| Methods |
public
static
|
init($f3)
|
#
|
public
|
__construct()
|
#
|
public
|
onRouteContentNegotiationEvent(RouteContentNegotiationEvent $event): void
|
#
|
public
|
start(Request $request): void
Process an OpenID request under versions 1 and 2.
Process an OpenID request under versions 1 and 2.
This function determines the version of the OpenID specification that is
relevant to this request, checks openid.mode and passes the
request on to the function required to process the request.
The OpenID request expressed as an array contain key-value pairs corresponding
to the HTTP request. This is usually contained in the $_REQUEST
variable.
Parameters
| $request |
the OpenID request
|
|
#
|
protected
|
associate(Request $request): void
Processes an association request from a relying party under OpenID versions
1 and 2.
Processes an association request from a relying party under OpenID versions
1 and 2.
An association request has an openid.mode value of
associate. This function checks whether the association request
is valid, and if so, creates an association and sends the response to
the relying party.
Parameters
| $request |
the OpenID request
|
|
#
|
public
|
checkid(Request $request): void
Processes an authentication request from a relying party.
Processes an authentication request from a relying party.
An authentication request has an openid.mode value of
checkid_setup or checkid_immediate.
If the authentication request is a standard OpenID request about an identity
(i.e. contains the key openid.identity), this function calls
simpleid_checkid_identity()
to see whether the user logged on into SimpleID
matches the identity supplied in the OpenID request.
If the authentication request is not about an identity, this function dispatches
a OpenIDCheckEvent , which can be listened to by other extension
modules.
Depending on the OpenID version, this function will supply an appropriate
assertion.
Parameters
| $request |
the OpenID request
|
|
#
|
protected
|
openIDCheckIdentity(Request $request, bool $immediate): int
Processes a standard OpenID authentication request about an identity.
Processes a standard OpenID authentication request about an identity.
Checks whether the current user logged into SimpleID matches the identity
supplied in an OpenID request.
Parameters
| $request |
the OpenID request
|
| $immediate |
whether checkid_immediate was used
|
Returns
one of CHECKID_OK, CHECKID_APPROVAL_REQUIRED, CHECKID_RETURN_TO_SUSPECT, CHECKID_IDENTITY_NOT_EXIST,
CHECKID_IDENTITIES_NOT_MATCHING, CHECKID_LOGIN_REQUIRED or CHECKID_PROTOCOL_ERROR
|
#
|
protected
|
createOKResponse(Request $request): Response
Returns an OpenID response indicating a positive assertion.
Returns an OpenID response indicating a positive assertion.
Parameters
| $request |
the OpenID request
|
Returns
an OpenID response with a positive assertion
|
#
|
protected
|
createApprovalRequiredResponse(Request $request): Response
Returns an OpenID response indicating a negative assertion to a
checkid_immediate request, where an approval of the relying party by the
user is required
Returns an OpenID response indicating a negative assertion to a
checkid_immediate request, where an approval of the relying party by the
user is required
Parameters
| $request |
the OpenID request
|
Returns
an OpenID response with a negative assertion
|
#
|
protected
|
createLoginRequiredResponse(Request $request, int $result = self::CHECKID_LOGIN_REQUIRED): Response
Returns an OpenID response indicating a negative assertion to a
checkid_immediate request, where the user has not logged in.
Returns an OpenID response indicating a negative assertion to a
checkid_immediate request, where the user has not logged in.
Parameters
| $request |
the OpenID request
|
| $result |
the authentication result providing the negative
assertion
|
Returns
an OpenID response with a negative assertion
|
#
|
protected
|
createErrorResponse(Request $request, bool $immediate = false): Response
Returns an OpenID response indicating a generic negative assertion.
Returns an OpenID response indicating a generic negative assertion.
The content of the negative version depends on the OpenID version, and whether
the openid.mode of the request was checkid_immediate
Parameters
| $request |
the OpenID request
|
| $immediate |
true if openid.mode of the request was checkid_immediate
|
Returns
an OpenID response with a negative assertion
|
#
|
protected
|
signResponse(Response $response, string $assoc_handle = null): Response
Signs an OpenID response, using signature information from an association
handle.
Signs an OpenID response, using signature information from an association
handle.
Parameters
| $response |
the OpenID response
|
| $assoc_handle |
the association handle containing key information
for the signature. If $assoc_handle is not specified, a private association
is created
|
Returns
the signed OpenID response
|
#
|
protected
|
check_authentication(Request $request): void
Processes a direct verification request. This is used in the OpenID specification
to verify signatures generated using stateless mode.
