SINGLE SIGN-ON (SSO) FOR MOBILE APPLICATIONS
First Claim
1. A computer-implemented method comprising:
- receiving, at a server, a first client registration token from a first application executing on a first mobile device that is separate from the server;
determining, at the server, whether a first hardware identifier specified in the first client registration token matches any hardware identifier specified in any user session stored at the server;
in response to determining that the first hardware identifier specified in the first client registration token matches a hardware identifier specified in a first user session stored at the server, the server instructing the first application to allow a user of the first application to access functionality of the first application without requiring the user of the first application to re-engage in an authentication process.
1 Assignment
0 Petitions
Accused Products
Abstract
A framework, which conforms to the OAuth standard, involves a generic OAuth authorization server that can be used by multiple resource servers in order to ensure that access to resources stored on those resource servers is limited to access to which the resource owner consents. Each resource server registers, with the OAuth authorization server, metadata for that resource server, indicating scopes that are recognized by the resource server. The OAuth authorization server refers to this metadata when requesting consent from a resource owner on behalf of a client application, so that the consent will be of an appropriate scope. The OAuth authorization server refers to this metadata when constructing an access token to provide to the client application for use in accessing the resources on the resource server. The OAuth authorization server uses this metadata to map issued access tokens to the scopes to which those access tokens grant access.
69 Citations
18 Claims
-
1. A computer-implemented method comprising:
-
receiving, at a server, a first client registration token from a first application executing on a first mobile device that is separate from the server; determining, at the server, whether a first hardware identifier specified in the first client registration token matches any hardware identifier specified in any user session stored at the server; in response to determining that the first hardware identifier specified in the first client registration token matches a hardware identifier specified in a first user session stored at the server, the server instructing the first application to allow a user of the first application to access functionality of the first application without requiring the user of the first application to re-engage in an authentication process. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A computer-readable memory comprising instructions which, when executed by one or more processors, cause the one or more processors to perform:
-
receiving, at a server, a first client registration token from a first application executing on a first mobile device that is separate from the server; determining, at the server, whether a first hardware identifier specified in the first client registration token matches any hardware identifier specified in any user session stored at the server; in response to determining that the first hardware identifier specified in the first client registration token matches a hardware identifier specified in a first user session stored at the server, the server instructing the first application to allow a user of the first application to access functionality of the first application without requiring the user of the first application to re-engage in an authentication process. - View Dependent Claims (8, 9, 10, 11, 12)
-
-
13. A system comprising:
-
a first mobile device that stores a first application; and a machine that is separate from the first mobile device and that stores an OAuth authorization server that is configured to; receive a first client registration token from the first application; determine whether a first hardware identifier specified in the first client registration token matches any hardware identifier specified in any user session stored at the server; and instruct the first application to allow a user of the first application to access functionality of the first application without requiring the user of the first application to re-engage in an authentication process in response to determining that the first hardware identifier specified in the first client registration token matches a hardware identifier specified in a first user session stored at the server. - View Dependent Claims (14, 15, 16, 17, 18)
-
Specification