From 7e506ef0fdc25513b53e0164184001be3c9eb353 Mon Sep 17 00:00:00 2001
From: Lars Wirzenius <liw@liw.fi>
Date: Fri, 24 Apr 2020 21:27:40 +0300
Subject: Add: first attempt

---
 yuck.md | 38 ++++++++++++++++++++++++++++++++++++++
 1 file changed, 38 insertions(+)
 create mode 100644 yuck.md

diff --git a/yuck.md b/yuck.md
new file mode 100644
index 0000000..466d74f
--- /dev/null
+++ b/yuck.md
@@ -0,0 +1,38 @@
+# OIDC protocol
+
+The OIDC protocol involves the following entities:
+
+* the **end user**, who is trying to do something
+* the **web browser**, used by the user
+* the **web application**, which the user uses to do things, and as
+  part of that access resources
+* the **resource provider**, where the resources are, and which allows
+  access to them via a web API
+* the **identity provider**, which authenticates the user
+
+~~~plantuml
+@startuml
+user -> browser : clicks on something
+browser -> app : GET /something
+browser <- app : redirect to /login
+browser -> app : GET /login
+browser <- app: redirect to idp
+browser -> idp : GET /login
+browser <- idp : login form
+user <- browser : show login form
+user -> browser : enter login info
+browser -> idp : POST login form
+browser <- idp : redirect to app /callback with authz code
+browser -> app : GET /callback with authz code
+app -> idp : request tokens using authz code
+app <- idp : access and refresh tokens
+app -> rp : access resource with access token
+app <- rp : resource
+browser <- app : page with resource
+user <- browser : show what the user wanted
+@enduml
+~~~
+
+---
+title: Yuck or OIDC
+...
-- 
cgit v1.2.1