webmcp
view framework/env/auth/openid/initiate.lua @ 20:47ddf0f86009
OpenID 2.0 Relying Party support
| author | jbe/bsw |
|---|---|
| date | Fri Apr 02 02:11:32 2010 +0200 (2010-04-02) |
| parents | |
| children | 3a6fe8663b26 |
line source
1 --[[--
2 success, -- boolean indicating success or failure
3 errmsg = -- error message in case of failure (TODO: not implemented yet)
4 auth.openid.initiate{
5 user_supplied_identifier = user_supplied_identifier, -- string given by user
6 https_as_default = https_as_default, -- default to https
7 curl_options = curl_options, -- additional options passed to "curl" binary, when performing discovery
8 return_to_module = return_to_module, -- module of the verifying view, the user shall return to after authentication
9 return_to_view = return_to_view, -- verifying view, the user shall return to after authentication
10 realm = realm -- URL the user should authenticate for, defaults to application base
11 }
13 In order to authenticate using OpenID the user should enter an identifier.
14 It is recommended that the form field element for this identifier is named
15 "openid_identifier", so that User-Agents can automatically determine the
16 given field should contain an OpenID identifier. The entered identifier is
17 then passed as "user_supplied_identifier" argument to this function. It
18 returns false on error and currently never returns on success. However in
19 future this function shall return true on success. After the user has
20 authenticated successfully, he/she is forwarded to the URL given by the
21 "return_to" argument. Under this URL the application has to verify the
22 result by calling auth.openid.verify{...}.
24 --]]--
26 function auth.openid.initiate(args)
27 local dd, errmsg, errcode = auth.openid.discover(args)
28 if not dd then
29 return nil, errmsg, errcode
30 end
31 -- TODO: Use request.redirect once it supports external URLs
32 cgi.set_status("303 See Other")
33 cgi.add_header(
34 "Location: " ..
35 encode.url{
36 external = dd.op_endpoint,
37 params = {
38 ["openid.ns"] = "http://specs.openid.net/auth/2.0",
39 ["openid.mode"] = "checkid_setup",
40 ["openid.claimed_id"] = dd.claimed_identifier or
41 "http://specs.openid.net/auth/2.0/identifier_select",
42 ["openid.identity"] = dd.op_local_identifier or dd.claimed_identifier or
43 "http://specs.openid.net/auth/2.0/identifier_select",
44 ["openid.return_to"] = encode.url{
45 base = request.get_absolute_baseurl(),
46 module = args.return_to_module,
47 view = args.return_to_view
48 },
49 ["openid.realm"] = args.realm or request.get_absolute_baseurl()
50 }
51 }
52 )
53 cgi.send_data()
54 exit()
55 end