4.2.7. Response with the Identity Authentication Outcome

In case your application requested it, it is indirectly (via redirection of user’s browser) sent back a message with the response, or more precisely the outcome of the identity authentication and other data it requested. This response is again in form of an HTTP message, while the body of this message includes the individual data representing the individual pieces of information of the identity authentication process outcome.

These are examples of the items comprising the response to the identity authentication request:

Parameter (key)

Description (value)

openid.claimed_id

Returns the user’s claimed identifier, it can differ from the default by a fragment. You can use this string to match user specific data. When comparing, it is important to take into account all the parts of the string, including schema and fragment.
https://demo.mojeid.cz/#unikatni_retezec

openid.op_endpoint

MojeID endpoint URL.
https://mojeid.cz/endpoint/

openid.response_nonce

Unique response tag. No two responses have the same tag – it prevents from the response being sent repeatedly (the so-called replay attack).
2010-07-22T16:13:08ZiEnTtR

openid.signed

A list of fields that are signed with a signature, see the following key.
assoc_handle, claimed_id, ns, op_endpoint, pape.auth_policies, response_nonce, signed

openid.sig

Signature of the listed fields to verify authenticity.
hdtOpg3jCup1n6+elCXn+yLZAYc=

openid.ax.type.firstName

Mapping the official URL identifier to a string used in the message.
http://axschema.org/namePerson/first

openid.ax.value.firstName

The value of identity attribute for the given string.
Andrew

openid.pape.auth_policies

A space-separated list of login policies that were actually applied.
http://schemas.openid.net/pape/policies/2007/06/phishing-resistant

openid.pape.auth_time

The time of the user’s identity verification on server (always in UTC).
2005-05-15T17:11:51Z