webmcp

annotate framework/env/auth/openid/xrds_header.lua @ 229:bf690b4be420

Workaround for postfork-loading of multirand library
author jbe
date Fri Feb 27 22:45:36 2015 +0100 (2015-02-27)
parents 32ec28229bb5
children
rev   line source
jbe/bsw@20 1 --[[--
jbe/bsw@20 2 auth.openid.xrds_header{
jbe/bsw@20 3 ... -- arguments as used for encode.url{...}, pointing to an XRDS document as explained below
jbe/bsw@20 4 }
jbe/bsw@20 5
jbe/bsw@20 6 According to the OpenID specification, providers should verify, that
jbe/bsw@20 7 return_to URLs are an OpenID relying party endpoint. To use OpenID
jbe/bsw@20 8 providers following this recommendation, the relying parties can send a
jbe/bsw@20 9 X-XRDS-Location header by calling this function. Its arguments must refer
jbe/bsw@20 10 to an URL returning a document as follows:
jbe/bsw@20 11
jbe/bsw@20 12 <?xml version="1.0" encoding="UTF-8"?>
jbe/bsw@20 13 <xrds:XRDS xmlns:xrds="xri://$xrds" xmlns="xri://$xrd*($v*2.0)">
jbe/bsw@20 14 <XRD>
jbe/bsw@20 15 <Service>
jbe/bsw@20 16 <Type>http://specs.openid.net/auth/2.0/return_to</Type>
jbe/bsw@20 17 <URI>RETURN_TO_URL</URI>
jbe/bsw@20 18 </Service>
jbe/bsw@20 19 </XRD>
jbe/bsw@20 20 </xrds:XRDS>
jbe/bsw@20 21
jbe/bsw@20 22 The placeholder RETURN_TO_URL has to be replaced by the absolute URL of the
jbe/bsw@20 23 given return_to_module and return_to_view.
jbe/bsw@20 24
jbe/bsw@20 25
jbe/bsw@20 26 Example application-wide filter, assuming the document above is saved in
jbe/bsw@20 27 "static/openid.xrds":
jbe/bsw@20 28
jbe/bsw@20 29 auth.openid.xrds_header{ static = "openid.xrds" }
jbe/bsw@20 30 execute.inner()
jbe/bsw@20 31
jbe/bsw@20 32
jbe/bsw@20 33 Example applications-wide filter, assuming
jbe/bsw@20 34 - the return_to_module is "openid"
jbe/bsw@20 35 - the return_to_view is "return"
jbe/bsw@20 36 - the module for returning the xrds document is "openid"
jbe/bsw@20 37 - the view for returning the xrds document is "xrds"
jbe/bsw@20 38
jbe/bsw@20 39 auth.openid.xrds_header{ module = "openid", view = "xrds" }
jbe/bsw@20 40 execute.inner()
jbe/bsw@20 41
jbe/bsw@20 42
jbe/bsw@20 43 In the last example the "xrds" view in module "openid" has to make the
jbe/bsw@20 44 following call:
jbe/bsw@20 45
jbe/bsw@20 46 auth.openid.xrds_document{
jbe/bsw@20 47 return_to_module = "openid",
jbe/bsw@20 48 return_to_view = "return"
jbe/bsw@20 49 }
jbe/bsw@20 50
jbe/bsw@20 51 --]]--
jbe/bsw@20 52 function auth.openid.xrds_header(args)
jbe@223 53 request.add_header("X-XRDS-Location: " .. encode.url(args))
jbe/bsw@20 54 end

Impressum / About Us