-
Notifications
You must be signed in to change notification settings - Fork 3
/
oauth2-implicit-grant.txt
28 lines (28 loc) · 1.52 KB
/
oauth2-implicit-grant.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
title OAuth2 Implicit Grant Sequence Diagram
participant End User
participant User-Agent
participant Client
participant Authorization Server
participant Client Resource Server
participant Resource Server
End User->+Client: Clicks on login link\nor button or launches app\n(if this is a web application or SPA,\nwill go through User-Agent).
loop Governed by OAuth2 Spec
Client->+User-Agent: Redirect to Authorization Server (IdP)
User-Agent->+Authorization Server: OAuth2 request to Authorization Endpoint with client_id and redirect_uri
Authorization Server->User-Agent: Redirect to authentication workflow
User-Agent->Authorization Server: Start authenticaction workflow
Authorization Server->User-Agent: Return authentication workflow start
User-Agent->End User: Prompt for credentials
End User->User-Agent: Enter Credentials.
User-Agent->Authorization Server: Submit Credentials
Authorization Server->Authorization Server: Validate credentials
Authorization Server->-User-Agent: Redirect to Client with Access Token in fragment.
User-Agent->+Client Resource Server: Request to Redirect URI without fragment
Client Resource Server->-User-Agent: Script that can extract Access Token
User-Agent->User-Agent: Extract Access Token
User-Agent->-Client: Access Token
end
Client->+Resource Server: Send request (API or otherwise) to Resource Server with Access Token
Resource Server->Resource Server: Validate access token
Resource Server->-Client:Return resource
Client->End User: View Results\n(if this is a web application or SPA,\nwill go through User-Agent)