/** * Construct a FetchResponse object from an OpenID library * SuccessResponse object. * * @param success_response: A successful id_res response object * * @param signed: Whether non-signed args should be processsed. If * True (the default), only signed arguments will be processsed. * * @return $response A FetchResponse containing the data from the * OpenID message */ static function fromSuccessResponse($success_response, $signed = true) { $obj = new Auth_OpenID_Extension_AX_FetchResponse(); if ($signed) { $ax_args = $success_response->getSignedNS($obj->ns_uri); } else { $ax_args = $success_response->message->getArgs($obj->ns_uri); } if ($ax_args === null || Auth_OpenID::isFailure($ax_args) || sizeof($ax_args) == 0) { return null; } $result = $obj->parseExtensionArgs($ax_args); if (Auth_OpenID_Extension_AX::isError($result)) { #XXX log me return null; } return $obj; }
/** * Verifies a given signed assertion. * @param &Attribute_Verifier &$attributeVerifier - An instance of the class passed for the verification. * @param Auth_OpenID_Response - Response object for extraction. * @return boolean - true if successful, false if verification fails. */ function verifyAssertion(&$attributeVerifier, $response) { $ax_resp = Auth_OpenID_Extension_AX_FetchResponse::fromSuccessResponse($response); if ($ax_resp instanceof Auth_OpenID_Extension_AX_FetchResponse) { $ax_args = $ax_resp->getExtensionArgs(); if ($ax_args) { $value = base64_decode($ax_args['value.ext1.1']); if ($attributeVerifier->verify($value)) { return base64_decode($ax_args['value.ext0.1']); } else { return null; } } else { return null; } } else { return null; } }
<?php require_once "Auth/OpenID/Consumer.php"; require_once "Auth/OpenID/Store/FileStore.php"; require_once "Auth/OpenID/Extension/AX.php"; require_once "Auth/OpenID/Extension/PAPE.php"; session_start(); $store = new Auth_OpenID_Store_FileStore('./tmp'); $consumer = new Auth_OpenID_Consumer($store); $scriptPath = implode("/", explode('/', $_SERVER["REQUEST_URI"], -1)); $response = $consumer->complete('https://' . $_SERVER["SERVER_NAME"] . $scriptPath . '/verify.php'); $authenticated = false; if ($response->status == Auth_OpenID_SUCCESS) { $ax = new Auth_OpenID_Extension_AX_FetchResponse(); $obj = $ax->fromSuccessResponse($response); $_SESSION['openid_ax'] = $obj->data; $pape = Auth_OpenID_PAPE_Response::fromSuccessResponse($response); if ($pape) { $_SESSION['openid_pape'] = $pape; } $msg = "User has been authenticated!"; } elseif ($response->status == Auth_OpenID_CANCEL) { $msg = "User cancelled authentication."; } else { $msg = "User has not been authenticated."; } if (isset($_GET['popup'])) { ?> <h1><?php echo $msg;