Authentication and quitting method and platform based on oauth2.0
阅读说明:本技术 一种基于oauth2.0的认证和退出方法及平台 (Authentication and quitting method and platform based on oauth2.0 ) 是由 袁玉 于 2021-06-29 设计创作,主要内容包括:本发明提供了一种基于oauth2.0的认证和退出方法及平台,属于网络安全技术领域。本发明提供了一种基于oauth2.0的认证和退出方法及平台,通过统一认证的方式,统一用户入口,资源提供方可在认证平台中实现对用户和第三方平台进行管理和维护;用户登录到第三方平台后,用户请求数据不需通过认证平台,保证第三方平台数据隐私,从本发明中用户在退出时,自动退出所有已登录的第三方平台,实现用户的统一退出。(The invention provides an authentication and exit method and a platform based on oauth2.0, and belongs to the technical field of network security. The invention provides an authentication and quit method and a platform based on oauth2.0, which unify user entries in a unified authentication mode, and a resource provider can manage and maintain a user and a third-party platform in the authentication platform; after the user logs in the third-party platform, the user requests data without passing through the authentication platform, the data privacy of the third-party platform is ensured, and when the user logs out, the user automatically logs out of all the logged-in third-party platforms, so that the user can uniformly log out.)
1. An authentication method based on oauth2.0 is characterized by comprising the following steps:
a pre-step, establishing key communication connection preparation between an authentication platform and a third-party platform, wherein the third-party platform provides an access path and opens an interface related to OAuth2.0 authorization;
the authentication step, through the interaction of the authentication platform and the third party platform, authenticates the access to the third party platform initiated by the user, comprising the following steps:
a user initiates an access request to a third-party platform through an authentication platform;
the third-party platform redirects the user access request to the authentication platform for user authorization;
after the third-party platform receives the authorization confirmation, the third-party platform initiates a pass token request to the authentication platform;
after the third-party platform receives the pass token, the third-party platform carries the pass token to initiate an authentication request to the authentication platform;
the authentication platform verifies the pass token, and sends the user information to the third-party platform after the pass token is verified;
and the third-party platform receives the user information and completes authentication.
2. The oauth 2.0-based authentication method according to claim 1, wherein the authentication step specifically comprises the steps of:
a user logs in an authentication platform and initiates an access request to a third-party platform through the authentication platform;
the third-party platform redirects the user access request to the authentication platform;
the user is authorized through the authentication platform;
the authentication platform generates an authorization code and redirects the authorization code and the user request to a third-party platform;
after receiving the authorization code, the third-party platform carries the authorization code to send a pass token request to the authentication platform;
after the authentication platform passes the verification authorization code, generating a pass token, and sending the pass token to a third-party platform;
after obtaining the pass token, the third party platform carries the pass token to initiate an authentication request to the authentication platform;
the authentication platform verifies a pass token sent by the third-party platform;
after the verification is passed, recording the relationship data of the user and the third-party platform;
sending the user information to a third-party platform;
and the third-party platform acquires the user information and returns the user login credentials to the user.
3. The oauth 2.0-based authentication method as claimed in claim 2, wherein after the user logs in the authentication platform, the user selects a third party platform access path through a page and initiates an access request to the third party platform.
4. The oauth 2.0-based authentication method according to claim 2, wherein after the third party platform redirects the user access request to the authentication platform, the authentication platform further determines the user login status before the user is authorized by the authentication platform: when the user does not log in, turning to a login authorization page; when the user is logged in, go to the authorization page.
5. An oauth2.0 based authentication method according to claim 2, wherein the relationship data comprises a user unique identification number and a logged-in third party platform identification number; the user information comprises a user unique identification number, a user nickname and a user head portrait acquisition path.
6. The oauth 2.0-based authentication method of claim 1, wherein the pre-step further comprises:
registering a third-party platform and providing a communication key for the third-party platform;
and setting a third-party platform to perform encryption communication by using the acquired key.
