我找不到在openid connect中注册最终用户的规范。
也许,你知道怎么做?
我有一些想法,但我正在寻找正式答案。
答案 0 :(得分:2)
当他们谈论Authentication of the End-User时,会隐含地包含该部分。
当您的提供商尝试验证最终用户时(通过显示登录表单),如果用户没有帐户,您可以:
在这两种情况下,你都会有一个" next"或者" redirect_to" (称之为任何你喜欢的)将具有安全编码请求URL安全编码(或OAuth2授权请求)。
查看示例:
# Auth Request from some client.
/openid/authorize?client_id=123&redirect_uri=http%3A%2F%2Fexample.com%2F&response_type=code&scope=openid%20profile%20email&state=abcdefgh
# Because user is not logged, you attempts to Authenticate it.
/login?next=%2Fopenid%2Fauthorize%3Fclient_id%3D123%26redirect_uri%3Dhttp%253A%252F%252Fexample.com%252F%26response_type%3Dcode%26scope%3Dopenid%2520profile%2520email%26state%3Dabcdefgh
# Because user is not registered. You provide a link like this.
/register?next=%2Fopenid%2Fauthorize%3Fclient_id%3D123%26redirect_uri%3Dhttp%253A%252F%252Fexample.com%252F%26response_type%3Dcode%26scope%3Dopenid%2520profile%2520email%26state%3Dabcdefgh
# After registration. The flow will continue.
希望你能理解。问候。