webmcp
view framework/env/auth/openid/initiate.lua @ 20:47ddf0f86009
OpenID 2.0 Relying Party support
| author | jbe/bsw | 
|---|---|
| date | Fri Apr 02 02:11:32 2010 +0200 (2010-04-02) | 
| parents | |
| children | 3a6fe8663b26 | 
 line source
     1 --[[--
     2 success,                                                -- boolean indicating success or failure
     3 errmsg =                                                -- error message in case of failure (TODO: not implemented yet)
     4 auth.openid.initiate{
     5   user_supplied_identifier = user_supplied_identifier,  -- string given by user
     6   https_as_default         = https_as_default,          -- default to https
     7   curl_options             = curl_options,              -- additional options passed to "curl" binary, when performing discovery
     8   return_to_module         = return_to_module,          -- module of the verifying view, the user shall return to after authentication
     9   return_to_view           = return_to_view,            -- verifying view, the user shall return to after authentication
    10   realm                    = realm                      -- URL the user should authenticate for, defaults to application base
    11 }
    13 In order to authenticate using OpenID the user should enter an identifier.
    14 It is recommended that the form field element for this identifier is named
    15 "openid_identifier", so that User-Agents can automatically determine the
    16 given field should contain an OpenID identifier. The entered identifier is
    17 then passed as "user_supplied_identifier" argument to this function. It
    18 returns false on error and currently never returns on success. However in
    19 future this function shall return true on success. After the user has
    20 authenticated successfully, he/she is forwarded to the URL given by the
    21 "return_to" argument. Under this URL the application has to verify the
    22 result by calling auth.openid.verify{...}.
    24 --]]--
    26 function auth.openid.initiate(args)
    27   local dd, errmsg, errcode = auth.openid.discover(args)
    28   if not dd then
    29     return nil, errmsg, errcode
    30   end
    31   -- TODO: Use request.redirect once it supports external URLs
    32   cgi.set_status("303 See Other")
    33   cgi.add_header(
    34     "Location: " ..
    35     encode.url{
    36       external = dd.op_endpoint,
    37       params = {
    38         ["openid.ns"]         = "http://specs.openid.net/auth/2.0",
    39         ["openid.mode"]       = "checkid_setup",
    40         ["openid.claimed_id"] = dd.claimed_identifier or
    41                                 "http://specs.openid.net/auth/2.0/identifier_select",
    42         ["openid.identity"]   = dd.op_local_identifier or dd.claimed_identifier or
    43                                 "http://specs.openid.net/auth/2.0/identifier_select",
    44         ["openid.return_to"]  = encode.url{
    45                                   base   = request.get_absolute_baseurl(),
    46                                   module = args.return_to_module,
    47                                   view   = args.return_to_view
    48                                 },
    49         ["openid.realm"]      = args.realm or request.get_absolute_baseurl()
    50       }
    51     }
    52   )
    53   cgi.send_data()
    54   exit()
    55 end
