System and method for common on-behalf authorization protocol infrastructure

摘要

A centralized authorization client, in a secure system, that references service provider specific on-behalf authorization protocol implementation records for generating access request messages for accessing user resources hosted by multiple service providers, is disclosed. The service provider-specific authorization implementation records include parameters for requesting user resources associated with a requesting user provided by a specific service provider. Applications running in the secure system can send access request messages through the authorization client to obtain authorization or access to user resources in multiple external service providers so the resources can be displayed, or otherwise manipulated, from application within the secure system. Once authorization is obtained for accessing the resources, the authorization client can store authorization tokens for use in persistent authorized access to multiple external service providers for resources owned by particular users.

主权项

1. A method comprising:
providing, in a computer system, an authorization client comprising a plurality of authorization implementation records, wherein each of the plurality of authorization implementation records corresponds to a particular implementation of an authorization protocol associated with at least one of a plurality of external service providers; receiving, in the computer system, a data request message, from one or more applications coupled to the authorization client, for data associated with a user and a first external service provider in the plurality of external services providers, wherein the data associated with the user and the first external service provider is hosted on a remote computer system operated by the first external service provider; retrieving, in the computer system, an authorization token associated with the first external service provider and the user from a secure data store using the authorization client; referencing, in the computer system, a first authorization implementation record in the plurality of authorization implementation records associated with the first external service provider to create a formatted data request based on the data request message, wherein the formatted data request comprises the authorization token; and sending, in the computer system, the formatted data request to the external service provider through the authorization client.