summaryrefslogtreecommitdiff
path: root/doc/share/authz
diff options
context:
space:
mode:
Diffstat (limited to 'doc/share/authz')
-rw-r--r--doc/share/authz/DESIGN.md8
1 files changed, 5 insertions, 3 deletions
diff --git a/doc/share/authz/DESIGN.md b/doc/share/authz/DESIGN.md
index 0cf0fc0..c64386e 100644
--- a/doc/share/authz/DESIGN.md
+++ b/doc/share/authz/DESIGN.md
@@ -50,11 +50,13 @@ Browser -> IdP: Login
IdP --> Browser: Generate SAML <AuthnResponse /> with <Assertion /> and redirect to UI
Browser -> UI: Deliver SAML <AuthnResponse />
-UI --> IdP: Exchange <Assertion /> for Tokens
+UI -> IdP: Exchange <Assertion /> for Tokens
+IdP --> UI: Return `access_token` and `refresh_token`
UI --> Browser: Redirect to dashboard
Browser -> UI: Get dashboard
-UI --> API: Request list of projects and provide Access Token
-API -> IdP: Validate token and check declarative policy
+UI -> API: Request list of projects and provide Access Token
+API -> IdP: Check if token is valid and check declarative policy
+IdP --> API: Return result of `Ability.allowed?`
API --> UI: Return list of projects as JSON
UI --> Browser: Return list of projects as HTML
@enduml
generated by cgit v1.2.3 (git 2.39.1) at 2026-02-02 05:00:07 +0000