A method and system for credential management in a microservice system

By establishing a credential management module in the microservice system, credentials can be obtained and refreshed centrally in a unified manner, which solves the problem of chaotic credential management, achieves orderly credential allocation, and reduces the burden on microservices.

CN113220410BActive Publication Date: 2026-06-30GUANGZHOU TIANGAO SOFTWARE TECH CO LTD

Patent Information

Authority / Receiving Office
CN · China
Patent Type
Patents(China)
Current Assignee / Owner
GUANGZHOU TIANGAO SOFTWARE TECH CO LTD
Filing Date
2021-03-02
Publication Date
2026-06-30

Smart Images

  • Figure CN113220410B_ABST
    Figure CN113220410B_ABST
Patent Text Reader

Abstract

This invention discloses a credential management method for microservice systems, comprising the following three steps: obtaining token credentials returned by the microservice system; establishing a credential management module to uniformly manage token credentials and obtain real-time token refresh credentials; and distributing the token refresh credentials to clients. This credential management method for microservice systems enables unified management, centralized refreshing, and scheduling of token credentials, avoiding management chaos and reducing the burden on microservices.
Need to check novelty before this filing date? Find Prior Art

Description

Technical Field

[0001] This invention relates to the field of credential management technology for microservice systems, and specifically to a method and system for credential management in microservice systems. Background Technology

[0002] In current microservice architectures, the granularity of microservice division is becoming increasingly fine. A complete system may include dozens or even hundreds of microservices, and each microservice may need to interact with third-party services. Interaction with third-party services generally requires credentials, such as appId, keys, or tokens. Different microservices may use the same appId.

[0003] However, if a large number of third-party credentials, along with the credential refresh and management, are placed in each microservice, it violates the principle of single responsibility, leading to chaotic management. Credentials may not be distributed to any microservice, and there is also the distributed problem of different services refreshing the same appId. Summary of the Invention

[0004] The technical problem to be solved by this invention is that the management of large amounts of third-party credentials using existing technology is prone to chaos. The purpose is to provide a method and system for managing credentials in microservice systems, so as to manage the credentials of microservice systems in a scientific and orderly manner.

[0005] This invention is achieved through the following technical solution:

[0006] A method for managing credentials in a microservice system includes the following steps:

[0007] Step 1: Obtain the token from the microservice system;

[0008] Step 2: Establish a voucher management module to manage the acquired token vouchers in a unified manner and obtain real-time token refresh vouchers;

[0009] Step 3: Distribute the token refresh credential to the client.

[0010] The innovation of this invention lies in addressing the problem of chaotic management caused by the existing technology's method of managing and refreshing microservice system credentials one by one. This invention obtains microservice system credentials in a unified manner and establishes a credential management module to manage, refresh, and schedule the obtained microservice system credentials in a unified way. The responsibilities are clear and the project structure is clear, thereby reducing the burden on microservices and effectively avoiding the management chaos problem of the existing technology.

[0011] As a further description of the present invention, the above-mentioned method for unified management of token credentials is as follows:

[0012] Step 2.1: Create a token database table and store the obtained tokens in the token database table;

[0013] Step 2.2: Read the token from the token database table and refresh the read token to obtain the token refresh certificate;

[0014] Step 2.3: Store the token refresh certificate back into the token certificate database table.

[0015] Another inventive aspect of this invention is that a token database table is established in the token management module to temporarily store the acquired tokens for centralized and unified management, avoiding the scattered distribution of tokens; when it is necessary to refresh the tokens, the tokens only need to be read from the token database table, thereby achieving orderly management.

[0016] As a further description of the present invention, the specific method for assigning the token refresh credential to the client is as follows:

[0017] Step 3.1: Retrieve the token refresh certificate from the token certificate database table;

[0018] Step 3.2: Distribute the token refresh credentials to the client via the standard refresh interface.

[0019] As a further description of the present invention, the method for obtaining token credentials is as follows: using the API exposure interface to uniformly obtain token credentials of the same type in the microservice system.

[0020] As a further description of the present invention, the method for storing token credentials and token refresh credentials is as follows: the token credentials and token refresh credentials are classified and stored according to different credential types.

[0021] A microservice system credential management system, comprising:

[0022] The credential acquisition module is used to obtain the token credentials returned by the microservice system;

[0023] The credential management module is used to manage the acquired token credentials in a unified manner and obtain token refresh credentials;

[0024] The credential allocation module is used to allocate token refresh credentials to clients.

[0025] As a further description of the present invention, the above-mentioned credential acquisition module includes an API exposure interface.

[0026] As a further description of the present invention, the credential management module includes: a token credential database table for storing the token credential and the token refresh credential; and a distributed timed task scheduling unit for refreshing the token credential read from the token credential database table to obtain a token refresh credential, and storing the token refresh credential in the token credential database table.

[0027] As a further description of the present invention, the credential allocation module includes a standard refresh interface.

[0028] As a further description of the present invention, the token database table includes: a token storage unit for storing tokens from the token acquisition module; and a token refresh storage unit for storing token refreshes from the distributed timed task scheduling unit.

[0029] Compared with the prior art, the present invention has the following advantages and beneficial effects:

[0030] 1. The present invention provides a method and system for managing credentials in a microservice system, which facilitates unified management and refreshing of credentials in a microservice system and effectively avoids the problem of management chaos;

[0031] 2. The present invention provides a method and system for managing credentials in a microservice system, which can reduce the burden on microservices and has clearly defined responsibilities and a clear structure. Attached Figure Description

[0032] The accompanying drawings, which are included to provide a further understanding of embodiments of the invention and form part of this application, do not constitute a limitation thereof. In the drawings:

[0033] Figure 1 This is a schematic diagram illustrating the principle of existing microservice system credential management methods.

[0034] Figure 2 This is a schematic diagram illustrating the principle of a microservice system credential management method according to Embodiment 1 of the present invention.

[0035] Figure 3 This is a flowchart of a microservice system credential management method according to Embodiment 1 of the present invention. Detailed Implementation

[0036] To make the objectives, technical solutions, and advantages of the present invention clearer, the present invention will be further described in detail below with reference to the embodiments and accompanying drawings. The illustrative embodiments and descriptions of the present invention are only used to explain the present invention and are not intended to limit the present invention.

[0037] Example 1:

[0038] Typically, after a client's service request to the authorization center is approved, the authorization center issues different types of tokens corresponding to each microservice request to the client. The client then uses these tokens to interact with third-party services. Current technology places the large number of third-party credentials, along with their updating and management, within each microservice. Figure 1 As shown. This violates the principle of single responsibility, leading to management chaos, and even the possibility that tokens may not be assigned to any microservice. It also faces the distributed problem of different services refreshing the same appId. To avoid management chaos caused by a large number of tokens, and even the possibility that tokens may not be assigned to any microservice, this embodiment provides a microservice system token management method that provides unified management, centralized refreshing, and scheduling of tokens. The principle of this method can be found in [reference needed]. Figure 2 .

[0039] Figure 3 This is a flowchart of a microservice system credential management method according to this embodiment. As shown in the figure, before unified management of token credentials, it is first necessary to uniformly obtain different types of token credentials issued by the authorization center for different microservices. This embodiment of a microservice system credential management method utilizes API exposed interfaces to uniformly obtain different types of token credentials (such as WeChat Official Account token credentials, WeChat Pay token credentials, Mini Program token credentials, third-party interface token credentials, etc.) corresponding to different microservices (such as microservice A, microservice B, microservice C, etc.) under the microservice system. By establishing a credential management module, the obtained token credentials are uniformly managed and centrally refreshed to obtain token refresh credentials, and then the token refresh credentials are distributed to clients through a standard refresh interface.

[0040] It should be noted that when establishing the credential management module, a token database table must first be created to manage tokens uniformly. This table serves two purposes: firstly, it temporarily stores tokens obtained through the API exposure interface; secondly, it temporarily stores refreshed tokens. The specific management process is as follows:

[0041] The first step is for the API exposed interface to categorize and store the obtained tokens into a token database table according to different token types;

[0042] The second step involves refreshing the token credentials using a distributed scheduled task. This task uses a distributed scheduled task module to read tokens from the token database table, refreshes the read tokens periodically to obtain real-time refreshed tokens, and then stores these refreshed tokens back into the token database table. It should be noted that the refreshed tokens are also stored categorized according to different token types.

