Forked from hrchu/1. basic flow with auth code and access token
Last active
October 14, 2021 09:12
-
-
Save adaptive-shield-matrix/1ffd07f3dfa446b8d4a09bd991766126 to your computer and use it in GitHub Desktop.
OAuth 2.0 / OpenID Connect flow diagrams. Build it by http://www.plantuml.com/plantuml/uml/
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| @startuml | |
| skinparam handwritten true | |
| You -> slack.com: 1. I would like to access my files on Google Drive via your interface. | |
| slack.com -> You: 2. You should apply the "Authorization Code" from Google for me first. | |
| You -> account.google.com: 3. I would like to permit slack.com to access my files. | |
| account.google.com -> You: 4. Are you sure? | |
| You -> account.google.com: 5. [Y] | |
| account.google.com -> You: 6. Okay. Here is the "Authorization Code." Plz give it back to slack.com now. | |
| You -> slack.com: 7. You can do what I asked now. (With the Authorization Code which is just received from Google) | |
| slack.com -> account.google.com: 8. I would like to exchange the "Authorization Code" for the "Access Token." | |
| account.google.com -> slack.com: 9. Your Access Token here. | |
| slack.com -> drive.google.com: 10. I would like to read files which belong to one of my customers. Here is the Access Token. | |
| drive.google.com -> slack.com: 11. Hmmm...the Access Token is vaild. Here is list of files you asked. | |
| slack.com -> You: 12. Grant succeed. You can see your files stored in Google Drive from my interface now! | |
| @enduml |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| @startuml | |
| skinparam handwritten true | |
| ResourceOwner -> Client: 1. I would like to access my resources on Resource Server via your interface. | |
| Client -> ResourceOwner: 2. You should apply the "Authorization Code" from Authorization Server for me first. | |
| ResourceOwner -> AuthorizationServer: 3. I would like to permit the Client to access my resources. | |
| AuthorizationServer -> ResourceOwner: 4. Are you sure? | |
| ResourceOwner -> AuthorizationServer: 5. [Y] | |
| AuthorizationServer -> ResourceOwner: 6. Okay. Here is the "Authorization Code." Plz give it back to Client now. | |
| ResourceOwner -> Client: 7. You can do what I asked now. (With the Authorization Code which is just received from the Authorization Server) | |
| Client -> AuthorizationServer: 8. I would like to exchange the "Authorization Code" for the "Access Token." | |
| AuthorizationServer -> Client: 9. Your Access Token here. | |
| Client -> ResourceServer: 10. I would like to access resources which belong to the Resource Owner. Here is the Access Token. | |
| ResourceServer -> Client: 11. Hmmm...the Access Token is vaild. Here are resources you asked. | |
| Client -> ResourceOwner: 12. Grant succeed. You can access your resources located in Resource Server from me now! | |
| @enduml |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| @startuml | |
| skinparam handwritten true | |
| ResourceOwner -> Client: 1. (Click the botton.) | |
| Client -> ResourceOwner: 2. HTTP 302: Redirect to the "Get Authorization Code" API with parameters: scope=[Asked scope]&redirect_uri=[Client's callback] | |
| ResourceOwner -> AuthorizationServer: 3. Call Get Authorization Code API with parameters listed above. | |
| AuthorizationServer -> ResourceOwner: 4. Whould you like to permit [Asked scope] for [Client]? | |
| ResourceOwner -> AuthorizationServer: 5. [Y] | |
| AuthorizationServer -> ResourceOwner: 6. HTTP 302: Redirect to the [Client's callback URL] with parameters: code=[Authorization Code] | |
| ResourceOwner -> Client: 7. Request [Client's callback URL] with parameters listed above. | |
| Client -> AuthorizationServer: 8. I would like to exchange the "Authorization Code" for the "Access Token." | |
| Call "POST Access Token" API with parameters: | |
| code=[Authorization Code]& | |
| client_id=your_client_id& | |
| client_secret=your_client_secret& | |
| redirect_uri=https://oauth2.example.com/code& | |
| grant_type=authorization_code | |
| AuthorizationServer -> Client: 9. Your Access Token here. | |
| Client -> ResourceServer: 10. I would like to access resources which belong to the Resource Owner. Here is the Access Token. | |
| ResourceServer -> Client: 11. The Access Token LGTM. Now you can access files. | |
| Client -> ResourceOwner: 12. Grant succeed. You can access your resources located in Resource Server from me now! | |
| @enduml |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
This is awesome.