IDENTITY APPLICATION PROGRAMMING INTERFACE

US 20150121462A1
Filed: 10/24/2013
Published: 04/30/2015
Est. Priority Date: 10/24/2013
Status: Abandoned Application

First Claim

Patent Images

1. A method, comprising:

receiving an application'"'"'s request for access to a user'"'"'s network-based account, the application running as an application process or processes outside a web browser on a computing device;

if there is an outstanding user consent to access by the application to the user'"'"'s network-based account, returning an access token to the application, the access token enabling access to the user'"'"'s network-based account; and

if there is no outstanding user consent to access by the application to the user'"'"'s network-based account, presenting a web-based user consent dialog embedded in a system-generated window on the computing device as a process that is independent of the application process or processes.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method includes receiving a packaged application'"'"'s request for access to a user'"'"'s cloud- or network-based account. The packaged application runs outside a web browser on a computing device. If there is an outstanding user consent to access by the packaged application to the user'"'"'s cloud- or network-based account, the method includes returning an access token to the packaged application. The access token gives the packaged application access to the user'"'"'s cloud- or network-based account. If there is no outstanding user consent to access by the packaged application to the user'"'"'s cloud- or network-based account, the method includes presenting a web-based user consent dialog in a webview container in an identity component application installed on the computing device.

196 Citations

35 Claims

1. A method, comprising:
- receiving an application'"'"'s request for access to a user'"'"'s network-based account, the application running as an application process or processes outside a web browser on a computing device;
  
  if there is an outstanding user consent to access by the application to the user'"'"'s network-based account, returning an access token to the application, the access token enabling access to the user'"'"'s network-based account; and
  
  if there is no outstanding user consent to access by the application to the user'"'"'s network-based account, presenting a web-based user consent dialog embedded in a system-generated window on the computing device as a process that is independent of the application process or processes.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, wherein the computing device on which the application is running includes a web OS.
  - 3. The method of claim 1, wherein receiving an application'"'"'s request for access to a user'"'"'s network-based account includes processing the request at least in part according to a standard authentication and authorization protocol.
  - 4. The method of claim 3, wherein the standard authentication and authorization protocol is the OAuth 2.0 protocol.
  - 5. The method of claim 1, wherein the user consent dialog requires the user to be logged in to the user'"'"'s network-based account.
  - 6. The method of claim 1, wherein receiving an application'"'"'s request for access to a user'"'"'s network-based account includes:
    - providing an identity application programming interface (API) to receive the application'"'"'s request.
  - 7. The method of claim 6, wherein presenting a web-based user consent dialog embedded in a system-generated window on the computing device as a process that is independent of the application process or processes includes having a component application coupled to the identity API serve the user consent dialog in a webview container in the component application.
  - 8. The method of claim 7, wherein having the component application of the Identity API serve the user consent dialog includes serving a multiple step user consent dialog.
  - 9. The method of claim 7, further comprising:
    - after obtaining user consent, parsing a URL received at the component application to extract an access token for the application to access to the user'"'"'s network-based account.

10. A method for getting a user consent to provide access to an application to the user'"'"'s network-based account, the application running outside a web browser on a computing device having a web OS and a computing device runtime that is a browser process, the method comprising:
- providing an identity application programming interface (API) on the computing device to the application to communicate with an identity provider, the identity API being configured to exchange a user login token with the identity provider in return for session cookies for a web-based user consent UI session; and
  
  providing an identity component application coupled to the identity provider through the identity API and configured to serve the user consent UI on the computing device.
- View Dependent Claims (11, 12, 13, 14, 15)
- - 11. The method of claim 10, further comprises:
    - configuring the identity API to issue an OAuthlogin call in computing device runtime to the identity provider and receive an uberauth token in return from the identity provider.
  - 12. The method of claim 11, further comprising:
    - configuring the computing device runtime to send a MergeSession URL instruction to the identity component application.
  - 13. The method of claim 10, further comprising:
    - configuring the identity component application to create a window containing a webview control pointed at the MergeSession URL, with a continuation URL pointed to the OAuth authorization URL for the application.
  - 14. The method of claim 13, further comprising:
    - configuring the identity component application to present a web-based scope approval user interface in webview in the identity component application.
  - 15. The method of claim 14, further comprising:
    - configuring the identity component application to intercept and parse a redirect URL to extract an access token for the application.

16. A non-transitory computer-readable storage medium having instructions stored thereon, which instructions when executed by one or more microprocessors cause a computer system to:
- process an application'"'"'s request for access to a user'"'"'s network-based account, the application running as an application process or processes outside a web browser on a computing device;
  
  if there is an outstanding user consent to access by the application to the user'"'"'s network-based account, return an access token to the application, the access token enabling access to the user'"'"'s network-based account; and
  
