Providing application programs with access to secured resources
First Claim
1. A computer-implemented method for providing access to secured resources, the method comprising:
- storing, by a token providing system at a computer, primary authentication token information that an authentication system of a service provider generated in response to receiving authentication credentials for a user account, wherein the primary authentication token information can be used to obtain multiple temporary authentication token information that can be used to access secured resources that the service provider stores in association with the user account, and wherein the token providing system does not have access to the authentication credentials;
receiving, by the token providing system and from a first application program of multiple application programs, a first request to obtain first temporary authentication token information for use in accessing a first portion of the secured resources, wherein the first application program does not have access to the authentication credentials and the first request does not include the primary authentication token information, wherein the first request includes a first requested scope that is for use in identifying the first portion of the secured resources;
transmitting, by the token providing system and to the authentication system, a second request to obtain the first temporary authentication token information, wherein the second request includes the primary authentication token information that was stored by the token providing system;
receiving, by the token providing system and from the authentication system, the first temporary authentication token information;
providing, by the token providing system and to the first application program, the first temporary authentication token information for use by the first application program in accessing the first portion of the secured resources;
receiving, by the token providing system and from a second application program of the application programs, a third request to obtain second temporary authentication token information for use in accessing a second portion of the secured resources, wherein the third request includes a second requested scope that is for use in identifying the second portion of the secured resources and does not include the primary authentication token information;
transmitting, by the token providing system and to the authentication system, a fourth request to obtain the second temporary authentication token information, the fourth request including the primary authentication token information and the second requested scope;
receiving, by the token providing system and from the authentication system, the second temporary authentication token information; and
providing, by the token providing system and to the second application program, the second temporary authentication token information for use by the second application program in accessing the second portion of the secured resources, wherein the first portion of the secured resources is different than the second portion of the secured resources.
2 Assignments
0 Petitions
Accused Products
Abstract
In general, the subject matter described in this specification can be embodied in methods, systems, and program products for providing access to secured resources. A token providing system stores a primary authentication token that is used to obtain temporary authentication tokens. The token providing system provides, to application programs that are unable to access the primary authentication token, the temporary authentication tokens. The token providing system receives, from a first application program of the application programs, a first request to obtain a first temporary authentication token. The first request does not include the primary authentication token. The token providing system transmits a second request to obtain the first temporary authentication token. The second request includes the primary authentication token. The token providing system receives the first temporary authentication token. The token providing system provides the first temporary authentication token for use by the first application program.
164 Citations
18 Claims
-
1. A computer-implemented method for providing access to secured resources, the method comprising:
-
storing, by a token providing system at a computer, primary authentication token information that an authentication system of a service provider generated in response to receiving authentication credentials for a user account, wherein the primary authentication token information can be used to obtain multiple temporary authentication token information that can be used to access secured resources that the service provider stores in association with the user account, and wherein the token providing system does not have access to the authentication credentials; receiving, by the token providing system and from a first application program of multiple application programs, a first request to obtain first temporary authentication token information for use in accessing a first portion of the secured resources, wherein the first application program does not have access to the authentication credentials and the first request does not include the primary authentication token information, wherein the first request includes a first requested scope that is for use in identifying the first portion of the secured resources; transmitting, by the token providing system and to the authentication system, a second request to obtain the first temporary authentication token information, wherein the second request includes the primary authentication token information that was stored by the token providing system; receiving, by the token providing system and from the authentication system, the first temporary authentication token information; providing, by the token providing system and to the first application program, the first temporary authentication token information for use by the first application program in accessing the first portion of the secured resources; receiving, by the token providing system and from a second application program of the application programs, a third request to obtain second temporary authentication token information for use in accessing a second portion of the secured resources, wherein the third request includes a second requested scope that is for use in identifying the second portion of the secured resources and does not include the primary authentication token information; transmitting, by the token providing system and to the authentication system, a fourth request to obtain the second temporary authentication token information, the fourth request including the primary authentication token information and the second requested scope; receiving, by the token providing system and from the authentication system, the second temporary authentication token information; and providing, by the token providing system and to the second application program, the second temporary authentication token information for use by the second application program in accessing the second portion of the secured resources, wherein the first portion of the secured resources is different than the second portion of the secured resources.
-
-
2. A computer-implemented method for providing access to secured resources, the method comprising:
-
storing, by a token providing system at a computer system, primary authentication token information that is used to obtain temporary authentication token information from an authentication system of a service provider, wherein the token providing system provides, to application programs that are unable to access the primary authentication token information, the temporary authentication token information for use in accessing portions of secured resources of the service provider; receiving, by the token providing system and from a first application program of the application programs, a first request to obtain first temporary authentication token information for use in accessing a first portion of the secured resources, wherein the first request does not include the primary authentication token information, wherein the first request includes a first requested scope that is for use in identifying the first portion of the secured resources; transmitting, by the token providing system and to the authentication system at the service provider, a second request to obtain the first temporary authentication token information, wherein the second request includes the primary authentication token information; receiving, by the token providing system and from the authentication system, the first temporary authentication token information; providing, by the token providing system and to the first application program, the first temporary authentication token information for use by the first application program in accessing the first portion of the secured resources; receiving, by the token providing system and from a second application program of the application programs, a third request to obtain second temporary authentication token information for use in accessing a second portion of the secured resources, wherein the third request includes a second requested scope that is for use in identifying the second portion of the secured resources and does not include the primary authentication token information; transmitting, by the token providing system and to the authentication system, a fourth request to obtain the second temporary authentication token information, the fourth request including the primary authentication token information and the second requested scope; receiving, by the token providing system and from the authentication system, the second temporary authentication token information; and providing, by the token providing system and to the second application program, the second temporary authentication token information for use by the second application program in accessing the second portion of the secured resources, wherein the first portion of the secured resources is different than the second portion of the secured resources. - View Dependent Claims (3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A computer system for providing access to secured resources, the system comprising:
-
one or more processors; and one or more computer-readable devices that store; application programs that are hosted by a computer system for third-party users that are provided an ability to administer the application programs upon providing valid user credentials; primary token information, at the computer system, that an authentication system of a service provider generated in response to the service provider receiving user credentials that are associated with a user account, the service provider storing resources in association with the user account; and a temporary token program, at the computer system, to; (i) receive, from a first application program of the application programs, a first request to obtain first temporary authentication token information for use in accessing a first portion of the stored resources, wherein the first request does not include the primary token information, wherein the first request includes a first requested scope that is used in identifying the first portion of the stored resources, (ii) transmit, to the authentication system, a second request to obtain the first temporary authentication token information, the second request including the primary token information, (iii) receive, from the authentication system, the first temporary authentication token information, (iv) provide, to the first application program, the first temporary authentication token information for use by the first application program in accessing the first portion of the stored resources, (v) receive, from a second application program of the application programs, a third request to obtain second temporary authentication token information for use in accessing a second portion of the stored resources, wherein the third request includes a second requested scope that is used in identifying the second portion of the stored resources, (vi) transmit, to the authentication system, a fourth request to obtain the second temporary authentication token information, the fourth request including the primary token information and the second requested scope, (vii) receive, from the authentication system, the second temporary authentication token information, and (viii) provide, to the second application program, the second temporary authentication token information for use by the second application program in accessing the second portion of the stored resources. - View Dependent Claims (14, 15, 16, 17, 18)
-
Specification