System and method for embedding first party widgets in third-party applications
First Claim
1. A method for providing a third party application with access to files stored on a server, the method comprising:
- receiving, from a browser at a client device, a request for a file stored on the server, wherein the request is received via a web page provided by the third party application and rendered by the browser, the web page comprising an embedded user interface (UI) component associated with the server to access the file stored on the server, wherein the request includes;
a document identifier associated with the file,an application identifier of the third-party application, andan origin identifier, wherein the origin identifier is associated with the web page provided by the third party application and rendered by the browser;
determining that the origin identifier and the document identifier are both associated with the application identifier;
authenticating the application identifier at the server, wherein the authenticating the application identifier comprises determining whether the application identifier references a valid application;
authenticating the origin identifier at the server, wherein the authenticating the origin identifier comprises determining whether the origin identifier is associated with the valid application that is referenced by the authenticated application identifier; and
based on the determining and authenticating, granting access to the file for the third party application.
2 Assignments
0 Petitions
Accused Products
Abstract
Methods and systems provide embeddable user interface widgets to third-party applications so that the widgets can be securely embedded in, and securely used from within, the third-party applications. An embeddable widget may be authorized to access a first-party cloud storage system from a third-party application based on the cloud storage system authenticating a request received from the widget. The authentication may be based on an application identifier, an origin identifier, and/or one or more document identifiers received from the third-party application through the embedded widget. The disclosed methods and systems may significantly mitigate security concerns caused by embedding software in third-party sites, such as clickjacking.
-
Citations
7 Claims
-
1. A method for providing a third party application with access to files stored on a server, the method comprising:
-
receiving, from a browser at a client device, a request for a file stored on the server, wherein the request is received via a web page provided by the third party application and rendered by the browser, the web page comprising an embedded user interface (UI) component associated with the server to access the file stored on the server, wherein the request includes; a document identifier associated with the file, an application identifier of the third-party application, and an origin identifier, wherein the origin identifier is associated with the web page provided by the third party application and rendered by the browser; determining that the origin identifier and the document identifier are both associated with the application identifier; authenticating the application identifier at the server, wherein the authenticating the application identifier comprises determining whether the application identifier references a valid application; authenticating the origin identifier at the server, wherein the authenticating the origin identifier comprises determining whether the origin identifier is associated with the valid application that is referenced by the authenticated application identifier; and based on the determining and authenticating, granting access to the file for the third party application. - View Dependent Claims (2, 3)
-
-
4. A system for providing a third party application with access to files stored on a server, the system comprising:
-
a memory; and one or more processors, coupled to the memory, to; receive, from a browser at a client device, a request for a file stored on the server, wherein the request is received via a web page provided by the third party application and rendered by the browser, the web page comprising an embedded user interface (UI) component associated with the server to access the file stored on the server, wherein the request includes; a document identifier associated with the file, an application identifier of the third-party application, and an origin identifier, wherein the origin identifier is associated with the web page provided by the third party application and rendered by the browser; determine that the origin identifier and the document identifier are both associated with the application identifier; authenticate the application identifier at the server, wherein the authenticating the application identifier comprises determining whether the application identifier references a valid application; authenticate the origin identifier at the server, wherein the authenticating the origin identifier comprises determining whether the origin identifier is associated with the valid application that is referenced by the authenticated application identifier; and based on the determining and authenticating, grant access to the file for the third party application. - View Dependent Claims (5, 6)
-
-
7. A non-transitory computer-readable medium comprising instructions, which when executed by a processing device, cause the processing device to perform operations comprising:
-
receiving, from a browser at a client device, a request for a file stored on a server, wherein the request is received via a web page provided by a third party application and rendered by the browser, the web page comprising an embedded user interface (UI) component associated with the server to access the file stored on the server, wherein the request includes; a document identifier associated with the file, an application identifier of the third-party application, and an origin identifier, wherein the origin identifier is associated with the web page provided by the third party application and rendered by the browser; determining that the origin identifier and the document identifier are both associated with the application identifier; authenticating the application identifier at the server, wherein the authenticating the application identifier comprises determining whether the application identifier references a valid application; authenticating the origin identifier at the server, wherein the authenticating the origin identifier comprises determining whether the origin identifier is associated with the valid application that is referenced by the authenticated application identifier; and based on the determining and authenticating, granting access to the file for the third party application.
-
Specification