remove <br> from mermaid charts

Signed-off-by: Christian Richter <crichter@owncloud.com>

docs/ocis/flow-docs/login-flow.md

@@ -26,35 +26,35 @@ sequenceDiagram
     participant ldap as External User Directory
 
     user->>+client: What is the content of my home?
-        client->>+proxy: PROPFIND <br> no (or expired) auth
-        Note over client,proxy: ocis needs to know the IdP that is<br>used to authenticate users. The<br>proxy will redirect unauthenticated<br>requests to that IdP.
+        client->>+proxy: PROPFIND\n no (or expired) auth
+        Note over client,proxy: ocis needs to know the IdP that is used to authenticate users. The proxy will redirect unauthenticated requests to that IdP.
         proxy-->>-client: 401 Unauthorized
         client->>+proxy: 1. The client starts a new openIDConnect Flow
         Note over client, proxy: GET /.well-known/openid-configuration
         proxy-->>-client: Return openidConnect configuration for the IdP
-        client-->>client: 2. Client prepares an Authentication Request<br>containing the desired request parameters <br> and generates the code challenge (PKCE).
+        client-->>client: 2. Client prepares an Authentication Request containing the desired request parameters   and generates the code challenge (PKCE).
         client->>+idp: 3. Client sends the request and the code challenge to the Authorization Server.
-        Note over client, idp: GET /authorize?<br>flow=oidc&response_type=code<br>&scope=openid%20profile%20email<br>&code_challenge=Y2SGoq9vtAp7YAavTaO0B550H_Rsj9DypiL7xZuFjOE<br>&code_challenge_method=S25&client_id=s6BhdRkqt3<br>&state=af0ifjsldkj<br>&redirect_uri=https%3A%2F%2Fclient.example.org%2Fcb HTTP/1.1<br>Host: server.example.com
+        Note over client, idp: GET /authorize? flow=oidc&response_type=code &scope=openid%20profile%20email &code_challenge=Y2SGoq9vtAp7YAavTaO0B550H_Rsj9DypiL7xZuFjOE &code_challenge_method=S25&client_id=s6BhdRkqt3 &state=af0ifjsldkj &redirect_uri=https%3A%2F%2Fclient.example.org%2Fcb HTTP/1.1 Host: server.example.com
         Note over user, idp: 3. Authorization Server Authenticates the End-User.
         alt all users managed by idp/ocis idm
             idp->>+idm: LDAP query/bind
             idm-->>-idp: LDAP result
-            Note over idp,ldap: In case  users are managed<br>in an external ldap they have to be<br> autoprovisioned in the ocis IdM<br> when they are loggin in.
+            Note over idp,ldap: In case  users are managed in an external ldap they have to be  autoprovisioned in the ocis IdM  when they are loggin in.
         else all users authenticated by an external idp
             idp->>+ldap: Lookup of the user in the directory
             ldap-->>-idp: Lookup result
         end
         idp-->>-user: Idp presents the user an authentication prompt.
         user->>+idp: 5. User authenticates and gives consent.
-        idp-->>-client: 6. Authorization Server sends the End-User back<br>to the Client with an Authorization Code.
-        Note over client, idp: HTTP/1.1 302 Found<br>Location: https://client.example.org/cb?<br>code=SplxlOBeZQQYbYS6WxSbIA&state=af0ifjsldkj
-        client->>+idp: 7. Client requests a response using the<br>Authorization Code and the code verifier at the Token Endpoint.
-        Note over client, idp: POST /token HTTP/1.1<br>Host: server.example.com<br>Content-Type: application/x-www-form-urlencoded<br>grant_type=authorization_code&code=SplxlOBeZQQYbYS6WxSbIA<br>&redirect_uri=https%3A%2F%2Fclient.example.org<br>&code_verifier=a98ccbe253754259963e6e2b67b5a044929446d7a15046cc8e3194022ad061d9d667dce91876418d9e6fe9f54819332e
+        idp-->>-client: 6. Authorization Server sends the End-User back to the Client with an Authorization Code.
+        Note over client, idp: HTTP/1.1 302 Found Location: https://client.example.org/cb? code=SplxlOBeZQQYbYS6WxSbIA&state=af0ifjsldkj
+        client->>+idp: 7. Client requests a response using the Authorization Code and the code verifier at the Token Endpoint.
+        Note over client, idp: POST /token HTTP/1.1 Host: server.example.com Content-Type: application/x-www-form-urlencoded grant_type=authorization_code&code=SplxlOBeZQQYbYS6WxSbIA &redirect_uri=https%3A%2F%2Fclient.example.org &code_verifier=a98ccbe253754259963e6e2b67b5a044929446d7a15046cc8e3194022ad061d9d667dce91876418d9e6fe9f54819332e
         idp->>+idp: 8. IdP checks the code verifier (PKCE)
-        idp-->>-client: 9. Client receives a response that contains an<br>ID Token and Access Token in the response body. <br>If offline access is requested, the client also receives a refresh token.
-        Note over client, idp:  HTTP/1.1 200 OK<br>Content-Type: application/json<br>Cache-Control: no-store<br>Pragma: no-cache<br>{<br>"access_token": "SlAV32hkKG",<br>"token_type": "Bearer",<br>"refresh_token": "8xLOxBtZp8",<br>"expires_in": 3600,<br>"id_token": "a ... b.c ... d.e ... f" // must be a JWT<br>}
-        client-->>client: 10. Client validates the ID token and<br>retrieves the End-User's Subject Identifier.
-        client->>+proxy: PROPFIND <br> With access token
+        idp-->>-client: 9. Client receives a response that contains an ID Token and Access Token in the response body.  If offline access is requested, the client also receives a refresh token.
+        Note over client, idp:  HTTP/1.1 200 OK Content-Type: application/json Cache-Control: no-store Pragma: no-cache { "access_token": "SlAV32hkKG", "token_type": "Bearer", "refresh_token": "8xLOxBtZp8", "expires_in": 3600, "id_token": "a ... b.c ... d.e ... f" // must be a JWT }
+        client-->>client: 10. Client validates the ID token and retrieves the End-User's Subject Identifier.
+        client->>+proxy: PROPFIND   With access token
         proxy-->>-client: 207 Multi-Status
     client-->>-user: List of Files X, Y, Z ...
 {{< /mermaid >}}

