Federated identity mapping using delegated authorization
First Claim
1. A method, comprising:
- connecting a first web service that uses a delegated authorization access protocol to a second web service that uses the delegated authorization protocol;
receiving, by the first web service, a request from a first user;
in response to receipt of the request, requesting and receiving, by the first web service and from the second web service, information about a second user of the first web service that previously logged into the second web service from the first web service using the delegated authorization protocol, the information including a delegated authorization access token obtained by the second user during that prior login; and
mapping, by the first web service, the delegated authorization access token to an identity of the second user in the first web service to accomplish identity mapping across the first and second web services.
1 Assignment
0 Petitions
Accused Products
Abstract
A method for identity mapping across web services uses a delegated authorization protocol, such as OAuth. In response to a request from a first user at a first web service, a connection to a second web service is established using the protocol. The second web service responds by sending information associated with a second user of the first web service who previously logged into the second web service from the first web service using the protocol. The second user may be a “contact” of the first user. The information received from the second web service is a access token that was obtained by the second user during that prior login. The access token is provided in lieu of data associated with the second user'"'"'s account at the second web service. Thereafter, the first web service uses the access token it received to map to an identity of the second user.
-
Citations
21 Claims
-
1. A method, comprising:
-
connecting a first web service that uses a delegated authorization access protocol to a second web service that uses the delegated authorization protocol; receiving, by the first web service, a request from a first user; in response to receipt of the request, requesting and receiving, by the first web service and from the second web service, information about a second user of the first web service that previously logged into the second web service from the first web service using the delegated authorization protocol, the information including a delegated authorization access token obtained by the second user during that prior login; and mapping, by the first web service, the delegated authorization access token to an identity of the second user in the first web service to accomplish identity mapping across the first and second web services. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. Apparatus, comprising:
-
a processor; computer memory holding computer program instructions that when executed by the processor performs identity mapping by; connecting a first web service that uses a delegated authorization access protocol to a second web service that uses the delegated authorization protocol; receiving, by the first web service, a request from a first user; in response to receipt of the request, requesting and receiving, by the first web service and from the second web service, information about a second user of the first web service that previously logged into the second web service from the first web service using the delegated authorization protocol, the information including a delegated authorization access token obtained by the second user during that prior login; and mapping, by the first web service, the delegated authorization access token to an identity of the second user in the first web service to accomplish identity mapping across the first and second web services. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A computer program product in a non-transitory computer-readable storage medium for use in a data processing system, the computer program product holding computer program instructions which, when executed by the data processing system, perform a method, the method comprising:
-
connecting a first web service that uses a delegated authorization access protocol to a second web service that uses the delegated authorization protocol; receiving, by the first web service, a request from a first user; in response to receipt of the request, requesting and receiving, by the first web service and from the second web service, information about a second user of the first web service that previously logged into the second web service from the first web service using the delegated authorization protocol, the information including a delegated authorization access token obtained by the second user during that prior login; and mapping, by the first web service, the delegated authorization access token to an identity of the second user in the first web service to accomplish identity mapping across the first and second web services. - View Dependent Claims (16, 17, 18, 19, 20, 21)
-
Specification