function openid_complete

7.x openid.module	`openid_complete($response = array())`
6.x openid.module	`openid_complete($response = array())`

Completes OpenID authentication by validating returned data from the OpenID Provider.

Parameters

$response Array of returned values from the OpenID Provider.:

Return value

$response Response values for further processing with $response['status'] set to one of 'success', 'failed' or 'cancel'.

2 calls to openid_complete()

openid_authentication_page in drupal-6.x/modules/openid/openid.pages.inc: Menu callback; Process an OpenID authentication.
openid_user_identities in drupal-6.x/modules/openid/openid.pages.inc: Menu callback; Manage OpenID identities for the specified user.

File

drupal-6.x/modules/openid/openid.module, line 221: Implement OpenID Relying Party support for Drupal

Code

function openid_complete($response = array()) {
  global $base_url;
  module_load_include('inc', 'openid');

  if (count($response) == 0) {
    $response = _openid_response();
  }

  // Default to failed response
  $response['status'] = 'failed';
  if (isset($_SESSION['openid']['service']['uri']) && isset($_SESSION['openid']['claimed_id'])) {
    $service = $_SESSION['openid']['service'];
    $claimed_id = $_SESSION['openid']['claimed_id'];
    unset($_SESSION['openid']['service']);
    unset($_SESSION['openid']['claimed_id']);
    if (isset($response['openid.mode'])) {
      if ($response['openid.mode'] == 'cancel') {
        $response['status'] = 'cancel';
      }
      else {
        if (openid_verify_assertion($service, $response)) {
          // If the returned claimed_id is different from the session claimed_id,
          // then we need to do discovery and make sure the op_endpoint matches.
          if ($service['version'] == 2 && $response['openid.claimed_id'] != $claimed_id) {
            $disco = openid_discovery($response['openid.claimed_id']);
            if ($disco[0]['uri'] != $service['uri']) {
              return $response;
            }
          }
          else {
            $response['openid.claimed_id'] = $claimed_id;
          }
          // Verify that openid.return_to matches the current URL (see OpenID
          // Authentication 2.0, section 11.1).
          // While OpenID Authentication 1.1, section 4.3 does not mandate
          // return_to verification, the received return_to should still
          // match these constraints.
          $return_to_parts = parse_url($response['openid.return_to']);

          $base_url_parts = parse_url($base_url);
          $current_parts = parse_url($base_url_parts['scheme'] . '://' . $base_url_parts['host'] . request_uri());

          if ($return_to_parts['scheme'] != $current_parts['scheme'] || 
            $return_to_parts['host'] != $current_parts['host'] || 
            $return_to_parts['path'] != $current_parts['path']) {

            return $response;
          }
          // Verify that all query parameters in the openid.return_to URL have
          // the same value in the current URL. In addition, the current URL
          // contains a number of other parameters added by the OpenID Provider.
          parse_str(isset($return_to_parts['query']) ? $return_to_parts['query'] : '', $return_to_query_parameters);
          foreach ($return_to_query_parameters as $name => $value) {
            if (!array_key_exists($name, $_GET) || $_GET[$name] != $value) {
              return $response;
            }
          }
          $response['status'] = 'success';
        }
      }
    }
  }
  return $response;
}