Summary of the invention
In view of this, the embodiment of the present invention provides a kind of platform authorization method, platform service end and applications client and system, obtains the mechanism of platform service end mandate to improve applications client.
First aspect, the embodiment of the present invention provides a kind of platform authorization method of platform service end, comprising:
Platform service termination is received the terminal iidentification that applications client is verified message by first of the first path transmission and obtained described applications client place terminal, and described the first checking message comprises random string;
Described platform service end carries out record to the mapping relations between received random string and described terminal iidentification;
Described platform service termination is received the second checking message that described applications client sends by the second path, described the second checking message comprises described random string, the signature value that described applications client is signed and generated authentication information by default signature algorithm, and authentication information described in registration process is in identify label corresponding to described platform service end;
Described platform service end reads according to received described identify label the authentication information of submitting in registration process from database, and by default signature algorithm, extracted authentication information is signed and generated signature value;
If the signature value that described platform service end checking generates is consistent with received signature value, according to described random string, from recorded described mapping relations, extract corresponding terminal iidentification, and obtain corresponding user account information according to described terminal iidentification;
Described platform service end generates granted access token according to described user account information and described authentication information, sends to described applications client.
Second aspect, the embodiment of the present invention also provides a kind of platform authorization method of applications client, comprising:
Applications client sends the first checking message by first via radial platform service end, described the first checking message comprises random string, for described platform service end, the mapping relations between described random string and the terminal iidentification of described applications client place terminal is carried out to record;
Applications client is signed and is generated signature value authentication information by default signature algorithm;
Applications client sends the second checking message by the second path to described platform service end, described the second checking message comprises described random string, described signature value, and authentication information described in registration process is in identify label corresponding to described platform service end, for described platform service end, according to described identify label, from database, read the authentication information of submitting in registration process, and by default signature algorithm, extracted authentication information is signed and generated signature value, if the signature value that described platform service end checking generates is consistent with received signature value, according to described random string, from recorded described mapping relations, extract corresponding terminal iidentification, and obtain corresponding user account information according to described terminal iidentification, and generate granted access token according to described user account information and described authentication information,
Applications client receives the granted access token that described platform service end sends.
The third aspect, the embodiment of the present invention also provides a kind of platform service end, comprising:
The first checking message sink unit, the terminal iidentification of verifying message by first of the first path transmission and obtaining described applications client place terminal for receiving applications client, described the first checking message comprises random string;
Mapping relations record cell, carries out record for the mapping relations between the random string to received and described terminal iidentification;
The second checking message sink unit, the the second checking message sending by the second path for receiving described applications client, described the second checking message comprises described random string, the signature value that described applications client is signed and generated authentication information by default signature algorithm, and authentication information described in registration process is in identify label corresponding to described platform service end;
Information extraction and signature unit, for reading from database the authentication information of submitting to registration process according to received described identify label, and signed and generate signature value extracted authentication information by default signature algorithm;
Account information acquiring unit, if the signature value generating for checking is consistent with received signature value, according to described random string, from recorded described mapping relations, extract corresponding terminal iidentification, and obtain corresponding user account information according to described terminal iidentification;
Granted unit, for generating granted access token according to described user account information and described authentication information, sends to described applications client.
Fourth aspect, the embodiment of the present invention also provides a kind of applications client, comprising:
The first checking message sending unit, for send the first checking message by first via radial platform service end, described the first checking message comprises random string, for described platform service end, the mapping relations between described random string and the terminal iidentification of described applications client place terminal is carried out to record;
Signature unit, for being signed and generate signature value authentication information by default signature algorithm;
The second checking message sending unit, for sending the second checking message by the second path to described platform service end, described the second checking message comprises described random string, described signature value, and authentication information described in registration process is in identify label corresponding to described platform service end, for described platform service end, according to described identify label, from database, read the authentication information of submitting in registration process, and by default signature algorithm, extracted authentication information is signed and generated signature value, if the signature value that described platform service end checking generates is consistent with received signature value, according to described random string, from recorded described mapping relations, extract corresponding terminal iidentification, and obtain corresponding user account information according to described terminal iidentification, and generate granted access token according to described user account information and described authentication information,
Granted access token receiving element, the granted access token sending for receiving described platform service end.
