Based on the sequence diagram shown below, we will now explain the steps comprising the authentication process with the OAuth 2 protocol.
Please notice the agents take part in the process:
- User agent: the browser of the user starting the authentication process.
- Your server (client app): your application integrated with DRUID.
- DRUID auth service: the authentication and authorisation server of integrated apps.
- DRUID login service: the DRUID server that handles login.
The login flow starts with a user who click on the login link. In this scenario, the integrated app with druid recieves the request and informs the authentication server that it wants to authenticate a user. For this flow the integrated app need to use the authorize call.
The result of the request, if the user is not logged in, would be a redirection to the login page, which will appear in the user’s browser. If the user is logged in and have authorized access to your application, it would redirect directly to the step 3.
The server checks that the entry parameters are correct, and after that, responds with a login screen so that the user can enter their username and code (or any other authentication credential) to prove they are who they say they are.
Once the user is correctly authenticated, the OAuth server sends back the control of the User-Agent through a GET http request to the URL that received in Step 1. The server will add the code parameter to the http request. After that, your integrated app must get the code parameter recieved, and after that send a POST request to the OAuth server in order to obtain an access token. For this call you will need to see Obtain access token from code call.