Token management
First Claim
Patent Images
1. A computer-implemented method comprising:
- receiving user identification information identifying a user for providing user access to a plurality of third-party resources;
selecting, from a plurality of shards by one or more computing devices, a shard in response to receiving the user identification information;
storing, in a token repository by the one or more computing devices, a mapping of information identifying the selected shard to the user identification information identifying the user;
receiving a request to access a particular third-party resource of the plurality of third-party resources without receiving, from the user, credentials for accessing the particular third-party resource;
in response to receiving the request to access the particular third-party resource without receiving, from the user, credentials for accessing the particular third-party resource, determining, by the one or more computing devices, whether the credentials for accessing the particular third-party resource are cached in the selected shard;
in response to determining that the credentials for accessing the particular third-party resource are cached in the selected shard, selecting, by the one or more computing devices, the credentials for accessing the particular third-party resource from among two or more credentials that are associated with the user and are stored in the selected shard, the credentials for accessing the particular third-party resource comprising a third-party resource access token that provides access to the particular third-party resource; and
in response to determining that the credentials for accessing the particular third-party resource are not cached in the selected shard;
determining, by the one or more computing devices, whether information identifying accounts associated with the user is stored in the token repository that stores the mapping of the information identifying the selected shard to the user identification information identifying the user, the accounts associated with the user including (i) user account identification for each of the plurality of third-party resources; and
(ii) credential information for accessing the plurality of third-party resources;
in response to determining that information identifying accounts associated with the user is stored in the token repository;
obtaining a list of stored accounts associated with the user from the information identifying accounts associated with the user stored in the token repository; and
obtaining, from the list of stored accounts associated with the user, the third-party resource access token that provides access to the particular third-party resource;
in response to determining that information identifying accounts associated with the user is not stored in the token repository;
obtaining, from the particular third-party resource by the one or more computing devices, the third-party resource access token that provides access to the particular third-party resource after the credentials for accessing the particular third party resource are received from the user and authenticated; and
storing, as part of the mapping in the token repository, a mapping of the third-party resource access token to the user identification information identifying the user and the selected shard; and
providing, by the one or more computing devices, access to the particular third-party resource for the user using the selected shard and the third-party resource access token that provides access to the particular third-party resource.
2 Assignments
0 Petitions
Accused Products
Abstract
A method and system for management access tokens is described. Access tokens for accessing third-party resources are stored and managed in a token repository. An access token may be obtained from a third-party resource. Once a user has authorized the system to access a third-party resource and unless that authorization is revoked, the user is not required to reauthorize the system in a pending or any subsequent interactive session, regardless of which shard of the system and third-party resource the user is connected to. The system can also use the authorization to execute scheduled requests for accessing or obtaining data from the third-party resource.
-
Citations
20 Claims
-
1. A computer-implemented method comprising:
-
receiving user identification information identifying a user for providing user access to a plurality of third-party resources; selecting, from a plurality of shards by one or more computing devices, a shard in response to receiving the user identification information; storing, in a token repository by the one or more computing devices, a mapping of information identifying the selected shard to the user identification information identifying the user; receiving a request to access a particular third-party resource of the plurality of third-party resources without receiving, from the user, credentials for accessing the particular third-party resource; in response to receiving the request to access the particular third-party resource without receiving, from the user, credentials for accessing the particular third-party resource, determining, by the one or more computing devices, whether the credentials for accessing the particular third-party resource are cached in the selected shard; in response to determining that the credentials for accessing the particular third-party resource are cached in the selected shard, selecting, by the one or more computing devices, the credentials for accessing the particular third-party resource from among two or more credentials that are associated with the user and are stored in the selected shard, the credentials for accessing the particular third-party resource comprising a third-party resource access token that provides access to the particular third-party resource; and in response to determining that the credentials for accessing the particular third-party resource are not cached in the selected shard; determining, by the one or more computing devices, whether information identifying accounts associated with the user is stored in the token repository that stores the mapping of the information identifying the selected shard to the user identification information identifying the user, the accounts associated with the user including (i) user account identification for each of the plurality of third-party resources; and
(ii) credential information for accessing the plurality of third-party resources;in response to determining that information identifying accounts associated with the user is stored in the token repository; obtaining a list of stored accounts associated with the user from the information identifying accounts associated with the user stored in the token repository; and obtaining, from the list of stored accounts associated with the user, the third-party resource access token that provides access to the particular third-party resource; in response to determining that information identifying accounts associated with the user is not stored in the token repository; obtaining, from the particular third-party resource by the one or more computing devices, the third-party resource access token that provides access to the particular third-party resource after the credentials for accessing the particular third party resource are received from the user and authenticated; and storing, as part of the mapping in the token repository, a mapping of the third-party resource access token to the user identification information identifying the user and the selected shard; and providing, by the one or more computing devices, access to the particular third-party resource for the user using the selected shard and the third-party resource access token that provides access to the particular third-party resource. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A system comprising:
