CN116582298A - A cross-domain login method, server and readable storage medium - Google Patents
A cross-domain login method, server and readable storage medium Download PDFInfo
- Publication number
- CN116582298A CN116582298A CN202310380294.4A CN202310380294A CN116582298A CN 116582298 A CN116582298 A CN 116582298A CN 202310380294 A CN202310380294 A CN 202310380294A CN 116582298 A CN116582298 A CN 116582298A
- Authority
- CN
- China
- Prior art keywords
- domain name
- name service
- login
- user
- device identifier
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0815—Network architectures or network communication protocols for network security for authentication of entities providing single-sign-on or federations
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/45—Network directories; Name-to-address mapping
- H04L61/4505—Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols
- H04L61/4511—Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols using domain name system [DNS]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0807—Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/321—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
- H04L9/3213—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority using tickets or tokens, e.g. Kerberos
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Power Engineering (AREA)
- Information Transfer Between Computers (AREA)
Abstract
本申请提供了一种跨域登录方法、服务器和可读存储介质,涉及通信技术领域。该方法包括:获取来自第一域名服务对第二域名服务的跳转请求,第一域名服务为用户已登录;响应于跳转请求,根据登录令牌和第一域名服务对应的第一设备标识,生成凭证信息,登录令牌为用户在登录第一域名服务时所生成;将凭证信息发送至第一域名服务,以供第一域名服务在跳转至第二域名服务时将凭证信息发送至第二域名服务;获取来自第二域名服务的凭证信息,解析凭证信息得到第一设备标识,并将第一设备标识与第二域名服务对应的第二设备标识进行比对;若二者一致,则将登录令牌和用户的用户身份信息发送至第二域名服务,以实现用户对第二域名服务的登录。
The application provides a cross-domain login method, a server and a readable storage medium, which relate to the technical field of communication. The method includes: obtaining a jump request from the first domain name service to the second domain name service, the first domain name service being that the user has logged in; in response to the jump request, according to the login token and the first device identifier corresponding to the first domain name service , to generate credential information, the login token is generated when the user logs in to the first domain name service; the credential information is sent to the first domain name service, so that the first domain name service can send the credential information to the second domain name service when jumping to the second domain name service The second domain name service; obtain the credential information from the second domain name service, parse the credential information to obtain the first device identifier, and compare the first device identifier with the second device identifier corresponding to the second domain name service; if the two are consistent, Then send the login token and the user identity information of the user to the second domain name service, so as to realize the login of the user to the second domain name service.
Description
技术领域technical field
本申请涉及通信技术领域,尤其是涉及到一种跨域登录方法、服务器和可读存储介质。The present application relates to the technical field of communications, and in particular to a cross-domain login method, server and readable storage medium.
背景技术Background technique
目前,用户在访问不同的域名服务时,因为浏览器的同源限制,不同域名服务无法跨域设置cookie信息,导致不同域名服务需要多次登录操作。Currently, when users access different domain name services, different domain name services cannot set cookie information across domains due to the same-origin restriction of browsers, resulting in multiple login operations for different domain name services.
为解决该问题,相关技术中,当域名A服务跳转至与其不同域名的域名B服务时,通过URL(Uniform Resource Locator,统一资源定位系统)携带查询参数的方式,将登录令牌或者用户信息等通过查询参数携带至服务端验证,验证有效后返用户信息,域名B服务获取用户身份,实现登录。In order to solve this problem, in related technologies, when the service of domain name A jumps to the service of domain name B with a different domain name, the login token or user information is sent to After the query parameters are carried to the server for verification, the user information is returned after the verification is valid, and the domain name B service obtains the user identity and realizes login.
但是,该方式中登录令牌被携带后相当于明文暴露,当用户转发链接或被爬虫访问链接时,登录令牌容易泄露破解,存在极大的安全风险。However, in this method, when the login token is carried, it is equivalent to the exposure of plaintext. When the user forwards the link or is accessed by a crawler, the login token is easy to leak and crack, and there is a great security risk.
发明内容Contents of the invention
有鉴于此,本申请提供了一种跨域登录方法、服务器和可读存储介质,解决了相关技术中跨域登录的安全性较低的问题。In view of this, the present application provides a cross-domain login method, server and readable storage medium, which solves the problem of low security of cross-domain login in the related art.
第一方面,本申请实施例提供了一种跨域登录方法,应用于服务器,该方法包括:In the first aspect, the embodiment of the present application provides a method for cross-domain login, which is applied to a server, and the method includes:
获取来自第一域名服务对第二域名服务的跳转请求,其中,第一域名服务为用户已登录;Obtain a redirection request from the first domain name service to the second domain name service, where the first domain name service indicates that the user has logged in;
响应于跳转请求,根据登录令牌和第一域名服务对应的第一设备标识,生成凭证信息,其中,登录令牌为用户在登录第一域名服务时所生成;In response to the jump request, generate credential information according to the login token and the first device identifier corresponding to the first domain name service, wherein the login token is generated when the user logs in to the first domain name service;
将凭证信息发送至第一域名服务,以供第一域名服务在跳转至第二域名服务时将凭证信息发送至第二域名服务;Send the credential information to the first domain name service, so that the first domain name service can send the credential information to the second domain name service when jumping to the second domain name service;
获取来自第二域名服务的凭证信息,解析凭证信息得到第一设备标识,并将第一设备标识与第二域名服务对应的第二设备标识进行比对;Acquiring credential information from the second domain name service, parsing the credential information to obtain the first device identifier, and comparing the first device identifier with the second device identifier corresponding to the second domain name service;
若第一设备标识与第二设备标识一致,则将登录令牌和用户的用户身份信息发送至第二域名服务,以实现用户对第二域名服务的登录。If the first device identifier is consistent with the second device identifier, the login token and the user identity information of the user are sent to the second domain name service, so as to realize the user's login to the second domain name service.
根据本申请实施例的上述方法,还可以具有以下附加技术特征:According to the above method of the embodiment of the present application, it may also have the following additional technical features:
在上述技术方案中,可选地,在获取来自第一域名服务对第二域名服务的跳转请求之前,还包括:获取来自第一域名服务的登录请求,登录请求携带有用户的用户身份信息;响应于登录请求,根据用户身份信息生成登录令牌;将登录令牌发送至第一域名服务,以实现用户对第一域名服务的登录。In the above technical solution, optionally, before obtaining the jump request from the first domain name service to the second domain name service, it also includes: obtaining a login request from the first domain name service, the login request carrying the user identity information of the user ; In response to the login request, generate a login token according to the user identity information; send the login token to the first domain name service, so as to realize the user's login to the first domain name service.
