4.1.5. Initiation¶
To be able to send an identity authentication request, your library needs to know either the user’s identifier, or the OCP endpoint.
Your application will use the identifier and endpoint to send a WebFinger query to retreive details about the OpenID Connect provider. The response to this query includes (among other things):
Autorization Endpoint – this is always
https://mojeid.cz/oidc/authorization/
and this address is used for identity authentication requests.Token Endpoint – this is always
https://mojeid.cz/oidc/token/
and this address is used for token requests.UserInfo Endpoint – this is always
https://mojeid.cz/oidc/userinfo/
and this address is used for user data requests.
An example of query for a specific user:
GET /oidc/.well-known/webfinger?resource=acct%3Ajoe%40mojeid.cz&rel=http%3A%2F%2Fopenid.net%2Fspecs%2Fconnect%2F1.0%2Fissuer HTTP/1.1
Host: mojeid.cz
An example of the server’s response:
HTTP/1.1 200 OK
Content-Type: application/jrd+json
{
"subject": "acct:joe@mojeid.cz",
"links": [
{"rel": "http://openid.net/specs/connect/1.0/issuer",
"href": "https://mojeid.cz/oidc/"}
]
}