25 lines
1.4 KiB
Plaintext
25 lines
1.4 KiB
Plaintext
@startuml
|
|
title "OpenID Connect Authorization Code Flow"
|
|
actor "End User"
|
|
boundary "Browser"
|
|
"Relaying party"->"Browser": Identity providers list
|
|
"End User"->"Browser": Select identity provider
|
|
"Browser"->"Relaying party": Identity provider clicked
|
|
"Relaying party"->"Browser": Redirect to identity provider with clientid, state,redirect_uri,response_type,scope<font color=red>+"openid"
|
|
"Browser"->"Authorization endpoint": clientid,state,redirect_uri,response_type,scope
|
|
"Authorization endpoint"->"Authorization endpoint": Active session ?
|
|
"Authorization endpoint"-->"Browser" : Login if no active session
|
|
"End User"-->"Browser" : Fills credentials
|
|
"Browser"-->"Authorization endpoint" : Logs in
|
|
"Authorization endpoint"->"Browser": Form for consent for each scope
|
|
"End User"->"Browser": Grant or deny permission for each scope
|
|
"Browser"->"Authorization endpoint" :Selected scopes
|
|
"Authorization endpoint"->"Browser": Redirect to redirect_uri with authorization code+state provided earlier
|
|
"Browser"->"Relaying party": Redirect to redirect_uri with authorization code
|
|
"Relaying party"->"Token endpoint": Send authorization code, clientid, client_secret, redirect uri (for validation)
|
|
"Token endpoint"->"Relaying party": Send access token<font color=red>+"idtoken"
|
|
"Relaying party"->"UserInfo endpoint": Asks for profile with access token
|
|
"UserInfo endpoint"->"Relaying party": Return profile
|
|
"Relaying party"->"Browser": Display profile
|
|
|
|
@enduml |