The 5th side's application surface, the embodiment of the present invention also provides a kind of platform authorization method, comprising:
Applications client sends the first checking message by first via radial platform service end, and described the first checking message comprises random string;
Platform service termination is received the terminal iidentification that applications client is verified message by first of the first path transmission and obtained described applications client place terminal;
Described platform service end carries out record to the mapping relations between received random string and described terminal iidentification;
Applications client is signed and is generated signature value authentication information by default signature algorithm;
Applications client sends the second checking message by the second path to described platform service end, described the second checking message comprises described random string, described signature value, and authentication information described in registration process is in identify label corresponding to described platform service end;
Described platform service termination is received the second checking message that described applications client sends by the second path;
Described platform service end reads according to received described identify label the authentication information of submitting in registration process from database, and by default signature algorithm, extracted authentication information is signed and generated signature value;
If the signature value that described platform service end checking generates is consistent with received signature value, according to described random string, from recorded described mapping relations, extract corresponding terminal iidentification, and obtain corresponding user account information according to described terminal iidentification;
Described platform service end generates granted access token according to described user account information and described authentication information, sends to described applications client;
Applications client receives the granted access token that described platform service end sends.
The 6th aspect, the embodiment of the present invention also provides a kind of platform authoring system, comprising: the applications client that the platform service end that any embodiment of the present invention provides and any embodiment of the present invention provide.
The technical scheme that the embodiment of the present invention proposes sends respectively by applications client the first checking message that comprises random string to platform service end by two paths, comprise described random string, the second checking message of signature value and identify label, if it is consistent with received signature value to the sign signature value of generation of authentication information that described platform service end is verified default signature algorithm, according to described random string, obtain corresponding user account information, and generate granted access token according to described user account information and described authentication information, send to described applications client, without logining by webpage, can make user to licensing process unaware, and can further improve the fail safe of mandate.
Embodiment
For the technical scheme of technical problem that the present invention is solved, employing and the technique effect that reaches clearer, below in conjunction with accompanying drawing, the technical scheme of the embodiment of the present invention is described in further detail, obviously, described embodiment is only the present invention's part embodiment, rather than whole embodiment.Embodiment based in the present invention, those skilled in the art, not making the every other embodiment obtaining under creative work prerequisite, belong to the scope of protection of the invention.
Below in conjunction with accompanying drawing and by embodiment, further illustrate technical scheme of the present invention.
Embodiment mono-
Fig. 1 is the platform authorization method flow chart of the platform service end that provides of the embodiment of the present invention one, the present embodiment applicable in applications client request call open platform, need terminal use to authorize OpenAPI time obtain granted access token situation, wherein, described applications client can be for being installed on the system tool in application software, instant communication client, Entertainment client or the terminal in terminal, i.e. third party's application.The method can be brought in execution by platform service, and platform service end is to third party application, to provide the server of platform service, and as shown in Figure 1, the platform authorization method of the platform service end described in the present embodiment comprises:
S101, platform service termination are received the terminal iidentification that applications client is verified message by first of the first path transmission and obtained described applications client place terminal, and described the first checking message comprises random string.
In order to prevent applications client, maliciously obtain the user data of platform side, the first checking message that system interface by calling terminal system and providing sends to platform service end is provided the first checking message sending by the first path, for example, can call short message interface and forward described the first checking message by Short Message Service Gateway.
As preferably, described applications client generates random string, and creates and comprise described random string and destination address is the checking note of described platform service end.Described applications client sends described checking note to Short Message Service Gateway, indicates described Short Message Service Gateway that described checking note is carried out to protocol conversion, generates the first checking message that comprises described random string, sends to described platform service end.Short Message Service Gateway can extract the terminal iidentification of note transmit leg from checking note, is carried in the first checking message and sends, and described platform service termination is extracted described random string and terminal iidentification after receiving.
S102, described platform service end carry out record to the mapping relations between received random string and described terminal iidentification.
Described terminal iidentification is the identification code for unique distinguishing terminal, as long as during the first checking message that platform service termination receipts applications client sends by the first path, which terminal can be used for identifying is, described terminal iidentification includes but not limited to the device identification of telephone number and terminal.Terminal iidentification is used for identifying the account of oneself conventionally by user, can obtain accordingly accounts information.
S103, described platform service termination are received the second checking message that described applications client sends by the second path, described the second checking message comprises described random string, the signature value that described applications client is signed and generated authentication information by default signature algorithm, and authentication information described in registration process is in identify label corresponding to described platform service end.
In the process that applications client or application server are registered on platform service end, platform service end can be each applications client or an identify label of application server distribution, for each applications client or application server are carried out to unique identification, i.e. this identify label and corresponding authentication information can, corresponding to an applications client, can be also all applications client corresponding to a class application service.Meanwhile, for the sake of security, in registration process, each applications client or application server also can be submitted authentication information (for example applying key) to platform service end, to carry out authentication.At platform service end, can in database, to the mapping relations between described identify label and described authentication information, carry out record, for associative search.Each applications client or application server, when initiating access request to platform service end, need to send identify label and authentication information in order to carry out identity difference and authentication, for example, authentication information is used as to bag name and packet signature.
Further, described the second checking message also can comprise the data access authority list that described applications client expectation is obtained.
In order to guarantee safety, described the second path can be based on SSL (Secure Sockets Layer, SSL) agreement, further, described the second path can be based on HTTPS (Hyper Text Transfer Protocol over Secure Socket Layer, Secure Hypertext Transfer Protocol) agreement.For example, the second checking message sending based on described the second path can be the HTTPS request sending based on HTTPS.In order to prevent applications client, utilize described the second path maliciously to obtain the user data of platform side, applications client need to be done necessary security protection for described the second path and to promote other clients, utilize difficulty and the cost in this path, for example provide socket SOCKET interface to replace HTTP (Hypertext Transfer Protocol, HTML (Hypertext Markup Language)) interface, described the second checking message is made to corresponding symmetric cryptography or asymmetric encryption, increase anti-across the request forgery attack processing policy etc. of standing.
S104, described platform service end read according to received described identify label the authentication information of submitting in registration process from database, and by default signature algorithm, extracted authentication information are signed and generated signature value.
The mapping relations of described platform service end between identify label and described authentication information, according to received described identify label, extract authentication information.
In order further to improve security performance, as preferably, this operation also can increase the operation of an expired judgement, expired to determine whether.Be specially: platform service end carries out expired checking to the network time stamp in the second checking message receiving, judge that the difference of current system timestamp and described network time stamp is whether in pre-set threshold value, if not within the scope of pre-set threshold value, think a Replay Attack request, directly return to corresponding error message, otherwise continue next step.
If the signature value that the described platform service end checking of S105 generates is consistent with received signature value, according to described random string, from recorded described mapping relations, extract corresponding terminal iidentification, and obtain corresponding user account information according to described terminal iidentification.
S106, described platform service end generate granted access token according to described user account information and described authentication information, send to described applications client.
Platform service end can send to described applications client by described the first path or described the second path by generating granted access token, due to size of data problem with to the data of receiving property easy to use problem, be preferably by described the second path and send.
The granted access token that the applications client of third party's application gets from platform service end, the OpenAPI interface that can provide by described granted access token calling platform side obtains corresponding cloud ability and user data.
As preferably, described the second checking message also comprises described applications client expected data list of access rights, and this operation also can comprise: according to described user account information, described authentication information and expected data list of access rights, generate granted access token.
Further, if obtain the operation failure of corresponding user account information according to described terminal iidentification, according to described terminal iidentification registration, obtain new user account information.That is, if there is no described account information, can be according to user account of the terminal iidentification auto registration obtaining by described the first path.
Further, in described access token, also can comprise described platform service end is the data access authority list that the authority information opened of described applications client and/or expectation are obtained.It should be noted that, the present embodiment is applicable to the granted access token situation of an one or more open platform of applications client acquisition request.
It should be noted that, the first path described in the present embodiment and described the second path are two different paths, applications client is sent and is verified that the opportunity of message can be identical by two paths respectively, also can be successively different, before only extracting the step of corresponding terminal iidentification according to described random string from recorded described mapping relations in the satisfied operation of needs S105, operation S102 completes, be preferably the first checking message and second and verify that message sends simultaneously, or the first checking message first sends than the second checking message.
The technical scheme that the embodiment of the present invention proposes sends respectively by platform service end the first checking message that comprises random string from applications client by two paths, comprise described random string, the second checking message of signature value and identify label, if the signature value that described platform service end checking generates according to received signature value is consistent with received signature value, according to described random string, obtain corresponding user account information, and generate granted access token according to described user account information and described authentication information, send to described applications client, can make user to licensing process unaware, and can further improve the fail safe of mandate.
Embodiment bis-
Fig. 2 is the platform authorization method flow chart of the applications client that provides of the embodiment of the present invention two, the present embodiment applicable in applications client request call open platform, need terminal use to authorize OpenAPI time obtain granted access token situation, wherein, described applications client can be for being installed on the system tool in application software, instant communication client, Entertainment client or the terminal in terminal, i.e. third party's application.The method can be brought in execution by application client, and as shown in Figure 2, the platform authorization method of the applications client described in the present embodiment comprises:
S201, applications client send the first checking message by first via radial platform service end, and described the first checking message comprises random string.
In order to prevent applications client, maliciously obtain the user data of platform side, the first checking message that the system interface that the first checking message sending by the first path is preferably to be provided by calling system sends to platform service end, for example, can forward described the first checking message by Short Message Service Gateway.
As preferably, described applications client generates random string, and creates and comprise described random string and destination address is the checking note of described platform service end.Described applications client sends described checking note to Short Message Service Gateway, indicate described Short Message Service Gateway that described checking note is carried out to protocol conversion, the first checking message that generation comprises described random string, send to described platform service end, described platform service termination is extracted described random string and terminal iidentification after receiving.Short Message Service Gateway can extract the terminal iidentification of note transmit leg from checking note, is carried in the first checking message and sends, and described platform service termination is extracted described random string and terminal iidentification after receiving.
S202, applications client are signed and are generated signature value authentication information by default signature algorithm.
S203, applications client send the second checking message by the second path to described platform service end, described the second checking message comprises described random string, described signature value, and authentication information described in registration process is in identify label corresponding to described platform service end.
Further, described the second checking message also can comprise the data access authority list that the expectation of described applications client is obtained, and clearly proposes to need the data area of access rights of the data of application for applications client to platform service end.
For example, described the second path can be the HTTPS request sending based on HTTPS agreement.In order to prevent applications client, utilize described the second path maliciously to obtain the user data of platform side, applications client need to be done necessary security protection for described the second path and to promote other clients, utilize difficulty and the cost in this path, for example provide SOCKET interface to replace HTTP interface, described the second checking message is made to corresponding symmetric cryptography or asymmetric encryption, increase anti-across the request forgery attack processing policy etc. of standing.
S204, applications client receive the granted access token that described platform service end sends.
It should be noted that, the first path described in the present embodiment and described the second path are two different paths, applications client is sent and is verified that the opportunity of message can be identical by two paths respectively, also can be successively different, only need to meet before platform service end extracts the operation of corresponding terminal iidentification according to described random string from recorded described mapping relations, by first via radial platform service end, send the first checking message successfully, be preferably the first checking message and second and verify that message sends simultaneously, or first checking message than second, verify that message first sends.
The technical scheme that the embodiment of the present invention proposes sends respectively by applications client the first checking message that comprises random string to platform service end by two paths, with the second checking message that comprises described random string, signature value and identify label, for described platform service end return authorization access token, can further improve the fail safe of mandate, and make user to licensing process unaware.
Embodiment tri-
Fig. 3 is the structured flowchart of the platform service end described in the embodiment of the present invention three, and as shown in Figure 3, the platform service end described in the present embodiment comprises:
The first checking message sink unit 301, the terminal iidentification of verifying message by first of the first path transmission and obtaining described applications client place terminal for receiving applications client, described the first checking message comprises random string;
Mapping relations record cell 302, carries out record for the mapping relations between the random string to received and described terminal iidentification;
The second checking message sink unit 303, the the second checking message sending by the second path for receiving described applications client, described the second checking message comprises described random string, the signature value that described applications client is signed and generated authentication information by default signature algorithm, and authentication information described in registration process is in identify label corresponding to described platform service end;
Information extraction and signature unit 304, for reading from database the authentication information of submitting to registration process according to received described identify label, and signed and generate signature value extracted authentication information by default signature algorithm;
Account information acquiring unit 305, if the signature value generating for checking is consistent with received signature value, according to described random string, from recorded described mapping relations, extract corresponding terminal iidentification, and obtain corresponding user account information according to described terminal iidentification;
Granted unit 306, for generating granted access token according to described user account information and described authentication information, sends to described applications client.
Further, described first checking message sink unit 301 specifically for:
Receive the first checking message that described applications client forwards by Short Message Service Gateway, wherein, described the first checking message is that the checking note that described Short Message Service Gateway sends according to described applications client is carried out the message after protocol format conversion, in described checking note, carries described random string;
The terminal iidentification that obtains described applications client place terminal from described the first checking message, described terminal iidentification is note initiator's terminal iidentification that described Short Message Service Gateway extracts from described checking note.
Further, described the second path can be based on ssl protocol, and further, described the second path can be based on HTTPS agreement.
Further, described account information acquiring unit 305 also comprises timestamp judgement subelement, for after the generation signature value of extracted authentication information being signed by default signature algorithm, if judge that difference between network time stamp that described the second checking message comprises and current system timestamp is in predetermined threshold value, triggering following operates.Accordingly, this network time stabs as applications client is when sending the second checking message, using current time stamp as network time, stabs, and adds in the second message.
