Sequence diagram: OAuth 2.0 flow
UML sequence diagram of the authorisation code flow with PKCE, including error handling alt fragments.
The prompt
Sequence diagram for OAuth 2.0 authorisation code flow with PKCE. Participants: User (browser), Client (web app), Authorisation Server, Resource Server. The user clicks Login. Client generates a code_verifier, derives a code_challenge, and redirects to the Authorisation Server with client_id, redirect_uri, and code_challenge. Authorisation Server prompts the user to log in and consent. After consent, Authorisation Server redirects back to Client with an authorisation code. Client exchanges the code plus the original code_verifier for an access token via a back-channel POST. Client uses the token to call Resource Server. Add an alt fragment for the case where the user denies consent. Add a loop fragment for token refresh.
What it generates
A UML sequence diagram with lifelines, activations, sync and async messages, and alt/loop fragments for error and refresh paths.
When to use it
For documenting any auth flow — sequence diagrams are the most effective way to show who calls whom in what order with what fallbacks.
Generate this diagram in seconds
Copy the prompt above, sign in for free, and paste it into the generator.
Related software architecture templates
C4 System Context diagram
Level-1 C4 diagram showing the system, its users, and the external systems it depends on.
ER diagram: e-commerce data model
Entity-relationship diagram for an e-commerce platform with crow's foot notation, primary/foreign keys, and join tables.
Data flow diagram: e-commerce (Level 0)
Level-0 DFD (context diagram) for an e-commerce ordering system with external entities and bidirectional data flows.