[go: up one dir, main page]

CN117240539A - Method and device for logging in system - Google Patents

Method and device for logging in system Download PDF

Info

Publication number
CN117240539A
CN117240539A CN202311176265.2A CN202311176265A CN117240539A CN 117240539 A CN117240539 A CN 117240539A CN 202311176265 A CN202311176265 A CN 202311176265A CN 117240539 A CN117240539 A CN 117240539A
Authority
CN
China
Prior art keywords
terminal
information
enterprise
authentication
user
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202311176265.2A
Other languages
Chinese (zh)
Inventor
钱俊平
惠永先
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
United Life Insurance Co ltd
Original Assignee
United Life Insurance Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by United Life Insurance Co ltd filed Critical United Life Insurance Co ltd
Priority to CN202311176265.2A priority Critical patent/CN117240539A/en
Publication of CN117240539A publication Critical patent/CN117240539A/en
Pending legal-status Critical Current

Links

Landscapes

  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The application discloses a method and a device for logging in a system, which are applied to the technical field of computers. The method comprises the following steps: receiving first authorization request information sent by a first terminal, wherein the first authorization request information indicates a first system to request identity information of an authorized user, and the first system comprises: an enterprise integrated internal system or a third party system; authenticating the first system according to the first authorization request information; and if the authentication is passed, sending a first identifier and a token of the user to the first terminal, wherein the first identifier and the token are used for logging in a first system and acquiring identity information. Through the open platform of enterprise, can authorize user's identity information when user wants to log in the internal system or third party system that enterprise integrated, can realize the access authorization and the access control to different systems through the open platform to can reduce the risk of data leakage, improve the security and the reliability of system.

Description

Method and device for logging in system
Technical Field
The present application relates to the field of computer technologies, and in particular, to a method and an apparatus for logging in a system.
Background
In a specific business scenario, an enterprise will typically provide three platforms for different users to perform business operations separately, one being application software, one being an official WeChat public number, and another being an enterprise WeChat.
In the prior art, the login systems of the three platforms are often independent of each other, but there is a common crossover in the development and use of functions. Therefore, the above-described prior art may cause a risk of data leakage.
Disclosure of Invention
In view of the above, the present application provides a method and apparatus for logging in a system, so as to achieve the purpose of reducing the risk of data leakage.
The method for logging in the system is applied to an open platform of an enterprise and is realized in the following way:
receiving first authorization request information sent by a first terminal, wherein the first authorization request information indicates a first system to request identity information of an authorized user, and the first system comprises: an enterprise integrated internal system or a third party system;
authenticating the first system according to the first authorization request information;
and if the authentication is passed, sending a first identifier and a token of the user to the first terminal, wherein the first identifier and the token are used for logging in a first system and acquiring identity information.
Optionally, authenticating the first system according to the first authorization request information includes:
if the first system is determined to be in the white list according to the first authorization request information, sending temporary login credentials to the first terminal, wherein the white list comprises: a set of systems having enterprise authentication information issued by an enterprise;
and if the temporary login credentials and the enterprise authentication information corresponding to the first system sent by the first terminal are received within the preset time, checking the temporary login credentials and the enterprise authentication information corresponding to the first system.
Optionally, if the authentication passes, sending the first identification and the token of the user to the first terminal, including:
if the authentication is passed, sending second authorization request information to the first terminal, wherein the second authorization request information is used for inquiring whether the user agrees with the authorization identity information;
and receiving grant authorization information which is sent by the first terminal and aims at the second authorization request information, and sending a first identification and a token of the user to the first terminal.
Optionally, before receiving the first authorization request information sent by the first terminal, the method further includes:
and receiving first login information sent by the first terminal, wherein the first login information indicates a user to login a first platform, and the first platform is an application program corresponding to an enterprise.
Optionally, the first authorization request information is obtained by the first system through an integrated page or a shared page in a second platform, where the second platform includes: official WeChat public numbers or enterprise WeChat corresponding to enterprises;
after verifying the temporary login credentials and the enterprise authentication information corresponding to the first system, the method further comprises:
sending verification information to the WeChat open platform, wherein the verification information indicates the WeChat open platform to carry out enterprise qualification verification on an enterprise;
receiving verification passing information aiming at verification information and a second identifier of a user, wherein the verification passing information is sent by a WeChat open platform;
and calling an interface corresponding to the second platform, and determining a first identifier according to the second identifier.
Optionally, before receiving the first authorization request information sent by the first terminal, the method further includes:
and receiving second login information sent by the first terminal, wherein the second login information indicates the user to log in the second platform.
Optionally, the user is an agent, the first login information indicates the agent to login the first platform through WeChat authorization, the first login information carries temporary login credentials, and the temporary login credentials are obtained by the first platform calling the WeChat open platform;
the method further comprises:
and calling the WeChat open platform to acquire the first identification according to the temporary login credentials.
Optionally, before sending the first identification of the user and the token to the first terminal, the method further comprises:
judging whether the agent completes the official micro authentication;
if the agent completes the official micro authentication, sending an agent identification and a token of the agent to the first terminal;
if the agent does not complete the official micro-authentication, the first identification is sent to the first terminal, and the first terminal is prompted to return the agent identification so as to conduct the official micro-authentication.
The application also provides a device for logging in the system, which is applied to the open platform of the enterprise and comprises: the device comprises a receiving module, an authentication module and a login module;
the receiving module is configured to receive first authorization request information sent by the first terminal, where the first authorization request information indicates that the first system requests identity information of an authorized user, and the first system includes: an enterprise integrated internal system or a third party system;
the authentication module is used for authenticating the first system according to the first authorization request information;
and the login module is used for sending a first identifier and a token of the user to the first terminal if the authentication is passed, wherein the first identifier and the token are used for logging in the first system and acquiring identity information.
The present application also provides a computer device comprising: and the processor is coupled with the memory, at least one computer program instruction is stored in the memory, and the at least one computer program instruction is loaded and executed by the processor, so that the computer equipment realizes the method for logging in the system.
Therefore, the application has the beneficial effects that: through the open platform of enterprise, can be when the user wants to log in the internal system or the third party system that the enterprise integrated, authorize user's identity information, therefore the user need not to log in a plurality of platforms repeatedly and authorize a plurality of times to a plurality of platforms, can realize access authorization and access control to different systems through the open platform to can improve the security of data and customer end, protect data security and privacy, reduce the risk of data leakage, improve the security and the reliability of system.
