rev |
line source |
jbe/bsw@20
|
1 --[[--
|
jbe/bsw@20
|
2 success, -- boolean indicating success or failure
|
jbe@23
|
3 errmsg, -- error message in case of failure
|
jbe@23
|
4 errcode = -- error code in case of failure (TODO: not implemented yet)
|
jbe/bsw@20
|
5 auth.openid.initiate{
|
jbe/bsw@20
|
6 user_supplied_identifier = user_supplied_identifier, -- string given by user
|
jbe/bsw@20
|
7 https_as_default = https_as_default, -- default to https
|
jbe/bsw@20
|
8 curl_options = curl_options, -- additional options passed to "curl" binary, when performing discovery
|
jbe/bsw@20
|
9 return_to_module = return_to_module, -- module of the verifying view, the user shall return to after authentication
|
jbe/bsw@20
|
10 return_to_view = return_to_view, -- verifying view, the user shall return to after authentication
|
jbe/bsw@20
|
11 realm = realm -- URL the user should authenticate for, defaults to application base
|
jbe/bsw@20
|
12 }
|
jbe/bsw@20
|
13
|
jbe/bsw@20
|
14 In order to authenticate using OpenID the user should enter an identifier.
|
jbe/bsw@20
|
15 It is recommended that the form field element for this identifier is named
|
jbe/bsw@20
|
16 "openid_identifier", so that User-Agents can automatically determine the
|
jbe/bsw@20
|
17 given field should contain an OpenID identifier. The entered identifier is
|
jbe/bsw@20
|
18 then passed as "user_supplied_identifier" argument to this function. It
|
jbe/bsw@20
|
19 returns false on error and currently never returns on success. However in
|
jbe/bsw@20
|
20 future this function shall return true on success. After the user has
|
jbe/bsw@20
|
21 authenticated successfully, he/she is forwarded to the URL given by the
|
jbe/bsw@20
|
22 "return_to" argument. Under this URL the application has to verify the
|
jbe/bsw@20
|
23 result by calling auth.openid.verify{...}.
|
jbe/bsw@20
|
24
|
jbe/bsw@20
|
25 --]]--
|
jbe/bsw@20
|
26
|
jbe/bsw@20
|
27 function auth.openid.initiate(args)
|
jbe/bsw@20
|
28 local dd, errmsg, errcode = auth.openid.discover(args)
|
jbe/bsw@20
|
29 if not dd then
|
jbe/bsw@20
|
30 return nil, errmsg, errcode
|
jbe/bsw@20
|
31 end
|
jbe/bsw@20
|
32 -- TODO: Use request.redirect once it supports external URLs
|
jbe/bsw@20
|
33 cgi.set_status("303 See Other")
|
jbe/bsw@20
|
34 cgi.add_header(
|
jbe/bsw@20
|
35 "Location: " ..
|
jbe/bsw@20
|
36 encode.url{
|
jbe/bsw@20
|
37 external = dd.op_endpoint,
|
jbe/bsw@20
|
38 params = {
|
jbe/bsw@20
|
39 ["openid.ns"] = "http://specs.openid.net/auth/2.0",
|
jbe/bsw@20
|
40 ["openid.mode"] = "checkid_setup",
|
jbe/bsw@20
|
41 ["openid.claimed_id"] = dd.claimed_identifier or
|
jbe/bsw@20
|
42 "http://specs.openid.net/auth/2.0/identifier_select",
|
jbe/bsw@20
|
43 ["openid.identity"] = dd.op_local_identifier or dd.claimed_identifier or
|
jbe/bsw@20
|
44 "http://specs.openid.net/auth/2.0/identifier_select",
|
jbe/bsw@20
|
45 ["openid.return_to"] = encode.url{
|
jbe/bsw@20
|
46 base = request.get_absolute_baseurl(),
|
jbe/bsw@20
|
47 module = args.return_to_module,
|
jbe/bsw@20
|
48 view = args.return_to_view
|
jbe/bsw@20
|
49 },
|
jbe/bsw@20
|
50 ["openid.realm"] = args.realm or request.get_absolute_baseurl()
|
jbe/bsw@20
|
51 }
|
jbe/bsw@20
|
52 }
|
jbe/bsw@20
|
53 )
|
jbe/bsw@20
|
54 cgi.send_data()
|
jbe/bsw@20
|
55 exit()
|
jbe/bsw@20
|
56 end
|