Make sure your software supports OpenID Connect. Several software products already support OpenID Connect out of the box. If your software is amongst these, you can continue to to the next paragraph.
We strongly advise you not to build your own OpenID Connect implementation, but use one of the products already available. The official OpenID website provides a nice overview of certified and uncertified implementations.
Claims and attributes
Your service probably needs (personal) information about the user logging in, for example an e-mail address or display name. These claims are provided by the user's institution in the form of SAML attributes. SURFconext translates those SAML attributes to OpenID Connect claims. Refer to this page to see which claims are available for use within your service.
Please note: SURFconext has a data minimisation policy, which means you only receive those claims that are strictly needed to make your service work.
As a next step, you probably want to connect to the SURFconext Test environment.