webmcp

annotate framework/env/auth/openid/initiate.lua @ 435:f704f35923e2

find changesets by author, revision, files, or words in the commit message
Added a (currently unused) pure Lua version of extos.pfilter(...)
author jbe
date Sat Jan 16 04:44:16 2016 +0100 (2016-01-16)
parents 32ec28229bb5
children
rev   line source
jbe/bsw@20 1 --[[--
jbe/bsw@20 2 success, -- boolean indicating success or failure
jbe@23 3 errmsg, -- error message in case of failure
jbe@23 4 errcode = -- error code in case of failure (TODO: not implemented yet)
jbe/bsw@20 5 auth.openid.initiate{
jbe/bsw@20 6 user_supplied_identifier = user_supplied_identifier, -- string given by user
jbe/bsw@20 7 https_as_default = https_as_default, -- default to https
jbe/bsw@20 8 curl_options = curl_options, -- additional options passed to "curl" binary, when performing discovery
jbe/bsw@20 9 return_to_module = return_to_module, -- module of the verifying view, the user shall return to after authentication
jbe/bsw@20 10 return_to_view = return_to_view, -- verifying view, the user shall return to after authentication
jbe/bsw@20 11 realm = realm -- URL the user should authenticate for, defaults to application base
jbe/bsw@20 12 }
jbe/bsw@20 13
jbe/bsw@20 14 In order to authenticate using OpenID the user should enter an identifier.
jbe/bsw@20 15 It is recommended that the form field element for this identifier is named
jbe/bsw@20 16 "openid_identifier", so that User-Agents can automatically determine the
jbe/bsw@20 17 given field should contain an OpenID identifier. The entered identifier is
jbe/bsw@20 18 then passed as "user_supplied_identifier" argument to this function. It
jbe/bsw@20 19 returns false on error and currently never returns on success. However in
jbe/bsw@20 20 future this function shall return true on success. After the user has
jbe/bsw@20 21 authenticated successfully, he/she is forwarded to the URL given by the
jbe/bsw@20 22 "return_to" argument. Under this URL the application has to verify the
jbe/bsw@20 23 result by calling auth.openid.verify{...}.
jbe/bsw@20 24
jbe/bsw@20 25 --]]--
jbe/bsw@20 26
jbe/bsw@20 27 function auth.openid.initiate(args)
jbe/bsw@20 28 local dd, errmsg, errcode = auth.openid.discover(args)
jbe/bsw@20 29 if not dd then
jbe/bsw@20 30 return nil, errmsg, errcode
jbe/bsw@20 31 end
jbe/bsw@20 32 -- TODO: Use request.redirect once it supports external URLs
jbe@223 33 request.set_status("303 See Other")
jbe@223 34 request.add_header(
jbe/bsw@20 35 "Location: " ..
jbe/bsw@20 36 encode.url{
jbe/bsw@20 37 external = dd.op_endpoint,
jbe/bsw@20 38 params = {
jbe/bsw@20 39 ["openid.ns"] = "http://specs.openid.net/auth/2.0",
jbe/bsw@20 40 ["openid.mode"] = "checkid_setup",
jbe/bsw@20 41 ["openid.claimed_id"] = dd.claimed_identifier or
jbe/bsw@20 42 "http://specs.openid.net/auth/2.0/identifier_select",
jbe/bsw@20 43 ["openid.identity"] = dd.op_local_identifier or dd.claimed_identifier or
jbe/bsw@20 44 "http://specs.openid.net/auth/2.0/identifier_select",
jbe/bsw@20 45 ["openid.return_to"] = encode.url{
jbe/bsw@20 46 base = request.get_absolute_baseurl(),
jbe/bsw@20 47 module = args.return_to_module,
jbe/bsw@20 48 view = args.return_to_view
jbe/bsw@20 49 },
jbe/bsw@20 50 ["openid.realm"] = args.realm or request.get_absolute_baseurl()
jbe/bsw@20 51 }
jbe/bsw@20 52 }
jbe/bsw@20 53 )
jbe@223 54 error("Not implemented") -- TODO
jbe@223 55 --cgi.send_data()
jbe@223 56 --exit()
jbe/bsw@20 57 end

Impressum / About Us