README

README.md

@@ -21,7 +21,7 @@ This assumes you are using the GDS dev environment and so have python and mongo
 create a new virtualenv, install all dependencies and run the tests.
 2. ```source venv/bin/activate``` to enable the virtualenv.
 
-##Testing single signon integration on dev
+##Testing single sign on integration on dev
 
 - Clone the signonotron2 project https://github.com/alphagov/signonotron2
 - Use the rake tasks (`bundle exec rake -T` to list them) in order to create:
@@ -30,3 +30,14 @@ create a new virtualenv, install all dependencies and run the tests.
 - Start backdrop_write and signon
 - Visit `www.dev.gov.uk:3039/_user/sign_in`
 
+##Oauth Flow
+
+This is the oauth flow we are using to authenticate users with Signonotron2
+
+1. **GET** `/_user/sign_in` redirects user to signonotron2 asking them to give backdrop permission to see their data
+2. User signs in allowing backdrop to see their data
+3. **GET** (redirected from signonotron) `/_user/authorized?code=blahblahblah` 
+    - **POST** (to signonotron) `/oauth/token` exchanges authorization code for access token so backdrop can query users data
+    - **GET** (to signonotron) `/user.json` uses access token to get user data and see if they have permissions to sign in to backdrop
+4. User is now signed in
+