[go: up one dir, main page]

CN116582298A - A cross-domain login method, server and readable storage medium - Google Patents

A cross-domain login method, server and readable storage medium Download PDF

Info

Publication number
CN116582298A
CN116582298A CN202310380294.4A CN202310380294A CN116582298A CN 116582298 A CN116582298 A CN 116582298A CN 202310380294 A CN202310380294 A CN 202310380294A CN 116582298 A CN116582298 A CN 116582298A
Authority
CN
China
Prior art keywords
domain name
name service
login
user
device identifier
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202310380294.4A
Other languages
Chinese (zh)
Inventor
张建禹
冯时
黄诗强
沈鹏
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Shuidi Technology Group Co ltd
Original Assignee
Beijing Shuidi Technology Group Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Shuidi Technology Group Co ltd filed Critical Beijing Shuidi Technology Group Co ltd
Priority to CN202310380294.4A priority Critical patent/CN116582298A/en
Publication of CN116582298A publication Critical patent/CN116582298A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0815Network architectures or network communication protocols for network security for authentication of entities providing single-sign-on or federations
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/45Network directories; Name-to-address mapping
    • H04L61/4505Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols
    • H04L61/4511Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols using domain name system [DNS]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0807Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/321Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
    • H04L9/3213Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority using tickets or tokens, e.g. Kerberos

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Power Engineering (AREA)
  • Information Transfer Between Computers (AREA)

Abstract

本申请提供了一种跨域登录方法、服务器和可读存储介质,涉及通信技术领域。该方法包括:获取来自第一域名服务对第二域名服务的跳转请求,第一域名服务为用户已登录;响应于跳转请求,根据登录令牌和第一域名服务对应的第一设备标识,生成凭证信息,登录令牌为用户在登录第一域名服务时所生成;将凭证信息发送至第一域名服务,以供第一域名服务在跳转至第二域名服务时将凭证信息发送至第二域名服务;获取来自第二域名服务的凭证信息,解析凭证信息得到第一设备标识,并将第一设备标识与第二域名服务对应的第二设备标识进行比对;若二者一致,则将登录令牌和用户的用户身份信息发送至第二域名服务,以实现用户对第二域名服务的登录。

The application provides a cross-domain login method, a server and a readable storage medium, which relate to the technical field of communication. The method includes: obtaining a jump request from the first domain name service to the second domain name service, the first domain name service being that the user has logged in; in response to the jump request, according to the login token and the first device identifier corresponding to the first domain name service , to generate credential information, the login token is generated when the user logs in to the first domain name service; the credential information is sent to the first domain name service, so that the first domain name service can send the credential information to the second domain name service when jumping to the second domain name service The second domain name service; obtain the credential information from the second domain name service, parse the credential information to obtain the first device identifier, and compare the first device identifier with the second device identifier corresponding to the second domain name service; if the two are consistent, Then send the login token and the user identity information of the user to the second domain name service, so as to realize the login of the user to the second domain name service.

Description

一种跨域登录方法、服务器和可读存储介质A cross-domain login method, server and readable storage medium

技术领域technical field

本申请涉及通信技术领域,尤其是涉及到一种跨域登录方法、服务器和可读存储介质。The present application relates to the technical field of communications, and in particular to a cross-domain login method, server and readable storage medium.

背景技术Background technique

目前,用户在访问不同的域名服务时,因为浏览器的同源限制,不同域名服务无法跨域设置cookie信息,导致不同域名服务需要多次登录操作。Currently, when users access different domain name services, different domain name services cannot set cookie information across domains due to the same-origin restriction of browsers, resulting in multiple login operations for different domain name services.

为解决该问题,相关技术中,当域名A服务跳转至与其不同域名的域名B服务时,通过URL(Uniform Resource Locator,统一资源定位系统)携带查询参数的方式,将登录令牌或者用户信息等通过查询参数携带至服务端验证,验证有效后返用户信息,域名B服务获取用户身份,实现登录。In order to solve this problem, in related technologies, when the service of domain name A jumps to the service of domain name B with a different domain name, the login token or user information is sent to After the query parameters are carried to the server for verification, the user information is returned after the verification is valid, and the domain name B service obtains the user identity and realizes login.

但是,该方式中登录令牌被携带后相当于明文暴露,当用户转发链接或被爬虫访问链接时,登录令牌容易泄露破解,存在极大的安全风险。However, in this method, when the login token is carried, it is equivalent to the exposure of plaintext. When the user forwards the link or is accessed by a crawler, the login token is easy to leak and crack, and there is a great security risk.

发明内容Contents of the invention

有鉴于此,本申请提供了一种跨域登录方法、服务器和可读存储介质,解决了相关技术中跨域登录的安全性较低的问题。In view of this, the present application provides a cross-domain login method, server and readable storage medium, which solves the problem of low security of cross-domain login in the related art.

第一方面,本申请实施例提供了一种跨域登录方法,应用于服务器,该方法包括:In the first aspect, the embodiment of the present application provides a method for cross-domain login, which is applied to a server, and the method includes:

获取来自第一域名服务对第二域名服务的跳转请求,其中,第一域名服务为用户已登录;Obtain a redirection request from the first domain name service to the second domain name service, where the first domain name service indicates that the user has logged in;

响应于跳转请求,根据登录令牌和第一域名服务对应的第一设备标识,生成凭证信息,其中,登录令牌为用户在登录第一域名服务时所生成;In response to the jump request, generate credential information according to the login token and the first device identifier corresponding to the first domain name service, wherein the login token is generated when the user logs in to the first domain name service;

将凭证信息发送至第一域名服务,以供第一域名服务在跳转至第二域名服务时将凭证信息发送至第二域名服务;Send the credential information to the first domain name service, so that the first domain name service can send the credential information to the second domain name service when jumping to the second domain name service;

获取来自第二域名服务的凭证信息,解析凭证信息得到第一设备标识,并将第一设备标识与第二域名服务对应的第二设备标识进行比对;Acquiring credential information from the second domain name service, parsing the credential information to obtain the first device identifier, and comparing the first device identifier with the second device identifier corresponding to the second domain name service;

若第一设备标识与第二设备标识一致,则将登录令牌和用户的用户身份信息发送至第二域名服务,以实现用户对第二域名服务的登录。If the first device identifier is consistent with the second device identifier, the login token and the user identity information of the user are sent to the second domain name service, so as to realize the user's login to the second domain name service.

根据本申请实施例的上述方法,还可以具有以下附加技术特征:According to the above method of the embodiment of the present application, it may also have the following additional technical features:

在上述技术方案中,可选地,在获取来自第一域名服务对第二域名服务的跳转请求之前,还包括:获取来自第一域名服务的登录请求,登录请求携带有用户的用户身份信息;响应于登录请求,根据用户身份信息生成登录令牌;将登录令牌发送至第一域名服务,以实现用户对第一域名服务的登录。In the above technical solution, optionally, before obtaining the jump request from the first domain name service to the second domain name service, it also includes: obtaining a login request from the first domain name service, the login request carrying the user identity information of the user ; In response to the login request, generate a login token according to the user identity information; send the login token to the first domain name service, so as to realize the user's login to the first domain name service.

在上述任一技术方案中,可选地,解析凭证信息得到第一设备标识,包括:根据用户身份信息和第一域名服务的业务类型对凭证信息进行解析,得到第一设备标识。In any of the above technical solutions, optionally, parsing the credential information to obtain the first device identifier includes: parsing the credential information according to the user identity information and the business type of the first domain name service to obtain the first device identifier.

在上述任一技术方案中,可选地,该方法还包括:确定第一域名服务的业务类型和/或确定第二域名服务的业务类型。In any of the above technical solutions, optionally, the method further includes: determining the business type of the first domain name service and/or determining the business type of the second domain name service.

