NAME

Net::OpenID::ClaimedIdentity - a not-yet-verified OpenID identity

SYNOPSIS

use Net::OpenID::Consumer;
my $csr = Net::OpenID::Consumer->new;
....
my $cident = $csr->claimed_identity("bradfitz.com")
  or die $csr->err;

if ($AJAX_mode) {
  my $url = $cident->claimed_url;
  my $openid_server = $cident->identity_server;
  # ... return JSON with those to user agent (whose request was
  # XMLHttpRequest, probably)
}

if ($CLASSIC_mode) {
  my $check_url = $cident->check_url(
    delayed_return => 1,
    return_to      => "http://example.com/get-identity.app",
    trust_root     => "http://*.example.com/",
  );
  WebApp::redirect($check_url);
}

DESCRIPTION

After Net::OpenID::Consumer crawls a user's declared identity URL and finds openid.server link tags in the HTML head, you get this object. It represents an identity that can be verified with OpenID (the link tags are present), but hasn't been actually verified yet.

METHODS

$url = $cident->claimed_url

The URL, now canonicalized, that the user claims to own. You can't know whether or not they do own it yet until you send them off to the check_url, though.

$id_server = $cident->identity_server

Returns the identity server that will assert whether or not this claimed identity is valid, and sign a message saying so.

$url = $cident->delegated_url

If the claimed URL is using delegation, this returns the delegated identity that will actually be sent to the identity server.

$version = $cident->protocol_version

Determines whether this identifier is to be verified by OpenID 1.1 or by OpenID 2.0. Returns 1 or 2 respectively. This will affect the way the check_url is constructed.

$cident->set_extension_args($ns_uri, $args)

If called before you access check_url, the arguments given in the hashref $args will be added to the request in the given extension namespace. For example, to use the Simple Registration (SREG) extension:

$cident->set_extension_args(
    'http://openid.net/extensions/sreg/1.1',
    {
        required => 'email',
        optional => 'fullname,nickname',
        policy_url => 'http://example.com/privacypolicy.html',
    },
);

Note that when making an OpenID 1.1 request, only the Simple Registration extension is supported. There was no general extension mechanism defined in OpenID 1.1, so SREG (with the namespace URI as in the example above) is supported as a special case. All other extension namespaces will be silently ignored when making a 1.1 request.

$url = $cident->check_url( %opts )

Makes the URL that you have to somehow send the user to in order to validate their identity. The options to put in %opts are:

return_to

The URL that the identity server should redirect the user with either a verified identity signature -or- a user_setup_url (if the assertion couldn't be made). This URL may contain query parameters, and the identity server must preserve them.

trust_root

The URL that you want the user to actually see and declare trust for. Your return_to URL must be at or below your trust_root. Sending the trust_root is optional, and defaults to your return_to value, but it's highly recommended (and prettier for users) to see a simple trust_root. Note that the trust root may contain a wildcard at the beginning of the host, like http://*.example.com/

delayed_return

If set to a true value, the check_url returned will indicate to the user's identity server that it has permission to control the user's user-agent for awhile, giving them real pages (not just redirects) and lets them bounce around the identity server site for awhile until the requested assertion can be made, and they can finally be redirected back to your return_to URL above.

The default value, false, means that the identity server will immediately return to your return_to URL with either a "yes" or "no" answer. In the "no" case, you'll instead have control of what to do, and you'll be sent the identity server's user_setup_url where you'll have to somehow send the user (be it link, redirect, or pop-up window).

When writing a dynamic "AJAX"-style application, you can't use delayed_return because the remote site can't usefully take control of a 1x1 pixel hidden IFRAME, so you'll need to get the user_setup_url and present it to the user somehow.

COPYRIGHT, WARRANTY, AUTHOR

See Net::OpenID::Consumer for author, copyrignt and licensing information.

SEE ALSO

Net::OpenID::Consumer

Net::OpenID::VerifiedIdentity

Net::OpenID::Server

Website: http://www.openid.net/