| CPC H04L 9/0825 (2013.01) [H04L 9/3213 (2013.01); H04L 63/20 (2013.01); H04L 67/02 (2013.01); H04L 2463/082 (2013.01)] | 16 Claims |
|
1. A method for authenticating a user of an OAuth client by an OAuth authorization server, the method comprising:
receiving a client attestation token (CAT) from the OAuth client using extensibility mechanisms compliant with an OAuth assertion framework;
receiving a public key (PK) and proof of possession (POP) of a private key paired with the PK from the OAuth client;
verifying the CAT;
issuing an application programming interface (API) access token (AAT) to the OAuth client, the AAT being associated with the verified CAT;
receiving the AAT in return, together with the POP of the private key;
exposing an authentication state machine to the OAuth client by an application programming interface (API) adhering to the principles of REpresentational State Transfer (REST), the authentication state machine having states comprising hypermedia-based representations of login resources, and transitions between states are represented by hypermedia links;
sending to the OAuth client a hypermedia representation of an initial state of the state machine;
within the API, repeating the following steps until a final state is reached:
receiving a hypertext transfer protocol (HTTP) request from the OAuth client for one of the hypermedia representations in the state machine, the request being based on either user interaction or automated logic with the OAuth client;
transitioning to a new state as a result of the received request when the request complies with the predefined requirements necessary to exit the current state; and
sending to the OAuth client a hypermedia representation of the new state; and
when the final state of the state machine has been reached, issuing a secondary access token, AT, to the OAuth client, thereby authenticating the user, wherein hypermedia representations which are sent to the OAuth client are encoded so as to be readily parsable by the OAuth client.
|