A kind of third party authorizes token management method and systemTechnical field
The invention belongs to network privilege management technical field, in particular to a kind of third party authorize token management method andSystem.
Background technique
With the high speed development of network, the diversity of information propagation pattern starts that explosive growth is presented, and information propagates shapeFormula is also no longer simple linear propagation, but is gradually converted into the netted propagation being overlapping;At this point, the network platform is also no longerThe function of only executing oneself generally requires to interact and cooperate with other platforms.Currently, most of network platform requiresLogging in advance just can be carried out use, and when frequency of use of the user to the network platform is very low or the time is not abundant enough,Repeatedly registration or login can waste a large amount of time and efforts, and often utilization rate is very low;Therefore, by existing andThe account of the common network platform carries out authorization login, can greatly save time cost, and can effectively improve existing accountUtilization rate.For it is this authorized by original account, the method to log in third-party platform, to its safety and validityPropose higher requirement.
Summary of the invention
In order to solve the above-mentioned technical problems, the present invention provides a kind of third parties to authorize token management method and system.
Specific technical solution of the present invention is as follows:
One aspect of the present invention provides a kind of third party's authorization token management method, includes the following steps:
S1: main station system configures the information of the application layer for accessing token business;
S2:token service system is directed to the third-party platform, generates one for interacting with the main station systemApply communication key;
S3: the third-party platform obtains user's authorization, and generates a unique token;The token service systemThe token is safeguarded, maintenance data are stored simultaneously, and the token is regularly updated;
S4: when the third-party platform requests to access the main station system, the main station system passes through the token systemSystem obtains newest token and is authenticated and bound, to be attached with the third-party platform.
Further, the specific method is as follows by step S3:
S3.1: the third-party platform provides authorization guidance and sdk file packet, the user installation sdk file for userIt is authorized after packet;The third-party platform generates a unique character string conduct after the authorization for receiving the usertoken;
S3.2: the third-party platform is that a validity period is arranged in the token, and the token service system is to describedThe effective time of token is monitored;When the token i.e. will be expired when, the token service system to the token intoRow is automatic to be refreshed, and such as Flushing success then stores the token after refreshing, and the effective monitoring time again;As refreshedFailure then notifies the third-party platform to re-fetch user's authorization, and regenerates a token.
Further, in step S3.2, the method refreshed automatically to the token is as follows:
When the token i.e. will be expired, the token service system sends late note to the third-party platform,The third-party platform provides a refresh interface according to the late note for the token service system, described to pass through instituteIt states refresh interface and obtains new token, and the effective monitoring time again.
Further, the specific method is as follows by step S4:
S4.1: when the third-party platform requests to access the main station system, the main station system passes through the applicationCommunication key and the token service system obtain connection, and send token acquisition request to the token service system;
S4.2: the token service system is corresponding according to the token acquisition request lookup third-party platformToken, and the token is sent to the main station system;
S4.3: it after the main station system is authenticated and bound to the token, connect and goes forward side by side with the third-party platformRow data interaction.
Further, the specific method is as follows by step S4.2:
S4.2.1: the token service system extracts corresponding third-party platform from the token acquisition requestInformation, and the corresponding newest token of the third-party platform and maintenance data are searched accordingly;
S4.2.2: the token service system checks the token according to the maintenance data, when describedWhen at token before the deadline, the token is directly sent to the main station system;
When the token is expired, the token is refreshed automatically, or the third-party platform is reminded to take againObtain user's authorization.
Further, the method for judging whether the token locates before the deadline is as follows:
According to the entry-into-force time of the token, current time is judged whether within preset validity period, such as beyond pre-If validity period range, then the token is out of date;As still within preset validity period, then continue to judge the thirdWhether Fang Pingtai proposed revocation information, such as proposed revocation information, then the token is out of date;As do not proposedRevocation information is crossed, then the token still locates before the deadline.
Another aspect of the present invention provides a kind of third party's authorization token management system, including following part:
Configuration module, for the application layer message to the main station system for accessing token service carry out it is unified configure andManagement, and be the main station system granting for applying communication key with what token management system interacted;
Interface processing module carries out adaptation processing to the interface for being supplied to the different third-party platforms for unified;
Core processing module, for providing unique token for the main station system, making the main station system and described theTripartite's platform is attached, and the token is to generate after the third-party platform obtains user's authorization;It is also used to describedToken is safeguarded, is regularly updated according to the request of the third-party platform to the token, and is believed above-mentioned processingBreath is managed collectively and is stored.
Further, the core processing module includes following part:
Processing unit, for the token reading, verifying, safeguard, transfer and send and be uniformly processed;
Storage unit, for carrying out unified storage to the token and all processing information.
Further, the core processing module realizes that the third-party platform and the main station system connect by tokenThe method connect is as follows:
1. the main station system is communicated by the application when the third-party platform requests to access the main station systemKey and the core processing module obtain connection, and send token acquisition request;
2. the core processing module searches the corresponding token of the third-party platform according to the token acquisition request,When at the token before the deadline, the token is directly sent to the main station system;When the token is expiredWhen, the token is refreshed automatically, or the third-party platform is reminded to re-fetch user's authorization;
3. after the main station system is authenticated and bound to the token, connecting and carrying out with the third-party platformData interaction;
Wherein, the method for judging whether the token locates before the deadline is as follows:
According to the entry-into-force time of the token, current time is judged whether within preset validity period, such as beyond pre-If validity period range, then the token is out of date;As still within preset validity period, then continue to judge the thirdWhether Fang Pingtai proposed revocation information, such as proposed revocation information, then the token is out of date;As do not proposedRevocation information is crossed, then the token still locates before the deadline.
Further, the method that the core processing module carries out unified maintenance to the token is as follows:
The core processing module is that a validity period is arranged in the token, and carries out to the effective time of the tokenMonitoring;When the token i.e. will be expired when, the core processing module refreshes the token automatically, such as refreshing atFunction then stores the token after refreshing, and the effective monitoring time again;Such as refresh failure, then notifies the thirdFang Pingtai re-fetches user and authorizes and regenerate a token;
Wherein, the method refreshed automatically to the token is as follows:
When the token i.e. will be expired, the core processing module sends late note, institute to the third-party platformIt states third-party platform and provides a refresh interface, the core processing mould according to the late note for the core processing moduleBlock obtains new token by the refresh interface, and the effective monitoring time again.
Beneficial effects of the present invention are as follows: the present invention provides a kind of third party authorization token management method and accordinglySystem is that main station system provides one using communication key by token service system, and main station system is with this and token serviceSystem carries out information exchange, obtains the token information of third-party platform from token service system;Each obtains user's authorizationThird-party platform pass through respectively a unique token as Authority Verification information, with main station system realize connect;tokenIt needs to carry out periodic maintenance, to ensure its validity.Aforesaid way is completed the storage of token by token service system, readIt a series of management such as takes, verify, safeguarding, the centralized management to token data may be implemented, improving treatment effeciency;Token is readTake with may be implemented in identification process automatic mapping and and automatic adaptation, so that automatic refreshing to token is realized, to safeguardThe validity of token greatly reduces time cost and the processor loss of maintenance token, so as to efficiently and safelyThe connection with main station system is realized by third-party platform.
Detailed description of the invention
Fig. 1 is the flow chart that a kind of third party described in embodiment 1 authorizes token management method;
Fig. 2 is the flow chart that a kind of third party described in embodiment 1 authorizes step S3 in token management method;
Fig. 3 is the flow chart that a kind of third party described in embodiment 1 authorizes step S4 in token management method;
Fig. 4 is the structural schematic diagram that a kind of third party as described in example 2 authorizes token management system.
Specific embodiment
Invention is further described in detail with following embodiment with reference to the accompanying drawing.
Embodiment 1
As shown in Figure 1, the embodiment of the present invention 1 provides a kind of third party's authorization token management method, including walk as followsIt is rapid:
S1: main station system configures the application layer message for accessing token business;
S2:token service system is directed to third-party platform, and it is logical to generate an application for interacting with main station systemIt interrogates key (for verifying the character string of main station system identity);
S3: third-party platform obtains user's authorization (providing confirmation pop-up and the sdk development kit for accessing main station system),And generate a unique token;Token service system is safeguarded token, is stored simultaneously to maintenance data, andToken is regularly updated;
S4: when third-party platform requests access main station system, main station system is obtained newest by token systemToken is simultaneously authenticated and is bound, to be attached with third-party platform.
As shown in Fig. 2, when it is implemented, step S3 the specific method is as follows:
S3.1: third-party platform provides authorization guidance (can use pop-up form, it is desirable that user confirms) for userWith sdk file packet, authorized after user installation sdk file packet, third-party platform generates one after the authorization for receiving userUnique character string is as token;
S3.2: third-party platform is that token is arranged a validity period, token service system to effective time of token intoRow monitoring;When token i.e. will be expired, token service system refreshes token automatically, such as Flushing success, then to refreshingToken afterwards is stored, and the effective monitoring time again;Such as refresh failure, then notifies third-party platform to re-fetch userAuthorization, and regenerate a token.
To ensure that authorization function is significant, token cannot be used permanently, be necessarily required to a validity period, and the time is notCan be too long, it is usually no more than 7d.
Wherein, the method refreshed automatically to token is as follows:
When token i.e. will be expired, token service system sends late note, third-party platform root to third-party platformA refresh interface (API) is provided for token service system according to late note, token service system is obtained by refresh interfaceNew token, and effective monitoring time again.
As shown in figure 3, the specific method is as follows by step S4:
S4.1: when third-party platform requests access main station system, main station system using communication key and token by takingBusiness system obtains connection, and sends token acquisition request to token service system;
S4.2:token service system searches the corresponding token of third-party platform according to token acquisition request, and willToken is sent to main station system;
S4.3: it after main station system is authenticated and bound to token, is connect with third-party platform and carries out data interaction.
Wherein, the specific method is as follows by step S4.2:
S4.2.1:token service system extracts the information of corresponding third-party platform from token acquisition request, andThe corresponding newest token of third-party platform and maintenance data are searched accordingly;
S4.2.2:token service system checks token according to maintenance data, at token before the deadlineWhen (be verified and identity information is effective), token is directly sent to main station system;
When token is expired, token is refreshed automatically, or third-party platform is reminded to re-fetch user's authorization.
Wherein, the method for judging whether token locates before the deadline is as follows:
According to the entry-into-force time of token, current time is judged whether within preset validity period, such as beyond presetValidity period range, then token is out of date;As still within preset validity period, then continue to judge whether third-party platform mentionsRevocation information (abandoning connecting or replacing user) is crossed out, such as proposes revocation information, then token is out of date;As notItd is proposed revocation information, then token still locates before the deadline.
A kind of third party's authorization token management method is present embodiments provided, is main station system by token service systemIt provides one and applies communication key, main station system carries out information exchange with token service system with this, from token service systemObtain the token information of third-party platform;Each third-party platform for obtaining user's authorization passes through one uniquely respectivelyToken realizes connection as Authority Verification information, with main station system;Token needs to carry out periodic maintenance, to ensure it effectivelyProperty.Aforesaid way completes a series of management such as storage, reading, verifying, maintenance of token by token service system, can be withIt realizes the centralized management to token data, improves treatment effeciency;Token reads and automatic mapping may be implemented in identification processWith and automatic adaptation, to realize that automatic refreshing to token greatly reduces maintenance to safeguard the validity of tokenThe time cost and processor of token is lost, so as to efficiently and safely pass through third-party platform realization and main station systemConnection.
Embodiment 2
As shown in figure 4, embodiment 2 discloses a kind of third party's authorization token management system on the basis of embodiment 1,Including following part:
Configuration module 1, for the application layer message to the main station system for accessing token service carry out it is unified configure andManagement, and be main station system granting for applying communication key with what token management system interacted;
Interface processing module 2 carries out adaptation processing to the interface for being supplied to different third-party platforms for unified;
Core processing module 3, for for main station system provide unique token, make main station system and third-party platform intoRow connection, token are to generate after third-party platform obtains user's authorization;It is also used to safeguard token, token is carried outIt regularly updates, and above-mentioned processing information is managed collectively and is stored.
When it is implemented, core processing module 3 may include following part:
Processing unit 31, for token reading, verifying, safeguard, transfer and send and be uniformly processed;
Storage unit 32, for carrying out unified storage to token and all processing information.
Present embodiments provide a kind of third party's authorization token management system, 1 pair of preparation access token clothes of configuration moduleThe application layer message of the main station system of business carries out unified configuration and management, and is for managing with token for main station system grantingWhat system interacted applies communication key, and interface processing module 2 provides interface, and third-party platform carries out letter with main station system with thisBreath interaction;Core processing module 3 obtains the unique token of third-party platform acquisition that user authorizes from each and tests as permissionCard information is simultaneously supplied to main station system, connects so that main station system and third-party platform be made to realize;Token needs to carry out regularMaintenance, to ensure its validity.Core processing module 3 completes a series of pipes such as storage, reading, verifying, the maintenance of tokenThe centralized management to token data may be implemented in reason, improves treatment effeciency;Token reads and may be implemented in identification process certainlyDynamic mapping and and automatic adaptation, the automatic refreshing of token is greatly reduced to safeguard the validity of token to realizeTime cost and the processor loss of token is safeguarded, so as to efficiently and safely pass through third-party platform realization and main websiteThe connection of system.
Embodiment 3
Embodiment 3 discloses a kind of third party on the basis of embodiment 2 and authorizes token management system, the embodiment 3 intoThe method that one step defines that core processing module 3 realizes that third-party platform is connect with main station system by token is as follows:
Core processing module 3 is as follows by the method that token realizes that third-party platform is connect with main station system:
1. main station system passes through using communication key and core processing mould when third-party platform requests access main station systemBlock 3 obtains connection, and sends token acquisition request;
2. core processing module 3 searches the corresponding token of third-party platform according to token acquisition request, when token is inWhen in validity period, token is directly sent to main station system;When token is expired, token is refreshed automatically, or is remindedThird-party platform re-fetches user's authorization;
3. after main station system is authenticated and bound to token, being connect with third-party platform and carrying out data interaction;
Wherein, the method for judging whether token locates before the deadline is as follows:
According to the entry-into-force time of token, current time is judged whether within preset validity period, such as beyond presetValidity period range, then token is out of date;As still within preset validity period, then continue to judge whether third-party platform mentionsRevocation information is crossed out, such as proposes revocation information, then token is out of date;If do not proposed revocation information, thenToken still locates before the deadline.
The method that core processing module 3 carries out unified maintenance to token is as follows:
Core processing module 3 is that a validity period is arranged in token, and is monitored to the effective time of token;WhenWhen token i.e. will be expired, core processing module 3 refreshes token automatically, such as Flushing success, then to the token after refreshingIt is stored, and the effective monitoring time again;Such as refresh failure, then notify third-party platform re-fetch user authorization and againGenerate a token;
Wherein, the method refreshed automatically to token is as follows:
When token i.e. will be expired, core processing module 3 sends late note, third-party platform root to third-party platformIt is that core processing module 3 provides a refresh interface according to late note, core processing module 3 is obtained newly by refresh interfaceToken, and effective monitoring time again.
The embodiments described above only express several embodiments of the present invention, and the description thereof is more specific and detailed, but simultaneouslyLimitations on the scope of the patent of the present invention therefore cannot be interpreted as.It should be pointed out that for those of ordinary skill in the artFor, without departing from the inventive concept of the premise, various modifications and improvements can be made, these belong to guarantor of the inventionProtect range.Therefore, the scope of protection of the patent of the invention shall be subject to the appended claims.