Web authorization with reduced user interaction
First Claim
1. A computer-implemented method comprising:
- receiving, at a computer system, a request from a web browser for a token that authorizes a third party server to access a user'"'"'s data stored by a content provider server;
identifying, using the computing system and from a plurality of available scopes of authorization stored on the computing system, a first scope of authorization that is specified by the token and that indicates a portion of the user'"'"'s data that a third party server is permitted to access, wherein the first scope of authorization indicates part of the user'"'"'s data but less than all of the user'"'"'s data;
identifying a previously-issued token;
identifying a second scope of authorization from the plurality of scopes of authorization, the second scope of authorization specified by the previously-issued token;
comparing, using the computer system, the first scope of authorization to the second scope of authorization; and
transmitting the token in response to the received request based on a determination that the first scope of authorization is determined to be a subset of the second scope of authorization.
2 Assignments
0 Petitions
Accused Products
Abstract
The subject matter of this specification can be embodied in, among other things, a method that includes receiving, from a web browser, a request for a token that authorizes a third party server to access a user'"'"'s data stored by a content provider server. The token specifies a first scope of authorization that indicates a portion of the user'"'"'s data that the third party server is permitted to access. The method also includes determining if the first scope is substantially the same as or a subset of a second scope of a previously issued token and transmitting the token in response to the received request if the first scope is determined to be substantially the same as or a subset of the second scope.
-
Citations
25 Claims
-
1. A computer-implemented method comprising:
-
receiving, at a computer system, a request from a web browser for a token that authorizes a third party server to access a user'"'"'s data stored by a content provider server; identifying, using the computing system and from a plurality of available scopes of authorization stored on the computing system, a first scope of authorization that is specified by the token and that indicates a portion of the user'"'"'s data that a third party server is permitted to access, wherein the first scope of authorization indicates part of the user'"'"'s data but less than all of the user'"'"'s data; identifying a previously-issued token; identifying a second scope of authorization from the plurality of scopes of authorization, the second scope of authorization specified by the previously-issued token; comparing, using the computer system, the first scope of authorization to the second scope of authorization; and transmitting the token in response to the received request based on a determination that the first scope of authorization is determined to be a subset of the second scope of authorization. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24)
-
-
25. A system comprising:
-
a computer interface to receive from a web browser a request for a token that authorizes a third party to access a user'"'"'s data, wherein the computer interface identifies a first scope of authorization from a plurality of scopes of authorization stored on the computing system, the first scope of authorization being specified by the token and indicating a portion of the user'"'"'s data that a third party server is permitted to access, wherein the first scope of authorization indicates part of the user'"'"'s data but less than all of the user'"'"'s data, and wherein the computer identifies a previously-issued token and a second scope of authorization from a plurality of authorization scopes, the second scope of authorization specified by the previously-issued token; means for comparing the first scope of authorization to the second scope of authorization; and a token issuer to transmit the token in response to the received request based on a determination that the first scope of authorization is determined to be equal to or less than the second scope of authorization.
-
Specification