We are currently working on the account creation workflow on some of our web-applications, and we are facing a question which answer is unclear.
First thing, we are using a Django server as WebID-OIDC Identity Provider, based on one package we have been developing (djangoldp_account, relying on django-oidc-provider). The authentication part is working well, as soon as our users are created through the Django administration back-office.
Second step, we want to give users the possibility to register/create an account/create their identity (not sure about the proper terminology here) against our Identity Provider. And there I could not find anything in both the WebID-OIDC and the OIDC specifications about users/account creations.
What’s the normal workflow of acount creations ?
At first we wanted to let our client applications POST an account creation request through a dedicated API Endpoint to the IP, but then we were finding ourselves strongly coupling the client application and the Identity Provider instance. That we do not want as we would like to leave the choice of the Identity Provider to the user, as we can do for the Authentication part.
Then we thought the good way would be to redirect to the Identity Provider as we are doing for the Authentication, and providing a registration form here, which would be in charge in both the identity/account creation and the email validation and so on. And, if the client application is needing some additionals information about the users, it should ask for it when the user is logging-in for the first time.
So, are there any guidelines about the way to handle account creation ?
Hope my question is clear enough. Let me know if it’s not the case.
Thanks in advance, and have a good day !