Processes a direct verification request. This is used in the OpenID specification
to verify signatures generated using stateless mode.
Parameters
| $request |
the OpenID request
|
|
#
|
protected
|
verifySignatures(Request $request): bool
Verifies the signature of a signed OpenID request/response.
Verifies the signature of a signed OpenID request/response.
Parameters
| $request |
the OpenID request/response
|
Returns
true if the signature is verified
|
#
|
protected
|
consentForm(Request $request, Response $response, int $reason = self::CHECKID_APPROVAL_REQUIRED): void
Provides a form for user consent of an OpenID relying party, where the
simpleid_checkid_identity()
Provides a form for user consent of an OpenID relying party, where the
simpleid_checkid_identity()
function returns a CHECKID_APPROVAL_REQUIRED
or CHECKID_RETURN_TO_SUSPECT.
Alternatively, provide a form for the user to rectify the situation where
simpleid_checkid_identity()
function returns a CHECKID_IDENTITIES_NOT_MATCHING
or CHECKID_IDENTITY_NOT_EXIST
Parameters
| $request |
the original OpenID request
|
| $response |
the proposed OpenID response, subject to user
verification
|
| $reason |
either CHECKID_APPROVAL_REQUIRED, CHECKID_RETURN_TO_SUSPECT,
CHECKID_IDENTITIES_NOT_MATCHING or CHECKID_IDENTITY_NOT_EXIST
|
|
#
|
public
|
consent(): void
Processes a user response from the simpleid_openid_consent_form()
Processes a user response from the simpleid_openid_consent_form()
function.
If the user verifies the relying party, an OpenID response will be sent to
the relying party. Otherwise, the dashboard will be displayed to the user.
|
#
|
public
|
onLoginFormCancel(FormSubmitEvent $event): void
Processes a cancellation from the login form.
Processes a cancellation from the login form.
Parameters
| $event |
the form cancellation
event
|
|
#
|
protected
|
logActivity(Request $request, array<string, mixed>|null $consents = null): void
Logs the authentication activity against the user.
Logs the authentication activity against the user.
Parameters
| $request |
the OpenID request
|
| $consents |
if not null, saves the consents
|
|
#
|
protected
|
directError(string $error, array<string, string> $additional = [], Request $request = null): void
Sends a direct message indicating an error. This is a convenience function
for renderDirectResponse()
Sends a direct message indicating an error. This is a convenience function
for renderDirectResponse()
.
Parameters
| $error |
the error message
|
| $additional |
any additional data to be sent with the error
message
|
| $request |
the request in response to which the error is made
|
|
#
|
protected
|
indirectError(string $url, string $error, array<string, string> $additional = [], Request $request = null): void
Sends an indirect message indicating an error. This is a convenience function
for openid_indirect_response()
Sends an indirect message indicating an error. This is a convenience function
for openid_indirect_response()
.
Parameters
| $url |
the URL to which the error message is to be sent
|
| $error |
the error message or code
|
| $additional |
any additional data to be sent with the error
message
|
| $request |
the request in response to which the error is made
|
|
#
|
public
|
loadRelyingParty(string $realm, bool $allow_stale = false): RelyingParty
Obtains information on a relying party by performing discovery on them. Information
obtained includes the discovery URL, the parsed XRDS document, and any other
information saved by SimpleID extensions
Obtains information on a relying party by performing discovery on them. Information
obtained includes the discovery URL, the parsed XRDS document, and any other
information saved by SimpleID extensions
Parameters
| $realm |
the openid.realm parameter
|
| $allow_stale |
allow stale results to be returned, otherwise discovery
will occur
|
Returns
containing information on a relying party.
|
#
|
public
|
providerXRDS(): void
Displays the XRDS document for this SimpleID installation.
Displays the XRDS document for this SimpleID installation.
|
#
|
public
|
userXRDS(): void
Returns the user's public XRDS page.
Returns the user's public XRDS page.
|
#
|
public
|
onScopeInfoCollectionEvent(ScopeInfoCollectionEvent $event): void
Returns the OpenID Connect scopes supported by this server.
Returns the OpenID Connect scopes supported by this server.
|
#
|
public
|
onProfileBlocks(UIBuildEvent $event): void
Returns a block containing discovery information.
Returns a block containing discovery information.
Parameters
| $event |
the event to collect
the discovery block
|
|
#
|