[Openid-specs-ab] OpenID Connect Flow Diagrams

Wed May 9 21:08:07 UTC 2012

We've moved our git repository away from one that was tied to my 
personal account (jricher) and into a more appropriate "GitHub 
Organization" one. This means that the diagram URLs have changed. They 
are now:

OpenID Connect: 
https://raw.github.com/mitreid-connect/OpenID-Connect-Java-Spring-Server/master/docs/OpenID_Connect_Diagrams.pdf

OAuth 2.0: 
https://raw.github.com/mitreid-connect/OpenID-Connect-Java-Spring-Server/master/docs/OAuth2.0_Diagrams.pdf

These will point to the latest versions.

  -- Justin

On 02/07/2012 09:52 AM, Anganes, Amanda L wrote:
>
> Hello again,
>
> Based on some feedback I have received from both this WG and the OAuth 
> 2.0 WG, I have updated my diagrams. Changes are listed below, and the 
> links 
> (https://github.com/jricher/OpenID-Connect-Java-Spring-Server/blob/master/docs/OAuth2.0_Diagrams.pdf?raw=true 
> and 
> https://github.com/jricher/OpenID-Connect-Java-Spring-Server/blob/master/docs/OpenID_Connect_Diagrams.pdf?raw=true) 
> will always point to the latest versions.
>
> OAuth 2.0:
>
> * Changed the title of the diagrams to "OAuth 2.0 Authorization" (from 
> "OAuth 2.0 Authentication", which was incorrect).
>
> * Removed refresh_token from the Access Token response on the Client 
> Credentials flow.
>
> Ref: http://tools.ietf.org/html/draft-ietf-oauth-v2-23#section-4.4.3 
> says "A refresh token SHOULD NOT be included."
>
> * Changed "Consumer" to "Client" to better match the 2.0 terminology.
>
> OpenID Connect:
>
> * Changed "Consumer" to "Client".
>
> * Clarified required/optional wording. Parameters are REQUIRED unless 
> otherwise stated.
>
> * Implicit Flow: changed wording on redirect_uri requirement in the 
> Authorization Request. Now reads "required IFF the client has 
> pre-configured more than one value with the service provider".
>
> * Diagram 3 was renamed to "Optional Steps" (from "Additional Steps"), 
> as these steps may or may not be taken and may be done in any order. 
> Added "openid" to the schema parameter in the UserInfo Request.
>
> /Amanda Anganes/
>
> Info Sys Engineer, G061
>
> The MITRE Corporation
>
> 782-271-3103
>
> aanganes at mitre.org
>
> *From:*openid-specs-ab-bounces at lists.openid.net 
> [mailto:openid-specs-ab-bounces at lists.openid.net] *On Behalf Of 
> *Anganes, Amanda L
> *Sent:* Friday, February 03, 2012 9:28 AM
> *To:* openid-specs-ab at lists.openid.net
> *Subject:* [Openid-specs-ab] OpenID Connect Flow Diagrams
>
> Hello,
>
> I've developed a set of flow diagrams for the OpenID Connect spec, 
> linked below. There are two separate diagrams for the Authorization 
> Code flow and the Implicit Grant flow, as well as a third diagram 
> showing  the additional steps of interacting with the UserInfo 
> Endpoint and the Check ID Endpoint.
>
> These were inspired by the diagrams for OAuth 1.0 and 1.0a that Idan 
> Gazit posted in 
> http://www.ietf.org/mail-archive/web/oauth/current/msg00696.html, 
> which Justin Richer pointed me to when I first started trying to read 
> and understand the OAuth2.0 spec. I've created updated diagrams for 
> OAuth 2.0 as well, which are available at 
> https://github.com/jricher/OpenID-Connect-Java-Spring-Server/blob/master/docs/OAuth2.0_Diagrams.pdf?raw=true
>
> The OpenID Connect diagrams are available at 
> https://github.com/jricher/OpenID-Connect-Java-Spring-Server/blob/master/docs/OAuth2.0_Diagrams.pdf?raw=true.
>
> I'd appreciate any comments/corrections. If anyone finds the diagrams 
> to be useful, please feel free to rehost.
>
> Thanks,
>
> /Amanda Anganes/
>
> Info Sys Engineer, G061
>
> The MITRE Corporation
>
> 782-271-3103
>
> aanganes at mitre.org <mailto:aanganes at mitre.org>
>
>
>
> _______________________________________________
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-ab

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20120509/bc394e06/attachment.html>