identifier; instructions, which when executed by one or more hardware processors, cause receiving, by the token client from the application executing on one or more computing devices, a request to access a protected resource from a resource server, wherein the request includes the session identifier; instructions, which when executed by one or more hardware processors, cause responsive to receiving the request, mapping, by the token client, the session identifier to the cache key for retrieving the token metadata and the credentials information from the token cache; instructions, which when executed by one or more hardware processors, cause retrieving, by the token client using the cache key, the token metadata and credentials information from the token cache, wherein the credentials information are not provided by the token client to the application executing on one or more computing devices; instructions, which when executed by one or more hardware processors, cause responsive to retrieving the token metadata and credentials information from the token cache, generating, by the token client based at least in part on the token metadata, a token request that identifies the credentials information; instructions, which when executed by one or more hardware processors, cause sending, by the token client to the token service, the token request that identifies the credentials information; instructions, which when executed by one or more hardware processors, cause receiving, by the token client from the token service, an access token response and retrieving a first access token from the access token response using the token metadata; instructions, winch when executed by one or more hardware processors, cause storing, by the token client in the token cache and in association with the cache key, the first access token, such that the cache key may be used to retrieve the access token; instructions, which when executed by one or more hardware processors, cause sending, by the token client to a resource server, a resource request to access the protected resource; wherein the resource request includes the first access token; instructions, which when executed by one or more hardware processors, cause receiving, by the token client from the resource server, a resource response that includes a representation of the protected resource; and instructions, which when executed by one or more hardware processors, cause returning, by the token client to the application executing on one or more computing devices, the representation of the protected resource. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
-
Specification