System and method for embedding first party widgets in third-party applications
First Claim
1. A method for embedding a widget provided by a first-party system in a third-party application, the method comprising:
- providing the third-party application with an embeddable first-party widget for embedding in a third-party web page, wherein the third-party web page is controlled by the third-party application;
receiving a message at the embedded first-party widget from the embedding third-party application, wherein the message comprises an application identifier and an origin identifier;
receiving at a first-party server from the embedded first-party widget the application identifier and the origin identifier;
authenticating the application identifier at the first-party server, wherein said authenticating the application identifier comprises determining whether the application identifier references a valid third-party application;
authenticating the origin identifier at the first-party server, wherein said authenticating the origin identifier comprises determining whether the origin identifier is associated with the valid third-party application that is referenced by the authenticated application identifier; and
in response to said authenticating the application identifier and the origin identifier, enabling the first-party widget to access the first-party system from the embedding third-party application.
2 Assignments
0 Petitions
Accused Products
Abstract
Methods and systems provide embeddable user interface widgets to third-party applications so that the widgets can be securely embedded in, and securely used from within, the third-party applications. An embeddable widget may be authorized to access a first-party cloud storage system from a third-party application based on the cloud storage system authenticating a request received from the widget. The authentication may be based on an application identifier, an origin identifier, and/or one or more document identifiers received from the third-party application through the embedded widget. The disclosed methods and systems may significantly mitigate security concerns caused by embedding software in third-party sites, such as clickjacking.
-
Citations
20 Claims
-
1. A method for embedding a widget provided by a first-party system in a third-party application, the method comprising:
-
providing the third-party application with an embeddable first-party widget for embedding in a third-party web page, wherein the third-party web page is controlled by the third-party application; receiving a message at the embedded first-party widget from the embedding third-party application, wherein the message comprises an application identifier and an origin identifier; receiving at a first-party server from the embedded first-party widget the application identifier and the origin identifier; authenticating the application identifier at the first-party server, wherein said authenticating the application identifier comprises determining whether the application identifier references a valid third-party application; authenticating the origin identifier at the first-party server, wherein said authenticating the origin identifier comprises determining whether the origin identifier is associated with the valid third-party application that is referenced by the authenticated application identifier; and in response to said authenticating the application identifier and the origin identifier, enabling the first-party widget to access the first-party system from the embedding third-party application. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A system for embedding a widget provided by a first-party system in a third-party application, the system comprising:
-
a first-party server device configured for; providing the third-party application with an embeddable first-party widget for embedding in a third-party web page, wherein the third-party web page is controlled by the third-party application, wherein the embedded first-party widget is configured for receiving a message from the embedding third-party application, and wherein the message comprises an application identifier and an origin identifier; receiving at the first-party server from the embedded first-party widget the application identifier and the origin identifier; authenticating the application identifier at the first-party server, wherein said authenticating the application identifier comprises determining whether the application identifier references a valid third-party application; authenticating the origin identifier at the first-party server, wherein said authenticating the origin identifier comprises determining whether the origin identifier is associated with the valid third-party application that is referenced by the authenticated application identifier; and in response to said authenticating the application identifier and the origin identifier, enabling the first-party widget to access the first-party system from the embedding third-party application. - View Dependent Claims (10, 11, 12, 13, 14, 15)
-
-
16. A non-transitory computer readable medium storing computer executable instructions, which, when executed by a processor circuitry, causes the circuitry to carry out a method for embedding a widget provided by a first-party system in a third-party application, the method comprising:
-
providing the third-party application with an embeddable first-party widget for embedding in a third-party web page, wherein the third-party web page is controlled by the third-party application; receiving a message at the embedded first-party widget from the embedding third-party application, wherein the message comprises an application identifier and an origin identifier; receiving at a first-party server from the embedded first-party widget the application identifier and the origin identifier; authenticating the application identifier at the first-party server, wherein said authenticating the application identifier comprises determining whether the application identifier references a valid third-party application; authenticating the origin identifier at the first-party server, wherein said authenticating the origin identifier comprises determining whether the origin identifier is associated with the valid third-party application that is referenced by the authenticated application identifier; and in response to said authenticating the application identifier and the origin identifier, enabling the first-party widget to access the first-party system from the embedding third-party application. - View Dependent Claims (17, 18, 19, 20)
-
Specification