From 999419d904202c9311c8698c6d9ec38c905cc97b Mon Sep 17 00:00:00 2001 From: Justin Bingham Date: Fri, 5 Apr 2019 22:57:01 -0400 Subject: [PATCH] Remove trusted app reference --- application-workflow.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/application-workflow.md b/application-workflow.md index c26b41f..c45b793 100644 --- a/application-workflow.md +++ b/application-workflow.md @@ -18,7 +18,7 @@ In this example, Alice is already logged into her identity provider (e.g. via so 4. `decentphotos.example` (RP) reacts to the 'Connect' button being clicked by responding with a redirect. This redirect sends Alice's browser to the authorization endpoint at `alice.example` because it is her IdP, including in the request a client_id of the DecentPhotos application/agent WebID (`https://decentphotos.example/appid#this`). 5. Alice’s browser makes the request to the redirect URL (which is the authorization endpoint at IdP), identifying itself by the application WebID (client_id), and also passing along an optional scope and the redirect_uri, which is a callback to `decentphotos.example`, to be used after Alice has proved she has control of `alice.example` (RS) 6. Because Alice is already logged in at her IdP, she doesn’t need to enter her username and password again (she’s already got a token proving she is THE ALICE). -7. The authorization endpoint at `alice.example` (IdP) asks Alice if she wants to authorize DecentPhotos (RP) to access her Pod at a given scope. She has the ability here to further narrow this to only a subset of her photo library if she likes. Upon her confirmation here, DecentPhotos will be added as a trusted application in her WebID Profile, identified by its application/agent WebID (`https://decentphotos.example/appid#this`), and Alice's private photos folder at `https://alice.example/pics/private` will have its ACL updated to allow DecentPhotos (RP), identified by `https://decentphotos.example/appid#this`, read/write access to that folder and its contents. +7. The authorization endpoint at `alice.example` (IdP) asks Alice if she wants to authorize DecentPhotos (RP) to access her Pod at a given scope. She has the ability here to further narrow this to only a subset of her photo library if she likes. Upon her confirmation here, DecentPhotos will be authorized to access Alice's private photos folder at `https://alice.example/pics/private`, and will have its ACL updated to allow DecentPhotos (RP), identified by `https://decentphotos.example/appid#this`, read/write access to that folder and its contents. 8. Alice submits this and is sent (redirected) to the redirect_uri / callback which was provided by DecentPhotos (RP) in Step #5, along with an authorization code. Alice's browser now makes a new GET request to `decentphotos.example` (RP), with that authorization code included. 9. DecentPhotos makes a request to the IdP’s token endpoint with the authorization code, and receives a token in the response (assuming it all checks out) like: ```