在上述任一技术方案中,可选地,该方法还包括:通过预设接口,获取第一域名服务对应的第一设备标识和第二域名服务对应的第二设备标识。In any of the above technical solutions, optionally, the method further includes: obtaining the first device identifier corresponding to the first domain name service and the second device identifier corresponding to the second domain name service through a preset interface.

在上述任一技术方案中,可选地,服务器包括中台模块和处理模块;其中,中台模块用于获取跳转请求,以及响应于跳转请求,将登录令牌和第一域名服务对应的第一设备标识发送至处理模块;处理模块用于根据登录令牌和第一设备标识生成凭证信息;中台模块还用于将凭证信息发送至第一域名服务,以及获取来自第二域名服务的凭证信息,并将凭证信息和第二域名服务的第二设备标识发送至处理模块;处理模块还用于解析凭证信息得到第一设备标识,并将第一设备标识与第二域名服务对应的第二设备标识进行比对,若第一设备标识与第二设备标识一致,则将登录令牌和用户的用户身份信息发送至中台模块;中台模块还用于将登录令牌和用户的用户身份信息发送至第二域名服务,以实现用户对第二域名服务的登录。In any of the above technical solutions, optionally, the server includes a middle station module and a processing module; wherein the middle station module is used to obtain a jump request, and in response to the jump request, associate the login token with the first domain name service The first device identifier of the device is sent to the processing module; the processing module is used to generate credential information according to the login token and the first device identifier; the middle station module is also used to send the credential information to the first domain name service, and obtain the credential information, and send the credential information and the second device identifier of the second domain name service to the processing module; the processing module is also used to parse the credential information to obtain the first device identifier, and the The second device ID is compared, and if the first device ID is consistent with the second device ID, the login token and the user's user identity information are sent to the middle station module; the middle station module is also used to send the login token and the user's The user identity information is sent to the second domain name service to realize the user's login to the second domain name service.

在上述任一技术方案中,可选地,中台模块还用于获取来自第一域名服务的登录请求,登录请求携带有用户的用户身份信息,以及响应于登录请求,将用户身份信息发送至处理模块;处理模块还用于根据用户身份信息生成登录令牌;中台模块还用于将登录令牌发送至第一域名服务,以实现用户对第一域名服务的登录。In any of the above technical solutions, optionally, the middle station module is further configured to obtain a login request from the first domain name service, the login request carries the user identity information of the user, and in response to the login request, sends the user identity information to A processing module; the processing module is also used to generate a login token according to the user identity information; the middle station module is also used to send the login token to the first domain name service, so as to realize the user's login to the first domain name service.

在上述任一技术方案中,可选地,第一设备标识和/或第二设备标识根据设备信息所生成,设备信息包括以下至少一项:客户端名称、客户端型号、客户端屏幕参数、客户端操作系统类型、客户端操作系统版本。In any of the above technical solutions, optionally, the first device identifier and/or the second device identifier are generated according to device information, and the device information includes at least one of the following: client name, client model, client screen parameters, Client OS type, client OS version.

第二方面,本申请实施例提供了一种服务器,服务器包括中台模块和处理模块;In the second aspect, the embodiment of the present application provides a server, and the server includes a middle station module and a processing module;

其中,中台模块用于获取来自第一域名服务对第二域名服务的跳转请求,以及响应于跳转请求,将登录令牌和第一域名服务对应的第一设备标识发送至处理模块,其中,第一域名服务为用户已登录,登录令牌为用户在登录第一域名服务时所生成;Wherein, the middle station module is used to obtain a jump request from the first domain name service to the second domain name service, and in response to the jump request, send the login token and the first device identifier corresponding to the first domain name service to the processing module, Wherein, the first domain name service means that the user has logged in, and the login token is generated when the user logs in to the first domain name service;

处理模块用于根据登录令牌和第一设备标识生成凭证信息;The processing module is used to generate credential information according to the login token and the first device identifier;

中台模块还用于将凭证信息发送至第一域名服务,以供第一域名服务在跳转至第二域名服务时将凭证信息发送至第二域名服务,以及获取来自第二域名服务的凭证信息,并将凭证信息和第二域名服务的第二设备标识发送至处理模块;The middle station module is also used to send the certificate information to the first domain name service, so that the first domain name service can send the certificate information to the second domain name service when jumping to the second domain name service, and obtain the certificate from the second domain name service information, and send the credential information and the second device identifier of the second domain name service to the processing module;

处理模块还用于解析凭证信息得到第一设备标识,并将第一设备标识与第二设备标识进行比对,若第一设备标识与第二设备标识一致,则将登录令牌和用户的用户身份信息发送至中台模块;The processing module is also used to parse the credential information to obtain the first device ID, and compare the first device ID with the second device ID, and if the first device ID is consistent with the second device ID, then compare the login token with the user ID of the user. The identity information is sent to the middle station module;

中台模块还用于将登录令牌和用户的用户身份信息发送至第二域名服务,以实现用户对第二域名服务的登录。The middle station module is also used to send the login token and the user identity information of the user to the second domain name service, so as to realize the user's login to the second domain name service.

第三方面,本申请实施例提供了一种可读存储介质,该可读存储介质上存储程序或指令,程序或指令被处理器执行时实现如第一方面的方法的步骤。In a third aspect, an embodiment of the present application provides a readable storage medium, on which a program or an instruction is stored, and when the program or instruction is executed by a processor, the steps of the method in the first aspect are implemented.

本申请实施例,一方面,用户可以跨域免登录实现服务访问,也即用户无需二次登录即可实现无感的跨域访问,以减少用户的登录操作。另一方面,通过用户客户端的设备标识对登录令牌进行加密,即使出现访问链接被分享或是被拦截至其他客户端的情况,因为其他客户端与用户客户端的设备标识不同,其他客户端也无法解密出通过用户客户端的设备标识进行加密的登录令牌,降低了登录令牌被泄露破解的风险,提升了安全性。再一方面,通过将第一域名服务对应的第一设备标识与第二域名服务对应的第二设备标识进行对比,能够判断出第二域名服务与第一域名服务是否为同一个客户端登录,从而进一步提升了登录的安全性。In the embodiment of the present application, on the one hand, users can access services without logging in across domains, that is, users can achieve cross-domain access without any need for secondary login, so as to reduce the login operations of users. On the other hand, the login token is encrypted through the device ID of the user client. Even if the access link is shared or intercepted to other clients, because the device IDs of other clients and the user client are different, other clients cannot The login token encrypted by the device identification of the user client is decrypted, which reduces the risk of the login token being leaked and cracked, and improves security. On the other hand, by comparing the first device identifier corresponding to the first domain name service with the second device identifier corresponding to the second domain name service, it can be determined whether the second domain name service and the first domain name service are logged in by the same client, Thereby further improving the security of login.

上述说明仅是本申请技术方案的概述,为了能够更清楚了解本申请的技术手段,而可依照说明书的内容予以实施,并且为了让本申请的上述和其它目的、特征和优点能够更明显易懂,以下特举本申请的具体实施方式。The above description is only an overview of the technical solution of the present application. In order to better understand the technical means of the present application, it can be implemented according to the contents of the description, and in order to make the above and other purposes, features and advantages of the present application more obvious and understandable , the following specifically cites the specific implementation manner of the present application.

附图说明Description of drawings

此处所说明的附图用来提供对本申请的进一步理解,构成本申请的一部分,本申请的示意性实施例及其说明用于解释本申请,并不构成对本申请的不当限定。在附图中:The drawings described here are used to provide a further understanding of the application and constitute a part of the application. The schematic embodiments and descriptions of the application are used to explain the application and do not constitute an improper limitation to the application. In the attached picture:

图1示出了本申请实施例的跨域登录方法的流程示意图之一;FIG. 1 shows one of the schematic flow diagrams of the cross-domain login method of the embodiment of the present application;

图2示出了本申请实施例的交互示意图;Fig. 2 shows the interaction diagram of the embodiment of the present application;

图3示出了本申请实施例的服务器的结构框图;Fig. 3 shows the structural block diagram of the server of the embodiment of the present application;

图4示出了本申请实施例的跨域登录系统的结构示意图。FIG. 4 shows a schematic structural diagram of a cross-domain login system according to an embodiment of the present application.

