webmcp
annotate framework/env/auth/openid/xrds_header.lua @ 215:ba3dd4a17e3d
Some code cleanup/rearrangement for request handling
| author | jbe | 
|---|---|
| date | Mon Jan 12 01:48:11 2015 +0100 (2015-01-12) | 
| parents | 47ddf0f86009 | 
| children | 32ec28229bb5 | 
| rev | line source | 
|---|---|
| jbe/bsw@20 | 1 --[[-- | 
| jbe/bsw@20 | 2 auth.openid.xrds_header{ | 
| jbe/bsw@20 | 3 ... -- arguments as used for encode.url{...}, pointing to an XRDS document as explained below | 
| jbe/bsw@20 | 4 } | 
| jbe/bsw@20 | 5 | 
| jbe/bsw@20 | 6 According to the OpenID specification, providers should verify, that | 
| jbe/bsw@20 | 7 return_to URLs are an OpenID relying party endpoint. To use OpenID | 
| jbe/bsw@20 | 8 providers following this recommendation, the relying parties can send a | 
| jbe/bsw@20 | 9 X-XRDS-Location header by calling this function. Its arguments must refer | 
| jbe/bsw@20 | 10 to an URL returning a document as follows: | 
| jbe/bsw@20 | 11 | 
| jbe/bsw@20 | 12 <?xml version="1.0" encoding="UTF-8"?> | 
| jbe/bsw@20 | 13 <xrds:XRDS xmlns:xrds="xri://$xrds" xmlns="xri://$xrd*($v*2.0)"> | 
| jbe/bsw@20 | 14 <XRD> | 
| jbe/bsw@20 | 15 <Service> | 
| jbe/bsw@20 | 16 <Type>http://specs.openid.net/auth/2.0/return_to</Type> | 
| jbe/bsw@20 | 17 <URI>RETURN_TO_URL</URI> | 
| jbe/bsw@20 | 18 </Service> | 
| jbe/bsw@20 | 19 </XRD> | 
| jbe/bsw@20 | 20 </xrds:XRDS> | 
| jbe/bsw@20 | 21 | 
| jbe/bsw@20 | 22 The placeholder RETURN_TO_URL has to be replaced by the absolute URL of the | 
| jbe/bsw@20 | 23 given return_to_module and return_to_view. | 
| jbe/bsw@20 | 24 | 
| jbe/bsw@20 | 25 | 
| jbe/bsw@20 | 26 Example application-wide filter, assuming the document above is saved in | 
| jbe/bsw@20 | 27 "static/openid.xrds": | 
| jbe/bsw@20 | 28 | 
| jbe/bsw@20 | 29 auth.openid.xrds_header{ static = "openid.xrds" } | 
| jbe/bsw@20 | 30 execute.inner() | 
| jbe/bsw@20 | 31 | 
| jbe/bsw@20 | 32 | 
| jbe/bsw@20 | 33 Example applications-wide filter, assuming | 
| jbe/bsw@20 | 34 - the return_to_module is "openid" | 
| jbe/bsw@20 | 35 - the return_to_view is "return" | 
| jbe/bsw@20 | 36 - the module for returning the xrds document is "openid" | 
| jbe/bsw@20 | 37 - the view for returning the xrds document is "xrds" | 
| jbe/bsw@20 | 38 | 
| jbe/bsw@20 | 39 auth.openid.xrds_header{ module = "openid", view = "xrds" } | 
| jbe/bsw@20 | 40 execute.inner() | 
| jbe/bsw@20 | 41 | 
| jbe/bsw@20 | 42 | 
| jbe/bsw@20 | 43 In the last example the "xrds" view in module "openid" has to make the | 
| jbe/bsw@20 | 44 following call: | 
| jbe/bsw@20 | 45 | 
| jbe/bsw@20 | 46 auth.openid.xrds_document{ | 
| jbe/bsw@20 | 47 return_to_module = "openid", | 
| jbe/bsw@20 | 48 return_to_view = "return" | 
| jbe/bsw@20 | 49 } | 
| jbe/bsw@20 | 50 | 
| jbe/bsw@20 | 51 --]]-- | 
| jbe/bsw@20 | 52 function auth.openid.xrds_header(args) | 
| jbe/bsw@20 | 53 cgi.add_header("X-XRDS-Location: " .. encode.url(args)) | 
| jbe/bsw@20 | 54 end |