I'm usually a visual person, hence reading and understanding standards (implementation protocols, etc.) can be quite challenging.
In trying to understand and appreciate OIDC (Open ID Connect) from the OIDC website, I used Astah to model my understanding and summarised by understanding in a couple of diagrams. What was more challenging is that there are several flows in OIDC and each can be slightly different. My goal is to not only understand the protocol, but to appreciate how it is applied in my implementation.
Fortunately, Astah makes it relatively easy for me to create high-level models that might not have any implementation elements. Remember I'm not implementing OIDC protocol and am modeling the flows in order to better understand them. As such, I'm not exactly interested in creating UML Classes, writing Operations, Attributes, Associations, etc., other than what is instrumental in creating the desired diagrams.
Some of the Sequence Diagrams are here:
 |
Authorization Code Flow (with PKCE)
|
 |
| Authorization Code Flow |
 |
| Implicit Grant Flow |
 |
| Hybrid Flow |
Even more interestingly, what I'm implementing is a Broker Architecture rather than a direct Application-to-IDP (ID provider) integration, I.e., I have an OIDC-compliant broker to "proxy" the OIDC protocol with the IDP.
The Interaction Diagrams look like this:
 |
| Normal OIDC Interaction Diagram |
 |
| Broker-Architecture OIDC Interaction Diagram |
Comments