Accessing an application through application clients and web browsers
First Claim
Patent Images
1. A method comprising:
- deploying an authorization server to control access of one or more application clients to a plurality of protected applications;
receiving, at a protected application of the plurality of protected applications, a request comprising an access token from an application client of the one or more application clients which is associated with a user, wherein the access token is issued by the authorization server during authorization of the application client for accessing the protected application;
upon determining that the access token is valid at the protected application, retrieving, from the authorization server, grant information comprising intersecting scopes of rights between Open Authorization (OAuth) rights requested to be granted to the application client at the authorization server, rights mapped to a Java role of the user at the authorization server, and rights mapped to the protected application, wherein the intersecting scopes of rights comprises an overlap between corresponding scopes of the rights of the OAuth rights requested to the granted, the rights mapped to the Java role of the user, and the rights mapped to the protected application; and
establishing a direct session between the application client and the protected application based on the intersecting scopes of rights.
1 Assignment
0 Petitions
Accused Products
Abstract
A request from an application client is received at a protected application. The request includes an access token. A grant information associated with the received access token is retrieved. The grant information includes a plurality of intersecting scopes of rights granted to the application client. In another aspect, a session is established between the protected application and the application client. Furthermore, at least one scope of rights from the plurality of intersecting scopes of rights is determined to be mapped to at least one Application Programming Interface (API) from a number of APIs provided by the protected application.
-
Citations
18 Claims
-
1. A method comprising:
-
deploying an authorization server to control access of one or more application clients to a plurality of protected applications; receiving, at a protected application of the plurality of protected applications, a request comprising an access token from an application client of the one or more application clients which is associated with a user, wherein the access token is issued by the authorization server during authorization of the application client for accessing the protected application; upon determining that the access token is valid at the protected application, retrieving, from the authorization server, grant information comprising intersecting scopes of rights between Open Authorization (OAuth) rights requested to be granted to the application client at the authorization server, rights mapped to a Java role of the user at the authorization server, and rights mapped to the protected application, wherein the intersecting scopes of rights comprises an overlap between corresponding scopes of the rights of the OAuth rights requested to the granted, the rights mapped to the Java role of the user, and the rights mapped to the protected application; and establishing a direct session between the application client and the protected application based on the intersecting scopes of rights. - View Dependent Claims (2, 3, 4, 5, 6, 7, 12)
-
-
8. A non-transitory computer readable medium storing instructions, which when executed by at least one processor cause a computer to:
-
deploy an authorization server to control access of one or more application clients to a plurality of protected applications; receive, at a protected application of the plurality of protected applications, a request comprising an access token from an application client of the one or more application clients which is associated with a user, wherein the access token is issued by the authorization server during authorization of the application client for accessing the protected application; upon determining that the access token is valid at the protected application, retrieve, from the authorization server, grant information comprising intersecting scopes of rights between Open Authorization (OAuth) rights requested to be granted to the application client at the authorization server, rights mapped to a Java role of the user at the authorization server, and rights mapped to the protected application, wherein the intersecting scopes of rights comprises an overlap between corresponding scopes of the rights of the OAuth rights requested to the granted, the rights mapped to the Java role of the user, and the rights mapped to the protected application; and establish a direct session between the application client and the protected application based on the intersecting scopes of rights. - View Dependent Claims (9, 10, 11)
-
-
13. A computing system comprising:
-
a hardware processor configured to deploy an authorization server to control access of one or more application clients to a plurality of protected applications; and a network communicator configured to receive, via a protected application of the plurality of protected applications, a request comprising an access token from an application client of the one or more application clients which is associated with a Java user, wherein the access token is issued by the authorization server during authorization of the application client for accessing the protected application, wherein the hardware processor is further configured to retrieve grant information comprising intersecting scopes of rights between Open Authorization (OAuth) rights requested to be granted to the application client at the authorization server, and rights mapped to a Java role of the Java user at the authorization server, and rights mapped to the protected application, wherein the intersecting scopes of rights comprises an overlap between corresponding scopes of the rights of the OAuth rights requested to the granted, the rights mapped to the Java role of the user, and the rights mapped to the protected application, and establish a direct session between the application client and the protected application based on the intersecting scopes of rights. - View Dependent Claims (14, 15, 16, 17, 18)
-
Specification