METHOD AND SYSTEM TO PROVIDE ADDITIONAL SECURITY MECHANISM FOR PACKAGED WEB APPLICATIONS
First Claim
1. A method for authenticating a client application attempting to access a protected resource stored on a resource server, the method comprising:
- receiving, by an authorization server, a request to access the protected resource, wherein the request is received from the client application authorized by a resource owner of the protected resource; and
redirecting, by the authorization server, the request to the resource server using a redirect identifier corresponding to a redirect endpoint of the client application, wherein the redirect identifier is intercepted by a web runtime engine prior to the redirect.
1 Assignment
0 Petitions
Accused Products
Abstract
A method for authenticating a client application attempting to access a protected resource on a resource server includes receiving a request to access the protected resource at an authorization server. The request is received from the client application authorized by a resource owner of the protected resource. Further, the method includes redirecting the request to the resource server using a redirect identifier corresponding to a redirect endpoint of the client application. The redirect identifier is intercepted by a web run time engine prior to the redirect. Furthermore, the method includes determining a match between the intercepted redirect identifier and a pre-assigned redirect identifier with the client application stored at the web run time engine to authenticate the client application prior to providing access to the protected resource.
-
Citations
20 Claims
-
1. A method for authenticating a client application attempting to access a protected resource stored on a resource server, the method comprising:
-
receiving, by an authorization server, a request to access the protected resource, wherein the request is received from the client application authorized by a resource owner of the protected resource; and redirecting, by the authorization server, the request to the resource server using a redirect identifier corresponding to a redirect endpoint of the client application, wherein the redirect identifier is intercepted by a web runtime engine prior to the redirect. - View Dependent Claims (2, 3, 4, 5)
-
-
6. An authorization server apparatus for authenticating a client application attempting to access a protected resource stored on a resource server, the apparatus comprising:
a processor configured to receive a request to access the protected resource, wherein the request is received from the client application authorized by a resource owner of the protected resource, and to redirect the request to the resource server using a redirect identifier corresponding to a redirect endpoint of the client application, wherein the redirect identifier is intercepted by a web runtime engine prior to the redirect. - View Dependent Claims (7, 8, 9, 10)
-
11. A method for authenticating a client application attempting to access a protected resource stored on a resource server by a web runtime engine, the method comprising:
- in response to an authorization server receiving a request to access the protected resource, wherein the request is received from the client application authorized by a resource owner of the protected resource, and redirecting the request to the resource server using a redirect identifier corresponding to a redirect endpoint of the client application,
intercepting the redirect identifier prior to the redirect; and determining a match between the intercepted redirect identifier and a pre-assigned redirect identifier associated with the client application stored at the web runtime engine to authenticate the client application prior to providing an access to the protected resource. - View Dependent Claims (12, 13, 14, 15)
- in response to an authorization server receiving a request to access the protected resource, wherein the request is received from the client application authorized by a resource owner of the protected resource, and redirecting the request to the resource server using a redirect identifier corresponding to a redirect endpoint of the client application,
-
16. A web runtime engine for authenticating a client application attempting to access a protected resource stored on a resource server, the web runtime engine comprising:
a processor configured to, in response to an authorization server receiving a request to access the protected resource, wherein the request is received from the client application authorized by a resource owner of the protected resource, and redirecting the request to the resource server using a redirect identifier corresponding to a redirect endpoint of the client application, intercept the redirect identifier prior to the redirect; and determine a match between the intercepted redirect identifier and a pre-assigned redirect identifier associated with the client application stored at the web runtime engine to authenticate the client application prior to providing an access to the protected resource. - View Dependent Claims (17, 18, 19, 20)
Specification