openid_verify_assertion

Versions
6 – 7: openid_verify_assertion($op_endpoint, $response)

Attempt to verify the response received from the OpenID Provider.

Parameters

$op_endpoint The OpenID Provider URL.

$response Array of repsonse values from the provider.

Return value

boolean

▸ 1 function calls openid_verify_assertion()

▾ 1 function calls openid_verify_assertion()

openid_complete in modules/openid/openid.module: Completes OpenID authentication by validating returned data from the OpenID Provider.

Code

modules/openid/openid.module, line 488

<?php
function openid_verify_assertion($op_endpoint, $response) {
  module_load_include('inc', 'openid');

  $valid = FALSE;

  $association = db_fetch_object(db_query("SELECT * FROM {openid_association} WHERE assoc_handle = '%s'", $response['openid.assoc_handle']));
  if ($association && isset($association->session_type)) {
    $keys_to_sign = explode(',', $response['openid.signed']);
    $self_sig = _openid_signature($association, $response, $keys_to_sign);
    if ($self_sig == $response['openid.sig']) {
      $valid = TRUE;
    }
    else {
      $valid = FALSE;
    }
  }
  else {
    $request = $response;
    $request['openid.mode'] = 'check_authentication';
    $message = _openid_create_message($request);
    $headers = array('Content-Type' => 'application/x-www-form-urlencoded; charset=utf-8');
    $result = drupal_http_request($op_endpoint, $headers, 'POST', _openid_encode_message($message));
    if (!isset($result->error)) {
      $response = _openid_parse_message($result->data);
      if (strtolower(trim($response['is_valid'])) == 'true') {
        $valid = TRUE;
      }
      else {
        $valid = FALSE;
      }
    }
  }
  return $valid;
}
?>