OAuth 2.0 protocol

TODO: drop puml

@startuml
title Use OAuth for a remote identity
actor "Authenticated user" as user
participant "Client" as client
participant "Backend" as backend
participant "OAuth server" as oauth

user -> client: click add <protocol>
client -> backend: POST  /api/v2/identities/remotes { status: "active", … }

backend -> client: 201

client -> backend: GET /api/v2/identities/<identity_id>
backend -> client: 200\n { info: { authorization_popup_url:  <xxx> } }

client -> user: open popup
user -> oauth: (popup) GET <authorization_popup_url>

oauth -> oauth: authorize

oauth -> user: 302 to <oauth_callback>
user -> backend: GET <oauth_callback>

backend -> oauth: exchange Token
oauth -> backend: token response
backend -> user: 200
user -> user: auto-close popup

backend -> client: notify success
client -> user: display "connected"
@enduml