阅读说明：本技术 一种授权处理方法、装置、设备及存储介质 (Authorization processing method, device, equipment and storage medium ) 是由 张建军 陈真 于 2021-09-10 设计创作，主要内容包括：本公开提供了一种授权处理方法、装置、设备及存储介质,涉及车联网和智能座舱技术。具体实现方案为：获取目标机构的通用凭证；所述通用凭证根据目标应用的授权信息生成；根据所述通用凭证,控制所述目标机构在开放平台上所开发的至少两个应用进行授权；所述至少两个应用包括目标应用。根据本公开的技术,解决了目前第三方机构在开放平台上的每一应用均需要用户做独立的登录授权才能使用,导致用户体验不佳的问题,简化了用户的操作,提升了用户体验。(The disclosure provides an authorization processing method, an authorization processing device and a storage medium, and relates to the technologies of Internet of vehicles and intelligent cabins. The specific implementation scheme is as follows: acquiring a general certificate of a target mechanism; the general certificate is generated according to authorization information of the target application; controlling at least two applications developed by the target mechanism on an open platform to be authorized according to the general certificate; the at least two applications include a target application. According to the technology disclosed by the invention, the problem that each application of the current third-party organization on the open platform can be used only by the user needing independent login authorization, so that the user experience is poor is solved, the operation of the user is simplified, and the user experience is improved.)

1. An authorization processing method, comprising:

acquiring a general certificate of a target mechanism; the general certificate is generated according to authorization information of the target application;

controlling at least two applications developed by the target mechanism on an open platform to be authorized according to the general certificate; the at least two applications include a target application.

2. The method of claim 1, wherein said controlling at least two applications developed by the target organization on an open platform for authorization according to the universal credential comprises:

controlling the target application to authorize according to the general certificate;

according to the authorization configuration information of the target mechanism, selecting an application to be authorized from other applications except the target application in the at least two applications;

and controlling the application to be authorized to perform authorization according to the general certificate.

3. The method of claim 2, wherein the controlling a target application to authorize according to the generic credential comprises:

sending an authorization code of a target application to the open platform through a unique callback interface configured for the target application by the open platform;

acquiring a first authorization request which is sent by the open platform and comprises an authorization code and an authorization parameter of the target application through a uniform authorization interface;

and controlling the target application to authorize according to the authorization code and the authorization parameter of the target application and the general certificate.

4. The method of claim 2, wherein the controlling the application to be authorized to authorize according to the generic credential comprises:

taking the authorization code of the target application as the authorization code of the application to be authorized;

sending an authorization code of the application to be authorized to the open platform through a unique callback interface configured for the application to be authorized by the open platform;

acquiring a second authorization request which is sent by the open platform and comprises an authorization code and an authorization parameter of the application to be authorized through a uniform authorization interface;

and controlling the application to be authorized to carry out authorization according to the authorization code and the authorization parameter of the application to be authorized and the general certificate.

5. The method of claim 2, wherein the controlling the application to be authorized to authorize according to the generic credential comprises:

determining authorization time according to the valid time of the general certificate and the historical access record of the open platform;

and controlling the application to be authorized to perform authorization according to the authorization time and the general certificate.

6. The method of claim 1, wherein the authorization information includes an authorization code and an authorization parameter; the obtaining of the universal credential for accessing the target institution includes:

obtaining an authorization code of a target application sent by a target mechanism through a unified callback interface;

and sending a third authorization request comprising the authorization code and the authorization parameter of the target application to the target mechanism through a uniform authorization interface so as to indicate the target mechanism to generate a general certificate according to the authorization code and the authorization parameter of the target application and feed back the general certificate.

7. The method of any of claims 1-6, after obtaining the universal credential for accessing the target institution, further comprising:

selecting similar applications from other organizations according to the authorization configuration information of the target organization and/or the authorization configuration information of other organizations;

and controlling the similar application to carry out authorization according to the general certificate.

8. An authorization processing device comprising:

the general certificate acquisition module is used for acquiring a general certificate of a target mechanism; the general certificate is generated according to authorization information of the target application;

the authorization processing module is used for controlling at least two applications developed by the target mechanism on the open platform to authorize according to the general certificate; the at least two applications include a target application.

9. The apparatus of claim 8, wherein the authorization processing module comprises:

the first authorization unit is used for controlling the target application to authorize according to the general certificate;

the selecting unit is used for selecting an application to be authorized from other applications except the target application in the at least two applications according to the authorization configuration information of the target mechanism;

and the second authorization unit is used for controlling the application to be authorized to authorize according to the general certificate.

10. The apparatus according to claim 9, wherein the first authorization unit is specifically configured to:

sending an authorization code of a target application to the open platform through a unique callback interface configured for the target application by the open platform;

acquiring a first authorization request which is sent by the open platform and comprises an authorization code and an authorization parameter of the target application through a uniform authorization interface;

and controlling the target application to authorize according to the authorization code and the authorization parameter of the target application and the general certificate.

11. The apparatus according to claim 9, wherein the second authorization unit is specifically configured to:

taking the authorization code of the target application as the authorization code of the application to be authorized;

sending an authorization code of the application to be authorized to the open platform through a unique callback interface configured for the application to be authorized by the open platform;

acquiring a second authorization request which is sent by the open platform and comprises an authorization code and an authorization parameter of the application to be authorized through a uniform authorization interface;

and controlling the application to be authorized to carry out authorization according to the authorization code and the authorization parameter of the application to be authorized and the general certificate.

12. The apparatus of claim 9, wherein the second authorization unit is further specifically configured to:

determining authorization time according to the valid time of the general certificate and the historical access record of the open platform;

and controlling the application to be authorized to perform authorization according to the authorization time and the general certificate.

13. The apparatus of claim 8, wherein the authorization information includes an authorization code and an authorization parameter; the general certificate acquisition module is specifically configured to:

obtaining an authorization code of a target application sent by a target mechanism through a unified callback interface;

and sending a third authorization request comprising an authorization code and an authorization parameter of the target application to the target mechanism through the uniform authorization interface so as to indicate the target mechanism to generate a general certificate according to the authorization code and the authorization parameter of the target application, and feeding back the general certificate.