具体实施方式Detailed ways

下面将结合本申请实施例中的附图,对本申请实施例中的技术方案进行清楚地描述,显然,所描述的实施例是本申请一部分实施例,而不是全部的实施例。基于本申请中的实施例,本领域普通技术人员获得的所有其他实施例,都属于本申请保护的范围。The following will clearly describe the technical solutions in the embodiments of the present application with reference to the drawings in the embodiments of the present application. Obviously, the described embodiments are part of the embodiments of the present application, but not all of them. All other embodiments obtained by persons of ordinary skill in the art based on the embodiments in this application belong to the protection scope of this application.

本申请的说明书和权利要求书中的术语“第一”、“第二”等是用于区别类似的对象,而不用于描述特定的顺序或先后次序。应该理解这样使用的数据在适当情况下可以互换,以便本申请的实施例能够以除了在这里图示或描述的那些以外的顺序实施,且“第一”、“第二”等所区分的对象通常为一类,并不限定对象的个数,例如第一对象可以是一个,也可以是多个。此外,说明书以及权利要求中“和/或”表示所连接对象的至少其中之一,字符“/”,一般表示前后关联对象是一种“或”的关系。The terms "first", "second" and the like in the specification and claims of the present application are used to distinguish similar objects, and are not used to describe a specific sequence or sequence. It should be understood that the terms so used are interchangeable under appropriate circumstances such that the embodiments of the application can be practiced in sequences other than those illustrated or described herein, and that references to "first," "second," etc. distinguish Objects are generally of one type, and the number of objects is not limited. For example, there may be one or more first objects. In addition, "and/or" in the specification and claims means at least one of the connected objects, and the character "/" generally means that the related objects are an "or" relationship.

下面结合附图,通过具体的实施例及其应用场景对本申请实施例提供的跨域登录方法、服务器和可读存储介质进行详细地说明。The cross-domain login method, server, and readable storage medium provided by the embodiments of the present application will be described in detail below through specific embodiments and application scenarios with reference to the accompanying drawings.

本申请实施例提供了一种跨域登录方法,应用于服务器,服务器与客户端通信连接,客户端具有第一域名服务和第二域名服务,第一域名服务和第二域名服务的业务类型包括保险服务、房产服务、汽车服务、课程服务、支付服务等。The embodiment of the present application provides a cross-domain login method, which is applied to a server. The server communicates with the client. The client has a first domain name service and a second domain name service. The business types of the first domain name service and the second domain name service include: Insurance services, real estate services, car services, course services, payment services, etc.

需要说明的是,第一域名服务和第二域名服务可以是同一公司内部的不同服务,例如,第一域名服务为A公司的保险服务,第二域名服务为A公司的房产服务;第一域名服务和第二域名服务也可以是不同公司之间的服务,例如,第一域名服务为B公司的浏览器,第二域名服务为C公司的购物网站。It should be noted that the first domain name service and the second domain name service can be different services within the same company, for example, the first domain name service is company A’s insurance service, and the second domain name service is company A’s real estate service; the first domain name service The service and the second domain name service may also be services between different companies, for example, the first domain name service is the browser of company B, and the second domain name service is the shopping website of company C.

如图1所示,该方法包括:As shown in Figure 1, the method includes:

步骤101,获取来自第一域名服务对第二域名服务的跳转请求,其中,第一域名服务为用户已登录;Step 101, obtaining a jump request from the first domain name service to the second domain name service, wherein the first domain name service is that the user has logged in;

步骤102,响应于跳转请求,根据登录令牌和第一域名服务对应的第一设备标识,生成凭证信息,其中,登录令牌为用户在登录第一域名服务时所生成;Step 102, in response to the jump request, generate credential information according to the login token and the first device identifier corresponding to the first domain name service, wherein the login token is generated when the user logs in to the first domain name service;

步骤103,将凭证信息发送至第一域名服务,以供第一域名服务在跳转至第二域名服务时将凭证信息发送至第二域名服务;Step 103, sending the credential information to the first domain name service, so that the first domain name service can send the credential information to the second domain name service when jumping to the second domain name service;

步骤104,获取来自第二域名服务的凭证信息,解析凭证信息得到第一设备标识,并将第一设备标识与第二域名服务对应的第二设备标识进行比对;Step 104, obtaining credential information from the second domain name service, parsing the credential information to obtain the first device identifier, and comparing the first device identifier with the second device identifier corresponding to the second domain name service;

步骤105,若第一设备标识与第二设备标识一致,则将登录令牌和用户的用户身份信息发送至第二域名服务,以实现用户对第二域名服务的登录。Step 105, if the first device identifier is consistent with the second device identifier, send the login token and the user identity information of the user to the second domain name service, so as to realize the user's login to the second domain name service.

在该实施例中,客户端已通过对服务器的请求实现用户登录第一域名服务。在用户登录第一域名服务后,出现由第一域名服务跳转至第二域名服务的需求,则客户端向服务器发送跳转请求。In this embodiment, the client has implemented the user's login to the first domain name service through a request to the server. After the user logs in to the first domain name service and there is a need to jump from the first domain name service to the second domain name service, the client sends a jump request to the server.

服务器在接收到从第一域名服务对第二域名服务的跳转请求后,获取第一域名服务对应的第一设备标识,根据用户在登录第一域名服务时所生成的登录令牌和第一域名服务对应的第一设备标识,生成临时的凭证信息,也即,实现通过第一域名服务对应的第一设备标识对登录令牌进行加密,再将凭证信息发送至第一域名服务。After receiving the jump request from the first domain name service to the second domain name service, the server obtains the first device identifier corresponding to the first domain name service, and according to the login token generated by the user when logging in to the first domain name service and the first The first device identifier corresponding to the domain name service generates temporary credential information, that is, encrypts the login token through the first device identifier corresponding to the first domain name service, and then sends the credential information to the first domain name service.

需要说明的是,生成的凭证信息为临时凭证,其具有时效性,在超过预设时间后即失效,从而提高了安全性。It should be noted that the generated credential information is a temporary credential, which is time-sensitive and becomes invalid after a preset time, thereby improving security.

在客户端,第一域名服务跳转至第二域名服务,则第二域名服务从第一域名服务获取到凭证信息,并发送至服务器。服务器在接收到凭证信息后,对凭证信息进行解析,也即对凭证信息进行解密,解密出第一设备标识。再获取第二域名服务对应的第二设备标识,并将解密出的第一设备标识与第二设备标识进行比对,如果二者相同,表明登录第一域名服务和登录第二域名服务的是同一个客户端,则将登录令牌和用户的用户身份信息发送至第二域名服务,以实现用户在第二域名服务上的自动登录。On the client side, the first domain name service jumps to the second domain name service, and the second domain name service obtains credential information from the first domain name service and sends it to the server. After receiving the credential information, the server parses the credential information, that is, decrypts the credential information, and decrypts the first device identifier. Then obtain the second device ID corresponding to the second domain name service, and compare the decrypted first device ID with the second device ID. If the two are the same, it indicates that the person who logged in the first domain name service and the second domain name service is The same client sends the login token and the user identity information of the user to the second domain name service, so as to realize the automatic login of the user on the second domain name service.

需要说明的是,上述设备标识(第一设备标识或第二设备标识)即为客户端的身份标识,设备标识是通过设备信息所生成,每台客户端都有自己的设备信息,设备信息包括但不限于客户端名称、客户端型号、客户端屏幕参数、客户端操作系统类型、客户端操作系统版本等。It should be noted that the above-mentioned device identifier (the first device identifier or the second device identifier) is the identity identifier of the client, and the device identifier is generated through the device information. Each client has its own device information, and the device information includes but Not limited to client name, client model, client screen parameters, client operating system type, client operating system version, etc.