在上述任一技术方案中,可选地,解析凭证信息得到第一设备标识,包括:根据用户身份信息和第一域名服务的业务类型对凭证信息进行解析,得到第一设备标识。In any of the above technical solutions, optionally, parsing the credential information to obtain the first device identifier includes: parsing the credential information according to the user identity information and the business type of the first domain name service to obtain the first device identifier.
在上述任一技术方案中,可选地,该方法还包括:确定第一域名服务的业务类型和/或确定第二域名服务的业务类型。In any of the above technical solutions, optionally, the method further includes: determining the business type of the first domain name service and/or determining the business type of the second domain name service.
在上述任一技术方案中,可选地,该方法还包括:通过预设接口,获取第一域名服务对应的第一设备标识和第二域名服务对应的第二设备标识。In any of the above technical solutions, optionally, the method further includes: obtaining the first device identifier corresponding to the first domain name service and the second device identifier corresponding to the second domain name service through a preset interface.
在上述任一技术方案中,可选地,服务器包括中台模块和处理模块;其中,中台模块用于获取跳转请求,以及响应于跳转请求,将登录令牌和第一域名服务对应的第一设备标识发送至处理模块;处理模块用于根据登录令牌和第一设备标识生成凭证信息;中台模块还用于将凭证信息发送至第一域名服务,以及获取来自第二域名服务的凭证信息,并将凭证信息和第二域名服务的第二设备标识发送至处理模块;处理模块还用于解析凭证信息得到第一设备标识,并将第一设备标识与第二域名服务对应的第二设备标识进行比对,若第一设备标识与第二设备标识一致,则将登录令牌和用户的用户身份信息发送至中台模块;中台模块还用于将登录令牌和用户的用户身份信息发送至第二域名服务,以实现用户对第二域名服务的登录。In any of the above technical solutions, optionally, the server includes a middle station module and a processing module; wherein the middle station module is used to obtain a jump request, and in response to the jump request, associate the login token with the first domain name service The first device identifier of the device is sent to the processing module; the processing module is used to generate credential information according to the login token and the first device identifier; the middle station module is also used to send the credential information to the first domain name service, and obtain the credential information, and send the credential information and the second device identifier of the second domain name service to the processing module; the processing module is also used to parse the credential information to obtain the first device identifier, and the The second device ID is compared, and if the first device ID is consistent with the second device ID, the login token and the user's user identity information are sent to the middle station module; the middle station module is also used to send the login token and the user's The user identity information is sent to the second domain name service to realize the user's login to the second domain name service.
在上述任一技术方案中,可选地,中台模块还用于获取来自第一域名服务的登录请求,登录请求携带有用户的用户身份信息,以及响应于登录请求,将用户身份信息发送至处理模块;处理模块还用于根据用户身份信息生成登录令牌;中台模块还用于将登录令牌发送至第一域名服务,以实现用户对第一域名服务的登录。In any of the above technical solutions, optionally, the middle station module is further configured to obtain a login request from the first domain name service, the login request carries the user identity information of the user, and in response to the login request, sends the user identity information to A processing module; the processing module is also used to generate a login token according to the user identity information; the middle station module is also used to send the login token to the first domain name service, so as to realize the user's login to the first domain name service.
在上述任一技术方案中,可选地,第一设备标识和/或第二设备标识根据设备信息所生成,设备信息包括以下至少一项:客户端名称、客户端型号、客户端屏幕参数、客户端操作系统类型、客户端操作系统版本。In any of the above technical solutions, optionally, the first device identifier and/or the second device identifier are generated according to device information, and the device information includes at least one of the following: client name, client model, client screen parameters, Client OS type, client OS version.
第二方面,本申请实施例提供了一种服务器,服务器包括中台模块和处理模块;In the second aspect, the embodiment of the present application provides a server, and the server includes a middle station module and a processing module;
其中,中台模块用于获取来自第一域名服务对第二域名服务的跳转请求,以及响应于跳转请求,将登录令牌和第一域名服务对应的第一设备标识发送至处理模块,其中,第一域名服务为用户已登录,登录令牌为用户在登录第一域名服务时所生成;Wherein, the middle station module is used to obtain a jump request from the first domain name service to the second domain name service, and in response to the jump request, send the login token and the first device identifier corresponding to the first domain name service to the processing module, Wherein, the first domain name service means that the user has logged in, and the login token is generated when the user logs in to the first domain name service;
处理模块用于根据登录令牌和第一设备标识生成凭证信息;The processing module is used to generate credential information according to the login token and the first device identifier;
中台模块还用于将凭证信息发送至第一域名服务,以供第一域名服务在跳转至第二域名服务时将凭证信息发送至第二域名服务,以及获取来自第二域名服务的凭证信息,并将凭证信息和第二域名服务的第二设备标识发送至处理模块;The middle station module is also used to send the certificate information to the first domain name service, so that the first domain name service can send the certificate information to the second domain name service when jumping to the second domain name service, and obtain the certificate from the second domain name service information, and send the credential information and the second device identifier of the second domain name service to the processing module;
处理模块还用于解析凭证信息得到第一设备标识,并将第一设备标识与第二设备标识进行比对,若第一设备标识与第二设备标识一致,则将登录令牌和用户的用户身份信息发送至中台模块;The processing module is also used to parse the credential information to obtain the first device ID, and compare the first device ID with the second device ID, and if the first device ID is consistent with the second device ID, then compare the login token with the user ID of the user. The identity information is sent to the middle station module;
中台模块还用于将登录令牌和用户的用户身份信息发送至第二域名服务,以实现用户对第二域名服务的登录。The middle station module is also used to send the login token and the user identity information of the user to the second domain name service, so as to realize the user's login to the second domain name service.
第三方面,本申请实施例提供了一种可读存储介质,该可读存储介质上存储程序或指令,程序或指令被处理器执行时实现如第一方面的方法的步骤。In a third aspect, an embodiment of the present application provides a readable storage medium, on which a program or an instruction is stored, and when the program or instruction is executed by a processor, the steps of the method in the first aspect are implemented.
本申请实施例,一方面,用户可以跨域免登录实现服务访问,也即用户无需二次登录即可实现无感的跨域访问,以减少用户的登录操作。另一方面,通过用户客户端的设备标识对登录令牌进行加密,即使出现访问链接被分享或是被拦截至其他客户端的情况,因为其他客户端与用户客户端的设备标识不同,其他客户端也无法解密出通过用户客户端的设备标识进行加密的登录令牌,降低了登录令牌被泄露破解的风险,提升了安全性。再一方面,通过将第一域名服务对应的第一设备标识与第二域名服务对应的第二设备标识进行对比,能够判断出第二域名服务与第一域名服务是否为同一个客户端登录,从而进一步提升了登录的安全性。In the embodiment of the present application, on the one hand, users can access services without logging in across domains, that is, users can achieve cross-domain access without any need for secondary login, so as to reduce the login operations of users. On the other hand, the login token is encrypted through the device ID of the user client. Even if the access link is shared or intercepted to other clients, because the device IDs of other clients and the user client are different, other clients cannot The login token encrypted by the device identification of the user client is decrypted, which reduces the risk of the login token being leaked and cracked, and improves security. On the other hand, by comparing the first device identifier corresponding to the first domain name service with the second device identifier corresponding to the second domain name service, it can be determined whether the second domain name service and the first domain name service are logged in by the same client, Thereby further improving the security of login.
