Authorization delegation system, control method, authorization server, and storage medium
First Claim
1. An authorization delegation system that comprises a resource server that provides a service and an authorization server that performs authorization delegation for authorizing a client apparatus access to user data that the resource server has based on authorization information,wherein the authorization server includes at least a processor and at least a memory coupled to at least the processor and having stored thereon instructions which, when executed by the at least the processor, cause the authorization server to perform operations comprising:
- performing, by an authentication unit, an authentication of a user based on received user authentication information from the client apparatus;
issuing, by an authorization unit, two sets of information, one of which is the authorization information to inform an allowance of the authorization and the other of which is updating authorization information to update the authorization information automatically, when an authorization request to request the authorization delegation is received from the client apparatus and it is permitted to delegate authority concerning a use of the service of the authenticated user to the client apparatus;
receiving, by a receiving unit, another authorization request from the client apparatus;
retrieving, by a retrieving unit, whether or not the updating authorization information has already been issued when the authorization request received by the receiving unit is acquired;
wherein, when confirmed that the updating authorization information has already been issued for the retrieval by the retrieving unit, the authorization unit invalidates the retrieved updating authorization information, and controls whether to newly issue the authorization information and the updating authorization information according to a new permission of a user.
1 Assignment
0 Petitions
Accused Products
Abstract
An authorization delegation system includes a resource server that provides a service and an authorization server that performs authorization delegation for authorizing a cooperation server, which is a client apparatus, access to user data that the resource server has based on authorization information. The authorization server receives an authorization delegation request for requesting the authorization delegation, and retrieves a refresh token based on the received authorization delegation request. Additionally, the authorization server determines whether or not the retrieved refresh token is valid, and if it is determined that the refresh token is valid, invalidates the refresh token.
7 Citations
11 Claims
-
1. An authorization delegation system that comprises a resource server that provides a service and an authorization server that performs authorization delegation for authorizing a client apparatus access to user data that the resource server has based on authorization information,
wherein the authorization server includes at least a processor and at least a memory coupled to at least the processor and having stored thereon instructions which, when executed by the at least the processor, cause the authorization server to perform operations comprising: -
performing, by an authentication unit, an authentication of a user based on received user authentication information from the client apparatus; issuing, by an authorization unit, two sets of information, one of which is the authorization information to inform an allowance of the authorization and the other of which is updating authorization information to update the authorization information automatically, when an authorization request to request the authorization delegation is received from the client apparatus and it is permitted to delegate authority concerning a use of the service of the authenticated user to the client apparatus; receiving, by a receiving unit, another authorization request from the client apparatus; retrieving, by a retrieving unit, whether or not the updating authorization information has already been issued when the authorization request received by the receiving unit is acquired; wherein, when confirmed that the updating authorization information has already been issued for the retrieval by the retrieving unit, the authorization unit invalidates the retrieved updating authorization information, and controls whether to newly issue the authorization information and the updating authorization information according to a new permission of a user. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. An authorization server that performs authorization delegation for authorizing a client apparatus access to user data that the resource server, which provides a service, has based on authorization information,
wherein the authorization server includes at least a processor and at least a memory coupled to at least the processor and having stored thereon instructions which, when executed by the at least the processor, cause the authorization server to perform operations comprising: -
performing, by an authentication unit, an authentication of a user based on received user authentication information from the client apparatus; issuing, by an authorization unit, two sets of information, one of which is the authorization information to inform an allowance of the authorization and the other of which is updating authorization information to update the authorization information automatically, when an authorization request to request the authorization delegation is received from the client apparatus and it is permitted to delegate authority concerning a use of the service of the authenticated user to the client apparatus; receiving, by a receiving unit, another authorization request from the client apparatus; retrieving, by a retrieving unit, whether or not the configured to retrieve updating authorization information has already been issued when the authorization request received by the receiving unit is acquired; wherein, when confirmed that the updating authorization information has already been issued for the retrieval by the retrieving unit, the authorization unit invalidates an invalidating unit configured to invalidate the retrieved updating authorization information, and controls whether to newly issue the authorization information and the updating authorization information according to a new permission of a user.
-
-
10. A control method for an authorization delegation system that includes a resource server which provides a service and an authorization server that performs authorization delegation for authorizing a client apparatus access to user data that the resource server has based on authorization information, the control method comprising:
-
performing an authentication of a user based on received user authentication information from the client apparatus; issuing two sets of information, one of which is the authorization information to inform an allowance of the authorization and the other of which is updating authorization information to update the authorization information automatically, when an authorization request to request the authorization delegation is received from the client apparatus and it is permitted to delegate authority concerning a use of the service of the authenticated user to the client apparatus; receiving another authorization request from the client apparatus; retrieving whether or not the updating authorization information has already been issued when the authorization request is acquired; wherein, when confirmed that the updating authorization information has already been issued in the retrieving, in the issuing, invalidates the retrieved updating authorization information, and controls whether to newly issue the authorization information and the updating authorization information according to a new permission of a user.
-
-
11. A non-transitory storage medium on which is stored a computer program for making a computer function as respective units of an authorization server wherein the authorization server performs authorization delegation for authorizing a client apparatus access to user data, which a resource server that provides a service has, based on authorization information,
wherein the authorization server includes at least a processor and at least a memory coupled to at least the processor and having stored thereon instructions which, when executed by the at least the processor, cause the authorization server to perform operations comprising: -
performing, by an authentication unit, an authentication of a user based on received user authentication information from the client apparatus; issuing, by an authorization unit, two sets of information, one of which is the authorization information to inform an allowance of the authorization and the other of which is updating authorization information to update the authorization information automatically, when an authorization request to request the authorization delegation is received from the client apparatus and it is permitted to delegate authority concerning a use of the service of the authenticated user to the client apparatus; receiving, by a receiving unit, another authorization request from the client apparatus; retrieving, by a retrieving unit, whether or not the updating authorization information has already been issued when the authorization request received by the receiving unit is acquired; wherein, when confirmed that the updating authorization information has already been issued for the retrieval by the retrieving unit, the authorization unit invalidates the retrieved updating authorization information, and controls whether to newly issue the authorization information and the updating authorization information according to a new permission of a user.
-
Specification