Encipher API Authorization Flow

The diagram below illustrates the entire authentication process, read left to right and top to bottom.

sequenceDiagram
  web-browser->>+ivsvc-caddy: /auth/login
  ivsvc-caddy->>-web-browser: html using <sk-login-select>

  web-browser->>+ivc-auth: /api/auth/start
  ivc-auth->>+ivsvc-dexidp: start authentication flow
  ivsvc-dexidp->>-ivc-auth: authentication url
  ivc-auth->>-web-browser: JSON response

  web-browser->>+ivsvc-dexidp: /dex/auth?...
  ivsvc-dexidp->>-web-browser: redirect to OpenID Connect provider (OIDC)
  
  web-browser->>+OIDC Provider: OIDC authenticate flow with Google, LinkedIn, Auth0, Okta, or other spec-compliant provider
  OIDC Provider->>-web-browser: redirect to /dex/callback?...

  web-browser->>+ivsvc-dexidp: /dex/callback?...
  ivsvc-dexidp->>-web-browser: redirect to /login/cb.html?code=...&state=...

  web-browser->>ivsvc-caddy: /login/cb.html?code=...&state=...

  web-browser->>+ivc-auth: /api/auth/cb?code=...&state=...
  ivc-auth->>+ivsvc-dexidp: validate code and state
  ivsvc-dexidp->>-ivc-auth: approve or reject login
  ivc-auth->>-web-browser: JSON response with cookies

  web-browser->>ivc-zsession: start ZSession with /api/zs/conn

Navigation:

• Go back home.