@startuml !pragma teoz true title Client Credentials Flow participant client as "Client" participant nginx as "nginx +\nauth_request" participant vouch as "vouch-proxy" participant oauth as "OAuth-provider" participant service as "Service-provider" note over client Needs: clientId clientSecret scopes end note / note over vouch Configuration includes: OAuth-provider URL /token end note alt first access / token expired client -> nginx : GET /Addressbook nginx -> vouch : GET /validate vouch -> nginx : 401 Unauthorized nginx -> client : 302 /auth <font color=coral><b>url=/Addressbook client -> nginx : GET /auth <font color=coral><b>url=/Addressbook\n<font color=coral><b>+ clientId + clientSecret + scopes nginx -> vouch : GET /auth <font color=coral><b>url=/Addressbook\n<font color=coral><b>+ clientId + clientSecret + scopes note over vouch #aqua: Save redirect vouch -> oauth : GET /token\n<font color=coral><b>+ clientId + clientSecret + scopes oauth -> vouch : 200 <font color=coral><b> token note over vouch #aqua: Return saved redirect vouch -> nginx : 302 /Addressbook\n<font color=blue><b>VouchCookie nginx -> client : 302 /Addressbook\n<font color=blue><b>VouchCookie else all subsequent accesses client -> nginx : GET /Addressbook\n<font color=blue><b>VouchCookie nginx -> vouch : GET /validate\n<font color=blue><b>VouchCookie vouch -> nginx : 200 nginx -> service : GET /Addressbook\n<font color=blue><b>VouchCookie service -> nginx : 200 data nginx -> client : 200 data end @enduml Submit amiga aws-orange black-knight bluegray blueprint cerulean-outline cerulean crt-amber crt-green cyborg-outline cyborg hacker lightgray mars materia-outline materia metal mimeograph minty plain reddress-darkblue reddress-darkgreen reddress-darkorange reddress-darkred reddress-lightblue reddress-lightgreen reddress-lightorange reddress-lightred sandstone silver sketchy-outline sketchy spacelab spacelab-white superhero-outline superhero toy united vibrant       🎉 Discover the future PlantUML Web Editor! 🚀  PNG  SVG  ASCII Art