上述说明仅是本申请技术方案的概述,为了能够更清楚了解本申请的技术手段,而可依照说明书的内容予以实施,并且为了让本申请的上述和其它目的、特征和优点能够更明显易懂,以下特举本申请的具体实施方式。The above description is only an overview of the technical solution of the present application. In order to better understand the technical means of the present application, it can be implemented according to the contents of the description, and in order to make the above and other purposes, features and advantages of the present application more obvious and understandable , the following specifically cites the specific implementation manner of the present application.
附图说明Description of drawings
此处所说明的附图用来提供对本申请的进一步理解,构成本申请的一部分,本申请的示意性实施例及其说明用于解释本申请,并不构成对本申请的不当限定。在附图中:The drawings described here are used to provide a further understanding of the application and constitute a part of the application. The schematic embodiments and descriptions of the application are used to explain the application and do not constitute an improper limitation to the application. In the attached picture:
图1示出了本申请实施例的跨域登录方法的流程示意图之一;FIG. 1 shows one of the schematic flow diagrams of the cross-domain login method of the embodiment of the present application;
图2示出了本申请实施例的交互示意图;Fig. 2 shows the interaction diagram of the embodiment of the present application;
图3示出了本申请实施例的服务器的结构框图;Fig. 3 shows the structural block diagram of the server of the embodiment of the present application;
图4示出了本申请实施例的跨域登录系统的结构示意图。FIG. 4 shows a schematic structural diagram of a cross-domain login system according to an embodiment of the present application.
具体实施方式Detailed ways
下面将结合本申请实施例中的附图,对本申请实施例中的技术方案进行清楚地描述,显然,所描述的实施例是本申请一部分实施例,而不是全部的实施例。基于本申请中的实施例,本领域普通技术人员获得的所有其他实施例,都属于本申请保护的范围。The following will clearly describe the technical solutions in the embodiments of the present application with reference to the drawings in the embodiments of the present application. Obviously, the described embodiments are part of the embodiments of the present application, but not all of them. All other embodiments obtained by persons of ordinary skill in the art based on the embodiments in this application belong to the protection scope of this application.
本申请的说明书和权利要求书中的术语“第一”、“第二”等是用于区别类似的对象,而不用于描述特定的顺序或先后次序。应该理解这样使用的数据在适当情况下可以互换,以便本申请的实施例能够以除了在这里图示或描述的那些以外的顺序实施,且“第一”、“第二”等所区分的对象通常为一类,并不限定对象的个数,例如第一对象可以是一个,也可以是多个。此外,说明书以及权利要求中“和/或”表示所连接对象的至少其中之一,字符“/”,一般表示前后关联对象是一种“或”的关系。The terms "first", "second" and the like in the specification and claims of the present application are used to distinguish similar objects, and are not used to describe a specific sequence or sequence. It should be understood that the terms so used are interchangeable under appropriate circumstances such that the embodiments of the application can be practiced in sequences other than those illustrated or described herein, and that references to "first," "second," etc. distinguish Objects are generally of one type, and the number of objects is not limited. For example, there may be one or more first objects. In addition, "and/or" in the specification and claims means at least one of the connected objects, and the character "/" generally means that the related objects are an "or" relationship.
下面结合附图,通过具体的实施例及其应用场景对本申请实施例提供的跨域登录方法、服务器和可读存储介质进行详细地说明。The cross-domain login method, server, and readable storage medium provided by the embodiments of the present application will be described in detail below through specific embodiments and application scenarios with reference to the accompanying drawings.
本申请实施例提供了一种跨域登录方法,应用于服务器,服务器与客户端通信连接,客户端具有第一域名服务和第二域名服务,第一域名服务和第二域名服务的业务类型包括保险服务、房产服务、汽车服务、课程服务、支付服务等。The embodiment of the present application provides a cross-domain login method, which is applied to a server. The server communicates with the client. The client has a first domain name service and a second domain name service. The business types of the first domain name service and the second domain name service include: Insurance services, real estate services, car services, course services, payment services, etc.
需要说明的是,第一域名服务和第二域名服务可以是同一公司内部的不同服务,例如,第一域名服务为A公司的保险服务,第二域名服务为A公司的房产服务;第一域名服务和第二域名服务也可以是不同公司之间的服务,例如,第一域名服务为B公司的浏览器,第二域名服务为C公司的购物网站。It should be noted that the first domain name service and the second domain name service can be different services within the same company, for example, the first domain name service is company A’s insurance service, and the second domain name service is company A’s real estate service; the first domain name service The service and the second domain name service may also be services between different companies, for example, the first domain name service is the browser of company B, and the second domain name service is the shopping website of company C.
如图1所示,该方法包括:As shown in Figure 1, the method includes:
步骤101,获取来自第一域名服务对第二域名服务的跳转请求,其中,第一域名服务为用户已登录;Step 101, obtaining a jump request from the first domain name service to the second domain name service, wherein the first domain name service is that the user has logged in;
步骤102,响应于跳转请求,根据登录令牌和第一域名服务对应的第一设备标识,生成凭证信息,其中,登录令牌为用户在登录第一域名服务时所生成;Step 102, in response to the jump request, generate credential information according to the login token and the first device identifier corresponding to the first domain name service, wherein the login token is generated when the user logs in to the first domain name service;
步骤103,将凭证信息发送至第一域名服务,以供第一域名服务在跳转至第二域名服务时将凭证信息发送至第二域名服务;Step 103, sending the credential information to the first domain name service, so that the first domain name service can send the credential information to the second domain name service when jumping to the second domain name service;
步骤104,获取来自第二域名服务的凭证信息,解析凭证信息得到第一设备标识,并将第一设备标识与第二域名服务对应的第二设备标识进行比对;Step 104, obtaining credential information from the second domain name service, parsing the credential information to obtain the first device identifier, and comparing the first device identifier with the second device identifier corresponding to the second domain name service;
步骤105,若第一设备标识与第二设备标识一致,则将登录令牌和用户的用户身份信息发送至第二域名服务,以实现用户对第二域名服务的登录。Step 105, if the first device identifier is consistent with the second device identifier, send the login token and the user identity information of the user to the second domain name service, so as to realize the user's login to the second domain name service.
