IETF Logo Mail Archive

[OAUTH-WG] OAuth 1.0a flow diagram

Idan Gazit <idan@pixane.com> Wed, 02 December 2009 00:21 UTC

Return-Path: <idan@pixane.com>
X-Original-To: oauth@core3.amsl.com
Delivered-To: oauth@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id F118E28C13D for <oauth@core3.amsl.com>; Tue, 1 Dec 2009 16:21:37 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oJtB9KQVDBx3 for <oauth@core3.amsl.com>; Tue, 1 Dec 2009 16:21:36 -0800 (PST)
Received: from ey-out-2122.google.com (ey-out-2122.google.com [74.125.78.25]) by core3.amsl.com (Postfix) with ESMTP id 92C6828C138 for <oauth@ietf.org>; Tue, 1 Dec 2009 16:21:36 -0800 (PST)
Received: by ey-out-2122.google.com with SMTP id 4so1273228eyf.51 for <oauth@ietf.org>; Tue, 01 Dec 2009 16:21:23 -0800 (PST)
Received: by 10.216.87.194 with SMTP id y44mr2250881wee.204.1259713282675; Tue, 01 Dec 2009 16:21:22 -0800 (PST)
Received: from ?10.0.0.5? (93-173-158-244.bb.netvision.net.il [93.173.158.244]) by mx.google.com with ESMTPS id i35sm1287612gve.11.2009.12.01.16.21.20 (version=TLSv1/SSLv3 cipher=RC4-MD5); Tue, 01 Dec 2009 16:21:21 -0800 (PST)
Message-Id: <42D0D54E-BD07-41E2-A823-F6AD3365D833@pixane.com>
From: Idan Gazit <idan@pixane.com>
To: oauth@ietf.org
Content-Type: text/plain; charset="US-ASCII"; format="flowed"; delsp="yes"
Content-Transfer-Encoding: 7bit
Mime-Version: 1.0 (Apple Message framework v936)
Date: Wed, 02 Dec 2009 02:21:19 +0200
X-Mailer: Apple Mail (2.936)
X-Mailman-Approved-At: Tue, 01 Dec 2009 18:35:42 -0800
Subject: [OAUTH-WG] OAuth 1.0a flow diagram
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 02 Dec 2009 00:23:55 -0000

Hey folks,

I redrew/updated an old diagram (http://documentation.fring.com/images/1/11/Oauth_diagram.png 
) outlining the OAuth authentication flow. The old one didn't reflect  
the changes in 1.0a.

The updated diagrams are here:

http://s3.pixane.com/Oauth_diagram.png
http://s3.pixane.com/Oauth_diagram.pdf

Please feel free to use them, I hereby place them in the public domain.

I was pointed in their direction by Mike Malone, after having looked  
for exactly such a thing (for quite a while). He mentioned that the  
reason it was chucked from the documentation is that it doesn't  
reflect the changes made in the wake of the session fixation attack. I  
took the old diagram, took the spec, and updated as required, with  
some minor changes for legibility and aesthetics.

Speaking as somebody who has tried (and failed) to digest OAuth by  
means of the long and detailed spec, this sort of diagram is extremely  
helpful in getting the "big picture" across. I'm not knocking the need  
for a good spec, but a one-page overview that pulls it all together  
without going into too much detail is sorely missing from the docs.  
This diagram goes a long way towards meeting that need.

Just my $0.02! Thanks for authoring this standard, hope this is useful!

-Idan

v2.23.0 | Report a Bug | By Email