Does OpenID implementation usually works in a way that it redirects the user to the provider site and then back? The case I'm asking about has sign-up/sign-in embedded into the client site so it doesn't actually redirect you anywhere. The client and the OpenID provider are NOT the same organization. So if the "sign in" is embedded into client website, does that mean the client is getting this information as well?
Thank you!
The client receives no credentials, but a token which was created by the provider. So embedded means, all authentification information is only transferred to the provider.