Diagram of Social Media OAuth 2 Flow Infographic

Tech architecture infographic titled "OAuth 2 Flow" using archetype DATA PIPELINE (extract → transform → load), adapted for a non-technical executive audience while remaining technically accurate. Show a hand-drawn whiteboard style diagram with a cool blue & cyan palette, clean spacing, friendly executive-readable hierarchy, editorial developer-blog illustration, isometric or flat tech-diagram style, vector-clean infographic layout. Create labeled boxes connected by directional arrows: Browser — 'User Browser' — 'Starts sign-in and receives redirect'; API — 'Application API' — 'Handles callback and exchanges code for tokens'; OAuth Server — 'Authorization Server' — 'Authenticates user and issues authorization code and tokens'; DB — 'User Database' — 'Stores user profile and account link'; Cache — 'Session Cache' — 'Temporarily stores state, PKCE verifier, and session data'; Queue — 'Event Queue' — 'Carries login and audit events for async processing'; Analytics Sink — 'Reporting Store' — 'Loads sign-in metrics for dashboards'; Generic Cloud — 'Internet / External Network' — 'Routes HTTPS traffic between systems'. Arrange the flow left to right as extract → transform → load: Browser sends login request to Application API; Application API checks Session Cache; Application API redirects Browser to Authorization Server; Authorization Server returns authorization code to Browser callback; Browser sends code to Application API; Application API exchanges code with Authorization Server over HTTPS for access token and optional refresh token using OAuth 2 Authorization Code Flow with PKCE; Application API validates token response, fetches user info if needed, writes account record to User Database, emits login event to Event Queue, and loads metrics into Reporting Store. Include arrow labels in English on every connection, such as: 'GET /login', 'state + PKCE challenge', '302 redirect to authorize', 'user consent', '302 callback with authorization code', 'POST /token', 'authorization code + PKCE verifier', 'access token', 'ID token / user info', 'UPSERT user record', 'session data', 'publish login event', 'ETL sign-in metrics'. Use proper protocol labels like HTTPS, OAuth 2, JWT where appropriate. Include visual notes that this is an explanatory flow, not an audited reference architecture. Add a numbered legend 1-7 in English: 1. User opens the app and starts sign-in in the browser. 2. The app creates state and PKCE data, optionally storing it in cache. 3. The browser is redirected to the Authorization Server over HTTPS. 4. After authentication and consent, the Authorization Server redirects back with an authorization code. 5. The Application API exchanges the code for tokens using OAuth 2 Authorization Code Flow with PKCE. 6. The app creates a session, stores or updates the user record in the database, and may cache session data. 7. A login event is sent to the queue and summarized into the reporting store for executive metrics. Make the diagram simple, trustworthy, and visually approachable, with sketchy marker outlines, soft cyan highlights, subtle paper-white background, and generic cloud icons only. All text MUST be written in English (array). Every heading, label, caption, legend and metric name in the image must be in English — not English. Spell each English word correctly using English characters and diacritics. Numbers stay as digits, no real cloud-vendor logos (AWS / GCP / Azure) — use generic cloud icons, no watermarks No real cloud-vendor logos (AWS, GCP, Azure) beyond generic cloud icons. Common protocol names (HTTPS, TCP, JWT, OAuth, REST, GraphQL) stay in canonical English form. No security-claim overstatements (do not present diagrams as audited reference architectures).