NAME¶
Net::OpenID::ClaimedIdentity - A not-yet-verified OpenID identity
VERSION¶
version 1.13
SYNOPSIS¶
use Net::OpenID::Consumer;
my $csr = Net::OpenID::Consumer->new;
....
my $cident = $csr->claimed_identity("bradfitz.com")
or die $csr->err;
if ($AJAX_mode) {
my $url = $cident->claimed_url;
my $openid_server = $cident->identity_server;
# ... return JSON with those to user agent (whose request was
# XMLHttpRequest, probably)
}
if ($CLASSIC_mode) {
my $check_url = $cident->check_url(
delayed_return => 1,
return_to => "http://example.com/get-identity.app",
trust_root => "http://*.example.com/",
);
WebApp::redirect($check_url);
}
DESCRIPTION¶
After Net::OpenID::Consumer crawls a user's declared identity URL and finds
openid.server link tags in the HTML head, you get this object. It represents
an identity that can be verified with OpenID (the link tags are present), but
hasn't been actually verified yet.
METHODS¶
- $url = $cident->claimed_url
- The URL, now canonicalized, that the user claims to own.
You can't know whether or not they do own it yet until you send them off
to the check_url, though.
- $id_server = $cident->identity_server
- Returns the identity provider that will assert whether or
not this claimed identity is valid, and sign a message saying so.
- $url = $cident->delegated_url
- If the claimed URL is using delegation, this returns the
delegated identity that will actually be sent to the identity
provider.
- $version = $cident->protocol_version
- Determines whether this identifier is to be verified by
OpenID 1.1 or by OpenID 2.0. Returns 1 or 2 respectively. This will affect
the way the "check_url" is constructed.
- $cident->set_extension_args($ns_uri, $args)
- If called before you access "check_url", the
arguments given in the hashref $args will be added to the request in the
given extension namespace. For example, to use the Simple Registration
(SREG) extension:
$cident->set_extension_args(
'http://openid.net/extensions/sreg/1.1',
{
required => 'email',
optional => 'fullname,nickname',
policy_url => 'http://example.com/privacypolicy.html',
},
);
Note that when making an OpenID 1.1 request, only the Simple Registration
extension is supported. There was no general extension mechanism defined
in OpenID 1.1, so SREG (with the namespace URI as in the example above) is
supported as a special case. All other extension namespaces will be
silently ignored when making a 1.1 request.
- $url = $cident->check_url( %opts )
- Makes the URL that you have to somehow send the user to in
order to validate their identity. The options to put in %opts are:
- "return_to"
- The URL that the identity provider should redirect the user
with either a verified identity signature -or- a setup_needed message
(indicating actual interaction with the user is required before an
assertion can be made). This URL may contain query parameters, and the
identity provider must preserve them.
- "trust_root"
- The URL that you want the user to actually see and declare
trust for. Your "return_to" URL must be at or below your
trust_root. Sending the trust_root is optional, and defaults to your
"return_to" value, but it's highly recommended (and prettier for
users) to see a simple trust_root. Note that the trust root may contain a
wildcard at the beginning of the host, like
"http://*.example.com/"
- "delayed_return"
- If set to a true value, the check_url returned will
indicate to the user's identity provider that it has permission to control
the user's user-agent for awhile, giving them real pages (not just
redirects) and lets them bounce around the identity provider site for
awhile until the requested assertion can be made, and they can finally be
redirected back to your return_to URL above.
The default value, false, means that the identity provider will immediately
return to your return_to URL with either a "yes" or
"no" answer. In the "no" case, you'll instead have
control of what to do, whether to retry the request with
"delayed_return" set true (the only way to proceed in version
2.0) or to somehow send (be it link, redirect, or pop-up window) the user
the provider's user_setup_url (which is made available in version
1.0/1.1).
When writing a dynamic "AJAX"-style application, you can't use
delayed_return because the remote site can't usefully take control of a
1x1 pixel hidden IFRAME, so you'll need to get the user_setup_url and
present it to the user somehow.
COPYRIGHT, WARRANTY, AUTHOR¶
See Net::OpenID::Consumer for author, copyright and licensing information.
SEE ALSO¶
Net::OpenID::Consumer
Net::OpenID::VerifiedIdentity
Net::OpenID::Server
Website: <
http://www.openid.net/>