4.2.7. Response with the Identity Authentication Outcome

In case your application requested it, it is indirectly (via redirection of user’s browser) sent back a message with the response, or more precisely the outcome of the identity authentication and other data it requested. This response is again in form of an HTTP message, while the body of this message includes the individual data representing the individual pieces of information of the identity authentication process outcome.

These are examples of the items comprising the response to the identity authentication request:

Parameter (key)	Description (value)
openid.claimed_id	Returns the user’s claimed identifier, it can differ from the default by a fragment. You can use this string to match user specific data. When comparing, it is important to take into account all the parts of the string, including schema and fragment. https://demo.mojeid.cz/#unikatni_retezec
openid.op_endpoint	MojeID endpoint URL. https://mojeid.cz/endpoint/
openid.response_nonce	Unique response tag. No two responses have the same tag – it prevents from the response being sent repeatedly (the so-called replay attack). 2010-07-22T16:13:08ZiEnTtR
openid.signed	A list of fields that are signed with a signature, see the following key. assoc_handle, claimed_id, ns, op_endpoint, pape.auth_policies, response_nonce, signed
openid.sig	Signature of the listed fields to verify authenticity. hdtOpg3jCup1n6+elCXn+yLZAYc=
openid.ax.type.firstName	Mapping the official URL identifier to a string used in the message. http://axschema.org/namePerson/first
openid.ax.value.firstName	The value of identity attribute for the given string. Andrew
openid.pape.auth_policies	A space-separated list of login policies that were actually applied. http://schemas.openid.net/pape/policies/2007/06/phishing-resistant
openid.pape.auth_time	The time of the user’s identity verification on server (always in UTC). 2005-05-15T17:11:51Z