7. An exit method based on oauth2.0 is characterized by comprising an authentication platform exit method and a third-party platform exit method;
the authentication platform exit method comprises the following steps:
a user initiates an exit request on an authentication platform;
the authentication platform returns an exit response to the user;
the authentication platform generates an asynchronous quit task;
adding an exit task to an exit task queue corresponding to the third party platform;
when the quitting tasks reach the limit quantity or no new quitting tasks are added in the preset time period, initiating a user batch quitting request to the corresponding third-party platform;
after receiving the quit request, the third party platform logs out the user login credentials;
the third-party platform exit method comprises the following steps:
a user initiates an exit request on a third-party platform;
and after receiving the quit request, the third-party platform sends a quit response to the user and logs out the user login certificate.
8. The oauth 2.0-based logout method according to claim 7, wherein the asynchronous logout task is generated according to relationship data of the user and the third party platform.
9. An oauth 2.0-based authentication and logout platform, wherein the authentication method of claim 1 is used for authentication.
10. An oauth2.0 based authentication and logout platform, wherein logout is performed by the logout method of claim 7.
Technical Field
The invention relates to the technical field of network security, in particular to an authentication and quitting method and a platform based on oauth 2.0.
Background
With the popularization of mobile network devices, the number of network users is greatly increased, and various websites and mobile applications are also in the endlessly. During access, the identity authentication of the user is required, but the user name and the password are required for the prior authorization. The oauth (open authorization) protocol therefore arises. The OAuth2.0 protocol enables a third-party platform to request resources authorized by a user from a resource provider without acquiring a user account and a password. The OAuth2.0 protocol reduces the memory cost of the account number and the password of a platform such as a website or a system used by a user, and realizes that a set of account number and password can be used at multiple places.
At present, OAuth is widely used in the aspects of web application and mobile equipment application, and the OAuth2.0 protocol is commonly used in domestic third party login; and acquiring the login state and part of user information from the resource provider through the OAuth protocol.
At present, the OAuth protocol is mostly applied to a resource provider to provide authorization data for a third-party platform, and the resource provider does not manage and maintain the relationship between a user and the third-party platform. For some resource providers that wish to manage user relationships with third party platforms, a more flexible solution is needed.
Chinese patent application document CN102394887B discloses an open platform security authentication method based on OAuth protocol, which includes: the open platform checks whether an access Request for applying for an unauthorized Request Token sent by a third-party application device carries application instance identification information consistent with that stored on the open platform or not, if not, a new application instance identification is distributed for the third-party application device, and the application instance identification, the generated unauthorized Request Token and a corresponding Token key are returned to the third-party application device; and step two, the third-party application device updates the application instance identifier returned by the open platform to the local, and continues to carry the application instance identifier to carry out subsequent OAuth authentication requests, the open platform guides the user to authorize the resource through the application instance identifier sent by the third-party application device, and then sends the Access Token and the corresponding key to the third-party application device after the third-party application device is authenticated according to the application instance identifier and the third-party application identifier. When a user sends a resource Request for accessing the open platform to a third-party application device, the third-party application device checks whether an application instance identifier is locally allocated, and if so, the third-party application device carries the application instance identifier to initiate an access Request for applying for an unauthorized Request Token to a Request Token URL address of the open platform; if not, directly initiating an access Request for applying for an unauthorized Request Token to the Request Token URL address of the open platform; and after the authentication is successful, the third-party application device carries the application example identifier, the third-party application identifier and the Access Token parameter information, the resources authorized by the user are accessed through the service API of the open platform, the open platform records the third-party application and the service request of the final user according to the application example identifier and the third-party application identifier, and the recorded information can be used for charging. According to the scheme, a resource provider (an open platform) is provided to limit and manage the third-party platform request through an instance identifier, but the resource provider is also a mode that the resource provider provides service for the third-party platform, the resource provider still cannot manage users, the users are scattered on each third-party platform, and the resource provider only provides a service interface for the third-party platform to use.
The prior art has at least the following disadvantages:
1. the resource provider does not manage and maintain the relationship between the user and the third-party platform, and cannot manage the relationship between the user and the third-party platform.