在该实施例中,客户端已通过对服务器的请求实现用户登录第一域名服务。在用户登录第一域名服务后,出现由第一域名服务跳转至第二域名服务的需求,则客户端向服务器发送跳转请求。In this embodiment, the client has implemented the user's login to the first domain name service through a request to the server. After the user logs in to the first domain name service and there is a need to jump from the first domain name service to the second domain name service, the client sends a jump request to the server.
服务器在接收到从第一域名服务对第二域名服务的跳转请求后,获取第一域名服务对应的第一设备标识,根据用户在登录第一域名服务时所生成的登录令牌和第一域名服务对应的第一设备标识,生成临时的凭证信息,也即,实现通过第一域名服务对应的第一设备标识对登录令牌进行加密,再将凭证信息发送至第一域名服务。After receiving the jump request from the first domain name service to the second domain name service, the server obtains the first device identifier corresponding to the first domain name service, and according to the login token generated by the user when logging in to the first domain name service and the first The first device identifier corresponding to the domain name service generates temporary credential information, that is, encrypts the login token through the first device identifier corresponding to the first domain name service, and then sends the credential information to the first domain name service.
需要说明的是,生成的凭证信息为临时凭证,其具有时效性,在超过预设时间后即失效,从而提高了安全性。It should be noted that the generated credential information is a temporary credential, which is time-sensitive and becomes invalid after a preset time, thereby improving security.
在客户端,第一域名服务跳转至第二域名服务,则第二域名服务从第一域名服务获取到凭证信息,并发送至服务器。服务器在接收到凭证信息后,对凭证信息进行解析,也即对凭证信息进行解密,解密出第一设备标识。再获取第二域名服务对应的第二设备标识,并将解密出的第一设备标识与第二设备标识进行比对,如果二者相同,表明登录第一域名服务和登录第二域名服务的是同一个客户端,则将登录令牌和用户的用户身份信息发送至第二域名服务,以实现用户在第二域名服务上的自动登录。On the client side, the first domain name service jumps to the second domain name service, and the second domain name service obtains credential information from the first domain name service and sends it to the server. After receiving the credential information, the server parses the credential information, that is, decrypts the credential information, and decrypts the first device identifier. Then obtain the second device ID corresponding to the second domain name service, and compare the decrypted first device ID with the second device ID. If the two are the same, it indicates that the person who logged in the first domain name service and the second domain name service is The same client sends the login token and the user identity information of the user to the second domain name service, so as to realize the automatic login of the user on the second domain name service.
需要说明的是,上述设备标识(第一设备标识或第二设备标识)即为客户端的身份标识,设备标识是通过设备信息所生成,每台客户端都有自己的设备信息,设备信息包括但不限于客户端名称、客户端型号、客户端屏幕参数、客户端操作系统类型、客户端操作系统版本等。It should be noted that the above-mentioned device identifier (the first device identifier or the second device identifier) is the identity identifier of the client, and the device identifier is generated through the device information. Each client has its own device information, and the device information includes but Not limited to client name, client model, client screen parameters, client operating system type, client operating system version, etc.
本申请实施例中,一方面,用户可以跨域免登录实现服务访问,也即用户无需二次登录即可实现无感的跨域访问,以减少用户的登录操作。另一方面,通过用户客户端的设备标识对登录令牌进行加密,即使出现访问链接被分享或是被拦截至其他客户端的情况,因为其他客户端与用户客户端的设备标识不同,其他客户端也无法解密出通过用户客户端的设备标识进行加密的登录令牌,降低了登录令牌被泄露破解的风险,提升了安全性。再一方面,通过将第一域名服务对应的第一设备标识与第二域名服务对应的第二设备标识进行对比,能够判断出第二域名服务与第一域名服务是否为同一个客户端登录,从而进一步提升了登录的安全性。In the embodiment of the present application, on the one hand, users can access services without logging in across domains, that is, users can achieve cross-domain access without any need for secondary login, so as to reduce user login operations. On the other hand, the login token is encrypted through the device ID of the user client. Even if the access link is shared or intercepted to other clients, because the device IDs of other clients and the user client are different, other clients cannot The login token encrypted by the device identification of the user client is decrypted, which reduces the risk of the login token being leaked and cracked, and improves security. On the other hand, by comparing the first device identifier corresponding to the first domain name service with the second device identifier corresponding to the second domain name service, it can be determined whether the second domain name service and the first domain name service are logged in by the same client, Thereby further improving the security of login.
在本申请的一个实施例中,在获取来自第一域名服务对第二域名服务的跳转请求之前,还包括:获取来自第一域名服务的登录请求,登录请求携带有用户的用户身份信息;响应于登录请求,根据用户身份信息生成登录令牌;将登录令牌发送至第一域名服务,以实现用户对第一域名服务的登录。In an embodiment of the present application, before obtaining the jump request from the first domain name service to the second domain name service, it further includes: obtaining a login request from the first domain name service, the login request carrying the user identity information of the user; In response to the login request, a login token is generated according to the user identity information; and the login token is sent to the first domain name service to realize the user's login to the first domain name service.
在该实施例中,在第一域名服务对第二域名服务进行跳转之前,第一域名服务要实现用户的登录。具体地,服务器接收第一域名服务的登录请求,该登录请求中携带有用户的用户身份信息,根据用户身份信息生成登录令牌;将登录令牌发送至第一域名服务,以实现用户对第一域名服务的登录。In this embodiment, before the first domain name service redirects to the second domain name service, the first domain name service needs to implement the user's login. Specifically, the server receives the login request of the first domain name service, the login request carries the user identity information of the user, generates a login token according to the user identity information; A domain name service login.
通过上述方式,进行一次登录请求从而实现在第一域名服务上的登录,并对该次登录所获取的用户身份信息以及所生成的登录令牌进行存储,从而为后续对第二域名服务的自动登录提供基础。Through the above method, a login request is made to realize the login on the first domain name service, and the user identity information obtained by the login and the generated login token are stored, so as to provide automatic information for the subsequent automatic registration of the second domain name service. Login provides the basis.
在本申请的一个实施例中,解析凭证信息得到第一设备标识,包括:根据用户身份信息和第一域名服务的业务类型对凭证信息进行解析,得到第一设备标识。In an embodiment of the present application, parsing the credential information to obtain the first device identifier includes: parsing the credential information according to the user identity information and the business type of the first domain name service to obtain the first device identifier.
