oc-doc/docs/openid/oidc_authcode-app-requests-contacts-example.puml

@startuml
title "OpenID Connect Authorization Code Flow"
actor "End User"
boundary "Browser"
"Relaying party"->"Browser": Identity providers list
"End User"->"Browser": Select identity provider
"Browser"->"Relaying party": Identity provider clicked
"Relaying party"->"Browser": Redirect to identity provider with clientid, state,redirect_uri,response_type,scope<font color=red>+"openid"
"Browser"->"Authorization endpoint": clientid,state,redirect_uri,response_type,scope
"Authorization endpoint"->"Authorization endpoint": Active session ?
"Authorization endpoint"-->"Browser" : Login if no active session
"End User"-->"Browser" : Fills credentials
"Browser"-->"Authorization endpoint" : Logs in
"Authorization endpoint"->"Browser": Form for consent for each scope
"End User"->"Browser": Grant or deny permission for each scope
"Browser"->"Authorization endpoint" :Selected scopes
"Authorization endpoint"->"Browser": Redirect to redirect_uri with authorization code+state provided earlier
"Browser"->"Relaying party": Redirect to redirect_uri with authorization code
"Relaying party"->"Token endpoint": Send authorization code, clientid, client_secret, redirect uri (for validation)
"Token endpoint"->"Relaying party": Send access token<font color=red>+"idtoken"
"Relaying party"->"UserInfo endpoint": Asks for profile with access token
"UserInfo endpoint"->"Relaying party": Return profile
"Relaying party"->"Browser": Display profile

@enduml
openid & other 2024-12-10 18:01:58 +01:00			`@startuml`
			`title "OpenID Connect Authorization Code Flow"`
			`actor "End User"`
			`boundary "Browser"`
			`"Relaying party"->"Browser": Identity providers list`
			`"End User"->"Browser": Select identity provider`
			`"Browser"->"Relaying party": Identity provider clicked`
			`"Relaying party"->"Browser": Redirect to identity provider with clientid, state,redirect_uri,response_type,scope<font color=red>+"openid"`
			`"Browser"->"Authorization endpoint": clientid,state,redirect_uri,response_type,scope`
			`"Authorization endpoint"->"Authorization endpoint": Active session ?`
			`"Authorization endpoint"-->"Browser" : Login if no active session`
			`"End User"-->"Browser" : Fills credentials`
			`"Browser"-->"Authorization endpoint" : Logs in`
			`"Authorization endpoint"->"Browser": Form for consent for each scope`
			`"End User"->"Browser": Grant or deny permission for each scope`
			`"Browser"->"Authorization endpoint" :Selected scopes`
			`"Authorization endpoint"->"Browser": Redirect to redirect_uri with authorization code+state provided earlier`
			`"Browser"->"Relaying party": Redirect to redirect_uri with authorization code`
			`"Relaying party"->"Token endpoint": Send authorization code, clientid, client_secret, redirect uri (for validation)`
			`"Token endpoint"->"Relaying party": Send access token<font color=red>+"idtoken"`
			`"Relaying party"->"UserInfo endpoint": Asks for profile with access token`
			`"UserInfo endpoint"->"Relaying party": Return profile`
			`"Relaying party"->"Browser": Display profile`

			`@enduml`