Native single sign-on (sso) for mobile applications
US-2019394187-A1 · Dec 26, 2019 · US
Seamless transition between WEB and API resource access
US10880292B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-10880292-B2 |
| Application number | US-201816022068-A |
| Country | US |
| Kind code | B2 |
| Filing date | Jun 28, 2018 |
| Priority date | Jun 28, 2018 |
| Publication date | Dec 29, 2020 |
| Grant date | Dec 29, 2020 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
The present disclosure relates generally to access control, and more particularly, to techniques for seamless transition between world wide web (WEB) resource access and application programming interface (API) resource access on an enterprise network with security restrictions. One technique includes receiving a request for access to a first resource, determining the first resource is a WEB resource, creating an authentication cookie and a bearer token that are tied together using a common identifier, and providing access to the WEB resource based on the authentication cookie. The technique may further include receiving a call for access to a second resource, where the call includes the bearer token in a header of the call, determining the second resource is an API resource, initiating a token exchange of the bearer token for an access token; and providing access to the API resource based on the access token.
First claim
Opening claim text (preview).
What is claimed is: 1. A method comprising: receiving, at a computing system, a request for access to a first resource; determining, by the computing system, the first resource is a world wide web (WEB) resource based on a first resource pattern; validating, by the computing system, credentials of a user for access to the WEB resource, wherein the credentials are validated based on an authentication scheme associated with the WEB resource; upon validation of the credentials: creating, by the computing system, an authentication cookie and a bearer token, wherein the authentication cookie and the bearer token are tied together using a session identifier; and creating, by the computing system, a session with the session identifier; providing, by the computing system, access to the WEB resource based on the authentication cookie; receiving, at the computing system, a call for access to a second resource, wherein the call includes the bearer token in a header of the call; determining, by the computing system, the second resource is an application programming interface (API) resource based on a second resource pattern; validating, by the computer system, the bearer token, wherein the bearer token is validated based on the session identifier in the bearer token matching the session identifier of the authentication cookie; upon validation of the bearer token initiating, by the computing system, a token exchange of the bearer token for an access token; and providing, by the computing system, access to the API resource based on the access token, wherein the providing access to the WEB resource and the providing access to the API resource occur in the same session identified by the session identifier. 2. The method of claim 1 , further comprising determining, by the computing system, that the user is authorized to access the WEB resource. 3. The method of claim 2 , wherein the access token is a different token from the bearer token and does not include the session identifier. 4. A non-transitory computer-readable memory storing a plurality of instructions executable by one or more processors, the plurality of instructions comprising instructions that when executed by the one or more processors cause the one or more processors to perform processing comprising: receiving a request for access to a first resource; determining the first resource is a world wide web (WEB) resource based on a first resource pattern; validating credentials of a user for access to the WEB resource, wherein the credentials are validated based on an authentication scheme associated with the WEB resource; upon validation of the credentials: creating an authentication cookie and a bearer token, wherein the authentication cookie and the bearer token are tied together using a session identifier; and creating a session with the session identifier; providing access to the WEB resource based on the authentication cookie; receiving a call for access to a second resource, wherein the call includes the bearer token in a header of the call; determining the second resource is an application programming interface (API) resource based on a second resource pattern; validating the bearer token, wherein the bearer token is validated based on the session identifier in the bearer token matching the session identifier of the authentication cookie; upon validation of the bearer token initiating a token exchange of the bearer token for an access token; and providing access to the API resource based on the access token, wherein the providing access to the WEB resource and the providing access to the API resource occur in the same session identified by the session identifier. 5. The non-transitory computer-readable memory of claim 4 , wherein the processing further comprises determining, that the user is authorized to access the WEB resource. 6. The non-transitory computer-readable memory of claim 5 , wherein the access token is a different token from the bearer token and does not include the session identifier. 7. A method comprising: receiving, at a computing system, a first call for a bearer token; validating, by the computing system, credentials of a user for access to the bearer token, wherein the credentials are validated based on an authentication scheme associated with the bearer token; upon validation of the credentials; creating, by the computing system, a bearer token, wherein the bearer token includes a session identifier; and creating, by the computing system, a session with the session identifier; receiving, at the computing system, a second call for access to a first resource, wherein the second call includes the bearer token in a header of the call; determining, by the computing system, the first resource is an application programming interface (API) resource based on a first resource pattern; validating, by the computer system, the bearer token, wherein the bearer token is validated based on the session identifier in the bearer token; upon validation of the bearer token initiating, by the computing system, a token exchange of the bearer token for an access token; providing, by the computing system, access to the API resource based on the access token; receiving, at the computing system, a request for access to a second resource, wherein the request includes the bearer token in a header of the request; determining, by the computing system, the second resource is a world wide web (WEB) resource based on a second resource pattern; validating, by the computer system, the bearer token, wherein the bearer token is validated based on the session identifier in the bearer token; upon validation of the bearer token, creating, by the computing system, an authentication cookie, wherein the authentication cookie and the bearer token are tied together using the session identifier; and providing, by the computing system, access to the WEB resource based on the authentication cookie, wherein the providing access to the WEB resource and the providing access to the API resource occur in the same session identified by the session identifier. 8. The method of claim 7 , further comprising determining, by the computing system, that the user is authorized to access the WEB resource. 9. The method of claim 8 , wherein the access token is a different token from the bearer token and does not include the session identifier. 10. The method of claim 9 , wherein the validating the bearer token for access to the WEB resource is an implicit authenticate process of the user for access to the WEB resource and includes determining that the WEB resource is protected. 11. A system comprising: one or more processors; a memory coupled to the one or more processors, the memory storing a plurality of instructions executable by the one or more processors, the plurality of instructions comprising instructions that when executed by the one or more processors cause the one or more processors to perform processing comprising: receiving a request for access to a first resource; determining the first resource is a world wide web (WEB) resource based on a first resource pattern; validating credentials of a user for access to the WEB resource, wherein the credentials are validated based on an authentication scheme associated with the WEB resource; upon validation of the credentials: creating an authentication cookie and a bearer token, wherein the authentication cookie and the bearer token are tied together using a session identifier; and creating a session with the session identifier; providing access to the WEB resource based on the authentication cookie; receiving a call for access to a second resource, wherein the call
Assignees
Inventors
Classifications
Setup of application sessions (admission control or resource allocation in data switching networks H04L47/70) · CPC title
- H04L63/0815Primary
providing single-sign-on or federations · CPC title
Markers for unambiguous identification of a particular session, e.g. session cookie or URL-encoding · CPC title
based on web technology, e.g. hypertext transfer protocol [HTTP] · CPC title
using tickets, e.g. Kerberos (cryptographic mechanisms or cryptographic arrangements for entity authentication using tickets or tokens H04L9/3213) · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US10880292B2 cover?
- The present disclosure relates generally to access control, and more particularly, to techniques for seamless transition between world wide web (WEB) resource access and application programming interface (API) resource access on an enterprise network with security restrictions. One technique includes receiving a request for access to a first resource, determining the first resource is a WEB res…
- Who is the assignee on this patent?
- Oracle Int Corp
- What technology area does this patent fall under?
- Primary CPC classification H04L63/0815. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Dec 29 2020 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 9 related publications on this page (citations in our corpus or others sharing the same primary CPC).