Synchronizing authentication sessions between applications

US 9,979,712 B2
Filed: 08/04/2015
Issued: 05/22/2018
Est. Priority Date: 09/11/2013
Status: Active Grant

First Claim

Patent Images

1. A method, comprising:

authenticating a first client application with a service provider;

receiving, via a client computing device, a first authentication token from the first client application;

requesting, via the client computing device, a second authentication token from a token exchange service using the first authentication token;

configuring, via the client computing device, a second client application to use the second authentication token in order to access a resource of the service provider;

accessing, by the second client application, the resource of the service provider using the second authentication token; and

wherein the first and second client applications are executed in the client computing device, one of the first or second client applications comprises a native application, and another one of the first or second client applications comprises a browser-based application.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Disclosed are various embodiments for synchronizing authentication sessions between applications. In one embodiment, a first authentication token is received from a first application in response to determining that the first application is authenticated with a service provider. A second authentication token is requested from a token exchange service associated with the service provider. The second authentication token is requested using the first authentication token. The second application is configured to use the second authentication token in order to access a resource of the service provider.

42 Citations

View as Search Results

20 Claims

1. A method, comprising:
- authenticating a first client application with a service provider;
  
  receiving, via a client computing device, a first authentication token from the first client application;
  
  requesting, via the client computing device, a second authentication token from a token exchange service using the first authentication token;
  
  configuring, via the client computing device, a second client application to use the second authentication token in order to access a resource of the service provider;
  
  accessing, by the second client application, the resource of the service provider using the second authentication token; and
  
  wherein the first and second client applications are executed in the client computing device, one of the first or second client applications comprises a native application, and another one of the first or second client applications comprises a browser-based application.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The method of claim 1, wherein configuring the second client application to use the second authentication token further comprises storing, via the client computing device, a cookie including the second authentication token in a cookie jar of the second client application.
  - 3. The method of claim 1, further comprising determining, via the client computing device, that the second client application permits a synchronized authentication session with the first client application.
  - 4. The method of claim 1, further comprising:
    - receiving, via the client computing device, a request to access a first service of the service provider from the first client application; and
      
      receiving, via the client computing device, a request to access a second service of the service provider from the second client application.
  - 5. The method of claim 1, wherein the first authentication token has an indefinite maximum lifetime, and the second authentication token has a predetermined maximum lifetime.
  - 6. The method of claim 1, further comprising initiating, via the client computing device, a log out from the service provider in response to a user request, wherein the log out is configured to invalidate the first authentication token and the second authentication token.
  - 7. The method of claim 1, further comprising:
    - detecting, via the client computing device, an access of a log out uniform resource locator (URL) by the second client application; and
      
      initiating, via the client computing device, a log out from the service provider in response to a user request.
  - 8. The method of claim 1, wherein the token exchange service is operated by a first organization that is different from a second organization that operates the service provider, and the first organization is trusted by the second organization.
  - 9. The method of claim 1, wherein the first authentication token is configured with a first level of permissions, and the second authentication token is configured with a second level of permissions that is less than the first level of permissions.
  - 10. The method of claim 1, wherein requesting the second authentication token from the token exchange service using the first authentication token further comprises specifying, via the client computing device, a format for the second authentication token to the token exchange service.
  - 11. The method of claim 1, wherein the first authentication token includes an encrypted identifier of a user account.
  - 12. The method of claim 1, wherein the browser-based application includes a container for launching a private instance of a browser to render a web-based interface.

13. A system, comprising:
- a client computing device; and
  
  instructions executable in the client computing device, wherein when executed the instructions cause the client computing device to at least;
  
  authenticate a first client application with a service provider;
  
  receive a first authentication token from the first client application;
  
  request a second authentication token from a token exchange service using the first authentication token;
  
  configure a second client application to use the second authentication token in order to access a resource of the service provider;
  
  access, by the second client application, the resource of the service provider using the second authentication token; and
  
  wherein the first and second client applications are executed in the client computing device, one of the first or second client applications comprises a native application, and another one of the first or second client applications comprises a browser-based application.
- View Dependent Claims (14, 15, 16, 17, 18)
- - 14. The system of claim 13, wherein when executed the instructions further cause the client computing device to at least determine that the second client application permits a synchronized authentication session with the first client application.
  - 15. The system of claim 13, wherein the first authentication token has an indefinite maximum lifetime, and the second authentication token has a predetermined maximum lifetime.
  - 16. The system of claim 13, wherein the second client application is embedded within the first client application.
  - 17. The system of claim 13, wherein when executed the instructions further cause the client computing device to at least initiate a log out from the service provider in response to a user request, wherein the log out is configured to invalidate the first authentication token and the second authentication token.
  - 18. The system of claim 13, wherein when executed the instructions further cause the client computing device to at least:
    - detect an access of a log out uniform resource locator (URL) by the second client application; and
      
      initiate a log out from the service provider in response to a user request.

19. A non-transitory computer-readable medium embodying instructions executable in a client computing device, wherein when executed the instructions cause the client computing device to at least:
- authenticate a first client application with a service provider;
  
  receive a first authentication token from the first client application;
  
  request a second authentication token from a token exchange service using the first authentication token;
  
  configure a second client application to use the second authentication token in order to access a resource of the service provider;
  
  access, by the second client application, a resource of the service provider using the second authentication token; and
  
  wherein the first and second client applications are executed in the client computing device, one of the first or second client applications comprises a native application, and another one of the first or second client applications comprises a browser-based application.
- View Dependent Claims (20)
- - 20. The non-transitory computer-readable medium of claim 19, wherein when executed the instructions cause the client computing device to at least specify a format for the second authentication token to the token exchange service.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Amazon Technologies, Inc. (Amazon.com, Inc.)
Original Assignee
Amazon Technologies, Inc. (Amazon.com, Inc.)
Inventors
Bhimanaik, Bharath Kumar
Primary Examiner(s)
Poltorak, Peter

Application Number

US14/817,846
Publication Number

US 20150341334A1
Time in Patent Office

1,022 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/335   for accessing specific reso...

G06F 21/41   where a single sign-on prov...

H04L 63/08   for authentication of entit...

H04L 63/0807   using tickets, e.g. Kerbero...

H04L 63/0815   providing single-sign-on or...

H04L 63/102   Entity profiles

Synchronizing authentication sessions between applications

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

42 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Synchronizing authentication sessions between applications

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

42 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links