SUBSTITUTING CALLBACK URLS WHEN USING OAUTH PROTOCOL EXCHANGES
First Claim
1. A method for substituting callback uniform resource locators (URLs) when using an OAuth protocol exchange to authenticate an application, the method performed by a computing system and comprising:
- establishing a proxy service at a first uniform resource locator to carry out communications between one or more identity access management servers and a plurality of application hosting sites, at least one application hosting site of the plurality of application hosting sites having a second uniform resource locator that is different from the first uniform resource locator;
registering the application and the first uniform resource locator with the one or more identity access management servers;
invoking the application from the at least one application hosting site;
carrying out at least a portion of the OAuth protocol exchange to authenticate the application and to generate an access token;
receiving, by the proxy service, at the first uniform resource locator, an authentication message;
forwarding a redirected authentication message to the at least one application hosting site that has the second uniform resource locator; and
receiving, by the at least one application hosting site at the second uniform resource locator, the redirected authentication message.
1 Assignment
0 Petitions
Accused Products
Abstract
Systems for computer security. A proxy service implements methods for substituting callback uniform resource locators (URLs) when using an OAuth protocol exchange to authenticate an application. A proxy service is established at a first uniform resource locator to carry out communications between one or more identity access management servers and a plurality of application hosting sites. At least one of the plurality of application hosting sites has a second uniform resource locator that is different from the first uniform resource locator. An identity access management server will register the application and the first uniform resource locator. From any hosting site, the application is invoked, upon which invocation, the application carries out at least a portion of the OAuth protocol exchange with the IAM. The proxy service at the first uniform resource locator receives an authentication message from the IAM and then redirects the authentication message to the application hosting site.
-
Citations
20 Claims
-
1. A method for substituting callback uniform resource locators (URLs) when using an OAuth protocol exchange to authenticate an application, the method performed by a computing system and comprising:
-
establishing a proxy service at a first uniform resource locator to carry out communications between one or more identity access management servers and a plurality of application hosting sites, at least one application hosting site of the plurality of application hosting sites having a second uniform resource locator that is different from the first uniform resource locator; registering the application and the first uniform resource locator with the one or more identity access management servers; invoking the application from the at least one application hosting site; carrying out at least a portion of the OAuth protocol exchange to authenticate the application and to generate an access token; receiving, by the proxy service, at the first uniform resource locator, an authentication message; forwarding a redirected authentication message to the at least one application hosting site that has the second uniform resource locator; and receiving, by the at least one application hosting site at the second uniform resource locator, the redirected authentication message. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A computer readable medium, embodied in a non-transitory computer readable medium, the non-transitory computer readable medium having stored thereon a sequence of instructions which, when stored in memory and executed by one or more processors causes the one or more processors to perform a set of acts for substituting callback uniform resource locators (URLs) when using an OAuth protocol exchange to authenticate an application, the acts comprising:
-
establishing a proxy service at a first uniform resource locator to carry out communications between one or more identity access management servers and a plurality of application hosting sites, at least one application hosting site of the plurality of application hosting sites having a second uniform resource locator that is different from the first uniform resource locator; registering the application and the first uniform resource locator with the one or more identity access management servers; invoking the application from the at least one application hosting site; carrying out at least a portion of the OAuth protocol exchange to authenticate the application and to generate an access token; receiving, by the proxy service, at the first uniform resource locator, an authentication message; forwarding a redirected authentication message to the at least one application hosting site that has the second uniform resource locator; and receiving, by the at least one application hosting site at the second uniform resource locator, the redirected authentication message. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A system for substituting callback uniform resource locators (URLs) when using an OAuth protocol exchange to authenticate an application, the system performed by a computing system and comprising:
-
a storage medium having stored thereon a sequence of instructions; and one or more processors that execute the instructions to cause the one or more processors to perform a set of acts, the acts comprising, establishing a proxy service at a first uniform resource locator to carry out communications between one or more identity access management servers and a plurality of application hosting sites, at least one application hosting site of the plurality of application hosting sites having a second uniform resource locator that is different from the first uniform resource locator; registering the application and the first uniform resource locator with the one or more identity access management servers; invoking the application from the at least one application hosting site; carrying out at least a portion of the OAuth protocol exchange to authenticate the application and to generate an access token; receiving, by the proxy service, at the first uniform resource locator, an authentication message; forwarding a redirected authentication message to the at least one application hosting site that has the second uniform resource locator; and receiving, by the at least one application hosting site at the second uniform resource locator, the redirected authentication message. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification