CN112507254B - Application program authorization method and device - Google Patents
Application program authorization method and device Download PDFInfo
- Publication number
- CN112507254B CN112507254B CN202011435612.5A CN202011435612A CN112507254B CN 112507254 B CN112507254 B CN 112507254B CN 202011435612 A CN202011435612 A CN 202011435612A CN 112507254 B CN112507254 B CN 112507254B
- Authority
- CN
- China
- Prior art keywords
- webpage
- information
- identifier
- authorization
- request
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 62
- 238000013475 authorization Methods 0.000 claims abstract description 300
- 238000012545 processing Methods 0.000 claims description 42
- 238000012790 confirmation Methods 0.000 claims description 21
- 238000004590 computer program Methods 0.000 claims description 5
- 238000005516 engineering process Methods 0.000 abstract description 2
- 230000006870 function Effects 0.000 description 26
- 235000014510 cooky Nutrition 0.000 description 18
- 238000010586 diagram Methods 0.000 description 13
- 238000010200 validation analysis Methods 0.000 description 6
- 230000004044 response Effects 0.000 description 5
- 238000004891 communication Methods 0.000 description 4
- 230000008878 coupling Effects 0.000 description 3
- 238000010168 coupling process Methods 0.000 description 3
- 238000005859 coupling reaction Methods 0.000 description 3
- 230000005055 memory storage Effects 0.000 description 2
- 230000003287 optical effect Effects 0.000 description 2
- 238000012546 transfer Methods 0.000 description 2
- 238000013528 artificial neural network Methods 0.000 description 1
- 238000013500 data storage Methods 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 230000009191 jumping Effects 0.000 description 1
- 230000001172 regenerating effect Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/90—Details of database functions independent of the retrieved data types
- G06F16/95—Retrieval from the web
- G06F16/955—Retrieval from the web using information identifiers, e.g. uniform resource locators [URL]
- G06F16/9566—URL specific, e.g. using aliases, detecting broken or misspelled links
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/45—Structures or tools for the administration of authentication
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Databases & Information Systems (AREA)
- Data Mining & Analysis (AREA)
- Information Transfer Between Computers (AREA)
Abstract
The embodiment of the application provides an application program authorization method and device, which relate to the webpage technology and can enable a terminal to acquire authorization information and complete webpage information of a target webpage. The method is applied to a first server and comprises the following steps: receiving a first request from a terminal, wherein the first request comprises webpage information of a target webpage; generating a webpage identifier of the target webpage, and storing the webpage identifier, webpage information of the target webpage and a corresponding relation between the webpage identifier and the webpage information of the target webpage; sending a first webpage address to a terminal; the first webpage address comprises a webpage identifier and account information of an information platform account; receiving a second request from the terminal, wherein the second request comprises a webpage identifier and an authorization code; acquiring the webpage information of the target webpage corresponding to the webpage identifier in the second request from the stored webpage information, and acquiring authorization information according to the authorization code; and sending the webpage information and the authorization information to the terminal.
Description
Technical Field
The present application relates to web technologies, and in particular, to a method and apparatus for authorizing an application program.
Background
Currently, some Applications (APP) may provide a developer or a merchant with a function for self-managing information in addition to providing a plurality of functions to the user. For example, some instant messaging applications (e.g., weChat APP) may provide information platform account numbers (e.g., public numbers in WeChat APP) related functionality to a developer or merchant in addition to providing communication functionality to a user. A developer or a merchant needs to register an information platform account; and then, using the related functions of the information platform account in the APP under the condition of logging in the information platform account, for example, the terminal responds to the operation of accessing the information platform account by a user to display the page of the target webpage of the information platform account.
And the terminal generates the page of the target webpage of the information platform account according to the page information of the target webpage of the information platform account and the authorization information (such as user information) of the user. However, the terminal cannot carry the complete page information of the target webpage in the process of requesting to acquire the authorization information, so that the terminal still cannot generate the page of the target webpage of the information platform account after acquiring the authorization information.
Disclosure of Invention
The embodiment of the application provides an application program authorization method and device, which can enable a terminal to acquire authorization information and page information of a complete target webpage, and further successfully generate a page of the target webpage by utilizing the authorization information and the page information of the complete target webpage.
In order to achieve the technical purpose, the embodiment of the application adopts the following technical scheme:
In a first aspect, an embodiment of the present application provides an application authorization method, applied to a first server, where the method includes: first receiving a first request from a terminal; regenerating a webpage identifier of the target webpage, and storing the webpage identifier, webpage information of the target webpage and a corresponding relation between the webpage identifier and the webpage information of the target webpage; then, sending a first webpage address to the terminal; then, receiving a second request from the terminal, wherein the second request comprises a webpage identifier and an authorization code; acquiring the webpage information of the target webpage corresponding to the webpage identifier in the second request from the stored webpage information, and acquiring authorization information according to the authorization code; and finally, sending the webpage information and the authorization information to the terminal.
The first request is used for requesting to acquire a target webpage of the information platform account number, and the first request comprises webpage information of the target webpage. The web page identification is web page information for identifying the target web page. The first webpage address comprises a webpage identifier and account information of an information platform account, and the account information is used for determining whether the information platform account has permission to acquire authorization information of an application program. The authorization code is allocated in the case that the information platform account number has authority.
In one possible embodiment, the second request further includes a domain name identification of the terminal, the domain name identification being obtained by the terminal from a data (cookie) file stored on the terminal corresponding to the first web page address. Wherein after the second request from the terminal is received, before the obtaining, from the stored web page information, the web page information of the target web page corresponding to the web page identifier in the second request, the method further includes: the web page identifier and the domain name identifier are determined to be the same.
In another possible embodiment, after receiving the second request from the terminal, the method further includes: and if the webpage identifier is different from the domain name identifier, determining that the second request fails to acquire the page information and the authorization information of the target webpage.
In another possible implementation manner, the acquiring authorization information according to the authorization code includes: transmitting authorization codes and account information of an information platform account to a second server corresponding to the application program; authorization information is received from a second server.
In a second aspect, an embodiment of the present application further provides an application authorization method, which is applied to a terminal, where an APP is installed, where the method includes: detecting access operation of a target webpage corresponding to an information platform account in an application program, and sending a first request to a first server corresponding to the information platform account; receiving a first webpage address from a first server; sending an authorization request carrying a first webpage address to a second server corresponding to the APP; receiving a second web address from a second server; transmitting a second request to the first server by using the second webpage address; the second request is used for requesting to acquire the webpage information of the target webpage by utilizing the webpage identification and requesting to acquire the authorization information by utilizing the authorization code; receiving page information and authorization information from a first server; and displaying the page of the target webpage in the authorization state by using the page information and the authorization information.
The first request is used for requesting to acquire the target webpage, and the first request comprises page information of the target webpage. The first webpage identifier comprises a webpage identifier and account information of an information platform account, the webpage identifier corresponds to the webpage information of the target webpage, and the account information is used for determining whether the information platform account has permission to acquire authorization information of an application program. The second webpage address comprises a webpage identifier and an authorization code; the authorization code is allocated in the case that the information platform account number has the above-mentioned authority.
In one possible implementation manner, after the receiving the first web address from the first server, the method further includes: storing the domain name identifier in a cookie file corresponding to the first webpage address by utilizing the webpage identifier in the first webpage address; the domain name identifier is a web page identifier.
Wherein, the sending the second request to the first server by using the second web address includes: accessing a second webpage address, and acquiring a domain name identifier from a data (cookie) file stored on the terminal and corresponding to the second webpage address; a second request is sent to the first server, the second request further including a domain name identification. The web page information and the authorization information are output by the first server under the condition that the web page identifier and the domain name identifier in the second request are the same.
In another possible implementation manner, the second web address further includes a first identifier or a second identifier, where the first identifier is used to trigger the terminal to send a second request to the first server, and the second identifier is used to trigger the terminal to display an authorization confirmation page. Wherein the sending the second request to the first server includes: if the second webpage address comprises the first identifier, sending a second request to the first server;
Or if the second webpage address comprises the second identifier, displaying the authorization confirmation page by using the second webpage address; in the event that a validation authorization operation is detected on the authorization validation page, a second request is sent to the first server.
In another possible implementation, the first web address includes a first field, and the second web address includes the first field; the first field of the first web page address and the first field of the second web page address are used for carrying the web page identification.
In another possible implementation, the second web address further includes a second field; the second field of the second web address is used to carry an authorization code.
In a third aspect, an embodiment of the present application further provides an application authorization apparatus, applied to a first server, where the apparatus includes: the device comprises a receiving module, a processing module and a sending module. The receiving module is used for receiving a first request from the terminal; the processing module is used for generating a webpage identifier of the target webpage and storing the webpage identifier, webpage information of the target webpage and a corresponding relation between the webpage identifier and the webpage information of the target webpage; the sending module is used for sending the first webpage address to the terminal; the receiving module is further used for receiving a second request from the terminal, wherein the second request comprises a webpage identifier and an authorization code; the processing module is further used for acquiring the webpage information of the target webpage corresponding to the webpage identifier in the second request from the stored webpage information, and acquiring the authorization information according to the authorization code; and the sending module is also used for sending the webpage information and the authorization information to the terminal.
The first request is used for requesting to acquire a target webpage of the information platform account number, and the first request comprises webpage information of the target webpage. The web page identification is web page information for identifying the target web page. The first webpage address comprises a webpage identifier and account information of an information platform account, and the account information is used for determining whether the information platform account has permission to acquire authorization information of an application program. The authorization code is allocated in the case that the information platform account number has authority.
In one possible embodiment, the second request further includes a domain name identifier of the terminal, the domain name identifier being obtained by the terminal from a cookie file corresponding to the first web page address. The processing module is further configured to determine that the web page identifier and the domain name identifier are the same after the second request from the terminal is received and before the web page information of the target web page corresponding to the web page identifier in the second request is obtained from the stored web page information.
In another possible implementation manner, the processing module is further configured to determine that the second request requests to obtain the page information and the authorization information of the target web page after determining that the web page identifier and the domain name identifier are different after receiving the second request from the terminal.
In another possible implementation manner, the processing module is specifically configured to: transmitting authorization codes and account information of an information platform account to a second server corresponding to the application program; authorization information is received from a second server.
In a fourth aspect, an embodiment of the present application further provides an application authorization device, which is applied to a terminal, where an application is installed, and the device includes: the device comprises a processing module, a receiving module and a display module; the processing module comprises a sending module. The sending module is used for detecting access operation of a target webpage corresponding to an information platform account in an application program and sending a first request to a first server corresponding to the information platform account; the receiving module is used for receiving a first webpage address from the first server; the sending module is also used for sending an authorization request carrying the first webpage address to a second server corresponding to the application program; the receiving module is also used for receiving a second webpage address from a second server; the processing module is used for sending a second request to the first server by utilizing the second webpage address; the receiving module is also used for receiving the webpage information and the authorization information from the first server; and the display module is used for displaying the page of the target webpage in the authorized state by utilizing the webpage information and the authorization information.
The first request is used for requesting to acquire the target webpage, and the first request comprises webpage information of the target webpage. The first webpage address comprises a webpage identifier and account information of an information platform account, the webpage identifier corresponds to the webpage information of the target webpage, and the account information is used for determining whether the information platform account has permission to acquire authorization information of an application program. The second webpage address comprises a webpage identifier and an authorization code, wherein the authorization code is distributed under the condition that the information platform account has authority. The second request is used for requesting to acquire the webpage information of the target webpage by using the webpage identification and requesting to acquire the authorization information by using the authorization code.
In one possible implementation manner, the processing module is configured to store, after receiving the first web address from the first server, the domain name identifier in a data file stored on the terminal and corresponding to the first web address, using the web identifier in the first web address; the domain name identifier is a web page identifier; the processing module is specifically configured to access a second web address, and obtain a domain name identifier from a cookie file corresponding to the second web address; the sending module is specifically configured to send a second request to the first server, where the second request further includes a domain name identifier.
The web page information and the authorization information are output by the first server under the condition that the web page identifier and the domain name identifier in the second request are the same.
In another possible implementation manner, the second web address further includes a first identifier or a second identifier, where the first identifier is used to trigger the terminal to send a second request to the first server, and the second identifier is used to trigger the terminal to display an authorization confirmation page.
The processing module is specifically configured to send a second request to the first server if the second web address includes the first identifier; or if the second webpage address comprises the second identifier, displaying the authorization confirmation page by using the second webpage address; in the event that a validation authorization operation is detected on the authorization validation page, a second request is sent to the first server.
In another possible implementation, the first web address includes a first field, and the second web address includes the first field; the first field of the first web page address and the first field of the second web page address are used for carrying the web page identification.
In another possible implementation, the second web address further includes a second field; the second field of the second web address is used to carry an authorization code.
In a fifth aspect, an embodiment of the present application further provides a server, including: a processor and a memory for storing processor-executable instructions; wherein the processor is configured to execute instructions to cause the server to perform an application authorization method as in the first aspect and any possible implementation thereof; the server may be a first server.
In a sixth aspect, an embodiment of the present application further provides a terminal, including: a processor and a memory for storing processor-executable instructions; wherein the processor is configured to execute instructions to cause the terminal to perform an application authorization method as in the second aspect and any of its possible embodiments.
In a seventh aspect, embodiments of the present application further provide a computer readable storage medium having stored thereon computer instructions that, when run on a server, cause the server to perform an application authorization method as in the first aspect and any one of its possible implementations; wherein the server may be a first server.
In an eighth aspect, embodiments of the present application further provide a computer readable storage medium having stored thereon computer instructions which, when run on a terminal, cause the terminal to perform an application authorization method as in the second aspect and any one of its possible embodiments.
In a ninth aspect, embodiments of the present application also provide a computer program product comprising one or more instructions executable on a server to cause the server to perform an application authorization method as in the first aspect and any possible implementation thereof; wherein the server may be a first server.
In a tenth aspect, embodiments of the present application also provide a computer program product comprising one or more instructions executable on a terminal to cause the terminal to perform an application authorization method as in the second aspect and any of its possible embodiments.
It may be understood that, according to the solution provided by the embodiment of the present application, the first server receives a first request of the terminal, where the first request includes page information of the target web page. The first server generates a webpage identifier and correspondingly stores the webpage identifier and webpage information of the target webpage; and then returning a first webpage address comprising the webpage identification to the terminal. Because the length of the webpage identifier is smaller and the data structure of the webpage identifier is simple, the first webpage address can carry the complete webpage identifier, i.e. the first server can send the complete webpage identifier to the terminal. The first server receives the second request sent by the terminal. Because the length of the web page identifier is small and the data structure of the web page identifier is simple, the second request may include the complete web page identifier. Furthermore, the first server can obtain the webpage information of the target webpage corresponding to the complete webpage identifier in the second request from the stored webpage information, and the webpage information of the target webpage stored by the second server is complete, so that the first server can send the webpage information of the complete target webpage to the terminal. Meanwhile, the first server acquires authorization information according to the authorization code in the second request and sends the authorization information to the terminal. Therefore, the terminal can acquire the complete webpage information of the target webpage and the authorization information from the first server, and further can successfully generate the webpage of the target webpage in the authorization state by utilizing the authorization information and the complete webpage information of the target webpage.
Drawings
FIG. 1 is a schematic diagram of an implementation environment related to an application authorization method according to an embodiment of the present application;
Fig. 2 is a flowchart of an application authorization method applied to a terminal according to an embodiment of the present application;
FIG. 3 is a flowchart of an application authorization method applied to a first server according to an embodiment of the present application;
FIG. 4 is a flowchart of an application authorization method applied to an application authorization system according to an embodiment of the present application;
fig. 5 is a schematic page diagram of an account number of an information platform in an APP according to an embodiment of the present application;
fig. 6 is a schematic diagram of an APP authorization confirmation page according to an embodiment of the present application;
fig. 7 is a schematic page diagram of a target web page in an authorized state in an APP according to an embodiment of the present application;
Fig. 8 is a schematic structural diagram of an application authorization device applied to a first server according to an embodiment of the present application;
fig. 9 is a schematic structural diagram of an application authorization device applied to a terminal according to an embodiment of the present application;
fig. 10 is a schematic structural diagram of a server according to an embodiment of the present application;
Fig. 11 is a schematic structural diagram of a terminal according to an embodiment of the present application.
Detailed Description
The terms "first" and "second" are used below for descriptive purposes only and are not to be construed as indicating or implying relative importance or implicitly indicating the number of technical features indicated. Thus, a feature defining "a first" or "a second" may explicitly or implicitly include one or more such feature. For example, the first field and the second field are different fields.
The embodiment of the application provides an application program authorization method, and a detailed description will be given below of an implementation mode of the embodiment of the application with reference to the attached drawings.
Fig. 1 is a schematic diagram illustrating an implementation environment related to an application authorization method according to an embodiment of the present application. As shown in fig. 1, the implementation environment may include a plurality of servers 101 and terminals 102, and the plurality of servers 101 may include a first server 101-1, a second server 101-2, and the like.
Terminal 102 can install one APP or multiple APPs. One or more of the APPs includes a first APP that provides the relevant functions of the information platform account number to a developer or merchant in addition to certain functions provided to the user, for example, some instant messaging applications APP provide the relevant functions of the information platform account number to the developer or merchant in addition to communication functions, payment functions, etc. The first server 101-1 is used for providing data support for an account number of a certain information platform in the first APP, and the second server 101-2 is used for providing data support for the first APP.
When a user uses the first APP, the user account needs to be registered, and multiple functions in the APP are used under the condition of logging in the user account. Similarly, a developer or a merchant also registers an information platform account, and uses related functions of the information platform account in the first APP under the condition of logging in the information platform account, for example, a page of a target webpage of the information platform account is shown to a user accessing the information platform account.
The terminal in the embodiment of the application can be a mobile phone, a tablet personal computer and the like, and the specific form of the terminal is not particularly limited.
It should be noted that the number of terminals and servers in fig. 1 is merely illustrative. There may be any number of terminals and servers as practical.
In the embodiment of the application, the terminal provided with the first APP receives the operation of checking the target webpage of any information platform account number of the first APP by a user, and the client of the information platform account number sends an authorization request to the second server corresponding to the first APP. The authorization request comprises page information of the target webpage; the authorization request is for requesting acquisition of authorization information (e.g., user information) from the second server. Then, the second server generates a second web address (which may be referred to as an authorization response) in response to the authorization request, and transmits the second web address to the client of the information platform account number, in the case that the user agrees to the authorization. The second web page address includes page information of the target web page in the authorization request. The client of the information platform account number acquires authorization information of the user in the first APP by using the second webpage address; and generating and displaying the page of the target webpage under the authorization state by utilizing the authorization information and the page information of the target webpage in the second webpage address.
The authorization information may be user information, where the user information may include a user identification number (IDentity, ID) in the first APP, a user account number, a user avatar, a user nickname, a user gender, and the like.
The authorization request may include some fields for storing different information, such as a field for storing page information of the target web page.
For example, taking an information platform account number in an instant messaging application APP as an example of a public number, fields in an authorization request sent by a client of any public number in the APP may include appid, redirect _uri, response_ type, scope, state, and # WeChat _redirect. Wherein appid is used to carry an ID of a public number. redirect _ uri is used to carry a redirect-after-authorization callback link address that needs to be processed using urlEnocde. response_type is used to carry the return type for the authorization request. The scope is used for carrying a scope representing APP authorization, and the scope is mainly divided into silence authorization snsapi _base and non-silence authorization snsapi _ userinfo; the silence grant snsapi _base means that the user ID can be obtained without user confirmation; the non-silent grant snsapi _ userinfo refers to the need for user confirmation, and can obtain other authorization information such as user ID, user avatar, user nickname, user gender, etc. state may be used to carry page information for a target web page. # WeChat _redirect is used to carry the fields needed to directly open the authorization request or to make a page redirect.
Wherein snsapi _base is one example of a first identifier described in the following embodiments, and snsapi _ userinfo is one example of a second identifier described in the following embodiments.
Note that the names of the above fields (i.e., appid, redirect _uri, response_ type, scope, state, and # WeChat _redirect) may be other, and are not limited to the names of the above fields.
At present, since the terminal display page is stateless, that is, when one webpage page is displayed, the information of the other webpage page cannot be stored, therefore, the client of the information platform account cannot store the page information of the target webpage, the page information of the target webpage can only be carried in the authorization request and sent to the second server corresponding to the first APP, then the second server is received to return a second webpage address aiming at the authorization request, and the second webpage address can carry the page information of the target webpage identical to the authorization request. Therefore, the client of the information platform account can generate the page of the target webpage in the authorization state by utilizing the page information of the target webpage in the second webpage address.
However, since the maximum length of the data that can be carried by the field state for carrying the page information of the target web page is 128 bytes, and the field state cannot carry special characters and many variables, for relatively complex page information, the field state cannot carry the page information of the complete target web page. That is, the page information of the target webpage in the authorization request sent by the client of the information platform account to the second server is incomplete. Then, the page information of the target webpage obtained by the client of the information platform account from the second webpage address is incomplete, so that the page of the target webpage in the authorized state cannot be successfully generated.
In this regard, the embodiment of the present application provides an application authorization method, which can solve the above problems existing in the related art, and enable a terminal to obtain authorization information and page information of a complete target webpage, so as to successfully generate a page of the target webpage by using the authorization information and the page information of the complete target webpage.
It should be noted that, the following APP refers to the first APP, that is, an APP that may provide, in addition to some functions to a user, related functions of an information platform account number to a developer or a merchant.
Referring to fig. 2, a flowchart of an application authorization method provided in an embodiment of the present application is applied to a terminal installed with an APP, and the method may include S201-S207.
S201, a terminal detects access operation of a target webpage corresponding to an information platform account in an application program, and sends a first request to a first server corresponding to the information platform account; the first request is for requesting acquisition of a target web page, and the first request includes page information of the target web page.
Under the condition that the terminal runs the APP, if the access operation of the user to the target webpage corresponding to any one information platform account in the APP is detected, the terminal responds to the access operation and can judge whether the access operation is authorized by the APP or not and whether the authorization period of the access operation is over or not. If the access operation is authorized by the APP and the authorization period of the access operation is not exceeded, the terminal directly generates and displays the page of the target webpage in the authorization state. If the access operation is not authorized by the APP or the authorized period of the access operation exceeds the period, the terminal sends page information of the target webpage to a first server corresponding to the information platform account. After receiving the page information of the target webpage, the first server can generate a webpage identifier, and correspondingly store the page information of the target webpage and the webpage identifier; and generating a first webpage address carrying the webpage identifier, and sending the first webpage address to the terminal.
The page information of the target webpage may include: information related to the page of the target web page, information related to the uniform resource location system (uniform resource locator, URL) of the target web page, and the like. The URL may also be simply referred to as a web page address.
Wherein, the access operation is authorized by the APP, which means that the APP sends the authorization information (e.g., user information) to the access operation through the APP authorization.
S202, a terminal receives a first webpage address from a first server; the first webpage identifier comprises a webpage identifier and account information of an information platform account, the webpage identifier corresponds to the webpage information of the target webpage, and the account information is used for determining whether the information platform account has permission to acquire authorization information of an application program.
And the terminal receives a first webpage address URL carrying the webpage identification and account information of the information platform account from the first server. The web page identifier refers to a web page identifier in a corresponding relationship between the web page identifier stored in the first server and the web page information of the target web page.
In the embodiment of the present application, the first web address URL may include a first field; a web page identification (e.g., a web page ID) is carried in a first field of a first web page address URL.
For example, the first field may be the above-mentioned field state, and the first web address URL includes "state=web ID".
S203, the terminal sends an authorization request carrying the first webpage address to a second server corresponding to the APP.
The second server receives and responds to the authorization request, and can judge whether the information platform account has the authority of acquiring the authorization information of the application program by using the account information of the information platform account in the first webpage address. Then, the second server can acquire an authorization code under the condition that the account number of the information platform has the authority; and then modifying the first webpage address by using the authorization code to generate a second webpage address (for example, adding the authorization code to the first webpage address to generate the second webpage address), and sending the second webpage address to the terminal.
And secondly, the second server can generate first prompt information indicating that the information platform account does not have the authority under the condition that the information platform account does not have the authority, and send the first prompt information to the terminal.
Wherein the second web page address may be a redirect address. The redirect address includes a carrying authorization code. The redirection address is used for triggering the terminal to generate and display the webpage of the target webpage in the authorized state by using the redirection address.
Wherein the authorization request may be a hypertext transfer protocol (HyperText Transfer Protocol, HTTP) request.
S204, the terminal receives a second webpage address from a second server.
Wherein the second web page address comprises a web page identifier and an authorization code; the authorization code is assigned by the second server in the case that the information platform account has the above-mentioned rights.
In the embodiment of the application, the second webpage address can comprise an authorization code and a webpage identifier. The second web address may further include a first field and a second field; the web page identifier is carried in a first field (e.g., the field state) of the second web page address, and the authorization code is carried in a second field (e.g., the field code) of the second web page address.
It should be noted that, the second server responds to the authorization request carrying the first web address, acquires the authorization code, and modifies the first web address by using the authorization code to generate the second web address. Thus, the first web page address includes a web page identification, a first field, and a second field, and the second web page address also includes the web page identification, the first field, and the second field. The first field in the first webpage address carries a webpage identifier, and the first field in the second webpage address carries a webpage identifier.
Illustratively, the second server stores the authorization code in a second field in the first web address, generating the second web address. Wherein the second field in the first web address does not carry the authorization code, and the second field in the second web address carries the authorization code.
S205, the terminal sends a second request to the first server by using the second webpage address; the second request is used for requesting to acquire the webpage information of the target webpage by using the webpage identification and requesting to acquire the authorization information by using the authorization code.
The first server receives the second request, acquires the webpage information of the target webpage corresponding to the webpage identifier in the second request from the stored webpage information, and acquires the authorization information according to the authorization code in the second request. Then, the second server transmits the web page information of the target web page and the authorization information to the terminal.
In the embodiment of the application, the second webpage address can comprise an authorization code and a webpage identifier, and can also comprise a first identifier or a second identifier. The first identifier is used for triggering the terminal to send a second request to the first server, and the second identifier is used for triggering the terminal to display an authorization confirmation page.
It should be noted that the second server modifies the first web address by using the authorization code to generate the second web address. Thus, the first web address includes the first identifier, and the second web address also includes the first identifier; or the first web page address includes a second identifier, the second web page address also includes the second identifier.
In the embodiment of the present application, if the second web address includes the first identifier (e.g., silence grant snsapi _base), the terminal loads the second web address and sends the second request to the first server.
In the embodiment of the present application, if the second web address includes the second identifier (for example, the non-silent grant snsapi _ userinfo), the terminal loads the second web address and jumps to the grant confirmation page. And if the confirmation authorization operation of the user is detected on the authorization confirmation page, sending a second request to the first server.
Wherein the second request may include the first identifier or the second identifier in the second web address or specific information characterizing the first identifier or the second identifier in the second web address.
In the embodiment of the present application, when the second web address includes the first identifier, the authorization information may be a user ID. When the second web address includes the second identifier, the authorization information may be user detailed information. Wherein the user details include at least one of a user avatar, a user nickname, a user gender, and other authorization information.
S206, the terminal receives the page information and the authorization information from the first server.
S207, the terminal displays the page of the target webpage in the authorized state by using the page information and the authorization information.
The terminal generates a page of the target webpage in the authorized state by using the authorization information and the webpage information of the target webpage, and displays the page of the target webpage in the authorized state.
It can be understood that the terminal detects an access operation to a target webpage corresponding to an information platform account in the APP, and sends a first request to a first server corresponding to the information platform account, where the first request includes page information of the target webpage. That is, the terminal transmits the web page information of the target web page to the first server. Then, the terminal receives a first web page address from the first server, the first web page address including a web page identifier corresponding to web page information of the target web page, and then the terminal can be known to store the web page information of the target web page in the first server, and receive the first web page address including the web page identifier. Because the length of the webpage identifier is smaller and the data structure of the webpage identifier is simple, the first webpage address can carry the complete webpage identifier. And the terminal sends an authorization request comprising the first webpage address to a second server corresponding to the APP, and the first webpage address in the authorization request also carries a complete webpage identifier. The terminal then receives a second web address from the second server. Since the terminal sends the web page identifier to the second server, the web page identifier in the second web page address received by the terminal from the second server is also complete. Furthermore, the terminal can acquire the webpage information of the target webpage corresponding to the webpage identifier from the first server by utilizing the complete webpage identifier. Because the webpage information of the target webpage corresponding to the webpage identifier stored in the first server is complete, the terminal can acquire the webpage information of the complete target webpage from the first server by utilizing the complete webpage identifier. The terminal also acquires authorization information from the first server by using the authorization code in the second webpage address, namely, the terminal can acquire the webpage information of the complete target webpage and the authorization information from the first server. And the terminal can successfully generate the page of the target webpage under the authorization state by using the authorization information and the page information of the complete target webpage.
In the embodiment of the present application, after S203, the terminal stores the domain name identifier in a cookie (data stored on the terminal) file corresponding to the first web address by using the web identifier in the first web address; the domain name identifier is a web page identifier. After receiving the second webpage address, the terminal loads or accesses the second webpage address, and obtains the domain name identifier from the cookie file corresponding to the second webpage address; and then sending a second request to the first server, wherein the second request also comprises the domain name identifier.
Further, the web page information and the authorization information received by the terminal are output by the first server under the condition that the web page identifier and the domain name identifier in the second request are the same.
And adding the domain name identifier acquired from the cookie file corresponding to the second webpage address into the second request by the terminal. The cookie file corresponding to the first web address is a cookie file corresponding to the domain name of the first server.
It may be understood that if the other terminal obtains the first web address returned by the first server to the terminal through the illegal path, the other terminal may generate other second requests by using the web identifier in the first web address, and then send the other second requests to the first server to request to obtain the authorization information. After receiving the first web address sent by the first server, the terminal stores the web page identifier in the first web address in a local cookie file corresponding to the domain name of the first server, and then carries the domain name identifier in the local cookie file corresponding to the domain name of the first server in the second request, so that the domain name identifiers in the cookie files of different terminals can be known to be different. Then, the other terminal carries, in the other second request, a domain name identifier stored in a cookie file corresponding to the domain name of the first server and local to the other terminal, which is different from the domain name identifier stored in the cookie file corresponding to the domain name of the first server and local to the terminal, and is also different from the web page identifier in the first web page address. And the first server only returns the page information of the target webpage to the terminal under the condition that the webpage identifier and the domain name identifier in the second request are the same, and because the webpage identifiers and the domain name identifiers in other second requests sent by other terminals are different, the first server sends the page information and the authorization information of the target webpage to the other terminals, thereby avoiding the other terminals from illegally acquiring the page information and the authorization information of the target webpage of the terminal and improving the information security.
Referring to fig. 3, a flowchart of an application authorization method provided in an embodiment of the present application is applied to a first server, and the method may include S301-S306.
S301, a first server receives a first request from a terminal.
It should be noted that, the details of the first request in S301 are referred to the detailed description about the first request in S201, and the embodiments of the present application are not repeated here.
S302, a first server generates a webpage identifier of a target webpage and stores the webpage identifier, webpage information of the target webpage and a corresponding relation between the webpage identifier and the webpage information of the target webpage; the web page identification is web page information for identifying the target web page.
After receiving the page information of the target webpage, the first server can generate a webpage identifier, and correspondingly store the page information of the target webpage and the webpage identifier; and generating a first webpage address carrying the webpage identifier, and sending the first webpage address to the terminal.
S303, the first server sends the first webpage address to the terminal.
It should be noted that, the details of the first web address in S303 are referred to the detailed description about the first web address in S202, and the embodiments of the present application are not repeated here.
S304, the first server receives a second request from the terminal.
Wherein the second request includes a web page identifier and an authorization code, the authorization code being assigned if the information platform account has rights.
It should be noted that, the details of the second request in S304 are referred to the above description about the second request in S205, and the embodiments of the present application are not repeated here.
The second request further includes a domain name identifier of the terminal, where the domain name identifier is obtained by the terminal from a cookie file corresponding to the first web address. The first server may determine whether the web page identifier and the domain name identifier in the second request are the same. If the web page identifier and the domain name identifier are the same, the first server performs S305. If the webpage identifier is different from the domain name identifier, and the second request is illegal, the first server refuses to respond to the second request, and can also send first prompt information to the terminal. The first prompt indicates failure to acquire the web page information and the authorization information.
S305, the first server acquires the webpage information of the target webpage corresponding to the webpage identifier in the second request from the stored webpage information, and acquires the authorization information according to the authorization code in the second request.
In the embodiment of the application, the first server can send the authorization code and the account information of the information platform account to the second server corresponding to the APP; and receiving authorization information from the second server.
Where the second web address includes the first identifier (e.g., silence grant snsapi _base), the grant information may be the user ID. When the second web address is identified by a second identifier (e.g., non-silent grant snsapi _ userinfo), the grant information may be the user details described above.
For example, if it is determined that the second web address includes the first identifier, the first server sends a first information acquisition request carrying an authorization code and account information of the information platform account (e.g., an ID of the information platform account) to the second server. The second server transmits a user ID corresponding to the authorization code to the first server in response to the first information acquisition request. Wherein the first information acquisition request is for requesting acquisition of a user ID. Wherein the first server determines that the second web page address includes the first identifier when the second request includes the first identifier or specific information characterizing the first identifier in the second web page address.
If the second web address includes the second identifier, the first server sends a second information acquisition request carrying the authorization code and account information of the information platform account to the second server. The second server transmits an access token and the user ID to the first server in response to the second information acquisition request. The first server receives the access token and the user ID, and sends a third information acquisition request carrying the access token and the user ID to the second server. The second server transmits the user detailed information to the first server in response to the third information acquisition request. The second information acquisition request is used for triggering a second server to start a process of acquiring the detailed information of the user; the third information acquisition request is for requesting acquisition of user detailed information. Wherein the first server determines that the second web page address includes the second identifier when the second request includes the second identifier or specific information characterizing the second identifier in the second web page address.
S306, the first server sends the webpage information and the authorization information to the terminal.
It is understood that the first server receives a first request of the terminal, the first request including page information of the target web page. The first server generates a webpage identifier and correspondingly stores the webpage identifier and webpage information of the target webpage; and then returning a first webpage address comprising the webpage identification to the terminal. Because the length of the webpage identifier is smaller and the data structure of the webpage identifier is simple, the first webpage address can carry the complete webpage identifier, i.e. the first server can send the complete webpage identifier to the terminal. The first server receives the second request sent by the terminal. Because the length of the web page identifier is small and the data structure of the web page identifier is simple, the second request may include the complete web page identifier. Furthermore, the first server can obtain the webpage information of the target webpage corresponding to the complete webpage identifier in the second request from the stored webpage information, and the webpage information of the target webpage stored by the second server is complete, so that the first server can send the webpage information of the complete target webpage to the terminal. Meanwhile, the first server acquires authorization information according to the authorization code in the second request and sends the authorization information to the terminal. Therefore, the terminal can acquire the complete webpage information of the target webpage and the authorization information from the first server, and further can successfully generate the webpage of the target webpage in the authorization state by utilizing the authorization information and the complete webpage information of the target webpage.
Referring to fig. 4, a flowchart of an application authorization method according to an embodiment of the present application is applied to an application authorization system, where the application authorization system may include: the terminal is provided with the APP, a first server corresponding to the information platform account number and a second server corresponding to the APP. As shown in FIG. 4, the method may include S201, S301-S303, S202-S203, S401-S403, S204-S205, S304-S306, S206-S207.
S201, the terminal detects access operation of a target webpage corresponding to an information platform account in an application program, and sends a first request to a first server corresponding to the information platform account.
S301, a first server receives a first request from a terminal.
S302, a first server generates a webpage identifier of a target webpage and stores the webpage identifier, webpage information of the target webpage and a corresponding relation between the webpage identifier and the webpage information of the target webpage; the web page identification is web page information for identifying the target web page.
S303, the first server sends the first webpage address to the terminal.
S202, a terminal receives a first webpage address from a first server; the first webpage identifier comprises a webpage identifier and account information of an information platform account, the webpage identifier corresponds to the webpage information of the target webpage, and the account information is used for determining whether the information platform account has permission to acquire authorization information of an application program.
S203, the terminal sends an authorization request carrying the first webpage address to a second server corresponding to the APP.
S401, the second server receives an authorization request carrying the first webpage address from the terminal.
S402, the second server obtains the authorization code according to the account information of the information platform account in the first webpage address under the condition that the information platform account has the authority to obtain the authorization information of the application program, and generates a second webpage address comprising the webpage identifier and the authorization code.
It should be noted that, for details of S402, refer to the detailed description about the second server obtaining the authorization code in S203, which is not repeated herein in the embodiment of the present application.
S403, the second server sends a second webpage address to the terminal.
S204, the terminal receives a second webpage address from a second server.
S205, the terminal sends a second request to the first server by using the second webpage address; the second request is used for requesting to acquire the webpage information of the target webpage by using the webpage identification and requesting to acquire the authorization information by using the authorization code.
S304, the first server receives a second request from the terminal.
S305, the first server acquires the webpage information of the target webpage corresponding to the webpage identifier in the second request from the stored webpage information, and acquires the authorization information according to the authorization code in the second request.
S306, the first server sends the webpage information and the authorization information to the terminal.
S206, the terminal receives the page information and the authorization information from the first server.
S207, the terminal displays the page of the target webpage in the authorized state by using the page information and the authorization information.
It can be understood that the terminal detects an access operation to a target webpage corresponding to the information platform account number in the APP, and sends webpage information of the target webpage to the first server, that is, stores the webpage information of the target webpage in the first server. Then, the terminal receives a first web page address including a web page identification. The length of the webpage identifier is smaller, and the data structure of the webpage identifier is simple; thus, the first web page address may carry a complete web page identification. And the terminal sends an authorization request comprising the first webpage address to a second server corresponding to the APP, and the first webpage address in the authorization request also carries a complete webpage identifier. The terminal then receives a second web address from the second server. Since the terminal sends the web page identifier to the second server, the web page identifier in the second web page address received by the terminal from the second server is also complete. Furthermore, the terminal can acquire the webpage information of the complete target webpage corresponding to the webpage identifier from the first server by utilizing the complete webpage identifier. The terminal also acquires authorization information from the first server by using the authorization code in the second webpage address, namely, the terminal can acquire the webpage information of the complete target webpage and the authorization information from the first server.
Illustratively, as shown in fig. 5, a page diagram of an information platform account in an instant messaging application APP is shown, and a user opens a page of the information platform account a on a terminal, where the page includes "information of an item B" and "information of an item C". And the user can click the information of the article B on the page, and the terminal receives the access operation of the user to the target webpage corresponding to the information of the article B of the information platform account A in the APP.
Then, the terminal responds to the access operation and sends a first request to a first server corresponding to the information platform account A; receiving a first webpage address from a first server corresponding to an information platform account A; sending an authorization request carrying a first webpage address to a second server corresponding to the APP; a second web page address is received from a second server. And if the second webpage address comprises a second identifier, loading the second webpage address by the terminal, and jumping to the authorization confirmation page. As shown in fig. 6, the authorization confirmation page includes: an "authorize", "information platform account a applies", "get your nickname, avatar", "cancel" option and "allow" option. If the user clicks the "cancel" option, this indicates that the user does not agree with the authorization. If the user clicks the "permit" option, the user agrees to the authorization, and the terminal determines that the user's confirmation authorization operation is detected.
Then, when the terminal determines that the confirmation authorization operation of the user is detected, the terminal sends a second request to the first server. The first server responds to the second request, acquires user detailed information from the second server, and also acquires webpage information of the target webpage. The user details may include a user nickname and a user avatar. The first server transmits the user detailed information and the webpage information of the target webpage to the terminal. And the terminal generates and displays the page of the target webpage in the authorized state by utilizing the user detailed information and the webpage information of the target webpage. As shown in fig. 7, the terminal displays a page of the target web page in the authorized state, which includes the detail information of the item B.
It will be appreciated that the above method may be implemented by the terminal, the first server or an application authorization device in an application authorization system. In order to achieve the above functions, the terminal, the first server or the application program authorization system includes a hardware structure and/or a software module corresponding to each function. Those of skill in the art will readily appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as hardware or combinations of hardware and computer software. Whether a function is implemented as hardware or computer software driven hardware depends upon the particular application and design constraints imposed on the solution. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the embodiments of the present application.
The embodiment of the application can divide the function modules of the application authorization device and the like according to the method example, for example, each function module can be divided corresponding to each function, and two or more functions can be integrated in one processing module. The integrated modules may be implemented in hardware or in software functional modules. It should be noted that, in the embodiment of the present application, the division of the modules is schematic, which is merely a logic function division, and other division manners may be implemented in actual implementation.
Fig. 8 shows a schematic structural diagram of an application authorization apparatus according to the above embodiment in the case of dividing respective functional modules with respective functions, the apparatus 5 being applied to a first server, the apparatus 5 comprising: a receiving module 501, a processing module 502 and a transmitting module 503. Wherein, the receiving module 501 is configured to receive a first request from a terminal; the processing module 502 is configured to generate a web page identifier of the target web page, and store the web page identifier, web page information of the target web page, and a correspondence between the web page identifier and the web page information of the target web page; a sending module 503, configured to send a first web address to a terminal; the receiving module 501 is further configured to receive a second request from the terminal, where the second request includes a web page identifier and an authorization code; the processing module 502 is further configured to obtain, from the stored web page information, web page information of a target web page corresponding to the web page identifier in the second request, and obtain authorization information according to the authorization code; the sending module 503 is further configured to send the web page information and the authorization information to the terminal.
The first request is used for requesting to acquire a target webpage of the information platform account number, and the first request comprises webpage information of the target webpage. The web page identification is web page information for identifying the target web page. The first webpage address comprises a webpage identifier and account information of an information platform account, and the account information is used for determining whether the information platform account has permission to acquire authorization information of an application program. The authorization code is allocated in the case that the information platform account number has authority.
In one possible embodiment, the second request further includes a domain name identifier of the terminal, the domain name identifier being obtained by the terminal from a cookie file corresponding to the first web page address. The processing module 502 is further configured to determine that the web page identifier and the domain name identifier are the same after the second request from the terminal is received and before the web page information of the target web page corresponding to the web page identifier in the second request is obtained from the stored web page information.
In another possible implementation manner, the processing module 502 is further configured to determine that the second request requests to obtain the page information and the authorization information of the target web page after determining that the web page identifier and the domain name identifier are different after receiving the second request from the terminal.
In another possible implementation, the processing module 502 is specifically configured to: transmitting authorization codes and account information of an information platform account to a second server corresponding to the application program; authorization information is received from a second server.
Fig. 9 shows a schematic structural diagram of another application authorization device related to the above embodiment in the case of dividing respective functional modules with respective functions, the device 6 being applied to a terminal in which an APP is installed, the device 6 comprising: a processing module 601, a receiving module 602, and a display module 603; the processing module 601 includes a transmitting module 604. The sending module 604 is configured to detect an access operation of a target webpage corresponding to an information platform account in an application program, and send a first request to a first server corresponding to the information platform account; a receiving module 602, configured to receive a first web address from a first server; the sending module 604 is further configured to send an authorization request carrying the first web address to a second server corresponding to the application program; the receiving module 602 is further configured to receive a second web address from a second server; a processing module 601, configured to send a second request to the first server using the second web address; the receiving module 602 is further configured to receive web page information and authorization information from the first server; the display module 603 is configured to display a page of the target webpage in the authorized state by using the webpage information and the authorization information.
The first request is used for requesting to acquire the target webpage, and the first request comprises webpage information of the target webpage. The first webpage address comprises a webpage identifier and account information of an information platform account, the webpage identifier corresponds to the webpage information of the target webpage, and the account information is used for determining whether the information platform account has permission to acquire authorization information of an application program. The second webpage address comprises a webpage identifier and an authorization code, wherein the authorization code is distributed under the condition that the information platform account has authority. The second request is used for requesting to acquire the webpage information of the target webpage by using the webpage identification and requesting to acquire the authorization information by using the authorization code.
In a possible implementation manner, the processing module 601 is configured to store, after receiving the first web address from the first server, the domain name identifier in the data file stored on the terminal and corresponding to the first web address, using the web identifier in the first web address; the domain name identifier is a web page identifier; the processing module 601 is specifically configured to access a second web address, and obtain a domain name identifier from a cookie file corresponding to the second web address; the sending module 604 is specifically configured to send a second request to the first server, where the second request further includes a domain name identifier.
The web page information and the authorization information are output by the first server under the condition that the web page identifier and the domain name identifier in the second request are the same.
In another possible implementation manner, the second web address further includes a first identifier or a second identifier, where the first identifier is used to trigger the terminal to send a second request to the first server, and the second identifier is used to trigger the terminal to display an authorization confirmation page.
The processing module 601 is specifically configured to send a second request to the first server if the second web address includes the first identifier; or if the second webpage address comprises the second identifier, displaying the authorization confirmation page by using the second webpage address; in the event that a validation authorization operation is detected on the authorization validation page, a second request is sent to the first server.
In another possible implementation, the first web address includes a first field, and the second web address includes the first field; the first field of the first web page address and the first field of the second web page address are used for carrying the web page identification.
In another possible implementation, the second web address further includes a second field; the second field of the second web address is used to carry an authorization code.
In case of using an integrated unit, fig. 10 shows a possible structural schematic diagram of the server involved in the above-described embodiment. The server 7 may include: a processor 701 and a memory 702 for storing the processor executable instructions. Wherein the processor 701 is configured to execute the instructions such that the server 7 performs an application authorization method as performed by the first server described above. The server 7 may be the first server described above.
Processor 701 may include, among other things, one or more processing cores, such as a 4-core processor, an 8-core processor, etc. The processor 701 may include an application processor (application processor, AP), a modem processor, a controller, a memory, a video codec, a digital signal processor (DIGITAL SIGNAL processor, DSP), a baseband processor, and/or a neural-Network Processor (NPU), etc. Wherein the different processing units may be separate devices or may be integrated in one or more processors.
Memory 702 may include one or more computer-readable storage media, which may be non-transitory. The memory 702 may also include high-speed random access memory, as well as non-volatile memory, such as one or more magnetic disk storage devices, flash memory storage devices. In some embodiments, a non-transitory computer readable storage medium in memory 702 is used to store at least one instruction for execution by processor 701 to implement an application authorization method as executed by the first server described above.
In case of using an integrated unit, fig. 11 shows a possible structural schematic of the terminal involved in the above-described embodiment. The terminal 8 may include: a processor 801 and a memory 802 for storing the processor-executable instructions; wherein the processor 801 is configured to execute the instructions such that the terminal 8 performs an application authorization method as performed by the terminal described above.
Processor 801 may include one or more processing cores, such as a 4-core processor, an 8-core processor, etc., among others. The processor 801 may include an AP, a modem processor, a controller, memory, video codec, DSP, baseband processor, and/or NPU, etc. Wherein the different processing units may be separate devices or may be integrated in one or more processors.
Memory 802 may include one or more computer-readable storage media, which may be non-transitory. Memory 802 may also include high-speed random access memory, as well as non-volatile memory, such as one or more magnetic disk storage devices, flash memory storage devices. In some embodiments, a non-transitory computer readable storage medium in memory 802 is used to store at least one instruction for execution by processor 801 to implement an application authorization method as executed by the terminal described above.
Embodiments of the present application also provide a computer-readable storage medium including computer instructions which, when run on the above-described terminal or the above-described first server, cause the terminal or the above-described first server to perform the functions or steps of the above-described method embodiments. For example, the computer readable storage medium may be Read-Only Memory (ROM), random-access Memory (Random Access Memory, RAM), compact disc Read-Only Memory (CD-ROM), magnetic tape, floppy disk, optical data storage device, and the like.
The embodiment of the application also provides a computer program product, which when run on the terminal or the first server, causes the terminal or the first server to perform the functions or steps of the method embodiment.
It will be apparent to those skilled in the art from this description that, for convenience and brevity of description, only the above-described division of the functional modules is illustrated, and in practical application, the above-described functional allocation may be performed by different functional modules according to needs, i.e. the internal structure of the apparatus is divided into different functional modules to perform all or part of the functions described above.
In the several embodiments provided by the present application, it should be understood that the disclosed apparatus and method may be implemented in other manners. For example, the apparatus embodiments described above are merely illustrative, e.g., the division of modules or units is merely a logical function division, and there may be additional divisions when actually implemented, e.g., multiple units or components may be combined or integrated into another apparatus, or some features may be omitted or not performed. Alternatively, the coupling or direct coupling or communication connection shown or discussed with each other may be an indirect coupling or communication connection via some interfaces, devices or units, which may be in electrical, mechanical or other form.
The units described as separate parts may or may not be physically separate, and the parts shown as units may be one physical unit or a plurality of physical units, may be located in one place, or may be distributed in a plurality of different places. Some or all of the units may be selected according to actual needs to achieve the purpose of the solution of this embodiment.
In addition, each functional unit in the embodiments of the present application may be integrated in one processing unit, or each unit may exist alone physically, or two or more units may be integrated in one unit. The integrated units may be implemented in hardware or in software functional units.
The integrated units, if implemented in the form of software functional units and sold or used as stand-alone products, may be stored in a readable storage medium. Based on such understanding, the technical solution of the embodiments of the present application may be essentially or a part contributing to the prior art or all or part of the technical solution may be embodied in the form of a software product stored in a storage medium, including several instructions for causing a device (may be a single-chip microcomputer, a chip or the like) or a processor (processor) to perform all or part of the steps of the method described in the embodiments of the present application. And the aforementioned storage medium includes: a usb disk, a removable hard disk, a ROM, a RAM, a magnetic disk, or an optical disk, etc.
The foregoing is merely illustrative of specific embodiments of the present application, but the scope of the present application is not limited thereto, and any changes or substitutions within the technical scope of the present application should be covered by the scope of the present application. Therefore, the protection scope of the present application shall be subject to the protection scope of the claims.
Claims (22)
1. An application authorization method, applied to a first server, comprising:
receiving a first request from a terminal, wherein the first request is used for requesting to acquire a target webpage of an information platform account, and the first request comprises webpage information of the target webpage;
Generating a webpage identifier of the target webpage, and storing the webpage identifier, webpage information of the target webpage and a corresponding relation between the webpage identifier and the webpage information of the target webpage; the webpage identifier is used for identifying webpage information of the target webpage;
sending a first webpage address to the terminal; the first webpage address comprises the webpage identifier and account information of the information platform account, and the account information is used for determining whether the information platform account has permission to acquire authorization information of the application program;
Receiving a second request from the terminal, wherein the second request comprises the webpage identifier and an authorization code, and the authorization code is distributed under the condition that the information platform account has the authority;
acquiring the webpage information of the target webpage corresponding to the webpage identifier in the second request from the stored webpage information, and acquiring the authorization information according to the authorization code;
and sending the webpage information and the authorization information to the terminal.
2. The method of claim 1, wherein the second request further includes a domain name identification of the terminal, the domain name identification being obtained by the terminal from a data file stored on the terminal corresponding to the first web page address;
wherein after the receiving the second request from the terminal, before acquiring the webpage information of the target webpage corresponding to the webpage identifier in the second request from the stored webpage information, the method further includes:
And determining that the webpage identifier is the same as the domain name identifier.
3. The method of claim 2, wherein after the receiving the second request from the terminal, the method further comprises:
And if the webpage identifier is different from the domain name identifier, refusing to respond to the second request.
4. A method according to any of claims 1-3, wherein said obtaining said authorization information from said authorization code comprises:
transmitting the authorization code and account information of the information platform account to a second server corresponding to the application program;
The authorization information from the second server is received.
5. An application authorization method, applied to a terminal, in which an application is installed, comprising:
Detecting access operation to a target webpage corresponding to an information platform account in the application program, and sending a first request to a first server corresponding to the information platform account; the first request is used for requesting to acquire the target webpage, and the first request comprises webpage information of the target webpage;
Receiving a first webpage address from the first server; the first webpage address comprises a webpage identifier and account information of the information platform account, the webpage identifier corresponds to the webpage information of the target webpage, and the account information is used for determining whether the information platform account has permission to acquire authorization information of the application program;
sending an authorization request carrying the first webpage address to a second server corresponding to the application program;
receiving a second webpage address from the second server, wherein the second webpage address comprises the webpage identifier and an authorization code, and the authorization code is distributed under the condition that the information platform account number has the authority;
transmitting a second request to the first server by using the second webpage address; the second request is used for requesting to acquire the webpage information of the target webpage by utilizing the webpage identification and requesting to acquire the authorization information by utilizing the authorization code;
receiving the web page information and the authorization information from the first server;
and displaying the page of the target webpage in the authorized state by utilizing the webpage information and the authorization information.
6. The method of claim 5, wherein after said receiving the first web address from the first server, the method further comprises:
Storing a domain name identifier in a data file stored on the terminal corresponding to the first webpage address by utilizing the webpage identifier in the first webpage address; the domain name identifier is the web page identifier;
wherein the sending, by using the second web address, a second request to the first server includes:
Accessing the second webpage address, and acquiring the domain name identifier from a data file stored on the terminal and corresponding to the second webpage address;
sending the second request to the first server, wherein the second request further comprises the domain name identifier;
wherein the web page information and the authorization information are output by the first server when the web page identifier and the domain name identifier in the second request are the same.
7. The method according to claim 5 or 6, wherein the second web address further comprises a first identifier or a second identifier, the first identifier being used for triggering the terminal to send the second request to the first server, the second identifier being used for triggering the terminal to display an authorization confirmation page;
Wherein said sending said second request to said first server comprises:
if the second webpage address comprises the first identifier, sending the second request to the first server;
Or if the second webpage address comprises the second identifier, displaying the authorization confirmation page by using the second webpage address; and sending the second request to the first server in the condition that the authorization confirming operation is detected on the authorization confirming page.
8. The method of claim 5 or 6, wherein the first web address comprises a first field and the second web address comprises the first field; the first field of the first webpage address and the first field of the second webpage address are used for carrying the webpage identifier.
9. The method of claim 5 or 6, wherein the second web page address further comprises a second field; the second field of the second web address is used to carry the authorization code.
10. An application authorization apparatus for application to a first server, the apparatus comprising: the device comprises a receiving module, a processing module and a sending module;
The receiving module is used for receiving a first request from the terminal; the first request is used for requesting to acquire a target webpage of an information platform account, and the first request comprises webpage information of the target webpage;
the processing module is used for generating a webpage identifier of the target webpage and storing the webpage identifier, webpage information of the target webpage and a corresponding relation between the webpage identifier and the webpage information of the target webpage; the webpage identifier is used for identifying webpage information of the target webpage;
The sending module is used for sending a first webpage address to the terminal; the first webpage address comprises the webpage identifier and account information of the information platform account, and the account information is used for determining whether the information platform account has permission to acquire authorization information of the application program;
The receiving module is further configured to receive a second request from the terminal, where the second request includes the web page identifier and an authorization code, and the authorization code is allocated when the information platform account has the authority;
The processing module is further configured to obtain, from the stored web page information, web page information of the target web page corresponding to the web page identifier in the second request, and obtain the authorization information according to the authorization code;
the sending module is further configured to send the webpage information and the authorization information to the terminal.
11. The apparatus of claim 10, wherein the second request further comprises a domain name identification of the terminal, the domain name identification being obtained by the terminal from a data file stored on the terminal corresponding to the first web page address;
The processing module is further configured to determine, after the second request from the terminal is received, that the web page identifier and the domain name identifier are the same before obtaining, from the stored web page information, the web page information of the target web page corresponding to the web page identifier in the second request.
12. The apparatus of claim 11, wherein the processing module is further configured to, after the receiving the second request from the terminal, determine that the web page identity and the domain name identity are different, and reject responding to the second request.
13. The apparatus according to any one of claims 10-12, wherein the processing module is specifically configured to:
transmitting the authorization code and account information of the information platform account to a second server corresponding to the application program;
The authorization information from the second server is received.
