Abstract: In some embodiments, a client application at a client device can receive, from a browser application at the client device, a first message including a unique identifier associated with a session of the browser application at a website associated with a content management system. The client application can extract the unique identifier from the first message, and establish a connection between the client application and the content management system by sending, from the client application to the content management system, a second message including the unique identifier. The client application can then receive, from the content management system through the connection, a third message relayed by the content management system from the website, where the third message is associated with the unique identifier.

Abstract: In some embodiments, a client application at a client device can receive, from a browser application at the client device, a first message including a unique identifier associated with a session of the browser application at a website associated with a content management system. The client application can extract the unique identifier from the first message, and establish a connection between the client application and the content management system by sending, from the client application to the content management system, a second message including the unique identifier. The client application can then receive, from the content management system through the connection, a third message relayed by the content management system from the website, where the third message is associated with the unique identifier.

Abstract: In some embodiments, a client application at a client device can receive, from a browser application at the client device, a first message including a unique identifier associated with a session of the browser application at a website associated with a content management system. The client application can extract the unique identifier from the first message, and establish a connection between the client application and the content management system by sending, from the client application to the content management system, a second message including the unique identifier. The client application can then receive, from the content management system through the connection, a third message relayed by the content management system from the website, where the third message is associated with the unique identifier.

Abstract: In some embodiments, a client application at a client device can receive, from a browser application at the client device, a first message including a unique identifier associated with a session of the browser application at a website associated with a content management system. The client application can extract the unique identifier from the first message, and establish a connection between the client application and the content management system by sending, from the client application to the content management system, a second message including the unique identifier. The client application can then receive, from the content management system through the connection, a third message relayed by the content management system from the website, where the third message is associated with the unique identifier.

Abstract: Systems, methods, and non-transitory computer-readable storage media for serving content stored in an online synchronized content management system from a sandbox domain via a temporary address. The online synchronized content management system may receive a first request from a user to access a content item stored in the system. The first request may be received at a first domain via a first address that is directed to the first domain. The system may generate a second address that is directed to a second domain such as a sandbox domain. Then, the second address can be associated with the content item for direct access. When the system receives, at the second domain via the second address, a second request to access the content item, the content item can be served from the second domain. After the system receives the second request, it can generate and issue a session identifier for the second address to verify any subsequent requests to access the content item via the second address.

Abstract: A content management system can tag a client installer with an information tag linking the client installer to a user account. The client installer can be configured to install the client-side application on the client device and pass the identification tag to the installed client-side application. The client-side application can transmit the identification tag to the content management system, which can use the identification tag to identify the linked user account and log the client-side application into the user account. The content management system can implement several verification measures such as limiting the number of times and when an identification tag can be used, as well as IP addresses that can use the identification tag. The content management system can also use data cached by the web-browser application to determine if the web-browser application was used to access the user account in the past.

Abstract: A content management system can tag a client installer with an information tag linking the client installer to a user account. The client installer can be configured to install the client-side application on the client device and pass the identification tag to the installed client-side application. The client-side application can transmit the identification tag to the content management system, which can use the identification tag to identify the linked user account and log the client-side application into the user account. The content management system can implement several verification measures such as limiting the number of times and when an identification tag can be used, as well as IP addresses that can use the identification tag. The content management system can also use data cached by the web-browser application to determine if the web-browser application was used to access the user account in the past.

Abstract: A content management system can tag a client installer with an information tag linking the client installer to a user account. The client installer can be configured to install the client-side application on the client device and pass the identification tag to the installed client-side application. The client-side application can transmit the identification tag to the content management system, which can use the identification tag to identify the linked user account and log the client-side application into the user account. The content management system can implement several verification measures such as limiting the number of times and when an identification tag can be used, as well as IP addresses that can use the identification tag. The content management system can also use data cached by the web-browser application to determine if the web-browser application was used to access the user account in the past.

Abstract: In some embodiments, a client application at a client device can receive, from a browser application at the client device, a first message including a unique identifier associated with a session of the browser application at a website associated with a content management system. The client application can extract the unique identifier from the first message, and establish a connection between the client application and the content management system by sending, from the client application to the content management system, a second message including the unique identifier. The client application can then receive, from the content management system through the connection, a third message relayed by the content management system from the website, where the third message is associated with the unique identifier.

Abstract: In some embodiments, a client application at a client device can receive, from a browser application at the client device, a first message including a unique identifier associated with a session of the browser application at a website associated with a content management system. The client application can extract the unique identifier from the first message, and establish a connection between the client application and the content management system by sending, from the client application to the content management system, a second message including the unique identifier. The client application can then receive, from the content management system through the connection, a third message relayed by the content management system from the website, where the third message is associated with the unique identifier.

Abstract: Systems, methods, and non-transitory computer-readable storage media for securely accessing locally stored synchronized content using a local web server. A client application on a client device may receive from a web browser on the client device a request to access a local content stored on a client device. The client application may be configured to synchronize the local content with a remote content stored in an online content management system. The client application may issue a challenge for the web browser. The client application or the online content management system may then receive a response to the challenge. If the response is a valid response to the challenge, the web browser may be allowed to access the local content via the client application.

Abstract: In some embodiments, a client application at a client device can receive, from a browser application at the client device, a first message including a unique identifier associated with a session of the browser application at a website associated with a content management system. The client application can extract the unique identifier from the first message, and establish a connection between the client application and the content management system by sending, from the client application to the content management system, a second message including the unique identifier. The client application can then receive, from the content management system through the connection, a third message relayed by the content management system from the website, where the third message is associated with the unique identifier.

Abstract: A content management system can tag a client installer with an information tag linking the client installer to a user account. The client installer can be configured to install the client-side application on the client device and pass the identification tag to the installed client-side application. The client-side application can transmit the identification tag to the content management system, which can use the identification tag to identify the linked user account and log the client-side application into the user account. The content management system can implement several verification measures such as limiting the number of times and when an identification tag can be used, as well as IP addresses that can use the identification tag. The content management system can also use data cached by the web-browser application to determine if the web-browser application was used to access the user account in the past.

Abstract: Systems, methods, and non-transitory computer-readable storage media for serving content stored in an online synchronized content management system from a sandbox domain via a temporary address. The online synchronized content management system may receive a first request from a user to access a content item stored in the system. The first request may be received at a first domain via a first address that is directed to the first domain. The system may generate a second address that is directed to a second domain such as a sandbox domain. Then, the second address can be associated with the content item for direct access. When the system receives, at the second domain via the second address, a second request to access the content item, the content item can be served from the second domain. After the system receives the second request, it can generate and issue a session identifier for the second address to verify any subsequent requests to access the content item via the second address.

Abstract: A content management system can tag a client installer with an information tag linking the client installer to a user account. The client installer can be configured to install the client-side application on the client device and pass the identification tag to the installed client-side application. The client-side application can transmit the identification tag to the content management system, which can use the identification tag to identify the linked user account and log the client-side application into the user account. The content management system can implement several verification measures such as limiting the number of times and when an identification tag can be used, as well as IP addresses that can use the identification tag. The content management system can also use data cached by the web-browser application to determine if the web-browser application was used to access the user account in the past.

Abstract: Systems, methods, and non-transitory computer-readable storage media for securely accessing locally stored synchronized content using a local web server. A client application on a client device may receive from a web browser on the client device a request to access a local content stored on a client device. The client application may be configured to synchronize the local content with a remote content stored in an online content management system. The client application may issue a challenge for the web browser. The client application or the online content management system may then receive a response to the challenge. If the response is a valid response to the challenge, the web browser may be allowed to access the local content via the client application.

Abstract: A content management system can tag a client installer with an information tag linking the client installer to a user account. The client installer can be configured to install the client-side application on the client device and pass the identification tag to the installed client-side application. The client-side application can transmit the identification tag to the content management system, which can use the identification tag to identify the linked user account and log the client-side application into the user account. The content management system can implement several verification measures such as limiting the number of times and when an identification tag can be used, as well as IP addresses that can use the identification tag. The content management system can also use data cached by the web-browser application to determine if the web-browser application was used to access the user account in the past.

Abstract: Some systems allow a user to access content using both a native client application and a web interface. In these systems, the client application authorized to access a user account can assist with automatically logging a user into the web interface through the use of authentication tokens. In response to an authentication request, the client application can select a token and split it into multiple parts. One piece can be embedded in a URL and a second piece can be stored in a file. The file can also contain browser executable instructions that when executed combine the two pieces to re-create the token and send the re-created token to a server to authenticate the user. The client application can forward the URL to the browser, which can direct the browser to the file. The browser can execute the instructions thereby authenticating the user.

Abstract: Some systems allow a user to access content using both a native client application and a web interface. In these systems, the client application authorized to access a user account can assist with automatically logging a user into the web interface through the use of authentication tokens. In response to an authentication request, the client application can select a token and split it into multiple parts. One piece can be embedded in a URL and a second piece can be stored in a file. The file can also contain browser executable instructions that when executed combine the two pieces to re-create the token and send the re-created token to a server to authenticate the user. The client application can forward the URL to the browser, which can direct the browser to the file. The browser can execute the instructions thereby authenticating the user.

Abstract: Exemplary embodiments disclosed herein may include a method and system for creating pair-wise security keys, comprising receiving an identity key from a website, generating a master key, creating a pair-wise symmetric key or asymmetric key pair by utilizing an encryption function of the identity key and the master key, and storing the pair-wise public or symmetric key at the client and the website.