Drawings
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings that are required in the embodiments or the description of the prior art will be briefly described, and it is obvious that the drawings in the following description are only embodiments of the present application, and that other drawings may be obtained according to the provided drawings for a person skilled in the art.
FIG. 1 is a diagram showing a comparison of a system architecture according to the present application;
FIG. 2 is a flow chart of a first embodiment of the present application;
FIG. 3 is a flow chart of a second embodiment of the present application;
FIG. 4 is a flow chart of a third embodiment of the present application;
FIG. 5 is a schematic diagram of a system of the login system of the present application;
FIG. 6 is a schematic diagram of a device for logging in to a system according to the present application;
FIG. 7 is a schematic diagram of a computer device of the present application.
Detailed Description
The following description of the embodiments of the present application will be made clearly and completely with reference to the accompanying drawings, in which it is apparent that the embodiments described are only some embodiments of the present application, but not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the application without making any inventive effort, are intended to be within the scope of the application.
The inventor finds that, because the three platforms are mutually independent and split, if a user logs in different platforms to perform service operation, multiple login and authentication operations are required, and in the process of repeatedly switching login or in the process of repeatedly authorizing the user, the data is easy to cause the risk of leakage in the process of transferring the user data between the systems.
Referring to fig. 1, a portion a is taken as an example of the existing public-life service line, three platforms are provided, one is an E-public client (hereinafter abbreviated as E-public), one is an official WeChat public number (hereinafter abbreviated as official WeChat), the other is an enterprise WeChat, and the other is an internal crew. The three platforms can be crossed in development and use, but because the user systems aimed by the three platforms are different, the login systems of the three platforms are completely split and independent. If the terminal corresponding to the agent wants to use the functions of the official micro, the actions such as registration, authentication and the like are required to be completed on the official micro; if the terminal corresponding to the customer wants to use the function of the E-group, the user needs to have the login condition required by the E-group, and if the terminal corresponding to the internal crew wants to use the function of the E-group, the user needs to perform the corresponding operation. Therefore, if the agent or the client wants to use the functions of the E-agent and the official, multiple logins are required, which may cause a risk of data leakage.
Meanwhile, as more and more third party systems are in butt joint and public components of the public are open to the outside, the public systems have the necessity of developing from internal autonomy to an open platform. In the application, please refer to the part B in FIG. 1, unified authorized login is performed through the open platform, so that user authentication among multiple ends can be realized only after a user logs in once under different systems and different user systems, thereby realizing unified authorized login of the user in multiple systems and further reducing the risk of data leakage.
In embodiments of the present application, the devices logged into the system may include, but are not limited to, computer devices.
The computer device may include: and the processor is coupled with the memory, and at least one computer program instruction is stored in the memory, and the at least one computer program instruction is loaded and executed by the processor so as to enable the computer equipment to realize a method for logging into the system. The computer device is simply referred to as a computer in the following embodiments.
Referring to fig. 2, the steps of the first embodiment of the present application are as follows:
s201: the computer receives first authorization request information sent by the first terminal.
In the application, the method for logging in the system can be applied to an open platform of an enterprise. Specifically, the enterprise may be a public, and in this case, the computer should be equipped with a public open platform application, so the execution subject in the present application may be a public open platform. It should be noted that the above enterprises may be set according to actual needs, and are not limited to the public.
The first terminal is a terminal used by a user, can be used for logging in a platform and a system, and can be used for receiving and transmitting information to realize a communication function.
The first authorization request information is used for indicating the first system to request the identity information of the authorized user.
Wherein the first system may comprise: an internal system or a third party system integrated by the enterprise. In particular, when an enterprise is public, the internal systems that the enterprise integrates may include, but are not limited to: e-syndication system, UM system (meaning unified subscriber management system for managing syndication feed) and syndication officer microsystems.
The identity information may be changed according to different identities of the user. In particular, when the identity of the user is an agent or an internal crew, the identity information may include, but is not limited to: a temporary login credential, an identity, and a business card uniform resource locator (uniform resource locator, URL), wherein the identity is a unique identity of an agent or a commuter within the enterprise; when the identity of the user is a customer, the identity information may include, but is not limited to: temporary login credentials, nicknames, and avatar URLs.
In some implementations, before receiving the first authorization request information sent by the first terminal, the computer needs to first receive first login information sent by the first terminal, where the first login information indicates that the user logs in to the first platform. The case of logging into the system at this time is: when logging in the application program corresponding to the enterprise, the user wants to log in the internal system or the third party system integrated by the enterprise further. It should be noted that, the first platform is an application program corresponding to an enterprise. Specifically, when the enterprise is a public group, the first platform may be an application program of E-public group.
In other implementations, the first authorization request information may be obtained by the first system through an integration page or a sharing page in the second platform, where the second platform may include: an application program corresponding to an enterprise, an official WeChat public number or an enterprise WeChat. In other implementations, before the computer receives the first authorization request information sent by the first terminal, it also needs to receive second login information sent by the first terminal, where the second login information indicates that the user logs in to the second platform.
