To answer this question, we need to look at how Ory OAuth2 and OpenID Connect handles the login process. According to the knowledge sources, the client doesn't directly know which login endpoint to use. Instead, Ory OAuth2 and OpenID Connect manages this process through redirection. Here's how it works: 1. The OAuth2 flow is initiated when the client directs the user's browser to the

/oauth2/auth

endpoint. 2. Ory OAuth2 and OpenID Connect then checks for an existing session and evaluates any OpenID Connect parameters. 3. To authenticate the user, Ory OAuth2 and OpenID Connect redirects the browser to a configured "login endpoint". 4. This login endpoint URL is set in the Ory OAuth2 and OpenID Connect configuration. As stated in the [Custom Login and Consent Flow documentation](https://www.ory.sh/docs/oauth2-oidc/custom-login-consent/flow):

ory patch oauth2-config     --replace "/urls/login=\"<https://login.example.org/oauth2-login\>""

This configuration tells Ory OAuth2 and OpenID Connect which login URL to use. When a login is required, Ory will redirect to this URL, appending a

login_challenge

query parameter:

<https://login.example.org/oauth2-login?login_challenge=7bb518c4>

So, to directly answer the question: The client doesn't need to know which login endpoint to use. Ory OAuth2 and OpenID Connect handles the redirection to the appropriate login endpoint based on its configuration. The client simply needs to start the OAuth2 flow by directing the user to the

/oauth2/auth

endpoint, and Ory takes care of the rest.