OAuth 2 Flow Tech Infographic with Cisco Stack Cable Diagram

Tech architecture infographic titled "OAuth 2 Flow" using the PROTOCOL HANDSHAKE archetype (numbered exchanges). Show a clean end-to-end authorization flow for a non-technical executive audience, simplified but technically accurate, with labeled flat vector boxes connected by directional arrows. Include these boxes: 1) Browser — icon: desktop browser, role: 'User agent initiating sign-in'; 2) Client App / Frontend — icon: web app window, role: 'Requests authorization and receives callback'; 3) Authorization Server — icon: shield with key, role: 'Authenticates user and issues authorization code / tokens'; 4) API Gateway / Resource Server — icon: API node, role: 'Validates access token and serves protected data'; 5) Database — icon: cylinder, role: 'Stores users, clients, and consent records'; 6) Cache — icon: lightning cache, role: 'Speeds up token / session lookups'; 7) Queue — icon: message queue, role: 'Processes async audit and notification events'. Use numbered exchanges on the arrows and make the flow technically accurate for OAuth 2 Authorization Code flow: Browser to Client App arrow label '1. Open app over HTTPS'; Client App to Browser label '2. Redirect to Authorization Server'; Browser to Authorization Server label '3. Authorization request'; Authorization Server to Database label '4. Read user / client / consent'; Database to Authorization Server label '5. User record + consent data'; Authorization Server to Browser label '6. Login + consent page'; Browser to Authorization Server label '7. Credentials + approval over HTTPS'; Authorization Server to Cache label '8. Store session / code metadata'; Authorization Server to Browser label '9. Redirect with authorization code'; Browser to Client App label '10. Callback with code'; Client App to Authorization Server label '11. Token request + authorization code'; Authorization Server to Cache label '12. Validate code / session'; Authorization Server to Database label '13. Read client registration'; Authorization Server to Client App label '14. Access token + optional refresh token (JWT or opaque token)'; Client App to API Gateway / Resource Server label '15. API request with Bearer access token'; API Gateway / Resource Server to Cache label '16. Token introspection / cached validation'; API Gateway / Resource Server to Database label '17. Read protected resource'; API Gateway / Resource Server to Client App label '18. JSON response, HTTP 200'; Authorization Server to Queue label '19. Audit event'; API Gateway / Resource Server to Queue label '20. Access log event'. Add small side notes in boxes where useful: Authorization Server supports 'OAuth 2', API supports 'REST / GraphQL over HTTPS', tokens are 'short-lived access token'. Include a numbered legend 1-7 summarizing lifecycle in executive-friendly English: 1. User opens the app. 2. App redirects user to the Authorization Server. 3. User signs in and grants consent. 4. Authorization Server returns an authorization code. 5. App exchanges the code for an access token. 6. App calls the API with the Bearer token. 7. API validates token and returns protected data. Add a subtle disclaimer in small footer text: 'Conceptual OAuth 2 flow for explanation, not an audited reference architecture'. Visual style: minimal flat, editorial developer-blog illustration, isometric or flat tech-diagram style, vector-clean infographic layout. Use a developer pink & teal palette with white or very light neutral background, dark charcoal text, teal for trusted request paths, pink for auth-related exchanges, soft gray for storage and async components, thin crisp arrows, rounded rectangles, generous whitespace, calm executive-friendly mood, low clutter, clear hierarchy, light shadows only. Ensure every component box has an icon, a canonical English name, and a one-line role description in English. All text MUST be written in English (array). Every heading, label, caption, legend and metric name in the image must be in English — not English. Spell each English word correctly using English characters and diacritics. Numbers stay as digits, no real cloud-vendor logos (AWS / GCP / Azure) — use generic cloud icons, no watermarks No real cloud-vendor logos (AWS, GCP, Azure) beyond generic cloud icons. Common protocol names (HTTPS, TCP, JWT, OAuth, REST, GraphQL) stay in canonical English form. No security-claim overstatements (do not present diagrams as audited reference architectures).