问题
Reading the description here it says:
WebFinger — Enables dynamic discovery of the OpenID Connect provider for a given user, based on their email address or some other information.
Can someone give an example of how this works (Description is somewhat abstract)?
回答1:
WebFinger is a protocol defined in RFC7033. There is a complete example in section 3.1:
3.1. Identity Provider Discovery for OpenID Connect
Suppose Carol wishes to authenticate with a web site she visits using OpenID Connect. She would provide the web site with her OpenID Connect identifier, say carol@example.com. The visited web site would perform a WebFinger query looking for the OpenID Connect provider. Since the site is interested in only one particular link relation, the WebFinger resource might utilize the "rel" parameter as described in Section 4.3:
GET /.well-known/webfinger? resource=acct%3Acarol%40example.com& rel=http%3A%2F%2Fopenid.net%2Fspecs%2Fconnect%2F1.0%2Fissuer HTTP/1.1 Host: example.comThe server might respond like this:
HTTP/1.1 200 OK Access-Control-Allow-Origin: * Content-Type: application/jrd+json { "subject" : "acct:carol@example.com", "links" : [ { "rel" : "http://openid.net/specs/connect/1.0/issuer", "href" : "https://openid.example.com" } ] }Since the "rel" parameter only serves to filter the link relations returned by the resource, other name/value pairs in the response, including any aliases or properties, would be returned. Also, since support for the "rel" parameter is not guaranteed, the client must not assume the "links" array will contain only the requested link relation.
来源:https://stackoverflow.com/questions/47113980/how-to-use-the-openid-connect-webfinger-endpoint