Some embodiments described herein relate generally to using a single authorization client module on a device to request application tokens for applications installed on the device from an authorization server. Some of the embodiments described herein also relate to the methods and apparatus used for the authentication and execution of the approved applications for individual users of a device.
Open Authorization (OAuth) is an open standard protocol for authorization, and allows a user, such as an enterprise employee, to grant a third party application access to information associated with that user stored at a given location (e.g., on given website), without sharing that user's account credentials (e.g. password) or the full extent of that user's data. Some known systems use OAuth tokens to authenticate applications for users of a variety of devices (e.g., a laptop computer, a personal digital assistant (PDA), a standard mobile telephone, a tablet personal computer (PC), etc.). Such known systems, however, have each application request tokens individually from an appropriate OAuth authorization server. This typically involves significant use of available bandwidth and processor time, and generally leads to a usability burden for the user. Additionally, the enterprise for which the employee works is not directly involved in the issuance of application tokens to the applications and hence is removed from a desired level of policy control over the users' access to applications.
Accordingly, a need exists for methods and apparatus for authenticating multiple applications installed on a device in a single step for specific user(s) of that device. Additionally, a need exists for methods and apparatus to increase the involvement of the enterprise in having control of over the user's access to applications.