User login, selects scope (Accounts and Sas and Date Range and confirm Start at Third Party as per PG&E Third Party Data Custodian Login to Third Party Successful Login Select Data Custodian 302 DC {authorizationServerAuthorizationEndpoint} User login, selects scope (Accounts and Sas and Date Range and confirm Code request {authorizationServerAuthorizationEndpoint} 302 TP {redirect_uri} with authorization code {redirect_uri} with authorization code {authorizationServerTokenEndpoint} with authorization code DC returns access_token, authorizationUri, resourceUri
User login, selects scope (Accounts and Sas and Date Range and confirm Start at Data Custodian as per PG&E Third Party Data Custodian Login to DC Successful Login Select TP 302 TP {home screen} TP {home screen request} 302 TP login TP login 302 TP {authorizationServerAuthorizationEndpoint} User login, selects scope (Accounts and Sas and Date Range and confirm Code request {authorizationServerAuthorizationEndpoint} 302 TP {redirect_uri} with authorization code {redirect_uri} with authorization code {authorizationServerTokenEndpoint} with authorization code DC returns access_token, authorizationUri, resourceUri
Start at Third Party Proposed Data Custodian User login, selects Data Custodian Start at Third Party 302 DC {dataCustodianScopeSelectionScreenUri}/ThirdPartyId={client_id} User login, selects scope (Accounts and SAs and Date Range and confirm 302 screen request DC {dataCustodianScopeSelectionScreenUri}/ThirdPartyId={client_id} 302 DC {thirdPartyScopeSelectionScreenURI}?scope=xxx&DataCustodianID={dataCustodianId} GET DC {thirdPartyScopeSelectionScreenURI}?scope=xxx&DataCustodianID={dataCustodianId} Third Party / Customer determines acceptable scope Customer has already authorized DC so no stop here, just auto redirect Code request {authorizationServerAuthorizationEndpoint} 302 TP {redirect_uri} with authorization code {redirect_uri} with authorization code {authorizationServerTokenEndpoint} with authorization code DC returns access_token, authorizationUri, resourceUri Dialog with customer Optional dialog with customer
Start at Data Custodian Proposed Third Party Data Custodian User login, selects scope (Accounts and SAs and Date Range and confirm Start at Data Custodian 302 DC {thirdPartyScopeSelectionScreenURI}?scope=xxx&DataCustodianID={dataCustodianId} GET DC {thirdPartyScopeSelectionScreenURI}?scope=xxx&DataCustodianID={dataCustodianId} User Login Third Party / Customer determines acceptable scope 302 DC Code request {authorizationServerAuthorizationEndpoint} Customer has already authorized DC so no stop here, just auto redirect Code request {authorizationServerAuthorizationEndpoint} 302 TP {redirect_uri} with authorization code {redirect_uri} with authorization code {authorizationServerTokenEndpoint} with authorization code DC returns access_token, authorizationUri, resourceUri Dialog with customer Optional dialog with customer