rev |
line source |
jbe/bsw@20
|
1 --[[--
|
jbe/bsw@20
|
2 success, -- boolean indicating success or failure
|
jbe/bsw@20
|
3 errmsg = -- error message in case of failure (TODO: not implemented yet)
|
jbe/bsw@20
|
4 auth.openid.initiate{
|
jbe/bsw@20
|
5 user_supplied_identifier = user_supplied_identifier, -- string given by user
|
jbe/bsw@20
|
6 https_as_default = https_as_default, -- default to https
|
jbe/bsw@20
|
7 curl_options = curl_options, -- additional options passed to "curl" binary, when performing discovery
|
jbe/bsw@20
|
8 return_to_module = return_to_module, -- module of the verifying view, the user shall return to after authentication
|
jbe/bsw@20
|
9 return_to_view = return_to_view, -- verifying view, the user shall return to after authentication
|
jbe/bsw@20
|
10 realm = realm -- URL the user should authenticate for, defaults to application base
|
jbe/bsw@20
|
11 }
|
jbe/bsw@20
|
12
|
jbe/bsw@20
|
13 In order to authenticate using OpenID the user should enter an identifier.
|
jbe/bsw@20
|
14 It is recommended that the form field element for this identifier is named
|
jbe/bsw@20
|
15 "openid_identifier", so that User-Agents can automatically determine the
|
jbe/bsw@20
|
16 given field should contain an OpenID identifier. The entered identifier is
|
jbe/bsw@20
|
17 then passed as "user_supplied_identifier" argument to this function. It
|
jbe/bsw@20
|
18 returns false on error and currently never returns on success. However in
|
jbe/bsw@20
|
19 future this function shall return true on success. After the user has
|
jbe/bsw@20
|
20 authenticated successfully, he/she is forwarded to the URL given by the
|
jbe/bsw@20
|
21 "return_to" argument. Under this URL the application has to verify the
|
jbe/bsw@20
|
22 result by calling auth.openid.verify{...}.
|
jbe/bsw@20
|
23
|
jbe/bsw@20
|
24 --]]--
|
jbe/bsw@20
|
25
|
jbe/bsw@20
|
26 function auth.openid.initiate(args)
|
jbe/bsw@20
|
27 local dd, errmsg, errcode = auth.openid.discover(args)
|
jbe/bsw@20
|
28 if not dd then
|
jbe/bsw@20
|
29 return nil, errmsg, errcode
|
jbe/bsw@20
|
30 end
|
jbe/bsw@20
|
31 -- TODO: Use request.redirect once it supports external URLs
|
jbe/bsw@20
|
32 cgi.set_status("303 See Other")
|
jbe/bsw@20
|
33 cgi.add_header(
|
jbe/bsw@20
|
34 "Location: " ..
|
jbe/bsw@20
|
35 encode.url{
|
jbe/bsw@20
|
36 external = dd.op_endpoint,
|
jbe/bsw@20
|
37 params = {
|
jbe/bsw@20
|
38 ["openid.ns"] = "http://specs.openid.net/auth/2.0",
|
jbe/bsw@20
|
39 ["openid.mode"] = "checkid_setup",
|
jbe/bsw@20
|
40 ["openid.claimed_id"] = dd.claimed_identifier or
|
jbe/bsw@20
|
41 "http://specs.openid.net/auth/2.0/identifier_select",
|
jbe/bsw@20
|
42 ["openid.identity"] = dd.op_local_identifier or dd.claimed_identifier or
|
jbe/bsw@20
|
43 "http://specs.openid.net/auth/2.0/identifier_select",
|
jbe/bsw@20
|
44 ["openid.return_to"] = encode.url{
|
jbe/bsw@20
|
45 base = request.get_absolute_baseurl(),
|
jbe/bsw@20
|
46 module = args.return_to_module,
|
jbe/bsw@20
|
47 view = args.return_to_view
|
jbe/bsw@20
|
48 },
|
jbe/bsw@20
|
49 ["openid.realm"] = args.realm or request.get_absolute_baseurl()
|
jbe/bsw@20
|
50 }
|
jbe/bsw@20
|
51 }
|
jbe/bsw@20
|
52 )
|
jbe/bsw@20
|
53 cgi.send_data()
|
jbe/bsw@20
|
54 exit()
|
jbe/bsw@20
|
55 end
|