| CPC H04L 63/0876 (2013.01) [H04L 63/0236 (2013.01); H04L 63/0807 (2013.01); H04L 63/107 (2013.01); H04W 12/30 (2021.01); H04W 12/63 (2021.01)] | 20 Claims |
|
1. A method of distributed authorization, comprising:
receiving, by a connected device from a browser executing a client application, a client token and an access request, the client token defining permissions for the client application and a domain hosting the client application, and the client token including a signature generated using a private key of a client token issuer associated with the client token;
verifying, by the connected device, the signature of the client token using a public key of the client token issuer;
determining, by the connected device, that the client token grants the client application permission for the access request responsive to verifying the signature of the client token using the public key of the client token issuer;
generating, by the connected device, an access token that grants the client application permission for the access request and includes an identification of the domain hosting the client application; and
replying, by the connected device, to the browser with a redirect response including the access token, wherein:
the redirect response is executable by the browser to make the access token available to the client application for use by the client application when requesting the connected device to perform a task; and
the redirect response, upon execution by the browser, causes the browser to pass the access token to the domain hosting the client application using the identification of the domain hosting the client application from the access token.
|