Resource access authorization

摘要

Techniques for resource access authorization are described. In one or more implementations, an application identifier is used to control access to user resources by an application. A determination is made whether to allow the application to access the user resources by comparing an application identifier received from an authorization service with a system application identifier for the application obtained from a computing device on which the application is executing.

主权项

1. A system comprising:
one or more processors; and one or more computer-readable storage media storing computer-executable instructions that are executable by the one or more processors to perform operations including:
receiving a request from an application for access to a user resource, the request being appended with a uniform resource identifier (URI) that includes a custom URI scheme that identifies a persisted authentication mode and that includes an application identifier for the application;forwarding an authorization request to an authorization entity responsive to receiving the request, the authorization request including the application identifier for the application;receiving a response from the authorization entity indicating that the application is permitted to access the user resource, the response including the application identifier for the application;checking whether a user has selected a persisted authentication mode for the application;caching an authentication state for the application in an event that an indication is received that the persisted authentication mode has been selected; andproviding a token to the application that enables access to the user resource if the application identifier matches a system application identifier obtained from a storage portion of a computing device on which the application is executing, the storage portion of the computing device being inaccessible to the application.