本申请实施例中,一方面,用户可以跨域免登录实现服务访问,也即用户无需二次登录即可实现无感的跨域访问,以减少用户的登录操作。另一方面,通过用户客户端的设备标识对登录令牌进行加密,即使出现访问链接被分享或是被拦截至其他客户端的情况,因为其他客户端与用户客户端的设备标识不同,其他客户端也无法解密出通过用户客户端的设备标识进行加密的登录令牌,降低了登录令牌被泄露破解的风险,提升了安全性。再一方面,通过将第一域名服务对应的第一设备标识与第二域名服务对应的第二设备标识进行对比,能够判断出第二域名服务与第一域名服务是否为同一个客户端登录,从而进一步提升了登录的安全性。In the embodiment of the present application, on the one hand, users can access services without logging in across domains, that is, users can achieve cross-domain access without any need for secondary login, so as to reduce user login operations. On the other hand, the login token is encrypted through the device ID of the user client. Even if the access link is shared or intercepted to other clients, because the device IDs of other clients and the user client are different, other clients cannot The login token encrypted by the device identification of the user client is decrypted, which reduces the risk of the login token being leaked and cracked, and improves security. On the other hand, by comparing the first device identifier corresponding to the first domain name service with the second device identifier corresponding to the second domain name service, it can be determined whether the second domain name service and the first domain name service are logged in by the same client, Thereby further improving the security of login.

在本申请的一个实施例中,在获取来自第一域名服务对第二域名服务的跳转请求之前,还包括:获取来自第一域名服务的登录请求,登录请求携带有用户的用户身份信息;响应于登录请求,根据用户身份信息生成登录令牌;将登录令牌发送至第一域名服务,以实现用户对第一域名服务的登录。In an embodiment of the present application, before obtaining the jump request from the first domain name service to the second domain name service, it further includes: obtaining a login request from the first domain name service, the login request carrying the user identity information of the user; In response to the login request, a login token is generated according to the user identity information; and the login token is sent to the first domain name service to realize the user's login to the first domain name service.

在该实施例中,在第一域名服务对第二域名服务进行跳转之前,第一域名服务要实现用户的登录。具体地,服务器接收第一域名服务的登录请求,该登录请求中携带有用户的用户身份信息,根据用户身份信息生成登录令牌;将登录令牌发送至第一域名服务,以实现用户对第一域名服务的登录。In this embodiment, before the first domain name service redirects to the second domain name service, the first domain name service needs to implement the user's login. Specifically, the server receives the login request of the first domain name service, the login request carries the user identity information of the user, generates a login token according to the user identity information; A domain name service login.

通过上述方式,进行一次登录请求从而实现在第一域名服务上的登录,并对该次登录所获取的用户身份信息以及所生成的登录令牌进行存储,从而为后续对第二域名服务的自动登录提供基础。Through the above method, a login request is made to realize the login on the first domain name service, and the user identity information obtained by the login and the generated login token are stored, so as to provide automatic information for the subsequent automatic registration of the second domain name service. Login provides the basis.

在本申请的一个实施例中,解析凭证信息得到第一设备标识,包括:根据用户身份信息和第一域名服务的业务类型对凭证信息进行解析,得到第一设备标识。In an embodiment of the present application, parsing the credential information to obtain the first device identifier includes: parsing the credential information according to the user identity information and the business type of the first domain name service to obtain the first device identifier.

在该实施例中,在接收到第二域名服务发送来的凭证信息后,对该凭证信息进行解密。具体地,根据第一域名服务的业务类型确定该业务类型的服务允许跳转至其他域名服务,则根据用户身份信息实现对凭证信息的解密。例如,如果第一域名服务的业务类型为支付服务,为了保证其支付信息的安全,则不允许从第一域名服务跳转至其他域名服务,而如果第一域名服务的业务类型为汽车服务,则允许从第一域名服务跳转至其他域名服务。In this embodiment, after receiving the credential information sent by the second domain name service, the credential information is decrypted. Specifically, according to the business type of the first domain name service, it is determined that the service of this business type allows jumping to other domain name services, and the decryption of the credential information is realized according to the user identity information. For example, if the business type of the first domain name service is payment service, in order to ensure the safety of its payment information, it is not allowed to jump from the first domain name service to other domain name services, and if the business type of the first domain name service is automobile service, Then jumping from the first domain name service to other domain name services is allowed.

通过上述方式进一步地保证了跳转登录的安全性。The security of the jump login is further ensured through the above manner.

在本申请的一个实施例中,该方法还包括:确定第一域名服务的业务类型和/或确定第二域名服务的业务类型。In an embodiment of the present application, the method further includes: determining the business type of the first domain name service and/or determining the business type of the second domain name service.

在该实施例中,服务器为各个域名服务分发业务类型,使得各个域名服务具有明确的业务类型,从而为其登录验证提供基础。In this embodiment, the server distributes business types for each domain name service, so that each domain name service has a clear business type, thereby providing a basis for its login verification.

在本申请的一个实施例中,该方法还包括:通过预设接口,获取第一域名服务对应的第一设备标识和第二域名服务对应的第二设备标识。In an embodiment of the present application, the method further includes: obtaining a first device identifier corresponding to the first domain name service and a second device identifier corresponding to the second domain name service through a preset interface.

在该实施例中,服务器通过设置预设接口,也即API(Application ProgrammingInterface,应用程序编程接口),实现对预先封装的设备标识进行调用。In this embodiment, the server realizes calling the prepackaged device identifier by setting a preset interface, that is, an API (Application Programming Interface, application programming interface).

在需要生成凭证信息时,通过预设接口对第一设备标识进行获取,从而利用第一设备标识对登录令牌进行加密,生成临时的成凭证信息。相比于仅利用登录令牌生成单一临时凭证来避免登录令牌被直接暴露出来的方案,能够提高登录令牌加密复杂程度,降低登录令牌被破解而泄露用户信息的概率,提升安全性。When it is necessary to generate credential information, the first device identifier is acquired through a preset interface, so that the login token is encrypted with the first device identifier to generate temporary credential information. Compared with the scheme that only uses the login token to generate a single temporary credential to avoid the login token being directly exposed, it can increase the complexity of the login token encryption, reduce the probability of the login token being cracked and leak user information, and improve security.

在本申请的一个实施例中,服务器包括中台模块和处理模块;其中,中台模块用于获取跳转请求,以及响应于跳转请求,将登录令牌和第一域名服务对应的第一设备标识发送至处理模块;处理模块用于根据登录令牌和第一设备标识生成凭证信息;中台模块还用于将凭证信息发送至第一域名服务,以及获取来自第二域名服务的凭证信息,并将凭证信息和第二域名服务的第二设备标识发送至处理模块;处理模块还用于解析凭证信息得到第一设备标识,并将第一设备标识与第二域名服务对应的第二设备标识进行比对,若第一设备标识与第二设备标识一致,则将登录令牌和用户的用户身份信息发送至中台模块;中台模块还用于将登录令牌和用户的用户身份信息发送至第二域名服务,以实现用户对第二域名服务的登录。In one embodiment of the present application, the server includes a middle station module and a processing module; wherein the middle station module is used to obtain a jump request, and in response to the jump request, the login token and the first domain name service corresponding to the first The device identifier is sent to the processing module; the processing module is used to generate credential information according to the login token and the first device identifier; the middle station module is also used to send the credential information to the first domain name service, and obtain credential information from the second domain name service , and send the credential information and the second device identifier of the second domain name service to the processing module; the processing module is also used to parse the credential information to obtain the first device identifier, and send the first device identifier to the second device corresponding to the second domain name service The identification is compared, and if the first device identification is consistent with the second device identification, the login token and the user identity information of the user are sent to the middle platform module; the middle platform module is also used to send the login token and the user identity information of the user Send to the second domain name service to realize the user's login to the second domain name service.

