GSP
Quick Navigator
Search Site

Unix VPS
A - Starter
B - Basic
C - Preferred
D - Commercial
MPS - Dedicated
Previous VPSs
* Sign Up! *

Support
Contact Us
Online Help
Handbooks
Domain Status
Man Pages

FAQ
Virtual Servers
Pricing
Billing
Technical

Network
Facilities
Connectivity
Topology Map

Miscellaneous
Server Agreement
Year 2038
Credits
 

USA Flag

 

 

Man Pages
Net::OpenID::JanRain::Server(3) User Contributed Perl Documentation Net::OpenID::JanRain::Server(3)

An OpenID server must perform three tasks:
1.
Examine the incoming request to determine its nature and validity.
2.
Make a decision about how to respond to this request.
3.
Format the response according to the protocol.

The first and last of these tasks may performed by the "decodeRequest" and "encodeResponse" methods of the Server object. Who gets to do the intermediate task -- deciding how to respond to the request -- will depend on what type of request it is.

If it's a request to authenticate a user (a "checkid_setup" or "checkid_immediate" request), you need to decide if you will assert that this user may claim the identity in question. Exactly how you do that is a matter of application policy, but it generally involves making sure the user has an account with your system and is logged in, checking to see if that identity is hers to claim, and verifying with the user that she does consent to releasing that information to the party making the request.

Examine the properties of the "CheckIDRequest" object, and if and when you've come to a decision, form a response by calling "</CheckIDRequest-"answer>>.

Other types of requests relate to establishing associations between client and server and verifying the authenticity of previous communications. The Server instance contains all the logic and data necessary to respond to such requests; just pass it to the "handleRequest" method.

Do you want to provide other information for your users in addition to authentication? Version 1.2 of the OpenID protocol allows consumers to add extensions to their requests. For example, with sites using the Simple Registration Extension <http://www.openidenabled.com/openid/simple-registration-extension/>, a user can agree to have their nickname and e-mail address sent to a site when they sign up.

Since extensions do not change the way OpenID authentication works, code to handle extension requests may be completely separate from the "OpenIDRequest" class here. But you'll likely want data sent back by your extension to be signed. "OpenIDResponse" provides methods with which you can add data to it which can be signed with the other data in the OpenID signature.

For example:

    # when request is a checkid_* request
    response = request.answer(True)
    # this will a signed 'openid.sreg.timezone' parameter to the response
    response.addField('sreg', 'timezone', 'America/Los_Angeles')

The OpenID server needs to maintain state between requests in order to function. Its mechanism for doing this is called a store. The store interface is defined in Net::OpenID::JanRain::Stores. Additionally, several concrete store implementations are provided, so that most sites won't need to implement a custom store. For a store backed by flat files on disk, see Net::OpenID::JanRain::Stores::FileStore. For stores based on PostGreSQL, MySQL or SQLite, see the Net::OpenID::JanRain::Stores::SQLStore module.

The parent class for several types of requests. None of these classes are to be instantiated by the user, but this class will never be encountered except as a parent.

mode

Returns the "openid.mode" parameter of this request.

A request object for "openid.mode=check_authentication". This request is best handled by the "handleRequest" method of the "Net::OpenID::JanRain::Server" object.

However, it does possess an "answer" method which takes a "Net::OpenID::JanRain::Server::Signatory" object.

A request object for "openid.mode=associate". This request is best handled by the "handleRequest" method of the "Net::OpenID::JanRain::Server" object.

However, it does possess an "answer" method which takes an Net::OpenID::JanRain::Association object. It also has accessor methods "assoc_type" and "session_type".

This object represents requests where "openid.mode=checkid_setup" or "openid.mode=checkid_immediate". It is returned by the "decodeRequest" method of Net::OpenID::JanRain::Server.

