docs: update SAML flow sequence diagram

author: mo khan <mo@mokhan.ca> 2025-03-27 14:02:48 -0600
committer: mo khan <mo@mokhan.ca> 2025-03-27 14:02:48 -0600
commit: 2434ef53314fdca51831db33c6dde6bbcc092289 (patch)
tree: cf99b9218540177cac1ae492ecff3240c880bc5f
parent: c6327a5e1e885faaea022af011f40b40670f5c38 (diff)
1 files changed, 5 insertions, 3 deletions
diff --git a/doc/share/authz/DESIGN.md b/doc/share/authz/DESIGN.md
index 0cf0fc0..c64386e 100644
--- a/doc/share/authz/DESIGN.md
+++ b/doc/share/authz/DESIGN.md
@@ -50,11 +50,13 @@ Browser -> IdP: Login
 IdP --> Browser: Generate SAML <AuthnResponse /> with <Assertion /> and redirect to UI
 
 Browser -> UI: Deliver SAML <AuthnResponse />
-UI --> IdP: Exchange <Assertion /> for Tokens
+UI -> IdP: Exchange <Assertion /> for Tokens
+IdP --> UI: Return `access_token` and `refresh_token`
 UI --> Browser: Redirect to dashboard
 Browser -> UI: Get dashboard
-UI --> API: Request list of projects and provide Access Token
-API -> IdP: Validate token and check declarative policy
+UI -> API: Request list of projects and provide Access Token
+API -> IdP: Check if token is valid and check declarative policy
+IdP --> API: Return result of `Ability.allowed?`
 API --> UI: Return list of projects as JSON
 UI --> Browser: Return list of projects as HTML
 @enduml
author	mo khan <mo@mokhan.ca>	2025-03-27 14:02:48 -0600
committer	mo khan <mo@mokhan.ca>	2025-03-27 14:02:48 -0600
commit	2434ef53314fdca51831db33c6dde6bbcc092289 (patch)
tree	cf99b9218540177cac1ae492ecff3240c880bc5f
parent	c6327a5e1e885faaea022af011f40b40670f5c38 (diff)