Skip to main content

Architecture Overview

The “Login with Mubarokah ID” service utilizes the OAuth 2.0 Authorization Code Grant flow, which is a robust and secure method for third-party application authentication.

System Components

The architecture involves several key components:
ComponentPurposeTechnology Stack (Example)
User (Resource Owner)The individual who owns the Mubarokah ID account.-
Your Application (Client)The application requesting access to user data.Any Framework/Language
Mubarokah ID Authorization ServerIssues access tokens after successful authentication and consent.OAuth Server
Mubarokah ID Resource ServerHosts the protected user data APIs.Laravel API
User DatabaseStores Mubarokah ID user information securely.MySQL/PostgreSQL

OAuth 2.0 Authorization Code Flow

The following sequence diagram illustrates the interaction between these components during the Authorization Code Grant flow: Key Steps Explained:
  1. Initiation: The user starts the login process in your application.
  2. Authorization Request: Your application redirects the user to the Mubarokah ID Authorization Server.
  3. User Authentication: The user logs in with their Mubarokah ID credentials.
  4. User Consent: The user approves the permissions (scopes) your application is requesting.
  5. Authorization Code Issued: The Authorization Server redirects the user back to your application with an authorization code.
  6. Code Delivery: The browser delivers the authorization code to your application’s specified redirect URI.
  7. Token Exchange: Your application’s backend securely exchanges the authorization code for an access token (and optionally a refresh token) by making a POST request to the Token Endpoint. This step requires client authentication (client ID and client secret).
  8. Tokens Issued: The Authorization Server validates the request and issues the tokens.
  9. API Request: Your application uses the access token to request protected resources (e.g., user information) from the Resource Server.
  10. Token Validation: The Resource Server validates the access token and checks if it has the necessary scopes for the requested resource.
  11. Resource Returned: If the token is valid, the Resource Server returns the requested data.
  12. User Logged In: Your application processes the user data and logs the user in.