14. The apparatus of any of claims 8-13, further comprising:

the selection module is used for selecting similar applications from other mechanisms according to the authorization configuration information of the target mechanism and/or the authorization configuration information of other mechanisms;

and the authorization processing module is also used for controlling the similar application to carry out authorization according to the general certificate.

15. An electronic device, comprising:

at least one processor; and

a memory communicatively coupled to the at least one processor; wherein the content of the first and second substances,

the memory stores instructions executable by the at least one processor to enable the at least one processor to perform the authorization processing method of any of claims 1-7.

16. A non-transitory computer readable storage medium storing computer instructions for causing a computer to perform the authorization processing method according to any one of claims 1-7.

17. A computer program product comprising a computer program which, when executed by a processor, implements an authorization processing method according to any of claims 1-7.

Technical Field

The present disclosure relates to the field of computer technologies, and in particular, to a car networking and intelligent cabin technology, and in particular, to an authorization processing method, apparatus, device, and storage medium.

Background

Currently, open platforms (such as voice open platforms) support users or third party organizations to develop their own applications on them. For example, if a third-party organization develops 10 applications on an open platform, the user must perform 10 login authorizations to use the 10 applications. Obviously, the existing login authorization processing is tedious, the user experience is not good, and improvement is urgently needed.

Disclosure of Invention

The disclosure provides an authorization processing method, an authorization processing device, an authorization processing equipment and a storage medium.

According to an aspect of the present disclosure, there is provided an authorization processing method, including:

acquiring a general certificate of a target mechanism; the general certificate is generated according to authorization information of the target application;

controlling at least two applications developed by the target mechanism on an open platform to be authorized according to the general certificate; the at least two applications include a target application.

According to another aspect of the present disclosure, there is provided an authorization processing apparatus, the apparatus including:

the general certificate acquisition module is used for acquiring a general certificate of a target mechanism; the general certificate is generated according to authorization information of the target application;

the authorization processing module is used for controlling at least two applications developed by the target mechanism on the open platform to authorize according to the general certificate; the at least two applications include a target application.

According to another aspect of the present disclosure, there is provided an electronic device including:

at least one processor; and

a memory communicatively coupled to the at least one processor; wherein the content of the first and second substances,

the memory stores instructions executable by the at least one processor to enable the at least one processor to perform a method of authorization processing according to any embodiment of the disclosure.

According to another aspect of the present disclosure, there is provided a non-transitory computer readable storage medium storing computer instructions for causing a computer to perform an authorization processing method according to any one of the embodiments of the present disclosure.

According to another aspect of the present disclosure, there is provided a computer program product comprising a computer program which, when executed by a processor, implements the authorization processing method of any of the embodiments of the present disclosure.

According to the technology disclosed by the invention, the problem that each application of the current third-party organization on the open platform can be used only by the user needing independent login authorization, so that the user experience is poor is solved, the operation of the user is simplified, and the user experience is improved.

It should be understood that the statements in this section do not necessarily identify key or critical features of the embodiments of the present disclosure, nor do they limit the scope of the present disclosure. Other features of the present disclosure will become apparent from the following description.

Drawings

The drawings are included to provide a better understanding of the present solution and are not to be construed as limiting the present disclosure. Wherein:

fig. 1 is a flowchart of an authorization processing method provided according to an embodiment of the present disclosure;

FIG. 2 is a flow chart of another authorization processing method provided in accordance with an embodiment of the present disclosure;

fig. 3 is a flowchart of another authorization processing method provided according to an embodiment of the disclosure;

FIG. 4 is a flow chart of yet another authorization processing method provided in accordance with an embodiment of the present disclosure;

fig. 5 is a flowchart of yet another authorization processing method provided in accordance with an embodiment of the present disclosure;

fig. 6 is a signaling diagram of an authorization process provided according to an embodiment of the present disclosure;

fig. 7 is a schematic structural diagram of an authorization processing device according to an embodiment of the present disclosure;

FIG. 8 is a block diagram of an electronic device for implementing an authorization processing method of an embodiment of the present disclosure;

Detailed Description

Exemplary embodiments of the present disclosure are described below with reference to the accompanying drawings, in which various details of the embodiments of the disclosure are included to assist understanding, and which are to be considered as merely exemplary. Accordingly, those of ordinary skill in the art will recognize that various changes and modifications of the embodiments described herein can be made without departing from the scope and spirit of the present disclosure. Also, descriptions of well-known functions and constructions are omitted in the following description for clarity and conciseness.

Fig. 1 is a flowchart of an authorization processing method according to an embodiment of the disclosure. The embodiment of the disclosure is suitable for the situation of how to perform authorization processing, and is particularly suitable for how to perform authorization processing on the basis that the open platform supports the Oauth2.0 authorization protocol, so that a user performs one-time login authorization, and partial or even all applications developed on the open platform by using a third-party organization can be used. The method may be performed by an authorization processing apparatus, which may be implemented in software and/or hardware, and may be integrated into an electronic device with authorization processing function, such as an intermediate platform, where the intermediate platform is a device independent of the open platform and a third-party organization. As shown in fig. 1, the authorization processing method provided in this embodiment may include:

s101, acquiring the general certificate of the target mechanism.

In this embodiment, the target institution is any third-party institution that develops at least two applications on an open platform. The universal certificate is a key for accessing the target organization, in particular a universal key for accessing services supported by the target organization. The target application can be any one of at least two applications developed by a target organization on an open platform; further, the target application is specifically an application that any user (such as the target user) who has registered on the open platform wants to use.

Optionally, for any user who has registered on the open platform, if the user has a requirement for using a target application developed by a target organization on the open platform, the user may fill in a user name and a password on an authorization page provided by the target organization for the target application, and click to log in; and then triggering the target mechanism to interact with the intermediate platform based on the Oauth2.0 authorization protocol, generating a general certificate of the target mechanism to the user, and feeding the general certificate back to the intermediate platform, so that the intermediate platform can acquire the general certificate of the target mechanism to the user.

