diff options
| author | mo khan <mo@mokhan.ca> | 2025-03-27 14:20:28 -0600 |
|---|---|---|
| committer | mo khan <mo@mokhan.ca> | 2025-03-27 14:20:28 -0600 |
| commit | 284e89135081e879a31f9c3b6da7ffb608ec74d9 (patch) | |
| tree | 8014460ceddac7fb28a115746d13dc183dda42c6 | |
| parent | 243ccf6d44566a7132365e36b45be5a57bd0478f (diff) | |
docs: connect UML with steps listed below
| -rw-r--r-- | doc/share/authz/DESIGN.md | 38 |
1 files changed, 19 insertions, 19 deletions
diff --git a/doc/share/authz/DESIGN.md b/doc/share/authz/DESIGN.md index b2d2b56..2ec7807 100644 --- a/doc/share/authz/DESIGN.md +++ b/doc/share/authz/DESIGN.md @@ -67,36 +67,36 @@ SAML Login Flow ```plantuml @startuml -Browser -> UI: Get dashboard +Browser -> UI: 1. Get dashboard UI --> Browser: Generate SAML <AuthnRequest /> and redirect to IdP -Browser -> IdP: Deliver SAML <AuthnRequest /> -IdP --> Browser: Redirect to Login Page -Browser -> IdP: Login -IdP --> Browser: Generate SAML <AuthnResponse /> with <Assertion /> and redirect to UI +Browser -> IdP: 2. Deliver SAML <AuthnRequest /> +IdP --> Browser: 3. Redirect to Login Page +Browser -> IdP: 4. Login +IdP --> Browser: 5. Generate SAML <AuthnResponse /> with <Assertion /> and redirect to UI -Browser -> UI: Deliver SAML <AuthnResponse /> -UI -> IdP: Exchange <Assertion /> for Tokens +Browser -> UI: 6. Deliver SAML <AuthnResponse /> +UI -> IdP: 7. Exchange <Assertion /> for Tokens IdP --> UI: Return `access_token` and `refresh_token` UI --> Browser: Redirect to dashboard Browser -> UI: Get dashboard -UI -> API: Request list of projects and provide Access Token -API -> IdP: Check if token is valid and check declarative policy +UI -> API: 8. Request list of groups and provide Access Token +API -> IdP: 9. Check if token is valid and check declarative policy IdP --> API: Return result of `Ability.allowed?` -API --> UI: Return list of projects as JSON -UI --> Browser: Return list of projects as HTML +API --> UI: Return list of groups as JSON +UI --> Browser: Return list of groups as HTML @enduml ``` 1. `GET http://ui.example.com/saml/new` -1. `POST http://idp.example.com/saml/new` -1. `GET http://idp.example.com/sessions/new?redirect_back=/saml/continue` -1. `POST http://idp.example.com/sessions` -1. `GET http://idp.example.com/saml/continue` -1. `POST http://ui.example.com/saml/assertions` -1. `POST http://idp.example.com/oauth/token` -1. `GET http://api.example.com/groups.json` -1. `GET grpc://idp.example.com/twirp/authx.rpc.Ability/Allowed` +2. `POST http://idp.example.com/saml/new` +3. `GET http://idp.example.com/sessions/new?redirect_back=/saml/continue` +4. `POST http://idp.example.com/sessions` +5. `GET http://idp.example.com/saml/continue` +6. `POST http://ui.example.com/saml/assertions` +7. `POST http://idp.example.com/oauth/token` +8. `GET http://api.example.com/groups.json` +9. `GET grpc://idp.example.com/twirp/authx.rpc.Ability/Allowed` OIDC Login Flow |