Skip to content

Commit 5c7b39b

Browse files
committed
Use the official ASCII art from RFC6749 instead of embedded screenshots
1 parent 2bb87cf commit 5c7b39b

5 files changed

Lines changed: 89 additions & 4 deletions

File tree

guides/choosing-the-right-flow.md

Lines changed: 89 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -24,7 +24,25 @@ Directly inspired by [basic authentication](https://en.wikipedia.org/wiki/Basic_
2424
to the authorization server with the user credentials (and depending on the client authentication policy defined by the authorization server,
2525
its own client credentials) and gets back an access token it can use to retrieve the user's resources.
2626

27-
![Resource owner password credentials flow](choosing-the-right-flow/resource-owner-password-flow.png)
27+
```ansi
28+
+----------+
29+
| Resource |
30+
| Owner |
31+
| |
32+
+----------+
33+
v
34+
| Resource Owner
35+
(A) Password Credentials
36+
|
37+
v
38+
+---------+ +---------------+
39+
| |>--(B)---- Resource Owner ------->| |
40+
| | Password Credentials | Authorization |
41+
| Client | | Server |
42+
| |<--(C)---- Access Token ---------<| |
43+
| | (w/ Optional Refresh Token) | |
44+
+---------+ +---------------+
45+
```
2846

2947
```http
3048
POST /connect/token HTTP/1.1
@@ -62,7 +80,15 @@ Pragma: no-cache
6280
The client credentials grant is almost identical to the resource owner password credentials grant, except it's been specifically designed for **client-to-server scenarios**
6381
(no user is involved in this flow): the client application sends a token request containing its credentials and gets back an access token it can use to query its own resources.
6482

65-
![Client credentials flow](choosing-the-right-flow/client-credentials-flow.png)
83+
```ansi
84+
+---------+ +---------------+
85+
| | | |
86+
| |>--(A)- Client Authentication --->| Authorization |
87+
| Client | | Server |
88+
| |<--(B)---- Access Token ---------<| |
89+
| | | |
90+
+---------+ +---------------+
91+
```
6692

6793
```http
6894
POST /connect/token HTTP/1.1
@@ -103,7 +129,33 @@ In return for its complexity, this flow has a great advantage when used in serve
103129

104130
There are basically 2 steps in the authorization code flow: the authorization request/response and the token request/response.
105131

106-
![Authorization code flow](choosing-the-right-flow/authorization-code-flow.png)
132+
```ansi
133+
+----------+
134+
| Resource |
135+
| Owner |
136+
| |
137+
+----------+
138+
^
139+
|
140+
(B)
141+
+----|-----+ Client Identifier +---------------+
142+
| -+----(A)-- & Redirection URI ---->| |
143+
| User- | | Authorization |
144+
| Agent -+----(B)-- User authenticates --->| Server |
145+
| | | |
146+
| -+----(C)-- Authorization Code ---<| |
147+
+-|----|---+ +---------------+
148+
| | ^ v
149+
(A) (C) | |
150+
| | | |
151+
^ v | |
152+
+---------+ | |
153+
| |>---(D)-- Authorization Code ---------' |
154+
| Client | & Redirection URI |
155+
| | |
156+
| |<---(E)----- Access Token -------------------'
157+
+---------+ (w/ Optional Refresh Token)
158+
```
107159

108160
- **Step 1: the authorization request**
109161

@@ -190,7 +242,40 @@ to the client application as part of the authorization response in the URI fragm
190242
> When using the OpenID Connect version of the implicit flow, an additional token called *identity token*
191243
> is returned and can be used by client applications to retrieved standardized information about the user.
192244
193-
![Implicit flow](choosing-the-right-flow/implicit-flow.png)
245+
```ansi
246+
+----------+
247+
| Resource |
248+
| Owner |
249+
| |
250+
+----------+
251+
^
252+
|
253+
(B)
254+
+----|-----+ Client Identifier +---------------+
255+
| -+----(A)-- & Redirection URI --->| |
256+
| User- | | Authorization |
257+
| Agent -|----(B)-- User authenticates -->| Server |
258+
| | | |
259+
| |<---(C)--- Redirection URI ----<| |
260+
| | with Access Token +---------------+
261+
| | in Fragment
262+
| | +---------------+
263+
| |----(D)--- Redirection URI ---->| Web-Hosted |
264+
| | without Fragment | Client |
265+
| | | Resource |
266+
| (F) |<---(E)------- Script ---------<| |
267+
| | +---------------+
268+
+-|--------+
269+
| |
270+
(A) (G) Access Token
271+
| |
272+
^ v
273+
+---------+
274+
| |
275+
| Client |
276+
| |
277+
+---------+
278+
```
194279

195280
```http
196281
GET /connect/authorize?response_type=token&client_id=s6BhdRkqt3&redirect_uri=https%3A%2F%2Fclient.example.org%2Fcb&scope=openid&state=af0ifjsldkj&nonce=n-0S6_WzA2Mj HTTP/1.1
-19.5 KB
Binary file not shown.
-5.71 KB
Binary file not shown.
-21.3 KB
Binary file not shown.
-11.7 KB
Binary file not shown.

0 commit comments

Comments
 (0)