在一个实施例中,中台模块还用于获取来自第一域名服务的登录请求,登录请求携带有用户的用户身份信息,以及响应于登录请求,将用户身份信息发送至处理模块;处理模块还用于根据用户身份信息生成登录令牌;中台模块还用于将登录令牌发送至第一域名服务,以实现用户对第一域名服务的登录。In one embodiment, the middle station module is further configured to obtain a login request from the first domain name service, the login request carries the user identity information of the user, and sends the user identity information to the processing module in response to the login request; the processing module also It is used to generate a login token according to the user identity information; the middle station module is also used to send the login token to the first domain name service, so as to realize the user's login to the first domain name service.

在一个实施例中,处理模块还用于根据用户身份信息和第一域名服务的业务类型对凭证信息进行解析,得到第一设备标识。In one embodiment, the processing module is further configured to parse the credential information according to the user identity information and the business type of the first domain name service, to obtain the first device identifier.

在一个实施例中,处理模块还用于确定第一域名服务的业务类型和/或确定第二域名服务的业务类型。In one embodiment, the processing module is further configured to determine the business type of the first domain name service and/or determine the business type of the second domain name service.

在一个实施例中,中台模块还用于通过预设接口,获取第一域名服务对应的第一设备标识和第二域名服务对应的第二设备标识。In one embodiment, the middle station module is further configured to acquire the first device identifier corresponding to the first domain name service and the second device identifier corresponding to the second domain name service through a preset interface.

在该实时中,服务器设置中台模块,中台模块提供SDK(Software DevelopmentKit,软件开发工具包)能力,能够实现信息中转,使信息传输更加高效,域名服务的接入更加方便快捷。In this real-time, the server is equipped with a middle platform module, which provides SDK (Software Development Kit, software development kit) capability, which can realize information transfer, make information transmission more efficient, and access domain name services more conveniently and quickly.

相比于利用多个服务器之间做接口转化、加密解密从而进行不同域名服务之间的跳转登录的方案,本申请实施例通过设置中台模块,形成平台级别的解决方案,方便公司内各个服务使用,复用性较高,且能够实现统一管理,降低了开发成本,真正地形成了开箱即用的系统化解决方案。Compared with the scheme of using multiple servers for interface conversion, encryption and decryption to perform jump login between different domain name services, the embodiment of this application forms a platform-level solution by setting up a middle-end module, which is convenient for all parties in the company. Service use, high reusability, and unified management can be achieved, which reduces development costs and truly forms an out-of-the-box systematic solution.

在本申请的一个具体实施例中,图2示出了本申请实施例的交互示意图,如图2所示,该方法包括:In a specific embodiment of the present application, FIG. 2 shows a schematic diagram of the interaction of the embodiment of the present application. As shown in FIG. 2, the method includes:

1001.域名A服务访问中台模块提供的请求登录的SDK能力,传递当前将要登录的用户的用户身份信息;1001. The domain name A service accesses the SDK capability provided by the middle platform module to request login, and transmits the user identity information of the user who is currently about to log in;

1002.中台模块将用户身份信息传递至处理模块,处理模块生成token(也即登录令牌);1002. The middle station module transmits the user identity information to the processing module, and the processing module generates a token (that is, a login token);

1003.处理模块向中台模块返回token;1003. The processing module returns the token to the middle station module;

1004.中台模块获取到token后将token和用户身份信息发送至域名A服务,即用户在域名A服务登录成功,实现首次登录;1004. After the middle station module obtains the token, it sends the token and user identity information to the domain name A service, that is, the user successfully logs in to the domain name A service and realizes the first login;

1005.域名A服务业务逻辑触发跳转域名B服务;1005. Domain name A service business logic triggers redirection to domain name B service;

1006.在跳转前域名A服务访问中台模块提供的获取设备标识的SDK能力,也即调用API的能力;1006. Before the jump, the domain name A service accesses the SDK capability provided by the middle platform module to obtain the device identification, that is, the ability to call the API;

1007.中台模块通过调用API获取到域名A服务的设备标识fingerprintA,并将token和fingerprintA传递至处理模块,处理模块生成ticket;1007. The middle station module obtains the device identifier fingerprintA of the domain name A service by calling the API, and passes the token and fingerprintA to the processing module, and the processing module generates a ticket;

1008.处理模块将ticket返回至中台模块;1008. The processing module returns the ticket to the middle station module;

1009.中台模块将ticket返回至域名A服务;1009. The middle station module returns the ticket to the domain name A service;

1010.域名A服务跳转域名B服务,通过URL携带ticket;1010. The domain name A service redirects to the domain name B service, and the ticket is carried through the URL;

1011.域名B服务将ticket传递到中台模块;1011. The domain name B service passes the ticket to the middle station module;

1012.中台模块将ticket和fingerprintB传递至处理模块;1012. The middle station module passes the ticket and fingerprintB to the processing module;

1013.处理模块解析ticket,解析出fingerprintA后与fingerprintB比对,如果一致返回中台模块token;1013. The processing module parses the ticket, parses fingerprintA and compares it with fingerprintB, and returns the token of the middle station module if they are consistent;

1014.中台模块将token和用户身份信息发送至域名B服务;1014. The middle station module sends the token and user identity information to the domain name B service;

1015.域名B服务进行服务访问,以及域名B服务将用户身份信息、token等设置cookie完成存储。1015. The domain name B service accesses the service, and the domain name B service sets a cookie for user identity information, token, etc. to complete storage.

本申请实施例,使用户在访问公司内不同的域名服务时实现用户无感知的跨站访问,避免二次登录,提升了用户体验。与此同时,通过不同域名下的服务实现免登录访问,提升了业务转化率,实现技术为业务赋能。The embodiment of the present application enables users to realize cross-site access without user awareness when accessing different domain name services in the company, avoiding secondary login, and improving user experience. At the same time, login-free access is realized through services under different domain names, which improves the business conversion rate and enables technology to empower business.

并且,通过设备标识识别比对解决了安全风险问题,通过中台实现了服务登录处理的复用,解决了管理不统一的问题。Moreover, the security risk problem is solved through the identification and comparison of equipment, and the reuse of service login processing is realized through the middle platform, which solves the problem of inconsistent management.

本申请实施例还提供了一种服务器,如图3所示,服务器300包括中台模块301和处理模块302。The embodiment of the present application also provides a server. As shown in FIG. 3 , the server 300 includes a middle station module 301 and a processing module 302 .

其中,中台模块301用于获取来自第一域名服务对第二域名服务的跳转请求,以及响应于跳转请求,将登录令牌和第一域名服务对应的第一设备标识发送至处理模块302,其中,第一域名服务为用户已登录,登录令牌为用户在登录第一域名服务时所生成;Among them, the middle station module 301 is used to obtain a jump request from the first domain name service to the second domain name service, and in response to the jump request, send the login token and the first device identifier corresponding to the first domain name service to the processing module 302, wherein, the first domain name service indicates that the user has logged in, and the login token is generated when the user logs in to the first domain name service;

处理模块302用于根据登录令牌和第一设备标识生成凭证信息;The processing module 302 is configured to generate credential information according to the login token and the first device identifier;

中台模块301还用于将凭证信息发送至第一域名服务,以供第一域名服务在跳转至第二域名服务时将凭证信息发送至第二域名服务,以及获取来自第二域名服务的凭证信息,并将凭证信息和第二域名服务的第二设备标识发送至处理模块302;The middle station module 301 is also used to send the credential information to the first domain name service, so that the first domain name service can send the credential information to the second domain name service when jumping to the second domain name service, and obtain the certificate information from the second domain name service. credential information, and send the credential information and the second device identifier of the second domain name service to the processing module 302;

处理模块302还用于解析凭证信息得到第一设备标识,并将第一设备标识与第二设备标识进行比对,若第一设备标识与第二设备标识一致,则将登录令牌和用户的用户身份信息发送至中台模块301;The processing module 302 is further configured to parse the credential information to obtain the first device identifier, and compare the first device identifier with the second device identifier, and if the first device identifier is consistent with the second device identifier, then compare the login token with the user's The user identity information is sent to the middle station module 301;

中台模块301还用于将登录令牌和用户的用户身份信息发送至第二域名服务,以实现用户对第二域名服务的登录。The middle station module 301 is also configured to send the login token and the user identity information of the user to the second domain name service, so as to realize the user's login to the second domain name service.