在该实施例中,在接收到第二域名服务发送来的凭证信息后,对该凭证信息进行解密。具体地,根据第一域名服务的业务类型确定该业务类型的服务允许跳转至其他域名服务,则根据用户身份信息实现对凭证信息的解密。例如,如果第一域名服务的业务类型为支付服务,为了保证其支付信息的安全,则不允许从第一域名服务跳转至其他域名服务,而如果第一域名服务的业务类型为汽车服务,则允许从第一域名服务跳转至其他域名服务。In this embodiment, after receiving the credential information sent by the second domain name service, the credential information is decrypted. Specifically, according to the business type of the first domain name service, it is determined that the service of this business type allows jumping to other domain name services, and the decryption of the credential information is realized according to the user identity information. For example, if the business type of the first domain name service is payment service, in order to ensure the safety of its payment information, it is not allowed to jump from the first domain name service to other domain name services, and if the business type of the first domain name service is automobile service, Then jumping from the first domain name service to other domain name services is allowed.
通过上述方式进一步地保证了跳转登录的安全性。The security of the jump login is further ensured through the above manner.
在本申请的一个实施例中,该方法还包括:确定第一域名服务的业务类型和/或确定第二域名服务的业务类型。In an embodiment of the present application, the method further includes: determining the business type of the first domain name service and/or determining the business type of the second domain name service.
在该实施例中,服务器为各个域名服务分发业务类型,使得各个域名服务具有明确的业务类型,从而为其登录验证提供基础。In this embodiment, the server distributes business types for each domain name service, so that each domain name service has a clear business type, thereby providing a basis for its login verification.
在本申请的一个实施例中,该方法还包括:通过预设接口,获取第一域名服务对应的第一设备标识和第二域名服务对应的第二设备标识。In an embodiment of the present application, the method further includes: obtaining a first device identifier corresponding to the first domain name service and a second device identifier corresponding to the second domain name service through a preset interface.
在该实施例中,服务器通过设置预设接口,也即API(Application ProgrammingInterface,应用程序编程接口),实现对预先封装的设备标识进行调用。In this embodiment, the server realizes calling the prepackaged device identifier by setting a preset interface, that is, an API (Application Programming Interface, application programming interface).
在需要生成凭证信息时,通过预设接口对第一设备标识进行获取,从而利用第一设备标识对登录令牌进行加密,生成临时的成凭证信息。相比于仅利用登录令牌生成单一临时凭证来避免登录令牌被直接暴露出来的方案,能够提高登录令牌加密复杂程度,降低登录令牌被破解而泄露用户信息的概率,提升安全性。When it is necessary to generate credential information, the first device identifier is acquired through a preset interface, so that the login token is encrypted with the first device identifier to generate temporary credential information. Compared with the scheme that only uses the login token to generate a single temporary credential to avoid the login token being directly exposed, it can increase the complexity of the login token encryption, reduce the probability of the login token being cracked and leak user information, and improve security.
在本申请的一个实施例中,服务器包括中台模块和处理模块;其中,中台模块用于获取跳转请求,以及响应于跳转请求,将登录令牌和第一域名服务对应的第一设备标识发送至处理模块;处理模块用于根据登录令牌和第一设备标识生成凭证信息;中台模块还用于将凭证信息发送至第一域名服务,以及获取来自第二域名服务的凭证信息,并将凭证信息和第二域名服务的第二设备标识发送至处理模块;处理模块还用于解析凭证信息得到第一设备标识,并将第一设备标识与第二域名服务对应的第二设备标识进行比对,若第一设备标识与第二设备标识一致,则将登录令牌和用户的用户身份信息发送至中台模块;中台模块还用于将登录令牌和用户的用户身份信息发送至第二域名服务,以实现用户对第二域名服务的登录。In one embodiment of the present application, the server includes a middle station module and a processing module; wherein the middle station module is used to obtain a jump request, and in response to the jump request, the login token and the first domain name service corresponding to the first The device identifier is sent to the processing module; the processing module is used to generate credential information according to the login token and the first device identifier; the middle station module is also used to send the credential information to the first domain name service, and obtain credential information from the second domain name service , and send the credential information and the second device identifier of the second domain name service to the processing module; the processing module is also used to parse the credential information to obtain the first device identifier, and send the first device identifier to the second device corresponding to the second domain name service The identification is compared, and if the first device identification is consistent with the second device identification, the login token and the user identity information of the user are sent to the middle platform module; the middle platform module is also used to send the login token and the user identity information of the user Send to the second domain name service to realize the user's login to the second domain name service.
在一个实施例中,中台模块还用于获取来自第一域名服务的登录请求,登录请求携带有用户的用户身份信息,以及响应于登录请求,将用户身份信息发送至处理模块;处理模块还用于根据用户身份信息生成登录令牌;中台模块还用于将登录令牌发送至第一域名服务,以实现用户对第一域名服务的登录。In one embodiment, the middle station module is further configured to obtain a login request from the first domain name service, the login request carries the user identity information of the user, and sends the user identity information to the processing module in response to the login request; the processing module also It is used to generate a login token according to the user identity information; the middle station module is also used to send the login token to the first domain name service, so as to realize the user's login to the first domain name service.
在一个实施例中,处理模块还用于根据用户身份信息和第一域名服务的业务类型对凭证信息进行解析,得到第一设备标识。In one embodiment, the processing module is further configured to parse the credential information according to the user identity information and the business type of the first domain name service, to obtain the first device identifier.
在一个实施例中,处理模块还用于确定第一域名服务的业务类型和/或确定第二域名服务的业务类型。In one embodiment, the processing module is further configured to determine the business type of the first domain name service and/or determine the business type of the second domain name service.
在一个实施例中,中台模块还用于通过预设接口,获取第一域名服务对应的第一设备标识和第二域名服务对应的第二设备标识。In one embodiment, the middle station module is further configured to acquire the first device identifier corresponding to the first domain name service and the second device identifier corresponding to the second domain name service through a preset interface.
在该实时中,服务器设置中台模块,中台模块提供SDK(Software DevelopmentKit,软件开发工具包)能力,能够实现信息中转,使信息传输更加高效,域名服务的接入更加方便快捷。In this real-time, the server is equipped with a middle platform module, which provides SDK (Software Development Kit, software development kit) capability, which can realize information transfer, make information transmission more efficient, and access domain name services more conveniently and quickly.
相比于利用多个服务器之间做接口转化、加密解密从而进行不同域名服务之间的跳转登录的方案,本申请实施例通过设置中台模块,形成平台级别的解决方案,方便公司内各个服务使用,复用性较高,且能够实现统一管理,降低了开发成本,真正地形成了开箱即用的系统化解决方案。Compared with the scheme of using multiple servers for interface conversion, encryption and decryption to perform jump login between different domain name services, the embodiment of this application forms a platform-level solution by setting up a middle-end module, which is convenient for all parties in the company. Service use, high reusability, and unified management can be achieved, which reduces development costs and truly forms an out-of-the-box systematic solution.
