Created
May 21, 2016 23:37
-
-
Save tomcrane/18371dfebffa241f14fa173707e05302 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
participant user | |
participant client.org | |
participant content.org | |
participant CAS | |
user->client.org: select something | |
client.org->content.org: GET info.json | |
note left of content.org | |
HTTP 401 | |
unauthorized | |
end note | |
note left of content.org | |
The info.json response body must be the | |
same regardless of the status code | |
end note | |
client.org->client.org: check info.json\nfor auth services | |
note over client.org | |
login service detected | |
end note | |
client.org->+content.org: window.open(loginService) | |
activate client.org | |
note right of client.org | |
client.org has no access to | |
the opened login window, but | |
can wait for it to close | |
end note | |
content.org->CAS: redirect | |
deactivate content.org | |
user->+CAS: Log in | |
CAS->+content.org: redirect | |
deactivate CAS | |
content.org->content.org: set cookie | |
content.org->content.org: window.close() | |
deactivate content.org | |
client.org->client.org: detect window closed | |
client.org->content.org: GET tokenService | |
content.org->client.org: postMessage(token) | |
client.org->content.org: GET info.json with token | |
note left of content.org | |
HTTP 200 OK | |
end note | |
note left of client.org | |
Client now knows it can request | |
the content resources (e.g., tiles) | |
descibed by the info.json | |
end note | |
client.org->content.org: image requests with cookie |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment