/** * The initial step of OpenID authentication responsible for the following: * - Perform discovery on the claimed OpenID. * - If possible, create an association with the Provider's endpoint. * - Create the authentication request. * - Perform the appropriate redirect. * * @param $claimed_id The OpenID to authenticate * @param $return_to The endpoint to return to from the OpenID Provider */ function openid_begin($claimed_id, $return_to = '', $form_values = array()) { $claimed_id = _openid_normalize($claimed_id); $services = openid_discovery($claimed_id); if (count($services) == 0) { echo 'Sorry, that is not a valid OpenID. Please ensure you have spelled your ID correctly.'; return; } $op_endpoint = $services[0]['uri']; // Store the discovered endpoint in the session (so we don't have to rediscover). $_SESSION['openid_op_endpoint'] = $op_endpoint; // Store the claimed_id in the session (for handling delegation). $_SESSION['openid_claimed_id'] = $claimed_id; // Store the login form values so we can pass them to // user_exteral_login later. $_SESSION['openid_user_login_values'] = $form_values; // If bcmath is present, then create an association $assoc_handle = ''; if (function_exists('bcadd')) { $assoc_handle = openid_association($op_endpoint); } // Now that there is an association created, move on // to request authentication from the IdP $identity = !empty($services[0]['delegate']) ? $services[0]['delegate'] : $claimed_id; if (isset($services[0]['types']) && is_array($services[0]['types']) && in_array(OPENID_NS_2_0 . '/server', $services[0]['types'])) { $identity = 'http://openid.net/identifier_select/2.0'; } $authn_request = openid_authentication_request($claimed_id, $identity, $return_to, $assoc_handle, $services[0]['version']); if ($services[0]['version'] == 2) { echo openid_redirect($op_endpoint, $authn_request); } else { echo openid_redirect_http($op_endpoint, $authn_request); } }
function begin($claimed_id, $return_to, $values) { // one is enough $claimed_id = $this->normalize($claimed_id); $claimed_id = $this->normalize($claimed_id); $services = $this->descovery($claimed_id); if (count($services) == 0) { echo 'Not a valid openid identifier. Examin your spelling and try again'; return; } echo "Store in session\r\n"; // Store discovered information in Session $_SESSION['openid']['service'] = $services[0]; $_SESSION['openid']['claimed_id'] = $claimed_id; $_SESSION['openid']['user_login_values'] = $values; $openid_endpoint = $services[0]['uri']; $assoc_handle = $this->association($openid_endpoint); // Time to acctualy request authentication // First LocalID, Delegate othervise fallback on $claimed_id. if (!empty($services[0]['localid'])) { $identity = $services[0]['localid']; } else { if (!empty($services[0]['delegate'])) { $identity = $services[0]['delegate']; } else { $identity = $claimed_id; } } if (isset($services[0]['types']) && is_array($services[0]['types']) && in_array(OPENID_NS_2_0 . '/server', $services[0]['types'])) { $claimed_id = $identity = 'http://specs.openid.net/auth/2.0/identifier_select'; } $authn_request = $this->authentication_request($claimed_id, $identity, $return_to, $assoc_handle, $services[0]['version'], $values['realm']); if ($services[0]['version'] == 2) { // openid_redirect($openid_endpoint, $authn_request); echo "Redirect: {$openid_endpoint}"; $this->redirect_http($openid_endpoint, $authn_request); } else { // openid_redirect_http($openid_endpoint, $authn_request); echo "Redirect: {$openid_endpoint}"; } $services = openid_descovery($claimed_id); if (count($services) == 0) { echo 'Not a valid openid identifier. Examin your spelling and try again'; return; } echo "Store in session\r\n"; // Store discovered information in Session $_SESSION['openid']['service'] = $services[0]; $_SESSION['openid']['claimed_id'] = $claimed_id; $_SESSION['openid']['user_login_values'] = $form_values; $openid_endpoint = $services[0]['uri']; $assoc_handle = openid_association($openid_endpoint); // Time to acctualy request authentication // First LocalID, Delegate othervise fallback on $claimed_id. if (!empty($services[0]['localid'])) { $identity = $services[0]['localid']; } else { if (!empty($services[0]['delegate'])) { $identity = $services[0]['delegate']; } else { $identity = $claimed_id; } } if (isset($services[0]['types']) && is_array($services[0]['types']) && in_array(OPENID_NS_2_0 . '/server', $services[0]['types'])) { $claimed_id = $identity = 'http://specs.openid.net/auth/2.0/identifier_select'; } $authn_request = $this->authentication_request($claimed_id, $identity, $return_to, $assoc_handle, $services[0]['version'], $values['realm']); if ($services[0]['version'] == 2) { // openid_redirect($openid_endpoint, $authn_request); echo "Redirect: {$openid_endpoint}"; $this->redirect_http($openid_endpoint, $authn_request); } else { // openid_redirect_http($openid_endpoint, $authn_request); echo "Redirect: {$openid_endpoint}"; } }