2. The resource provider provides only a partial service to the third party platform.
3. Service interface data all pass through the third party platform, can't guarantee data privacy.
Disclosure of Invention
In order to solve the technical problems in the prior art, the invention provides an authentication and quitting method and a platform based on oauth2.0, a user entrance is unified through a unified authentication mode, and a resource provider can realize the management and maintenance of a user and a third-party platform in the authentication platform; after the user logs in the third-party platform, the user requests data without passing through the authentication platform, the data privacy of the third-party platform is ensured, and when the user logs out, the user automatically logs out of all the logged-in third-party platforms, so that the user can uniformly log out.
The invention provides an authentication method based on oauth2.0, which comprises the following steps:
a pre-step, establishing key communication connection preparation between an authentication platform and a third-party platform, wherein the third-party platform provides an access path and opens an interface related to OAuth2.0 authorization;
the authentication step, through the interaction of the authentication platform and the third party platform, authenticates the access to the third party platform initiated by the user, comprising the following steps:
a user initiates an access request to a third-party platform through an authentication platform;
the third-party platform redirects the user access request to the authentication platform for user authorization;
after the third-party platform receives the authorization confirmation, the third-party platform initiates a pass token request to the authentication platform;
after the third-party platform receives the pass token, the third-party platform carries the pass token to initiate an authentication request to the authentication platform;
the authentication platform verifies the pass token, and sends the user information to the third-party platform after the pass token is verified;
and the third-party platform receives the user information and completes authentication.
Preferably, the step of authenticating specifically comprises the steps of:
a user logs in an authentication platform and initiates an access request to a third-party platform through the authentication platform;
the third-party platform redirects the user access request to the authentication platform;
the user is authorized through the authentication platform;
the authentication platform generates an authorization code and redirects the authorization code and the user request to a third-party platform;
after receiving the authorization code, the third-party platform carries the authorization code to send a pass token request to the authentication platform;
after the authentication platform passes the verification authorization code, generating a pass token, and sending the pass token to a third-party platform;
after obtaining the pass token, the third party platform carries the pass token to initiate an authentication request to the authentication platform;
the authentication platform verifies a pass token sent by the third-party platform;
after the verification is passed, recording the relationship data of the user and the third-party platform;
sending the user information to a third-party platform;
and the third-party platform acquires the user information and returns the user login credentials to the user.
Preferably, after the user logs in the authentication platform, the user selects an access path of the third-party platform through the page, and initiates an access request to the third-party platform.
Preferably, after the third party platform redirects the user access request to the authentication platform, before the user is authorized by the authentication platform, the authentication platform further determines the user login state: when the user does not log in, turning to a login authorization page; when the user is logged in, go to the authorization page.
Preferably, the relationship data comprises a user unique identification number and a logged-in third party platform identification number; the user information comprises a user unique identification number, a user nickname and a user head portrait acquisition path.
Preferably, the pre-step further comprises:
registering a third-party platform and providing a communication key for the third-party platform;
and setting a third-party platform to perform encryption communication by using the acquired key.
The invention provides an exit method based on oauth2.0, which comprises an authentication platform exit method and a third-party platform exit method;
the authentication platform exit method comprises the following steps:
a user initiates an exit request on an authentication platform;
the authentication platform returns an exit response to the user;
the authentication platform generates an asynchronous quit task;
adding an exit task to an exit task queue corresponding to the third party platform;
when the quitting tasks reach the limit quantity or no new quitting tasks are added in the preset time period, initiating a user batch quitting request to the corresponding third-party platform;
after receiving the quit request, the third party platform logs out the user login credentials;
the third-party platform exit method comprises the following steps:
a user initiates an exit request on a third-party platform;
and after receiving the quit request, the third-party platform sends a quit response to the user and logs out the user login certificate.
Preferably, the asynchronous quit task is generated according to the relationship data of the user and the third-party platform.
The invention provides an authentication and exit platform based on oauth2.0, and the authentication method is adopted for authentication.
The invention provides an authentication and quit platform based on oauth2.0, which adopts the quit method to quit.
