Swimlanes.io is a free webapp for making sequence diagrams. You simply edit the text on the left and the diagram is updated in real time. You can download your sequence diagrams as images or distribute with a link.
title: Auth Proxy - Login // Note: dashed lines represent unauthenticated calls, solid lines indicate the user was authenticated. Browser --> Proxy: `example.com` Proxy --> Backend App: `example.com` note: The proxy forwards normal requests to the backend app. Backend App --> Proxy: HTML response note: The HTML response contains link(s) to allow a user to login. Proxy --> Browser : HTML response ...: User chooses to login Browser --> Proxy: `example.com/.auth/login` note: The proxy intercepts the login request at a known endpoint. Proxy --> Browser: Redirect to IdP Browser --> IdP: Authenticate user ...: The complete authentication process could involve multiple steps, for example to perform multi-factor authentication if required by the IdP. IdP -> Browser: User was authenticated Browser -> Proxy: `example.com/.auth/login/callback` note: The proxy intercepts the authentication information which the IdP sent back to the app. Proxy -> Proxy: Perform protocol-specific work note: For example, exchange OAuth 2.0 authorization code for ID and access tokens. Proxy -> Proxy: Establish a session for the user note: The proxy sets a session (authentication) cookie on the response for subsequent requests. Proxy -> Browser: Redirect to post-login return URL Browser -> Proxy: `example.com` note: The request contains the session cookie with authentication information. Proxy -> Proxy: Validate session cookie and set headers for backend app Proxy -> Backend App: `example.com` note: The proxy removes the session cookie from the request and injects an authorization header with a JWT token containing all relevant information for the backend app (regardless of the IdP or protocol being used). The backend app only needs to use standard JWT middleware or libraries to authenticate the user, and never has to deal with identity protocols, login flows, sessions, etc. Backend App -> Proxy: HTML response Proxy -> Browser: HTML response