webmcp
annotate framework/env/auth/openid/initiate.lua @ 68:ebdc20b7048b
Lua 5.2 compatibility:
Make function load accepting strings as first argument
Make function load accepting strings as first argument
| author | jbe |
|---|---|
| date | Tue Apr 17 16:26:32 2012 +0200 (2012-04-17) |
| parents | 3a6fe8663b26 |
| children | 32ec28229bb5 |
| rev | line source |
|---|---|
| jbe/bsw@20 | 1 --[[-- |
| jbe/bsw@20 | 2 success, -- boolean indicating success or failure |
| jbe@23 | 3 errmsg, -- error message in case of failure |
| jbe@23 | 4 errcode = -- error code in case of failure (TODO: not implemented yet) |
| jbe/bsw@20 | 5 auth.openid.initiate{ |
| jbe/bsw@20 | 6 user_supplied_identifier = user_supplied_identifier, -- string given by user |
| jbe/bsw@20 | 7 https_as_default = https_as_default, -- default to https |
| jbe/bsw@20 | 8 curl_options = curl_options, -- additional options passed to "curl" binary, when performing discovery |
| jbe/bsw@20 | 9 return_to_module = return_to_module, -- module of the verifying view, the user shall return to after authentication |
| jbe/bsw@20 | 10 return_to_view = return_to_view, -- verifying view, the user shall return to after authentication |
| jbe/bsw@20 | 11 realm = realm -- URL the user should authenticate for, defaults to application base |
| jbe/bsw@20 | 12 } |
| jbe/bsw@20 | 13 |
| jbe/bsw@20 | 14 In order to authenticate using OpenID the user should enter an identifier. |
| jbe/bsw@20 | 15 It is recommended that the form field element for this identifier is named |
| jbe/bsw@20 | 16 "openid_identifier", so that User-Agents can automatically determine the |
| jbe/bsw@20 | 17 given field should contain an OpenID identifier. The entered identifier is |
| jbe/bsw@20 | 18 then passed as "user_supplied_identifier" argument to this function. It |
| jbe/bsw@20 | 19 returns false on error and currently never returns on success. However in |
| jbe/bsw@20 | 20 future this function shall return true on success. After the user has |
| jbe/bsw@20 | 21 authenticated successfully, he/she is forwarded to the URL given by the |
| jbe/bsw@20 | 22 "return_to" argument. Under this URL the application has to verify the |
| jbe/bsw@20 | 23 result by calling auth.openid.verify{...}. |
| jbe/bsw@20 | 24 |
| jbe/bsw@20 | 25 --]]-- |
| jbe/bsw@20 | 26 |
| jbe/bsw@20 | 27 function auth.openid.initiate(args) |
| jbe/bsw@20 | 28 local dd, errmsg, errcode = auth.openid.discover(args) |
| jbe/bsw@20 | 29 if not dd then |
| jbe/bsw@20 | 30 return nil, errmsg, errcode |
| jbe/bsw@20 | 31 end |
| jbe/bsw@20 | 32 -- TODO: Use request.redirect once it supports external URLs |
| jbe/bsw@20 | 33 cgi.set_status("303 See Other") |
| jbe/bsw@20 | 34 cgi.add_header( |
| jbe/bsw@20 | 35 "Location: " .. |
| jbe/bsw@20 | 36 encode.url{ |
| jbe/bsw@20 | 37 external = dd.op_endpoint, |
| jbe/bsw@20 | 38 params = { |
| jbe/bsw@20 | 39 ["openid.ns"] = "http://specs.openid.net/auth/2.0", |
| jbe/bsw@20 | 40 ["openid.mode"] = "checkid_setup", |
| jbe/bsw@20 | 41 ["openid.claimed_id"] = dd.claimed_identifier or |
| jbe/bsw@20 | 42 "http://specs.openid.net/auth/2.0/identifier_select", |
| jbe/bsw@20 | 43 ["openid.identity"] = dd.op_local_identifier or dd.claimed_identifier or |
| jbe/bsw@20 | 44 "http://specs.openid.net/auth/2.0/identifier_select", |
| jbe/bsw@20 | 45 ["openid.return_to"] = encode.url{ |
| jbe/bsw@20 | 46 base = request.get_absolute_baseurl(), |
| jbe/bsw@20 | 47 module = args.return_to_module, |
| jbe/bsw@20 | 48 view = args.return_to_view |
| jbe/bsw@20 | 49 }, |
| jbe/bsw@20 | 50 ["openid.realm"] = args.realm or request.get_absolute_baseurl() |
| jbe/bsw@20 | 51 } |
| jbe/bsw@20 | 52 } |
| jbe/bsw@20 | 53 ) |
| jbe/bsw@20 | 54 cgi.send_data() |
| jbe/bsw@20 | 55 exit() |
| jbe/bsw@20 | 56 end |