Further, described authentication information comprises name and packet signature.
Further, described terminal is designated cell-phone number.
The applications client that the present embodiment provides can be carried out the platform authorization method of the applications client that the embodiment of the present invention one provides, and possesses the corresponding functional module of manner of execution and beneficial effect.
Embodiment tetra-
Fig. 4 is the structured flowchart of the applications client described in the embodiment of the present invention four, and as shown in Figure 4, the applications client described in the present embodiment comprises:
The first checking message sending unit 401, for send the first checking message by first via radial platform service end, described the first checking message comprises random string, for described platform service end, the mapping relations between described random string and the terminal iidentification of described applications client place terminal is carried out to record;
Signature unit 402, for being signed and generate signature value authentication information by default signature algorithm;
The second checking message sending unit 403, for sending the second checking message by the second path to described platform service end, described the second checking message comprises described random string, described signature value, and authentication information described in registration process is in identify label corresponding to described platform service end, for described platform service end, according to described identify label, from database, read the authentication information of submitting in registration process, and by default signature algorithm, extracted authentication information is signed and generated signature value, if the signature value that described platform service end checking generates is consistent with received signature value, according to described random string, from recorded described mapping relations, extract corresponding terminal iidentification, and obtain corresponding user account information according to described terminal iidentification, and generate granted access token according to described user account information and described authentication information,
Granted access token receiving element 404, the granted access token sending for receiving described platform service end.
Further, described the first checking message sending unit 401 specifically for: generate random string, and create and comprise described random string and destination address is the checking note of described platform service end; And,
Send described checking note to Short Message Service Gateway, to indicate described Short Message Service Gateway that described checking note is carried out to protocol conversion and to extract note initiator's terminal iidentification of described checking note, the first checking message that generation comprises described random string, sends to described platform service end.
Described the second checking message sending unit 403 specifically for: based on HTTPS, to described platform service end, send the HTTPS request that comprises the second checking message.
The applications client that the present embodiment provides can be carried out the platform authorization method of the applications client that the embodiment of the present invention two provides, and possesses the corresponding functional module of manner of execution and beneficial effect.
Embodiment five
Fig. 5 is in the platform authorization method described in the embodiment of the present invention five, the mutual schematic diagram of platform service end and applications client in the platform authorization method of applications client, the present embodiment is mainly used in the application program of mobile phone (calling applications client in the following text) of Android system, the system based on being comprised of platform service end, applications client and Short Message Service Gateway.As shown in Figure 5, the method described in the present embodiment comprises:
501, applications client sends the first checking message that includes random string to platform service end.
Be that applications client sends note to platform service end, the form that applications client requires according to platform side generates a short message content string that comprises random character string, and send to the interface of the direct transmission note providing by calling system, described short message content string is sent to the Short Message Service Gateway that platform side provides, to indicate described interface that described checking note is carried out to protocol conversion and to extract note initiator's terminal iidentification of described checking note, the first checking message that generation comprises described random string, sends to described platform service end.
502, Short Message Service Gateway sends client place terminal iidentification and the first checking message to platform service end.
Short Message Service Gateway is transmitted to based on HTTPS the cell-phone number of short message content string and transmission note the platform service end of platform side by sending HTTPS request;
Platform service termination is received after short message content string and cell-phone number, the mapping relations data toward described short message content string of caching system storage to cell-phone number, and establish certain expired time (the general time is shorter, for example 1 minute).
503, platform service end sends the second checking message to applications client, includes random string, signature value, and identify label.
By the Internet, send authorization information.Applications client is after note sends successfully, the SDK SDK that calling platform side provides (Software Development Kit, SDK) interface that bag provides obtains the authentication information of current application client, described authentication information is the bag name according to applications client, packet signature, current network timestamp, the default information such as fixed key are carried out the encryption string of symmetric cryptography generation, in order to prevent concrete cryptographic algorithm, by third party, obtained, thereby affect the fail safe of the technical program, whole signature algorithm (comprises applications client bag name, packet signature, obtaining of the default data such as key) all pass through JNI (Java Native Interface, JAVA calls this locality) technology realizes by C/C++ code layer.
