Abstract: A computing system (100) that includes at least one microapp (202) and a container application (204) configured to receive an application output from the microapp(s) (202,602) via an application programming interface. The computing system (100) can include at least one processor (112,132) and at least one tangible, non-transitory computer-readable medium that stores instructions that, when executed by the at least one processor (112,132), cause the at least one processor (112,132) to perform operations. The operations can include providing, for display within a first panel (304) in a user interface (306), a navigation bar (302) based on data received from the container application (204); receiving, at the container application (204), the application output from the at least one microapp (202) via the application programming interface; and providing, for display within a second panel in the user interface (306), data describing the application output.

Abstract: A virtual session manager of an electronic device maintains a web session for a user across multiple electronic devices. The virtual session manager receives an authentication request from a first electronic device that is in a communication range of the device. The virtual session manager transmits the authentication request to an endpoint device with a grant token without providing the first electronic device with any access to the grant token. The virtual session manager will receive, from the endpoint device, a first access token in response to the first authentication request. The virtual session manager will transmit the first access token to the first electronic device so that the first electronic device can establish a virtual session with the first web resource.

Abstract: A virtual session manager of an electronic device maintains a web session for a user across multiple electronic devices. The virtual session manager receives an authentication request from a first electronic device that is in a communication range of the device. The virtual session manager transmits the authentication request to an endpoint device with a grant token without providing the first electronic device with any access to the grant token. The virtual session manager will receive, from the endpoint device, a first access token in response to the first authentication request. The virtual session manager will transmit the first access token to the first electronic device so that the first electronic device can establish a virtual session with the first web resource.

Abstract: A system maintains a web session across multiple web resources and/or devices using a two-token model. A user agent transmits an authentication request to a login endpoint. The user agent have access to a grant token, and it will receive an access token in response to the authentication request. The grant token is relatively long-lived and the first access token is relatively short-lived. The user agent will use the access token to access the first web resource and establish a web session. When the access token expires or is about to expire, the user agent will transmit a re-authentication request with the grant token to a re-authentication endpoint. The user agent will then receive a second access token from the re-authentication endpoint. The user agent will then use the second access token to access the web resource and maintain the web session.

Abstract: A virtual session manager of an electronic device maintains a web session for a user across multiple electronic devices. The virtual session manager receives an authentication request from a first electronic device that is in a communication range of the device. The virtual session manager transmits the authentication request to an endpoint device with a grant token without providing the first electronic device with any access to the grant token. The virtual session manager will receive, from the endpoint device, a first access token in response to the first authentication request. The virtual session manager will transmit the first access token to the first electronic device so that the first electronic device can establish a virtual session with the first web resource.

Abstract: A virtual session manager of an electronic device maintains a web session for a user across multiple electronic devices. The virtual session manager will receive an authentication request from a first electronic device that is in a communication range of the virtual session manager's device. The virtual session manager will transmit the authentication request to an endpoint device, and it will either present a grant token to or receive a grant token from the endpoint. The virtual session manager will receive a first access token from the endpoint device. The virtual session manager will transmit the first access token to the first electronic device so that the first electronic device can establish a virtual session with the first web resource without having any access to the grant token.

Abstract: A system maintains a web session across multiple web resources and/or devices using a two-token model. A user agent transmits an authentication request to a login endpoint. The user agent have access to a grant token, and it will receive an access token in response to the authentication request. The grant token is relatively long-lived and the first access token is relatively short-lived. The user agent will use the access token to access the first web resource and establish a web session. When the access token expires or is about to expire, the user agent will transmit a re-authentication request with the grant token to a re-authentication endpoint. The user agent will then receive a second access token from the re-authentication endpoint. The user agent will then use the second access token to access the web resource and maintain the web session.

Abstract: A virtual session manager of an electronic device maintains a web session for a user across multiple electronic devices. The virtual session manager will receive an authentication request from a first electronic device that is in a communication range of the virtual session manager's device. The virtual session manager will transmit the authentication request to an endpoint device, and it will either present a grant token to or receive a grant token from the endpoint. The virtual session manager will receive a first access token from the endpoint device. The virtual session manager will transmit the first access token to the first electronic device so that the first electronic device can establish a virtual session with the first web resource without having any access to the grant token.

Abstract: A system and computer-implemented method including receiving a request from a service provider, at a central account manager, to provide a user account for a user logging into the first service provider, identifying one or more user accounts associated with the user at one or more user account providers maintained at the central account manager, selecting a first user account of the one or more user accounts and providing, using the one or more computing devices, the selected first user account to the first service provider in response to the request.

Abstract: A system and method for enabling, on any website, a unified user login that supports login through multiple known identity providers and, if necessary, the website's legacy login are disclosed. In one example, the system comprises a login receiver module, an identity provider determination module, a legacy account module, a federated account module and a login module. The login receiver module receives a login request associated with a user identifier. The identity provider determination module determines whether the login request is associated with a known identity provider. The legacy account module performs legacy account creation and/or legacy login verification when the address is not associated with any known identity provider. Otherwise, the federated account module performs federated account creation and/or federated login verification. The login module logs the user into the account responsive to one or more of verification and account creation.

Abstract: A method of implementing session syndication using a low-latency session syndication framework may include receiving, by an inline frame associated with an authorization provider, a request from a client application for an access token. The inline frame may be embedded in the client application. The method may include sending, by the inline frame, a request for the access token to a computing device associated with the authorization provider, receiving, by the inline frame from the authorization provider, an access token associated with one or more resources of the authorization provider, and providing the access token to the client application.

Abstract: A system and computer-implemented method including receiving a request from a first service provider, at a central account manager, to provide a user account for a user logging into a first service provider, identifying one or more user accounts at one or more service providers other than the first service provider associated with the user maintained at the central account manager, providing the one or more user accounts for display to the user, receiving a selection of a first user account of the one or more user accounts and providing the selected first user account to the first service provider in response to the request.