| rev | line source | 
| jbe/bsw@20 | 1 --[[-- | 
| jbe/bsw@20 | 2 success,                                                -- boolean indicating success or failure | 
| jbe/bsw@20 | 3 errmsg =                                                -- error message in case of failure (TODO: not implemented yet) | 
| jbe/bsw@20 | 4 auth.openid.initiate{ | 
| jbe/bsw@20 | 5   user_supplied_identifier = user_supplied_identifier,  -- string given by user | 
| jbe/bsw@20 | 6   https_as_default         = https_as_default,          -- default to https | 
| jbe/bsw@20 | 7   curl_options             = curl_options,              -- additional options passed to "curl" binary, when performing discovery | 
| jbe/bsw@20 | 8   return_to_module         = return_to_module,          -- module of the verifying view, the user shall return to after authentication | 
| jbe/bsw@20 | 9   return_to_view           = return_to_view,            -- verifying view, the user shall return to after authentication | 
| jbe/bsw@20 | 10   realm                    = realm                      -- URL the user should authenticate for, defaults to application base | 
| jbe/bsw@20 | 11 } | 
| jbe/bsw@20 | 12 | 
| jbe/bsw@20 | 13 In order to authenticate using OpenID the user should enter an identifier. | 
| jbe/bsw@20 | 14 It is recommended that the form field element for this identifier is named | 
| jbe/bsw@20 | 15 "openid_identifier", so that User-Agents can automatically determine the | 
| jbe/bsw@20 | 16 given field should contain an OpenID identifier. The entered identifier is | 
| jbe/bsw@20 | 17 then passed as "user_supplied_identifier" argument to this function. It | 
| jbe/bsw@20 | 18 returns false on error and currently never returns on success. However in | 
| jbe/bsw@20 | 19 future this function shall return true on success. After the user has | 
| jbe/bsw@20 | 20 authenticated successfully, he/she is forwarded to the URL given by the | 
| jbe/bsw@20 | 21 "return_to" argument. Under this URL the application has to verify the | 
| jbe/bsw@20 | 22 result by calling auth.openid.verify{...}. | 
| jbe/bsw@20 | 23 | 
| jbe/bsw@20 | 24 --]]-- | 
| jbe/bsw@20 | 25 | 
| jbe/bsw@20 | 26 function auth.openid.initiate(args) | 
| jbe/bsw@20 | 27   local dd, errmsg, errcode = auth.openid.discover(args) | 
| jbe/bsw@20 | 28   if not dd then | 
| jbe/bsw@20 | 29     return nil, errmsg, errcode | 
| jbe/bsw@20 | 30   end | 
| jbe/bsw@20 | 31   -- TODO: Use request.redirect once it supports external URLs | 
| jbe/bsw@20 | 32   cgi.set_status("303 See Other") | 
| jbe/bsw@20 | 33   cgi.add_header( | 
| jbe/bsw@20 | 34     "Location: " .. | 
| jbe/bsw@20 | 35     encode.url{ | 
| jbe/bsw@20 | 36       external = dd.op_endpoint, | 
| jbe/bsw@20 | 37       params = { | 
| jbe/bsw@20 | 38         ["openid.ns"]         = "http://specs.openid.net/auth/2.0", | 
| jbe/bsw@20 | 39         ["openid.mode"]       = "checkid_setup", | 
| jbe/bsw@20 | 40         ["openid.claimed_id"] = dd.claimed_identifier or | 
| jbe/bsw@20 | 41                                 "http://specs.openid.net/auth/2.0/identifier_select", | 
| jbe/bsw@20 | 42         ["openid.identity"]   = dd.op_local_identifier or dd.claimed_identifier or | 
| jbe/bsw@20 | 43                                 "http://specs.openid.net/auth/2.0/identifier_select", | 
| jbe/bsw@20 | 44         ["openid.return_to"]  = encode.url{ | 
| jbe/bsw@20 | 45                                   base   = request.get_absolute_baseurl(), | 
| jbe/bsw@20 | 46                                   module = args.return_to_module, | 
| jbe/bsw@20 | 47                                   view   = args.return_to_view | 
| jbe/bsw@20 | 48                                 }, | 
| jbe/bsw@20 | 49         ["openid.realm"]      = args.realm or request.get_absolute_baseurl() | 
| jbe/bsw@20 | 50       } | 
| jbe/bsw@20 | 51     } | 
| jbe/bsw@20 | 52   ) | 
| jbe/bsw@20 | 53   cgi.send_data() | 
| jbe/bsw@20 | 54   exit() | 
| jbe/bsw@20 | 55 end |