Once the user has interacted with the authentication form and submitted, he should be forwarded to the specified callback location. Everything should be in place at this point for the relaying party to communicate with the OpenID provider to complete the authentication process.
This step is outlined in Figure 11-4.
Figure 11-4. OpenID, step 4: OpenID provider issues passed/failed response for user authentication back to relaying party
Once the user is forwarded to the callback location, the relaying party will attempt to complete the authentication process. It will send a complete request to the OpenID provider with the variables passed to the callback location.
The OpenID provider will attempt to complete authentication with the provided data. It will issue either a fail state (authentication failed) or an approved state. If it provides an approved state, the response returned back to the relaying party will also hold the unique user identifier and any data requested from attached OpenID extensions.
At this point, the relaying party may use the returned data to process the user login.