How to use openid - 10 common examples
To help you get started, we’ve selected a few openid examples, based on popular ways it is used in public projects.
Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
sandiz / rs-manager / src / preload.js View on Github 
else if (this[i] != array[i]) {
// Warning - two different object instances will never be equal: {x:20} != {x:20}
return false;
}
}
return true;
}
// Hide method from for-in loops
Object.defineProperty(Array.prototype, "equals", { enumerable: false });
/* we start a local youtube http proxy because youtube doesnt like serving monetized videos to file:// sources */
exp.listen(window.YT_PORT, () => console.log(`RSManager listening on port ${window.YT_PORT} for yt requests (/yt/:vid).`))
exp.get('/yt/:vid', (req, res) => res.send(``))
window.STEAM_AUTH_URL = "http://localhost:" + window.YT_PORT
const relyingParty = new openid.RelyingParty(
window.STEAM_AUTH_URL + "/verify-steam",
window.STEAM_AUTH_URL,
true,
false,
[]
);
const getCookie = filter => new Promise((resolve, reject) => {
window.remote.session.defaultSession.cookies.get(filter, (error, cookies) => {
if (error) reject(error);
else resolve(cookies);
})
});
exp.get('/verify-steam', async (req, res) => {
relyingParty.verifyAssertion(req, async (err, result) => {
if (err) {if (req.query && req.query['openid.mode']) {
// The request being authenticated contains an `openid.mode` parameter in
// the query portion of the URL. This indicates that the OpenID Provider
// is responding to a prior authentication request with either a positive or
// negative assertion. If a positive assertion is received, it will be
// verified according to the rules outlined in the OpenID 2.0 specification.
// NOTE: node-openid (0.3.1), which is used internally, will treat a cancel
// response as an error, setting `err` in the verifyAssertion
// callback. However, for consistency with Passport semantics, a
// cancel response should be treated as an authentication failure,
// rather than an exceptional error. As such, this condition is
// trapped and handled prior to being given to node-openid.
if (req.query['openid.mode'] === 'cancel') { return this.fail(); }
var self = this;
this._relyingParty.verifyAssertion(req.url, function(err, result) {
console.log(err, result, req.query)
if (err) { return self.error(err); }
if (!result.authenticated) { return self.error(new Error('OpenID authentication error')); }
var profile = self._parseProfileExt(result);
function validated(err, user) {
if (err) { return self.error(err); }
if (!user) { return self.fail(); }
self.success(user);
}
var arity = self._validate.length;{
// OpenID 1.0/1.1 response without a claimed identifier
// We need to load discovered information using the
// local identifier
useLocalIdentifierAsKey = true;
}
else {
// OpenID 2.0+:
// If there is no claimed identifier, then the
// assertion is not about an identity
return callback(null, { authenticated: false });
}
}
if (useLocalIdentifierAsKey) {
claimedIdentifier = params['openid.identity'];
}
claimedIdentifier = _getCanonicalClaimedIdentifier(claimedIdentifier);
openid.loadDiscoveredInformation(claimedIdentifier, function(error, provider)
{
if(error)
{
return callback({ message: 'An error occured when loading previously discovered information about the claimed identifier' });
}
if(provider)
{
return _verifyAssertionAgainstProviders([provider], params, stateless, extensions, callback);
}
else if (useLocalIdentifierAsKey) {
return callback({ message: 'OpenID 1.0/1.1 response received, but no information has been discovered about the provider. It is likely that this is a fraudulent authentication response.' });{
// OpenID 1.0/1.1 response without a claimed identifier
// We need to load discovered information using the
// local identifier
useLocalIdentifierAsKey = true;
}
else {
// OpenID 2.0+:
// If there is no claimed identifier, then the
// assertion is not about an identity
return callback(null, { authenticated: false });
}
}
if (useLocalIdentifierAsKey) {
claimedIdentifier = params['openid.identity'];
}
claimedIdentifier = _getCanonicalClaimedIdentifier(claimedIdentifier);
openid.loadDiscoveredInformation(claimedIdentifier, function(error, provider)
{
if(error)
{
return callback({ message: 'An error occured when loading previously discovered information about the claimed identifier' });
}
if(provider)
{
return _verifyAssertionAgainstProvider(provider, params, stateless, extensions, callback);
}
else if (useLocalIdentifierAsKey) {
return callback({ message: 'OpenID 1.0/1.1 response received, but no information has been discovered about the provider. It is likely that this is a fraudulent authentication response.' });var _verifyDiscoveredInformation = function(params, stateless, extensions, strict, callback)
{
var claimedIdentifier = params['openid.claimed_id'];
var useLocalIdentifierAsKey = false;
if(!_isDef(claimedIdentifier))
{
if(!_isDef(params['openid.ns']))
{
// OpenID 1.0/1.1 response without a claimed identifier
// We need to load discovered information using the
// local identifier
useLocalIdentifierAsKey = true;
}
else {
// OpenID 2.0+:
