6.x openid.module openid_association($op_endpoint)
7.x openid.module openid_association($op_endpoint)

Attempt to create a shared secret with the OpenID Provider.


$op_endpoint URL of the OpenID Provider endpoint.:

Return value

$assoc_handle The association handle.

1 call to openid_association()
openid_begin in modules/openid/openid.module
The initial step of OpenID authentication responsible for the following:
1 string reference to 'openid_association'
openid_update_6001 in modules/openid/openid.install
Bind associations to their providers.


modules/openid/openid.module, line 386
Implement OpenID Relying Party support for Drupal


function openid_association($op_endpoint) {
  module_load_include('inc', 'openid');

  // Remove Old Associations:
  db_query("DELETE FROM {openid_association} WHERE created + expires_in < %d", time());

  // Check to see if we have an association for this IdP already
  $assoc_handle = db_result(db_query("SELECT assoc_handle FROM {openid_association} WHERE idp_endpoint_uri = '%s'", $op_endpoint));
  if (empty($assoc_handle)) {
    $r = _openid_dh_rand($mod);
    $private = bcadd($r, 1);
    $public = bcpowmod($gen, $private, $mod);

    // If there is no existing association, then request one
    $assoc_request = openid_association_request($public);
    $assoc_message = _openid_encode_message(_openid_create_message($assoc_request));
    $assoc_headers = array(
      'Content-Type' => 'application/x-www-form-urlencoded; charset=utf-8',
    $assoc_result = drupal_http_request($op_endpoint, $assoc_headers, 'POST', $assoc_message);
    if (isset($assoc_result->error)) {
      return FALSE;
    $assoc_response = _openid_parse_message($assoc_result->data);
    if (isset($assoc_response['mode']) && $assoc_response['mode'] == 'error') {
      return FALSE;
    if ($assoc_response['session_type'] == 'DH-SHA1') {
      $spub = _openid_dh_base64_to_long($assoc_response['dh_server_public']);
      $enc_mac_key = base64_decode($assoc_response['enc_mac_key']);
      $shared = bcpowmod($spub, $private, $mod);
      $assoc_response['mac_key'] = base64_encode(_openid_dh_xorsecret($shared, $enc_mac_key));
    db_query("INSERT INTO {openid_association} (idp_endpoint_uri, session_type, assoc_handle, assoc_type, expires_in, mac_key, created) VALUES('%s', '%s', '%s', '%s', %d, '%s', %d)", $op_endpoint, $assoc_response['session_type'], $assoc_response['assoc_handle'], $assoc_response['assoc_type'], $assoc_response['expires_in'], $assoc_response['mac_key'], time());
    $assoc_handle = $assoc_response['assoc_handle'];
  return $assoc_handle;