在本申请的一个具体实施例中,图2示出了本申请实施例的交互示意图,如图2所示,该方法包括:In a specific embodiment of the present application, FIG. 2 shows a schematic diagram of the interaction of the embodiment of the present application. As shown in FIG. 2, the method includes:
1001.域名A服务访问中台模块提供的请求登录的SDK能力,传递当前将要登录的用户的用户身份信息;1001. The domain name A service accesses the SDK capability provided by the middle platform module to request login, and transmits the user identity information of the user who is currently about to log in;
1002.中台模块将用户身份信息传递至处理模块,处理模块生成token(也即登录令牌);1002. The middle station module transmits the user identity information to the processing module, and the processing module generates a token (that is, a login token);
1003.处理模块向中台模块返回token;1003. The processing module returns the token to the middle station module;
1004.中台模块获取到token后将token和用户身份信息发送至域名A服务,即用户在域名A服务登录成功,实现首次登录;1004. After the middle station module obtains the token, it sends the token and user identity information to the domain name A service, that is, the user successfully logs in to the domain name A service and realizes the first login;
1005.域名A服务业务逻辑触发跳转域名B服务;1005. Domain name A service business logic triggers redirection to domain name B service;
1006.在跳转前域名A服务访问中台模块提供的获取设备标识的SDK能力,也即调用API的能力;1006. Before the jump, the domain name A service accesses the SDK capability provided by the middle platform module to obtain the device identification, that is, the ability to call the API;
1007.中台模块通过调用API获取到域名A服务的设备标识fingerprintA,并将token和fingerprintA传递至处理模块,处理模块生成ticket;1007. The middle station module obtains the device identifier fingerprintA of the domain name A service by calling the API, and passes the token and fingerprintA to the processing module, and the processing module generates a ticket;
1008.处理模块将ticket返回至中台模块;1008. The processing module returns the ticket to the middle station module;
1009.中台模块将ticket返回至域名A服务;1009. The middle station module returns the ticket to the domain name A service;
1010.域名A服务跳转域名B服务,通过URL携带ticket;1010. The domain name A service redirects to the domain name B service, and the ticket is carried through the URL;
1011.域名B服务将ticket传递到中台模块;1011. The domain name B service passes the ticket to the middle station module;
1012.中台模块将ticket和fingerprintB传递至处理模块;1012. The middle station module passes the ticket and fingerprintB to the processing module;
1013.处理模块解析ticket,解析出fingerprintA后与fingerprintB比对,如果一致返回中台模块token;1013. The processing module parses the ticket, parses fingerprintA and compares it with fingerprintB, and returns the token of the middle station module if they are consistent;
1014.中台模块将token和用户身份信息发送至域名B服务;1014. The middle station module sends the token and user identity information to the domain name B service;
1015.域名B服务进行服务访问,以及域名B服务将用户身份信息、token等设置cookie完成存储。1015. The domain name B service accesses the service, and the domain name B service sets a cookie for user identity information, token, etc. to complete storage.
本申请实施例,使用户在访问公司内不同的域名服务时实现用户无感知的跨站访问,避免二次登录,提升了用户体验。与此同时,通过不同域名下的服务实现免登录访问,提升了业务转化率,实现技术为业务赋能。The embodiment of the present application enables users to realize cross-site access without user awareness when accessing different domain name services in the company, avoiding secondary login, and improving user experience. At the same time, login-free access is realized through services under different domain names, which improves the business conversion rate and enables technology to empower business.
并且,通过设备标识识别比对解决了安全风险问题,通过中台实现了服务登录处理的复用,解决了管理不统一的问题。Moreover, the security risk problem is solved through the identification and comparison of equipment, and the reuse of service login processing is realized through the middle platform, which solves the problem of inconsistent management.
本申请实施例还提供了一种服务器,如图3所示,服务器300包括中台模块301和处理模块302。The embodiment of the present application also provides a server. As shown in FIG. 3 , the server 300 includes a middle station module 301 and a processing module 302 .
其中,中台模块301用于获取来自第一域名服务对第二域名服务的跳转请求,以及响应于跳转请求,将登录令牌和第一域名服务对应的第一设备标识发送至处理模块302,其中,第一域名服务为用户已登录,登录令牌为用户在登录第一域名服务时所生成;Among them, the middle station module 301 is used to obtain a jump request from the first domain name service to the second domain name service, and in response to the jump request, send the login token and the first device identifier corresponding to the first domain name service to the processing module 302, wherein, the first domain name service indicates that the user has logged in, and the login token is generated when the user logs in to the first domain name service;
处理模块302用于根据登录令牌和第一设备标识生成凭证信息;The processing module 302 is configured to generate credential information according to the login token and the first device identifier;
中台模块301还用于将凭证信息发送至第一域名服务,以供第一域名服务在跳转至第二域名服务时将凭证信息发送至第二域名服务,以及获取来自第二域名服务的凭证信息,并将凭证信息和第二域名服务的第二设备标识发送至处理模块302;The middle station module 301 is also used to send the credential information to the first domain name service, so that the first domain name service can send the credential information to the second domain name service when jumping to the second domain name service, and obtain the certificate information from the second domain name service. credential information, and send the credential information and the second device identifier of the second domain name service to the processing module 302;
处理模块302还用于解析凭证信息得到第一设备标识,并将第一设备标识与第二设备标识进行比对,若第一设备标识与第二设备标识一致,则将登录令牌和用户的用户身份信息发送至中台模块301;The processing module 302 is further configured to parse the credential information to obtain the first device identifier, and compare the first device identifier with the second device identifier, and if the first device identifier is consistent with the second device identifier, then compare the login token with the user's The user identity information is sent to the middle station module 301;
中台模块301还用于将登录令牌和用户的用户身份信息发送至第二域名服务,以实现用户对第二域名服务的登录。The middle station module 301 is also configured to send the login token and the user identity information of the user to the second domain name service, so as to realize the user's login to the second domain name service.
在该实施例中,客户端已通过对服务器的请求实现用户登录第一域名服务。在用户登录第一域名服务后,出现由第一域名服务跳转至第二域名服务的需求,则客户端向服务器发送跳转请求。In this embodiment, the client has implemented the user's login to the first domain name service through a request to the server. After the user logs in to the first domain name service and there is a need to jump from the first domain name service to the second domain name service, the client sends a jump request to the server.
服务器在接收到从第一域名服务对第二域名服务的跳转请求后,获取第一域名服务对应的第一设备标识,根据用户在登录第一域名服务时所生成的登录令牌和第一域名服务对应的第一设备标识,生成临时的凭证信息,也即,实现通过第一域名服务对应的第一设备标识对登录令牌进行加密,再将凭证信息发送至第一域名服务。After receiving the jump request from the first domain name service to the second domain name service, the server obtains the first device identifier corresponding to the first domain name service, and according to the login token generated by the user when logging in to the first domain name service and the first The first device identifier corresponding to the domain name service generates temporary credential information, that is, encrypts the login token through the first device identifier corresponding to the first domain name service, and then sends the credential information to the first domain name service.
