Skip to content

Instantly share code, notes, and snippets.

@kotaroito
Created December 6, 2012 10:08
Show Gist options
  • Save kotaroito/4223429 to your computer and use it in GitHub Desktop.
Save kotaroito/4223429 to your computer and use it in GitHub Desktop.
A basic sequence to explain OAuth2 authorization code grant.
@startuml
actor UserAgent
participant Client
participant "Authorization Server"
activate UserAgent
UserAgent -> "Authorization Server" : client Identifier & redirection URI
activate "Authorization Server"
== Resource owner's grant ==
"Authorization Server" --> UserAgent: redirect w/authorization code
UserAgent -> Client: access to redirection URI
activate Client
Client -> "Authorization Server": request access token
"Authorization Server" --> Client: access token
deactivate "Authorization Server"
Client --> UserAgent: notify authorization is done.
== Client retrieves resource owner's data ==
UserAgent -> Client: request
Client -> "API Server": retrieve data w/access token
activate "API Server"
"API Server" --> Client
Client --> UserAgent: response
@enduml
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment