title Obtaining Facebook OAuth Access Token

participant "User's Browser"
participant "XDI2 Web Interface"
participant "Facebook OAuth Service"
participant "XDI2 Server"
User's Browser->XDI2 Web Interface: Open Web Interface
activate "XDI2 Web Interface"
note right of "XDI2 Web Interface": User wishes to\nassociate XDI2 Server\nwith Facebook account
XDI2 Web Interface->User's Browser: Redirect to Authorization Endpoint URL (with client_id and scope)
deactivate "XDI2 Web Interface"
User's Browser->Facebook OAuth Service: Open Authorization Endpoint URL (with client_id and scope)
activate "Facebook OAuth Service"
note right of "Facebook OAuth Service": User reviews and\napproves permissions.
note right of "Facebook OAuth Service": OAuth authorization\ncode is issued.
Facebook OAuth Service->User's Browser: Redirect to Callback URL (with authorization code)
deactivate "Facebook OAuth Service"
User's Browser->XDI2 Web Interface: Open Callback URL (with authorization code)
XDI2 Web Interface->Facebook OAuth Service: POST to Token Endpoint URL
activate "Facebook OAuth Service"
note right of "Facebook OAuth Service": OAuth access token\nis issued.
Facebook OAuth Service->XDI2 Web Interface: POST Response (with access token)
deactivate "Facebook OAuth Service"
XDI2 Web Interface->XDI2 Server: XDI $add Request to store access token
activate "XDI2 Server"
note right of "XDI2 Server": OAuth access token\nis stored in user's graph.
XDI2 Server->XDI2 Web Interface: XDI Response
deactivate "XDI2 Server"
XDI2 Web Interface->User's Browser: Display Confirmation Page