  if there is no outstanding user consent to access by the application to the user'"'"'s network-based account, presenting a web-based user consent dialog embedded in a system-generated window on the computing device as a process that is independent of the application process or processes.
- View Dependent Claims (17, 18, 19, 20, 21, 22, 23, 24)
- - 17. The non-transitory computer-readable storage medium of claim 16, wherein the computing device on which the application is running includes a web OS.
  - 18. The non-transitory computer-readable storage medium of claim 16, wherein the instructions when executed by one or more microprocessors cause the computer system to:
    - process the application'"'"'s request for access to the user'"'"'s network-based account at least in part according to a standard authentication and authorization protocol.
  - 19. The non-transitory computer-readable storage medium of claim 18, wherein the standard authentication and authorization protocol is the OAuth 2.0 protocol.
  - 20. The non-transitory computer-readable storage medium of claim 16, wherein the user consent dialog requires the user to be logged in to the user'"'"'s network-based account.
  - 21. The non-transitory computer-readable storage medium of claim 16, wherein the instructions when executed by one or more microprocessors cause the computer system to:
    - provide an identity application programming interface (API) to receive the application'"'"'s request.
  - 22. The non-transitory computer-readable storage medium of claim 21, wherein the instructions when executed by one or more microprocessors cause the computer system to:
    - have a component application coupled to the identity API serve the user consent dialog having a component application coupled to the identity API serve the user consent dialog in a webview container in the component application.
  - 23. The non-transitory computer-readable storage medium of claim 22, wherein the instructions when executed by one or more microprocessors cause the computer system to:
    - have the component application serve a multiple step user consent dialog.
  - 24. The non-transitory computer-readable storage medium of claim 22, wherein the instructions when executed by one or more microprocessors cause the computer system to:
    - after obtaining user consent, have the component application coupled to the identity API parse a URL received at the component application to extract an access token for the application to access to the user'"'"'s network-based account.

25. A non-transitory computer-readable storage medium for getting a user consent to provide an application access to the user'"'"'s network-based account, the application running outside a web browser on a computing device, the computing device having a web OS and a computing device runtime that is a browser process, the non-transitory computer-readable storage medium having instructions stored thereon, which instructions when executed by one or more microprocessors cause a computer system to:
- provide an identity application programming interface (API) in computing device runtime to the application for communication with an identity provider, the identity API being configured to exchange a user login token with the identity provider in return for session cookies for a web-based user consent user interface (UI) session; and
  
  provide an identity component application coupled to the identity API and configured to serve the user-consent UI on the computing device.
- View Dependent Claims (26, 27, 28, 29, 30)
- - 26. The non-transitory computer-readable storage medium of claim 25, wherein the instructions when executed by one or more microprocessors cause the identity API to issue an OAuthlogin call in computing device runtime to the identity provider and receive an uberauth token in return from the identity provider.
  - 27. The non-transitory computer-readable storage medium of claim 26, wherein the instructions when executed by one or more microprocessors cause the computing device runtime to send a MergeSession URL instruction to the identity component application.
  - 28. The non-transitory computer-readable storage medium of claim 25, wherein the instructions when executed by one or more microprocessors cause the computing system to configure the identity component application to create a window containing a webview control pointed at the MergeSession URL, with a continuation URL pointed to the OAuth authorization URL for the application.
  - 29. The non-transitory computer-readable storage medium of claim 25, wherein the instructions when executed by one or more microprocessors cause the computing system to configure the identity component application to present a web-based scope approval user interface in webview in the identity component application.
  - 30. The non-transitory computer-readable storage medium of claim 25, wherein the instructions when executed by one or more microprocessors cause the computing system to configure the identity component application to intercept and parse a redirect URL to extract an access token for the application.

31. A computing device comprising:
- at least one processor;
  
  at least one memory, the processor configured to run an application installed in memory, the application running an application process or processes in its own application container outside a web browser on the computing device;
  
  an identity application program interface (API) configured to receive requests from the application in computing device runtime for access to the user'"'"'s data or accounts and to forward such requests to an identity provider server configured to authenticate a user and authorize requests for access to the user'"'"'s data or accounts based on user consent; and
  
  an identity component application coupled to the identity API, the identity component application configured to present a web-based user consent dialog on the computing device as a process that is independent of the application process or processes.
- View Dependent Claims (32, 33, 34, 35)
- - 32. The computing device of claim 31, wherein the identity component application is configured to present the web-based user consent dialog on the computing device.
  - 33. The computing device of claim 32, wherein the identity component application is configured to present the web-based user consent dialog in a webview container embedded in the window of the identity component application.
  - 34. The computing device of claim 31, wherein the identity API is configured to exchange token-based user credentials with the identity provider server for cookie-based credentials.
  - 35. The computing device claim 31, wherein the identity component application is further configured to intercept and parse a redirect URL to extract an access token for the application.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Google LLC (Alphabet Inc.)
Original Assignee
Google Inc. (Alphabet Inc.)
Inventors
Courage, Michael Roberts, Saroop, Sriram

Application Number

US14/062,063
Publication Number

US 20150121462A1
Time in Patent Office

Days
Field of Search
US Class Current

726/4
CPC Class Codes

H04L 63/08   for authentication of entit...

H04L 63/0807   using tickets, e.g. Kerbero...

H04L 63/102   Entity profiles

IDENTITY APPLICATION PROGRAMMING INTERFACE

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

196 Citations

35 Claims

Specification

Solutions

Use Cases

Quick Links

IDENTITY APPLICATION PROGRAMMING INTERFACE

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

196 Citations

35 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links