Substituting callback URLs when using OAuth protocol exchanges

US 10,841,313 B2
Filed: 02/21/2018
Issued: 11/17/2020
Est. Priority Date: 02/21/2018
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

operating a proxy service having a proxy uniform resource locator (URL) that communicates with an identity access management server, wherein an application is registered with the identity access management server using the proxy URL, and the application resides at a first network location corresponding to a first URL; and

authenticating the application after the application is moved from the first network location to a second network location, by;

receiving, at the proxy service having the proxy URL, an authentication message generated for the application; and

forwarding, by the proxy service having the proxy URL, the authentication message to the application at the second network location having a second URL.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems for computer security. A proxy service implements methods for substituting callback uniform resource locators (URLs) when using an OAuth protocol exchange to authenticate an application. A proxy service is established at a first uniform resource locator to carry out communications between one or more identity access management servers and a plurality of application hosting sites. At least one of the plurality of application hosting sites has a second uniform resource locator that is different from the first uniform resource locator. An identity access management server will register the application and the first uniform resource locator. From any hosting site, the application is invoked, upon which invocation, the application carries out at least a portion of the OAuth protocol exchange with the IAM. The proxy service at the first uniform resource locator receives an authentication message from the IAM and then redirects the authentication message to the application hosting site.

31 Citations

21 Claims

1. A method comprising:
- operating a proxy service having a proxy uniform resource locator (URL) that communicates with an identity access management server, wherein an application is registered with the identity access management server using the proxy URL, and the application resides at a first network location corresponding to a first URL; and
  
  authenticating the application after the application is moved from the first network location to a second network location, by;
  
  receiving, at the proxy service having the proxy URL, an authentication message generated for the application; and
  
  forwarding, by the proxy service having the proxy URL, the authentication message to the application at the second network location having a second URL.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, further comprising:
    - receiving, from a user of the application, an application command, and performing at least a portion of the application command using the authentication message.
  - 3. The method of claim 1, wherein a portion of an OAuth protocol exchange is carried out to authenticate the application and to generate an access token, where the access token is associated with an application command.
  - 4. The method of claim 1, wherein the proxy URL of the proxy service resolves to a publicly-accessible IP address.
  - 5. The method of claim 1, wherein the proxy service performs decryption of at least a portion of the authentication message.
  - 6. The method of claim 1, wherein the authentication message is a redirected message that is received at the second URL.
  - 7. The method of claim 1, wherein the authentication message is generated in response to an authentication request received at the identity access management server, the authentication request being either received directly from the application or routed through the proxy service.

8. A non-transitory computer readable medium having stored thereon a sequence of instructions which, when stored in memory and executed by a processor causes the processor to perform a set of acts comprising:
- operating a proxy service having a proxy uniform resource locator (URL) that communicates with an identity access management server, wherein an application is registered with the identity access management server using the proxy URL, and the application resides at a first network location corresponding to a first URL; and
  
  authenticating the application after the application is moved from the first network location to a second network location, by;
  
  receiving, at the proxy service having the proxy URL, an authentication message generated for the application; and
  
  forwarding, by the proxy service having the proxy URL, the authentication message to the application at the second network location having a second URL.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The computer readable medium of claim 8, the set of acts further comprising receiving, from a user of the application, an application command, and performing at least a portion of the application command using the authentication message.
  - 10. The computer readable medium of claim 8, wherein a portion of an OAuth protocol exchange is carried out to authenticate the application and to generate an access token, where the access token is associated with an application command.
  - 11. The computer readable medium of claim 8, wherein the proxy URL of the proxy service resolves to a publicly-accessible IP address.
  - 12. The computer readable medium of claim 8, wherein the proxy service performs decryption of at least a portion of the authentication message.
  - 13. The computer readable medium of claim 8, wherein the authentication message is a redirected message that is received at the second URL.
  - 14. The computer readable medium of claim 8, wherein the proxy service performs a function of the identity access management server.

15. A system comprising:
- a non-transitory storage medium having stored thereon a sequence of instructions; and
  
  a physical processor that executes the sequence of instructions to cause a set of acts, the acts comprising,operating a proxy service having a proxy uniform resource locator (URL) that communicates with an identity access management server, wherein an application is registered with the identity access management server using the proxy URL, and the application resides at a first network location corresponding to a first URL; and
  
  authenticating the application after the application is moved from the first network location to a second network location, by;
  
  receiving, at the proxy service having the proxy URL, an authentication message generated for the application; and
  
  forwarding, by the proxy service having the proxy URL, the authentication message to the application at the second network location having a second URL.
- View Dependent Claims (16, 17, 18, 19, 20, 21)
- - 16. The system of claim 15, wherein a portion of an OAuth protocol exchange is carried out to authenticate the application and to generate an access token, where the access token is associated with an application command.
  - 17. The system of claim 15, wherein the proxy URL of the proxy service resolves to a publicly-accessible IP address.
  - 18. The system of claim 15, wherein the authentication message is a redirected message that is received at the second URL.
  - 19. The system of claim 15, wherein the authentication message is generated in response to an authentication request received at the identity access management server, the authentication request being either received directly from the application or routed through the proxy service.
  - 20. The system of claim 15, wherein the proxy service performs decryption of at least a portion of the authentication message.
  - 21. The system of claim 15, the set of acts further comprising receiving, from a user of the application, an application command, and performing at least a portion of the application command using the authentication message.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Nutanix Incorporated
Original Assignee
Nutanix Incorporated
Inventors
Parthasarathy, Ranjan, Gupta, Vinod
Primary Examiner(s)
Do, Khang

Application Number

US15/901,461
Publication Number

US 20190334911A1
Time in Patent Office

1,000 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/41   where a single sign-on prov...

G06F 21/44   Program or device authentic...

G06F 21/62   Protecting access to data v...

G06F 21/6218   to a system of files or obj...

G06F 2221/2115   Third party

H04L 63/0281   Proxies

H04L 63/0807   using tickets, e.g. Kerbero...

H04L 63/0884   by delegation of authentica...

H04L 63/102   Entity profiles

H04L 67/10   in which an application is ...

H04L 67/567   Integrating service provisi...

H04L 9/0891   Revocation or update of sec...

H04L 9/3213   using tickets or tokens, e....

Substituting callback URLs when using OAuth protocol exchanges

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

31 Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

Substituting callback URLs when using OAuth protocol exchanges

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

31 Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links