Compared with the prior art, the invention has the following beneficial effects:
1. according to the invention, the user login entries are unified, and the resource provider can realize the relationship management and maintenance between the user and the third-party platform through the authentication platform;
2. in the invention, the account number and the password are verified on the authentication platform, and the account number and the password of the third-party platform do not need to be filled in during the access of the third-party platform;
3. after the authentication platform and the third-party platform are successfully authenticated, the third-party platform directly provides a login certificate for a user, and the user directly performs data interaction with the third-party platform;
4. according to the invention, the asynchronous users log out in batch, so that the log-out response speed is improved, and the pressure of the server is reduced.
Drawings
FIG. 1 is an authentication timing diagram of one embodiment of the invention;
FIG. 2 is a unified exit timing diagram for an authentication platform according to one embodiment of the invention;
FIG. 3 is a third party platform exit timing diagram of one embodiment of the invention;
FIG. 4 is a diagram of a prior art oauth2.0 authentication;
FIG. 5 is a schematic illustration of authentication according to an embodiment of the invention;
FIG. 6 is a flowchart of an authentication platform authentication method according to an embodiment of the invention;
FIG. 7 is a flowchart of an authentication platform authentication method according to yet another embodiment of the invention;
FIG. 8 is a flowchart of a unified exit method for an authentication platform according to an embodiment of the invention;
fig. 9 is a flowchart of a unified exit method of an authentication platform according to another embodiment of the present invention.
Detailed Description
The following detailed description of embodiments of the invention refers to the accompanying drawings.
The invention provides an authentication method based on oauth2.0, which comprises the following steps:
a pre-step, establishing key communication connection preparation between an authentication platform and a third-party platform, wherein the third-party platform provides an access path and opens an interface related to OAuth2.0 authorization; the third party platform can log in the authentication platform to modify the provided access path and callback path, but the modified access path and callback path can be validated only after being reviewed by the authentication center.
The authentication step, through the interaction of the authentication platform and the third party platform, authenticates the access to the third party platform initiated by the user, comprising the following steps:
a user initiates an access request to a third-party platform through an authentication platform;
the third-party platform redirects the user access request to the authentication platform for user authorization;
after the third-party platform receives the authorization confirmation, the third-party platform initiates a pass token request to the authentication platform;
after the third-party platform receives the pass token, the third-party platform carries the pass token to initiate an authentication request to the authentication platform;
the authentication platform verifies the pass token, and sends the user information to the third-party platform after the pass token is verified;
and the third-party platform receives the user information and completes authentication.
As a preferred embodiment, the step of authenticating specifically comprises the steps of:
a user logs in an authentication platform and initiates an access request to a third-party platform through the authentication platform;
the third-party platform redirects the user access request to the authentication platform;
the user is authorized through the authentication platform;
the authentication platform generates an authorization code and redirects the authorization code and the user request to a third-party platform;
after receiving the authorization code, the third-party platform carries the authorization code to send a pass token request to the authentication platform;
after the authentication platform passes the verification authorization code, generating a pass token, and sending the pass token to a third-party platform;
after obtaining the pass token, the third party platform carries the pass token to initiate an authentication request to the authentication platform;
the authentication platform verifies a pass token sent by the third-party platform;
after the verification is passed, recording the relationship data of the user and the third-party platform;
sending the user information to a third-party platform;
and the third-party platform acquires the user information and returns the user login credentials to the user.
The authentication process is carried out on an authentication platform, the third-party platform acquires an authentication result and user data, the third-party platform needs to record a user unique identification number (the rest user data indicates whether the specific service of the third-party platform needs to be recorded), and if the third-party platform logs in for the first time, the third-party platform needs to establish the user, and if the third-party platform logs in for the non-first time, the third-party platform needs to check the user unique identification number.
As a preferred embodiment, after a user logs in the authentication platform, the user selects a third-party platform access path through a page and initiates an access request to the third-party platform.
As a preferred embodiment, after the third-party platform redirects the user access request to the authentication platform, before the user is authorized by the authentication platform, the authentication platform further determines the user login state: when the user does not log in, turning to a login authorization page; when the user is logged in, go to the authorization page.
