Federated identity mapping using delegated authorization

摘要

A method for identity mapping across web services uses a delegated authorization protocol, such as OAuth. In response to a request from a first user at a first web service, a connection to a second web service is established using the protocol. The second web service responds by sending information associated with a second user of the first web service who previously logged into the second web service from the first web service using the protocol. The second user may be a “contact” of the first user. The information received from the second web service is a access token that was obtained by the second user during that prior login. The access token is provided in lieu of data associated with the second user's account at the second web service. Thereafter, the first web service uses the access token it received to map to an identity of the second user.

主权项

1. A method for identity mapping across web services that each uses a delegated authorization protocol, comprising:
from a first web service, and in response to a request from a first user, connecting to a second web service using the delegated authorization protocol; receiving from the second web service information about a second user of the first web service that previously logged into the second web service from the first web service using the delegated authorization protocol, the information received from the second web service being a delegated authorization access token obtained by the second user during that prior login in lieu of data associated with the second user's account at the second web service; and mapping the delegated authorization access token to an identity of the second user in the first web service.