#+STARTUP: showeverything logdone
#+options: num:nil
#+OPTIONS:   H:5 num:t \n:nil @:t ::t |:t ^:nil -:t f:t *:t <:t
#+LaTeX_CLASS: koma-article
#+LaTeX_HEADER: \usepackage{listings}
#+LATEX_HEADER: \setlength{\parskip}{2ex plus 4pt minus 2pt}
#+LATEX_HEADER: \setlength{\parindent}{0pt}
#+LATEX_HEADER: \renewcommand{\baselinestretch}{1.0}
#+LATEX_HEADER: \setlength{\topsep}{-10pt}
#+LATEX_HEADER: \setlength{\partopsep}{0pt}
#+LaTeX_HEADER: \usepackage{xcolor}
#+LaTeX_HEADER: \lstset{
#+LaTeX_HEADER:     basicstyle=\ttfamily,
#+LaTeX_HEADER:     breaklines=true,
#+LaTeX_HEADER:     prebreak=\mbox{\ensuremath{\color{red}\hookleftarrow}},
#+LaTeX_HEADER:     postbreak=\raisebox{0ex}[0ex][0ex]{\ensuremath{\color{red}\hookrightarrow\space}},
#+LaTeX_HEADER:     columns=fullflexible,
#+LaTeX_HEADER:     keepspaces=true
#+LaTeX_HEADER: }
#+LaTeX_CLASS_OPTIONS: [article,letterpaper,times,12pt,listings-bw,microtype]
#+author: Peter Davis
#+title: LaTeX export issue

* Overview

Many applications using the XYZCo API will follow a sequence of operations like this:

** User logs in, establishing identity and access privileges

The login page is invoked via an http request, such as:

#+BEGIN_SRC js
GET http://local.xyzco.com:3000/sample/login
#+END_SRC

In the Sample App, this results in a page showing four buttons:

[[./pd-logo-jelly-small.gif]]

** Login with XYZ

If the user selects "Login with XYZ", the Sample App invokes this URL:

#+BEGIN_SRC
GET http://local.xyzco.com:3000/sample/auth/xyz
#+END_SRC

The response, 302, results in a redirect to a new page prompting for username and password is presented[1]:

#+BEGIN_SRC js
GET http://sandbox.api.xyzco.com:8080/openid-connect/v2/authorize?response_type=code&redirect_uri=http%3A%2F%2Flocal.xyzco.com%3A3000%2Fsample%2Fauth%2Fxyz%2Fcallback&scope=openid&client_id=152ced50-1369-4b19-8b26-8f3d5d9bfd6a.xyzco.com
#+END_SRC

[[./pd-logo-jelly-small.gif]]

Entering a username and password here results in this request:

#+BEGIN_SRC js
POST http://sandbox.api.xyzco.com:8080/openid-connect/j_spring_security_check?response_type=code&redirect_uri=http%3A%2F%2Flocal.xyzco.com%3A3000%2Fsample%2Fauth%2Fxyz%2Fcallback&scope=openid&client_id=152ced50-1369-4b19-8b26-8f3d5d9bfd6a.xyzco.com
#+END_SRC

[[./pd-logo-jelly-small.gif]]

** The application provides security information (e.g., OAuth2 token) to enable access to information

#+BEGIN_SRC js
GET http://sandbox.api.xyzco.com:8080/openid-connect/v2/authorize?response_type=code&redirect_uri=http%3A%2F%2Flocal.xyzco.com%3A3000%2Fsample%2Fauth%2Fxyz%2Fcallback&scope=openid&client_id=152ced50-1369-4b19-8b26-8f3d5d9bfd6a.xyzco.com
#+END_SRC

#+BEGIN_SRC js
GET http://local.xyzco.com:3000/sample/auth/xyz/callback?code=eyJhbGciOiLlif_vla6jwjA ...
#+END_SRC

From this point, the application can present other options to the user.

[1] If the user is not already logged in, he or she will see the login page