Methods and apparatus for selecting an authentication mode at time of issuance of an access token
First Claim
1. An apparatus, comprising:
- an authorization module implemented in at least one of a memory or a processing device, the authorization module configured to receive, from an application, a request for an access token associated with the application, the request including a scope identifier from a plurality of scope identifiers associated with the application,the authorization module configured to select, based on the scope identifier, a first authentication mode from a plurality of predefined authentication modes when the scope identifier is associated with a first level of access to a resource module, the authorization module configured to select the first authentication mode and a second authentication mode from the plurality of predefined authentication modes when the scope identifier is associated with a second level of access to the resource module, the authorization module configured to receive at least one credential assigned to at least one of the first authentication mode or the second authentication mode, the authorization module configured to send the access token to the application in response to authenticating a user of the application based on the at least one credential.
10 Assignments
0 Petitions
Accused Products
Abstract
In some embodiments, an apparatus includes an authorization module implemented in at least one of a memory or a processing device. The authorization module can receive from an application a request for an access token associated with the application that includes a scope identifier associated with a level of access to a resource module. The authorization module can select based on the scope identifier at least one authentication mode from a set of predefined authentication modes. The authorization module can also receive at least one credential assigned to at least one authentication mode. Additionally, the authorization module can send the access token to the application in response to authenticating a user of the application based on the at least one credential.
68 Citations
20 Claims
-
1. An apparatus, comprising:
-
an authorization module implemented in at least one of a memory or a processing device, the authorization module configured to receive, from an application, a request for an access token associated with the application, the request including a scope identifier from a plurality of scope identifiers associated with the application, the authorization module configured to select, based on the scope identifier, a first authentication mode from a plurality of predefined authentication modes when the scope identifier is associated with a first level of access to a resource module, the authorization module configured to select the first authentication mode and a second authentication mode from the plurality of predefined authentication modes when the scope identifier is associated with a second level of access to the resource module, the authorization module configured to receive at least one credential assigned to at least one of the first authentication mode or the second authentication mode, the authorization module configured to send the access token to the application in response to authenticating a user of the application based on the at least one credential. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. An apparatus, comprising:
-
an application implemented in at least one of a memory or a processing device, the application configured to send, to an authorization module, a request (1) for an access token associated with the application and (2) including a scope identifier from a plurality of scope identifiers associated with the application, such that the authorization module selects, based on the scope identifier, (1) a first authentication mode from a plurality of predefined authentication modes when the scope identifier is associated with a first level of access to a resource module or (2) the first authentication mode and a second authentication mode from the plurality of predefined authentication modes when the scope identifier is associated with a second level of access to the resource module; the application configured to receive, from the authorization module, the access token in response to the authorization module authenticating a user of the application using at least one of the first authentication mode or the second authentication mode, the application is configured to send the access token to the resource module such that the resource module verifies the access token. - View Dependent Claims (10, 11, 12, 13)
-
-
14. A non-transitory processor-readable medium storing code representing instructions to be executed by a processor, the code comprising code to cause the processor to:
-
receive, from an application, a request for an access token, the request including a scope identifier from a plurality of scope identifiers associated with the application; select, based on the scope identifier, (1) a first authentication mode from a plurality of predefined authentication modes when the scope identifier is associated with a first level of access to a resource module or (2) the first authentication mode and a second authentication mode from the plurality of predefined authentication modes when the scope identifier is associated with a second level of access to the resource module; authenticate a user of the application (1) using at least one of the first authentication mode or the second authentication mode and (2) based on at least one credential associated with the user; and send the access token to the application in response to authenticating the user. - View Dependent Claims (15, 16, 17, 18, 19, 20)
-
Specification