@@ -50,11 +50,13 @@ Browser -> IdP: Login
IdP --> Browser: Generate SAML <AuthnResponse /> with <Assertion /> and redirect to UI
Browser -> UI: Deliver SAML <AuthnResponse />
-UI --> IdP: Exchange <Assertion /> for Tokens
+UI -> IdP: Exchange <Assertion /> for Tokens
+IdP --> UI: Return `access_token` and `refresh_token`
UI --> Browser: Redirect to dashboard
Browser -> UI: Get dashboard
-UI --> API: Request list of projects and provide Access Token
-API -> IdP: Validate token and check declarative policy
+UI -> API: Request list of projects and provide Access Token
+API -> IdP: Check if token is valid and check declarative policy
+IdP --> API: Return result of `Ability.allowed?`
API --> UI: Return list of projects as JSON
UI --> Browser: Return list of projects as HTML
@enduml