在该实施例中,客户端已通过对服务器的请求实现用户登录第一域名服务。在用户登录第一域名服务后,出现由第一域名服务跳转至第二域名服务的需求,则客户端向服务器发送跳转请求。In this embodiment, the client has implemented the user's login to the first domain name service through a request to the server. After the user logs in to the first domain name service and there is a need to jump from the first domain name service to the second domain name service, the client sends a jump request to the server.

服务器在接收到从第一域名服务对第二域名服务的跳转请求后,获取第一域名服务对应的第一设备标识,根据用户在登录第一域名服务时所生成的登录令牌和第一域名服务对应的第一设备标识,生成临时的凭证信息,也即,实现通过第一域名服务对应的第一设备标识对登录令牌进行加密,再将凭证信息发送至第一域名服务。After receiving the jump request from the first domain name service to the second domain name service, the server obtains the first device identifier corresponding to the first domain name service, and according to the login token generated by the user when logging in to the first domain name service and the first The first device identifier corresponding to the domain name service generates temporary credential information, that is, encrypts the login token through the first device identifier corresponding to the first domain name service, and then sends the credential information to the first domain name service.

在客户端,第一域名服务跳转至第二域名服务,则第二域名服务从第一域名服务获取到凭证信息,并发送至服务器。服务器在接收到凭证信息后,对凭证信息进行解析,也即对凭证信息进行解密,解密出第一设备标识。再获取第二域名服务对应的第二设备标识,并将解密出的第一设备标识与第二设备标识进行比对,如果二者相同,表明登录第一域名服务和登录第二域名服务的是同一个客户端,则将登录令牌和用户的用户身份信息发送至第二域名服务,以实现用户在第二域名服务上的自动登录。On the client side, the first domain name service jumps to the second domain name service, and the second domain name service obtains credential information from the first domain name service and sends it to the server. After receiving the credential information, the server parses the credential information, that is, decrypts the credential information, and decrypts the first device identifier. Then obtain the second device ID corresponding to the second domain name service, and compare the decrypted first device ID with the second device ID. If the two are the same, it indicates that the person who logged in the first domain name service and the second domain name service is The same client sends the login token and the user identity information of the user to the second domain name service, so as to realize the automatic login of the user on the second domain name service.

本申请实施例中,一方面,用户可以跨域免登录实现服务访问,也即用户无需二次登录即可实现无感的跨域访问,以减少用户的登录操作。另一方面,通过用户客户端的设备标识对登录令牌进行加密,即使出现访问链接被分享或是被拦截至其他客户端的情况,因为其他客户端与用户客户端的设备标识不同,其他客户端也无法解密出通过用户客户端的设备标识进行加密的登录令牌,降低了登录令牌被泄露破解的风险,提升了安全性。再一方面,通过将第一域名服务对应的第一设备标识与第二域名服务对应的第二设备标识进行对比,能够判断出第二域名服务与第一域名服务是否为同一个客户端登录,从而进一步提升了登录的安全性。In the embodiment of the present application, on the one hand, users can access services without logging in across domains, that is, users can achieve cross-domain access without any need for secondary login, so as to reduce user login operations. On the other hand, the login token is encrypted through the device ID of the user client. Even if the access link is shared or intercepted to other clients, because the device IDs of other clients and the user client are different, other clients cannot The login token encrypted by the device identification of the user client is decrypted, which reduces the risk of the login token being leaked and cracked, and improves security. On the other hand, by comparing the first device identifier corresponding to the first domain name service with the second device identifier corresponding to the second domain name service, it can be determined whether the second domain name service and the first domain name service are logged in by the same client, Thereby further improving the security of login.

在一个实施例中,中台模块301还用于获取来自第一域名服务的登录请求,登录请求携带有用户的用户身份信息,以及响应于登录请求,将用户身份信息发送至处理模块302;处理模块302还用于根据用户身份信息生成登录令牌;中台模块301还用于将登录令牌发送至第一域名服务,以实现用户对第一域名服务的登录。In one embodiment, the middle station module 301 is also configured to obtain a login request from the first domain name service, the login request carries the user identity information of the user, and sends the user identity information to the processing module 302 in response to the login request; processing The module 302 is also used to generate a login token according to the user identity information; the middle station module 301 is also used to send the login token to the first domain name service, so as to realize the user's login to the first domain name service.

在一个实施例中,处理模块302还用于根据用户身份信息和第一域名服务的业务类型对凭证信息进行解析,得到第一设备标识。In one embodiment, the processing module 302 is further configured to parse the credential information according to the user identity information and the service type of the first domain name service to obtain the first device identifier.

在一个实施例中,处理模块302还用于确定第一域名服务的业务类型和/或确定第二域名服务的业务类型。In one embodiment, the processing module 302 is further configured to determine the business type of the first domain name service and/or determine the business type of the second domain name service.

在一个实施例中,中台模块301还用于通过预设接口,获取第一域名服务对应的第一设备标识和第二域名服务对应的第二设备标识。In one embodiment, the middle station module 301 is further configured to obtain the first device identifier corresponding to the first domain name service and the second device identifier corresponding to the second domain name service through a preset interface.

在一个实施例中,第一设备标识和/或第二设备标识根据设备信息所生成,设备信息包括以下至少一项:客户端名称、客户端型号、客户端屏幕参数、客户端操作系统类型、客户端操作系统版本。In one embodiment, the first device identifier and/or the second device identifier are generated according to device information, and the device information includes at least one of the following: client name, client model, client screen parameters, client operating system type, Client operating system version.

本申请实施例还提供了一种跨域登录系统,如图4所示,该跨域登录系统包括客户端、中台模块、处理模块以及储存层,其中,客户端即为视图层,具有第一域名服务和第二域名服务,可通过vue、react等技术实现;中台模块即为中间层,作为信息中转模块,可通过node、JavaScript等技术实现;处理模块即为服务层,能够进行信息处理,可通过Java、PHP等技术实现;储存层用于进行信息存储,可通过mysql等技术实现。The embodiment of the present application also provides a cross-domain login system. As shown in FIG. The first domain name service and the second domain name service can be realized through vue, react and other technologies; the middle platform module is the middle layer, and as an information transfer module, it can be realized through node, JavaScript and other technologies; the processing module is the service layer, which can process information The processing can be realized by technologies such as Java and PHP; the storage layer is used for information storage and can be realized by technologies such as mysql.

客户端、中台模块和处理模块的具体工作逻辑如上述实施例所述,且能达到相同的技术效果,为避免重复,这里不再赘述。The specific working logic of the client, the middle station module and the processing module is as described in the above-mentioned embodiments, and can achieve the same technical effect. To avoid repetition, details are not repeated here.

本申请实施例还提供一种可读存储介质,可读存储介质上存储有程序或指令,该程序或指令被处理器执行时实现上述跨域登录方法实施例的各个过程,且能达到相同的技术效果,为避免重复,这里不再赘述。The embodiment of the present application also provides a readable storage medium, on which a program or instruction is stored, and when the program or instruction is executed by a processor, each process of the above-mentioned embodiment of the cross-domain login method can be achieved, and the same Technical effects, in order to avoid repetition, will not be repeated here.

