webmcp
diff framework/env/auth/openid/xrds_header.lua @ 20:47ddf0f86009
OpenID 2.0 Relying Party support
author | jbe/bsw |
---|---|
date | Fri Apr 02 02:11:32 2010 +0200 (2010-04-02) |
parents | |
children | 32ec28229bb5 |
line diff
1.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000 1.2 +++ b/framework/env/auth/openid/xrds_header.lua Fri Apr 02 02:11:32 2010 +0200 1.3 @@ -0,0 +1,54 @@ 1.4 +--[[-- 1.5 +auth.openid.xrds_header{ 1.6 + ... -- arguments as used for encode.url{...}, pointing to an XRDS document as explained below 1.7 +} 1.8 + 1.9 +According to the OpenID specification, providers should verify, that 1.10 +return_to URLs are an OpenID relying party endpoint. To use OpenID 1.11 +providers following this recommendation, the relying parties can send a 1.12 +X-XRDS-Location header by calling this function. Its arguments must refer 1.13 +to an URL returning a document as follows: 1.14 + 1.15 +<?xml version="1.0" encoding="UTF-8"?> 1.16 +<xrds:XRDS xmlns:xrds="xri://$xrds" xmlns="xri://$xrd*($v*2.0)"> 1.17 + <XRD> 1.18 + <Service> 1.19 + <Type>http://specs.openid.net/auth/2.0/return_to</Type> 1.20 + <URI>RETURN_TO_URL</URI> 1.21 + </Service> 1.22 + </XRD> 1.23 +</xrds:XRDS> 1.24 + 1.25 +The placeholder RETURN_TO_URL has to be replaced by the absolute URL of the 1.26 +given return_to_module and return_to_view. 1.27 + 1.28 + 1.29 +Example application-wide filter, assuming the document above is saved in 1.30 +"static/openid.xrds": 1.31 + 1.32 +auth.openid.xrds_header{ static = "openid.xrds" } 1.33 +execute.inner() 1.34 + 1.35 + 1.36 +Example applications-wide filter, assuming 1.37 +- the return_to_module is "openid" 1.38 +- the return_to_view is "return" 1.39 +- the module for returning the xrds document is "openid" 1.40 +- the view for returning the xrds document is "xrds" 1.41 + 1.42 +auth.openid.xrds_header{ module = "openid", view = "xrds" } 1.43 +execute.inner() 1.44 + 1.45 + 1.46 +In the last example the "xrds" view in module "openid" has to make the 1.47 +following call: 1.48 + 1.49 +auth.openid.xrds_document{ 1.50 + return_to_module = "openid", 1.51 + return_to_view = "return" 1.52 +} 1.53 + 1.54 +--]]-- 1.55 +function auth.openid.xrds_header(args) 1.56 + cgi.add_header("X-XRDS-Location: " .. encode.url(args)) 1.57 +end