Great question—this is a super common point of confusion when first wrapping your head around OIDC flows, so let’s break it down clearly.

First, let’s recap the core roles to set context:

• RP (Relying Party): That’s your asdf.com website, which needs to authenticate users.
• OP (OpenID Provider): Google, which handles user authentication and provides identity data to your site.

Why the first step is classified as RP->OP (not Enduser->OP) #

You’re right that the user physically clicks a button to navigate to Google’s login page—but the critical detail here is who initiates and defines the request:

1. The login link is constructed by your RP: The URL https://account.google.com/XXX?return_url=asdf.com isn’t just a random Google login page. Your asdf.com builds this URL with mandatory OIDC parameters behind the scenes (like client_id to identify your site to Google, scope to specify what identity data you need, response_type to define the flow type, and yes, redirect_uri). Without these RP-provided parameters, Google would have no idea to send authentication results back to your site, or that your site is a trusted party.
2. The user is executing a request initiated by the RP: The user’s click is just the trigger for a request that your RP already prepared. Think of it like handing someone a pre-addressed envelope and asking them to mail it—you’re the one who initiated the request; they’re just delivering it. In OIDC terms, your RP is the one asking Google to authenticate the user; the user’s action is how that request gets sent to Google.
3. Enduser->OP would be a user-initiated visit: If a user directly typed account.google.com into their browser to log in (without coming from your site), that would be a true Enduser->OP interaction. But in your case, the user is only going to Google’s auth page because your site directed them there with a structured, RP-specific request.

To put it simply #

The RP->OP step in OIDC refers to the authorization request that the relying party initiates—even if the user is the one who physically navigates to the OP. The flow is categorized by who originates the request, not who clicks the button.

内容的提问来源于stack exchange，提问作者Sato