jbe/bsw@20: --[[--
jbe/bsw@20: success,                                                -- boolean indicating success or failure
jbe@23: errmsg,                                                 -- error message in case of failure
jbe@23: errcode =                                               -- error code in case of failure (TODO: not implemented yet)
jbe/bsw@20: auth.openid.initiate{
jbe/bsw@20:   user_supplied_identifier = user_supplied_identifier,  -- string given by user
jbe/bsw@20:   https_as_default         = https_as_default,          -- default to https
jbe/bsw@20:   curl_options             = curl_options,              -- additional options passed to "curl" binary, when performing discovery
jbe/bsw@20:   return_to_module         = return_to_module,          -- module of the verifying view, the user shall return to after authentication
jbe/bsw@20:   return_to_view           = return_to_view,            -- verifying view, the user shall return to after authentication
jbe/bsw@20:   realm                    = realm                      -- URL the user should authenticate for, defaults to application base
jbe/bsw@20: }
jbe/bsw@20: 
jbe/bsw@20: In order to authenticate using OpenID the user should enter an identifier.
jbe/bsw@20: It is recommended that the form field element for this identifier is named
jbe/bsw@20: "openid_identifier", so that User-Agents can automatically determine the
jbe/bsw@20: given field should contain an OpenID identifier. The entered identifier is
jbe/bsw@20: then passed as "user_supplied_identifier" argument to this function. It
jbe/bsw@20: returns false on error and currently never returns on success. However in
jbe/bsw@20: future this function shall return true on success. After the user has
jbe/bsw@20: authenticated successfully, he/she is forwarded to the URL given by the
jbe/bsw@20: "return_to" argument. Under this URL the application has to verify the
jbe/bsw@20: result by calling auth.openid.verify{...}.
jbe/bsw@20: 
jbe/bsw@20: --]]--
jbe/bsw@20: 
jbe/bsw@20: function auth.openid.initiate(args)
jbe/bsw@20:   local dd, errmsg, errcode = auth.openid.discover(args)
jbe/bsw@20:   if not dd then
jbe/bsw@20:     return nil, errmsg, errcode
jbe/bsw@20:   end
jbe/bsw@20:   -- TODO: Use request.redirect once it supports external URLs
jbe@223:   request.set_status("303 See Other")
jbe@223:   request.add_header(
jbe/bsw@20:     "Location: " ..
jbe/bsw@20:     encode.url{
jbe/bsw@20:       external = dd.op_endpoint,
jbe/bsw@20:       params = {
jbe/bsw@20:         ["openid.ns"]         = "http://specs.openid.net/auth/2.0",
jbe/bsw@20:         ["openid.mode"]       = "checkid_setup",
jbe/bsw@20:         ["openid.claimed_id"] = dd.claimed_identifier or
jbe/bsw@20:                                 "http://specs.openid.net/auth/2.0/identifier_select",
jbe/bsw@20:         ["openid.identity"]   = dd.op_local_identifier or dd.claimed_identifier or
jbe/bsw@20:                                 "http://specs.openid.net/auth/2.0/identifier_select",
jbe/bsw@20:         ["openid.return_to"]  = encode.url{
jbe/bsw@20:                                   base   = request.get_absolute_baseurl(),
jbe/bsw@20:                                   module = args.return_to_module,
jbe/bsw@20:                                   view   = args.return_to_view
jbe/bsw@20:                                 },
jbe/bsw@20:         ["openid.realm"]      = args.realm or request.get_absolute_baseurl()
jbe/bsw@20:       }
jbe/bsw@20:     }
jbe/bsw@20:   )
jbe@223:   error("Not implemented")  -- TODO
jbe@223:   --cgi.send_data()
jbe@223:   --exit()
jbe/bsw@20: end