function openid_association

Attempt to create a shared secret with the OpenID Provider.

Parameters

$op_endpoint URL of the OpenID Provider endpoint.:

Return value

$assoc_handle The association handle.

1 call to openid_association()
openid_begin in modules/openid/openid.module
The initial step of OpenID authentication responsible for the following:
1 string reference to 'openid_association'
openid_update_7000 in modules/openid/openid.install
Bind associations to their providers.

File

modules/openid/openid.module, line 596

Code

function openid_association($op_endpoint) {
    module_load_include('inc', 'openid');
    // Remove Old Associations:
    db_delete('openid_association')->where('created + expires_in < :request_time', array(
        ':request_time' => REQUEST_TIME,
    ))
        ->execute();
    // Check to see if we have an association for this IdP already
    $assoc_handle = db_query("SELECT assoc_handle FROM {openid_association} WHERE idp_endpoint_uri = :endpoint", array(
        ':endpoint' => $op_endpoint,
    ))->fetchField();
    if (empty($assoc_handle)) {
        $mod = OPENID_DH_DEFAULT_MOD;
        $gen = OPENID_DH_DEFAULT_GEN;
        $r = _openid_dh_rand($mod);
        $private = _openid_math_add($r, 1);
        $public = _openid_math_powmod($gen, $private, $mod);
        // If there is no existing association, then request one
        $assoc_request = openid_association_request($public);
        $assoc_message = _openid_encode_message(_openid_create_message($assoc_request));
        $assoc_options = array(
            'headers' => array(
                'Content-Type' => 'application/x-www-form-urlencoded; charset=utf-8',
            ),
            'method' => 'POST',
            'data' => $assoc_message,
        );
        $assoc_result = drupal_http_request($op_endpoint, $assoc_options);
        if (isset($assoc_result->error)) {
            return FALSE;
        }
        $assoc_response = _openid_parse_message($assoc_result->data);
        if (isset($assoc_response['mode']) && $assoc_response['mode'] == 'error') {
            return FALSE;
        }
        if ($assoc_response['session_type'] == 'DH-SHA1') {
            $spub = _openid_dh_base64_to_long($assoc_response['dh_server_public']);
            $enc_mac_key = base64_decode($assoc_response['enc_mac_key']);
            $shared = _openid_math_powmod($spub, $private, $mod);
            $assoc_response['mac_key'] = base64_encode(_openid_dh_xorsecret($shared, $enc_mac_key));
        }
        db_insert('openid_association')->fields(array(
            'idp_endpoint_uri' => $op_endpoint,
            'session_type' => $assoc_response['session_type'],
            'assoc_handle' => $assoc_response['assoc_handle'],
            'assoc_type' => $assoc_response['assoc_type'],
            'expires_in' => $assoc_response['expires_in'],
            'mac_key' => $assoc_response['mac_key'],
            'created' => REQUEST_TIME,
        ))
            ->execute();
        $assoc_handle = $assoc_response['assoc_handle'];
    }
    return $assoc_handle;
}

Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.