As a preferred embodiment, the relationship data includes a user unique identification number and a logged-in third party platform identification number; the user information comprises a user unique identification number, a user nickname and a user head portrait acquisition path. The relation data comprises a unique identification number of the user and an identification number of the logged third-party platform, when the user logs out in the authentication center, the authentication center can acquire the logging-out interface information of the logged third-party platform of the user, and initiates a logging-out request through the asynchronous task queue.
As a preferred embodiment, the third party platform also provides a callback path;
as a preferred embodiment, after the authentication platform generates the authorization code, the authorization code and the user request are redirected to a callback path of the third-party platform;
as a preferred embodiment, the pre-step further comprises:
registering a third-party platform and providing a communication key for the third-party platform;
and setting a third-party platform to perform encryption communication by using the acquired key.
The invention provides an exit method based on oauth2.0, which comprises an authentication platform exit method and a third-party platform exit method;
the authentication platform exit method comprises the following steps:
a user initiates an exit request on an authentication platform;
the authentication platform returns an exit response to the user;
the authentication platform generates an asynchronous quit task;
adding an exit task to an exit task queue corresponding to the third party platform;
when the quitting tasks reach the limit quantity or no new quitting tasks are added in the preset time period, initiating a user batch quitting request to the corresponding third-party platform;
after receiving the quit request, the third party platform logs out the user login credentials;
the user confirms to quit the third-party platform;
the third-party platform exit method comprises the following steps:
a user initiates an exit request on a third-party platform;
after receiving the quit request, the third party platform sends a quit response to the user and logs out the user login credentials;
the user confirms to exit the third party platform.
If the third-party platform provides the log-out function, only logging out the current third-party platform; and if the third-party platform does not provide the log-out function, performing log-out by the authentication platform.
As a preferred implementation mode, the asynchronous quitting task is generated according to the relation data of the user and the third-party platform.
The invention provides an authentication and exit platform based on oauth2.0, and the authentication method is adopted for authentication.
The invention provides an authentication and quit platform based on oauth2.0, which adopts the quit method to quit.
Example 1
The oauth 2.0-based authentication method provided by the present invention will be described in detail with reference to the accompanying drawings, according to an embodiment of the present invention.
The invention provides an authentication method based on oauth2.0, which comprises the following steps:
a pre-step, establishing key communication connection preparation between an authentication platform and a third-party platform, wherein the third-party platform provides an access path and opens an interface related to OAuth2.0 authorization;
the authentication step, through the interaction of the authentication platform and the third party platform, authenticates the access to the third party platform initiated by the user, comprising the following steps:
a user initiates an access request to a third-party platform through an authentication platform;
the third-party platform redirects the user access request to the authentication platform for user authorization;
after the third-party platform receives the authorization confirmation, the third-party platform initiates a pass token request to the authentication platform;
after the third-party platform receives the pass token, the third-party platform carries the pass token to initiate an authentication request to the authentication platform;
the authentication platform verifies the pass token, and sends the user information to the third-party platform after the pass token is verified;
and the third-party platform receives the user information and completes authentication.
Example 2
The oauth 2.0-based authentication method provided by the present invention will be described in detail with reference to the accompanying drawings, according to an embodiment of the present invention.
The invention provides an authentication method based on oauth2.0, which comprises the following steps:
a pre-step, establishing key communication connection preparation between an authentication platform and a third-party platform, wherein the third-party platform provides an access path and opens an interface related to OAuth2.0 authorization;
the authentication step, through the interaction of the authentication platform and the third party platform, authenticates the access to the third party platform initiated by the user, comprising the following steps:
a user logs in an authentication platform and initiates an access request to a third-party platform through the authentication platform;
the third-party platform redirects the user access request to the authentication platform;
the user is authorized through the authentication platform;
the authentication platform generates an authorization code and redirects the authorization code and the user request to a third-party platform;
after receiving the authorization code, the third-party platform carries the authorization code to send a pass token request to the authentication platform;
after the authentication platform passes the verification authorization code, generating a pass token, and sending the pass token to a third-party platform;
after obtaining the pass token, the third party platform carries the pass token to initiate an authentication request to the authentication platform;
the authentication platform verifies a pass token sent by the third-party platform;
after the verification is passed, recording the relationship data of the user and the third-party platform;
sending the user information to a third-party platform;
and the third-party platform acquires the user information and returns the user login credentials to the user.
