oc-doc/docs/openid/oauth2oidc-app-requests-contacts-example copy.puml

19 lines
1.5 KiB
Plaintext
Raw Permalink Normal View History

2024-12-10 18:01:58 +01:00
@startuml
"User(ressource owner)"->"RequestingApp(client)": Select mail provider
"RequestingApp(client)"->"User(ressource owner)": Redirect to mail provider with clientid,redirect_uri,response_type,scope<font color=red>+"openid"
"User(ressource owner)"->"MailProvider(authorization provider)": clientid,redirect_uri,response_type,scope
"MailProvider(authorization provider)"->"MailProvider(authorization provider)": Active session ?
"MailProvider(authorization provider)"-->"User(ressource owner)" : Login if no active session
"User(ressource owner)"-->"MailProvider(authorization provider)" : Logs in
"MailProvider(authorization provider)"->"User(ressource owner)": Asks for consent for each scope
"User(ressource owner)"->"MailProvider(authorization provider)" : Grant or deny permission for each scope
"MailProvider(authorization provider)"->"User(ressource owner)": Redirect to redirect_uri with authorization code
"User(ressource owner)"->"RequestingApp(client)": Redirect to redirect_uri with authorization code
"RequestingApp(client)"->"MailProvider(authorization provider)": Send authorization code, clientid, client_secret
"MailProvider(authorization provider)"->"RequestingApp(client)": Send access token<font color=red>+"idtoken"
"RequestingApp(client)"->"MailProvider(resource server)": asks for contacts with access token
"MailProvider(resource server)"->"RequestingApp(client)": Return contacts
"RequestingApp(client)"->"User(ressource owner)": Display contacts
@enduml