在客户端,第一域名服务跳转至第二域名服务,则第二域名服务从第一域名服务获取到凭证信息,并发送至服务器。服务器在接收到凭证信息后,对凭证信息进行解析,也即对凭证信息进行解密,解密出第一设备标识。再获取第二域名服务对应的第二设备标识,并将解密出的第一设备标识与第二设备标识进行比对,如果二者相同,表明登录第一域名服务和登录第二域名服务的是同一个客户端,则将登录令牌和用户的用户身份信息发送至第二域名服务,以实现用户在第二域名服务上的自动登录。On the client side, the first domain name service jumps to the second domain name service, and the second domain name service obtains credential information from the first domain name service and sends it to the server. After receiving the credential information, the server parses the credential information, that is, decrypts the credential information, and decrypts the first device identifier. Then obtain the second device ID corresponding to the second domain name service, and compare the decrypted first device ID with the second device ID. If the two are the same, it indicates that the person who logged in the first domain name service and the second domain name service is The same client sends the login token and the user identity information of the user to the second domain name service, so as to realize the automatic login of the user on the second domain name service.
本申请实施例中,一方面,用户可以跨域免登录实现服务访问,也即用户无需二次登录即可实现无感的跨域访问,以减少用户的登录操作。另一方面,通过用户客户端的设备标识对登录令牌进行加密,即使出现访问链接被分享或是被拦截至其他客户端的情况,因为其他客户端与用户客户端的设备标识不同,其他客户端也无法解密出通过用户客户端的设备标识进行加密的登录令牌,降低了登录令牌被泄露破解的风险,提升了安全性。再一方面,通过将第一域名服务对应的第一设备标识与第二域名服务对应的第二设备标识进行对比,能够判断出第二域名服务与第一域名服务是否为同一个客户端登录,从而进一步提升了登录的安全性。In the embodiment of the present application, on the one hand, users can access services without logging in across domains, that is, users can achieve cross-domain access without any need for secondary login, so as to reduce user login operations. On the other hand, the login token is encrypted through the device ID of the user client. Even if the access link is shared or intercepted to other clients, because the device IDs of other clients and the user client are different, other clients cannot The login token encrypted by the device identification of the user client is decrypted, which reduces the risk of the login token being leaked and cracked, and improves security. On the other hand, by comparing the first device identifier corresponding to the first domain name service with the second device identifier corresponding to the second domain name service, it can be determined whether the second domain name service and the first domain name service are logged in by the same client, Thereby further improving the security of login.
在一个实施例中,中台模块301还用于获取来自第一域名服务的登录请求,登录请求携带有用户的用户身份信息,以及响应于登录请求,将用户身份信息发送至处理模块302;处理模块302还用于根据用户身份信息生成登录令牌;中台模块301还用于将登录令牌发送至第一域名服务,以实现用户对第一域名服务的登录。In one embodiment, the middle station module 301 is also configured to obtain a login request from the first domain name service, the login request carries the user identity information of the user, and sends the user identity information to the processing module 302 in response to the login request; processing The module 302 is also used to generate a login token according to the user identity information; the middle station module 301 is also used to send the login token to the first domain name service, so as to realize the user's login to the first domain name service.
在一个实施例中,处理模块302还用于根据用户身份信息和第一域名服务的业务类型对凭证信息进行解析,得到第一设备标识。In one embodiment, the processing module 302 is further configured to parse the credential information according to the user identity information and the service type of the first domain name service to obtain the first device identifier.
在一个实施例中,处理模块302还用于确定第一域名服务的业务类型和/或确定第二域名服务的业务类型。In one embodiment, the processing module 302 is further configured to determine the business type of the first domain name service and/or determine the business type of the second domain name service.
在一个实施例中,中台模块301还用于通过预设接口,获取第一域名服务对应的第一设备标识和第二域名服务对应的第二设备标识。In one embodiment, the middle station module 301 is further configured to obtain the first device identifier corresponding to the first domain name service and the second device identifier corresponding to the second domain name service through a preset interface.
在一个实施例中,第一设备标识和/或第二设备标识根据设备信息所生成,设备信息包括以下至少一项:客户端名称、客户端型号、客户端屏幕参数、客户端操作系统类型、客户端操作系统版本。In one embodiment, the first device identifier and/or the second device identifier are generated according to device information, and the device information includes at least one of the following: client name, client model, client screen parameters, client operating system type, Client operating system version.
本申请实施例还提供了一种跨域登录系统,如图4所示,该跨域登录系统包括客户端、中台模块、处理模块以及储存层,其中,客户端即为视图层,具有第一域名服务和第二域名服务,可通过vue、react等技术实现;中台模块即为中间层,作为信息中转模块,可通过node、JavaScript等技术实现;处理模块即为服务层,能够进行信息处理,可通过Java、PHP等技术实现;储存层用于进行信息存储,可通过mysql等技术实现。The embodiment of the present application also provides a cross-domain login system. As shown in FIG. The first domain name service and the second domain name service can be realized through vue, react and other technologies; the middle platform module is the middle layer, and as an information transfer module, it can be realized through node, JavaScript and other technologies; the processing module is the service layer, which can process information The processing can be realized by technologies such as Java and PHP; the storage layer is used for information storage and can be realized by technologies such as mysql.
客户端、中台模块和处理模块的具体工作逻辑如上述实施例所述,且能达到相同的技术效果,为避免重复,这里不再赘述。The specific working logic of the client, the middle station module and the processing module is as described in the above-mentioned embodiments, and can achieve the same technical effect. To avoid repetition, details are not repeated here.
本申请实施例还提供一种可读存储介质,可读存储介质上存储有程序或指令,该程序或指令被处理器执行时实现上述跨域登录方法实施例的各个过程,且能达到相同的技术效果,为避免重复,这里不再赘述。The embodiment of the present application also provides a readable storage medium, on which a program or instruction is stored, and when the program or instruction is executed by a processor, each process of the above-mentioned embodiment of the cross-domain login method can be achieved, and the same Technical effects, in order to avoid repetition, will not be repeated here.
