File:Authentication Sequence with OpenID Connect(1).png
Created via http://sequencediagram.org/, licensed under the terms of the MPLv2 license. Copyright (c) kang@insecure.ws
Source data:
title Authentication Sequence with OpenID Connect
participant "User's Browser (User-Agent)" as UserAgent participant "Website (Relying Party)" as RP participant "OIDC Provider (OP)" as OP participant "LDAP, GitHub, etc. (IdP)" as IdP
note over UserAgent: User visits https://rp.example.net
UserAgent->RP: GET https://rp.example.net/
RP->OP: GET https://op.example.net/.well-known/openid-configuration
OP->RP: JSON {"issuer", "authorization_endpoint", [...]}
RP->UserAgent: 302 Redirect to https://op.example.net/authorize?[...]
note left of RP:GET /authorize parameters:\nstate=random_string_state (random)\nnonce=random_string_nonce (random)\nscope=openid email profile\nredirect_uri=https:\/\/rp.example.net/callback\nresponse_type=code\nclient_id=my_rp_client_identifier
UserAgent->OP: GET https:\/\/op.example.net/authorize?[...]
OP->UserAgent: Show hosted login page
UserAgent->OP: Performs login
OP->IdP: authenticate user (via OIDC or other means)
IdP->OP: return user attributes
OP->UserAgent: 302 Redirect to https://rp.example.net/callback?[...] (redirect_uri)
note left of RP:GET /callback parameters:\nstate=random_string_state\ncode=access_code
UserAgent->RP: GET https:\/\/rp.example.net/callback?[...] Website (Relying Party)->OP: POST https:\/\/op.example.net/oauth/token
note right of RP:POST /oauth/token parameters:\nclient_id=my_rp_client_identifier\nclient_secret=my_rp_client_secret\ngrant_type=authorization_code\ncode=access_code\nstate=random_string_state
OP->RP: JSON {"base64(id_token)", "access_token", ...}
note right of RP:JSON Document:\n{\n\n "id_token": ADNqVMtqKeYp5w==...,\n "access_token": secret_access_token,\n "email": "test@rp.example.net,\n "attribute1": ...,\n "attribute2": ...,\n [...]\n}
RP->RP: Verify id_token signature is valid, signed by OP
RP->UserAgent: 302 Redirect https://rp.example.net/
note over UserAgent: User is authenticated to https:\/\/rp.example.net
File history
Click on a date/time to view the file as it appeared at that time.
Date/Time | Thumbnail | Dimensions | User | Comment | |
---|---|---|---|---|---|
current | 23:36, 21 April 2017 | 1,407 × 1,601 (140 KB) | Gdestuynder (talk | contribs) | Source data is in git at https://github.com/mozilla/wikimo_content/ | |
22:48, 14 November 2016 | 1,673 × 1,716 (177 KB) | Gdestuynder (talk | contribs) | title Authentication Sequence with OpenID Connect participant "User's Browser (User-Agent)" as UserAgent participant "Website (Relying Party)" as RP participant "OIDC Provider (OP)" as OP participant "LDAP, GitHub, etc. (IdP)" as IdP note over UserA... | ||
18:03, 14 November 2016 | 1,638 × 1,650 (163 KB) | Gdestuynder (talk | contribs) | title Authentication Sequence with OpenID Connect participant "User's Browser (User-Agent)" as UserAgent participant "Website (Relying Party)" as RP participant "OIDC Provider (OP)" as OP participant "LDAP, GitHub, etc. (IdP)" as IdP note over UserA... | ||
01:14, 12 November 2016 | 1,416 × 1,523 (148 KB) | Gdestuynder (talk | contribs) | title Authentication Sequence with OpenID Connect participant "User's Browser (User-Agent)" as UserAgent participant "Website (Relying Party)" as RP participant "OIDC Provider (OP)" as OP participant "LDAP, GitHub, etc. (IdP)" as IdP note over UserA... | ||
01:12, 12 November 2016 | 489 × 507 (32 KB) | Gdestuynder (talk | contribs) | title Authentication Sequence with OpenID Connect participant "User's Browser (User-Agent)" as UserAgent participant "Website (Relying Party)" as RP participant "OIDC Provider (OP)" as OP participant "LDAP, GitHub, etc. (IdP)" as IdP note over UserA... | ||
01:08, 12 November 2016 | 1,416 × 1,523 (148 KB) | Gdestuynder (talk | contribs) | Fixed participant alias. title Authentication Sequence with OpenID Connect participant "User's Browser (User-Agent)" as UserAgent participant "Website (Relying Party)" as RP participant "OIDC Provider (OP)" as OP participant "LDAP, GitHub, etc. (IdP)... | ||
00:58, 12 November 2016 | 1,620 × 1,523 (154 KB) | Gdestuynder (talk | contribs) | Created via http://sequencediagram.org/, licensed under the terms of the MPLv2 license. Copyright (c) kang@insecure.ws Source data: title Authentication Sequence with OpenID Connect participant "User's Browser (User-Agent)" as UserAgent participant... |
- You cannot overwrite this file.
File usage
The following page links to this file: