OAuth 2 Flow Network Drawing Tech Architecture Infographic

Tech architecture infographic titled "OAuth 2 Flow" using SYSTEM ARCHITECTURE (services + queues + storage). Show an isometric tech diagram for a senior-engineer audience, rendered as a precise network drawing with vector-clean structure. Create labeled boxes connected by directional arrows. Main components: User Browser, Frontend Web App, API Gateway, Authorization Server, Consent Screen, Token Service, Resource Server API, Session Cache, Message Queue, Audit Log Worker, Relational Database, Refresh Token Store, Generic Cloud Edge. Every box must include: a simple tech icon, the component name in canonical English, and a one-line English role description. Example role descriptions: Browser — 'Initiates login and sends authorization requests'; Authorization Server — 'Authenticates user and issues authorization code'; Token Service — 'Exchanges code for access token and refresh token'; Resource Server API — 'Validates bearer token and serves protected data'; Session Cache — 'Stores short-lived session and state data'; Message Queue — 'Buffers audit and async events'; Relational Database — 'Persists clients, grants, users, and metadata'; Refresh Token Store — 'Stores and rotates refresh tokens'; Audit Log Worker — 'Consumes events and writes audit records'. Use technically accurate OAuth 2 Authorization Code Flow with PKCE represented inside a system architecture layout. Arrows must be directional and labeled in English with what crosses each hop: 'HTTPS GET /authorize', 'client_id + redirect_uri + scope + state + code_challenge', 'User credentials', 'Consent decision', '302 redirect with authorization code', 'HTTPS POST /token', 'authorization_code + code_verifier', 'access token (JWT or opaque) + refresh token', 'Bearer access token', 'JSON resource response', 'cache lookup', 'enqueue audit event', 'INSERT audit row', 'token introspection or JWKS fetch' where appropriate. Include optional internal links such as Authorization Server to Relational Database labeled 'client lookup / user auth / grant record', Token Service to Refresh Token Store labeled 'store or rotate refresh token', Resource Server API to Session Cache labeled 'token metadata cache', API Gateway to Resource Server API labeled 'forward REST request', and services to Message Queue labeled 'audit event'. Show separation into zones with subtle labels: Client Zone, Edge Zone, Identity Zone, Application Zone, Data Zone. Add small callouts for PKCE elements: 'code_challenge' on authorize request and 'code_verifier' on token exchange. Avoid implying unsupported guarantees; include a small neutral caption such as 'Illustrative OAuth 2 system flow, not an audited reference architecture'. Add a numbered legend 1-7 in English walking through the lifecycle: 1. Browser opens app and starts OAuth login. 2. Frontend redirects user to Authorization Server over HTTPS with client_id, scope, state, and PKCE code_challenge. 3. Authorization Server authenticates user and collects consent, then records grant metadata in the database. 4. Authorization Server redirects browser back with an authorization code. 5. Frontend or backend exchanges authorization code plus code_verifier at the Token Service for an access token and optional refresh token. 6. API Gateway or app sends bearer token to Resource Server API, which validates token locally via JWKS or remotely via introspection, optionally using cache. 7. Protected resource is returned as JSON; audit events are pushed to queue and persisted by worker to the database. Visual style: editorial developer-blog illustration, isometric or flat tech-diagram style, vector-clean infographic layout. Use a green terminal palette: dark charcoal background, neon green highlights, muted emerald surfaces, pale mint text accents, subtle grid, glowing arrow strokes, crisp box outlines, minimal amber used only for warnings or redirects. Overall mood: technical, precise, modern, trustworthy, schematic, suitable for a senior engineering blog. No real cloud-vendor logos; use only generic cloud, server, database, cache, queue, browser, shield, key, and token icons. All text MUST be written in English (array). Every heading, label, caption, legend and metric name in the image must be in English — not English. Spell each English word correctly using English characters and diacritics. Numbers stay as digits, no real cloud-vendor logos (AWS / GCP / Azure) — use generic cloud icons, no watermarks No real cloud-vendor logos (AWS, GCP, Azure) beyond generic cloud icons. Common protocol names (HTTPS, TCP, JWT, OAuth, REST, GraphQL) stay in canonical English form. No security-claim overstatements (do not present diagrams as audited reference architectures).