Method: Rack::Auth::OpenID#initialize

Defined in:
lib/gems/rack-0.9.1/lib/rack/auth/openid.rb

#initialize(realm, options = {}) ⇒ OpenID

A Hash of options is taken as it's single initializing argument. For example:

simple_oid = OpenID.new('http://mysite.com/')

return_oid = OpenID.new('http://mysite.com/', {
:return_to => 'http://mysite.com/openid'
})

page_oid = OpenID.new('http://mysite.com/',
:login_good => 'http://mysite.com/auth_good'
)

complex_oid = OpenID.new('http://mysite.com/',
:return_to => 'http://mysite.com/openid',
:login_good => 'http://mysite.com/user/preferences',
:auth_fail => [500, {'Content-Type'=>'text/plain'},
  'Unable to negotiate with foreign server.'],
:immediate => true,
:extensions => {
  ::OpenID::SReg => [['email'],['nickname']]
}
)

Arguments

The first argument is the realm, identifying the site they are trusting with their identity. This is required.

NOTE: In OpenID 1.x, the realm or trust_root is optional and the return_to url is required. As this library strives tward ruby-openid 2.0, and OpenID 2.0 compatibiliy, the realm is required and return_to is optional. However, this implimentation is still backwards compatible with OpenID 1.0 servers.

The optional second argument is a hash of options.

Options

:return_to defines the url to return to after the client authenticates with the openid service provider. This url should point to where Rack::Auth::OpenID is mounted. If :return_to is not provided, :return_to will be the current url including all query parameters.

:session_key defines the key to the session hash in the env. It defaults to 'rack.session'.

:openid_param defines at what key in the request parameters to find the identifier to resolve. As per the 2.0 spec, the default is 'openid_identifier'.

:immediate as true will make immediate type of requests the default. See OpenID specification documentation.

URL options

:login_good is the url to go to after the authentication process has completed.

:login_fail is the url to go to after the authentication process has failed.

:login_quit is the url to go to after the authentication process has been cancelled.

Response options

:no_session should be a rack response to be returned if no or an incompatible session is found.

:auth_fail should be a rack response to be returned if an OpenID::DiscoveryFailure occurs. This is typically due to being unable to access the identity url or identity server.

:error should be a rack response to return if any other generic error would occur and options is true.

Extensions

:extensions should be a hash of openid extension implementations. The key should be the extension main module, the value should be an array of arguments for extension::Request.new

The hash is iterated over and passed to #add_extension for processing. Please see #add_extension for further documentation.



137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
 
# File 'lib/gems/rack-0.9.1/lib/rack/auth/openid.rb', line 137

def initialize(realm, options={})
  @realm = realm
  realm = URI(realm)
  if realm.path.empty?
    raise ArgumentError, "Invalid realm path: '#{realm.path}'"
  elsif not realm.absolute?
    raise ArgumentError, "Realm '#{@realm}' not absolute"
  end

  [:return_to, :login_good, :login_fail, :login_quit].each do |key|
    if options.key? key and luri = URI(options[key])
      if !luri.absolute?
        raise ArgumentError, ":#{key} is not an absolute uri: '#{luri}'"
      end
    end
  end

  if options[:return_to] and ruri = URI(options[:return_to])
    if ruri.path.empty?
      raise ArgumentError, "Invalid return_to path: '#{ruri.path}'"
    elsif realm.path != ruri.path[0, realm.path.size]
      raise ArgumentError, 'return_to not within realm.' \
    end
  end

  # TODO: extension support
  if extensions = options.delete(:extensions)
    extensions.each do |ext, args|
      add_extension ext, *args
    end
  end

  @options = {
    :session_key => 'rack.session',
    :openid_param => 'openid_identifier',
    #:return_to, :login_good, :login_fail, :login_quit
    #:no_session, :auth_fail, :error
    :store => OIDStore,
    :immediate => false,
    :anonymous => false,
    :catch_errors => false
  }.merge(options)
  @extensions = {}
end