/**
* Checks to see if the request contains an instruction to invalidate the
* handle we used. If it does, the request is authenticated and the handle
* removed (or the user is redirected with an error if the IdP doesn't
* authenticate the message).
*
* @return True if the message has been authenticated, false otherwise
*/
function checkHandleRevocation()
{
$valid = false;
if (KEYMANAGER && isset($_REQUEST['openid_invalidate_handle'])) {
$valid = KeyManager::dumbAuth();
if ($valid) {
KeyManager::removeKey($_SESSION['openid']['server'], $_REQUEST['openid_invalidate_handle']);
} else {
openid_error('noauth', 'Provider didn\'t authenticate message');
}
}
return $valid;
}
/**
* Checks to see if the request contains an instruction to invalidate the
* handle we used. If it does, the request is authenticated and the handle
* removed (or the user is redirected with an error if the IdP doesn't
* authenticate the message).
*
* @return True if the message has been authenticated, false otherwise
*/
function checkHandleRevocation()
{
$valid = false;
if (KEYMANAGER && isset($_REQUEST['openid_invalidate_handle'])) {
Logger::log('Request to invalidate handle received');
$valid = KeyManager::dumbAuth();
if ($valid) {
KeyManager::removeKey($_SESSION['openid']['endpointUrl'], $_REQUEST['openid_invalidate_handle']);
} else {
error('noauth', 'Provider didn\'t authenticate message');
}
}
return $valid;
}