Applications client is by described short message content string, the data access authority list that applications client authentication information and expectation are obtained, the application ID (authentication information described in registration process is in identify label corresponding to described platform service end) distributing when applications client is registered in platform side sends to the authorization server of platform side to obtain access token, in order to guarantee fail safe, this network request generally need to be based on SSL (Secure Sockets Layer SSL), as based on HTTPS agreement to as described in platform service end send the HTTPS request comprise the second checking message.;
After this, platform service termination is received after request, network time stamp in the second checking message is carried out to expired checking, judge that the difference of current system timestamp and described network time stamp is whether in pre-set threshold value, otherwise if not in, think a Replay Attack request, directly return to corresponding error message, otherwise continue next step.
Platform service end reads according to described application ID the authority information that described applications client submits to applications client bag name and packet signature, platform side to open to described applications client intervention when platform is registered from database, and whether judgement the applications client bag name, packet signature that read be consistent with the value of deciphering the applications client bag name that obtains, packet signature from applications client authentication information, if inconsistent, think a forgery attack request, directly return to corresponding error message, otherwise continue next step;
Platform service end reads out corresponding cell-phone number according to described short message content string from described caching system, and obtain corresponding user account information (if there is no described account information according to described cell-phone number, according to user account of cell-phone number auto registration), the data such as the authority information of then opening to described applications client according to described user account information, described application ID, platform side and described data access authority list generate a granted access token.
504, platform service end returns to generated granted access token to applications client.
OpenAPI is the common a kind of application in service type website, the service provider of website is packaged into a series of API (Application Programming Interface by the website service of oneself, API) open away, for third party developer, the API opening is just known as OpenAPI.Applications client gets after granted access token, and the OpenAPI interface that can provide by access token calling platform side obtains corresponding cloud ability and user data.
Owing to triggering user after cell-phone number one key authorization requests, whole process all there will not be any other user interface, therefore, if there are a plurality of platforms, all support this technology, applications client just can complete by the mode of interface interchange repeatedly the obtaining of granted access token of each platform, thereby solves the problem of above-mentioned fourth aspect.
Embodiment six
Fig. 6 is the platform authorization method flow chart that the embodiment of the present invention six provides, the present embodiment applicable in applications client request call open platform, need terminal use to authorize OpenAPI time obtain granted access token situation, wherein, described applications client can be for being installed on the system tool in application software, instant communication client, Entertainment client or the terminal in terminal, i.e. third party's application.The method is brought in execution by platform service end and application client, and as shown in Figure 6, the platform authorization method described in the present embodiment comprises.
S601, applications client send the first checking message by first via radial platform service end, and described the first checking message comprises random string.
S602, platform service termination are received the terminal iidentification that applications client is verified message by first of the first path transmission and obtained described applications client place terminal.
S603, described platform service end carry out record to the mapping relations between received random string and described terminal iidentification.
S604, applications client are signed and are generated signature value authentication information by default signature algorithm.
S605, applications client send the second checking message by the second path to described platform service end, described the second checking message comprises described random string, described signature value, and authentication information described in registration process is in identify label corresponding to described platform service end.
S606, described platform service termination are received the second checking message that described applications client sends by the second path.
S607, described platform service end read according to received described identify label the authentication information of submitting in registration process from database, and by default signature algorithm, extracted authentication information are signed and generated signature value.
If the signature value that the described platform service end checking of S608 generates is consistent with received signature value, according to described random string, from recorded described mapping relations, extract corresponding terminal iidentification, and obtain corresponding user account information according to described terminal iidentification.
S609, described platform service end generate granted access token according to described user account information and described authentication information, send to described applications client.
S610, applications client receive the granted access token that described platform service end sends.
In the technical scheme that the present embodiment proposes, the explanation of each operation refers to the respective operations of embodiment mono-and embodiment bis-, has the beneficial effect of embodiment mono-and embodiment bis-.
The embodiment of the present invention also provides a kind of platform authoring system, comprising: the applications client that the platform service end that any embodiment of the present invention provides and any embodiment of the present invention provide.
All or part of content in the technical scheme that above embodiment provides can realize by software programming, and its software program is stored in the storage medium can read, storage medium for example: the hard disk in computer, CD or floppy disk.
Note, above are only preferred embodiment of the present invention and institute's application technology principle.Skilled person in the art will appreciate that and the invention is not restricted to specific embodiment described here, can carry out for a person skilled in the art various obvious variations, readjust and substitute and can not depart from protection scope of the present invention.Therefore, although the present invention is described in further detail by above embodiment, the present invention is not limited only to above embodiment, in the situation that not departing from the present invention's design, can also comprise more other equivalent embodiment, and scope of the present invention is determined by appended claim scope.