Reputation: 5175
Why we need Discovery URL in OpenID
Like https://www.google.com/accounts/o8/id and https://me.yahoo.com they send me the end point (https://www.google.com/accounts/o8/ud for google and https://open.login.yahooapis.com/openid/op/auth for yahoo) So my question is can I skip this I just use the endpoint?
Upvotes: 6
Views: 2929
Answers (1)
Reputation: 305
For the initiation and discovery phase of the OpenID protocol, a user may pass either a URI or an XRI. If a URI is given then the YADIS protocol must be followed to find the service endpoint.
If the URL given is different to the endpoint then the URL becomes the 'claimed identifier' and the OpenID provider can also provide an 'OP local identifier'. A user does not need to specify an endpoint url when initiating the protocol. Therefore this step should not be skipped.
As part of the discovery phase, various OpenID extensions may also be discovered which may be helpful to your application.
The OpenID protocol is documented pretty well.
However, there is no reason why you can't cache the results of the discovery. Whilst you could write code to skip the discovery phase if the Yahoo! or Google endpoint URL is given, a cache is a more generalised solution that will not break if the extensions available are altered.
Upvotes: 7
Related Questions
- Why OpenLiberty -OpenID connect server- discovery url response endpoint urls, are not HTTPs?
- Purpose of ID token
- Should Identity Server 4 OpenID Connect Discovery be public?
- What is discovery url of Okta
- IdentityServer4 why do we need the discovery endpoint
- OpenID endpoints
- what does openid provider return during discovery?
- OpenID Discovery URL list
- OpenID which URL to use?
- Why working with an open ID?