S202: the computer authenticates the first system according to the first authorization request information.
After the user logs in the open platform application successfully and logs in the three-way application (such as the first platform and the second platform) integrated by the open platform, when the first system needs to acquire the identity information of the user, the open platform needs to determine whether the first system is an authorized system.
Thus, in some implementations, when the first system is a third party system, "the computer authenticates the first system according to the first authorization request information" may be implemented as follows: if the computer determines that the first system is in the white list according to the first authorization request information, the computer sends temporary login credentials (codes) to the first terminal, wherein the white list comprises: a set of systems having enterprise authentication information issued by an enterprise; and if the temporary login credentials and the enterprise authentication information corresponding to the first system sent by the first terminal are received within the preset time, checking the temporary login credentials and the enterprise authentication information corresponding to the first system.
It should be noted that, the specific value of the preset time is consistent with the specific value of the effective time of the temporary login credentials, so as to ensure that the authentication of the open platform has timeliness.
Specifically, the temporary login credentials may be obtained by OAuth2 (an authentication authorization protocol). By means of the authentication and authorization mechanism in the OAuth2 specification, the enterprise can control the access of the client, thereby ensuring that the client can only access authorized data and application programming interfaces (application program interface, APIs).
In other implementations, when the first system is an internal system integrated by the enterprise, the first system may directly call a Eureka (a service discovery framework developed by Netflix) interface through temporary login credentials for signature-free authentication within a preset time.
S203: if the authentication is passed, the computer sends the first identification of the user and the token to the first terminal.
The first identity and the token are used for logging in the first system and acquiring identity information.
After the authentication of the first system is passed, the open platform needs to ask the user if he agrees to authorize his identity information to the first system. Thus, in some implementations, "if authentication passes, the computer sends the first identity and token of the user to the first terminal, the first identity and token being used to log in to the first system" may be implemented by: if the authentication is passed, the computer sends second authorization request information to the first terminal, wherein the second authorization request information is used for inquiring whether the user agrees with the authorization identity information; the computer receives grant authorization information sent by the first terminal and aiming at the second authorization request information, and sends a first identifier (unionId, a unique identity identifier in an open platform) and a token (token) of a user to the first terminal.
In other implementations, when the user logs in to the second platform (the second platform is an official WeChat public number or an enterprise WeChat), after the computer passes authentication, verification information is further required to be sent to the WeChat open platform, and the verification information indicates the WeChat open platform to perform enterprise qualification verification on the enterprise; receiving verification passing information aiming at verification information and sent by a WeChat open platform, and a second identifier (OpenId, unique identity identifier in application) of a user; and calling an interface corresponding to the second platform, and determining a first identifier according to the second identifier.
In other implementations, when the first system is a third party system, the first system may further perform user permission verification after obtaining the identity information of the user, so as to provide a corresponding function for the user according to the identity information of the user.
In the first embodiment of the application, through the open platform of the enterprise, the identity information of the user can be authorized when the user wants to log in an internal system or a third party system integrated by the enterprise, so that the user does not need to log in a plurality of platforms repeatedly and authorize the plurality of platforms for a plurality of times, and access authorization and access control on different systems can be realized through the open platform, thereby improving the safety of data and clients, protecting the safety and privacy of the data, reducing the risk of data leakage and improving the safety and reliability of the system.
Since the first system obtains the identity information of the public users through the integrated page or the sharing page in the second platform, this situation will be described below.
Referring to fig. 3, the steps of the second embodiment of the present application are as follows:
s301: and the computer receives the second login information sent by the first terminal.
The second login information indicates that the user is logged on to the second platform. It should be noted that, when the second platform is an official WeChat public number or an enterprise WeChat corresponding to the enterprise, the steps S301 to S310 may be executed; when the second platform is an application program corresponding to the enterprise, only the steps S310 to S306 are executed.
S302: the computer receives first authorization request information sent by the first terminal.
At this time, the first authorization request information is obtained by the first system through the integrated page or the shared page in the second platform.
S303: and if the computer determines that the first system is in the white list according to the first authorization request information, the computer sends the temporary login credential to the first terminal.
Specifically, the computer sends temporary login credentials to the first system.
S304: the computer authenticates the first system, if the first system is an internal system integrated by the enterprise, the step S305 is executed, and if the first system is a third party system, the step S306 is executed.
S305: and the computer receives the authentication-free authentication result sent by the first terminal.
It should be noted that, the authentication-free result is obtained by calling the Eureka interface to perform authentication-free through the temporary login credential in the preset time.
S306: and if the computer receives the temporary login credentials and the enterprise authentication information corresponding to the first system, which are sent by the first terminal, in the preset time, the computer verifies the temporary login credentials and the enterprise authentication information corresponding to the first system.
When the second platform is an application program corresponding to the enterprise, if the verification of the temporary login credential and the enterprise authentication information corresponding to the first system is passed, the computer sends the first identifier and the token of the user to the first terminal, and the subsequent steps S307 to S310 are not required.
S307: and if the authentication is passed, the computer sends verification information to the WeChat open platform.
The verification information indicates the WeChat open platform to perform enterprise qualification verification on the enterprise.
S308: and the computer receives verification passing information aiming at the verification information and a second identifier of the user, wherein the verification passing information is sent by the WeChat open platform.
In some implementations, after the WeChat open platform passes the enterprise qualification check, the WeChat open platform may also query whether the user agrees to authorize the first system for its identity information.
Specifically, the WeChat open platform can be used for performing webpage authorization by assembling authorization links of the officer WeChat or the enterprise WeChat, so as to obtain the second identifier.
S309: and the computer calls an interface corresponding to the second platform, and determines the first identifier according to the second identifier.
Specifically, the first system can call the open platform to acquire the user identity information interface through the temporary login credentials and enterprise authentication information corresponding to the first system, and the open platform can call the system interface of the official WeChat or the enterprise WeChat according to the second identifier to acquire the first identifier and the token.
S310: the computer sends a first identification of the user and the token to the first terminal.
In the second embodiment of the application, through the open platform, the user can be automatically authorized to log in the first system when logging in the second platform, thereby avoiding the user from repeatedly logging in or managing a plurality of accounts in a plurality of systems and improving the working efficiency and the productivity. Meanwhile, if one system is loophole or broken, an attacker cannot obtain the access rights of other systems, so that the security risk is reduced.
When a user logs in to the first platform, the user may log in to the first platform through a WeChat authorization in addition to the case of directly logging in to the first platform, and the case of logging in to the first platform will be described below.
Referring to fig. 4, the steps of the third embodiment of the present application are as follows:
s401: the computer receives first login information sent by the first terminal.
In this embodiment, the user is a popular agent. The first login information indicates the agent to log in the first platform through WeChat authorization, and the first login information carries temporary login credentials, wherein the temporary login credentials are acquired by the first platform calling the WeChat open platform.
Thus, in some implementations, the first platform may call the WeChat open platform through OAuth2 to obtain temporary login credentials.
S402: and the computer calls the WeChat open platform to acquire the first identification of the user according to the temporary login credentials.
In some implementations, the computer invokes the WeChat open platform to obtain the first identification based on the temporary login credentials, and an account number (appID) and password (appSecret) of the WeChat open platform.
Optionally, the following steps may also be performed:
s403: the computer determines whether the agent completes the official micro authentication.
S404: if the agent completes the official micro authentication, the computer sends the agent identification and the token of the agent to the first terminal.
In some implementations, if the agent completes the official micro-authentication, the computer may invoke an interface of an official micro-letter public number corresponding to the enterprise, and determine an agent identification of the agent according to the first identification.
S405: if the agent does not complete the official micro-authentication, the computer sends a first identification to the first terminal and prompts the first terminal to return the agent identification so as to conduct the official micro-authentication.
Because the agent does not finish the official micro authentication, the agent identification of the agent cannot be acquired at the moment, the agent needs to log in the first platform by using a user name and a password, and after the login is successful, the first platform can send the agent identification and the first identification to the official micro in the form of a message for silence registration and employee authentication. At this time, the coupling degree between the two systems is reduced through asynchronous processing of the messages, and the problem of interface waiting during silent registration and employee authentication is avoided.
In some implementations, the computer, upon receiving the agent identifier sent by the first terminal, performs authentication binding to the officer micro-request based on the agent identifier, the token, and the first identifier.
After receiving the information, the officer can judge whether the identity information of the agent meets the requirements of registered users and staff authentication, if so, silent registration and staff authentication are carried out, and after the registration authentication is successful, the agent can log in the first platform through WeChat authorization.
In the third embodiment of the application, the agent logs in the first platform through WeChat authorization and judges whether the agent performs the officer micro authentication, so that the user identity can be quickly identified and the login of the first platform can be performed when the agent completes the officer micro authentication, and meanwhile, the agent can be assisted in performing the officer micro authentication when the agent does not complete the officer micro authentication, so that the agent can quickly log in the first platform next time.
Referring to fig. 5, the present application provides a system for logging in a system, comprising: view layer, authorization layer and system layer.
A view layer, comprising: e, popular, official and enterprise WeChat.
An authorization layer, comprising: and the public-in open platform is used for authorizing the system layer.
A system layer, comprising: and the E-group system, the official micro system, the UM system, the third party system and other internal systems are used for processing the group business functions and returning the processed results to the view layer for display.
Optionally, the system 500 for logging into a system further includes: large background.
A large background, comprising: core system and CRM system (a kind of background management system) for handling complex business processes.
Referring to fig. 6, the present application provides a device 600 for logging in a system, which is applied to an open platform of an enterprise, and the device includes: a receiving module 601, an authentication module 602 and a login module 603.
The receiving module 601: the first system is used for receiving first authorization request information sent by the first terminal, the first authorization request information indicates that the first system requests identity information of an authorized user, and the first system comprises: an internal system or a third party system integrated by the enterprise.
