webmcp
annotate framework/env/auth/openid/xrds_header.lua @ 119:b59a07b23c2b
Updated LICENSE file
| author | jbe |
|---|---|
| date | Thu Jul 10 00:38:45 2014 +0200 (2014-07-10) |
| parents | 47ddf0f86009 |
| children | 32ec28229bb5 |
| rev | line source |
|---|---|
| jbe/bsw@20 | 1 --[[-- |
| jbe/bsw@20 | 2 auth.openid.xrds_header{ |
| jbe/bsw@20 | 3 ... -- arguments as used for encode.url{...}, pointing to an XRDS document as explained below |
| jbe/bsw@20 | 4 } |
| jbe/bsw@20 | 5 |
| jbe/bsw@20 | 6 According to the OpenID specification, providers should verify, that |
| jbe/bsw@20 | 7 return_to URLs are an OpenID relying party endpoint. To use OpenID |
| jbe/bsw@20 | 8 providers following this recommendation, the relying parties can send a |
| jbe/bsw@20 | 9 X-XRDS-Location header by calling this function. Its arguments must refer |
| jbe/bsw@20 | 10 to an URL returning a document as follows: |
| jbe/bsw@20 | 11 |
| jbe/bsw@20 | 12 <?xml version="1.0" encoding="UTF-8"?> |
| jbe/bsw@20 | 13 <xrds:XRDS xmlns:xrds="xri://$xrds" xmlns="xri://$xrd*($v*2.0)"> |
| jbe/bsw@20 | 14 <XRD> |
| jbe/bsw@20 | 15 <Service> |
| jbe/bsw@20 | 16 <Type>http://specs.openid.net/auth/2.0/return_to</Type> |
| jbe/bsw@20 | 17 <URI>RETURN_TO_URL</URI> |
| jbe/bsw@20 | 18 </Service> |
| jbe/bsw@20 | 19 </XRD> |
| jbe/bsw@20 | 20 </xrds:XRDS> |
| jbe/bsw@20 | 21 |
| jbe/bsw@20 | 22 The placeholder RETURN_TO_URL has to be replaced by the absolute URL of the |
| jbe/bsw@20 | 23 given return_to_module and return_to_view. |
| jbe/bsw@20 | 24 |
| jbe/bsw@20 | 25 |
| jbe/bsw@20 | 26 Example application-wide filter, assuming the document above is saved in |
| jbe/bsw@20 | 27 "static/openid.xrds": |
| jbe/bsw@20 | 28 |
| jbe/bsw@20 | 29 auth.openid.xrds_header{ static = "openid.xrds" } |
| jbe/bsw@20 | 30 execute.inner() |
| jbe/bsw@20 | 31 |
| jbe/bsw@20 | 32 |
| jbe/bsw@20 | 33 Example applications-wide filter, assuming |
| jbe/bsw@20 | 34 - the return_to_module is "openid" |
| jbe/bsw@20 | 35 - the return_to_view is "return" |
| jbe/bsw@20 | 36 - the module for returning the xrds document is "openid" |
| jbe/bsw@20 | 37 - the view for returning the xrds document is "xrds" |
| jbe/bsw@20 | 38 |
| jbe/bsw@20 | 39 auth.openid.xrds_header{ module = "openid", view = "xrds" } |
| jbe/bsw@20 | 40 execute.inner() |
| jbe/bsw@20 | 41 |
| jbe/bsw@20 | 42 |
| jbe/bsw@20 | 43 In the last example the "xrds" view in module "openid" has to make the |
| jbe/bsw@20 | 44 following call: |
| jbe/bsw@20 | 45 |
| jbe/bsw@20 | 46 auth.openid.xrds_document{ |
| jbe/bsw@20 | 47 return_to_module = "openid", |
| jbe/bsw@20 | 48 return_to_view = "return" |
| jbe/bsw@20 | 49 } |
| jbe/bsw@20 | 50 |
| jbe/bsw@20 | 51 --]]-- |
| jbe/bsw@20 | 52 function auth.openid.xrds_header(args) |
| jbe/bsw@20 | 53 cgi.add_header("X-XRDS-Location: " .. encode.url(args)) |
| jbe/bsw@20 | 54 end |