Authentication Mermaid Diagrams — Free Examples

Authentication and authorization are the gatekeepers of every modern application. Whether you're implementing a simple username/password flow or a complex federated identity system spanning multiple services, understanding the underlying protocols prevents security vulnerabilities and reduces integration friction.

This collection covers the full spectrum of auth patterns developers encounter. The delegation-focused flows begin with OAuth2 Authorization Code Flow — the standard for user-facing apps — and OAuth2 Client Credentials Flow for machine-to-machine communication. OpenID Connect Flow layers identity on top of OAuth2, while SAML Authentication Flow covers the enterprise SSO standard still prevalent in large organizations.

Token mechanics are examined in depth: JWT Authentication Flow shows how stateless tokens are issued and verified, and Refresh Token Rotation explains the security strategy for long-lived sessions. Access control models including RBAC Authorization Model and ABAC Authorization Model show how permissions are structured and evaluated. Usability-focused patterns like Magic Link Login, Two Factor Authentication, and Device Login Flow round out the collection. Every diagram is free to edit and export directly in Graphlet.

Frequently asked questions

This collection covers 20 distinct patterns spanning delegation protocols (OAuth2, OIDC, SAML), token mechanics (JWT, refresh rotation, revocation), access control models (RBAC, ABAC), and user-facing flows (2FA, magic links, social login, device login). Each diagram is interactive and editable in Graphlet.

If you are building a user-facing web application, start with the OAuth2 Authorization Code Flow — it is the foundation most other patterns build upon. For microservice APIs with no user interaction, start with OAuth2 Client Credentials Flow. For understanding token structure, begin with JWT Authentication Flow.

Yes. Each diagram is a Mermaid source file you can embed in Markdown documentation, export as SVG or PNG, or open in Graphlet to customise. They are designed to communicate real protocol mechanics accurately, not just illustrate concepts at a high level.

Authentication answers "who are you?" — it verifies identity through credentials, tokens, or assertions. Authorization answers "what are you allowed to do?" — it checks permissions once identity is established. This collection covers both: OAuth2, JWT, and session flows handle authentication; RBAC, ABAC, and the access control decision flow handle authorization.

Authentication Diagrams

Frequently asked questions