diff --git a/vignettes/articles/images/shiny_app_oauth_handlers_and_flow.png b/vignettes/articles/images/shiny_app_oauth_handlers_and_flow.png
new file mode 100644
index 00000000..391ff810
Binary files /dev/null and b/vignettes/articles/images/shiny_app_oauth_handlers_and_flow.png differ
diff --git a/vignettes/articles/shiny.Rmd b/vignettes/articles/shiny.Rmd
index 49b9e220..7dbd3fb2 100644
--- a/vignettes/articles/shiny.Rmd
+++ b/vignettes/articles/shiny.Rmd
@@ -235,6 +235,10 @@ Shiny Server is not compatible with Shiny OAuth apps because it
 which are essential for maintaining authentication.
 
 ## Understanding the OAuth Flow in Shiny with httr2
+The OAuth flow is triggered by http handlers which listen to login, logout 
+and callback endpoints as shown in the following figure:
+
+![](images/shiny_app_oauth_handlers_and_flow.png)
 
 ### Step 0: User visits a Shiny OAuth App
 When a user accesses the app, `oauth_shiny_app()` checks for an existing