webmcp

diff framework/env/auth/openid/xrds_header.lua @ 20:47ddf0f86009

OpenID 2.0 Relying Party support
author jbe/bsw
date Fri Apr 02 02:11:32 2010 +0200 (2010-04-02)
parents
children 32ec28229bb5
line diff
     1.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
     1.2 +++ b/framework/env/auth/openid/xrds_header.lua	Fri Apr 02 02:11:32 2010 +0200
     1.3 @@ -0,0 +1,54 @@
     1.4 +--[[--
     1.5 +auth.openid.xrds_header{
     1.6 +  ...                     -- arguments as used for encode.url{...}, pointing to an XRDS document as explained below
     1.7 +}
     1.8 +
     1.9 +According to the OpenID specification, providers should verify, that
    1.10 +return_to URLs are an OpenID relying party endpoint. To use OpenID
    1.11 +providers following this recommendation, the relying parties can send a
    1.12 +X-XRDS-Location header by calling this function. Its arguments must refer
    1.13 +to an URL returning a document as follows:
    1.14 +
    1.15 +<?xml version="1.0" encoding="UTF-8"?>
    1.16 +<xrds:XRDS xmlns:xrds="xri://$xrds" xmlns="xri://$xrd*($v*2.0)">
    1.17 +  <XRD>                                                         
    1.18 +    <Service>                                                   
    1.19 +      <Type>http://specs.openid.net/auth/2.0/return_to</Type>   
    1.20 +      <URI>RETURN_TO_URL</URI>                                  
    1.21 +    </Service>                                                  
    1.22 +  </XRD>                                                        
    1.23 +</xrds:XRDS>
    1.24 +
    1.25 +The placeholder RETURN_TO_URL has to be replaced by the absolute URL of the
    1.26 +given return_to_module and return_to_view.
    1.27 +
    1.28 +
    1.29 +Example application-wide filter, assuming the document above is saved in
    1.30 +"static/openid.xrds":
    1.31 +
    1.32 +auth.openid.xrds_header{ static = "openid.xrds" }
    1.33 +execute.inner()
    1.34 +
    1.35 +
    1.36 +Example applications-wide filter, assuming
    1.37 +- the return_to_module is "openid"
    1.38 +- the return_to_view is "return"
    1.39 +- the module for returning the xrds document is "openid"
    1.40 +- the view for returning the xrds document is "xrds"
    1.41 +
    1.42 +auth.openid.xrds_header{ module = "openid", view = "xrds" }
    1.43 +execute.inner()
    1.44 +
    1.45 +
    1.46 +In the last example the "xrds" view in module "openid" has to make the
    1.47 +following call:
    1.48 +
    1.49 +auth.openid.xrds_document{
    1.50 +  return_to_module = "openid",
    1.51 +  return_to_view   = "return"
    1.52 +}
    1.53 +
    1.54 +--]]--
    1.55 +function auth.openid.xrds_header(args)
    1.56 +  cgi.add_header("X-XRDS-Location: " .. encode.url(args))
    1.57 +end

Impressum / About Us