CN104243434A - HTTP system based on OAuth - Google Patents
HTTP system based on OAuth Download PDFInfo
- Publication number
- CN104243434A CN104243434A CN201310248753.XA CN201310248753A CN104243434A CN 104243434 A CN104243434 A CN 104243434A CN 201310248753 A CN201310248753 A CN 201310248753A CN 104243434 A CN104243434 A CN 104243434A
- Authority
- CN
- China
- Prior art keywords
- oauth
- module
- resource
- client
- server
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Landscapes
- Computer And Data Communications (AREA)
Abstract
The invention discloses an HTTP system based on the OAuth. The HTTP system based on the OAuth comprises a client side application module, an application registration module, an authorization server, a resource server and a security token server. The HTTP system based on the OAuth has the advantages that under the conditions that system constitution is simple and an application needs to send multiple requests at the same time, resource expenses of the servers are reduced due to HTTP requests, and the response time is shortened as well.
Description
Technical field
The present invention relates to a kind of procotol, particularly a kind of http protocol system based on OAuth.
Background technology
OAuth(is open to be authorized) be an open standard, allow user to allow third-party application access the resource (as photo, video, contacts list) of the secret that this user stores on a certain website, and without the need to username and password is supplied to third-party application.The version of current OAuth is 2.0, is next version of OAuth agreement, but not back compatible OAuth 1.0.OAuth 2.0 pays close attention to the simplification of client developer, simultaneously for Web application, desktop application and mobile phone, living room equipment provide special identifying procedure.After Facebook supports OAuth 2.0 in new Graph API, Google also announces the support of Google API to OAuth 2.0 in March, 2011, and Windows Live also supports OAuth 2.0.In addition, domestic Sina, Tengxun, everybody, the open platform such as Baidu both provide the service of OAuth.
In OAuth 2.0 protocol frame, the four directions related in the process of authentication and authorization comprises:
Resource owner (Resource Owner), the entity of granted access locked resource of having the ability, refers generally to terminal use;
Resource Server (Resource Server), deposits the service side of shielded resource, can receive the resource access request with in response to belt access token;
Client (Client), the third-party application of access services provider resource, can make to apply website in station, and as provided the website of photo printing service, before verification process, client will apply for client identification to ISP;
Authorization server (Authorization Server), resource is after resource owner mandate, and authorization server provides access token in order to access shielded resource to the client after certification.
OAuth 2.0 defines four kinds of identifying procedures, the relation between four roles that certification that what following flow process was abstract describe relates to:
A. client asks to authorize from resource owner there.Authorization requests directly can send to resource owner, or indirectly by the such intermediary of authorization server, and the latter is preferably;
B. client receives an access permission, and it represents the mandate provided by Resource Server;
C. client uses its privately owned certificate to verify to authorization server, and shows access permission, asks an access token;
D. the validity of the privately owned certificate of authorization server checking client and access permission, then distributes an access token if the verification passes;
E. client is by showing access token to Resource Server request locked resource;
F. the validity of Resource Server authentication-access token, then responds this resource request if the verification passes.
OAuth 2.0 agreement defines two ports to authorization server, is respectively authorized ports (Authorization Endpoint) and access token port (Token Endpoint).Authorized ports is mainly used in the authorization requests receiving user, provides and authorizes.Access token port is for providing access token, and client uses access token to obtain user resources.In the specification of OAuth 2.0, client uses access token access resources server to be sent by HTTPS agreement and respond.HTTPS agreement uses SSL at transmit leg, initial data to be encrypted, then be decrypted at reciever, encryption and decryption need transmit leg and reciever to realize by exchanging the key known altogether, and therefore, the data transmitted are not easy to be intercepted and captured by network hacker and decipher.But encryption and decryption process need expends a large amount of expense of system, the serious performance reducing machine, relevant test data shows that using the operating efficiency of HTTPS protocol transmission data to only have uses 1/10th of http protocol transmission.If a client application sends multiple resource access request simultaneously, the response time of server end is longer.
Summary of the invention
Goal of the invention: for the problems referred to above, the object of this invention is to provide a kind of for OAuth agreement, and the method for carrying out resource access to use HTTPS agreement of its suggestion provides the system of http protocol.
Technical scheme: a kind of http protocol system based on OAuth, comprises client application module, application Registering modules, authorization server, Resource Server, security token service device.
Described client application module comprises client encrypt module;
Described authorization server comprises authorization module and access token provides module;
Described Resource Server comprises request receiving module, requests verification module, request processing module.
