14. OAuth
Spark
Service
Customer IdP
Access Service
Common IdentityCisco Spark
Spark
Thick Client
Embedded
Browser
Redirect to Authorization Service’
Provides SAML cookie and UID to OAuth Service
AuthZ URL
Redirect to the AuthN
SAML GET
Authentication request
Authentication Provided
SAML POST with uid and IdP cookie
POST SAML Assertion
Redirect to the Oauth Service with SAML cookie and UID of the user
Identity Broker
Send back OAuth Token
Access_token
Access to the Spark Service
Authz URL
AuthN Request
Provide IdP URL for SAML Exchange
Validates Assertion
and create the
SAML SP cookie
Verifies Entitlement and Scope for the user and
generate OAuth Token