Authentication module 602: and the authentication module is used for authenticating the first system according to the first authorization request information.
Login module 603: and if the authentication is passed, the first identification and the token of the user are sent to the first terminal, and the first identification and the token are used for logging in the first system and acquiring identity information.
In the device, through the open platform of the enterprise, the identity information of the user can be authorized when the user wants to log in an internal system or a third party system integrated by the enterprise, so that the user does not need to repeatedly log in a plurality of platforms and authorize the plurality of platforms for a plurality of times, and access authorization and access control to different systems can be realized through the open platform, thereby improving the safety of data and clients, protecting the safety and privacy of the data, reducing the risk of data leakage and improving the safety and reliability of the system.
Optionally, the authentication module 602 includes: a first sending unit and a checking unit.
A first transmitting unit: and if the first system is determined to be in the white list according to the first authorization request information, sending temporary login credentials to the first terminal, wherein the white list comprises: a collection of systems having enterprise authentication information issued by an enterprise.
And a verification unit: and if the temporary login credentials and the enterprise authentication information corresponding to the first system are received within the preset time, verifying the temporary login credentials and the enterprise authentication information corresponding to the first system.
Optionally, the login module 603 includes: a second transmitting unit and a receiving unit.
A second transmitting unit: and if the authentication is passed, sending second authorization request information to the first terminal, wherein the second authorization request information is used for inquiring whether the user agrees to authorize the identity information.
A receiving unit: and the first identification and the token are used for receiving the grant authorization information which is sent by the first terminal and is aiming at the second authorization request information, and sending the first identification and the token of the user to the first terminal.
Optionally, the receiving module 601: the first login information is used for receiving first login information sent by the first terminal, the first login information indicates a user to login to the first platform, and the first platform is an application program corresponding to an enterprise.
Optionally, the first authorization request information is obtained by the first system through an integrated page or a shared page in a second platform, where the second platform includes: an official WeChat public number corresponding to the enterprise or an enterprise WeChat.
Then, an apparatus 600 for logging into a system further comprises: a send module 604 and a call module 605.
The sending module 604: and the verification information is used for sending verification information to the WeChat open platform, and the verification information indicates the WeChat open platform to carry out enterprise qualification verification on the enterprise.
The receiving module 601: and the device is also used for receiving verification passing information aiming at the verification information and a second identifier of the user, which are sent by the WeChat open platform.
Call module 605: and the interface is used for calling the interface corresponding to the second platform, and the first identifier is determined according to the second identifier.
Optionally, the receiving module 601: and the second login information is also used for receiving second login information sent by the first terminal, and the second login information indicates the user to login the second platform.
Optionally, the user is an agent, the first login information indicates the agent to login the first platform through WeChat authorization, the first login information carries temporary login credentials, and the temporary login credentials are obtained by the first platform calling the WeChat open platform;
then, an apparatus 600 for logging into a system further comprises: the module 606 is obtained.
Acquisition module 606: and the method is used for calling the WeChat open platform to acquire the first identifier according to the temporary login credentials.
Optionally, the apparatus 600 for logging into a system further includes: a decision module 607 and a send module 604.
The judgment module 607: and the method is used for judging whether the agent completes the official micro authentication.
The sending module 604: and the device is used for sending the agent identification and the token of the agent to the first terminal if the agent completes the official micro authentication.
The sending module 604: and the method is also used for sending the first identification to the first terminal and prompting the first terminal to return the agent identification if the agent does not finish the official micro-authentication so as to carry out the official micro-authentication.
The specific manner in which the various modules perform the operations in the apparatus of the above embodiments have been described in detail in connection with the embodiments of the method, and will not be described in detail herein.
It should be noted that: in the device for logging in the system according to the above embodiment, when the function of the logging in system is implemented, only the division of the above functional modules is used for illustration, and in practical application, the above functional allocation may be implemented by different functional modules according to needs, that is, the internal structure of the device for logging in the system is divided into different functional modules to implement all or part of the functions described above. In addition, the device for logging in the system provided in the above embodiment and the method embodiment of logging in the system belong to the same concept, and the specific implementation process is detailed in the method embodiment, which is not repeated here.
Referring to fig. 7, the present application also provides a computer device 700, including: a processor 701 and a memory 702.
The processor 701 is coupled to a memory 702, the memory 702 storing at least one computer program of instructions that are loaded and executed by the processor 701 to cause the computer apparatus to implement a method of logging into a system.
Finally, it is further noted that relational terms such as first and second, and the like are used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Moreover, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.
The previous description of the disclosed embodiments is provided to enable any person skilled in the art to make or use the present application. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other embodiments without departing from the spirit or scope of the application. Thus, the present application is not intended to be limited to the embodiments shown herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.

Claims (10)

1. A method of logging into a system, for application to an open platform of an enterprise, the method comprising:
receiving first authorization request information sent by a first terminal, wherein the first authorization request information indicates a first system to request identity information of an authorized user, and the first system comprises: an internal system or a third party system integrated by the enterprise;
authenticating the first system according to the first authorization request information;
and if the authentication is passed, sending a first identifier and a token of the user to the first terminal, wherein the first identifier and the token are used for logging in the first system and acquiring the identity information.
2. The method of claim 1, wherein authenticating the first system based on the first authorization request message comprises:
if the first system is determined to be in the white list according to the first authorization request information, sending temporary login credentials to the first terminal, wherein the white list comprises: a set of systems having enterprise authentication information issued by the enterprise;
and if the temporary login credential and the enterprise authentication information corresponding to the first system sent by the first terminal are received within the preset time, checking the temporary login credential and the enterprise authentication information corresponding to the first system.
3. The method of claim 1, wherein the sending the first identity and token of the user to the first terminal if authentication passes comprises:
if the authentication is passed, sending second authorization request information to the first terminal, wherein the second authorization request information is used for inquiring whether the user agrees to authorize the identity information;
and receiving grant authorization information which is sent by the first terminal and aims at the second authorization request information, and sending a first identification and a token of the user to the first terminal.
4. The method of claim 1, further comprising, prior to receiving the first authorization request message sent by the first terminal:
and receiving first login information sent by the first terminal, wherein the first login information indicates the user to login a first platform, and the first platform is an application program corresponding to the enterprise.
5. The method of claim 2, wherein the first authorization request information is obtained by the first system through an integration page or a sharing page in a second platform, the second platform comprising: the official WeChat public number or the enterprise WeChat corresponding to the enterprise;
after verifying the temporary login credential and the enterprise authentication information corresponding to the first system, the method further includes:
sending verification information to a WeChat open platform, wherein the verification information indicates the WeChat open platform to carry out enterprise qualification verification on the enterprise;
receiving verification passing information which is sent by the WeChat open platform and aims at the verification information, and a second identifier of the user;
and calling an interface corresponding to the second platform, and determining the first identifier according to the second identifier.
6. The method of claim 5, further comprising, prior to receiving the first authorization request message sent by the first terminal:
and receiving second login information sent by the first terminal, wherein the second login information indicates the user to login the second platform.
7. The method of claim 4, wherein the user is an agent, the first login information indicates that the agent is authorized to login to the first platform via a WeChat, the first login information carries temporary login credentials, the temporary login credentials are obtained by the first platform invoking a WeChat open platform;
the method further comprises the steps of:
and calling the WeChat open platform to acquire the first identifier according to the temporary login credential.
8. The method of claim 7, wherein the method further comprises:
judging whether the agent completes official micro authentication;
if the agent completes the official micro authentication, sending the agent identification and the token to the first terminal;
and if the agent does not complete the official micro-authentication, sending the first identification to the first terminal, and prompting the first terminal to return the agent identification so as to perform the official micro-authentication.
9. An apparatus for logging onto a system, the apparatus being adapted for use with an open platform of an enterprise, the apparatus comprising: the device comprises a receiving module, an authentication module and a login module;
the receiving module is configured to receive first authorization request information sent by a first terminal, where the first authorization request information indicates that a first system requests identity information of an authorized user, and the first system includes: an internal system or a third party system integrated by the enterprise;
the authentication module is used for authenticating the first system according to the first authorization request information;
the login module is used for sending a first identifier and a token of the user to the first terminal if the authentication passes, wherein the first identifier and the token are used for logging in the first system and acquiring the identity information.
10. A computer device, the computer device comprising: a processor coupled to a memory having stored therein at least one computer program instruction that is loaded and executed by the processor to cause the computer arrangement to implement the method of any of claims 1-8.
CN202311176265.2A 2023-09-11 2023-09-11 Method and device for logging in system Pending CN117240539A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202311176265.2A CN117240539A (en) 2023-09-11 2023-09-11 Method and device for logging in system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202311176265.2A CN117240539A (en) 2023-09-11 2023-09-11 Method and device for logging in system

Publications (1)

Publication Number Publication Date
CN117240539A true CN117240539A (en) 2023-12-15

Family

ID=89094107

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202311176265.2A Pending CN117240539A (en) 2023-09-11 2023-09-11 Method and device for logging in system

Country Status (1)

Country Link
CN (1) CN117240539A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN118200035A (en) * 2024-04-25 2024-06-14 北京锐客科技有限公司 A secure communication method and system

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN118200035A (en) * 2024-04-25 2024-06-14 北京锐客科技有限公司 A secure communication method and system

Similar Documents

Publication Publication Date Title
US8225103B2 (en) Controlling access to a protected network
CN101729514B (en) Method, device and system for implementing service call
CN104917727B (en) A kind of method, system and device of account's authentication
CN101217367B (en) An operation right judgment system and method realized by introducing right judgment client end
US20130081126A1 (en) System and method for transparent single sign-on
WO2009037700A2 (en) Remote computer access authentication using a mobile device
CN110278084B (en) eID establishing method, related device and system
TW201014315A (en) User identity authentication method, system thereof and identifying code generating maintenance subsystem
CN107113613B (en) Server, mobile terminal, network real-name authentication system and method
WO2018000568A1 (en) Virtual sim card management method, management device, server and terminal
CN109587126A (en) User anthority identifying method and system
CN113747437B (en) Application authorization authentication method and system for 5G message chatbot
CN111538966A (en) Access method, access device, server and storage medium
CN114385995B (en) Method for accessing micro-service to industrial Internet through identification analysis based on Handle and identification service system
CN111163063B (en) Edge application management method and related product
CN112995324A (en) Service calling method, device, computer readable medium and equipment
CN112448956B (en) Authority processing method and device of short message verification code and computer equipment
CN111698259B (en) Dynamic authentication login equipment, system and method based on Bluetooth equipment
CN117240539A (en) Method and device for logging in system
US20080282331A1 (en) User Provisioning With Multi-Factor Authentication
KR101133167B1 (en) Method and apparatus for user verifing process with enhanced security
CN117375954A (en) Multi-factor authentication method based on TOTP
CN117055991A (en) Page access method, page access device, electronic equipment and storage medium
CN107045603A (en) Control method and device are called in a kind of application
CN107590662B (en) Authentication method for calling online bank system, authentication server and system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination