-
Notifications
You must be signed in to change notification settings - Fork 9
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
1 changed file
with
124 additions
and
0 deletions.
There are no files selected for viewing
124 changes: 124 additions & 0 deletions
124
src/plantuml/TI-Messenger-Dienst/Ressourcen/Matrix_OIDC_Login.puml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,124 @@ | ||
| @startuml "Matrix OIDC Login" | ||
| skinparam sequenceMessageAlign direction | ||
| skinparam WrapWidth 300 | ||
| skinparam minClassWidth 150 | ||
| skinparam BoxPadding 1 | ||
| skinparam ParticipantPadding 50 | ||
| skinparam sequenceReferenceHeaderBackgroundColor palegreen | ||
| scale max 2048 width | ||
|
|
||
| skinparam sequence { | ||
| ArrowColor black | ||
| ArrowFontSize 17 | ||
| ActorBorderColor black | ||
| LifeLineBorderColor black | ||
| LifeLineBackgroundColor Gainsboro | ||
|
|
||
| ParticipantBorderColor Motivation | ||
| ParticipantBackgroundColor Motivation | ||
| ParticipantFontSize 20 | ||
| ParticipantFontColor black | ||
| ParticipantBorderColor Black | ||
| ParticipantBackgroundColor MOTIVATION | ||
|
|
||
| ActorBackgroundColor Gainsboro | ||
| ActorFontColor black | ||
| ActorFontSize 20 | ||
| } | ||
|
|
||
| autonumber "<b>(0)" | ||
|
|
||
| actor us as "User" | ||
| box <size:19>Endgerät</size> #WhiteSmoke | ||
| participant app as "Matrix-Web-App\n(Browser)" | ||
| participant au as "Authenticator\ndes sektoralen IDP" | ||
| end box | ||
| participant hs as "Matrix\nHomeserver\n(Relying party für IDP)" | ||
| participant mc as "Webserver der die\nMatrix-Web-App ausliefert\n(Relying party für Homeserver)" | ||
| participant idp as "IDP-Dienst" | ||
|
|
||
| ||| | ||
|
|
||
| us -> app: starte App | ||
|
|
||
| activate app | ||
| app -> mc: Lade Matrix-Web-Client | ||
| activate mc | ||
| mc --> app: Webanwendung | ||
| group #LightGray <size:16>Matrix Protocol ... (Guest Account, Key exchange etc)</size> | ||
| app -> hs:""GET https://homeserver-tim.de/.well-known/matrix/client"" | ||
| activate hs | ||
| hs --> app: 200 OK ... | ||
| ||| | ||
| hnote over app : ... | ||
| ||| | ||
| app -> hs: GET https://matrix-client.homeserver-tim.de/_matrix/client/v3/sync?filter={}&timeout=0&... | ||
| hs --> app: 200 OK ""{...}"" | ||
| ||| | ||
| end 'group | ||
| group #LightGreen <size:16>OIDC Login</size> | ||
| app -> hs: GET https://matrix-client.homeserver-tim.de/_matrix/client/v3/login | ||
| hs --> app: 200 OK ""{"flows":[{"type":"m.login.sso","identity_providers":[""\n\ | ||
| ""{"id":"oidc-sektoraler-idp","name":"Sektoraler-IDP","icon":"mxc://homeserver-tim.de/nsyeLIgzxazZmJadflMAsAWG","brand":"sektoraler-idp"},""\n\ | ||
| ""{"type":"m.login.token"},{"type":"m.login.password"},{"type":"m.login.application_service"}]}"" | ||
| ||| | ||
| opt #LightYellow Registration | ||
| app -> hs: POST https://matrix-client.homeserver-tim.de/_matrix/client/v3/register\n\ | ||
| ""{"initial_device_display_name":"Matrix-Web-App: Firefox auf Windows"}"" | ||
| hs --> app: 401 Unauthorized ""{"session":"iTUHUlcVwyEGhPSwjaharBoI","flows":[""\n\ | ||
| ""{"stages":["m.login.recaptcha","m.login.terms","m.login.email.identity"]}],""\n\ | ||
| """params":{"m.login.recaptcha":{"public_key":"6LcgI54UAAAAABGdGmruw6DdOocFpYVdjYBRe4zb"},""\n\ | ||
| """m.login.terms":{"policies":{"privacy_policy":{"version":"1.0","en":{"name":"Terms and Conditions",""\n\ | ||
| """url":"https://matrix-client.homeserver-tim.de/_matrix/consent?v=1.0"}}}}}}"" | ||
| ||| | ||
| end 'opt | ||
