Open platform authorization and authentication system and method based on OAuth protocol

Abstract

The invention discloses an open platform authorization and authentication system and method based on an OAuth protocol, and mainly aims to solve the problem of misuse of a resource access token since the valid time of the resource access token is not optimized or limited reasonably in the prior art. The system comprises an authorization client and an authorization server, wherein the authorization client is used for transmitting an authorization and authentication request, receiving the resource access token and the valid time of the token through function modules inside the authorization client, and resetting the valid time of the token according to acquisition times and time of user resources; and the authorization server is used for receiving and checking the authorization and authentication request, acquiring an unauthorized access token and the valid of the token through function modules inside the authorization server, generating a resource access token and the valid time of the token, and transmitting the resource access token and the valid time of the token to the authorization client. Through adoption of the open platform authorization and authentication system and method, an authorization and authentication process is simplified, and the resource security is improved. The open platform authorization and authentication system and method can be applied to an authentication and authorization process during acquisition of open platform resources.

Description

technical field [0001] The invention belongs to the field of computer technology, and in particular relates to an open platform authorization and authentication technology, which can be used in the authentication and authorization process when obtaining open platform resources. Background technique [0002] The OAuth protocol provides an open, secure and simple standard for the authorization of resources in open platforms. It is used by most Internet operators to solve authentication and authorization issues between users, third-party clients and service providers between open platforms. open protocol. Without providing the user's account number and password to the third-party client, the third-party client can access the user's resources on the open platform through user authorization, which simply and conveniently ensures the security of user information and the acquisition of resources . However, every time the OAuth protocol is used to authorize resources, it is necess...

AI Technical Summary

Problems solved by technology

The disadvantage of this method is that it only considers the user's operating authority on multiple third-party clients to achieve authorization through a unified login platform, and does not consider that the user needs to enter authorization information during each authorization process, resulting in a large number of repeated operations , affecting the ease of use of the system

The disadvantage of this method is that it only considers using the terminal to obtain the system access token in advance to save the authorization process, and does not limit the valid time of the system access token, which leads to the abuse of resource access tokens and poor security

Images