1. Field
Aspects of the present invention generally relate to an image forming apparatus, an information processing method, and a storage medium.
2. Description of the Related Art
In recent years, services have been provided that create an electronic document in Portable Document Format (PDF) on the Internet, or accumulate electronic documents on the Internet. Using such services, a user can create a PDF file even if a terminal owned by the user does not have a PDF creation function, and the user can also store electronic documents that exceed the storage capacity of the terminal. A service provider can provide the user with an added value by causing these services to cooperate with each other. For example, the user can store a created electronic document in PDF directly on the Internet, not via the terminal owned by the user. Cooperation of the services can cause some issues.
More specifically, the exchange of more information than desired by the user between the services poses a risk of leakage of user data and personal information. For example, a plurality of services exists on the Internet, and service cooperation is achieved between various services. It is, however, undesirable that a service other than a service that provides the user with a desired result should acquire user data and personal information. At the same time, it is desirable for a service provider that the mechanism of service cooperation should be easily implemented.
In these circumstances, a standard protocol termed OAuth is formulated to achieve authorization cooperation. OAuth is described in detail below. Based on OAuth, for example, data of a user managed by a service A can be accessed by an external service B approved by the user. In this case, after the range of access of the external service B is defined, the access of the external service B to the service A is explicitly authorized by the user. The explicit authorization of the user is referred to as an “authorization operation”.
When the user has performed an authorization operation, the external service B receives from the service A a token that proves the authorization for access (hereinafter referred to as an “authorization token”), and the external service B can access the service A using the authorization token after that.
The use of the authorization token enables the external service B to access the service A by the authority of the user having given the authorization and without authentication information of the user. Thus, the external service B having acquired the authorization token has a responsibility to strictly and properly manage the authorization token. Further, Japanese Patent Application Laid-Open No. 2004-259266 states that an image processing apparatus includes two interfaces to receive a password via an operation panel of the image processing apparatus or a network.
Further, some recent devices provide a user with an added value by cooperating with a cloud service using OAuth.
For example, there are services termed social networking services (hereinafter referred to as “SNSs”). These services can be used through a smartphone. Although there are various SNSs, the installation of a particular application onto the smartphone and the use of the application may facilitate the use of the SNSs. For example, if a user wishes to periodically post their location to an SNS, the user may use a positioning function of a smartphone and use an application that periodically measures a position and posts information to an SNS. This will feel convenient to the user. The application installed on the smartphone accesses the SNS on behalf of the user. OAuth may be used in such a case. The user can use the SNS via the application by permitting the application to perform a minimum function required for using the SNS, for example, posting an article.
Now, a case is considered where an image forming apparatus serves as an OAuth client and cooperates with a cloud service. A user transfers to the image forming apparatus the authority to access a resource in the cloud service, thereby allowing the image forming apparatus to cooperate with the cloud service. It often happens, however, that the image processing apparatus is shared between a plurality of users and therefore a plurality of users is managed. It is, however, undesirable that all the users of the image processing apparatus are able to access the resource in the cloud service while the authority of the user is transferred to the image forming apparatus. Thus, the user of the cloud service and the user of the image forming apparatus need to cooperate with each other.
As one solution for the cooperation of the user of the cloud service, with the user of the image forming apparatus, an authorization token is held being linked with the user of the image forming apparatus, and the cloud service is accessed using the authorization token linked with the user having logged into the image forming apparatus. Thus, it is possible to achieve a single sign-on (SSO) for the cloud service and the image forming apparatus. To link the authorization token with the user of the image forming apparatus, the user needs to transfer authority by using a web browser when the user is logging into the image forming apparatus.
Methods of logging into the image forming apparatus include logging in through an operation unit of the image forming apparatus and logging into a web site using a web browser. To use a web browser in the image forming apparatus, however, it is necessary to log into the image forming apparatus through the operation unit and also log into a web site in response to a request from the web browser. This forces the user to log into the image forming apparatus twice, which reduces convenience.
Japanese Patent Application Laid-Open No. 2004-259266 discusses a technique in which an image processing apparatus can receive a password via an operation panel or a network. Japanese Patent Application Laid-Open No. 2004-259266, however, does not consider the above problem.