[OAUTH-WG] OAuth 2 flow diagrams

"Anganes, Amanda L" <aanganes@mitre.org> Fri, 03 February 2012 14:24 UTC

Return-Path: <aanganes@mitre.org>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id 85F3521F84F8 for <oauth@ietfa.amsl.com>; Fri, 3 Feb 2012 06:24:25 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.598
X-Spam-Status: No, score=-6.598 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id paFo8Ebf8Qbc for <oauth@ietfa.amsl.com>; Fri, 3 Feb 2012 06:24:24 -0800 (PST)
Received: from smtpksrv1.mitre.org (smtpksrv1.mitre.org []) by ietfa.amsl.com (Postfix) with ESMTP id 3782E21F84E2 for <oauth@ietf.org>; Fri, 3 Feb 2012 06:24:24 -0800 (PST)
Received: from smtpksrv1.mitre.org (localhost.localdomain []) by localhost (Postfix) with SMTP id 86B2A21B040D for <oauth@ietf.org>; Fri, 3 Feb 2012 09:24:23 -0500 (EST)
Received: from IMCCAS03.MITRE.ORG (imccas03.mitre.org []) by smtpksrv1.mitre.org (Postfix) with ESMTP id 70F3D21B03E2 for <oauth@ietf.org>; Fri, 3 Feb 2012 09:24:23 -0500 (EST)
Received: from IMCMBX04.MITRE.ORG ([]) by IMCCAS03.MITRE.ORG ([]) with mapi id 14.01.0339.001; Fri, 3 Feb 2012 09:24:23 -0500
From: "Anganes, Amanda L" <aanganes@mitre.org>
To: "oauth@ietf.org" <oauth@ietf.org>
Thread-Topic: OAuth 2 flow diagrams
Thread-Index: Aczif4PCcrk7k9BXRael3a751ffYQA==
Date: Fri, 03 Feb 2012 14:24:22 +0000
Message-ID: <B61A05DAABADEA4EA2F19424825286FA181D05DF@IMCMBX04.MITRE.ORG>
Accept-Language: en-US
Content-Language: en-US
x-originating-ip: []
Content-Type: multipart/alternative; boundary="_000_B61A05DAABADEA4EA2F19424825286FA181D05DFIMCMBX04MITREOR_"
MIME-Version: 1.0
Subject: [OAUTH-WG] OAuth 2 flow diagrams
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 03 Feb 2012 14:24:25 -0000


I've developed a set of flow diagrams for the OAuth 2.0 spec, with separate diagrams for the Access Code, Implicit Grant, Resource Owner Password Credentials, and the Client Credentials flows. These were inspired by the diagrams for 1.0 and 1.0a that Idan Gazit posted in http://www.ietf.org/mail-archive/web/oauth/current/msg00696.html, which Justin Richer pointed me to when I first started trying to read and understand the OAuth2.0 spec. I find these types of diagrams to be incredibly useful, so I updated them again to (hopefully) reflect the 2.0 spec.

I'd appreciate any comments/corrections. If anyone finds the diagrams to be useful, please feel free to rehost or reference them.



Amanda Anganes
Info Sys Engineer, G061
The MITRE Corporation