Like https://www.google.com/accounts/o8/id and https://me.yahoo.com they send me the end point (https://www.google.com/accounts/o8/ud for google and https://open.login.yahooapis.com/openid/op/auth for yahoo) So my question is can I skip this I just use the endpoint?
Also referred to as the "well-known endpoint," the discovery document is a set of OpenID Connect values that can be retrieved by OIDC clients; it's the discovery document that enables OIDC clients to configure themselves in order to be able to access your implementation of Hosted Login.
A Discovery URL is a URL adorned with a use type string. A Discovery URL can point to a "homepage" for the business, an XSD Schema that describes the business, or to another type of file describing the business or its services.
OpenID Connect defines a discovery mechanism, called OpenID Connect Discovery, where an OpenID server publishes its metadata at a well-known URL, typically. https://server.com/.well-known/openid-configuration.
Endpoint Discovery is the process where a specific URL (the "discovery endpoint") is accessed, which returns a directory of endpoints for using the system. Other code can interrogate that directory to find the specific URLs for accessing various resources.
OpenID Connect lets developers authenticate their users across websites and apps without having to own and manage password files. For the app builder, it provides a secure verifiable, answer to the question: “What is the identity of the person currently using the browser or native app that is connected to me?”
Well known Configuration URL: The URL that contains metadata about the third-party OIDC identity provider. July 29 at 6:08 PM. Selected Answer. 1.
For the initiation and discovery phase of the OpenID protocol, a user may pass either a URI or an XRI. If a URI is given then the YADIS protocol must be followed to find the service endpoint.
If the URL given is different to the endpoint then the URL becomes the 'claimed identifier' and the OpenID provider can also provide an 'OP local identifier'. A user does not need to specify an endpoint url when initiating the protocol. Therefore this step should not be skipped.
As part of the discovery phase, various OpenID extensions may also be discovered which may be helpful to your application.
The OpenID protocol is documented pretty well.
However, there is no reason why you can't cache the results of the discovery. Whilst you could write code to skip the discovery phase if the Yahoo! or Google endpoint URL is given, a cache is a more generalised solution that will not break if the extensions available are altered.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With