Dynamic client registration for an identity cloud service
First Claim
1. A non-transitory computer readable medium having instructions stored thereon that, when executed by a processor, cause the processor to dynamically register a client for a multi-tenant cloud based authentication system, the dynamically registering comprising:
- creating a service instance client, associated with a service instance, in a first tenancy, the service instance providing a service within the authentication system;
creating a template client, based on a security blueprint, in a second tenancy;
creating a registration client in the first tenancy;
receiving a request for a registration access token from an installed client application over a network, the request including an ID of the template client;
authenticating, using the template client, a user of the installed client application;
sending the registration access token to the installed client application over the network;
receiving a request for a client assertion token from the installed client application over the network, the request including the registration access token;
authenticating, using the template client, the registration access token; and
sending the client assertion token, bound to an identity of the registration client, to the installed client application over the network.
1 Assignment
0 Petitions
Accused Products
Abstract
Dynamic client registration for an Identity Cloud Service (IDCS) is provided. A service instance client, associated with a service instance, is created in a first tenancy. A template client is created, based on a security blueprint, in a second tenancy. A registration client is created in the first tenancy. A request for a registration access token is received from an installed client application over a network; the request includes an ID of the template client. A user of the installed client application is authenticated using the template client. The registration access token is sent to the installed client application over the network. A request for a client assertion token is received from the installed client application over the network; the request includes the registration access token. The registration access token is authenticated using the template client. The client assertion token is sent to the installed client application over the network.
382 Citations
20 Claims
-
1. A non-transitory computer readable medium having instructions stored thereon that, when executed by a processor, cause the processor to dynamically register a client for a multi-tenant cloud based authentication system, the dynamically registering comprising:
-
creating a service instance client, associated with a service instance, in a first tenancy, the service instance providing a service within the authentication system; creating a template client, based on a security blueprint, in a second tenancy; creating a registration client in the first tenancy; receiving a request for a registration access token from an installed client application over a network, the request including an ID of the template client; authenticating, using the template client, a user of the installed client application; sending the registration access token to the installed client application over the network; receiving a request for a client assertion token from the installed client application over the network, the request including the registration access token; authenticating, using the template client, the registration access token; and sending the client assertion token, bound to an identity of the registration client, to the installed client application over the network. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A method for dynamically registering a client for a multi-tenant cloud based authentication system, the method comprising:
-
creating a service instance client, associated with a service instance, in a first tenancy, the service instance providing a service within the authentication system IDCS; creating a template client, based on a security blueprint, in a second tenancy; creating a registration client in the first tenancy; receiving a request for a registration access token from an installed client application over a network, the request including an ID of the template client; authenticating, using the template client, a user of the installed client application; sending the registration access token to the installed client application over the network; receiving a request for a client assertion token from the installed client application over the network, the request including the registration access token; authenticating, using the template client, the registration access token; and sending the client assertion token to the installed client application over the network. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A system, comprising:
-
a memory; and a processor, coupled to the memory and a network, the processor configured to dynamically register a client for a multi-tenant cloud based authentication system, the registering comprising; creating a service instance client, associated with a service instance, in a first tenancy, the service instance providing a service within the authentication system, creating a template client, based on a security blueprint, in a second tenancy, creating a registration client in the first tenancy, receiving a request for a registration access token from an installed client application over the network, the request including an ID of the template client, authenticating, using the template client, a user of the installed client application, sending the registration access token to the installed client application over the network, receiving a request for a client assertion token from the installed client application over the network, the request including the registration access token, authenticating, using the template client, the registration access token, and sending the client assertion token to the installed client application over the network. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification