Generating derived credentials for a multi-tenant identity cloud service
First Claim
1. A non-transitory computer readable medium having instructions stored thereon that, when executed by a processor, cause the processor to provide cloud based identity management, the providing comprising:
- receiving, at a current time, a request to execute a job, the job requiring a corresponding access token to be executed, the access token comprising an expiration time, wherein the job has a scheduled start time later than the current time plus the expiration time;
generating, before the scheduled start time, a first access token corresponding to the job, the first access token comprising access privileges;
before the scheduled start time, scheduling the job to be executed at the scheduled start time using the first access token;
persisting the first access token before the scheduled start time;
triggering the job at the scheduled start time;
in response to the triggering, generating a second access token that is derived from the first access token, wherein the second access token comprises the same access privileges as the first access token;
injecting the second access token during runtime of the job; and
using the second access token to execute the job after an expiration of the first access token.
1 Assignment
0 Petitions
Accused Products
Abstract
A multi-tenant system that provides cloud-based identity management receives a request to execute a job, where the job has a scheduled start time, or a timeframe to complete, that exceeds the validity time of a request access token. The system generates the request access token corresponding to the job, where the request access token has access privileges. The system schedules the job and persists the request access token. The system triggers the job at the scheduled start time and generates a derived access token based on the request access token, where the derived access token includes the access privileges. The system then injects the derived access token during runtime of the job and calls a microservice using the derived access token to execute the job.
-
Citations
20 Claims
-
1. A non-transitory computer readable medium having instructions stored thereon that, when executed by a processor, cause the processor to provide cloud based identity management, the providing comprising:
-
receiving, at a current time, a request to execute a job, the job requiring a corresponding access token to be executed, the access token comprising an expiration time, wherein the job has a scheduled start time later than the current time plus the expiration time; generating, before the scheduled start time, a first access token corresponding to the job, the first access token comprising access privileges; before the scheduled start time, scheduling the job to be executed at the scheduled start time using the first access token; persisting the first access token before the scheduled start time; triggering the job at the scheduled start time; in response to the triggering, generating a second access token that is derived from the first access token, wherein the second access token comprises the same access privileges as the first access token; injecting the second access token during runtime of the job; and using the second access token to execute the job after an expiration of the first access token. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A method to provide cloud based identity management, the method comprising:
-
receiving, at a current time, a request to execute a job, the job requiring a corresponding access token to be executed, the access token comprising an expiration time, wherein the job has a scheduled start time later than the current time plus the expiration time,; generating, before the scheduled start time, a first access token corresponding to the job, the first access token comprising access privileges; before the scheduled start time, scheduling the job to be executed at the scheduled start time using the first access token; persisting the first access token before the scheduled start time; triggering the job at the scheduled start time; in response to the triggering, generating a second access token that is derived from the first access token, wherein the second access token comprises the same access privileges as the first access token; injecting the second access token during runtime of the job; and using the second access token to execute the job after an expiration of the first access token. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A system for providing cloud-based identity and access management, comprising:
-
a plurality of tenants; a plurality of microservices; and one or more hardware processors that execute instructions to; receive, at a current time, a request to execute a job, the job requiring a corresponding access token to be executed, the access token comprising an expiration time, wherein the job has a scheduled start time later than the current time plus the expiration time,; generate, before the scheduled start time, a first access token corresponding to the job, the first access token comprising access privileges; before the scheduled start time, schedule the job to be executed at the scheduled start time using the first access token; persist the first access token before the scheduled start time; trigger the job at the scheduled start time; in response to the trigger, generate a second access token that is derived from the first access token, wherein the second access token comprises the same access privileges as the first access token; inject the second access token during runtime of the job; and use the second access token to execute the job after an expiration of the first access token. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification