25 lines
1.2 KiB
Plaintext
25 lines
1.2 KiB
Plaintext
|
@startuml
|
||
|
|
title "OpenID Connect Authorization Code Flow with PKCE"
|
||
|
|
actor "End User"
|
||
|
|
boundary "App"
|
||
|
|
"App"->"App": Identity providers list
|
||
|
|
"End User"->"App": Select identity provider
|
||
|
|
"App"->"App": Identity provider clicked
|
||
|
|
"App"->"App": Generate code verifier and challenge
|
||
|
|
"App"->"Authorization endpoint": clientid,state,redirect_uri,response_type,scope
|
||
|
|
"Authorization endpoint"->"Authorization endpoint": Active session ?
|
||
|
|
"Authorization endpoint"-->"App" : Login if no active session
|
||
|
|
"End User"-->"App" : Fills credentials
|
||
|
|
"App"-->"Authorization endpoint" : Logs in
|
||
|
|
"Authorization endpoint"->"App": Form for consent for each scope
|
||
|
|
"End User"->"App": Grant or deny permission for each scope
|
||
|
|
"App"->"Authorization endpoint" :Selected scopes
|
||
|
|
"Authorization endpoint"->"App": Redirect to redirect_uri with authorization code+state provided earlier
|
||
|
|
"App"->"App": Redirect to redirect_uri with authorization code
|
||
|
|
"App"->"Token endpoint": Send authorization code, clientid, --client_secret--,<font color=blue>+"code verifier"</font> , redirect uri (for validation)
|
||
|
|
"Token endpoint"->"App": Send access token<font color=red>+"idtoken"
|
||
|
|
"App"->"UserInfo endpoint": Asks for profile with access token
|
||
|
|
"UserInfo endpoint"->"App": Return profile
|
||
|
|
"App"->"App": Display profile
|
||
|
|
|
||
|
|
@enduml
|