Depending on the version of OpenID being used (OpenID version 1 or 2), the request for user authentication will take one of two courses from a programmatic perspective. The code will either:
Redirect the user to the endpoint established in the previous step (OpenID v1)
Obtain the authentication form markup from the provider endpoint and print it out to the screen for the user (OpenID v2)
In both cases, the process that occurs between the relaying party and the user looks the same, as shown in Figure 11-3.
Figure 11-3. OpenID, step 3: Provider requests user authentication
In general terms, the relaying party will display the authentication form to the user to have him authenticate herself against the OpenID provider (through either the form or redirect method).
When the relaying party establishes the request between the user and provider for authentication, the request will include a number of OpenID parameters, including those listed in Table 11-1.
Table 11-1. Authentication request parameters
The OpenID namespace URI to be used. For instance, this should be http://specs.openid.net/auth/2.0 for OpenID 2.0 transactions.
The transaction mode to be used during the
authentication process. The possible values are
If the user should be able to interact with the OpenID provider, ...