Created
November 20, 2017 17:06
-
-
Save kishansagathiya/50837b734ba400a807e84039ffdb2baf to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Login Flow | |
| --------------------------------------------------------------------------------------------- | |
| 1. http://localhost:8089/api/login | |
| 2. Sends a request to keycloak( which is provider here). | |
| https://sso.prod-preview.openshift.io/auth/realms/fabric8-test/protocol/openid-connect/auth?access_type=online&client_id=fabric8-online-platform&redirect_uri=http%3A%2F%2Flocalhost%3A8089%2Fapi%2Flogin&response_type=code&scope=user%3Aemail&state=c236a447-52c2-4761-986b-6d4ae1bff887 | |
| 3. authentication_code received from the above request is passed with this login request to rhd (similar to 1) | |
| https://sso.prod-preview.openshift.io/auth/realms/fabric8-test/broker/rhd/login?code=xH75ch5pUszXQg9le5HildU27ZVMowZC4sP_fFvykgQ&client_id=fabric8-online-platform | |
| this will result in 303 redirecting to 4 | |
| 4. similar to 2 | |
| https://developers.redhat.com/auth/realms/rhd/protocol/openid-connect/auth?scope=openid&state=DV0sNM4Php8HwGXhfysSbodlrsevVSEIUeNejAfi_qs.fabric8-online-platform&response_type=code&client_id=fabric8-online&redirect_uri=https%3A%2F%2Fsso.prod-preview.openshift.io%2Fauth%2Frealms%2Ffabric8-test%2Fbroker%2Frhd%2Fendpoint | |
| On clicking on github | |
| 5. similar to 1 | |
| login request to github | |
| code is the authentication_code obtained from 4 | |
| https://developers.redhat.com/auth/realms/rhd/broker/github/login?code=2cuLGgdY6EjtlzmThy__177PHak517-SaGwpM6cTyuQ.68d8c75e-bba8-4c7a-9d63-b4b8f5d63d02 | |
| redirects to 6 | |
| 6. Authorize api on github side | |
| https://github.com/login/oauth/authorize?scope=user%3Aemail&state=2cuLGgdY6EjtlzmThy__177PHak517-SaGwpM6cTyuQ.68d8c75e-bba8-4c7a-9d63-b4b8f5d63d02&response_type=code&client_id=026f7e141f704509d4e5&redirect_uri=https%3A%2F%2Fdevelopers.redhat.com%2Fauth%2Frealms%2Frhd%2Fbroker%2Fgithub%2Fendpoint | |
| response should be authentication_code | |
| 7. https://github.com/login?client_id=026f7e141f704509d4e5&return_to=%2Flogin%2Foauth%2Fauthorize%3Fclient_id%3D026f7e141f704509d4e5%26redirect_uri%3Dhttps%253A%252F%252Fdevelopers.redhat.com%252Fauth%252Frealms%252Frhd%252Fbroker%252Fgithub%252Fendpoint%26response_type%3Dcode%26scope%3Duser%253Aemail%26state%3D2cuLGgdY6EjtlzmThy__177PHak517-SaGwpM6cTyuQ.68d8c75e-bba8-4c7a-9d63-b4b8f5d63d02 | |
| returns to /login/oauth/authorize (endpoint on 6) | |
| After submitting the form | |
| 8. code is obtained from 6 | |
| authorize request to github is successful and redirecting to redirect_uri of rhd | |
| https://developers.redhat.com/auth/realms/rhd/broker/github/endpoint?code=5ff9714f2b6ecf9a3f82&state=2cuLGgdY6EjtlzmThy__177PHak517-SaGwpM6cTyuQ.68d8c75e-bba8-4c7a-9d63-b4b8f5d63d02 | |
| We are logged in to github | |
| 9. Not quite sure why we need this? | |
| https://developers.redhat.com/auth/realms/rhd/login-actions/required-action?code=2cuLGgdY6EjtlzmThy__177PHak517-SaGwpM6cTyuQ.68d8c75e-bba8-4c7a-9d63-b4b8f5d63d02 | |
| 10. authorize request to rhd is successful and redirecting to redirect_uri of keycloak | |
| https://sso.prod-preview.openshift.io/auth/realms/fabric8-test/broker/rhd/endpoint?state=DV0sNM4Php8HwGXhfysSbodlrsevVSEIUeNejAfi_qs.fabric8-online-platform&code=2cuLGgdY6EjtlzmThy__177PHak517-SaGwpM6cTyuQ.68d8c75e-bba8-4c7a-9d63-b4b8f5d63d02 | |
| we are logged in to rhd | |
| 11. seems like redirect_uri of fabric8-online-platform client is http://localhost:8089/api/login | |
| http://localhost:8089/api/login?state=4bcd8559-5ee0-4089-81d3-4b0154d5c53d&code=uss.P7wc0QFcLUCX4_FXbL1gvU6Lv4bNslV8qPFGg5KeMNA.81b275d9-f10c-4269-9ace-c57399a3434e.239ed057-eec1-425b-a7eb-f4b338c94cdd | |
| 12. redirecting to redirect_uri added to /api/login along with access token | |
| http://localhost:8089/api/status?token_json=%7B%22access_token%22%3A%22eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJiTnEtQkNPUjNldi1FNmJ1R1NhUHJVLTBTWFg4d2hoRGxtWjZnZWVua1RFIn0.eyJqdGkiOiIyY2QxYjFmMy1hZWNmLTRjZDQtYmUyZC1jZWI3Yjg0OTQ4NmIiLCJleHAiOjE1MTM3NzMzNjcsIm5iZiI6MCwiaWF0IjoxNTExMTgxMzY3LCJpc3MiOiJodHRwczovL3Nzby5wcm9kLXByZXZpZXcub3BlbnNoaWZ0LmlvL2F1dGgvcmVhbG1zL2ZhYnJpYzgtdGVzdCIsImF1ZCI6ImZhYnJpYzgtb25saW5lLXBsYXRmb3JtIiwic3ViIjoiNDAyZjlkMGQtMWM4NC00NDhkLWFlMTMtMTViNDA2ZGE1ZGMyIiwidHlwIjoiQmVhcmVyIiwiYXpwIjoiZmFicmljOC1vbmxpbmUtcGxhdGZvcm0iLCJhdXRoX3RpbWUiOjE1MTExODEzNjQsInNlc3Npb25fc3RhdGUiOiI4MWIyNzVkOS1mMTBjLTQyNjktOWFjZS1jNTczOTlhMzQzNGUiLCJhY3IiOiIxIiwiYWxsb3dlZC1vcmlnaW5zIjpbImh0dHBzOi8vcHJvZC1wcmV2aWV3Lm9wZW5zaGlmdC5pbyIsImh0dHBzOi8vYXV0aC5wcm9kLXByZXZpZXcub3BlbnNoaWZ0LmlvIiwiaHR0cDovLzE5Mi4xNjguNDIuMjU0OjMxMDAwIiwiaHR0cDovL2xvY2FsaG9zdDo4MDgwIiwiaHR0cDovL21pbmlzaGlmdC5sb2NhbDozMTAwMCIsImh0dHBzOi8vYXBpLnByb