deblan-mirror/abraunegg-onedrive
deblan-mirror/abraunegg-onedrive
1
0
Fork 0
mirror of https://github.com/abraunegg/onedrive synced 2024-06-28 02:10:15 +02:00
Code Issues Projects Releases Wiki Activity
abraunegg-onedrive/docs/puml/onedrive_windows_ad_authentication.puml
abraunegg 8976f16ce6 Add PUML 
* Add PUML
2024-02-03 10:10:35 +11:00

60 lines
3.2 KiB
Plaintext
Raw Blame History

@startuml
participant "Microsoft Windows OneDrive Client"
participant "Azure Active Directory\n(Active Directory)\n(login.microsoftonline.com)" as AzureAD
participant "Microsoft OneDrive\nAuthentication Service\n(login.microsoftonline.com)" as AuthServer
participant "User's Device (for MFA)" as UserDevice
participant "Microsoft Graph API\n(graph.microsoft.com)" as GraphAPI
participant "Microsoft OneDrive"
"Microsoft Windows OneDrive Client" -> AzureAD: Request Authorization\n(Client Credentials, Scopes)
AzureAD -> AuthServer: Validate Credentials\n(Forward Request)
AuthServer -> AzureAD: Provide Authorization Code
AzureAD -> "Microsoft Windows OneDrive Client": Provide Authorization Code (via AzureAD)
"Microsoft Windows OneDrive Client" -> AzureAD: Request Access Token\n(Authorization Code, Client Credentials)
AzureAD -> AuthServer: Request Access Token\n(Authorization Code, Forwarded Credentials)
AuthServer -> AzureAD: Return Access Token\n(and Refresh Token)
AzureAD -> "Microsoft Windows OneDrive Client": Return Access Token\n(and Refresh Token) (via AzureAD)
alt MFA Enabled
AzureAD -> UserDevice: Trigger MFA Challenge
UserDevice -> AzureAD: Provide MFA Verification
AzureAD -> "Microsoft Windows OneDrive Client": Return Access Token\n(and Refresh Token) (Post MFA)
"Microsoft Windows OneDrive Client" -> GraphAPI: Request Microsoft OneDrive Data\n(Access Token)
loop Token Expiry Check
"Microsoft Windows OneDrive Client" -> AzureAD: Is Access Token Expired?
AzureAD -> AuthServer: Validate Token Expiry
alt Token Expired
"Microsoft Windows OneDrive Client" -> AzureAD: Request New Access Token\n(Refresh Token)
AzureAD -> AuthServer: Request New Access Token\n(Refresh Token)
AuthServer -> AzureAD: Return New Access Token
AzureAD -> "Microsoft Windows OneDrive Client": Return New Access Token (via AzureAD)
else Token Valid
GraphAPI -> "Microsoft OneDrive": Retrieve Data
"Microsoft OneDrive" -> GraphAPI: Return Data
GraphAPI -> "Microsoft Windows OneDrive Client": Provide Data
end
end
else MFA Not Required
AzureAD -> "Microsoft Windows OneDrive Client": Return Access Token\n(and Refresh Token) (Direct)
"Microsoft Windows OneDrive Client" -> GraphAPI: Request Microsoft OneDrive Data\n(Access Token)
loop Token Expiry Check
"Microsoft Windows OneDrive Client" -> AzureAD: Is Access Token Expired?
AzureAD -> AuthServer: Validate Token Expiry
alt Token Expired
"Microsoft Windows OneDrive Client" -> AzureAD: Request New Access Token\n(Refresh Token)
AzureAD -> AuthServer: Request New Access Token\n(Refresh Token)
AuthServer -> AzureAD: Return New Access Token
AzureAD -> "Microsoft Windows OneDrive Client": Return New Access Token (via AzureAD)
else Token Valid
GraphAPI -> "Microsoft OneDrive": Retrieve Data
"Microsoft OneDrive" -> GraphAPI: Return Data
GraphAPI -> "Microsoft Windows OneDrive Client": Provide Data
end
end
else MFA Failed or Other Auth Error
AzureAD -> "Microsoft Windows OneDrive Client": Error Message (e.g., Invalid Credentials, MFA Failure)
end
@enduml
Reference in a new issue View git blame Copy permalink