Optionally, the general certificate may be generated by the target mechanism according to authorization information of the target application, for example, the general certificate may be obtained by encoding the authorization information of the target application; the general certificate may also be generated according to authorization information of the target application, user account information, a target institution identifier, a current timestamp, a target application identifier, and the like. The authorization information may include an authorization code and an authorization parameter.

Further, in order to improve the security of the information in the interaction process, an encryption strategy may be adopted to encrypt the interaction information. For example, asymmetric encryption may be used. Specifically, the target mechanism may encrypt the general certificate by using a public key of the intermediate platform, and then the intermediate platform may decrypt the encrypted general certificate by using its own private key to obtain the general certificate for accessing the target mechanism.

And S102, controlling at least two applications developed by the target mechanism on the open platform to authorize according to the general certificate.

Optionally, the at least two applications include a target application; after obtaining the general certificate for accessing the target organization, the intermediate platform may interact with the open platform based on the oauth2.0 authorization protocol, so as to implement authorization of the open platform by at least two applications opened on the open platform by the target organization.

According to the authorization configuration information of the target organization, the intermediate platform can select an application capable of using the general certificate for authorization service from at least two applications developed on the open platform by the target organization; and controlling each selected application to be authorized by adopting the general-purpose certificate. Namely, the general-purpose voucher is adopted to generate an access token for the user to access each selected application through the open platform.

For example, for each application, the intermediate platform may generate an access token of the application to the user according to the general credential, in combination with the relevant data of the application and the relevant data of the user, and transmit the access token to the open platform, so that the user can access the service corresponding to the application in the target organization based on the access token of the application through the open platform when the user has a need to use the application. The access token of the application is imperceptible to the user and is stored in the open platform, that is, the open platform may store the access token of the application in association with the user, specifically, store the access token of the application in association with account information of the user on the open platform, and the like.

It should be noted that, at present, for each application developed by a third-party organization, if a user wants to use the application, the user needs to perform independent login authorization to use the application, for example, 10 applications are developed on an open platform by a third-party organization, and the user needs to perform 10 logins to use the 10 applications, that is, the user needs to fill in 10 times of a user name and a password, etc.; in the embodiment, the user only needs to log in once, and can use part or even all of the applications developed on the open platform by the third-party organization. For example, the third-party organization a develops three applications on an open platform, such as an intelligent home application, a custom game application and a mall application, and if a user wants to use the intelligent home application, the user name, the password and other information can be filled in an authorization page of the intelligent home, and the user clicks to log in; triggering a third-party organization A to interact with the intermediate platform based on the Oauth2.0 authorization protocol, generating a general certificate and feeding the general certificate back to the intermediate platform; the intermediate platform can control the smart home application, the custom game application and the mall application to authorize the open platform based on the acquired general credentials, and further, the user can directly use the open platform without operations of filling in a user name, a password and the like when subsequently using the mall application and the custom game application of the third-party organization A.

According to the technical scheme provided by the embodiment of the disclosure, the intermediate platform interacts with the target mechanism, the general certificate for accessing the target mechanism can be obtained, and further, based on the general certificate, authorization of part or even all of applications developed on the open platform by the target mechanism can be realized. According to the scheme, the universal certificate is introduced, authorization of multiple applications to the open platform can be directly controlled, the user is not required to fill in user names and passwords for multiple times, the problem that the user experience is poor due to the fact that each application of a current third-party organization on the open platform can be used only by the user through independent login authorization is solved, one-time login is achieved under the condition that independence between different applications on the open platform is met, the effect of batch authorization of the multiple applications is achieved, and the user experience is improved.

It should be noted that, for different users who have registered on the open platform, accessing the same application on the open platform by the third-party organization is independent from each other, that is, the authorization of different users by the same application is independent from each other. Furthermore, the general voucher in this embodiment is a general voucher of the target mechanism to the target user, that is, the general voucher is generated according to the authorization information of the target application to the target user; and then according to the general voucher, controlling at least two applications developed by the target mechanism on the open platform to authorize, substantially according to the general voucher, performing access authorization on the target user through the open platform for at least two applications of the target mechanism, so that the target user only needs to log in one application in the authorized target mechanism on the open platform, and can access part or even all applications in the target mechanism through the open platform.

Fig. 2 is a flowchart of another authorization processing method provided according to an embodiment of the present disclosure, and this embodiment further explains in detail how to "obtain a universal credential of a target entity" on the basis of the above embodiment. As shown in fig. 2, the authorization processing method provided in this embodiment may include:

s201, obtaining the authorization code of the target application sent by the target mechanism through the unified callback interface.

The unified callback interface is an interface externally provided by the intermediate platform. The unified callback interface can also be called a unified callback address, and can be an external unified interface realized in a virtual IP address mode; further, the unified callback interface may be a unified interface for any third party entity to callback to the intermediate platform, that is, an interface for any third party entity to transmit information to the intermediate platform.

The authorization code of the target application is a certificate which allows the target mechanism to allow the open platform to access one or some services in the target mechanism to which the target application belongs; further, based on the oauth2.0 authorization protocol, the authorization code of the target application in this embodiment is a necessary key for the intermediate platform to take the universal certificate from the target mechanism.

Specifically, the user can fill information such as a user name and a password in an authorization page of the target application on the open platform, and click to log in; triggering the open platform to send an authorization code request comprising a target application identifier, a user identifier and the like to a target mechanism; and the target mechanism generates an authorization code of the target application to the user, and transmits the authorization code to the intermediate platform through the uniform callback interface configured by the intermediate platform. Further, the unified callback interface may be a unified callback address, specifically, a set page website specified for the intermediate platform, and then the target mechanism may add the authorization code to a fixed field in the set page website, and jump to the set page, and then the intermediate platform may obtain the authorization code of the target application to the user.

The authorization code may be generated as follows: and the target mechanism acquires the user account information according to the user identification, and generates an authorization code of the target application to the user according to the target application identification, the user account information and the like. The target application identifier is used to uniquely identify the target application, and may be represented by a character string, such as a target application ID. The user identifier is used to uniquely identify the user, and the user account information may include a user name and password used by the user to log in to the application.

S202, sending a third authorization request comprising an authorization code and an authorization parameter of the target application to the target mechanism through the uniform authorization interface to indicate the target mechanism to generate a general certificate according to the authorization code and the authorization parameter of the target application, and feeding back the general certificate.

Correspondingly, the unified authorization interface is also an interface provided by the intermediate platform, and can be called a unified authorization address, or an external unified interface realized by adopting a virtual IP address; further, the unified authorization interface may be specifically an interface for performing authorization service between any third-party organization and the intermediate platform, and between the intermediate platform and the open platform.

Optionally, after obtaining the authorization code of the target application, the intermediate platform may query a pre-established database according to the target application identifier, so as to obtain the authorization parameter of the target application. The database stores relevant parameters of all applications on the open platform; further, the relevant parameters of the application may be stored in the database in the form of Key-Value pairs (i.e., Key-Value), for example, the application identifier may be used as a Key, and the authorization parameter of the application is Value. The authorization parameters of the application are parameters configured by the third-party organization based on the oauth2.0 authorization protocol when developing the application on the open platform, and may include, but are not limited to, an application ID (i.e., client _ ID), an application key (client _ secret), an authorization scope (scope), and the like. Further, the authorization parameters may be different for different applications.

For example, the intermediate platform may encapsulate an authorization code, an authorization parameter, and the like of the target application based on a data format of the request authorization service specified by the oauth2.0 authorization protocol to obtain a third authorization request, and transmit the third authorization request to the target entity through the uniform authorization interface. The target mechanism can compare the authorization parameter of the target application stored locally with the authorization parameter of the target application transmitted by the intermediate platform, and compare the authorization code of the target application stored locally with the authorization code of the target application transmitted by the intermediate platform; if the two are consistent, the target mechanism generates a general certificate for the user and transmits the general certificate to the intermediate platform through the uniform authorization interface. It should be noted that the third authorization request may or may not include the user identifier; since the authorization code of the target application is essentially the authorization code of the target application to the target user, even if the third authorization request does not include the user identifier, the target entity can search for the user according to the authorization code.

It should be noted that, no matter which application in the target institution the user operates to trigger the generation of the universal credential, the intermediate platform may use the acquired universal credential as a basic key for accessing some or all services in the target institution based on the authorization configuration information of the target institution. That is, the universal credential is a key to access the music service in the target organization and is also a key to access the game service in the target organization.

S203, controlling at least two applications developed by a target mechanism on the open platform to authorize according to the general certificate; the at least two applications include a target application.

According to the technical scheme provided by the embodiment of the disclosure, the intermediate platform interacts with the target mechanism through the unified callback interface and the unified authorization interface based on the Oauth2.0 authorization protocol to acquire the universal certificate, so that the universal certificate can be prevented from being snooped in network transmission, services in the target mechanism can be prevented from being maliciously accessed, and the safety is improved; meanwhile, based on the general certificate, the authorization of the open platform to access part or even all of the applications developed by the target mechanism on the open platform can be realized.

Fig. 3 is a flowchart of another authorization processing method provided according to an embodiment of the present disclosure, and this embodiment further explains in detail how to authorize at least two applications developed by a control target entity on an open platform according to a universal credential on the basis of any of the above embodiments. As shown in fig. 3, the authorization processing method provided in this embodiment may include:

s301, acquiring the general certificate of the target mechanism.

Wherein, the general certificate can be generated by the target mechanism according to the authorization information of the target application.

And S302, controlling the target application to authorize according to the general certificate.

In this embodiment, the target application may be any one of at least two applications developed by a target organization on an open platform; the target application is specifically an application that any user who has registered on the open platform wants to use, that is, an application involved in executing the triggering operation of the process of acquiring the universal credential to access the target mechanism S301.

According to an implementation manner, the intermediate platform may generate an access token of the target application (that is, an access token for a user to access a service corresponding to the target application through the open platform) according to the general certificate, the target application identifier, the user identifier, and the like, and transmit the access token to the open platform, so that the open platform accesses the service corresponding to the target application in the target mechanism based on the access token of the target application, thereby implementing authorization for the open platform to access the target application.

In another implementation manner, the intermediate platform can interact with the open platform based on the oauth2.0 authorization protocol, and can control the target application to perform authorization according to the interaction result and the general certificate.

S303, according to the authorization configuration information of the target mechanism, selecting the application to be authorized from other applications except the target application in at least two applications developed by the target mechanism on the open platform.

In this embodiment, the authorization configuration information is related to authorization processing of an application developed on an open platform by a target organization. Optionally, the authorization configuration information may include an application identifier that can be authorized by using a common credential, or may include an application identifier that is the same as the authorization processing procedure, and the like.

In one implementation mode, after the intermediate platform controls the target application to be authorized, whether the target mechanism has an unauthorized application in other applications on the open platform can be identified; if the target mechanism is identified to have unauthorized application in other applications on the open platform, selecting the application with the same authorization processing process as the target application from the unauthorized application as the application to be authorized according to the authorization configuration information of the target mechanism. The application to be authorized is an application which is not authorized for the user to access the service through the open platform.

In another implementation manner, the intermediate platform may further obtain interest data of the user according to the user identifier, and further select an application to be authorized from other applications according to the authorization configuration information of the target organization and the interest data of the user. For example, an application that is the same as the authorization processing procedure of the target application may be selected from unauthorized applications of other applications according to the authorization configuration information; and determining the application to be authorized from the selected applications according to the interest data. It can be understood that, by combining the interest data of the user, the access to the application in which the user is interested can be authorized only for the open platform, and the intelligence degree of the authorization process is further increased.

S304, controlling the application to be authorized to perform authorization according to the general certificate.

According to an implementable manner, for each application to be authorized, the intermediate platform can generate an access token of the application to the user according to the general certificate, the application identifier, the user identifier and the like, and transmit the access token to the open platform, so that the user can access the service corresponding to the application in the target mechanism through the open platform based on the access token of the application, and further, the authorization of the application to the open platform is realized.

Optionally, the intermediate platform may authorize the applications to be authorized in sequence according to the development time sequence of all the applications to be authorized on the open platform.

Further, in order to improve the authorization processing efficiency, the intermediate platform may allocate a plurality of threads according to the number of the applications to be authorized, and concurrently process the authorization operations of the applications to be authorized.

In order to ensure normal operation of other services (such as data access) in the open platform, in another implementation manner, the intermediate platform may determine the authorization time according to the valid time of the general certificate and the historical access record of the open platform; and controlling the application to be authorized to perform authorization according to the authorization time and the general certificate. Wherein, the valid time of the universal certificate can be a time limit specified by the target institution for using the universal certificate, for example, the valid time can be 8/1/2021; the authorization time is the time for authorizing the application to be authorized.

Specifically, the intermediate platform may determine a time period in which the access amount of the open platform is relatively small according to the historical access record of the open platform; the intermediate platform determines authorization time according to the valid time of the general certificate, the access condition of the intermediate platform and the determined time period; and at the authorization time, authorizing the open platform for the application to be authorized according to the general certificate.

It should be noted that, the present embodiment determines the authorization time by introducing the historical access record of the open platform and the valid time of the general certificate; and when the current time reaches the authorization time, the application to be authorized is controlled to be authorized, and normal operation of other services in the open platform is ensured under the condition that the application to be authorized can be authorized to the open platform.

According to the technical scheme provided by the embodiment of the disclosure, the authorization configuration information of the target mechanism is introduced, and based on the authorization configuration information of the target mechanism, some applications developed by the target mechanism on the open platform can be flexibly selected for authorization, so that the flexibility of the scheme is increased under the condition that the effects of one-time login and batch authorization of a plurality of applications can be realized.

Fig. 4 is a flowchart of another authorization processing method provided according to an embodiment of the present disclosure, and based on the above embodiment, a target application may be authorized based on the oauth2.0 authorization protocol. As shown in fig. 4, the authorization processing method provided in this embodiment may include:

s401, acquiring the general certificate of the target mechanism.

Wherein, the general certificate can be generated by the target mechanism according to the authorization information of the target application.

S402, sending the authorization code of the target application to the open platform through the unique callback interface configured for the target application by the open platform.

In this embodiment, the so-called unique callback interface may also be referred to as a unique callback address, and may be an external interface implemented in a virtual IP address manner, specifically, an address from an open platform to which a callback is configured for a target application by the open platform, and has uniqueness.

Specifically, after obtaining the general certificate for accessing the target mechanism, the intermediate platform may send the authorization code of the target application to the open platform through the unique callback interface configured for the target application by the open platform. And then after the open platform obtains the authorization code of the target application, obtaining the authorization parameter of the target application, packaging the authorization code, the authorization parameter and the like of the target application based on the data format of the request authorization service specified by the Oauth2.0 authorization protocol to obtain a first authorization request, and sending the first authorization request to the intermediate platform through the uniform authorization interface. The open platform can acquire authorization parameters of the target application according to the target application identifier; the open platform may obtain the target application identification from the intermediate platform.

Further, in order to reduce the false probability of the intermediate platform, in this embodiment, when the intermediate platform sends the authorization code of the target application to the open platform, the intermediate platform may also send the generation timestamp of the authorization code to the open platform. After the open platform receives the generation time stamp of the authorization code, the generation time stamp can be compared with the current time stamp, and if the difference between the generation time stamp and the current time stamp is within a set range, the open platform carries out an operation process of sending a first authorization request to the middle platform; otherwise, the open platform may send an authorization code failure notification to the intermediate platform, and the like. Wherein the generation timestamp is the time at which the target authority generated the authorization code for the target application.

S403, acquiring a first authorization request including an authorization code and an authorization parameter of the target application, which is sent by the open platform, through the uniform authorization interface.

Specifically, the intermediate platform may obtain, through the unified authorization interface, the first authorization request that includes the authorization code and the authorization parameter of the target application and is sent by the open platform.

S404, controlling the target application to authorize according to the authorization code and authorization parameter of the target application and the general certificate.

Optionally, after acquiring the first authorization request, the intermediate platform may extract an authorization code and an authorization parameter of the target application from the first authorization request; the authorization parameters of the locally stored target application can be compared with the authorization parameters of the target application transmitted by the open platform, and the authorization code of the locally stored target application can be compared with the authorization code of the target application transmitted by the open platform; if the two are consistent, the intermediate platform can generate an access token of the target application according to the general token, the target application identifier, the target application authorization code, the user identifier and the like; and transmitting the access token of the target application to the open platform through the uniform authorization interface, so that the open platform can access the service corresponding to the target application in the target mechanism based on the access token of the target application, and thus completing the authorization operation of the target application to the open platform.

S405, according to the authorization configuration information of the target organization, selecting the application to be authorized from other applications except the target application in at least two applications developed by the target organization on the open platform.

S406, controlling the application to be authorized to perform authorization according to the general certificate.

According to the technical scheme provided by the embodiment of the disclosure, the intermediate platform is based on the Oauth2.0 authorization protocol, interacts with the open platform through the unique callback interface configured for the target application by the unified authorization interface and the open platform, so that the authorization of the target application to the open platform is realized, universal certificates, access tokens and the like in network transmission can be prevented from being snooped, services corresponding to the target application in a target mechanism are prevented from being maliciously accessed, and the safety is improved.

Fig. 5 is a flowchart of another authorization processing method provided according to an embodiment of the present disclosure, and based on the above embodiment, an authorization may be performed on an application to be authorized based on the oauth2.0 authorization protocol. As shown in fig. 5, the authorization processing method provided in this embodiment may include:

s501, acquiring the general certificate of the target mechanism.

Wherein, the general certificate can be generated by the target mechanism according to the authorization information of the target application.

And S502, controlling the target application to authorize according to the general certificate.

S503, according to the authorization configuration information of the target mechanism, selecting the application to be authorized from other applications except the target application in at least two applications developed by the target mechanism on the open platform.

S504, the authorization code of the target application is used as the authorization code of the application to be authorized.

In this embodiment, the number of applications to be authorized may be one or more. Optionally, for each application to be authorized, the intermediate platform may use the authorization code of the target application as the authorization code of the application to be authorized.