2QtcHJldmlldy5vcGVuc2hpZnQuaW8iLCJodHRwOi8vbG9jYWxob3N0OjMwMDAiLCJodHRwOi8vbG9jYWxob3N0OjgwODkiXSwicmVhbG1fYWNjZXNzIjp7InJvbGVzIjpbInVtYV9hdXRob3JpemF0aW9uIl19LCJyZXNvdXJjZV9hY2Nlc3MiOnsiYnJva2VyIjp7InJvbGVzIjpbInJlYWQtdG9rZW4iXX0sImFjY291bnQiOnsicm9sZXMiOlsibWFuYWdlLWFjY291bnQiLCJtYW5hZ2UtYWNjb3VudC1saW5rcyIsInZpZXctcHJvZmlsZSJdfX0sImFwcHJvdmVkIjp0cnVlLCJuYW1lIjoiS2lzaGFuIFNhZ2F0aGl5YSIsImNvbXBhbnkiOiJNb25leVNtYXJ0IiwicHJlZmVycmVkX3VzZXJuYW1lIjoia2lzaGFuc2FndGhpeWEiLCJnaXZlbl9uYW1lIjoiS2lzaGFuIiwiZmFtaWx5X25hbWUiOiJTYWdhdGhpeWEiLCJlbWFpbCI6Imtpc2hhbm1zYWd0aGl5YUBnbWFpbC5jb20ifQ.oK7bY2qfKzw4oqm-FBmXxD9OzQQf_vbrGGhCFi9EikmqxaPMVXamVrkR3OV1oUSPe9NCvMty9VNDEFoVomfyFzY_ms3Up6cr5ezTEc8q5Dty0fPurxAFAB_b_aWPB8cX42gKzdiaI7-5fWBNHn7htC_13JBn8Zt0f1ZjZ-7QYY_FPdy1h04mY0mE00sVkXHol0f76IQllbOqB_1g6Z4mF27D6GD2FQOACB3dK-fQElNQHUi3LWz2XrpNkJ1EW_9YMLFO6aXW77q05kpEn8CBl7quHXmfUILuND9FOUc_pqfVmeef_mRf-6pfmwjvz-AWUtgvWg3A0ZXGyJrNnkkz8Q%22%2C%22expires_in%22%3A2592000%2C%22not-before-policy%22%3Anull%2C%22refresh_expires_in%22%3A2592000%2C%22refresh_token%22%3A%22eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJiTnEtQkNPUjNldi1FNmJ1R1NhUHJVLTBTWFg4d2hoRGxtWjZnZWVua1RFIn0.eyJqdGkiOiIxYjhiODVkMC0xYzgyLTQyNjgtYjJlNC00NzliODYzZmIwZDciLCJleHAiOjE1MTM3NzMzNjcsIm5iZiI6MCwiaWF0IjoxNTExMTgxMzY3LCJpc3MiOiJodHRwczovL3Nzby5wcm9kLXByZXZpZXcub3BlbnNoaWZ0LmlvL2F1dGgvcmVhbG1zL2ZhYnJpYzgtdGVzdCIsImF1ZCI6ImZhYnJpYzgtb25saW5lLXBsYXRmb3JtIiwic3ViIjoiNDAyZjlkMGQtMWM4NC00NDhkLWFlMTMtMTViNDA2ZGE1ZGMyIiwidHlwIjoiUmVmcmVzaCIsImF6cCI6ImZhYnJpYzgtb25saW5lLXBsYXRmb3JtIiwiYXV0aF90aW1lIjowLCJzZXNzaW9uX3N0YXRlIjoiODFiMjc1ZDktZjEwYy00MjY5LTlhY2UtYzU3Mzk5YTM0MzRlIiwicmVhbG1fYWNjZXNzIjp7InJvbGVzIjpbInVtYV9hdXRob3JpemF0aW9uIl19LCJyZXNvdXJjZV9hY2Nlc3MiOnsiYnJva2VyIjp7InJvbGVzIjpbInJlYWQtdG9rZW4iXX0sImFjY291bnQiOnsicm9sZXMiOlsibWFuYWdlLWFjY291bnQiLCJtYW5hZ2UtYWNjb3VudC1saW5rcyIsInZpZXctcHJvZmlsZSJdfX19.XIx-iboiA5qgMSPCSb5mg75Nk61e3wNrLmHaoDaP5HWC0tHb4L6i-bZVCI7SPzPtjI6YKXciUFX4ABszezhw0197N10z1F_bQ7r7o3hKS97PlfwYmcQKByX8aEeI1eILsKt6BTkGjzTUqPtMG-1dl3hUthsKxY8QMHu9p-PgFdu7Cit32ZbJRaMvW-k8QgcnpHWy9TzpnbnmS5ZIddXvUEsMPMiSf02RPZG4Wapm-_PWdDCQBvLat1xejFHLJ_2fMPKuVPeLXkILnJeJYrFxjnQjBXMI0fpRHVBQk_ySGGD-ypx3y3fg4_gk2l7wWwqLdKIqfq5TKdKUldYsitXkdg%22%2C%22token_type%22%3A%22bearer%22%7D | |
| Every request to a new provider goes with authorize endpoint |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment