HomeAbout_openid_test_endpoint_authenticate

_openid_test_endpoint_authenticate

Versions
mediamosa-21
_openid_test_endpoint_authenticate()

OpenID endpoint; handle "authenticate" requests.

All requests result in a successful response. The request is a GET or POST made by the user's browser based on an HTML form or HTTP redirect generated by the Relying Party. The user is redirected back to the Relying Party using a URL containing a signed message in the query string confirming the user's identity.

▸ 1 function calls _openid_test_endpoint_authenticate()

▾ 1 function calls _openid_test_endpoint_authenticate()

openid_test_endpoint in modules/openid/tests/openid_test.module
Menu callback; OpenID Provider Endpoint.

Code

modules/openid/tests/openid_test.module, line 228

<?php
function _openid_test_endpoint_authenticate() {
  module_load_include('inc', 'openid');

  // Generate unique identifier for this authentication.
  $nonce = _openid_nonce();

  if (!isset($_REQUEST['openid_claimed_id'])) {
    // openid.claimed_id is not used in OpenID 1.x.
    $claimed_id = '';
  }
  elseif ($_REQUEST['openid_claimed_id'] == 'http://specs.openid.net/auth/2.0/identifier_select') {
    // The Relying Party did not specify a Claimed Identifier, so the OpenID
    // Provider decides on one.
    $claimed_id = url('openid-test/yadis/xrds/dummy-user', array('absolute' => TRUE));
  }
  else {
    $claimed_id = $_REQUEST['openid_claimed_id'];
  }

  // Generate response containing the user's identity. The openid.sreg.xxx
  // entries contain profile data stored by the OpenID Provider (see OpenID
  // Simple Registration Extension 1.0).
  $response = variable_get('openid_test_response', array()) + array(
    'openid.ns' => OPENID_NS_2_0,
    'openid.mode' => 'id_res',
    'openid.op_endpoint' => url('openid-test/endpoint', array('absolute' => TRUE)),
    'openid.claimed_id' => $claimed_id,
    'openid.identity' => $_REQUEST['openid_identity'],
    'openid.return_to' => $_REQUEST['openid_return_to'],
    'openid.response_nonce' => $nonce,
    'openid.assoc_handle' => 'openid-test',
    'openid.signed' => 'op_endpoint,claimed_id,identity,return_to,response_nonce,assoc_handle',
  );

  // Sign the message using the MAC key that was exchanged during association.
  $association = new stdClass;
  $association->mac_key = variable_get('mac_key');
  $keys_to_sign = explode(',', $response['openid.signed']);
  $response['openid.sig'] = _openid_signature($association, $response, $keys_to_sign);

  // Put the signed message into the query string of a URL supplied by the
  // Relying Party, and redirect the user.
  drupal_add_http_header('Content-Type', 'text/plain');
  header('Location: ' . url($_REQUEST['openid_return_to'], array('query' => $response, 'external' => TRUE)));
}
?>