Methods

answer

 $response = $request->answer($allow, $server_url);
$allow
A boolean value: if true, sends an "id_res" response. If false, sends a "cancel" response if the request is not immediate, and "setup_needed" if it is immediate.
$server_url
This argument is required if the request is immediate, and should be the URL of the server endpoint, used to construct the setup URL.

encodeToURL

Takes the server endpoint URL and returns a URL which would generate this request.

getCancelURL

Returns a URL to redirect the user to send a cancel message to the consumer. Calling this method will cause croakage if the request is in immediate mode.

checkTrustRoot

 $is_return_to_valid_against_trust_root = checkTrustRoot($trust_root, $return_to);

Accessor Methods

"trust_root"
"identity"
"return_to"
"immediate"
"assoc_handle"

This object is returned by the "answer" methods of "Net::OpenID::JanRain::Server::Request" objects.

whichEncoding

Returns 'url' if the response should be returned in a redirect URL, and 'kvform' if the response should be returned as a plaintext KV form response.

signed

Returns a boolean value indicating whether the response should be signed.

encodeToURL

Returns a URL for redirecting the user to send the response.

encodeToKVForm

Returns a KV form string to put in the body of the HTTP response.

addField

 $response->addField($namespace, $key, $value, $signed);

Adds an OpenID field to the response, possibly in an extension namespace.

Arguments

namespace
The namespace to put the field in. '' or undef will put the field in the root openid namespace.
key
value
signed
Whether this field should be signed. Defaults to true if the response is to a "checkid_setup" or "checkid_immediate" request, and false otherwise.

addFields

 $response->addFields($namespace, \%fields, $signed);

Much like "addField", but takes a hash reference containing a number key/value pairs.

fields

An accessor method for the fields hash ref.

request

Returns the request this response is responding to.

This object is meant to be easily encoded into an HTTP response in your application.

code
The HTTP code to use on your response.
headers
A hash reference of headers to put on your response.
body
The body of the response.

Objects of this class are returned by XXX when the consumer sends us an improper request. It may be encoded to a web response in the same manner that a "Net::OpenID::JanRain::Server::Response" object is encoded.

text

Returns a string describing the error.

query

returns the query that led to the error.

hasReturnTo

Do we have a return_to URL to send the error back to the server? (only relevant when the c<whichEncoding> method returns 'url')

encodeToURL

Generates and returns a URL for redirecting the user to alert the consumer of the error.

encodeToKVForm

Generates and returns a KV form string for returning in the body of the response to the consumer.

fields

Returns a hash ref of the response fields.

whichEncoding

Returns a string, either 'url', or 'kvform', based on how the error should be encoded for transmission.

This object signs responses and checks signatures. One is contained inside every "Net::OpenID::JanRain::Server" object.

If you use the "encodeResponse" method of the "Net::OpenID::JanRain::Server" object, you won't have to know how this object works. All the object state is in the OpenID store.

verify

 $is_valid = $signatory->verify($assoc_handle, $sig, $signed_pairs);

sign

 $signatory->sign($response);

createAssociation

 $assoc = $signatory->createAssociation($dumbp);

getAssociation

$assoc = $signatory->getAssociation($assoc_handle, $dumb);

invalidate

 $signatory->invalidate($assoc_handle, $dumb);

This object handles requests for an OpenID server.

Queries in hash-ref form may be turned into "Net::OpenID::JanRain::Server::Request" objects with the "decodeRequest" method.

Requests which are not "checkid" requests may be passed to the handleRequest method, and a response will be returned.

"Net::OpenID::JanRain::Server::Response" objects may be transformed into "Net::OpenID::JanRain::Server::WebResponse" objects with the endodeResponse method, which will also sign the responses if necessary.

new 

 $server = new Net::OpenID::JanRain::Server($store);

Instantiate this object with an instance of "Net::OpenID::JanRain::Stores".

handleRequest

Call this method on a "Net::OpenID::JanRain::Server::Request" object that is not a "Net::OpenID::JanRain::Server::CheckIDRequest" and the appropriate "Net::OpenID::JanRain::Server::Response" object will be returned.

signatory

An accessor method to get the signatory object used by the server.

decodeRequest

 $response = $server->decodeRequest(\%query);

This method takes a hash ref of an OpenID query and returns an "Net::OpenID::JanRain::Server::Request" object.

encodeResponse

 $web_response = $server->encodeResponse($response);

This method takes a "Net::OpenID::JanRain::Server::Response" object and returns the appropriate "Net::OpenID::JanRain::Server::WebResponse" object.

2006-06-27 perl v5.32.1
Search for    or go to Top of page |  Section 3 |  Main Index

Powered by GSP Visit the GSP FreeBSD Man Page Interface.
Output converted with ManDoc.