// If there is no claimed identifier, then the
// assertion is not about an identity
return callback(null, { authenticated: false });
}if(provider.claimedIdentifier)
{
params['openid.claimed_id'] = provider.claimedIdentifier;
if(provider.localIdentifier)
{
params['openid.identity'] = provider.localIdentifier;
}
else
{
params['openid.identity'] = provider.claimedIdentifier;
}
}
else if(provider.version.indexOf('2.0') !== -1)
{
params['openid.claimed_id'] = params['openid.identity'] =
'http://specs.openid.net/auth/2.0/identifier_select';
}
else {
return callback({ message: 'OpenID 1.0/1.1 provider cannot be used without a claimed identifier' });
}
if(assoc_handle)
{
params['openid.assoc_handle'] = assoc_handle;
}
if(returnUrl)
{
// Value should be missing if RP does not want
// user to be sent back
params['openid.return_to'] = returnUrl;module.exports = function(options) {
var extensions = [new openid.SimpleRegistration({
email: true
, fullname: true
})]
var relyingParty = new openid.RelyingParty(
urljoin(options.appUrl, '/auth/openid/verify')
, null // Realm (optional, specifies realm for OpenID authentication)
, false // Use stateless verification
, false // Strict mode
, extensions)
var log = logger.createLogger('auth-openid')
var app = express()
app.set('strict routing', true)
app.set('case sensitive routing', true)
app.get('/', function(req, res) {
res.redirect('/auth/openid/')
})that.verifyPath = url.parse(that.callback, false).pathname;
// Build the authentication routes required
that.setupRoutes = function(server) {
server.use('/', connect.router(function routes(app){
app.get( that.verifyPath, function(req, res){
req.authenticate([that.name], function(error, authenticated) {
res.writeHead(303, { 'Location': req.session.openid_redirect_url });
res.end('');
});
});
}));
};
var relyingParty = new openid.RelyingParty(
that.callback, // Verification URL (yours)
that.realm, // Realm (optional, specifies realm for OpenID authentication)
that.stateless, // Use stateless verification
that.strictMode, // Strict mode
that.extensions); // List of extensions to enable and include
that.authenticate= function(request, response, callback) {
var self= this;
var parsedUrl= url.parse(request.url, true);
if( request.getAuthDetails()['openid_login_attempt_failed'] === true ) {
// Because we bounce through authentication calls across multiple requests
// we use this to keep track of the fact we *Really* have failed to authenticate
// so that we don't keep re-trying to authenticate forever.
delete request.getAuthDetails()['openid_login_attempt_failed'];var _verifyDiscoveredInformation = function(params, stateless, extensions, strict, callback)
{
var claimedIdentifier = params['openid.claimed_id'];
var useLocalIdentifierAsKey = false;
if(!_isDef(claimedIdentifier))
{
if(!_isDef(params['openid.ns']))
{
// OpenID 1.0/1.1 response without a claimed identifier
// We need to load discovered information using the
// local identifier
useLocalIdentifierAsKey = true;
}
else {
// OpenID 2.0+:
// If there is no claimed identifier, then the
// assertion is not about an identity
return callback(null, { authenticated: false });
}
}
if (useLocalIdentifierAsKey) {
claimedIdentifier = params['openid.identity'];if (req.query && req.query['openid.mode']) {
// The request being authenticated contains an `openid.mode` parameter in
// the query portion of the URL. This indicates that the OpenID Provider
// is responding to a prior authentication request with either a positive or
// negative assertion. If a positive assertion is received, it will be
// verified according to the rules outlined in the OpenID 2.0 specification.
// NOTE: node-openid (0.3.1), which is used internally, will treat a cancel
// response as an error, setting `err` in the verifyAssertion
// callback. However, for consistency with Passport semantics, a
// cancel response should be treated as an authentication failure,
// rather than an exceptional error. As such, this condition is
// trapped and handled prior to being given to node-openid.
if (req.query['openid.mode'] === 'cancel') { return this.fail({ message: 'OpenID authentication canceled' }); }
var self = this;
this._relyingParty.verifyAssertion(req.url, function(err, result) {
if (err) { return self.error(new InternalOpenIDError('Failed to verify assertion', err)); }
if (!result.authenticated) { return self.error(new Error('OpenID authentication failed')); }
var profile = self._parseProfileExt(result);
var pape = self._parsePAPEExt(result);
var oauth = self._parseOAuthExt(result);
function verified(err, user, info) {
if (err) { return self.error(err); }
if (!user) { return self.fail(info); }
self.success(user, info);
}
Popular openid functions
- openid.assoc_handle
- openid.AttributeExchange
- openid.claimed_id
- openid.error
- openid.identity
- openid.invalidate_handle
- openid.loadDiscoveredInformation
- openid.mode
- openid.ns
- openid.OAuthHybrid
- openid.op_endpoint
- openid.PAPE
- openid.realm
- openid.RelyingParty
- openid.response_nonce
- openid.return_to
- openid.sig
- openid.signed
- openid.SimpleRegistration
- openid.UserInterface