Authorization messaging with integral delegation data
First Claim
1. A computer-implemented method for authorizing access by a client application to a resource of a user maintained on a first server computing system, the client application being implemented on a second server computing system, the method comprising:
- receiving a delegation message from the first server computer system to initiate authorization of the access by the client application;
issuing, in response to the delegation message, an authorization message to the first server computer system, the authorization message comprising an authorization data package for redemption by the client application, the authorization data package comprising first through fourth integral delegation data specifying the user, the client application, the resource, and a timestamp, respectively;
receiving a redemption message from the second server computing system comprising the authorization data package;
conducting, with a processor, an analysis of the authorization data package; and
sending an access token to the second server computing system based on the analysis.
4 Assignments
0 Petitions
Accused Products
Abstract
A computer-implemented method for authorizing access by a client application to a resource of a user maintained on a first server computing system, the client application being implemented on a second server computing system, includes receiving a delegation message from the first server computer system to initiate authorization of the access by the client application, issuing an authorization message to the first server computer system, the authorization message comprising an authorization data package for redemption by the client application, the authorization data package comprising first through fourth integral delegation data indicative of the user, the client application, the resource, and a timestamp, respectively, receiving a redemption message from the second server computing system comprising the authorization data package, conducting an analysis of the authorization data package, and sending an access token to the second server computing system based on the analysis.
25 Citations
20 Claims
-
1. A computer-implemented method for authorizing access by a client application to a resource of a user maintained on a first server computing system, the client application being implemented on a second server computing system, the method comprising:
-
receiving a delegation message from the first server computer system to initiate authorization of the access by the client application; issuing, in response to the delegation message, an authorization message to the first server computer system, the authorization message comprising an authorization data package for redemption by the client application, the authorization data package comprising first through fourth integral delegation data specifying the user, the client application, the resource, and a timestamp, respectively; receiving a redemption message from the second server computing system comprising the authorization data package; conducting, with a processor, an analysis of the authorization data package; and sending an access token to the second server computing system based on the analysis. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. A system for authorizing access by a client application to a resource of a user maintained on a first server computing system, the client application being implemented on a second server computing system, the system comprising:
-
a memory in which authorization instructions and redemption analysis instructions are stored; and a processor coupled to the memory and configured to execute the authorization instructions to issue, in response to a delegation message from the first server computing system to initiate authorization of the access, an authorization message comprising an authorization data package, the authorization data package comprising first through fourth integral delegation data specifying the user, the client application, the resource, and a timestamp, respectively; wherein the processor is further configured to execute the redemption analysis instructions to; conduct an analysis of the authorization data package in response to a redemption message from the second server computing system comprising the authorization data package, the analysis comprising an evaluation of the first integral delegation data to verify an account status of the user; and send an access token to the second server computing system based on the analysis. - View Dependent Claims (15, 16, 17, 18, 19)
-
-
20. A computer program product for implementing a method of authorizing access by a client application to a resource of a user maintained on a first server computing system, the client application being implemented on a second server computing system, the computer program product comprising one or more computer-readable storage media having stored thereon computer-executable instructions that, when executed by one or more processors of a computing system, cause the computing system to perform the method, the method comprising:
-
receiving a delegation message from the first server computer system to initiate authorization of the access by the client application; issuing, in response to the delegation message, an authorization message to the first server computer system for redemption by the second server computer system, the authorization message comprising an authorization data package, the authorization data package comprising integral delegation data specifying the user, the client application, the resource, a timestamp, and a consent type, the integral delegation data being serially arranged, compressed, encrypted, and signed in a parameter string, the consent type being indicative of whether an administrator authorized the access on behalf of the user; receiving a redemption message from the second server computing system comprising the authorization data package; conducting an analysis of the authorization data package, the analysis comprising an evaluation of the integral delegation data to verify an account status of the user; and sending an access token to the second server computing system based on the analysis.
-
Specification