| app -> hs: GET https://matrix-client.homeserver-tim.de/_matrix/client/v3/login/sso/redirect/oidc-sektoraler-idp | ||
| hs --> app: 302 Redirect ""location: https://sektoraler-idp.de/dialog/oauth?response_type=code&""\n\ | ||
| ""client_id=270006787810904&redirect_uri=https%3A%2F%2Fmatrix-client.homeserver-tim.de%2F_synapse%2Fclient%2Foidc%2Fcallback&""\n\ | ||
| ""scope=openid+email&state=ub8idYKc01s8LluOssFIuN3QQzZEoB&nonce=kL3jhzhuSdACVZjkN0B17FebXgqHoi""\n\ | ||
| ""set-cookie: oidc_session=...; Max-Age=3600; Path=_synapse/client/oidc; HttpOnly; Secure; SameSite=None""\n\ | ||
| ""set-cookie: oidc_session_no_samesite=...; Max-Age=3600; Path=/_synapse/client/oidc; HttpOnly""\n\ | ||
| ""synapse-trace-id: 747f9ec899abf541"" | ||
| app -> idp: GET https://github.com/login/oauth/authorize?response_type=code&client_id=f318c77b32dea5117eb3&\n\ | ||
| redirect_uri=https://matrix-client.homeserver-tim.de/_synapse/client/oidc/callback&\n\ | ||
| scope=read:user&state=2Mp3IrxFVlRIRzZrwZjOTyQ60OSF31&nonce=tTheFW69KwzKxYrCnoBPoxrevBuMjb | ||
| idp --> app: 302 Redirect ""location: https://github.com/login?client_id=f318c77b32dea5117eb3&return_to=%2Flogin%2Foauth%2Fauthorize%3F""\n\ | ||
| ""client_id%3Df318c77b32dea5117eb3%26nonce%3DtTheFW69KwzKxYrCnoBPoxrevBuMjb%26redirect_uri%3Dhttps%253A%252F%252Fmatrix-client.homeserver-tim.de%252F""\n\ | ||
| ""_synapse%252Fclient%252Foidc%252Fcallback%26response_type%3Dcode%26scope%3Dread%253Auser%26state%3D2Mp3IrxFVlRIRzZrwZjOTyQ60OSF31""\n\ | ||
| ""set-cookie: _gh_sess=...; path=/; secure; HttpOnly; SameSite=Lax""\n\ | ||
| ""x-github-request-id: 5D12:2A7A:51BB0D3:52DA7BE:6540C256"" | ||
| ||| | ||
| group #LightBlue <size:16>IDP authentication</size> | ||
| app -> idp: GET https://github.com/login/oauth/authorize\n\ | ||
| ""Cookie: _gh_sess=...; dotcom_user=username"" | ||
| activate idp | ||
| idp --> au: Challenge | ||
| activate au | ||
| au -> us: Consent Page | ||
| us --> au: Approval | ||
| au --> idp: Response | ||
| ||| | ||
| deactivate au | ||
| idp --> app: 200 OK HTML ""... <meta http-equiv="refresh" content="0;url=https://matrix-client.homeserver-tim.de/_synapse/client/oidc/callback?code=ac45be5243787b8845f6&""\n\ | ||
| ""state=2Mp3IrxFVlRIRzZrwZjOTyQ60OSF31\" data-url=\"https://matrix-client.homeserver-tim.de/_synapse/client/oidc/callback?code=ac45be5243787b8845f6&""\n\ | ||
| ""state=2Mp3IrxFVlRIRzZrwZjOTyQ60OSF31\""" | ||
| deactivate idp | ||
| end 'group | ||
| app -> hs: GET https://matrix-client.homeserver-tim.de/_synapse/client/oidc/callback?code=ac45be5243787b8845f6&state=2Mp3IrxFVlRIRzZrwZjOTyQ60OSF31 | ||
| hs --> app: 200 OK HTML Consent Page, Zugriff Matrix-Web-App auf Matrix Account\n\ | ||
| ""<a href="https://Matrix-Web-App/?loginToken=syl_RatSwLyrYlyDtjBrRpXH_1Yh7Or" class="primary-button">Continue</a>"" | ||
| app -> mc: GET https://Matrix-Web-App/?loginToken=syl_RatSwLyrYlyDtjBrRpXH_1Yh7Or | ||
| mc --> app: 200 OK HTML ""..."" | ||
| app -> hs: POST https://matrix-client.homeserver-tim.de/_matrix/client/v3/login\n\ | ||
| ""{"token":"syl_RatSwLyrYlyDtjBrRpXH_1Yh7Or",""\n\ | ||
| """initial_device_display_name":"Matrix-Web-App: Firefox on macOS",""\n\ | ||
| """type":"m.login.token"}"" | ||
| hs --> app: 200 OK\n\ | ||
| ""{"user_id":"@username:homeserver-tim.de",""\n\ | ||
| """access_token":"syt_amVuc19naXRodWI_TmVpdQKDakCBEtvgRBGf_33sesF",""\n\ | ||
| """home_server":"homeserver-tim.de",""\n\ | ||
| """device_id":"UGPCVMQKCG",""\n\ | ||
| """well_known":{"m.homeserver":{"base_url":"https://matrix-client.homeserver-tim.de/"}}}"" | ||
|
|
||
| end 'group | ||
| @enduml |