When your client issues a successful authentication request, the Cloud Identity Service responds with a catalog showing the services available to that client, with one endpoint listed for each available service; you can find an annotated example of such a response in Section 3.2, “Sample Authentication Request and Response”.
As the client developer, you must decide how your client should use the contents of its service catalog. The first step may be to identify a service to which your client should be connected. Here is one possible workflow for processing the service catalog response to identify available services and their endpoints:
If the service catalog lists only one endpoint, use it. This will connect your client to the only service available to that client.
If the service catalog lists multiple endpoints, you must establish a process for choosing an endpoint to connect your client to:
If the user has not specified which endpoint to use, generate an error.
If the user has specified which endpoint to use, help the user identify that endpoint from within the catalog:
Support filtering by endpoint name, service name, service type, region name, and version.
Support manual specification of an endpoint via a URL parameter.
Authentication endpoints follow the process described above.
To connect a client to an endpoint listed as
type="compute", do the following:
Go that compute service's endpoint and use its
WWW-Authenticateheader to determine what authentication server it uses.Go to that authentication server and authenticate.
Return to the compute endpoint and proceed with using the compute service.