one or more computers and one or more storage devices storing instructions that are operable and when executed by one or more computers, cause the one or more computers to perform actions comprising; receiving user identification information identifying a user for providing user access to a plurality of third-party resources; selecting, from a plurality of shards, a shard in response to receiving the user identification information; storing, in a token repository, a mapping of information identifying the selected shard to the user identification information identifying the user; receiving a request to access a particular third-party resource of the plurality of third-party resources without receiving, from the user, credentials for accessing the particular third-party resource; in response to receiving the request to access the particular third-party resource without receiving, from the user, credentials for accessing the particular third-party resource, determining whether the credentials for accessing the particular third-party resource are cached in the selected shard; in response to determining that the credentials for accessing the particular third-party resource are cached in the selected shard, selecting the credentials for accessing the particular third-party resource from among two or more credentials that are associated with the user and are stored in the selected shard, the credentials for accessing the particular third-party resource comprising a third-party resource access token that provides access to the particular third-party resource; and in response to determining that the credentials for accessing the particular third-party resource are not cached in the selected shard; determining whether information identifying accounts associated with the user is stored in the token repository that stores the mapping of the information identifying the selected shard to the user identification information identifying the user, the accounts associated with the user including (i) user account identification for each of the plurality of third-party resources; and
(ii) credential information for accessing the plurality of third-party resources in response to determining that information identifying accounts associated with the user is stored in the token repository;obtaining a list of stored accounts associated with the user from the information identifying accounts associated with the user stored in the token repository; and obtaining, from the list of stored accounts associated with the user, the third-party resource access token that provides access to the particular third-party resource; in response to determining that information identifying accounts associated with the user is not stored in the token repository; obtaining, from the particular third-party resource, the third-party resource access token that provides access to the particular third-party resource after the credentials for accessing the particular third party resource are received from the user and authenticated; and storing, as part of the mapping in the token repository, a mapping of the third-party resource access token to the user identification information identifying the user and the selected shard; and providing access to the particular third-party resource for the user using the selected shard and the third-party resource access token that provides access to the particular third-party resource. - View Dependent Claims (14, 15, 16)
-
17. One or more non-transitory computer-readable storage media comprising instructions, which, when executed by one or more computers, cause the one or more computers to perform actions comprising:
-
receiving user identification information identifying a user for providing user access to a plurality of third-party resources; selecting, from a plurality of shards, a shard in response to receiving the user identification information; storing, in a token repository, a mapping of information identifying the selected shard to the user identification information identifying the user; receiving a request to access a particular third-party resource of the plurality of third-party resources without receiving, from the user, credentials for accessing the particular third-party resource; in response to receiving the request to access the particular third-party resource without receiving, from the user, credentials for accessing the particular third-party resource, determining whether the credentials for accessing the particular third-party resource are cached in the selected shard; in response to determining that the credentials for accessing the particular third-party resource are cached in the selected shard, selecting the credentials for accessing the particular third-party resource from among two or more credentials that are associated with the user and are stored in the selected shard, the credentials for accessing the particular third-party resource comprising a third-party resource access token that provides access to the particular third-party resource; and in response to determining that the credentials for accessing the particular third-party resource are not cached in the selected shard; determining whether information identifying accounts associated with the user is stored in the token repository that stores the mapping of the information identifying the selected shard to the user identification information identifying the user, the accounts associated with the user including (i) user account identification for each of the plurality of third-party resources; and
(ii) credential information for accessing the plurality of third-party resources;in response to determining that information identifying accounts associated with the user is stored in the token repository; obtaining a list of stored accounts associated with the user from the information identifying accounts associated with the user stored in the token repository; and obtaining, from the list of stored accounts associated with the user, the third-party resource access token that provides access to the particular third-party resource; in response to determining that information identifying accounts associated with the user is not stored in the token repository; obtaining, from the particular third-party resource, the third-party resource access token that provides access to the particular third-party resource after the credentials for accessing the particular third party resource are received from the user and authenticated; and storing, as part of the mapping in the token repository, a mapping of the third-party resource access token to the user identification information identifying the user and the selected shard; and providing access to the particular third-party resource for the user using the selected shard and the third-party resource access token that provides access to the particular third-party resource. - View Dependent Claims (18, 19, 20)
-
Specification