Cloud service authentication
First Claim
1. A method, implemented at a computer system that includes one or more processors, for providing access to a cloud service, the method comprising:
- receiving a request from an application hosted by an operating system (OS) to access a cloud service;
sending a token request to an identity provider responsive to the receiving a request, the token request comprising (i) an application identifier (ID) identifying the application, (ii) an OS cloud credential of a user of the OS and that is associated with login credentials of the user for the OS, and (iii) and a cloud service ID that is associated with the cloud service;
based at least on sending the token request, and based upon the identity provider having authenticated the user and verified that the application ID is a valid application ID for the application, receiving a token from the identity provider, the token comprising (i) the cloud service ID, (ii) the application ID, and (iii) a user assigned ID that is associated with the cloud service, the user assigned ID having been computed by the identity provider based upon the cloud service ID and a user identification associating the user with the identity provider, the token being signed with an identity provider signature;
providing the token to the application for submission to a cloud service provider for access to the cloud service; and
obtaining access to the cloud service based at least on the cloud service provider having validated an identity provider signature as a signature of the identity provider.
2 Assignments
0 Petitions
Accused Products
Abstract
One or more techniques and/or systems are provided for obtaining access to a cloud service. In particular, a user may log into a client device using an operating system (OS) cloud login ID. The user may access cloud services (e.g., a music streaming service, a data storage service, etc.) through applications executing on the client device using merely the OS cloud login ID without providing additional login credentials specific to the cloud services. A client side application may request a token to access a cloud service. The token may be generated by an identity provider based upon the identity provider verifying an application ID identifying the application, a cloud service ID identifying the cloud service and/or OS cloud credentials. In this way, the application may present the token to a cloud service provider for verification to gain access to the cloud service hosted by the cloud service provider.
22 Citations
17 Claims
-
1. A method, implemented at a computer system that includes one or more processors, for providing access to a cloud service, the method comprising:
-
receiving a request from an application hosted by an operating system (OS) to access a cloud service; sending a token request to an identity provider responsive to the receiving a request, the token request comprising (i) an application identifier (ID) identifying the application, (ii) an OS cloud credential of a user of the OS and that is associated with login credentials of the user for the OS, and (iii) and a cloud service ID that is associated with the cloud service; based at least on sending the token request, and based upon the identity provider having authenticated the user and verified that the application ID is a valid application ID for the application, receiving a token from the identity provider, the token comprising (i) the cloud service ID, (ii) the application ID, and (iii) a user assigned ID that is associated with the cloud service, the user assigned ID having been computed by the identity provider based upon the cloud service ID and a user identification associating the user with the identity provider, the token being signed with an identity provider signature; providing the token to the application for submission to a cloud service provider for access to the cloud service; and obtaining access to the cloud service based at least on the cloud service provider having validated an identity provider signature as a signature of the identity provider. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A system, comprising:
-
one or more processing units; and memory configured to store instructions that when executed by at least some of the one or more processing units to cause the system to perform at least the following; receive, from a client, a token request comprising (i) an application identifier (ID) identifying an application hosted by an operating system (OS) that is requesting access to a cloud service, (ii) an OS cloud credential of a user of the OS and that is associated with login credentials of the user for the OS, and (iii) a cloud service ID that is associated with a cloud service; authenticate the user based upon at least one of a SmartCode, a code sent by phone, a code sent by email, biometrics, or a username and password combination; verify that the application ID is a valid application ID for the application; based at least on authenticating the user, and based at least on verifying that the application ID is valid for the application, compute a user assigned ID that associated with the cloud service, the user assigned ID being computed based upon the cloud service ID and a user identification associating the user with an identity provider; generate a token, the token comprising (i) the user assigned ID, (ii) the application ID, and (iii) the cloud service ID; sign the token with a signature of the identity provider that is usable to validate that the token was signed by the identity provider; and provide the token to the client. - View Dependent Claims (7, 8, 9, 10, 11, 12, 13, 14)
-
-
15. A system, comprising:
-
one or more processing units; and memory configured to store instructions that when executed by at least some of the one or more processing units to cause the system to perform at least the following; receive a request from an application hosted by an operating system (OS) to access a cloud service; send a token request to an identity provider responsive to the receiving a request, the token request comprising (i) an application identifier (ID) identifying the application, (ii) an OS cloud credential of a user of the OS and that is associated with login credentials of the user for the OS, and (iii) and a cloud service ID that is associated with the cloud service; based at least on sending the token request, and based upon the identity provider having authenticated the user and verified that the application ID is a valid application ID for the application, receive a token from the identity provider, the token comprising (i) the cloud service ID, (ii) the application ID, and (iii) a user assigned ID that is associated with the cloud service, the user assigned ID having been computed by the identity provider based upon the cloud service ID and a user identification associating the user with the identity provider, the token being signed with an identity provider signature; provide the token to the application for submission to a cloud service provider for access to the cloud service; and obtain access to the cloud service based at least on the cloud service provider having validated the identity provider signature as a signature of the identity provider. - View Dependent Claims (16, 17)
-
Specification