The first steps of the hybrid auth process will seem very familiar to you from the OpenID authentication flow overview, so we’ll just briefly touch on them:
Request login with an OpenID identifier.
Perform discovery on that identifier to establish an endpoint URL from which the auth process may be displayed to the user.
At step 1, the user will provide the relaying party with the OpenID identifier of the provider that he wants to use to authenticate with (i.e., which site he wants to sign in using). Through this exchange, the relaying party will normalize and perform discovery on the identifier URL before authentication begins.
The relaying party will make a request to the provider, sending it the normalized URL from the previous step. The provider will determine whether the OpenID identifier is valid and, if so, it’ll return the endpoint URL to which the user should be redirected in order to sign in and accept the permissions that the application is requesting.