Client encrypt adopts binary system.
Beneficial effect: compared with prior art, advantage of the present invention is simple to System's composition, and when application needs to send multiple request simultaneously, the request of HTTP alleviates the resource overhead of server, and the response time also cuts down to some extent.
Embodiment
Below in conjunction with specific embodiment, illustrate the present invention further, these embodiments should be understood only be not used in for illustration of the present invention and limit the scope of the invention, after having read the present invention, the amendment of those skilled in the art to the various equivalent form of value of the present invention has all fallen within the application's claims limited range.
Based on a http protocol system of OAuth, comprise client application module, application Registering modules, authorization server, Resource Server, security token service device.
Client application module comprises client encrypt module.Authorization server comprises authorization module and access token provides module.Resource Server comprises request receiving module, requests verification module, request processing module.
Client application module is used for the resource of request user authorization and request resource server.
Claims (3)
1. based on a http protocol system of OAuth, it is characterized in that: comprise client application module, application Registering modules, authorization server, Resource Server, security token service device.
2. a kind of http protocol system based on OAuth according to claim 1, is characterized in that:
Described client application module comprises client encrypt module;
Described authorization server comprises authorization module and access token provides module;
Described Resource Server comprises request receiving module, requests verification module, request processing module.
3. a kind of http protocol system based on OAuth according to claim 2, is characterized in that: client encrypt adopts binary system.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310248753.XA CN104243434A (en) | 2013-06-21 | 2013-06-21 | HTTP system based on OAuth |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310248753.XA CN104243434A (en) | 2013-06-21 | 2013-06-21 | HTTP system based on OAuth |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN104243434A true CN104243434A (en) | 2014-12-24 |
Family
ID=52230789
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201310248753.XA Pending CN104243434A (en) | 2013-06-21 | 2013-06-21 | HTTP system based on OAuth |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104243434A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106487765A (en) * | 2015-08-31 | 2017-03-08 | 索尼公司 | Authorize access method and the equipment using the method |
-
2013
- 2013-06-21 CN CN201310248753.XA patent/CN104243434A/en active Pending
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106487765A (en) * | 2015-08-31 | 2017-03-08 | 索尼公司 | Authorize access method and the equipment using the method |
| CN106487765B (en) * | 2015-08-31 | 2021-10-29 | 索尼公司 | Authorized access method and device using the same |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11177946B2 (en) | Quantum entropy distributed via software defined perimeter connections | |
| CN107769913B (en) | Quantum UKey-based communication method and system | |
| US10855668B2 (en) | Wireless device authentication and service access | |
| WO2017190616A1 (en) | Wireless network connection method, wireless access point, server, and system | |
| EP2391083B1 (en) | Method for realizing authentication center and authentication system | |
| US20140337619A1 (en) | Derived Certificate based on Changing Identity | |
| JP7292263B2 (en) | Method and apparatus for managing digital certificates | |
| WO2016123112A1 (en) | Secure access to cloud-based services | |
| KR20180095873A (en) | Wireless network access method and apparatus, and storage medium | |
| WO2015196908A1 (en) | Service processing method, terminal, server and system | |
| CN105491073B (en) | Data downloading method, device and system | |
| CN109672675A (en) | A kind of WEB authentication method of the cryptographic service middleware based on OAuth2.0 | |
| CN107026823B (en) | Access authentication method and terminal applied to Wireless Local Area Network (WLAN) | |
| CN114765534B (en) | Private key distribution system and method based on national secret identification cryptographic algorithm | |
| CN103780609A (en) | Cloud data processing method and device and cloud data security gateway | |
| CN102916965A (en) | Safety authentication mechanism and safety authentication system thereof for cloud service interfaces | |
| CN104243452B (en) | A kind of cloud computing access control method and system | |
| US9774588B2 (en) | Single sign off handling by network device in federated identity deployment | |
| CN104243435A (en) | Communication method for HTTP based on OAuth | |
| WO2012176506A1 (en) | Single sign-on system, single sign-on method, and authentication server linking program | |
| CN114586316A (en) | Method and system for managing secure IoT device applications | |
| CN110138558B (en) | Transmission method and device of session key and computer-readable storage medium | |
| KR101358704B1 (en) | Method of authenticating for single sign on | |
| CN104243434A (en) | HTTP system based on OAuth | |
| US10834063B2 (en) | Facilitating provisioning of an out-of-band pseudonym over a secure communication channel |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C02 | Deemed withdrawal of patent application after publication (patent law 2001) | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20141224 |