@@ -74,6 +74,31 @@ UI --> Browser: Return list of projects as HTML
OIDC Login Flow
+```plantuml
+@startuml
+Browser -> UI: Get dashboard
+UI --> Browser: Generate OAuth Grant Request and redirect to IdP
+
+Browser -> IdP: Deliver OAuth Grant Request
+IdP --> Browser: Redirect to Login Page
+Browser -> IdP: Login
+IdP --> Browser: Generate Consent Screen for Authorization Code flow
+Browser -> IdP: Consent
+IdP --> Browser: Generate Authorization Code and redirect to UI
+
+Browser -> UI: Deliver Authorization Code Grant
+UI -> IdP: Exchange Authorization Code Grant for Tokens
+IdP --> UI: Return `access_token` and `refresh_token`
+UI --> Browser: Redirect to dashboard
+Browser -> UI: Get dashboard
+UI -> API: Request list of projects and provide Access Token
+API -> IdP: Check if token is valid and check declarative policy
+IdP --> API: Return result of `Ability.allowed?`
+API --> UI: Return list of projects as JSON
+UI --> Browser: Return list of projects as HTML
+@enduml
+```
+
1. `GET http://ui.example.com/oidc/new`
1. `GET http://idp.example.com/oauth/authorize`
1. `GET http://idp.example.com/sessions/new?redirect_back=/oauth/authorize/continue`