Methods and systems of data security in browser storage
First Claim
Patent Images
1. A non-transitory computer-readable medium having stored thereon instructions that, when executed by one or more processors, are configurable to cause the one or more processors to:
- authenticate a client browser via an identity provider;
grant permission for a service to access data and/or services of the identity provider;
redirect, with the identity provider, the client browser to an endpoint provided by service provider, wherein the service provider provides an on-demand service environment comprising at least a multitenant database system;
send an authorization code, with the identity provider, during the redirect, the authorization code to be exchanged, by the service provider, for one or more refresh tokens and access to the data and/or services;
wherein the client browser establishes communications with the service provider, the service provider prompts the user to set-up a passcode before obtaining the tokens and once the passcode is provided, and after the service provider obtains the tokens from the identity provider, the service provider encrypts the refresh token(s) by using the passcode and/or by a private key generated by the service provider; and
wherein the encrypted token is returned to the client browser to be saved locally in local storage of the client browser.
1 Assignment
0 Petitions
Accused Products
Abstract
Mechanisms and methods are provided for managing OAuth access in a database network system, and extending the OAuth flow of authentication to securely store the OAuth encrypted refresh token in the storage available with current browsers or any other non-secure storage on user system.
-
Citations
9 Claims
-
1. A non-transitory computer-readable medium having stored thereon instructions that, when executed by one or more processors, are configurable to cause the one or more processors to:
-
authenticate a client browser via an identity provider; grant permission for a service to access data and/or services of the identity provider; redirect, with the identity provider, the client browser to an endpoint provided by service provider, wherein the service provider provides an on-demand service environment comprising at least a multitenant database system; send an authorization code, with the identity provider, during the redirect, the authorization code to be exchanged, by the service provider, for one or more refresh tokens and access to the data and/or services; wherein the client browser establishes communications with the service provider, the service provider prompts the user to set-up a passcode before obtaining the tokens and once the passcode is provided, and after the service provider obtains the tokens from the identity provider, the service provider encrypts the refresh token(s) by using the passcode and/or by a private key generated by the service provider; and wherein the encrypted token is returned to the client browser to be saved locally in local storage of the client browser. - View Dependent Claims (2, 3)
-
-
4. A method comprising:
-
authenticating a client browser via an identity provider; granting permission for an service to access data and/or services of the identity provider; redirecting, with the identity provider, the client browser to an endpoint provided by a service provider, wherein the service provider provides an on-demand service environment comprising at least a multitenant database system; sending an authorization code, with the identity provider, during the redirect, the authorization code to be exchanged, by the service provider, for one or more refresh tokens and access to the data and/or services; wherein the client browser establishes communications with the service provider, the service provider prompts the user to set-up a passcode before obtaining the tokens and once the passcode is provided, and after the service provider obtains the tokens from the identity provider, the service provider encrypts the refresh token(s) by using the passcode and/or by a private key generated by the service provider; and wherein the encrypted token is returned to the client browser to be saved locally in local storage of the client browser. - View Dependent Claims (5, 6)
-
-
7. A computer system comprising:
one or more processors communicatively coupled to each other to authenticate a client browser via an identity provider, to grant permission for an service to access data and/or services of the identity provider, to redirect, with the identity provider, the client browser to an endpoint provided by a service provider, wherein the service provider provides an on-demand service environment comprising at leas a multitenant database system, and to send an authorization code, with the identity provider, during the redirect, the authorization code to be exchanged, by the service provider, for one or more refresh tokens and access to the data and/or services, wherein the client browser establishes communications with the service provider, the service provider prompts the user to set-up a passcode before obtaining the tokens and once the passcode is provided, and after the service provider obtains the tokens from the identity provider, the service provider encrypts the refresh token(s) by using the passcode and/or by a private key generated by the service provider, wherein the encrypted token is returned to the client browser to be saved locally in local storage of the client browser. - View Dependent Claims (8, 9)
Specification