US 12,231,430 B2
Cloud service artifact tokens
Wei-ting Timothy Woo, Kirkland, WA (US); Vladimir Fesich, Newcastle, WA (US); Seshadri Mani, Redmond, WA (US); Jeffrey Lamar McDowell, Redmond, WA (US); and Naresh Kannan, Seattle, WA (US)
Assigned to MICROSOFT TECHNOLOGY LICENSING, LLC, Redmond, WA (US)
Filed by MICROSOFT TECHNOLOGY LICENSING, LLC, Redmond, WA (US)
Filed on Oct. 27, 2021, as Appl. No. 17/512,621.
Prior Publication US 2023/0127695 A1, Apr. 27, 2023
Int. Cl. H04L 9/40 (2022.01); G06Q 10/1093 (2023.01); H04L 67/10 (2022.01)
CPC H04L 63/101 (2013.01) [G06Q 10/1095 (2013.01); H04L 63/0807 (2013.01); H04L 63/0884 (2013.01); H04L 63/10 (2013.01); H04L 63/108 (2013.01); H04L 67/10 (2013.01)] 18 Claims
OG exemplary drawing
 
1. A method for authorizing access to a cloud service, comprising:
receiving an artifact token generation request that includes an active user token, an application identifier of an application, and an operation identifier of an operation of a cloud service;
verifying that the application has permission to access the operation of the cloud service by determining that an allow-list includes an allow list item that includes the operation identifier and the application identifier;
extracting, from the active user token, a permission to invoke the operation of the cloud service;
generating an artifact token in part from an intersection of the extracted permission and permissions included in an application token of the application;
providing the artifact token to the application;
receiving, from the application, an authorization request for the operation of the cloud service, the authorization request including the artifact token;
verifying that the application has permission to access the operation of the cloud service based on the extracted permission stored in the artifact token; and
providing an authorization token usable by the application to invoke the operation of the cloud service.