Download - OpenID Protocol Explained
Browser(User-Agent)
Desired Site(OpenID Consumer)
(Relying Party) OpenIDProvider
This is the person who desires to access a web site.
This is the browser he is using to access the web.
Person has:
Name: AlexID: http://alex.provider.com/
This is site that the user really want to access. For this example he wants to access his bank called “Big Bank”.
This is site that is going to prove that Alex is really Alex.
http://bigbank.com/ http://provider.com/
Identity Page
This addressrepresents Alex
Browser(User-Agent)
Alex Allentown
Me!
http://alex.provider.com/ Identity Page
Browser(User-Agent)
UserName:
I will log In ONCE
http://alex.provider.com/ Identity Page
OpenIDProvider
aallen321
**************Password:
LOGIN
Browser(User-Agent)
OK, You are logged in to the OpenID service.
OK!
http://alex.provider.com/ Identity Page
OpenIDProvider
Browser(User-Agent)
Desired Site(OpenID Consumer)
(Relying Party)
Big BankEnter your OpenID:http://alex.provider.com
LOGIN
http://bigbank.com/
Need to access the bank.
OpenIDProvider
Identity Page
Browser(User-Agent)
Desired Site(OpenID Consumer)
(Relying Party)
http://bigbank.com/
I clicked “Login”
http://alex.provider.com/
Headers:openid.server = http://provider.com/a.cgiopenid.delegate = http://provider.com/a.cgi
Identity Page
Browser(User-Agent)
Desired Site(OpenID Consumer)
(Relying Party)
Send redirect
I am waiting
http://provider.com/a.cgi
Parameters:openid.mode = checkid_setupopenid.identity = http://alex.provider.com/openid.return_to = http://bigbank.com/...
OpenIDProvider
Browser(User-Agent)
Desired Site(OpenID Consumer)
(Relying Party)
Send redirect
I am waiting
Additional Parameters:openid.mode = id_resopenid.identity = http://alex.provider.com/openid.return_to = http://bigbank.com/... openid.signed = mode,identity,return_toopenid.assoc_handle = XXXXXopenid.sig = YYYYY
http://bigbank.com/...
OpenIDProvider
Browser(User-Agent)
Desired Site(OpenID Consumer)
(Relying Party)
I am waiting
Same parameters as request exceptopenid.mode = check_authentication
Response in body: is_valid:true
OpenIDProvider
Browser(User-Agent)
Desired Site(OpenID Consumer)
(Relying Party)
Big BankYou are logged in!What would you like to do?
OK! Now I canget things done.
OpenIDProvider
Identity Page
Finally … generatepage for display