Token managing method and system

Abstract

The invention discloses a token managing method and system, relating to the field of Internet. The token managing method comprises the steps that: a user interface receives an authorization command of a user and sends the authorization command to an application provider; the application provider calls a token obtaining interface in an open platform for obtaining a token according to the authorization command, then generates overtime of the token and stores the overtime; the application provider calls a third interface in the open platform by using the token for realizing the corresponding application; the application provider calls a token cancelling interface for cancelling the token when the token is not needed by the subsequent process of the application or the application is completed; and the user interface receives an exit command of the user and calls the token canceling interface for cancelling the token according to the exit command under the condition that the token is not cancelled. According to the method and the system, the potential safety hazards caused by cancelling the token according to the overtime with fixed duration in the prior art are overcome, the token is self-adaptively canceled, and the safety of user information is improved.

Description

technical field [0001] The present invention relates to the technical field of the Internet, in particular to a token (Token) management method and system. Background technique [0002] In the Internet age, some platforms will encapsulate their own services as interfaces for use by third-party developers. We generally call these platforms open platforms. By calling the interface provided by the open platform, third-party developers can easily import user information and provide recharge and other services, saving a lot of development and operating costs for third-party developers. [0003] For an open platform, since user information must be provided to third-party developers, this involves user authentication and authorization. As a result, the OAuth authentication and authorization protocol came into being. So far, two versions of the OAuth protocol are widely used, namely OAuth1.0a and OAuth2.0. In OAuth1.0a, the application side needs to apply for a RequestToken in a...

AI Technical Summary

Problems solved by technology

The existing Token timeout setting scheme is a fixed duration. This setting method is often difficult to apply to all application environments. For example, some applications need to use Token frequently. It is hoped that the timeout time will be long, but the longer the timeout time, the lower the security. Because after the Token is lost, the user's account is within the validity period of the Token, and the thief can use this Token to illegally call the interface to use the stolen user's information

However, some applications only use Token to obtain user information once when logging in, and do not need a particularly long timeout period.

If the application is allowed to choose the timeout time, it is difficult for the application to choose an appropriate timeout time, and it tends to set the timeout time too long, and if it is too long, there will be security problems

Images