Authentication and authorization using device-based validation

What is claimed is: 1. A method, comprising: authenticating a user of a client device; sending a response to the client device, the response configured to retrieve respective first values for a plurality of device properties from the client device, wherein the respective first values comprise browser context property values for a first web browser of the client device; storing session information for the user in a memory, the session information being associated with a user session and comprising the first values and criteria for triggering revalidation of the client device; receiving a request, sent from a requesting device, to access a protected resource; without the user's knowledge and without affecting the user's workflow in the user session, determining whether the request is authenticated, by: determining that the request is associated with the session information being associated with the user session; in response to determining that the criteria for triggering revalidation of the client device has been met, sending code to the requesting device that automatically retrieves respective second values for the plurality of device properties from the requesting device, wherein the respective second values comprise browser context property values; and determining that the second values match the first values to authenticate the request; and allowing the requesting device to access the protected resource in response to determining that the request is authenticated. 2. The method of claim 1 , further comprising: receiving a second request from the client device, the second request comprising an authorization token corresponding to the session information; determining, based on the session information, that the criteria for triggering revalidation of the client device has not been met; and authorizing the client device to access the target protected device based on the authorization token. 3. The method of claim 1 , wherein the criteria for triggering revalidation of the client device comprises a session expiration time, and wherein determining that the criteria has been met comprises determining whether the request was received after the session expiration time. 4. The method of claim 1 , wherein the response comprises code configured to: retrieve the respective first values for the plurality of device properties from a browser context of the first web browser running on the client device; and send a message comprising the first values from the client device. 5. The method of claim 1 , wherein the criteria for triggering revalidation of the client device comprises a risk score computed in response to receiving the request, and wherein determining that the criteria has been met comprises determining the risk score based on the requesting device and the protected resource. 6. The method of claim 1 , further comprising: generating an authorization token comprising information indicative of the user and a hash of the first values, wherein the request comprises the authorization token. 7. The method of claim 1 , wherein the request is received at an agent running on a host server hosting the protected resource, wherein the agent forwards the request to a device authentication server, wherein the device authentication server sends the code to the client device and determines whether the first values and second values match, the method further comprising: in response to determining that the request is authenticated by the device authentication server, transmitting a message to the client device to redirect the client device to access the host server to access the protected resource, wherein the browser context property values comprise an operating system of the client device. 8. A computer configured to access a storage device, the computer comprising: a processor; and a non-transitory, computer-readable storage medium storing computer-readable instructions that when executed by the processor cause the computer to perform: authenticating a user of a client device; sending a response to the client device, the response configured to retrieve respective first values for a plurality of device properties from the client device, wherein the respective first values comprise browser context property values for a first web browser of the client device; storing session information for the user in a memory, the session information being associated with a user session and comprising the first values and criteria for triggering revalidation of the client device; receiving a request, sent from a requesting device, to access a protected resource; without the user's knowledge and without affecting the user's workflow in the user session, determining whether the request is authenticated, by: determining that the request is associated with the session information being associated with the user session; in response to determining that the criteria for triggering revalidation of the client device has been met, sending code to the requesting device that automatically retrieves respective second values for the plurality of device properties from the requesting device, wherein the respective second values comprise browser context property values; and determining that the second values match the first values to authenticate the request; and allowing the requesting device to access the protected resource in response to determining that the request is authenticated. 9. The computer of claim 8 , wherein the computer-readable instructions further cause the computer to perform: receiving a second request from the client device, the second request comprising an authorization token corresponding to the session information; determining, based on the session information, that the criteria for triggering revalidation of the client device has not been met; and authorizing the client device to access the target protected device based on the authorization token. 10. The computer of claim 8 , wherein the criteria for triggering revalidation of the client device comprises a session expiration time, and wherein determining that the criteria has been met comprises determining whether the request was received after the session expiration time. 11. The computer of claim 8 , wherein the response comprises code configured to: retrieve the respective first values for the plurality of device properties from a browser context of the first web browser running on the client device; and send a message comprising the first values from the client device. 12. The computer of claim 8 , wherein the criteria for triggering revalidation of the client device comprises a risk score computed in response to receiving the request, and wherein determining that the criteria has been met comprises determining the risk score based on the requesting device and the protected resource. 13. The computer of claim 8 , wherein the computer-readable instructions further cause the computer to perform: generating an authorization token comprising information indicative of the user and a hash of the first values, wherein the request comprises the authorization token. 14. The computer of claim 8 , wherein the request is received at an agent running on a host server hosting the protected resource, wherein the agent forwards the request to a device authentication server, the computer-readable instructions further causing the computer to perform: in response to determining that the request is authenticated, redirecting the client device to the host server to access the protected resource. 15. A computer program product comprising: a non-transitory compute