function openid_association

7.x openid.module	`openid_association($op_endpoint)`
6.x openid.module	`openid_association($op_endpoint)`

Attempt to create a shared secret with the OpenID Provider.

Parameters

$op_endpoint URL of the OpenID Provider endpoint.:

Return value

$assoc_handle The association handle.

1 call to openid_association()

openid_begin in drupal-7.x/modules/openid/openid.module: The initial step of OpenID authentication responsible for the following:

3 string references to 'openid_association'

openid_schema in drupal-7.x/modules/openid/openid.install: Implements hook_schema().
openid_update_7000 in drupal-7.x/modules/openid/openid.install: Bind associations to their providers.
openid_verify_assertion in drupal-7.x/modules/openid/openid.module: Attempt to verify the response received from the OpenID Provider.

File

drupal-7.x/modules/openid/openid.module, line 590: Implement OpenID Relying Party support for Drupal

Code

function openid_association($op_endpoint) {
  module_load_include('inc', 'openid');

  // Remove Old Associations:
  db_delete('openid_association')
    ->where('created + expires_in < :request_time', array(':request_time' => REQUEST_TIME))
    ->execute();

  // Check to see if we have an association for this IdP already
  $assoc_handle = db_query("SELECT assoc_handle FROM {openid_association} WHERE idp_endpoint_uri = :endpoint", array(':endpoint' => $op_endpoint))->fetchField();
  if (empty($assoc_handle)) {
    $mod = OPENID_DH_DEFAULT_MOD;
    $gen = OPENID_DH_DEFAULT_GEN;
    $r = _openid_dh_rand($mod);
    $private = _openid_math_add($r, 1);
    $public = _openid_math_powmod($gen, $private, $mod);

    // If there is no existing association, then request one
    $assoc_request = openid_association_request($public);
    $assoc_message = _openid_encode_message(_openid_create_message($assoc_request));
    $assoc_options = array(
      'headers' => array('Content-Type' => 'application/x-www-form-urlencoded; charset=utf-8'),
      'method' => 'POST',
      'data' => $assoc_message,
    );
    $assoc_result = drupal_http_request($op_endpoint, $assoc_options);
    if (isset($assoc_result->error)) {
      return FALSE;
    }

    $assoc_response = _openid_parse_message($assoc_result->data);
    if (isset($assoc_response['mode']) && $assoc_response['mode'] == 'error') {
      return FALSE;
    }

    if ($assoc_response['session_type'] == 'DH-SHA1') {
      $spub = _openid_dh_base64_to_long($assoc_response['dh_server_public']);
      $enc_mac_key = base64_decode($assoc_response['enc_mac_key']);
      $shared = _openid_math_powmod($spub, $private, $mod);
      $assoc_response['mac_key'] = base64_encode(_openid_dh_xorsecret($shared, $enc_mac_key));
    }
    db_insert('openid_association')
      ->fields(array(
        'idp_endpoint_uri' => $op_endpoint,
        'session_type' => $assoc_response['session_type'],
        'assoc_handle' => $assoc_response['assoc_handle'],
        'assoc_type' => $assoc_response['assoc_type'],
        'expires_in' => $assoc_response['expires_in'],
        'mac_key' => $assoc_response['mac_key'],
        'created' => REQUEST_TIME,
      ))
      ->execute();
    $assoc_handle = $assoc_response['assoc_handle'];
  }
  return $assoc_handle;
}