.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" ======================================================================== .\" .IX Title "Net::OpenID::ClaimedIdentity 3pm" .TH Net::OpenID::ClaimedIdentity 3pm "2022-06-30" "perl v5.34.0" "User Contributed Perl Documentation" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" Net::OpenID::ClaimedIdentity \- A not\-yet\-verified OpenID identity .SH "VERSION" .IX Header "VERSION" version 1.18 .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 5 \& use Net::OpenID::Consumer; \& my $csr = Net::OpenID::Consumer\->new; \& .... \& my $cident = $csr\->claimed_identity("bradfitz.com") \& or die $csr\->err; \& \& if ($AJAX_mode) { \& my $url = $cident\->claimed_url; \& my $openid_server = $cident\->identity_server; \& # ... return JSON with those to user agent (whose request was \& # XMLHttpRequest, probably) \& } \& \& if ($CLASSIC_mode) { \& my $check_url = $cident\->check_url( \& delayed_return => 1, \& return_to => "http://example.com/get\-identity.app", \& trust_root => "http://*.example.com/", \& ); \& WebApp::redirect($check_url); \& } .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" After Net::OpenID::Consumer crawls a user's declared identity \s-1URL\s0 and finds openid.server link tags in the \s-1HTML\s0 head, you get this object. It represents an identity that can be verified with OpenID (the link tags are present), but hasn't been actually verified yet. .SH "METHODS" .IX Header "METHODS" .ie n .IP "$url = $cident\->\fBclaimed_url\fR" 4 .el .IP "\f(CW$url\fR = \f(CW$cident\fR\->\fBclaimed_url\fR" 4 .IX Item "$url = $cident->claimed_url" The \s-1URL,\s0 now canonicalized, that the user claims to own. You can't know whether or not they do own it yet until you send them off to the check_url, though. .ie n .IP "$id_server = $cident\->\fBidentity_server\fR" 4 .el .IP "\f(CW$id_server\fR = \f(CW$cident\fR\->\fBidentity_server\fR" 4 .IX Item "$id_server = $cident->identity_server" Returns the identity provider that will assert whether or not this claimed identity is valid, and sign a message saying so. .ie n .IP "$url = $cident\->\fBdelegated_url\fR" 4 .el .IP "\f(CW$url\fR = \f(CW$cident\fR\->\fBdelegated_url\fR" 4 .IX Item "$url = $cident->delegated_url" If the claimed \s-1URL\s0 is using delegation, this returns the delegated identity that will actually be sent to the identity provider. .ie n .IP "$version = $cident\->\fBprotocol_version\fR" 4 .el .IP "\f(CW$version\fR = \f(CW$cident\fR\->\fBprotocol_version\fR" 4 .IX Item "$version = $cident->protocol_version" Determines whether this identifier is to be verified by OpenID 1.1 or by OpenID 2.0. Returns \f(CW1\fR or \f(CW2\fR respectively. This will affect the way the \f(CW\*(C`check_url\*(C'\fR is constructed. .ie n .IP "$cident\->\fBset_extension_args\fR($ns_uri, $args)" 4 .el .IP "\f(CW$cident\fR\->\fBset_extension_args\fR($ns_uri, \f(CW$args\fR)" 4 .IX Item "$cident->set_extension_args($ns_uri, $args)" If called before you access \f(CW\*(C`check_url\*(C'\fR, the arguments given in the hashref \&\f(CW$args\fR will be added to the request in the given extension namespace. For example, to use the Simple Registration (\s-1SREG\s0) extension: .Sp .Vb 8 \& $cident\->set_extension_args( \& \*(Aqhttp://openid.net/extensions/sreg/1.1\*(Aq, \& { \& required => \*(Aqemail\*(Aq, \& optional => \*(Aqfullname,nickname\*(Aq, \& policy_url => \*(Aqhttp://example.com/privacypolicy.html\*(Aq, \& }, \& ); .Ve .Sp Note that when making an OpenID 1.1 request, only the Simple Registration extension is supported. There was no general extension mechanism defined in OpenID 1.1, so \s-1SREG\s0 (with the namespace \s-1URI\s0 as in the example above) is supported as a special case. All other extension namespaces will be silently ignored when making a 1.1 request. .ie n .IP "$url = $cident\->\fBcheck_url\fR( %opts )" 4 .el .IP "\f(CW$url\fR = \f(CW$cident\fR\->\fBcheck_url\fR( \f(CW%opts\fR )" 4 .IX Item "$url = $cident->check_url( %opts )" Makes the \s-1URL\s0 that you have to somehow send the user to in order to validate their identity. The options to put in \f(CW%opts\fR are: .RS 4 .ie n .IP """return_to""" 4 .el .IP "\f(CWreturn_to\fR" 4 .IX Item "return_to" The \s-1URL\s0 that the identity provider should redirect the user with either a verified identity signature \-or\- a setup_needed message (indicating actual interaction with the user is required before an assertion can be made). This \s-1URL\s0 may contain query parameters, and the identity provider must preserve them. .ie n .IP """trust_root""" 4 .el .IP "\f(CWtrust_root\fR" 4 .IX Item "trust_root" The \s-1URL\s0 that you want the user to actually see and declare trust for. Your \f(CW\*(C`return_to\*(C'\fR \s-1URL\s0 must be at or below your trust_root. Sending the trust_root is optional, and defaults to your \f(CW\*(C`return_to\*(C'\fR value, but it's highly recommended (and prettier for users) to see a simple trust_root. Note that the trust root may contain a wildcard at the beginning of the host, like \f(CW\*(C`http://*.example.com/\*(C'\fR .ie n .IP """delayed_return""" 4 .el .IP "\f(CWdelayed_return\fR" 4 .IX Item "delayed_return" If set to a true value, the check_url returned will indicate to the user's identity provider that it has permission to control the user's user-agent for awhile, giving them real pages (not just redirects) and lets them bounce around the identity provider site for a while until the requested assertion can be made, and they can finally be redirected back to your return_to \s-1URL\s0 above. .Sp The default value, false, means that the identity provider will immediately return to your return_to \s-1URL\s0 with either a \*(L"yes\*(R" or \*(L"no\*(R" answer. In the \*(L"no\*(R" case, you'll instead have control of what to do, whether to retry the request with \f(CW\*(C`delayed_return\*(C'\fR set true (the only way to proceed in version 2.0) or to somehow send (be it link, redirect, or pop-up window) the user the provider's user_setup_url (which is made available in version 1.0/1.1). .Sp When writing a dynamic \*(L"\s-1AJAX\s0\*(R"\-style application, you can't use delayed_return because the remote site can't usefully take control of a 1x1 pixel hidden \s-1IFRAME,\s0 so you'll need to either (1.0/1.1) get the user_setup_url and present it to the user somehow or (2.0) launch a delayed_return request from an actual window if the AJAX-style request fails. .RE .RS 4 .RE .SH "COPYRIGHT, WARRANTY, AUTHOR" .IX Header "COPYRIGHT, WARRANTY, AUTHOR" See Net::OpenID::Consumer for author, copyright and licensing information. .SH "SEE ALSO" .IX Header "SEE ALSO" Net::OpenID::Consumer .PP Net::OpenID::VerifiedIdentity .PP Net::OpenID::Server .PP Website: