[Openid-specs-ab] OpenID Connect Flow Diagrams

Anganes, Amanda L aanganes at mitre.org
Tue Feb 7 14:52:19 UTC 2012

Hello again,

Based on some feedback I have received from both this WG and the OAuth 2.0 WG, I have updated my diagrams. Changes are listed below, and the links (https://github.com/jricher/OpenID-Connect-Java-Spring-Server/blob/master/docs/OAuth2.0_Diagrams.pdf?raw=true and https://github.com/jricher/OpenID-Connect-Java-Spring-Server/blob/master/docs/OpenID_Connect_Diagrams.pdf?raw=true) will always point to the latest versions.

OAuth 2.0:
* Changed the title of the diagrams to "OAuth 2.0 Authorization" (from "OAuth 2.0 Authentication", which was incorrect).

* Removed refresh_token from the Access Token response on the Client Credentials flow.
Ref: http://tools.ietf.org/html/draft-ietf-oauth-v2-23#section-4.4.3 says "A refresh token SHOULD NOT be included."

* Changed "Consumer" to "Client" to better match the 2.0 terminology.

OpenID Connect:
* Changed "Consumer" to "Client".

* Clarified required/optional wording. Parameters are REQUIRED unless otherwise stated.

* Implicit Flow: changed wording on redirect_uri requirement in the Authorization Request. Now reads "required IFF the client has pre-configured more than one value with the service provider".

* Diagram 3 was renamed to "Optional Steps" (from "Additional Steps"), as these steps may or may not be taken and may be done in any order. Added "openid" to the schema parameter in the UserInfo Request.

Amanda Anganes
Info Sys Engineer, G061
The MITRE Corporation
aanganes at mitre.org

From: openid-specs-ab-bounces at lists.openid.net [mailto:openid-specs-ab-bounces at lists.openid.net] On Behalf Of Anganes, Amanda L
Sent: Friday, February 03, 2012 9:28 AM
To: openid-specs-ab at lists.openid.net
Subject: [Openid-specs-ab] OpenID Connect Flow Diagrams


I've developed a set of flow diagrams for the OpenID Connect spec, linked below. There are two separate diagrams for the Authorization Code flow and the Implicit Grant flow, as well as a third diagram showing  the additional steps of interacting with the UserInfo Endpoint and the Check ID Endpoint.

These were inspired by the diagrams for OAuth 1.0 and 1.0a that Idan Gazit posted in http://www.ietf.org/mail-archive/web/oauth/current/msg00696.html, which Justin Richer pointed me to when I first started trying to read and understand the OAuth2.0 spec. I've created updated diagrams for OAuth 2.0 as well, which are available at https://github.com/jricher/OpenID-Connect-Java-Spring-Server/blob/master/docs/OAuth2.0_Diagrams.pdf?raw=true

The OpenID Connect diagrams are available at https://github.com/jricher/OpenID-Connect-Java-Spring-Server/blob/master/docs/OAuth2.0_Diagrams.pdf?raw=true.

I'd appreciate any comments/corrections. If anyone finds the diagrams to be useful, please feel free to rehost.


Amanda Anganes
Info Sys Engineer, G061
The MITRE Corporation
aanganes at mitre.org<mailto:aanganes at mitre.org>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20120207/b58a70b6/attachment.html>

More information about the Openid-specs-ab mailing list