@startuml

"User(ressource owner)"->"RequestingApp(client)": Select mail provider
"RequestingApp(client)"->"User(ressource owner)": Redirect to mail provider with clientid,redirect_uri,response_type,scope
"User(ressource owner)"->"MailProvider(authorization provider)": clientid,redirect_uri,response_type,scope
"MailProvider(authorization provider)"->"MailProvider(authorization provider)": Active session ?
"MailProvider(authorization provider)"-->"User(ressource owner)" : Login if no active session
"User(ressource owner)"-->"MailProvider(authorization provider)" : Logs in
"MailProvider(authorization provider)"->"User(ressource owner)": Asks for consent for each scope
"User(ressource owner)"->"MailProvider(authorization provider)" : Grant or deny permission for each scope
"MailProvider(authorization provider)"->"User(ressource owner)": Redirect to redirect_uri with authorization code
"User(ressource owner)"->"RequestingApp(client)": Redirect to redirect_uri with authorization code
"RequestingApp(client)"->"MailProvider(authorization provider)": Send authorization code, clientid, client_secret
"MailProvider(authorization provider)"->"RequestingApp(client)": Send access token
"RequestingApp(client)"->"MailProvider(resource server)": asks for contacts with access token
"MailProvider(resource server)"->"RequestingApp(client)": Return contacts
"RequestingApp(client)"->"User(ressource owner)": Display contacts

@enduml