blob: 6e8578fe27c1ef81b285f922030a358bfbf3aa8e (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
|
# OIDC protocol
The OIDC protocol involves the following entities:
* the **end user**, who is trying to do something
* the **web browser**, used by the user
* the **web application**, which the user uses to do things, and as
part of that access resources
* the **resource provider**, where the resources are, and which allows
access to them via a web API
* the **identity provider**, which authenticates the user
~~~plantuml
@startuml
user -> browser : clicks on something
browser -> app : GET /something
browser <- app : redirect to /login
browser -> app : GET /login
browser <- app: redirect to idp
browser -> idp : GET /login
browser <- idp : login form
user <- browser : show login form
user -> browser : enter login info
browser -> idp : POST login form
browser <- idp : redirect to app /callback with authz code
browser -> app : GET /callback with authz code
app -> idp : request tokens using authz code
app <- idp : access, id, and refresh tokens
app -> rp : access resource with access token
app <- rp : resource
browser <- app : page with resource
user <- browser : show what the user wanted
@enduml
~~~
---
title: Yuck or OIDC
...
|
