Merge pull request #244 from influxdata/feature/oauth-docs

OAuth 2.0 based auth flow.

docs/auth.md

@@ -1,30 +1,9 @@
-Originally Authored with Hackmd.io [Link](https://hackmd.io/CYBghgzATCCsCMBaAHGAZiRAWCsqIE4AjdRUZEYKCLMANmDCA===?both)
+MrFusion with OAuth 2.0 (Github-style)
 
-## Current Auth Flow 
-### With Enterprise Web
+Originally Authored with Hackmd.io Link
 
-Postgres is the source of truth for authorization credentials.
-Plutonium only cares if the username is passed properly and signed.
+OAuth 2.0 Style Authentication
 
-_NOTE: JWT is never generated by the database. Influx OSS just checks that it is signed with the same secret._
-![enterprise sequence diagram](./EnterpriseWebAuthFlow.png)
+Assumptions: The user has created an "OAuth Application" on Github to authenticate against.
 
-### With OSS Flow
-
-In this example, I have the shared secret in a file on my Terminal.
-
-_NOTE: JWT is never generated by the database. Influx OSS just checks that it is signed with the same secret._
-![OSS Auth sequence diagram](./OSS_Auth_Flow.png)
-
-## Desired Auth Flow with Mr Fusion using Bolt.
-
-This describes what we'd like to see. And [here](https://gist.github.com/kfitzpatrick/bf4c178876be5aa0b7ae069707b4528e) is a quick reference implementation.
-
-_NOTE: Bolt might initially be replaced with a flat file. Obviously, we'd like to ship with Bolt. After that the plan is to be able to store in other system such as Influx, etcd, etc…_
-![MrFusion auth sequence diagram](./Proposed_MrFusion_with_Bolt.png)
-
-## Notes:
-
-* How do we keep the Data Source passwords safe?
-    * Salt & Hash.
-    * For v1 we'll use the same salting method as Pu
+![oauth 2.0 flow](./OauthStyleAuthentication.png)