Created
August 27, 2018 13:43
-
-
Save gbataille/28573bf1ac4aca95e53351aa0056ff0a to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
@startuml | |
start | |
note right | |
* **RT** refers to the refresh token in the request | |
* **RT_new** refers to the new refresh token | |
* **AT** refers to the Access Token that was created | |
at the same time as RT | |
* **AT_new** refers to the access token under creation | |
* **AT_refreshed** refers to an access token that might | |
already have been created from RT (but RT is still in | |
its grace period and therefore still valid) | |
end note | |
#aafe00:**POST (grant_type=refresh_token)**; | |
#ff5555:token validation; | |
note right | |
* The RT **instance** is stored | |
in the request object | |
* The RT **code** is stored | |
in the request object | |
end note | |
:new token generation (in memory); | |
partition Saving { | |
:get RT code; | |
:get RT instance from the cache in *request*; | |
if (token reuse) then (yes) | |
:db lock AT instance; | |
:update the AT db record in place with | |
the new token code/expiration; | |
else (no) | |
#aafe00:LOCK refresh token and refresh it from DB; | |
:revoke the refresh token; | |
if (AT_refreshed exists) then (yes) | |
:return access token linked to the brand new refresh token; | |
note left | |
leave db untouched | |
end note | |
else (no) | |
#ff5555:create (db) AT_new with //source_refresh_token// | |
pointing to RT; | |
note right | |
Through //source_refresh_token// we say AT_new | |
was created from RT | |
end note | |
:create (db) RT_new pointing to AT_new; | |
endif | |
endif | |
} | |
stop | |
@enduml |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment