core/oc-doc
6
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

openid & other

Browse Source
This commit is contained in:
ycc
2024-12-10 18:01:58 +01:00
parent 33bfe79f66
commit 91f5f44cea
18 changed files with 688 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
docs/openid/oidc_pkce-app-requests-contacts-example.puml Normal file
View File

@@ -0,0 +1,25 @@
@startuml
title "OpenID Connect Authorization Code Flow with PKCE"
actor "End User"
boundary "App"
"App"->"App": Identity providers list
"End User"->"App": Select identity provider
"App"->"App": Identity provider clicked
"App"->"App": Generate code verifier and challenge
"App"->"Authorization endpoint": clientid,state,redirect_uri,response_type,scope
"Authorization endpoint"->"Authorization endpoint": Active session ?
"Authorization endpoint"-->"App" : Login if no active session
"End User"-->"App" : Fills credentials
"App"-->"Authorization endpoint" : Logs in
"Authorization endpoint"->"App": Form for consent for each scope
"End User"->"App": Grant or deny permission for each scope
"App"->"Authorization endpoint" :Selected scopes
"Authorization endpoint"->"App": Redirect to redirect_uri with authorization code+state provided earlier
"App"->"App": Redirect to redirect_uri with authorization code
"App"->"Token endpoint": Send authorization code, clientid, --client_secret--,<font color=blue>+"code verifier"</font> , redirect uri (for validation)
"Token endpoint"->"App": Send access token<font color=red>+"idtoken"
"App"->"UserInfo endpoint": Asks for profile with access token
"UserInfo endpoint"->"App": Return profile
"App"->"App": Display profile
@enduml