OAuthFlowDiagram

Domain · API Doc

Visual walkthrough of an OAuth 2.0 flow with actors, numbered steps, endpoints, and scopes.

Preview

OAuth 2.0 Flow

Authorization Code

authorizationCode

User

Your App

Auth Server

1User clicks "Sign in"
2Redirect to /authorize
3User grants consent
4Code returned to app
5Exchange code for token

Authorization URL: https://auth.example.com/authorize
Token URL: https://auth.example.com/token

Available scopes

read — Read access
write — Write access

Code

<%- include('modules/domain/api-doc/OAuthFlowDiagram', {
  flow: 'authorizationCode',
  authorizationUrl: 'https://auth.example.com/authorize',
  tokenUrl:         'https://auth.example.com/token',
  scopes: [
    { name: 'read',  description: 'Read access' },
    { name: 'write', description: 'Write access' },
  ]
}) %>

Preview

OAuth 2.0 Flow

Client Credentials

clientCredentials

User

Your App

Auth Server

1App authenticates with client ID + secret
2POST to /token
3Access token returned

Token URL: https://auth.example.com/token

Code

<%- include('modules/domain/api-doc/OAuthFlowDiagram', {
  flow: 'clientCredentials',
  tokenUrl: 'https://auth.example.com/token'
}) %>

<%
  var _flow             = locals.flow             || 'authorizationCode';
  var _authorizationUrl = locals.authorizationUrl || null;
  var _tokenUrl         = locals.tokenUrl         || null;
  var _refreshUrl       = locals.refreshUrl       || null;
  var _scopes           = locals.scopes           || null;
  var _className        = locals.className        || '';

  var flowLabel = {
    authorizationCode: 'Authorization Code',
    implicit:          'Implicit',
    password:          'Password',
    clientCredentials: 'Client Credentials',
  };

  var flowSteps = {
    authorizationCode: [
      'User clicks "Sign in"',
      'Redirect to /authorize',
      'User grants consent',
      'Code returned to app',
      'Exchange code for token',
    ],
    implicit: [
      'User clicks "Sign in"',
      'Redirect to /authorize',
      'Token returned in URL fragment',
    ],
    password: [
      'App collects username + password',
      'POST credentials to /token',
      'Access token returned',
    ],
    clientCredentials: [
      'App authenticates with client ID + secret',
      'POST to /token',
      'Access token returned',
    ],
  };

  var steps = flowSteps[_flow] || [];
  var label = flowLabel[_flow] || _flow;
  var hasEndpoints = !!(_authorizationUrl || _tokenUrl || _refreshUrl);
%>

  
    
      OAuth 2.0 Flow
      <%= label %>
    
    
      
        
      
      <%= _flow %>
    
  

  
    
      
        
      
      User
    
    
    
      
        
      
      Your App
    
    
    
      
        
      
      Auth Server
    
  

  
    <% steps.forEach(function(step, i) { %>
    
      
        <%= i + 1 %>
      
      <%= step %>
    
    <% }); %>
  

  <% if (hasEndpoints) { %>
  
    <% if (_authorizationUrl) { %>
    
      Authorization URL
      <%= _authorizationUrl %>
    
    <% } %>
    <% if (_tokenUrl) { %>
    
      Token URL
      <%= _tokenUrl %>
    
    <% } %>
    <% if (_refreshUrl) { %>
    
      Refresh URL
      <%= _refreshUrl %>
    
    <% } %>
  
  <% } %>

  <% if (_scopes && _scopes.length > 0) { %>
  
    Available scopes
    
      <% _scopes.forEach(function(s) { %>
      
        
        
          <%= s.name %>
          <% if (s.description) { %> — <%= s.description %><% } %>
        
      
      <% }); %>
    
  
  <% } %>

OAuthFlowDiagram

Authorization Code flow

Client Credentials flow