Identity cloud service authorization model

  • US 10,454,940 B2
  • Filed: 03/30/2017
  • Issued: 10/22/2019
  • Est. Priority Date: 05/11/2016
  • Status: Active Grant
  • ×
    • Pin
First Claim
Patent Images

1. A method of authorizing access to a resource, the resource accessible via a multi-tenant cloud based system and the resource is protected from access based at least on a tenancy of an access requesting user or an access requesting application, the method comprising:

  • receiving an access token request for an access token that corresponds to the resource, wherein the request comprises user information and application information, the user information comprising a role of the user, a corresponding tenant of the user, and an indication of whether the user is an administrator for the application, and the application information comprising a role of the application;

    evaluating the access token request by computing scopes for the access token, the computing comprising determining an intersection between the user information and the application information; and

    providing the access token that comprises the computed scopes, the scopes based at least on the role of the user, the role of the application, and a corresponding tenancy of the resource, and comprises actions allowed on the resource;

    the access token comprising custom token claims indicating whether the user is the administrator for the application.

View all claims
    ×
    ×

    Thank you for your feedback

    ×
    ×