oauth2-authz.txt revision f26bb1d5890952bb63f72592b670e56bc8f081a5
f26c954658dfd7461f290f0b5d924951a6db219aJan Zeleny@startuml oauth2-authz.png
f26c954658dfd7461f290f0b5d924951a6db219aJan Zeleny
f26c954658dfd7461f290f0b5d924951a6db219aJan Zeleny/'
f26c954658dfd7461f290f0b5d924951a6db219aJan Zeleny CCPL HEADER START
f26c954658dfd7461f290f0b5d924951a6db219aJan Zeleny
f26c954658dfd7461f290f0b5d924951a6db219aJan Zeleny This work is licensed under the Creative Commons
f26c954658dfd7461f290f0b5d924951a6db219aJan Zeleny Attribution-NonCommercial-NoDerivs 3.0 Unported License.
f26c954658dfd7461f290f0b5d924951a6db219aJan Zeleny To view a copy of this license, visit
f26c954658dfd7461f290f0b5d924951a6db219aJan Zeleny http://creativecommons.org/licenses/by-nc-nd/3.0/
f26c954658dfd7461f290f0b5d924951a6db219aJan Zeleny or send a letter to Creative Commons, 444 Castro Street,
f26c954658dfd7461f290f0b5d924951a6db219aJan Zeleny Suite 900, Mountain View, California, 94041, USA.
f26c954658dfd7461f290f0b5d924951a6db219aJan Zeleny
f26c954658dfd7461f290f0b5d924951a6db219aJan Zeleny You can also obtain a copy of the license at
f26c954658dfd7461f290f0b5d924951a6db219aJan Zeleny src/main/resources/legal-notices/CC-BY-NC-ND.txt.
f26c954658dfd7461f290f0b5d924951a6db219aJan Zeleny See the License for the specific language governing permissions
f26c954658dfd7461f290f0b5d924951a6db219aJan Zeleny and limitations under the License.
f26c954658dfd7461f290f0b5d924951a6db219aJan Zeleny
f26c954658dfd7461f290f0b5d924951a6db219aJan Zeleny If applicable, add the following below this CCPL HEADER, with the fields
f26c954658dfd7461f290f0b5d924951a6db219aJan Zeleny enclosed by brackets "[]" replaced with your own identifying information:
f26c954658dfd7461f290f0b5d924951a6db219aJan Zeleny Portions Copyright [yyyy] [name of copyright owner]
f26c954658dfd7461f290f0b5d924951a6db219aJan Zeleny
f26c954658dfd7461f290f0b5d924951a6db219aJan Zeleny CCPL HEADER END
f26c954658dfd7461f290f0b5d924951a6db219aJan Zeleny
f26c954658dfd7461f290f0b5d924951a6db219aJan Zeleny Copyright 2012-2013 ForgeRock AS
f26c954658dfd7461f290f0b5d924951a6db219aJan Zeleny
3ee411625aee19afda7477bb10b52c3da378b6fbPetr Čech To generate a sequence diagram from this file, process
f26c954658dfd7461f290f0b5d924951a6db219aJan Zeleny it with PlantUML, http://plantuml.sourceforge.net/sequence.html
f26c954658dfd7461f290f0b5d924951a6db219aJan Zeleny'/
58d02e0d3d6d48c97fccdb2ad7212e065671ad6dStephen Gallagher
fae99bfe4bfc8b4a12e9c2a0ad01b3684c22f934Simo Sorcetitle OAuth 2.0 Authorization Code Grant
f26c954658dfd7461f290f0b5d924951a6db219aJan Zelenyautonumber
f26c954658dfd7461f290f0b5d924951a6db219aJan Zeleny
d81d8d3dc151ebc95cd0e3f3b14c1cdaa48980f1Sumit Boseparticipant "Resource Owner\nUser-Agent" as Owner
d81d8d3dc151ebc95cd0e3f3b14c1cdaa48980f1Sumit Boseparticipant "Client" as Client
d81d8d3dc151ebc95cd0e3f3b14c1cdaa48980f1Sumit Boseparticipant "OpenAM\nAuthorization Server" as AuthzServer
c03214d427ea43e7bf8255ccc79faa905c89f7f6Jakub Hrozekparticipant "Resource Server" as ResourceServer
d81d8d3dc151ebc95cd0e3f3b14c1cdaa48980f1Sumit Bose
d81d8d3dc151ebc95cd0e3f3b14c1cdaa48980f1Sumit BoseClient->Owner: Redirect...
f26c954658dfd7461f290f0b5d924951a6db219aJan Zeleny
f26c954658dfd7461f290f0b5d924951a6db219aJan ZelenyOwner->AuthzServer: ...with client_id, scope, state, redirect_uri
f26c954658dfd7461f290f0b5d924951a6db219aJan Zeleny
f26c954658dfd7461f290f0b5d924951a6db219aJan ZelenyOwner<->AuthzServer: Authenticate resource owner and\nconfirm resource access
bfd59d1a2d0d45125e5164ef12c425690d519f61Jakub Hrozek
f26c954658dfd7461f290f0b5d924951a6db219aJan ZelenyAuthzServer->Owner: If credentials are valid, redirect...
108db0e3b9e06e530364ef8228634f5e3f6bd3b5Jakub Hrozek
f26c954658dfd7461f290f0b5d924951a6db219aJan ZelenyOwner->Client: ...with authorization code, state to redirect_uri
f26c954658dfd7461f290f0b5d924951a6db219aJan Zeleny
f26c954658dfd7461f290f0b5d924951a6db219aJan ZelenyClient->AuthzServer: Authenticate, request access token with\nauthorization code, redirect_uri
21d485184df986e1a123f70c689517386e51a5ceMichal Zidek
f26c954658dfd7461f290f0b5d924951a6db219aJan ZelenyAuthzServer->Client: If authorization code is valid, return access token
f26c954658dfd7461f290f0b5d924951a6db219aJan Zeleny
684d1b48b5582a1bf7812b8c3c663592dc6dfed9Pavel BřezinaClient->ResourceServer: Request resource with access token
75dd4b05e1dacc76dc9d5f16be31978f84a71dc5Sumit Bose
b56b06e199f15a8a840b36bc7cb8010e39ae761dSumit BoseResourceServer->AuthzServer: Request token validation and information
b9fbeb75e7a4f50f98d979a70a710f9221892483Lukas Slebodnik
f26c954658dfd7461f290f0b5d924951a6db219aJan ZelenyAuthzServer->ResourceServer: If access token is valid, respond with information
4a9c1047354dbe5a4ed41e5951ae623e3772e113René Genz
f26c954658dfd7461f290f0b5d924951a6db219aJan ZelenyResourceServer->Client: If access token is valid, return protected resource
f26c954658dfd7461f290f0b5d924951a6db219aJan Zeleny@enduml