From 284e89135081e879a31f9c3b6da7ffb608ec74d9 Mon Sep 17 00:00:00 2001
From: mo khan <mo@mokhan.ca>
Date: Thu, 27 Mar 2025 14:20:28 -0600
Subject: docs: connect UML with steps listed below

---
 doc/share/authz/DESIGN.md | 38 +++++++++++++++++++-------------------
 1 file changed, 19 insertions(+), 19 deletions(-)

diff --git a/doc/share/authz/DESIGN.md b/doc/share/authz/DESIGN.md
index b2d2b56d..2ec7807f 100644
--- a/doc/share/authz/DESIGN.md
+++ b/doc/share/authz/DESIGN.md
@@ -67,36 +67,36 @@ SAML Login Flow
 
 ```plantuml
 @startuml
-Browser -> UI: Get dashboard
+Browser -> UI: 1. Get dashboard
 UI --> Browser: Generate SAML <AuthnRequest /> and redirect to IdP
 
-Browser -> IdP: Deliver SAML <AuthnRequest />
-IdP --> Browser: Redirect to Login Page
-Browser -> IdP: Login
-IdP --> Browser: Generate SAML <AuthnResponse /> with <Assertion /> and redirect to UI
+Browser -> IdP: 2. Deliver SAML <AuthnRequest />
+IdP --> Browser: 3. Redirect to Login Page
+Browser -> IdP: 4. Login
+IdP --> Browser: 5. Generate SAML <AuthnResponse /> with <Assertion /> and redirect to UI
 
-Browser -> UI: Deliver SAML <AuthnResponse />
-UI -> IdP: Exchange <Assertion /> for Tokens
+Browser -> UI: 6. Deliver SAML <AuthnResponse />
+UI -> IdP: 7. Exchange <Assertion /> for Tokens
 IdP --> UI: Return `access_token` and `refresh_token`
 UI --> Browser: Redirect to dashboard
 Browser -> UI: Get dashboard
-UI -> API: Request list of projects and provide Access Token
-API -> IdP: Check if token is valid and check declarative policy
+UI -> API: 8. Request list of groups and provide Access Token
+API -> IdP: 9. Check if token is valid and check declarative policy
 IdP --> API: Return result of `Ability.allowed?`
-API --> UI: Return list of projects as JSON
-UI --> Browser: Return list of projects as HTML
+API --> UI: Return list of groups as JSON
+UI --> Browser: Return list of groups as HTML
 @enduml
 ```
 
 1. `GET http://ui.example.com/saml/new`
-1. `POST http://idp.example.com/saml/new`
-1. `GET http://idp.example.com/sessions/new?redirect_back=/saml/continue`
-1. `POST http://idp.example.com/sessions`
-1. `GET http://idp.example.com/saml/continue`
-1. `POST http://ui.example.com/saml/assertions`
-1. `POST http://idp.example.com/oauth/token`
-1. `GET http://api.example.com/groups.json`
-1. `GET grpc://idp.example.com/twirp/authx.rpc.Ability/Allowed`
+2. `POST http://idp.example.com/saml/new`
+3. `GET http://idp.example.com/sessions/new?redirect_back=/saml/continue`
+4. `POST http://idp.example.com/sessions`
+5. `GET http://idp.example.com/saml/continue`
+6. `POST http://ui.example.com/saml/assertions`
+7. `POST http://idp.example.com/oauth/token`
+8. `GET http://api.example.com/groups.json`
+9. `GET grpc://idp.example.com/twirp/authx.rpc.Ability/Allowed`
 
 OIDC Login Flow
 
-- 
cgit v1.2.3