Commit `f4678f4`

mo khan <mo@mokhan.ca>
2025-03-27 20:23:42
docs: connect OIDC diagram to steps below
main
1 parent 284e891
Changed files (1)
doc
authz
DESIGN.md
@@ -102,39 +102,39 @@ OIDC Login Flow
 
 ```plantuml
 @startuml
-Browser -> UI: Get dashboard
+Browser -> UI: 1. Get dashboard
 UI --> Browser: Generate OAuth Grant Request and redirect to IdP
 
-Browser -> IdP: Deliver OAuth Grant Request
-IdP --> Browser: Redirect to Login Page
-Browser -> IdP: Login
-IdP --> Browser: Generate Consent Screen for Authorization Code flow
-Browser -> IdP: Consent
+Browser -> IdP: 2. Deliver OAuth Grant Request
+IdP --> Browser: 3. Redirect to Login Page
+Browser -> IdP: 4. Login
+IdP --> Browser: 5. Generate Consent Screen for Authorization Code flow
+Browser -> IdP: 6. Consent
 IdP --> Browser: Generate Authorization Code and redirect to UI
 
-Browser -> UI: Deliver Authorization Code Grant
-UI -> IdP: Exchange Authorization Code Grant for Tokens
+Browser -> UI: 7. Deliver Authorization Code Grant
+UI -> IdP: 8. Exchange Authorization Code Grant for Tokens
 IdP --> UI: Return `access_token` and `refresh_token`
 UI --> Browser: Redirect to dashboard
 Browser -> UI: Get dashboard
-UI -> API: Request list of projects and provide Access Token
-API -> IdP: Check if token is valid and check declarative policy
+UI -> API: 9. Request list of groups and provide Access Token
+API -> IdP: 10. Check if token is valid and check declarative policy
 IdP --> API: Return result of `Ability.allowed?`
-API --> UI: Return list of projects as JSON
-UI --> Browser: Return list of projects as HTML
+API --> UI: Return list of groups as JSON
+UI --> Browser: Return list of groups as HTML
 @enduml
 ```
 
 1. `GET http://ui.example.com/oidc/new`
-1. `GET http://idp.example.com/oauth/authorize`
-1. `GET http://idp.example.com/sessions/new?redirect_back=/oauth/authorize/continue`
-1. `POST http://idp.example.com/sessions`
-1. `GET http://idp.example.com/oauth/authorize/continue`
-1. `POST http://idp.example.com/oauth/authorize`
-1. `GET http://ui.example.com/oauth/callback`
-1. `POST http://idp.example.com/oauth/token`
-1. `GET http://api.example.com/groups.json`
-1. `GET grpc://idp.example.com/twirp/authx.rpc.Ability/Allowed`
+2. `GET http://idp.example.com/oauth/authorize`
+3. `GET http://idp.example.com/sessions/new?redirect_back=/oauth/authorize/continue`
+4. `POST http://idp.example.com/sessions`
+5. `GET http://idp.example.com/oauth/authorize/continue`
+6. `POST http://idp.example.com/oauth/authorize`
+7. `GET http://ui.example.com/oauth/callback`
+8. `POST http://idp.example.com/oauth/token`
+9. `GET http://api.example.com/groups.json`
+10. `GET grpc://idp.example.com/twirp/authx.rpc.Ability/Allowed`
 
 ### Permissions
 #### Option 1
Commit f4678f4

Commit `f4678f4`
