4.2.4. Initiation

To be able to send an identity authentication request, you have to state either the user’s identifier, or the OCP endpoint for most libraries. If you do not know the user’s identifier (e.g. in case of user’s login), state the OP endpoint instead.

If you know the user’s identifier (e.g. repeated authentication of the user), you can use it to get metadata about the user’s identity and about the OpenID provider including the OP endpoint. A HTTP request is sent to the user’s identifier and the following can be found in the body of the message received this way:

  • User’s claimed identifier – The final URL from which the page’s body with metadata returned.

  • User’s internal identifier – It differs from the identity name by the fact that it is an identifier in form of https://mojeid.com/id/unique_string, where the unique_string is the user’s unique identification in the mojeID system, e.g. https://mojeid.cz/id/JeDineCny/. This internal identity must then be checked in the next phases of the login process, because it is an identity recognized by the OpenID provider (see Response Processing).

  • OP endpoint – this is always https://mojeid.cz/endpoint/ and this address is used for identity authentication requests.