Commit 284e891

mo khan <mo@mokhan.ca>
2025-03-27 20:20:28
docs: connect UML with steps listed below
main
1 parent 243ccf6
Changed files (1)
doc
share
authz
DESIGN.md
doc/share/authz/DESIGN.md
@@ -67,36 +67,36 @@ SAML Login Flow
 
 ```plantuml
 @startuml
-Browser -> UI: Get dashboard
+Browser -> UI: 1. Get dashboard
 UI --> Browser: Generate SAML <AuthnRequest /> and redirect to IdP
 
-Browser -> IdP: Deliver SAML <AuthnRequest />
-IdP --> Browser: Redirect to Login Page
-Browser -> IdP: Login
-IdP --> Browser: Generate SAML <AuthnResponse /> with <Assertion /> and redirect to UI
+Browser -> IdP: 2. Deliver SAML <AuthnRequest />
+IdP --> Browser: 3. Redirect to Login Page
+Browser -> IdP: 4. Login
+IdP --> Browser: 5. Generate SAML <AuthnResponse /> with <Assertion /> and redirect to UI
 
-Browser -> UI: Deliver SAML <AuthnResponse />
-UI -> IdP: Exchange <Assertion /> for Tokens
+Browser -> UI: 6. Deliver SAML <AuthnResponse />
+UI -> IdP: 7. Exchange <Assertion /> for Tokens
 IdP --> UI: Return `access_token` and `refresh_token`
 UI --> Browser: Redirect to dashboard
 Browser -> UI: Get dashboard
-UI -> API: Request list of projects and provide Access Token
-API -> IdP: Check if token is valid and check declarative policy
+UI -> API: 8. Request list of groups and provide Access Token
+API -> IdP: 9. Check if token is valid and check declarative policy
 IdP --> API: Return result of `Ability.allowed?`
-API --> UI: Return list of projects as JSON
-UI --> Browser: Return list of projects as HTML
+API --> UI: Return list of groups as JSON
+UI --> Browser: Return list of groups as HTML
 @enduml
 ```
 
 1. `GET http://ui.example.com/saml/new`
-1. `POST http://idp.example.com/saml/new`
-1. `GET http://idp.example.com/sessions/new?redirect_back=/saml/continue`
-1. `POST http://idp.example.com/sessions`
-1. `GET http://idp.example.com/saml/continue`
-1. `POST http://ui.example.com/saml/assertions`
-1. `POST http://idp.example.com/oauth/token`
-1. `GET http://api.example.com/groups.json`
-1. `GET grpc://idp.example.com/twirp/authx.rpc.Ability/Allowed`
+2. `POST http://idp.example.com/saml/new`
+3. `GET http://idp.example.com/sessions/new?redirect_back=/saml/continue`
+4. `POST http://idp.example.com/sessions`
+5. `GET http://idp.example.com/saml/continue`
+6. `POST http://ui.example.com/saml/assertions`
+7. `POST http://idp.example.com/oauth/token`
+8. `GET http://api.example.com/groups.json`
+9. `GET grpc://idp.example.com/twirp/authx.rpc.Ability/Allowed`
 
 OIDC Login Flow