From 2434ef53314fdca51831db33c6dde6bbcc092289 Mon Sep 17 00:00:00 2001
From: mo khan <mo@mokhan.ca>
Date: Thu, 27 Mar 2025 14:02:48 -0600
Subject: docs: update SAML flow sequence diagram

---
 doc/share/authz/DESIGN.md | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

(limited to 'doc')

diff --git a/doc/share/authz/DESIGN.md b/doc/share/authz/DESIGN.md
index 0cf0fc03..c64386e5 100644
--- a/doc/share/authz/DESIGN.md
+++ b/doc/share/authz/DESIGN.md
@@ -50,11 +50,13 @@ Browser -> IdP: Login
 IdP --> Browser: Generate SAML <AuthnResponse /> with <Assertion /> and redirect to UI
 
 Browser -> UI: Deliver SAML <AuthnResponse />
-UI --> IdP: Exchange <Assertion /> for Tokens
+UI -> IdP: Exchange <Assertion /> for Tokens
+IdP --> UI: Return `access_token` and `refresh_token`
 UI --> Browser: Redirect to dashboard
 Browser -> UI: Get dashboard
-UI --> API: Request list of projects and provide Access Token
-API -> IdP: Validate token and check declarative policy
+UI -> API: Request list of projects and provide Access Token
+API -> IdP: Check if token is valid and check declarative policy
+IdP --> API: Return result of `Ability.allowed?`
 API --> UI: Return list of projects as JSON
 UI --> Browser: Return list of projects as HTML
 @enduml
-- 
cgit v1.2.3