Provide a full HTTP request/response transaction example

[fluffy-critter]

I'm finally looking into implementing AutoAuth in Publ, and I'm getting quite lost trying to wrap my head around the specification to see which responsible parties send which requests. It would be really helpful to have a complete transcript of an AutoAuth flow. The current spec is pretty close, but for a lot of the steps it isn't obvious who is making the request and to what, and it seems like some steps are missing.

Basically, it'd be great to have a transcript for each step indicated in the flow diagram.

For example,

1. client -> resource

GET https://example.com/resource

HTTP/1.1 200 OK  // or 401 Unauthorized
WWW-Authenticate: Bearer realm="posts" scope="read"
Link: <https://example.org/token>; rel="token_endpoint"

2. client -> user authorization_endpoint

etc.

[njkleiner]

I'm having the same problem and a step by step diagram of HTTP transactions would indeed be very helpful! @sknebel any chance you could take a look at this?

[sknebel]

Sorry, I've been busy with other things :/ I wrote one up today: https://www.svenknebel.de/temp/autoauth.html

I'll see that I link it to the relevant bits of the spec later, but it's at least a start I hope. If things are unclear, please do ask!

[fluffy-critter]

Another thing that would be nice would be a "here is what each part of the puzzle needs to implement," grouped by the component that needs the parts implemented. Like, "here is what the client needs to do" "here is what the token_endpoint needs to do" "here is what the resource needs to do" etc.