I can't found specification for registration the end-user in openid connect.
Maybe, you know how do it?
I have some idea, but I looking for official answer.
Asked
Active
Viewed 4,017 times
6
-
1I don't think openid connect covers user registration at all. – Shaun the Sheep Feb 10 '15 at 03:12
-
New OIDC [spec](https://openid.net/specs/openid-connect-prompt-create-1_0.html) (in work) may help you – j4ck50n Nov 12 '20 at 10:51
1 Answers
6
That part is implicitly included when they talk about Authentication of the End-User.
When your provider attempts to Authenticate the End-User (by displaying a login form), then if the user has no account you can:
- Show the registration form in the same view as the login.
- Put a link somewhere in the view (ex. "Create account").
In both cases, you'll have a "next" or a "redirect_to" (call it whatever you like) that will have the OpenID Authentication Request URL-safe encoded (or an OAuth2 Authorization Request).
See an example:
# Auth Request from some client.
/openid/authorize?client_id=123&redirect_uri=http%3A%2F%2Fexample.com%2F&response_type=code&scope=openid%20profile%20email&state=abcdefgh
# Because user is not logged, you attempts to Authenticate it.
/login?next=%2Fopenid%2Fauthorize%3Fclient_id%3D123%26redirect_uri%3Dhttp%253A%252F%252Fexample.com%252F%26response_type%3Dcode%26scope%3Dopenid%2520profile%2520email%26state%3Dabcdefgh
# Because user is not registered. You provide a link like this.
/register?next=%2Fopenid%2Fauthorize%3Fclient_id%3D123%26redirect_uri%3Dhttp%253A%252F%252Fexample.com%252F%26response_type%3Dcode%26scope%3Dopenid%2520profile%2520email%26state%3Dabcdefgh
# After registration. The flow will continue.
Hope you understand it. Greetings.
juanifioren
- 633
- 5
- 18