[0043] The third step is to use the standard refresh interface to assign the tokens in the token database table to the corresponding clients according to different token types.

[0044] By utilizing the aforementioned microservice system credential management method, unified management, centralized refresh, and scheduling of tokens can be achieved, avoiding management chaos and reducing the burden on microservices.

[0045] Example 2:

[0046] A microservice system credential management system includes: a credential acquisition module, a credential management module, and a credential allocation module. The credential acquisition module is used to acquire token credentials returned by the microservice system; the credential management module is used to uniformly manage the acquired token credentials to obtain token refresh credentials; and the credential allocation module is used to allocate token refresh credentials to clients.

[0047] The aforementioned credential acquisition module includes: API exposure interface.

[0048] The aforementioned credential management module includes a token database table and a distributed scheduled task unit. The token database table stores tokens and token refresh credentials. The distributed scheduled task unit refreshes tokens read from the token database table to obtain token refresh credentials, and then stores these refresh credentials back into the token database table.

[0049] The aforementioned credential allocation module includes a standard refresh interface.

[0050] The aforementioned token database table includes a token storage unit and a token refresh storage unit. The token storage unit stores tokens obtained from the token acquisition module; the token refresh storage unit stores tokens refreshed from the distributed timed task scheduling unit.

[0051] The specific embodiments described above further illustrate the purpose, technical solution, and beneficial effects of the present invention. It should be understood that the above description is only a specific embodiment of the present invention and is not intended to limit the scope of protection of the present invention. Any modifications, equivalent substitutions, improvements, etc., made within the spirit and principles of the present invention should be included within the scope of protection of the present invention.

Claims

1. A method for managing credentials of a microservice system, characterized in that, Includes the following steps: Step 1: Obtain the token from the microservice system; Step 2: Establish a voucher management module to manage the token vouchers in a unified manner and obtain real-time token refresh vouchers; Step 3: Distribute the token refresh credentials to the corresponding clients according to different credential types; The method for unified management of the aforementioned token is as follows: Step 2.1: Establish a token database table and store the tokens according to different token types in the token storage unit of the token database table; Step 2.2: Read the token from the token database table and refresh the read token to obtain the token refresh token; Step 2.3: The token refresh credentials are reclassified according to different credential types and stored in the token refresh credential storage unit of the token credential database table.

2. The microservice system credential management method of claim 1, wherein, The specific method for assigning the token refresh credentials to the corresponding clients according to different credential types is as follows: Step 3.1: Retrieve the token refresh certificate from the token certificate database table; Step 3.2: Distribute the token refresh credentials to the client via the standard refresh interface.

3. The method for managing credentials in a microservice system according to claim 1, characterized in that, The method for obtaining the token is as follows: use the API exposed interface to uniformly obtain tokens of the same type in the microservice system.

4. A microservice system credential management system, characterized in that, include: The credential acquisition module is used to obtain the token credentials returned by the microservice system; The credential management module is used to manage the acquired token credentials in a unified manner and obtain token refresh credentials; The credential allocation module is used to allocate the token refresh credential to the corresponding client according to different credential types; The method for unified management of the aforementioned token is as follows: Step 2.1: Establish a token database table and store the tokens according to different token types in the token storage unit of the token database table; Step 2.2: Read the token from the token database table and refresh the read token to obtain the token refresh token; Step 2.3: The token refresh credentials are reclassified according to different credential types and stored in the token credential storage unit of the token credential database table.

5. A microservice system credential management system according to claim 4, characterized in that, The credential acquisition module includes an API exposure interface.

6. A microservice system credential management system according to claim 4 or 5, characterized in that, The voucher management module includes: The token credential database table is used to store the token credential and the token refresh credential; A distributed scheduled task unit is used to refresh the token credentials read from the token credential database table to obtain a token refresh credential, and store the token refresh credential in the token credential database table.

7. A microservice system credential management system according to claim 4 or 5, characterized in that, The credential allocation module includes a standard refresh interface.

8. A microservice system credential management system according to claim 6, characterized in that, The token database table includes: The token storage unit is used to store tokens obtained from the token acquisition module; The token refresh credential storage unit is used to store token refresh credentials from the distributed timed task scheduling unit.