diff options
Diffstat (limited to 'doc')
| -rw-r--r-- | doc/share/authz/DESIGN.md | 8 |
1 files changed, 5 insertions, 3 deletions
diff --git a/doc/share/authz/DESIGN.md b/doc/share/authz/DESIGN.md index 0cf0fc03..c64386e5 100644 --- a/doc/share/authz/DESIGN.md +++ b/doc/share/authz/DESIGN.md @@ -50,11 +50,13 @@ Browser -> IdP: Login IdP --> Browser: Generate SAML <AuthnResponse /> with <Assertion /> and redirect to UI Browser -> UI: Deliver SAML <AuthnResponse /> -UI --> IdP: Exchange <Assertion /> for Tokens +UI -> IdP: Exchange <Assertion /> for Tokens +IdP --> UI: Return `access_token` and `refresh_token` UI --> Browser: Redirect to dashboard Browser -> UI: Get dashboard -UI --> API: Request list of projects and provide Access Token -API -> IdP: Validate token and check declarative policy +UI -> API: Request list of projects and provide Access Token +API -> IdP: Check if token is valid and check declarative policy +IdP --> API: Return result of `Ability.allowed?` API --> UI: Return list of projects as JSON UI --> Browser: Return list of projects as HTML @enduml |