| CPC G06Q 20/3674 (2013.01) [G06F 21/335 (2013.01); G06Q 20/326 (2020.05); G06Q 20/36 (2013.01); G06Q 20/3821 (2013.01); G06Q 20/4014 (2013.01); G06F 2221/2139 (2013.01); G06Q 2220/00 (2013.01)] | 20 Claims |
|
1. A method of using electronic tokens for authenticating a user, comprising:
receiving, by a unified login server of a payment provider server and from a first merchant application on a user device of a user, user authentication credentials;
authenticating, by the unified login server, the user for a first time based on the user authentication credentials;
generating, by a secure token service of the payment provider server and in response to the authenticating, a first access token that grants access to one or more resources of the payment provider server to the first merchant application, the secure token service being different from the unified login server;
sending, by the secure token service, the first access token to the user device;
determining, by the unified login server, that the user has consented to a unified login option across a plurality of merchant applications;
generating, by the unified login server and in response to determining that the user has consented to the unified login option, a refresh token that defines an authorization scope;
storing, by the unified login server, the refresh token in a database;
associating, by the unified login server, the refresh token with the user authentication credentials;
sending, by the unified login server, the refresh token to the user device;
receiving, by the unified login server and from the user device and after the sending the refresh token, a first request to complete a transaction associated with a second merchant application different from the first merchant application, the first request including the refresh token and an identifier from the user device;
determining, by the unified login server, that the refresh token is valid and
that the transaction is a first type of transaction based on the authorization scope;
authenticating, by the unified login server, the user in response to a determination that the refresh token is valid and that the transaction is the first type of transaction;
sending, by the unified login server, a message to the secure token service that indicates the user has been authenticated;
generating, by the secure token service, a second access token that grants access to the one or more resources of the payment provider server to the second merchant application;
sending, by the secure token service, the second access token to the user device; and
authenticating, by the unified login server and based on the second access token and without requiring the user authentication credentials, the user for a second time without notifying the user that the user is being authenticated.
|