And S505, sending the authorization code of the application to be authorized to the open platform through the unique callback interface configured for the application to be authorized by the open platform.

Each application to be authorized has a unique callback interface similar to the unique callback interface of the target application; further, the unique callback interface of the application to be authorized is also referred to as a unique callback address, and may be an external interface implemented in a virtual IP address manner, and specifically may be an address from the open platform to which a callback for the application to be authorized is configured.

Specifically, the intermediate platform may send the authorization code of the application to be authorized and the like to the open platform through a unique callback interface configured for the application to be authorized by the open platform. And then after the open platform obtains the authorization code of the application to be authorized, obtaining the authorization parameter of the application to be authorized, packaging the authorization code, the authorization parameter and the like of the application to be authorized based on the data format of the request authorization service specified by the Oauth2.0 authorization protocol to obtain a second authorization request, and sending the second authorization request to the intermediate platform through the uniform authorization interface. The open platform can acquire authorization parameters of the application to be authorized according to the application identifier to be authorized; the open platform can acquire the application identifier to be authorized from the intermediate platform.

S506, a second authorization request which is sent by the open platform and comprises an authorization code and an authorization parameter of the application to be authorized is obtained through the uniform authorization interface.

Specifically, the intermediate platform may obtain, through the unified authorization interface, the second authorization request that includes the authorization code and the authorization parameter of the application to be authorized and is sent by the open platform.

S507, controlling the application to be authorized to authorize according to the authorization code and the authorization parameter of the application to be authorized and the general certificate.

Optionally, after acquiring the second authorization request, the intermediate platform may extract an authorization code and an authorization parameter of the application to be authorized from the second authorization request; the authorization parameters of the locally stored application to be authorized can be compared with the authorization parameters of the application to be authorized transmitted by the open platform, and the authorization codes of the locally stored application to be authorized can be compared with the authorization codes of the application to be authorized transmitted by the open platform; if the two are consistent, the intermediate platform can generate an access token of the application to be authorized for the user according to the general token, the application identifier to be authorized, the application authorization code to be authorized, the user identifier and the like; and transmitting the access token of the application to be authorized to the open platform through the uniform authorization interface, so that the open platform can access the service corresponding to the application to be authorized in the target mechanism based on the access token of the application to be authorized, and the authorization operation of the application to be authorized to the open platform is completed.

It should be noted that, no matter the number of the applications to be authorized is one or more, for any application to be authorized, the authorization of the application to be authorized can be realized through steps S504 to S507.

According to the technical scheme provided by the embodiment of the disclosure, the intermediate platform is interactive with the open platform through the unique callback interface configured for the application to be authorized by the unified authorization interface and the open platform based on the Oauth2.0 authorization protocol, so that the authorization of the application to be authorized on the open platform is realized, universal certificates, access tokens and the like in network transmission can be prevented from being snooped, services corresponding to the application to be authorized in a target mechanism are prevented from being maliciously accessed, and the security is improved.

For example, on the basis of any of the above embodiments, after the universal token for accessing the target institution is obtained, the universal credential may be used to control the applications in other institutions to perform authorization. For example, the intermediate platform may select similar applications from other organizations according to the authorization configuration information of the target organization and/or the authorization configuration information of other organizations; and controlling the similar application to carry out authorization according to the general certificate.

In this embodiment, the similar application is an application of other mechanisms in the application developed by the open platform, which is the same as the authorization processing process of the application developed by the target mechanism in the open platform; further, the similar application is specifically an application in which the other organizations can perform authorization processing by using a general certificate for accessing the target organization.

Specifically, the intermediate platform may identify whether the authorization configuration information of the target organization includes an application identifier of another organization; and if so, identifying whether the included application identifications of other mechanisms are unauthorized, if not, taking the applications corresponding to the application identifications of the other mechanisms as similar applications, and then adopting the general certificate to control the similar applications to be authorized, namely adopting the general certificate to generate the access tokens of the similar applications to the open platform.

Or the intermediate platform can identify whether the authorization configuration information of other mechanisms comprises an application identifier of an application which can be authorized by the universal certificate in the target mechanism; if the authorization processing procedure of the application of the target organization is included, the application which is the same as the authorization processing procedure of the application of the included target organization in the applications of other organizations is used as a similar application, and then the general certificate is adopted to control the similar application to carry out authorization.

Or the intermediate platform can simultaneously identify the authorization configuration information of the target mechanism and the authorization configuration information of other mechanisms, further select similar applications from other mechanisms according to the identification result, and control the similar applications to authorize by adopting the general certificate.

It should be noted that, in this embodiment, the process of controlling the similar application to perform authorization according to the general credential is similar to the process of controlling the application to be authorized to perform authorization according to the general credential stated in the foregoing embodiment, and details are not repeated here.

It is worth noting that the embodiment not only can authorize and share different applications in the same mechanism, but also can authorize and share different applications in different mechanisms, so that the application range of the scheme is further widened, and the user experience is improved.

The present embodiment provides a preferred example based on the above-described embodiments. Since the logic for controlling the target application to perform authorization is the same as the logic for controlling the application to be authorized to perform authorization, this embodiment describes in detail the authorization of the target application to the open platform as an example. As shown in fig. 6, only the entire logic for the intermediate platform to obtain the generic credentials and control the authorization of the target application is shown. With reference to fig. 6, the whole authorization process is as follows:

for any user (such as a target user) which is registered on the open platform, if the target user has the requirement of using any application (such as a target application) developed by a target organization on the open platform, the target user can fill in a user name and a password on an authorization page provided by the target organization to the target application, and click to log in; further triggering the open platform to send an authorization code request comprising a target application identifier and a target user identifier to a target mechanism; and the target mechanism generates an authorization code of the target application to the target user, and transmits the authorization code to the intermediate platform through the uniform callback interface configured by the intermediate platform.

The intermediate platform acquires authorization parameters of the target application and sends a third authorization request comprising an authorization code and the authorization parameters of the target application to the target mechanism through the uniform authorization interface; and the target mechanism acquires the authorization code and the authorization parameter of the target application from the third authorization request, generates a general certificate for the target user according to the authorization code and the authorization parameter of the target application, and feeds back the general certificate.

The intermediate platform acquires a general certificate of a target mechanism for a target user, and sends an authorization code of the target application to the open platform through a unique callback interface configured for the target application by the open platform; after the open platform obtains the authorization code of the target application, the authorization parameter of the target application can be obtained, the authorization code, the authorization parameter and the like of the target application are packaged based on the data format of the request authorization service specified by the Oauth2.0 authorization protocol to obtain a first authorization request, and the first authorization request is sent to the intermediate platform through the uniform authorization interface.

After acquiring the first authorization request, the intermediate platform may extract an authorization code and an authorization parameter of the target application from the first authorization request; the authorization code and the authorization parameter of the obtained target application can be verified, and if the verification is successful, an access token of the target application for the target user to access the target application through the open platform is generated according to the general token, the target application identifier, the target application authorization code, the target user identifier and the like; and transmitting the generated access token to the open platform through the uniform authorization interface, so that the open platform can access the service corresponding to the target application in the target mechanism based on the access token of the target application, and the authorization operation of the target application is completed.

For example, after the intermediate platform completes the authorization of the target application, the intermediate platform may control the unauthorized application in the target mechanism to perform authorization according to the general certificate; further, the unauthorized application in the target mechanism is controlled to be authorized, wherein the unauthorized application is the same as the authorization processing procedure of the target application.

Specifically, the process of performing authorization processing on unauthorized applications in the control target mechanism is the same as the process of controlling authorization of target applications by the intermediate platform according to the general credentials, and is not described here again.

It should be noted that, in this embodiment, the intermediate platform is introduced as an intermediate bridge for the third-party organization to authorize the open platform to access its service, and the intermediate platform interacts with the third-party organization based on the oauth2.0 authorization protocol to obtain the general certificate; the intermediate platform interacts with the open platform based on the Oauth2.0 authorization protocol to enable the general certificate to take effect, namely, the authorization of a plurality of applications to the open platform is realized. The problem of each application of present third party's mechanism on open platform all need the user to do independent login authorization just can use, lead to user experience not good is solved, under the condition that satisfies independence between the different applications on open platform, has realized once logging in, the effect of a plurality of applications authorization in batches has promoted user experience.

Fig. 7 is a schematic structural diagram of an authorization processing device according to an embodiment of the present disclosure. The embodiment of the disclosure is suitable for the situation of how to perform authorization processing, and is particularly suitable for how to perform authorization processing on the basis that the open platform supports the Oauth2.0 authorization protocol, so that a user performs one-time login authorization, and partial or even all applications developed on the open platform by using a third-party organization can be used. The device can be implemented by software and/or hardware, and the device can implement the authorization processing method described in any embodiment of the disclosure. As shown in fig. 7, the authorization processing device includes:

a general certificate acquisition module 701, configured to acquire a general certificate of an access target mechanism; the general certificate is generated according to the authorization information of the target application;

an authorization processing module 702, configured to control at least two applications developed by a target entity on an open platform to authorize according to a general credential; the at least two applications include a target application.

According to the technical scheme provided by the embodiment of the disclosure, the intermediate platform interacts with the target mechanism, the general certificate for accessing the target mechanism can be obtained, and further, based on the general certificate, authorization of part or even all of applications developed on the open platform by the target mechanism can be realized. According to the scheme, the universal certificate is introduced, authorization of multiple applications to the open platform can be directly controlled, the user is not required to fill in user names and passwords for multiple times, the problem that the user experience is poor due to the fact that each application of a current third-party organization on the open platform can be used only by the user through independent login authorization is solved, one-time login is achieved under the condition that independence between different applications on the open platform is met, the effect of batch authorization of the multiple applications is achieved, and the user experience is improved.

Illustratively, the authorization processing module 702 includes:

the first authorization unit is used for controlling the target application to authorize according to the general certificate;

the selection unit is used for selecting the application to be authorized from other applications except the target application in the at least two applications according to the authorization configuration information of the target mechanism;

and the second authorization unit is used for controlling the application to be authorized to authorize according to the general certificate.

Illustratively, the first authorization unit is specifically configured to:

sending an authorization code of the target application to the open platform through a unique callback interface configured for the target application by the open platform;

acquiring a first authorization request which is sent by an open platform and comprises an authorization code and an authorization parameter of a target application through a uniform authorization interface;

and controlling the target application to authorize according to the authorization code and the authorization parameter of the target application and the general certificate.

Illustratively, the second authorization unit is specifically configured to:

taking the authorization code of the target application as the authorization code of the application to be authorized;

sending an authorization code of the application to be authorized to the open platform through a unique callback interface configured for the application to be authorized by the open platform;

acquiring a second authorization request which is sent by the open platform and comprises an authorization code and an authorization parameter of the application to be authorized through the uniform authorization interface;

and controlling the application to be authorized to perform authorization according to the authorization code and the authorization parameter of the application to be authorized and the general certificate.

Exemplarily, the second authorization unit is further specifically configured to:

determining the authorization time according to the effective time of the general certificate and the historical access record of the open platform;

and controlling the application to be authorized to perform authorization according to the authorization time and the general certificate.

Illustratively, the authorization information includes an authorization code and an authorization parameter, and the general credential obtaining module 701 is specifically configured to:

obtaining an authorization code of a target application sent by a target mechanism through a unified callback interface;

and sending a third authorization request comprising the authorization code and the authorization parameter of the target application to the target mechanism through the uniform authorization interface so as to instruct the target mechanism to generate a general certificate according to the authorization code and the authorization parameter of the target application and feed back the general certificate.

Exemplarily, the apparatus further includes:

the selection module is used for selecting similar applications from other mechanisms according to the authorization configuration information of the target mechanism and/or the authorization configuration information of other mechanisms;

the authorization processing module 702 is further configured to control the similar applications to perform authorization according to the general-purpose credentials.

In the technical scheme of the disclosure, the acquisition, storage, application and the like of the related data (such as the authorization code of the application, the application identifier, the authorization parameter of the application and the like), the related data (such as the historical access record) of the open platform, the third-party organization (such as the target organization and other organizations and the like), the related data (such as the user identifier and the like) of the user and the like all conform to the regulations of related laws and regulations, and do not violate the common rules and customs.

The present disclosure also provides an electronic device, a readable storage medium, and a computer program product according to embodiments of the present disclosure.

FIG. 8 shows a schematic block diagram of an example electronic device 500 that may be used to implement embodiments of the present disclosure. Electronic devices are intended to represent various forms of digital computers, such as laptops, desktops, workstations, personal digital assistants, servers, blade servers, mainframes, and other appropriate computers. The electronic device may also represent various forms of mobile devices, such as personal digital processing, cellular phones, smart phones, wearable devices, and other similar computing devices. The components shown herein, their connections and relationships, and their functions, are meant to be examples only, and are not meant to limit implementations of the disclosure described and/or claimed herein.

As shown in fig. 8, the electronic device 800 includes a computing unit 801 that can perform various appropriate actions and processes according to a computer program stored in a Read Only Memory (ROM)802 or a computer program loaded from a storage unit 808 into a Random Access Memory (RAM) 803. In the RAM 803, various programs and data required for the operation of the electronic apparatus 800 can also be stored. The calculation unit 801, the ROM 802, and the RAM 803 are connected to each other by a bus 804. An input/output (I/O) interface 805 is also connected to bus 804.

A number of components in the electronic device 800 are connected to the I/O interface 805, including: an input unit 806, such as a keyboard, a mouse, or the like; an output unit 807 such as various types of displays, speakers, and the like; a storage unit 808, such as a magnetic disk, optical disk, or the like; and a communication unit 809 such as a network card, modem, wireless communication transceiver, etc. The communication unit 809 allows the electronic device 800 to exchange information/data with other devices through a computer network such as the internet and/or various telecommunication networks.

Computing unit 801 may be a variety of general and/or special purpose processing components with processing and computing capabilities. Some examples of the computing unit 801 include, but are not limited to, a Central Processing Unit (CPU), a Graphics Processing Unit (GPU), various dedicated Artificial Intelligence (AI) computing chips, various computing units running machine learning model algorithms, a Digital Signal Processor (DSP), and any suitable processor, controller, microcontroller, and the like. The calculation unit 801 executes the respective methods and processes described above, such as the authorization processing method. For example, in some embodiments, the authorization processing method may be implemented as a computer software program tangibly embodied in a machine-readable medium, such as storage unit 808. In some embodiments, part or all of the computer program can be loaded and/or installed onto the electronic device 800 via the ROM 802 and/or the communication unit 809. When loaded into RAM 803 and executed by the computing unit 801, a computer program may perform one or more steps of the authorization processing method described above. Alternatively, in other embodiments, the computing unit 801 may be configured to perform the authorization processing method in any other suitable manner (e.g., by means of firmware).

Various implementations of the systems and techniques described here above may be implemented in digital electronic circuitry, integrated circuitry, Field Programmable Gate Arrays (FPGAs), Application Specific Integrated Circuits (ASICs), Application Specific Standard Products (ASSPs), system on a chip (SOCs), load programmable logic devices (CPLDs), computer hardware, firmware, software, and/or combinations thereof. These various embodiments may include: implemented in one or more computer programs that are executable and/or interpretable on a programmable system including at least one programmable processor, which may be special or general purpose, receiving data and instructions from, and transmitting data and instructions to, a storage system, at least one input device, and at least one output device.

Program code for implementing the methods of the present disclosure may be written in any combination of one or more programming languages. These program codes may be provided to a processor or controller of a general purpose computer, special purpose computer, or other programmable data processing apparatus, such that the program codes, when executed by the processor or controller, cause the functions/operations specified in the flowchart and/or block diagram to be performed. The program code may execute entirely on the machine, partly on the machine, as a stand-alone software package partly on the machine and partly on a remote machine or entirely on the remote machine or server.

In the context of this disclosure, a machine-readable medium may be a tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. The machine-readable medium may be a machine-readable signal medium or a machine-readable storage medium. A machine-readable medium may include, but is not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any suitable combination of the foregoing. More specific examples of a machine-readable storage medium would include an electrical connection based on one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.

To provide for interaction with a user, the systems and techniques described here can be implemented on a computer having: a display device (e.g., a CRT (cathode ray tube) or LCD (liquid crystal display) monitor) for displaying information to a user; and a keyboard and a pointing device (e.g., a mouse or a trackball) by which a user can provide input to the computer. Other kinds of devices may also be used to provide for interaction with a user; for example, feedback provided to the user can be any form of sensory feedback (e.g., visual feedback, auditory feedback, or tactile feedback); and input from the user may be received in any form, including acoustic, speech, or tactile input.

The systems and techniques described here can be implemented in a computing system that includes a back-end component (e.g., as a data server), or that includes a middleware component (e.g., an application server), or that includes a front-end component (e.g., a user computer having a graphical user interface or a web browser through which a user can interact with an implementation of the systems and techniques described here), or any combination of such back-end, middleware, or front-end components. The components of the system can be interconnected by any form or medium of digital data communication (e.g., a communication network). Examples of communication networks include: local Area Networks (LANs), Wide Area Networks (WANs), and the Internet.

The computer system may include clients and servers. A client and server are generally remote from each other and typically interact through a communication network. The relationship of client and server arises by virtue of computer programs running on the respective computers and having a client-server relationship to each other. The server may be a cloud server, a server of a distributed system, or a server with a combined blockchain.

It should be understood that various forms of the flows shown above may be used, with steps reordered, added, or deleted. For example, the steps described in the present disclosure may be executed in parallel, sequentially, or in different orders, as long as the desired results of the technical solutions disclosed in the present disclosure can be achieved, and the present disclosure is not limited herein.

The above detailed description should not be construed as limiting the scope of the disclosure. It should be understood by those skilled in the art that various modifications, combinations, sub-combinations and substitutions may be made in accordance with design requirements and other factors. Any modification, equivalent replacement, and improvement made within the spirit and principle of the present disclosure should be included in the scope of protection of the present disclosure.