NG Flow

Propuesta NG-Flow, soporte para render nativos

sequenceDiagram
  autonumber
  participant Usuario
  participant Relying Party
  participant Hydra Public
  participant FrontSPA
  participant Hydra GW
  participant Hydra Admin
  participant Identity
  participant Channels
  participant IDP
  participant Audit
  Usuario->>+Relying Party: Intento de Login
  Relying Party-->>-Usuario: Login link
  Usuario->>Usuario: Click link
  Usuario->>+Hydra Public: Login request
  Hydra Public-->>-Usuario: 302 FrontSPA url
  Usuario->>+FrontSPA: request + Login Challenge
  FrontSPA->>+Hydra GW: Login Challenge
  Hydra GW->>+Hydra Admin: GET loginChallenge
  Hydra Admin-->>-Hydra GW: Full loginContext
  Hydra GW-->>-FrontSPA: Redacted loginContext
  FrontSPA-->>-Usuario: Render Subject Request
  Usuario->>+FrontSPA: Submit Subject
  FrontSPA->>+Hydra GW: Login Challenge+Sub
  Hydra GW->>+Hydra Admin: GET loginChallenge
  Hydra Admin-->>-Hydra GW: Full loginContext
  Hydra GW->>+Hydra Public: ClientCredential Flow
  Hydra Public-->>-Hydra GW: ClientCredential Token
  Hydra GW->>+Identity: Get Data
  Identity-->>-Hydra GW: Available Data
  Hydra GW-->>-FrontSPA: Available Data
  FrontSPA-->>-Usuario: Render Evidence Request
  Usuario->>+FrontSPA: Submit Evidence
  FrontSPA->>+Identity: Submit Evidence
  Identity-->>-FrontSPA: EV Reference
  FrontSPA->>+Hydra GW: Login Challenge+Sub+EV Reference
  Hydra GW->>+Identity: Validate EV Reference
  Identity-->>-Hydra GW: OK! (JWT?)
  Hydra GW->>+Hydra Public: ClientCredential Flow
  Hydra Public-->>-Hydra GW: ClientCredential Token
  Hydra GW->>+Channels: Get Channels
  Channels-->>-Hydra GW: Channels
  Hydra GW-->>-FrontSPA: Channels Data
  FrontSPA-->>-Usuario: Render ask for Channel
  Usuario->>+FrontSPA: Submit Channel
  FrontSPA->>+Hydra GW: Submit Channel
  Hydra GW->>+Channels: Submit Channel
  Channels-->>-Hydra GW: Success
  Hydra GW->>+Hydra Admin: Accept LoginChallenge
  Hydra Admin-->>-Hydra GW: Consent URL
  Hydra GW-->>-FrontSPA: Consent URL
  FrontSPA-->>-Usuario: 302 Consent URL
  Usuario->>+FrontSPA: request + Consent Challenge
  FrontSPA->>+Hydra GW: Consent Challenge
  Hydra GW->>+Hydra Admin: GET consentChallenge
  Hydra Admin-->>-Hydra GW: Full consentContext
  Hydra GW-->>-FrontSPA: Redacted consentContext
  FrontSPA-->>-Usuario: Render Consent Request
  Usuario->>+FrontSPA: Submit Consent
  FrontSPA->>+Hydra GW: Accept Consent
  Hydra GW->>+Hydra Public: ClientCredential Flow
  Hydra Public-->>-Hydra GW: ClientCredential Token
  Hydra GW->>+IDP: GetProfile
  IDP-->>-Hydra GW: Profile
  Hydra GW->>+Hydra Public: ClientCredential Flow
  Hydra Public-->>-Hydra GW: ClientCredential Token
  Hydra GW->>+Audit: Create Audit
  Audit-->>-Hydra GW: Audit Number
  Hydra GW->>+Hydra Admin: Accept ConsentChallenge
  Hydra Admin-->>-Hydra GW: Relying Party Callback URL
  Hydra GW-->>-FrontSPA: Relying Party Callback URL
  FrontSPA-->>-Usuario: 302 Relying Party Callback url
  Usuario->>+Relying Party: Callback+code
  Relying Party->>+Hydra Public: Token Exchange
  Hydra Public-->>-Relying Party: Tokens
  Relying Party-->>-Usuario: SUCCESS!