The Skinny On...

OpenId

The OpenID extension provides validation of OpenID identity URIs. The extensions are available via system.openid

• Object validate( String openId, String returnUri )

  The validate function two required parameters. The first is the claimed identity of the consumer, the second is the uri that should be returned to after any validation of the identity claim.

  The validate function returns an object that contains the following properties:

  • String check

    The URI that will perform validation for the claimed OpenID identifier. The consumer's browser should be redirected to this URI to continue processing.

  • String secret

    This is the consumer secret that will validate the return URI to prevent spoofing. It is recommended that you store this secret inside a session of some kind.

• Object returned( String secret )

  Should be called when the claimed identity has been verified at the remote end. Specifically when the remote redirects back to the URI that was used as returnUri in validate().

  The secret argument should be the secret that was returned from the call to system.openid.validate().

  The returned function returns an Object with one of the following properties:

  • setup

    The setup property is set if the consumer has not authorized their OpenID provider to validate against your site.

    Redirecting the consumer's browser to the URI provided in the setup property provides the consumer with the opportunity to authorize your site.

  • cancel

    The cancel property is set to true if the consumer cancelled the verification of their OpenID.

  • valid

    If the valid property is set then the claimed identity is indeed valid and is likely to be the person they claim to be. The property is set to the URI of the claimed identity.

  • error

    If the error property is set then and error occurred while attempting to validate the URI and no further processing is possible.