Passporting credentials between a mobile app and a web browser
First Claim
1. A system comprising:
- a client device in communication via a network with a server and a common gateway interface;
a native app executing on one or more hardware processors of the client device to receive a device session token from the server for authenticating a device session between the native app and the server, the device session token including credentials authenticating a user for a device session between the server and the native app executing on the client device; and
an embedded web browser executing on one or more hardware processors of the client device, wherein;
the native app invokes the embedded web browser and the native app passes the device session token to the embedded web browser for authentication of a web session between the embedded web browser and the common gateway interface that continues the device session authentication without requiring additional authentication; and
the embedded web browser passes the device session token to the common gateway interface and receives from the common gateway interface a web flow authorization token, converted from the device session token using the credentials for authenticating the user for the device session between the server and the native app executing on the client device, for authenticating the web session as a continuation of the device session authenticated by the device session token so that the web flow authorization token and the device session token both share the same underlying device session and the device session remains active while the web session is active.
2 Assignments
0 Petitions
Accused Products
Abstract
Systems and methods for passporting credentials provide a mechanism by which a native app on a client device can invoke a service provider'"'"'s core web site web addresses (URL) while keeping the existing session active and shared between the two experiences (native app and web flow) so that the end user does not need to re-login at each context switch. The mechanism can include a unique way for the web flow context to communicate conditions and pass control back to the native app context of the shared session. Embodiments may operate by authenticating a device session from a native app executing on a client device producing a device session token; passing the device session token from a native app to an embedded browser to authenticate a user when entering a web flow; and entering the web flow, according to the session token, on an embedded browser driven by the native app so that the user encounters a single shared session (device session and web session) running at least two parallel secure communication interactions with an infrastructure.
-
Citations
20 Claims
-
1. A system comprising:
-
a client device in communication via a network with a server and a common gateway interface; a native app executing on one or more hardware processors of the client device to receive a device session token from the server for authenticating a device session between the native app and the server, the device session token including credentials authenticating a user for a device session between the server and the native app executing on the client device; and an embedded web browser executing on one or more hardware processors of the client device, wherein; the native app invokes the embedded web browser and the native app passes the device session token to the embedded web browser for authentication of a web session between the embedded web browser and the common gateway interface that continues the device session authentication without requiring additional authentication; and the embedded web browser passes the device session token to the common gateway interface and receives from the common gateway interface a web flow authorization token, converted from the device session token using the credentials for authenticating the user for the device session between the server and the native app executing on the client device, for authenticating the web session as a continuation of the device session authenticated by the device session token so that the web flow authorization token and the device session token both share the same underlying device session and the device session remains active while the web session is active. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A system comprising:
-
a server executing on one or more of a plurality of hardware processors for communication with a client device via a network, the server receiving login credentials for a user from the client device for a device session between the server and a native app executing on the client device, and the server returning a device session token including credentials authenticating the user for the device session between the server and the native app; a database in communication with the server and to which the sever has access; a common gateway interface (CGI) executing on one or more of the plurality of hardware processors for communication with the client device via the network, the CGI having access to the database, the CGI receiving the device session token from an embedded browser executing, on the client device, a web flow session between the embedded browser and the CGI; the CGI accessing the database according to the device session token received from the client device and the credentials to retrieve a stored session data, including an authorization object; the CGI determining, based on the device session token received from the client device, the credentials, the stored session data, and the authorization object, whether the device session is active or the device session has expired; and the CGI converting, based on determining the device session is active, the authorization object to a web flow session authorization token to be transmitted to the embedded browser to authenticate the web flow session between the embedded browser and the CGI to continue the device session between the server and the native app with the user already logged in. - View Dependent Claims (10, 11, 12, 13)
-
-
14. A method comprising:
-
receiving a device session token by a client device from a server in communication via a network with the client device, the device session token authenticating a device session between the server and a native app executing on the client device, the device session token including credentials authenticating a user for the device session between the server and the native app executing on the client device; invoking an embedded web browser, by the native app, to execute on the client device; passing by the native app the device session token to the embedded web browser for authentication of a web session that continues the device session with the device session authentication and without requiring additional authentication for the web session between the embedded web browser and a common gateway interface in communication via the network with the client device; passing the device session token by the embedded web browser executing on the client device via the network to the common gateway interface; receiving from the common gateway interface a web flow authorization token converted from the device session token using the credentials for authenticating the user for the device session between the server and the native app executing on the client device; authenticating the web session as a continuation of the device session authenticated by the device session token; and communicating back from the web session to the native app so that the web flow authorization token and the device session token both share the same underlying device session and the device session remains active while the web session is active. - View Dependent Claims (15, 16, 17, 18, 19)
-
-
20. A non-transitory machine-readable medium having stored thereon machine-readable instructions executable to cause a machine to perform a operations comprising:
-
receiving a device session token by the mobile device from a server in communication via a network with the mobile device, the device session token authenticating a device session between the server and a native app executing on the mobile device, the device session token including credentials authenticating a user for the device session between the server and the native app executing on the mobile device; invoking an embedded web browser, by the native app, to execute on the mobile device; passing by the native app the device session token to the embedded web browser for authentication of a web session that continues the device session with the device session authentication and without requiring additional authentication for the web session between the embedded web browser and a common gateway interface in communication via the network with the mobile device; passing the device session token by the embedded web browser executing on the mobile device via the network to the common gateway interface; receiving from the common gateway interface a web flow authorization token converted from the device session token using the credentials for authenticating the user for the device session between the server and the native app executing on the mobile device; authenticating the web session as a continuation of the device session authenticated by the device session token; and communicating back from the web session to the native app so that the web flow authorization token and the device session token both share the same underlying device session and the device session remains active while the web session is active.
-
Specification