webmcp

diff framework/env/auth/openid/initiate.lua @ 20:47ddf0f86009

find changesets by author, revision, files, or words in the commit message
OpenID 2.0 Relying Party support
author jbe/bsw
date Fri Apr 02 02:11:32 2010 +0200 (2010-04-02)
parents
children 3a6fe8663b26
line diff
     1.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
     1.2 +++ b/framework/env/auth/openid/initiate.lua	Fri Apr 02 02:11:32 2010 +0200
     1.3 @@ -0,0 +1,55 @@
     1.4 +--[[--
     1.5 +success,                                                -- boolean indicating success or failure
     1.6 +errmsg =                                                -- error message in case of failure (TODO: not implemented yet)
     1.7 +auth.openid.initiate{
     1.8 +  user_supplied_identifier = user_supplied_identifier,  -- string given by user
     1.9 +  https_as_default         = https_as_default,          -- default to https
    1.10 +  curl_options             = curl_options,              -- additional options passed to "curl" binary, when performing discovery
    1.11 +  return_to_module         = return_to_module,          -- module of the verifying view, the user shall return to after authentication
    1.12 +  return_to_view           = return_to_view,            -- verifying view, the user shall return to after authentication
    1.13 +  realm                    = realm                      -- URL the user should authenticate for, defaults to application base
    1.14 +}
    1.15 +
    1.16 +In order to authenticate using OpenID the user should enter an identifier.
    1.17 +It is recommended that the form field element for this identifier is named
    1.18 +"openid_identifier", so that User-Agents can automatically determine the
    1.19 +given field should contain an OpenID identifier. The entered identifier is
    1.20 +then passed as "user_supplied_identifier" argument to this function. It
    1.21 +returns false on error and currently never returns on success. However in
    1.22 +future this function shall return true on success. After the user has
    1.23 +authenticated successfully, he/she is forwarded to the URL given by the
    1.24 +"return_to" argument. Under this URL the application has to verify the
    1.25 +result by calling auth.openid.verify{...}.
    1.26 +
    1.27 +--]]--
    1.28 +
    1.29 +function auth.openid.initiate(args)
    1.30 +  local dd, errmsg, errcode = auth.openid.discover(args)
    1.31 +  if not dd then
    1.32 +    return nil, errmsg, errcode
    1.33 +  end
    1.34 +  -- TODO: Use request.redirect once it supports external URLs
    1.35 +  cgi.set_status("303 See Other")
    1.36 +  cgi.add_header(
    1.37 +    "Location: " ..
    1.38 +    encode.url{
    1.39 +      external = dd.op_endpoint,
    1.40 +      params = {
    1.41 +        ["openid.ns"]         = "http://specs.openid.net/auth/2.0",
    1.42 +        ["openid.mode"]       = "checkid_setup",
    1.43 +        ["openid.claimed_id"] = dd.claimed_identifier or
    1.44 +                                "http://specs.openid.net/auth/2.0/identifier_select",
    1.45 +        ["openid.identity"]   = dd.op_local_identifier or dd.claimed_identifier or
    1.46 +                                "http://specs.openid.net/auth/2.0/identifier_select",
    1.47 +        ["openid.return_to"]  = encode.url{
    1.48 +                                  base   = request.get_absolute_baseurl(),
    1.49 +                                  module = args.return_to_module,
    1.50 +                                  view   = args.return_to_view
    1.51 +                                },
    1.52 +        ["openid.realm"]      = args.realm or request.get_absolute_baseurl()
    1.53 +      }
    1.54 +    }
    1.55 +  )
    1.56 +  cgi.send_data()
    1.57 +  exit()
    1.58 +end

Impressum / About Us