Clean up authorization code flow diagram

aaronpk commented 3 years ago

From Vittorio:

The first time I saw this diagram I found it confusing. The fact that the same numeral is assigned to multiple legs is just odd for anyone not already familiar with the flow, possibly still struggling to understand the client as a service side component. Also, now that we have mighty SVG support, I would strongly advocate for a modern version of this diagram (there lines perhaps don’t need to be broken into segments).

tlodderstedt commented 3 years ago

+1

dickhardt commented 2 years ago


     +----------+
     | Resource |
     |   Owner  |
     +----------+
           ^
           |
           |
     +-----|----+          Client Identifier      +---------------+
     | .---+---------(A)-- & Redirection URI ---->|               |
     | |   |    |                                 |               |
     | |   '---------(B)-- User authenticates --->|               |
     | | User-  |                                 | Authorization |
     | | Agent  |                                 |     Server    |
     | |        |                                 |               |
     | |    .--------(C)-- Authorization Code ---<|               |
     +-|----|---+                                 +---------------+
       |    |                                         ^      v
       |    |                                         |      |
       ^    v                                         |      |
     +---------+                                      |      |
     |         |>---(D)-- Authorization Code ---------'      |
     |  Client |          & Redirection URI                  |
     |         |                                             |
     |         |<---(E)----- Access Token -------------------'
     +---------+       (w/ Optional Refresh Token)

oauth-wg / oauth-v2-1

Clean up authorization code flow diagram #55