14. An application authorization apparatus, applied to a terminal, in which an application is installed, comprising: the device comprises a processing module, a receiving module and a display module, wherein the processing module comprises a sending module;
The sending module is used for detecting access operation to a target webpage corresponding to an information platform account in the application program and sending a first request to a first server corresponding to the information platform account; the first request is used for requesting to acquire the target webpage, and the first request comprises webpage information of the target webpage;
The receiving module is used for receiving a first webpage address from the first server; the first webpage address comprises a webpage identifier and account information of the information platform account, the webpage identifier corresponds to the webpage information of the target webpage, and the account information is used for determining whether the information platform account has permission to acquire authorization information of the application program;
The sending module is further configured to send an authorization request carrying the first web address to a second server corresponding to the application program;
The receiving module is further configured to receive a second web address from the second server, where the second web address includes the web identifier and an authorization code, and the authorization code is allocated when the information platform account has the authority;
The processing module is used for sending a second request to the first server by utilizing the second webpage address; the second request is used for requesting to acquire the webpage information of the target webpage by utilizing the webpage identification and requesting to acquire the authorization information by utilizing the authorization code;
the receiving module is further used for receiving the webpage information and the authorization information from the first server;
The display module is used for displaying the page of the target webpage in the authorized state by utilizing the webpage information and the authorization information.
15. The apparatus of claim 14, wherein the processing module is configured to store, after the receiving the first web address from the first server, a domain name identifier in a data file stored on the terminal corresponding to the first web address using the web identifier in the first web address; the domain name identifier is the web page identifier;
The processing module is specifically configured to access the second web address, and obtain the domain name identifier from a data file stored on the terminal and corresponding to the second web address;
The sending module is specifically configured to send the second request to the first server, where the second request further includes the domain name identifier;
wherein the web page information and the authorization information are output by the first server when the web page identifier and the domain name identifier in the second request are the same.
16. The apparatus according to claim 14 or 15, wherein the second web address further comprises a first identifier or a second identifier, the first identifier being used to trigger the terminal to send the second request to the first server, the second identifier being used to trigger the terminal to display an authorization confirmation page;
the processing module is specifically configured to:
if the second webpage address comprises the first identifier, sending the second request to the first server;
Or if the second webpage address comprises the second identifier, displaying the authorization confirmation page by using the second webpage address; and sending the second request to the first server in the condition that the authorization confirming operation is detected on the authorization confirming page.
17. The apparatus of claim 14 or 15, wherein the first web address comprises a first field and the second web address comprises the first field; the first field of the first webpage address and the first field of the second webpage address are used for carrying the webpage identifier.
18. The apparatus of claim 14 or 15, wherein the second web page address further comprises a second field; the second field of the second web address is used to carry the authorization code.
19. A server, the server comprising: a processor and a memory for storing instructions executable by the processor;
Wherein the processor is configured to execute the instructions such that the server performs the application authorization method of any one of claims 1-4.
20. A terminal, the terminal comprising: a processor and a memory for storing instructions executable by the processor;
Wherein the processor is configured to execute the instructions to cause the terminal to perform the application authorization method of any one of claims 5-9.
21. A computer-readable storage medium having stored thereon computer instructions; wherein the computer instructions, when run on a server, cause the server to perform the application authorization method of any one of claims 1-4;
or which when run on a terminal causes the terminal to perform the application authorization method according to any of claims 5-9.
22. A computer program product, the computer program product comprising one or more instructions; wherein the one or more instructions are executable on a server to cause the server to perform the application authorization method of any one of claims 1-4; or the one or more instructions are executable on a terminal to cause the terminal to perform the application authorization method of any one of claims 5-9; the server is a first server.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202011435612.5A CN112507254B (en) | 2020-12-10 | 2020-12-10 | Application program authorization method and device |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202011435612.5A CN112507254B (en) | 2020-12-10 | 2020-12-10 | Application program authorization method and device |
Publications (2)
Publication Number | Publication Date |
---|---|
CN112507254A CN112507254A (en) | 2021-03-16 |
CN112507254B true CN112507254B (en) | 2024-06-11 |
Family
ID=74971890
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202011435612.5A Active CN112507254B (en) | 2020-12-10 | 2020-12-10 | Application program authorization method and device |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN112507254B (en) |
Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104079611A (en) * | 2013-03-29 | 2014-10-01 | 腾讯科技(深圳)有限公司 | Method for preventing cross-site request forgery, related device and system |
CN104754030A (en) * | 2015-02-12 | 2015-07-01 | 腾讯科技(深圳)有限公司 | User information obtaining method and device |
CN105574170A (en) * | 2015-12-16 | 2016-05-11 | 深圳市金立通信设备有限公司 | Web page link opening method and terminal |
CN105718517A (en) * | 2016-01-14 | 2016-06-29 | 浪潮通用软件有限公司 | Webpage display control method and system, and application server |
CN107147647A (en) * | 2017-05-11 | 2017-09-08 | 腾讯科技(深圳)有限公司 | A kind of webpage authorization method and device |
CN108076042A (en) * | 2017-11-02 | 2018-05-25 | 深圳市金立通信设备有限公司 | User information acquiring method, server and computer-readable medium |
CN108733991A (en) * | 2017-04-19 | 2018-11-02 | 腾讯科技(深圳)有限公司 | Web application access method and device, storage medium |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20170277703A1 (en) * | 2016-03-22 | 2017-09-28 | Le Holdings (Beijing) Co., Ltd. | Method for Displaying Webpage and Server |
-
2020
- 2020-12-10 CN CN202011435612.5A patent/CN112507254B/en active Active
Patent Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104079611A (en) * | 2013-03-29 | 2014-10-01 | 腾讯科技(深圳)有限公司 | Method for preventing cross-site request forgery, related device and system |
CN104754030A (en) * | 2015-02-12 | 2015-07-01 | 腾讯科技(深圳)有限公司 | User information obtaining method and device |
CN105574170A (en) * | 2015-12-16 | 2016-05-11 | 深圳市金立通信设备有限公司 | Web page link opening method and terminal |
CN105718517A (en) * | 2016-01-14 | 2016-06-29 | 浪潮通用软件有限公司 | Webpage display control method and system, and application server |
CN108733991A (en) * | 2017-04-19 | 2018-11-02 | 腾讯科技(深圳)有限公司 | Web application access method and device, storage medium |
CN107147647A (en) * | 2017-05-11 | 2017-09-08 | 腾讯科技(深圳)有限公司 | A kind of webpage authorization method and device |
CN108076042A (en) * | 2017-11-02 | 2018-05-25 | 深圳市金立通信设备有限公司 | User information acquiring method, server and computer-readable medium |
Also Published As
Publication number | Publication date |
---|---|
CN112507254A (en) | 2021-03-16 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN109492378B (en) | Identity verification method based on equipment identification code, server and medium | |
CN109743315B (en) | Behavior identification method, behavior identification device, behavior identification equipment and readable storage medium for website | |
CN108234505B (en) | Account login method and system | |
CN104580406B (en) | A kind of method and apparatus of synchronous logging state | |
CN111478910B (en) | User identity authentication method and device, electronic equipment and storage medium | |
CN105591743B (en) | Method and device for identity authentication through equipment operation characteristics of user terminal | |
CN106779716B (en) | Authentication method, device and system based on block chain account address | |
US20140380469A1 (en) | Method and device for detecting software-tampering | |
CN104424423B (en) | The permission of application program determines method and apparatus | |
JP2016521932A (en) | Terminal identification method, and method, system, and apparatus for registering machine identification code | |
CN109802919B (en) | Web page access intercepting method and device | |
WO2015109668A1 (en) | Application program management method, device, terminal, and computer storage medium | |
CN109474600B (en) | Account binding method, system, device and equipment | |
CN107451488B (en) | Method and device for providing personal information and mobile terminal | |
EP3008876B1 (en) | Roaming internet-accessible application state across trusted and untrusted platforms | |
US9628939B2 (en) | Data calling method and device | |
CN111031111B (en) | Page static resource access method, device and system | |
CN109118291B (en) | User authentication method and device in advertisement task popularization and computer equipment | |
CN110489957B (en) | Management method of access request and computer storage medium | |
CN112637167A (en) | System login method and device, computer equipment and storage medium | |
CN106357684B (en) | Game application program login method and device | |
CN110581835A (en) | Vulnerability detection method and device and terminal equipment | |
CN111259368A (en) | Method and equipment for logging in system | |
CN112507254B (en) | Application program authorization method and device | |
CN105141586B (en) | A kind of method and system verified to user |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |