Enhance PlantUML diagram with detailed request parameters and update …

…DPoP token generation; add OpenTelemetry example JSON for tracing
gematik · Dec 12, 2024 · 34aa461 · 34aa461
1 parent 600a7fc
commit 34aa461
Show file tree

Hide file tree

Showing 2 changed files with 119 additions and 5 deletions.
diff --git a/src/examples/tmp/open_telemetry_example.json b/src/examples/tmp/open_telemetry_example.json
@@ -0,0 +1,113 @@
+[
+    {
+      "traceId": "4bf92f3577b34da6a3ce929d0e0e4736",
+      "spanId": "00f067aa0ba902b7",
+      "parentSpanId": null,
+      "name": "HTTP GET /api/users",
+      "kind": "SERVER",
+      "startTimeUnixNano": "1678886400000000000",
+      "endTimeUnixNano": "1678886400150000000",
+      "attributes": {
+        "http.method": "GET",
+        "http.url": "https://api.example.com/api/users",
+        "http.target": "/api/users",
+        "http.host": "api.example.com",
+        "http.scheme": "https",
+        "http.status_code": 200,
+        "http.response_content_length": "1234",
+        "net.peer.ip": "192.168.1.10",
+        "net.peer.port": "443"
+      },
+      "status": {
+        "code": "OK"
+      }
+    },
+    {
+      "traceId": "4bf92f3577b34da6a3ce929d0e0e4736",
+      "spanId": "74755584d576b4d9",
+      "parentSpanId": "00f067aa0ba902b7",
+      "name": "HTTP GET /api/users/123",
+      "kind": "CLIENT",
+      "startTimeUnixNano": "1678886400050000000",
+      "endTimeUnixNano": "1678886400100000000",
+      "attributes": {
+        "http.method": "GET",
+        "http.url": "https://internal-api/api/users/123",
+        "http.target": "/api/users/123",
+        "http.host": "internal-api",
+        "http.scheme": "https",
+        "http.status_code": 200,
+        "http.response_content_length": "256",
+        "net.peer.ip": "10.0.0.5",
+        "net.peer.port": "8080"
+      },
+      "status": {
+        "code": "OK"
+      }
+    },
+    {
+      "traceId": "8a3c60f7d4dff4d6b2f9f8e7d8d7c8f7",
+      "spanId": "245fa4b9655567cd",
+      "parentSpanId": null,
+      "name": "HTTP POST /api/orders",
+      "kind": "SERVER",
+      "startTimeUnixNano": "1678886401000000000",
+      "endTimeUnixNano": "1678886401500000000",
+      "attributes": {
+        "http.method": "POST",
+        "http.url": "https://api.example.com/api/orders",
+        "http.target": "/api/orders",
+        "http.host": "api.example.com",
+        "http.scheme": "https",
+        "http.status_code": 201,
+        "http.request_content_length": "567",
+        "net.peer.ip": "192.168.1.20",
+        "net.peer.port": "443"
+      },
+      "status": {
+        "code": "OK"
+      }
+    },
+    {
+      "traceId": "8a3c60f7d4dff4d6b2f9f8e7d8d7c8f7",
+      "spanId": "195ee4b965556711",
+      "parentSpanId": "245fa4b9655567cd",
+      "name": "database.query",
+      "kind": "CLIENT",
+      "startTimeUnixNano": "1678886401100000000",
+      "endTimeUnixNano": "1678886401400000000",
+      "attributes": {
+        "db.system": "postgresql",
+        "db.statement": "INSERT INTO orders (user_id, product_id) VALUES ($1, $2)",
+        "net.peer.ip": "10.0.0.10",
+        "net.peer.port": "5432"
+      },
+      "status": {
+        "code": "OK"
+      }
+    },
+    {
+      "traceId": "f4a7b8c9d0e1f23456789abcdef01234",
+      "spanId": "c3d4e5f6a7b89012",
+      "parentSpanId": null,
+      "name": "HTTP GET /api/products/99",
+      "kind": "SERVER",
+      "startTimeUnixNano": "1678886402000000000",
+      "endTimeUnixNano": "1678886402200000000",
+      "attributes": {
+        "http.method": "GET",
+        "http.url": "https://api.example.com/api/products/99",
+        "http.target": "/api/products/99",
+        "http.host": "api.example.com",
+        "http.scheme": "https",
+        "http.status_code": 404,
+        "http.response_content_length": "42",
+        "net.peer.ip": "192.168.1.30",
+        "net.peer.port": "443"
+      },
+      "status": {
+        "code": "ERROR",
+        "message": "Not Found"
+      }
+    }
+  ]
diff --git a/src/plantuml/tmp/native_client_attestation_oidc_and_oauth.puml b/src/plantuml/tmp/native_client_attestation_oidc_and_oauth.puml
@@ -103,7 +103,7 @@ deactivate ASA
 Client -> Client: Generate PKCE\nCode Verifier
 Client -> Client: Generate PKCE\nCode Challenge
 Client -> Client: Generate DPoP Key Pair
-Client -> ASA: PAR Request
+Client -> ASA: PAR Request\n(client_id, redirect_uri, scope, etc., dpop_jkt)
 activate ASA
 note right: Authorization Code Request\n(inkl. DPoP Proof, code_challenge, code_challenge_method, redirect_uri)
 ASA -> ASA: Validate DPoP Proof
@@ -133,22 +133,23 @@ deactivate IDP
     UserAgent -> Client: Redirect with Authorization Code
 deactivate UserAgent
 
+Client -> Client: Generate\nDPoP Proof JWT
 Client -> ASA: Token Request (Authorization Code Grant)
 note right: Enthält Authorization Code, DPoP Proof,\nclient_id, redirect_uri, code_verifier
-ASA -> ASA: Validate Client\nAssertion (JWT)
+ASA -> ASA: Validate\nAuthorization Code
 ASA -> ASA: Validate DPoP Proof
 ASA -> ASA: Validate PKCE\nCode Verifier
-ASA -> PEA: Request Token\nIssuance Decision
+ASA -> PEA: Request Token Issuance Decision
 activate PEA
 note right: AS A sends input data to Policy Engine A\nfor token request
 PEA -> PEA: Evaluate Policy based\non Input Data
-PEA --> ASA: Token Issuance\nDecision (Permit/Deny)
+PEA --> ASA: Token Issuance Decision (Permit/Deny)
 deactivate PEA
     ASA --> Client: Access Token, Refresh Token
 note left: Access Token bound to\nclient's DPoP public key
 deactivate ASA
 
-Client -> Client: Generate DPoP Key Pair
+Client -> Client: Generate DPoP Token
 Client -> PEP_A: Access Protected Resource\n(with Access Token and DPoP Proof)
 activate PEP_A
 PEP_A -> PEP_A: Validate Access Token\nand DPoP Proof