-
-
Notifications
You must be signed in to change notification settings - Fork 0
Process Flows
Dick Davis edited this page Jan 21, 2026
·
1 revision
This section documents the OAuth 2.1 process flows supported by TokenAuthority, including sequence diagrams and endpoint specifications.
These flows handle user authorization and token issuance:
- Authorization Code Grant - The initial OAuth flow where a user authorizes a client and receives an authorization code
- Authorization Code Redemption - Exchanging an authorization code for access and refresh tokens
These flows handle ongoing token lifecycle:
- Token Refresh - Using a refresh token to obtain new access and refresh tokens
- Token Revocation - Invalidating access or refresh tokens
These endpoints allow clients to automatically discover server capabilities:
- Authorization Server Metadata - RFC 8414 well-known endpoint for discovering OAuth endpoints and capabilities
- Protected Resource Metadata - RFC 9728 well-known endpoint for discovering resource-to-authorization-server relationships
These flows handle client identity and registration:
- Dynamic Client Registration - RFC 7591 programmatic client registration without manual intervention
- Client Metadata Documents - Using URL-based client identifiers with automatically fetched metadata
Getting Started
- Installation Guide
- MCP Quickstart
- Configuration Reference
- User Authentication
- Protecting API Endpoints
- Customizing Views
- Event Logging
- Instrumentation
Process Flows
- Authorization Code Grant
- Authorization Code Redemption
- Token Refresh
- Token Revocation
- Authorization Server Metadata
- Protected Resource Metadata
- Dynamic Client Registration
- Client Metadata Documents
Development