1 --[[--

2 auth.openid.xrds_header{

3 ... -- arguments as used for encode.url{...}, pointing to an XRDS document as explained below

4 }

5

6 According to the OpenID specification, providers should verify, that

7 return_to URLs are an OpenID relying party endpoint. To use OpenID

8 providers following this recommendation, the relying parties can send a

9 X-XRDS-Location header by calling this function. Its arguments must refer

10 to an URL returning a document as follows:

11

12 <?xml version="1.0" encoding="UTF-8"?>

13 <xrds:XRDS xmlns:xrds="xri://$xrds" xmlns="xri://$xrd*($v*2.0)">

14 <XRD>

15 <Service>

16 <Type>http://specs.openid.net/auth/2.0/return_to</Type>

17 <URI>RETURN_TO_URL</URI>

18 </Service>

19 </XRD>

20 </xrds:XRDS>

21

22 The placeholder RETURN_TO_URL has to be replaced by the absolute URL of the

23 given return_to_module and return_to_view.

24

25

26 Example application-wide filter, assuming the document above is saved in

27 "static/openid.xrds":

28

29 auth.openid.xrds_header{ static = "openid.xrds" }

30 execute.inner()

31

32

33 Example applications-wide filter, assuming

34 - the return_to_module is "openid"

35 - the return_to_view is "return"

36 - the module for returning the xrds document is "openid"

37 - the view for returning the xrds document is "xrds"

38

39 auth.openid.xrds_header{ module = "openid", view = "xrds" }

40 execute.inner()

41

42

43 In the last example the "xrds" view in module "openid" has to make the

44 following call:

45

46 auth.openid.xrds_document{

47 return_to_module = "openid",

48 return_to_view = "return"

49 }

50

51 --]]--

52 function auth.openid.xrds_header(args)

53 request.add_header("X-XRDS-Location: " .. encode.url(args))

54 end