需要说明的是,在本文中,术语“包括”、“包含”或者其任何其他变体意在涵盖非排他性的包含,从而使得包括一系列要素的过程、方法、物品或者装置不仅包括那些要素,而且还包括没有明确列出的其他要素,或者是还包括为这种过程、方法、物品或者装置所固有的要素。在没有更多限制的情况下,由语句“包括一个……”限定的要素,并不排除在包括该要素的过程、方法、物品或者装置中还存在另外的相同要素。此外,需要指出的是,本申请实施方式中的方法和装置的范围不限按示出或讨论的顺序来执行功能,还可包括根据所涉及的功能按基本同时的方式或按相反的顺序来执行功能,例如,可以按不同于所描述的次序来执行所描述的方法,并且还可以添加、省去、或组合各种步骤。另外,参照某些示例所描述的特征可在其他示例中被组合。It should be noted that, in this document, the term "comprising", "comprising" or any other variation thereof is intended to cover a non-exclusive inclusion such that a process, method, article or apparatus comprising a set of elements includes not only those elements, It also includes other elements not expressly listed, or elements inherent in the process, method, article, or device. Without further limitations, an element defined by the phrase "comprising a ..." does not preclude the presence of additional identical elements in the process, method, article, or apparatus comprising that element. In addition, it should be pointed out that the scope of the methods and devices in the embodiments of the present application is not limited to performing functions in the order shown or discussed, and may also include performing functions in a substantially simultaneous manner or in reverse order according to the functions involved. Functions are performed, for example, the described methods may be performed in an order different from that described, and various steps may also be added, omitted, or combined. Additionally, features described with reference to certain examples may be combined in other examples.
上面结合附图对本申请的实施例进行了描述,但是本申请并不局限于上述的具体实施方式,上述的具体实施方式仅仅是示意性的,而不是限制性的,本领域的普通技术人员在本申请的启示下,在不脱离本申请宗旨和权利要求所保护的范围情况下,还可做出很多形式,均属于本申请的保护之内。The embodiments of the present application have been described above in conjunction with the accompanying drawings, but the present application is not limited to the above-mentioned specific implementations. The above-mentioned specific implementations are only illustrative and not restrictive. Those of ordinary skill in the art will Under the inspiration of this application, without departing from the purpose of this application and the scope of protection of the claims, many forms can also be made, all of which belong to the protection of this application.
Claims (10)
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202310380294.4A CN116582298A (en) | 2023-04-11 | 2023-04-11 | A cross-domain login method, server and readable storage medium |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202310380294.4A CN116582298A (en) | 2023-04-11 | 2023-04-11 | A cross-domain login method, server and readable storage medium |
Publications (1)
Publication Number | Publication Date |
---|---|
CN116582298A true CN116582298A (en) | 2023-08-11 |
Family
ID=87534885
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202310380294.4A Pending CN116582298A (en) | 2023-04-11 | 2023-04-11 | A cross-domain login method, server and readable storage medium |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN116582298A (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN116915413A (en) * | 2023-08-14 | 2023-10-20 | 天翼物联科技有限公司 | CoAP protocol-based session processing method, system and storage medium |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111565181A (en) * | 2020-04-28 | 2020-08-21 | 中国联合网络通信集团有限公司 | Single equipment login method, server and client |
CN113591059A (en) * | 2021-08-02 | 2021-11-02 | 云赛智联股份有限公司 | User login authentication method |
CN113746857A (en) * | 2021-09-09 | 2021-12-03 | 深圳市腾讯网域计算机网络有限公司 | Login method, device, equipment and computer readable storage medium |
CN115208648A (en) * | 2022-07-05 | 2022-10-18 | 中电金信软件有限公司 | Login token generation method and device, electronic equipment and storage medium |
-
2023
- 2023-04-11 CN CN202310380294.4A patent/CN116582298A/en active Pending
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111565181A (en) * | 2020-04-28 | 2020-08-21 | 中国联合网络通信集团有限公司 | Single equipment login method, server and client |
CN113591059A (en) * | 2021-08-02 | 2021-11-02 | 云赛智联股份有限公司 | User login authentication method |
CN113746857A (en) * | 2021-09-09 | 2021-12-03 | 深圳市腾讯网域计算机网络有限公司 | Login method, device, equipment and computer readable storage medium |
CN115208648A (en) * | 2022-07-05 | 2022-10-18 | 中电金信软件有限公司 | Login token generation method and device, electronic equipment and storage medium |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN116915413A (en) * | 2023-08-14 | 2023-10-20 | 天翼物联科技有限公司 | CoAP protocol-based session processing method, system and storage medium |
WO2025036507A1 (en) * | 2023-08-14 | 2025-02-20 | 天翼物联科技有限公司 | Session processing method and system based on coap, and storage medium |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US10554420B2 (en) | Wireless connections to a wireless access point | |
US7010582B1 (en) | Systems and methods providing interactions between multiple servers and an end use device | |
CN104735066B (en) | A kind of single-point logging method of object web page application, device and system | |
CN103716326B (en) | Resource access method and URG | |
US8925046B2 (en) | Device, method, and recording medium | |
US8024786B2 (en) | System and methods for secure service oriented architectures | |
CN106209726B (en) | A mobile application single sign-on method and device | |
CN109981561A (en) | Monomer architecture system moves to the user authen method of micro services framework | |
CN112468481B (en) | Single-page and multi-page web application identity integrated authentication method based on CAS | |
CN110225050B (en) | JWT token management method | |
US9923906B2 (en) | System, method and computer program product for access authentication | |
CN108243188B (en) | Interface access, interface call and interface verification processing method and device | |
CN106131079A (en) | A kind of authentication method, system and proxy server | |
US11411731B2 (en) | Secure API flow | |
CN103220259A (en) | Using method, call method, device and system of Oauth application programming interface (API) | |
CN111062023B (en) | Method and device for realizing single sign-on of multi-application system | |
CN118944911A (en) | Identity authentication method and system based on wearable device | |
CN102739708A (en) | System and method for accessing third party application based on cloud platform | |
CN106302606A (en) | A kind of across application access method and device | |
CN113271289A (en) | Method, system and computer storage medium for resource authorization and access | |
Huang et al. | A token-based user authentication mechanism for data exchange in RESTful API | |
CN106331003A (en) | A method and device for accessing an application portal system on a cloud desktop | |
CN108768928B (en) | Information acquisition method, terminal and server | |
CN116582298A (en) | A cross-domain login method, server and readable storage medium | |
CN106911628A (en) | A kind of user registers the method and device of application software on the client |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
CB02 | Change of applicant information |
Country or region after: China Address after: 100102 Li Ze Zhong Yuan Er Qu 203 Hao - 1 to 8 floors all inner 8th floor B section 802 Applicant after: Beijing Shuidi Technology Group Co.,Ltd. Address before: 100102 201 / F, block C, 2 lizezhong 2nd Road, Chaoyang District, Beijing Applicant before: Beijing Shuidi Technology Group Co.,Ltd. Country or region before: China |
|
CB02 | Change of applicant information |