openid_complete
function openid_complete
openid_complete($response = array())
Completes OpenID authentication by validating returned data from the OpenID Provider.
Parameters
$response Array of returned values from the OpenID Provider.:
Return value
$response Response values for further processing with $response['status'] set to one of 'success', 'failed' or 'cancel'.
File
- modules/openid/openid.module, line 328
- Implement OpenID Relying Party support for Drupal
Code
function openid_complete($response = array()) { module_load_include('inc', 'openid'); if (count($response) == 0) { $response = _openid_response(); } // Default to failed response $response['status'] = 'failed'; if (isset($_SESSION['openid']['service']['uri']) && isset($_SESSION['openid']['claimed_id'])) { $service = $_SESSION['openid']['service']; $claimed_id = $_SESSION['openid']['claimed_id']; unset($_SESSION['openid']['service']); unset($_SESSION['openid']['claimed_id']); if (isset($response['openid.mode'])) { if ($response['openid.mode'] == 'cancel') { $response['status'] = 'cancel'; } else { if (openid_verify_assertion($service, $response)) { // OpenID Authentication, section 7.3.2.3 and Appendix A.5: // The CanonicalID specified in the XRDS document must be used as the // account key. We rely on the XRI proxy resolver to verify that the // provider is authorized to respond on behalf of the specified // identifer (required per Extensible Resource Identifier (XRI) // (XRI) Resolution Version 2.0, section 14.3): if (!empty($service['claimed_id'])) { $response['openid.claimed_id'] = $service['claimed_id']; } elseif ($service['version'] == 2) { // Returned Claimed Identifier could contain unique fragment // identifier to allow identifier recycling so we need to preserve // it in the response. $response_claimed_id = openid_normalize($response['openid.claimed_id']); // OpenID Authentication, section 11.2: // If the returned Claimed Identifier is different from the one sent // to the OpenID Provider, we need to do discovery on the returned // identififer to make sure that the provider is authorized to // respond on behalf of this. if ($response_claimed_id != $claimed_id || $response_claimed_id != $response['openid.identity']) { $discovery = openid_discovery($response['openid.claimed_id']); $uris = array(); if ($discovery && !empty($discovery['services'])) { foreach ($discovery['services'] as $discovered_service) { if (!in_array('http://specs.openid.net/auth/2.0/server', $discovered_service['types']) && !in_array('http://specs.openid.net/auth/2.0/signon', $discovered_service['types'])) { continue; } // The OP-Local Identifier (if different than the Claimed // Identifier) must be present in the XRDS document. if ($response_claimed_id != $response['openid.identity'] && (!isset($discovered_service['identity']) || $discovered_service['identity'] != $response['openid.identity'])) { continue; } $uris[] = $discovered_service['uri']; } } if (!in_array($service['uri'], $uris)) { return $response; } } } else { $response['openid.claimed_id'] = $claimed_id; } $response['status'] = 'success'; } } } } return $response; }
© 2001–2016 by the original authors
Licensed under the GNU General Public License, version 2 and later.
Drupal is a registered trademark of Dries Buytaert.
https://api.drupal.org/api/drupal/modules!openid!openid.module/function/openid_complete/7.x