Using representational state transfer (REST) for consent management
First Claim
1. A computer-implemented method comprising:
- receiving, at an OAuth authorization server, from a software application executing on a device associated with a user, through a Representational State Transfer (REST)-based interface, a request for permission to access a scope of information associated with the user;
upon the OAuth authorization server authenticating the user associated with the device, sending, from the OAuth authorization server, to the device through the REST-based interface, a request for consent by the user to allow the software application to access information that is within the scope of information associated with the user;
receiving, at the OAuth authorization server, from the device, through the REST-based interface, consent to allow the software application to access the information that is within the scope of information; and
in response to receiving the consent, storing, at the OAuth authorization server, a mapping between the software application and the scope of information.
1 Assignment
0 Petitions
Accused Products
Abstract
A framework, which conforms to the OAuth standard, involves a generic OAuth authorization server that can be used by multiple resource servers in order to ensure that access to resources stored on those resource servers is limited to access to which the resource owner consents. Each resource server registers, with the OAuth authorization server, metadata for that resource server, indicating scopes that are recognized by the resource server. The OAuth authorization server refers to this metadata when requesting consent from a resource owner on behalf of a client application, so that the consent will be of an appropriate scope. The OAuth authorization server refers to this metadata when constructing an access token to provide to the client application for use in accessing the resources on the resource server. The OAuth authorization server uses this metadata to map issued access tokens to the scopes to which those access tokens grant access.
296 Citations
20 Claims
-
1. A computer-implemented method comprising:
-
receiving, at an OAuth authorization server, from a software application executing on a device associated with a user, through a Representational State Transfer (REST)-based interface, a request for permission to access a scope of information associated with the user; upon the OAuth authorization server authenticating the user associated with the device, sending, from the OAuth authorization server, to the device through the REST-based interface, a request for consent by the user to allow the software application to access information that is within the scope of information associated with the user; receiving, at the OAuth authorization server, from the device, through the REST-based interface, consent to allow the software application to access the information that is within the scope of information; and in response to receiving the consent, storing, at the OAuth authorization server, a mapping between the software application and the scope of information. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A computer-readable memory comprising instructions which, when executed by one or more processors, cause the one or more processors to perform:
-
receiving, at an OAuth authorization server, from a software application executing on a device associated with a user, through a Representational State Transfer (REST)-based interface, a request for permission to access a scope of information associated with the user; upon the OAuth authorization server authenticating the user associated with the device, sending, from the OAuth authorization server, to the device through the REST-based interface, a request for consent by the user to allow the software application to access information that is within the scope of information associated with the user; receiving, at the OAuth authorization server, from the device, through the REST-based interface, consent to allow the software application to access the information that is within the scope of information; and in response to receiving the consent, storing, at the OAuth authorization server, a mapping between the software application and the scope of information. - View Dependent Claims (10, 11, 12, 13, 14)
-
-
15. A system comprising:
-
a first machine that stores a software application, wherein the first machine is associated with a user; and a second machine that includes an OAuth authorization server that is configured to; receive, from the software application stored on the first machine, through a Representational State Transfer (REST)-based interface, a request for permission to access a scope of information associated with the user; upon the OAuth authorization server authenticating the user associated with the first machine, send, to the first machine through the REST-based interface, a request for consent by the user to allow the software application to access information that is within the scope of information associated with the user; receive, from the first machine through the REST-based interface, consent to allow the software application to access the information that is within the scope of information; and store, in response to receiving the consent, a mapping between the software application and the scope of information. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification