| Property | Type | Description | |
|---|---|---|---|
| $immediate | Whether this request is for immediate mode. | ||
| $mode | The mode of this request. | ||
| $namespace | deprecated since version 2.0.2 | ||
| $trust_root | The trust_root value for this request. | ||
| $verifyReturnTo | Return-to verification callback. Default is Auth_OpenID_verifyReturnTo from TrustRoot.php. |
| Method | Description | |
|---|---|---|
| __construct ( $identity, $return_to, $trust_root = null, $immediate = false, $assoc_handle = null, $server = null, $claimed_id = null ) | ||
| answer ( boolean $allow, string $server_url = null, string $identity = null, string $claimed_id = null ) : mixed | Respond to this request. Return either an {@link Auth_OpenID_ServerResponse} or {@link Auth_OpenID_ServerError}. | |
| encodeToURL ( $server_url ) | ||
| equals ( $other ) | ||
| fromMessage ( $message, $server ) | ||
| getCancelURL ( ) | ||
| idSelect ( ) | ||
| make ( $message, $identity, $return_to, $trust_root = null, $immediate = false, $assoc_handle = null, $server = null ) | ||
| returnToVerified ( ) | * Does the relying party publish the return_to URL for this response under the realm? It is up to the provider to set a policy for what kinds of realms should be allowed. This return_to URL verification reduces vulnerability to data-theft attacks based on open proxies, corss-site-scripting, or open redirectors. | |
| trustRootValid ( ) |
| public __construct ( $identity, $return_to, $trust_root = null, $immediate = false, $assoc_handle = null, $server = null, $claimed_id = null ) |
| public answer ( boolean $allow, string $server_url = null, string $identity = null, string $claimed_id = null ) : mixed | ||
| $allow | boolean | Allow this user to claim this identity, and allow the consumer to have this information? |
| $server_url | string | DEPRECATED. Passing $op_endpoint to the {@link Auth_OpenID_Server} constructor makes this optional. When an OpenID 1.x immediate mode request does not succeed, it gets back a URL where the request may be carried out in a not-so-immediate fashion. Pass my URL in here (the fully qualified address of this server's endpoint, i.e. http://example.com/server), and I will use it as a base for the URL for a new request. Optional for requests where {@link $immediate} is false or $allow is true. |
| $identity | string | The OP-local identifier to answer with. Only for use when the relying party requested identifier selection. |
| $claimed_id | string | The claimed identifier to answer with, for use with identifier selection in the case where the claimed identifier and the OP-local identifier differ, i.e. when the claimed_id uses delegation. If $identity is provided but this is not, $claimed_id will default to the value of $identity. When answering requests that did not ask for identifier selection, the response $claimed_id will default to that of the request. This parameter is new in OpenID 2.0. |
| return | mixed | |
| static public make ( $message, $identity, $return_to, $trust_root = null, $immediate = false, $assoc_handle = null, $server = null ) |
| public returnToVerified ( ) |