需要说明的是,在本文中,术语“包括”、“包含”或者其任何其他变体意在涵盖非排他性的包含,从而使得包括一系列要素的过程、方法、物品或者装置不仅包括那些要素,而且还包括没有明确列出的其他要素,或者是还包括为这种过程、方法、物品或者装置所固有的要素。在没有更多限制的情况下,由语句“包括一个……”限定的要素,并不排除在包括该要素的过程、方法、物品或者装置中还存在另外的相同要素。此外,需要指出的是,本申请实施方式中的方法和装置的范围不限按示出或讨论的顺序来执行功能,还可包括根据所涉及的功能按基本同时的方式或按相反的顺序来执行功能,例如,可以按不同于所描述的次序来执行所描述的方法,并且还可以添加、省去、或组合各种步骤。另外,参照某些示例所描述的特征可在其他示例中被组合。It should be noted that, in this document, the term "comprising", "comprising" or any other variation thereof is intended to cover a non-exclusive inclusion such that a process, method, article or apparatus comprising a set of elements includes not only those elements, It also includes other elements not expressly listed, or elements inherent in the process, method, article, or device. Without further limitations, an element defined by the phrase "comprising a ..." does not preclude the presence of additional identical elements in the process, method, article, or apparatus comprising that element. In addition, it should be pointed out that the scope of the methods and devices in the embodiments of the present application is not limited to performing functions in the order shown or discussed, and may also include performing functions in a substantially simultaneous manner or in reverse order according to the functions involved. Functions are performed, for example, the described methods may be performed in an order different from that described, and various steps may also be added, omitted, or combined. Additionally, features described with reference to certain examples may be combined in other examples.

上面结合附图对本申请的实施例进行了描述,但是本申请并不局限于上述的具体实施方式,上述的具体实施方式仅仅是示意性的,而不是限制性的,本领域的普通技术人员在本申请的启示下,在不脱离本申请宗旨和权利要求所保护的范围情况下,还可做出很多形式,均属于本申请的保护之内。The embodiments of the present application have been described above in conjunction with the accompanying drawings, but the present application is not limited to the above-mentioned specific implementations. The above-mentioned specific implementations are only illustrative and not restrictive. Those of ordinary skill in the art will Under the inspiration of this application, without departing from the purpose of this application and the scope of protection of the claims, many forms can also be made, all of which belong to the protection of this application.

Claims (10)

1.一种跨域登录方法,其特征在于,应用于服务器,所述方法包括:1. A cross-domain login method, characterized in that it is applied to a server, and the method comprises: 获取来自第一域名服务对第二域名服务的跳转请求,其中,所述第一域名服务为用户已登录;Obtaining a jump request from the first domain name service to the second domain name service, wherein the first domain name service is that the user has logged in; 响应于所述跳转请求,根据登录令牌和所述第一域名服务对应的第一设备标识,生成凭证信息,其中,所述登录令牌为所述用户在登录所述第一域名服务时所生成;In response to the jump request, generate credential information according to the login token and the first device identifier corresponding to the first domain name service, wherein the login token is generated by 将所述凭证信息发送至所述第一域名服务,以供所述第一域名服务在跳转至所述第二域名服务时将所述凭证信息发送至所述第二域名服务;sending the credential information to the first domain name service, so that the first domain name service can send the credential information to the second domain name service when jumping to the second domain name service; 获取来自所述第二域名服务的所述凭证信息,解析所述凭证信息得到所述第一设备标识,并将所述第一设备标识与所述第二域名服务对应的第二设备标识进行比对;Acquiring the credential information from the second domain name service, parsing the credential information to obtain the first device identifier, and comparing the first device identifier with a second device identifier corresponding to the second domain name service right; 若所述第一设备标识与所述第二设备标识一致,则将所述登录令牌和所述用户的用户身份信息发送至所述第二域名服务,以实现所述用户对所述第二域名服务的登录。If the first device identifier is consistent with the second device identifier, then send the login token and the user identity information of the user to the second domain name service, so that the user can identify the second Domain name service login. 2.根据权利要求1所述的方法,其特征在于,在所述获取来自第一域名服务对第二域名服务的跳转请求之前,还包括:2. The method according to claim 1, further comprising: 获取来自所述第一域名服务的登录请求,所述登录请求携带有所述用户的用户身份信息;Obtain a login request from the first domain name service, where the login request carries user identity information of the user; 响应于所述登录请求,根据所述用户身份信息生成所述登录令牌;generating the login token according to the user identity information in response to the login request; 将所述登录令牌发送至所述第一域名服务,以实现所述用户对所述第一域名服务的登录。sending the login token to the first domain name service, so as to enable the user to log in to the first domain name service. 3.根据权利要求1所述的方法,其特征在于,所述解析所述凭证信息得到所述第一设备标识,包括:3. The method according to claim 1, wherein said parsing said credential information to obtain said first device identifier comprises: 根据所述用户身份信息和所述第一域名服务的业务类型对所述凭证信息进行解析,得到所述第一设备标识。The credential information is parsed according to the user identity information and the service type of the first domain name service to obtain the first device identifier. 4.根据权利要求3所述的方法,其特征在于,还包括:4. The method according to claim 3, further comprising: 确定所述第一域名服务的业务类型和/或确定所述第二域名服务的业务类型。Determine the service type of the first domain name service and/or determine the service type of the second domain name service. 5.根据权利要求1所述的方法,其特征在于,还包括:5. The method according to claim 1, further comprising: 通过预设接口,获取所述第一域名服务对应的第一设备标识和所述第二域名服务对应的第二设备标识。Obtain the first device identifier corresponding to the first domain name service and the second device identifier corresponding to the second domain name service through a preset interface. 6.根据权利要求2所述的方法,其特征在于,所述服务器包括中台模块和处理模块;6. The method according to claim 2, wherein the server comprises a middle station module and a processing module; 其中,所述中台模块用于获取所述跳转请求,以及响应于所述跳转请求,将所述登录令牌和所述第一域名服务对应的第一设备标识发送至所述处理模块;Wherein, the middle station module is used to obtain the jump request, and in response to the jump request, send the login token and the first device identifier corresponding to the first domain name service to the processing module ; 所述处理模块用于根据所述登录令牌和所述第一设备标识生成凭证信息;The processing module is configured to generate credential information according to the login token and the first device identifier; 所述中台模块还用于将所述凭证信息发送至所述第一域名服务,以及获取来自所述第二域名服务的所述凭证信息,并将所述凭证信息和所述第二域名服务的第二设备标识发送至所述处理模块;The middle station module is further configured to send the credential information to the first domain name service, obtain the credential information from the second domain name service, and share the credential information with the second domain name service sending the second device identifier to the processing module; 所述处理模块还用于解析所述凭证信息得到所述第一设备标识,并将所述第一设备标识与所述第二域名服务对应的第二设备标识进行比对,若所述第一设备标识与所述第二设备标识一致,则将所述登录令牌和所述用户的用户身份信息发送至所述中台模块;The processing module is further configured to parse the credential information to obtain the first device identifier, and compare the first device identifier with the second device identifier corresponding to the second domain name service, if the first If the device identifier is consistent with the second device identifier, then the login token and the user identity information of the user are sent to the middle station module; 所述中台模块还用于将所述登录令牌和所述用户的用户身份信息发送至所述第二域名服务,以实现所述用户对所述第二域名服务的登录。The middle station module is further configured to send the login token and the user identity information of the user to the second domain name service, so as to realize the login of the user to the second domain name service. 7.根据权利要求6所述的方法,其特征在于,7. The method of claim 6, wherein, 所述中台模块还用于获取来自所述第一域名服务的登录请求,所述登录请求携带有所述用户的用户身份信息,以及响应于所述登录请求,将所述用户身份信息发送至所述处理模块;The middle station module is also used to obtain a login request from the first domain name service, the login request carries the user identity information of the user, and in response to the login request, sends the user identity information to said processing module; 所述处理模块还用于根据所述用户身份信息生成所述登录令牌;The processing module is further configured to generate the login token according to the user identity information; 所述中台模块还用于将所述登录令牌发送至所述第一域名服务,以实现所述用户对所述第一域名服务的登录。The middle station module is further configured to send the login token to the first domain name service, so as to realize the login of the user to the first domain name service. 8.根据权利要求1至7中任一项所述的方法,其特征在于,8. The method according to any one of claims 1 to 7, characterized in that, 所述第一设备标识和/或所述第二设备标识根据设备信息所生成,所述设备信息包括以下至少一项:客户端名称、客户端型号、客户端屏幕参数、客户端操作系统类型、客户端操作系统版本。The first device identifier and/or the second device identifier are generated according to device information, and the device information includes at least one of the following: client name, client model, client screen parameters, client operating system type, Client operating system version. 9.一种服务器,其特征在于,所述服务器包括中台模块和处理模块;9. A server, characterized in that, the server includes a middle station module and a processing module; 其中,所述中台模块用于获取来自第一域名服务对第二域名服务的跳转请求,以及响应于所述跳转请求,将登录令牌和所述第一域名服务对应的第一设备标识发送至所述处理模块,其中,所述第一域名服务为用户已登录,所述登录令牌为所述用户在登录所述第一域名服务时所生成;Wherein, the middle station module is used to obtain a jump request from the first domain name service to the second domain name service, and in response to the jump request, send the login token to the first device corresponding to the first domain name service The identification is sent to the processing module, wherein the first domain name service is logged in by the user, and the login token is generated by the user when logging in to the first domain name service; 所述处理模块用于根据所述登录令牌和所述第一设备标识生成凭证信息;The processing module is configured to generate credential information according to the login token and the first device identifier; 所述中台模块还用于将所述凭证信息发送至所述第一域名服务,以供所述第一域名服务在跳转至所述第二域名服务时将所述凭证信息发送至所述第二域名服务,以及获取来自所述第二域名服务的所述凭证信息,并将所述凭证信息和所述第二域名服务的第二设备标识发送至所述处理模块;The middle station module is also used to send the credential information to the first domain name service, so that the first domain name service can send the credential information to the a second domain name service, and acquiring the credential information from the second domain name service, and sending the credential information and the second device identifier of the second domain name service to the processing module; 所述处理模块还用于解析所述凭证信息得到所述第一设备标识,并将所述第一设备标识与所述第二设备标识进行比对,若所述第一设备标识与所述第二设备标识一致,则将所述登录令牌和所述用户的用户身份信息发送至所述中台模块;The processing module is further configured to parse the credential information to obtain the first device ID, and compare the first device ID with the second device ID, if the first device ID is the same as the second device ID If the two device identifiers are consistent, the login token and the user identity information of the user are sent to the middle station module; 所述中台模块还用于将所述登录令牌和所述用户的用户身份信息发送至所述第二域名服务,以实现所述用户对所述第二域名服务的登录。The middle station module is further configured to send the login token and the user identity information of the user to the second domain name service, so as to realize the login of the user to the second domain name service. 10.一种可读存储介质,其上存储有程序或指令,其特征在于,所述程序或指令被处理器执行时实现如权利要求1至8中任一项所述的跨域登录方法的步骤。10. A readable storage medium, on which are stored programs or instructions, characterized in that, when the programs or instructions are executed by a processor, the cross-domain login method according to any one of claims 1 to 8 is implemented step.
CN202310380294.4A 2023-04-11 2023-04-11 A cross-domain login method, server and readable storage medium Pending CN116582298A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202310380294.4A CN116582298A (en) 2023-04-11 2023-04-11 A cross-domain login method, server and readable storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202310380294.4A CN116582298A (en) 2023-04-11 2023-04-11 A cross-domain login method, server and readable storage medium

