EXTENDED OAUTH ARCHITECTURE SUPPORT IN A SCALABLE ENVIRONMENT
1 Assignment
0 Petitions
Accused Products
Abstract
An approach is provided for sharing valid token(s) across application instances. If refresh token rotation is used, (i) a token request is received which includes a number of tokens required, (ii) access and refresh token pairs are generated and shared so that a total number of the pairs equals the number of tokens, and (iii) the access and refresh token pairs are sent to a client so that in response to token requests, the application instances obtain respective access and refresh token pairs. If refresh token rotation is not used, (iv) a request for a refresh token is received, (v) an existing access token is validated, where the access token is bound to the refresh token, and (vi) if the existing access token is expired, a new access token is generated and sent to the client; otherwise, the existing access token is sent to the client.
-
Citations
20 Claims
-
1-9. -9. (canceled)
-
10. A computer program product, comprising:
-
a computer readable storage medium; and a computer readable program code stored in the computer readable storage medium, the computer readable program code containing instructions that are executed by a central processing unit (CPU) of a computer system to implement a method of sharing one or more valid tokens across multiple instances of an application in a dynamically scalable environment, the method comprising the step of; if the computer system, which includes an authorization server, issues a corresponding new refresh token for each request for a refresh of each access token, the computer system (i) receiving a token request from a client interacting with instances of an application, the client being another computer system, the token request including a field indicating a number of tokens required, and the number of tokens being an integer greater than one, (ii) in response to the step of receiving the token request, generating and sharing access and refresh token pairs so that a total number of the access and refresh token pairs equals the number of tokens required included in the token request, and (iii) sending the access and refresh token pairs to the client so that in response to token requests from the instances of the application, the instances of the application obtain respective access and refresh token pairs;
orif the computer system does not issue the corresponding new refresh token for each request for the refresh of each access token, the computer system (iv) receiving from the client a request for a refresh token, (v) in response to the step of receiving the request for the refresh token, validating an existing access token which is bound to the refresh token, and (vi) in response to the step of validating, if the existing access token is expired, generating and sending to the client a new access token, or in response to the step of validating, if the existing access token is not expired, sending to the client the existing access token. - View Dependent Claims (11, 12, 13, 14, 15)
-
-
16. A computer system comprising:
-
a central processing unit (CPU); a memory coupled to the CPU; and a computer readable storage device coupled to the CPU, the storage device containing instructions that are executed by the CPU via the memory to implement a method of sharing one or more valid tokens across multiple instances of an application in a dynamically scalable environment, the method comprising the step of; if the computer system, which includes an authorization server, issues a corresponding new refresh token for each request for a refresh of each access token, the computer system (i) receiving a token request from a client interacting with instances of an application, the client being another computer system, the token request including a field indicating a number of tokens required, and the number of tokens being an integer greater than one, (ii) in response to the step of receiving the token request, generating and sharing access and refresh token pairs so that a total number of the access and refresh token pairs equals the number of tokens required included in the token request, and (iii) sending the access and refresh token pairs to the client so that in response to token requests from the instances of the application, the instances of the application obtain respective access and refresh token pairs;
orif the computer system does not issue the corresponding new refresh token for each request for the refresh of each access token, the computer system (iv) receiving from the client a request for a refresh token, (v) in response to the step of receiving the request for the refresh token, validating an existing access token which is bound to the refresh token, and (vi) in response to the step of validating, if the existing access token is expired, generating and sending to the client a new access token, or in response to the step of validating, if the existing access token is not expired, sending to the client the existing access token. - View Dependent Claims (17, 18, 19, 20)
-
Specification