webmcp
diff framework/env/auth/openid/initiate.lua @ 20:47ddf0f86009
OpenID 2.0 Relying Party support
author | jbe/bsw |
---|---|
date | Fri Apr 02 02:11:32 2010 +0200 (2010-04-02) |
parents | |
children | 3a6fe8663b26 |
line diff
1.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000 1.2 +++ b/framework/env/auth/openid/initiate.lua Fri Apr 02 02:11:32 2010 +0200 1.3 @@ -0,0 +1,55 @@ 1.4 +--[[-- 1.5 +success, -- boolean indicating success or failure 1.6 +errmsg = -- error message in case of failure (TODO: not implemented yet) 1.7 +auth.openid.initiate{ 1.8 + user_supplied_identifier = user_supplied_identifier, -- string given by user 1.9 + https_as_default = https_as_default, -- default to https 1.10 + curl_options = curl_options, -- additional options passed to "curl" binary, when performing discovery 1.11 + return_to_module = return_to_module, -- module of the verifying view, the user shall return to after authentication 1.12 + return_to_view = return_to_view, -- verifying view, the user shall return to after authentication 1.13 + realm = realm -- URL the user should authenticate for, defaults to application base 1.14 +} 1.15 + 1.16 +In order to authenticate using OpenID the user should enter an identifier. 1.17 +It is recommended that the form field element for this identifier is named 1.18 +"openid_identifier", so that User-Agents can automatically determine the 1.19 +given field should contain an OpenID identifier. The entered identifier is 1.20 +then passed as "user_supplied_identifier" argument to this function. It 1.21 +returns false on error and currently never returns on success. However in 1.22 +future this function shall return true on success. After the user has 1.23 +authenticated successfully, he/she is forwarded to the URL given by the 1.24 +"return_to" argument. Under this URL the application has to verify the 1.25 +result by calling auth.openid.verify{...}. 1.26 + 1.27 +--]]-- 1.28 + 1.29 +function auth.openid.initiate(args) 1.30 + local dd, errmsg, errcode = auth.openid.discover(args) 1.31 + if not dd then 1.32 + return nil, errmsg, errcode 1.33 + end 1.34 + -- TODO: Use request.redirect once it supports external URLs 1.35 + cgi.set_status("303 See Other") 1.36 + cgi.add_header( 1.37 + "Location: " .. 1.38 + encode.url{ 1.39 + external = dd.op_endpoint, 1.40 + params = { 1.41 + ["openid.ns"] = "http://specs.openid.net/auth/2.0", 1.42 + ["openid.mode"] = "checkid_setup", 1.43 + ["openid.claimed_id"] = dd.claimed_identifier or 1.44 + "http://specs.openid.net/auth/2.0/identifier_select", 1.45 + ["openid.identity"] = dd.op_local_identifier or dd.claimed_identifier or 1.46 + "http://specs.openid.net/auth/2.0/identifier_select", 1.47 + ["openid.return_to"] = encode.url{ 1.48 + base = request.get_absolute_baseurl(), 1.49 + module = args.return_to_module, 1.50 + view = args.return_to_view 1.51 + }, 1.52 + ["openid.realm"] = args.realm or request.get_absolute_baseurl() 1.53 + } 1.54 + } 1.55 + ) 1.56 + cgi.send_data() 1.57 + exit() 1.58 +end