Example 3
The oauth 2.0-based authentication method provided by the present invention will be described in detail with reference to the accompanying drawings, according to an embodiment of the present invention.
The invention provides an authentication method based on oauth2.0, which comprises the following steps:
a pre-step, establishing key communication connection preparation between an authentication platform and a third-party platform, wherein the third-party platform provides an access path and a callback path and opens an interface related to OAuth2.0 authorization;
registering a third-party platform and providing a communication key for the third-party platform;
setting a third party platform to carry out encryption communication by using the acquired secret key;
the authentication step, through the interaction of the authentication platform and the third party platform, authenticates the access to the third party platform initiated by the user, comprising the following steps:
the third-party platform redirects the user access request to the authentication platform;
before the user is authorized through the authentication platform, the authentication platform also judges the login state of the user: when the user does not log in, turning to a login authorization page; when the user logs in, turning to an authorization page;
the user is authorized through the authentication platform;
the authentication platform generates an authorization code and redirects the authorization code and the user request to a callback path of a third-party platform;
after receiving the authorization code, the third-party platform carries the authorization code to send a pass token request to the authentication platform;
after the authentication platform passes the verification authorization code, generating a pass token, and sending the pass token to a third-party platform;
after obtaining the pass token, the third party platform carries the pass token to initiate an authentication request to the authentication platform;
the authentication platform verifies a pass token sent by the third-party platform;
after the verification is passed, recording the relationship data of the user and the third-party platform; the relationship data comprises a user unique identification number and a logged third party platform identification number;
sending the user information to a third-party platform; the user information comprises a user unique identification number, a user nickname and a user head portrait acquisition path;
and the third-party platform acquires the user information and returns the user login credentials to the user.
Example 4
The oauth 2.0-based exit method provided by the present invention is described in detail with reference to the accompanying drawings, according to an embodiment of the present invention.
The invention provides an exit method based on oauth2.0, which comprises an authentication platform exit method and a third-party platform exit method;
the authentication platform exit method comprises the following steps:
a user initiates an exit request on an authentication platform;
the authentication platform returns an exit response to the user;
the authentication platform generates an asynchronous quit task;
adding an exit task to an exit task queue corresponding to the third party platform;
when the quitting tasks reach the limit quantity or no new quitting tasks are added in the preset time period, initiating a user batch quitting request to the corresponding third-party platform;
after receiving the quit request, the third party platform logs out the user login credentials;
the third-party platform exit method comprises the following steps:
a user initiates an exit request on a third-party platform;
and after receiving the quit request, the third-party platform sends a quit response to the user and logs out the user login certificate.
Example 5
The oauth 2.0-based exit method provided by the present invention is described in detail with reference to the accompanying drawings, according to an embodiment of the present invention.
The invention provides an exit method based on oauth2.0, which comprises an authentication platform exit method and a third-party platform exit method;
the authentication platform exit method comprises the following steps:
a user initiates an exit request on an authentication platform;
the authentication platform returns an exit response to the user and logs out the user login credentials;
the authentication platform generates an asynchronous quit task according to the state data of the user and the third-party platform;
adding an exit task to an exit task queue corresponding to the third party platform;
when the quitting tasks reach the limit quantity or no new quitting tasks are added in the preset time period, initiating a user batch quitting request to the corresponding third-party platform;
after receiving the quit request, the third party platform logs out the user login credentials;
the user confirms to quit the third-party platform;
the third-party platform exit method comprises the following steps:
a user initiates an exit request on a third-party platform;
after receiving the quit request, the third party platform sends a quit response to the user and logs out the user login credentials;
the user confirms to exit the third party platform.
The above description is only a preferred embodiment of the present invention and is not intended to limit the present invention, and various modifications and changes may be made by those skilled in the art. Any modification, equivalent replacement, or improvement made within the spirit and principle of the present invention shall fall within the protection scope of the present invention.