Publications (1)

Publication Number Publication Date
CN116582298A true CN116582298A (en) 2023-08-11

Family

ID=87534885

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202310380294.4A Pending CN116582298A (en) 2023-04-11 2023-04-11 A cross-domain login method, server and readable storage medium

Country Status (1)

Country Link
CN (1) CN116582298A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116915413A (en) * 2023-08-14 2023-10-20 天翼物联科技有限公司 CoAP protocol-based session processing method, system and storage medium

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111565181A (en) * 2020-04-28 2020-08-21 中国联合网络通信集团有限公司 Single equipment login method, server and client
CN113591059A (en) * 2021-08-02 2021-11-02 云赛智联股份有限公司 User login authentication method
CN113746857A (en) * 2021-09-09 2021-12-03 深圳市腾讯网域计算机网络有限公司 Login method, device, equipment and computer readable storage medium
CN115208648A (en) * 2022-07-05 2022-10-18 中电金信软件有限公司 Login token generation method and device, electronic equipment and storage medium

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111565181A (en) * 2020-04-28 2020-08-21 中国联合网络通信集团有限公司 Single equipment login method, server and client
CN113591059A (en) * 2021-08-02 2021-11-02 云赛智联股份有限公司 User login authentication method
CN113746857A (en) * 2021-09-09 2021-12-03 深圳市腾讯网域计算机网络有限公司 Login method, device, equipment and computer readable storage medium
CN115208648A (en) * 2022-07-05 2022-10-18 中电金信软件有限公司 Login token generation method and device, electronic equipment and storage medium

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116915413A (en) * 2023-08-14 2023-10-20 天翼物联科技有限公司 CoAP protocol-based session processing method, system and storage medium
WO2025036507A1 (en) * 2023-08-14 2025-02-20 天翼物联科技有限公司 Session processing method and system based on coap, and storage medium

Similar Documents

Publication Publication Date Title
US10554420B2 (en) Wireless connections to a wireless access point
US7010582B1 (en) Systems and methods providing interactions between multiple servers and an end use device
CN104735066B (en) A kind of single-point logging method of object web page application, device and system
CN103716326B (en) Resource access method and URG
US8925046B2 (en) Device, method, and recording medium
US8024786B2 (en) System and methods for secure service oriented architectures
CN106209726B (en) A mobile application single sign-on method and device
CN109981561A (en) Monomer architecture system moves to the user authen method of micro services framework
CN112468481B (en) Single-page and multi-page web application identity integrated authentication method based on CAS
CN110225050B (en) JWT token management method
US9923906B2 (en) System, method and computer program product for access authentication
CN108243188B (en) Interface access, interface call and interface verification processing method and device
CN106131079A (en) A kind of authentication method, system and proxy server
US11411731B2 (en) Secure API flow
CN103220259A (en) Using method, call method, device and system of Oauth application programming interface (API)
CN111062023B (en) Method and device for realizing single sign-on of multi-application system
CN118944911A (en) Identity authentication method and system based on wearable device
CN102739708A (en) System and method for accessing third party application based on cloud platform
CN106302606A (en) A kind of across application access method and device
CN113271289A (en) Method, system and computer storage medium for resource authorization and access
Huang et al. A token-based user authentication mechanism for data exchange in RESTful API
CN106331003A (en) A method and device for accessing an application portal system on a cloud desktop
CN108768928B (en) Information acquisition method, terminal and server
CN116582298A (en) A cross-domain login method, server and readable storage medium
CN106911628A (en) A kind of user registers the method and device of application software on the client

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
CB02 Change of applicant information

Country or region after: China

Address after: 100102 Li Ze Zhong Yuan Er Qu 203 Hao - 1 to 8 floors all inner 8th floor B section 802

Applicant after: Beijing Shuidi Technology Group Co.,Ltd.

Address before: 100102 201 / F, block C, 2 lizezhong 2nd Road, Chaoyang District, Beijing

Applicant before: Beijing Shuidi Technology Group Co.,Ltd.

Country or region before: China

CB02 Change of applicant information