The sample OAuth2 Authorization Server’s database merely contains a couple of sample client entries so that the sample client can make requests. It has a users table that is automatically populated by each user who successfully logs in using their OpenID. So to your question regarding the “format of the OpenID” to use, any valid OpenID 1.1/2.0 identifier will work.

The OAuth2 authorization server sample doubles as an OpenID relying party in this respect, but its OpenID functions aren’t the meat of the sample — there are other sample OpenID RP sites that demonstrate more functionality in that respect. But being that OAuth2 auth server and OpenID RP are coupled in this way, the flow is that:

1. User visits OAuth2 Client site and indicates to the client that it may request access to user’s data on the resource server.
2. Client redirects user to authorization server so the user may grant permission.
3. Authorization server prompts the user to log in, if not already logged in.
   1. User enters OpenID
   2. Authorization server redirects user to their OpenID Provider to log in using some credential (username/password, infocard, etc.)
   3. OpenID Provider redirects user back to authorization server.
4. Authorization server sample then asks the user “do you want to share resource [x] with client [y]?” User confirms.
5. Authorization server records that user authorized client [y] to access [x] so that future requests from that client for that resource may be auto-approved without user intervention.
6. Authorization server redirects user back to Client with authorization grant.
7. Client receives the grant along with the user redirect and uses a direct HTTP request to the auth server to exchange that grant for an access token (and possibly a refresh token).
8. Client then includes the access token in HTTP requests to the resource server to access the user’s private data.

I hope that helps.