ACCESSING AN APPLICATION THROUGH APPLICATION CLIENTS AND WEB BROWSERS
First Claim
1. A computer implemented method to provide access to protected applications through application clients, the method comprising:
- receiving a request from an application client to access a protected application, wherein the request comprises an access token;
upon determining that the access token is valid, retrieving grant information associated with the received access token, wherein the grant information comprises a role of a user, a group of the user, attributes of the user, and a plurality of intersecting scopes of rights granted to the application client;
establishing a session between the application client and the protected application, wherein the session is based on the plurality of intersecting scopes of rights, the role of the user, the group of the user, and the attributes of the user, anddetermining at least one scope of rights from the plurality of intersecting scopes of rights granted to the application client that is mapped to at least one application programming interface (API) from a plurality of APIs provided by the protected application, the at least one API is accessible by the application client based on the plurality of intersecting scopes of rights granted to the application client.
1 Assignment
0 Petitions
Accused Products
Abstract
A request from an application client is received at a protected application. The request includes an access token. A grant information associated with the received access token is retrieved. The grant information includes a plurality of intersecting scopes of rights granted to the application client. In another aspect, a session is established between the protected application and the application client. Furthermore, at least one scope of rights from the plurality of intersecting scopes of rights is determined to be mapped to at least one Application Programming Interface (API) from a number of APIs provided by the protected application.
-
Citations
20 Claims
-
1. A computer implemented method to provide access to protected applications through application clients, the method comprising:
-
receiving a request from an application client to access a protected application, wherein the request comprises an access token; upon determining that the access token is valid, retrieving grant information associated with the received access token, wherein the grant information comprises a role of a user, a group of the user, attributes of the user, and a plurality of intersecting scopes of rights granted to the application client; establishing a session between the application client and the protected application, wherein the session is based on the plurality of intersecting scopes of rights, the role of the user, the group of the user, and the attributes of the user, and determining at least one scope of rights from the plurality of intersecting scopes of rights granted to the application client that is mapped to at least one application programming interface (API) from a plurality of APIs provided by the protected application, the at least one API is accessible by the application client based on the plurality of intersecting scopes of rights granted to the application client. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A computer system configured to provide access to a protected application based on user roles and scopes of rights, the computer system including:
at least one processor and memory for executing program code, the program code comprising; a first set of scopes of rights mapped to a user role of an application client in a first mapping, wherein the first set of scopes of rights are defined to correspond to rights included in the user role; a second set of scopes of rights mapped to the protected application in a second mapping, wherein the second set of scopes of rights capable of being granted to the protected application; and a third set of scopes of rights mapped to at least one application programming interface (API) from a plurality of APIs provided by the protected application in a third mapping, wherein mapping of the third set of scopes of rights to the at least one API is created in an authorization filter of the protected application. - View Dependent Claims (10, 11, 12, 13, 14, 15)
-
16. A non-transitory computer readable medium storing instructions, which when executed by at least one processor cause a computer to perform operations comprising:
-
receiving a request from an application client to access a protected application, wherein the request comprises an access token; upon determining that the access token is valid, retrieving grant information associated with the received access token, wherein the grant information comprises a role of a user, a group of the user, attributes of the user, and a plurality of intersecting scopes of rights granted to the application client; establishing a session between the application client and the protected application, wherein the session is based on the plurality of intersecting scopes of rights, the role of the user, the group of the user, and the attributes of the user; and determining at least one scope of rights from the plurality of intersecting scopes of rights granted to the application client that is mapped to at least one application programming interface (API) from a plurality of APIs provided by the protected application, the at least one API is accessible by the application client based on the plurality of intersecting scopes of rights granted to the application client. - View Dependent Claims (17, 18, 19, 20)
-
Specification