6.x openid.module openid_verify_assertion($service, $response)
7.x openid.module openid_verify_assertion($service, $response)

Attempt to verify the response received from the OpenID Provider.

Parameters

$service: Array describing the OpenID provider.

$response: Array of response values from the provider.

Return value

boolean

File

modules/openid/openid.module, line 566
Implement OpenID Relying Party support for Drupal

Code

function openid_verify_assertion($service, $response) {
  module_load_include('inc', 'openid');

  // http://openid.net/specs/openid-authentication-2_0.html#rfc.section.11.3
  // Check the Nonce to protect against replay attacks.
  if (!openid_verify_assertion_nonce($service, $response)) {
    return FALSE;
  }

  // http://openid.net/specs/openid-authentication-2_0.html#rfc.section.11.4
  // Verify the signatures.
  $valid = FALSE;
  $association = db_fetch_object(db_query("SELECT * FROM {openid_association} WHERE idp_endpoint_uri = '%s' AND assoc_handle = '%s'", $service['uri'], $response['openid.assoc_handle']));
  if ($association && isset($association->session_type)) {

    // http://openid.net/specs/openid-authentication-2_0.html#rfc.section.11.4.2
    // Verification using an association.
    $valid = openid_verify_assertion_signature($service, $association, $response);
  }
  else {

    // http://openid.net/specs/openid-authentication-2_0.html#rfc.section.11.4.3
    // Direct verification.
    $request = $response;
    $request['openid.mode'] = 'check_authentication';
    $message = _openid_create_message($request);
    $headers = array(
      'Content-Type' => 'application/x-www-form-urlencoded; charset=utf-8',
    );
    $result = drupal_http_request($service['uri'], $headers, 'POST', _openid_encode_message($message));
    if (!isset($result->error)) {
      $response = _openid_parse_message($result->data);
      if (strtolower(trim($response['is_valid'])) == 'true') {
        $valid = TRUE;
      }
      else {
        $valid = FALSE;
      }
    }
  }
  return $valid;
}