Third-party authorization of access tokens

Third-party authorization of access tokens

A method for third-party authorization is presented. A client request is received by a resource server in a computer system from a client, wherein the client request includes an access token. An introspection request for the access token based on the client request. The introspection gateway uses a...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: Faibish, Tamir, Nissim, Nitzan, Berezin, Chaya, Luker, Lior
Format: Patent
Sprache:eng
Schlagworte:
ELECTRIC COMMUNICATION TECHNIQUE
ELECTRICITY
TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHICCOMMUNICATION
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:A method for third-party authorization is presented. A client request is received by a resource server in a computer system from a client, wherein the client request includes an access token. An introspection request for the access token based on the client request. The introspection gateway uses a third-party authorization server from a plurality of third-party authorization servers to handle the introspection request. A resource server response is received from the introspection gateway, wherein the resource server response identifies a set of scopes for the access token. A determination is made as to whether the access token has sufficient scope from the resource server response. In response to the access token having the sufficient scope, the client is granted access to the resource server.