docs/ocis/flow-docs/request-flow.md

@@ -24,9 +24,9 @@ sequenceDiagram
 
     user->>+client: What is the content of my home?
 
-        client->>+proxy: PROPFIND <br> Bearer auth using oidc auth token
-        Note over client,proxy: What is in a bearer token? <br> The spec recommends opaque tokens. <br> Treat it as random byte noise.
-        Note over client,proxy: the proxy MUST authenticate users <br> using ocis-accounts because it needs <br> to decide where to send the request
+        client->>+proxy: PROPFIND  Bearer auth using oidc auth token
+        Note over client,proxy: What is in a bearer token?  The spec recommends opaque tokens.  Treat it as random byte noise.
+        Note over client,proxy: the proxy MUST authenticate users  using ocis-accounts because it needs  to decide where to send the request
         %% Mention introspection endpoint for opaque tokens
         %% idp uses jwt, so we can save a request
         %% either way the token can be used to look up the sub and iss of the user
@@ -36,16 +36,16 @@ sequenceDiagram
             alt userinfo succeeds
 
                 idp-->>proxy:  200 OK
-                Note over proxy,accounts: Content-Type: application/json<br>{<br>"sub": "248289761001",<br>"name": "Jane Doe",<br>"given_name": "Jane",<br>"family_name": "Doe",<br>"preferred_username": "j.doe",<br>"email": "janedoe@example.com",<br>"picture": "http://example.com/janedoe/me.jpg"<br>}
+                Note over proxy,accounts: Content-Type: application/json{"sub": "248289761001","name": "Jane Doe","given_name": "Jane","family_name": "Doe","preferred_username": "j.doe","email": "janedoe@example.com","picture": "http://example.com/janedoe/me.jpg"}
                 %% see: https://openid.net/specs/openid-connect-core-1_0.html#UserInfoResponse
 
             else userinfo fails
 
                 idp-->>-proxy: 401 Unauthorized
-                Note over proxy,accounts: WWW-Authenticate: error="invalid_token",<br>error_description="The Access Token expired"
+                Note over proxy,accounts: WWW-Authenticate: error="invalid_token",error_description="The Access Token expired"
 
-        proxy-->>client: 401 Unauthorized or <br>302 Found with redirect to idp
-        Note over client: start at login flow<br> or refresh the token
+        proxy-->>client: 401 Unauthorized or 302 Found with redirect to idp
+        Note over client: start at login flow or refresh the token
 
             end
 
@@ -71,7 +71,7 @@ sequenceDiagram
                     end
                 end
 
-                Note over proxy,accounts: provision a new account including displayname, email and sub@iss <br> TODO only if the user is allowed to login, based on group <br> membership in the ldap server
+                Note over proxy,accounts: provision a new account including displayname, email and sub@iss  TODO only if the user is allowed to login, based on group  membership in the ldap server
                 proxy->>proxy: generate new uuid
                 proxy->>+accounts: TODO create account with new generated uuid
                 accounts-->>-proxy: OK / error
@@ -79,8 +79,8 @@ sequenceDiagram
             else account has been disabled
 
                 accounts-->>-proxy: account is disabled
-        proxy-->>client: 401 Unauthorized or <br>302 Found with redirect to idp
-        Note over client: start at login flow<br> or refresh the token
+        proxy-->>client: 401 Unauthorized or 302 Found with redirect to idp
+        Note over client: start at login flow or refresh the token
 
             end
             proxy->>proxy: store uuid in context
@@ -88,7 +88,7 @@ sequenceDiagram
             %% what if oc10 does not support a certain request / API
 
             proxy->>proxy: mint an internal jwt that includes the UUID and username using revas `x-access-token` header
-            proxy->>+reva: PROPFIND <br>Token auth using internal JWT
+            proxy->>+reva: PROPFIND Token auth using internal JWT
             reva-->>-proxy: Multistatus response
         proxy-->>-client: Multistatus response