Package OpenID

This class represents an association between a server and a consumer. In general, users of this library will never see instances of this object. The only exception is if you implement a custom Auth_OpenID_OpenIDStore.

This class represents an authentication request from a consumer to an OpenID server.

Represents a single attribute in an attribute exchange request. This should be added to an AXRequest object in order to request the attribute.

Results from data that does not meet the attribute exchange 1.0 specification

An attribute exchange 'fetch_request' message. This message is sent by a relying party when it wishes to obtain attributes about the subject of an OpenID authentication request.

An abstract class that implements a message that has attribute keys and values. It contains the common code between fetch_response and store_request.

Abstract class containing common code for attribute exchange messages.

An indication that the store request was processed along with this OpenID transaction. Use make(), NOT the constructor, to create response objects.

A response with a status of Auth_OpenID_CANCEL. Indicates that the user cancelled the OpenID authentication request. This has two relevant attributes:

An OpenID consumer implementation that performs discovery and does session management. See the Consumer.php file documentation for more information.

An empty base class intended to emulate PEAR connection functionality in applications that supply their own database abstraction mechanisms. See Auth_OpenID_SQLStore for more information. You should subclass this class if you need to create an SQL store that needs to access its database using an application's database abstraction layer instead of a PEAR database connection. Any subclass of Auth_OpenID_DatabaseConnection MUST adhere to the interface specified here.

The Diffie-Hellman key exchange class. This class relies on Auth_OpenID_MathLibrary to perform large number operations.

This is a store for use in the worst case, when you have no way of saving state on the consumer site. Using this store makes the consumer vulnerable to replay attacks, as it's unable to use nonces. Avoid using this store if it is at all possible.

Encode an Auth_OpenID_ServerResponse to an Auth_OpenID_WebResponse.

A base class for accessing extension request and response data for the OpenID 2 protocol.

A response with a status of Auth_OpenID_FAILURE. Indicates that the OpenID protocol has failed. This could be locally or remotely triggered. This has three relevant attributes:

This is a filesystem-based store for OpenID associations and nonces. This store should be safe for use in concurrent systems on both windows and unix (excluding NFS filesystems). There are a couple race conditions in the system, but those failure cases have been set up in such a way that the worst-case behavior is someone having to try to log in a second time.

This class is the interface to the OpenID consumer logic. Instances of it maintain no per-request state, so they can be reused (or even used by multiple threads concurrently) as needed.

An Auth_OpenID_Mapping maintains a mapping from arbitrary keys to arbitrary values. (This is unlike an ordinary PHP array, whose keys may be only simple scalars.)

This store uses a PEAR::MDB2 connection to store persistence information.

This is a memcached-based store for OpenID associations and nonces.

In the implementation of this object, null represents the global namespace as well as a namespace with no key.

Error returned by the server code when a return_to is absent from a request.

This is the interface for the store objects the OpenID library uses. It is a single class that provides all of the persistence mechanisms that the OpenID library needs, for both servers and consumers. If you want to create an SQL-driven store, please see then Auth_OpenID_SQLStore class.

An error class which gets instantiated and returned whenever an OpenID protocol error occurs. Be prepared to use this in place of an ordinary server response.

Exception that is raised when the server returns a 400 response code to a direct request.

A session negotiator controls the allowed and preferred association types and association session types. Both the Auth_OpenID_Consumer and Auth_OpenID_Server use negotiators when creating associations.

A response with a status of Auth_OpenID_SETUP_NEEDED. Indicates that the request was in immediate mode, and the server is unable to authenticate the user without further interaction.

Responsible for the signature of query data and the verification of OpenID signature values.

This is the parent class for the SQL stores, which contains the logic common to all of the SQL stores.

A base class for classes dealing with Simple Registration protocol messages.

Represents the data returned in a simple registration response inside of an OpenID C{id_res} response. This object will be created by the OpenID server, added to the C{id_res} response object, and then extracted from the C{id_res} message by the Consumer.

A response with a status of Auth_OpenID_SUCCESS. Indicates that this request is a successful acknowledgement from the OpenID server that the supplied URL is, indeed controlled by the requesting agent. This has three relevant attributes:

An error that indicates that the given return_to is not under the given trust_root.

A web-capable response object which you can use to generate a user-agent response.

This concrete implementation of Auth_Yadis_XMLParser implements the appropriate API for the 'dom' extension which is typically packaged with PHP 5. This class will be used whenever the 'dom' extension is detected. See the Auth_Yadis_XMLParser class for details on this class's methods.

This concrete implementation of Auth_Yadis_XMLParser implements the appropriate API for the 'domxml' extension which is typically packaged with PHP 4. This class will be used whenever the 'domxml' extension is detected. See the Auth_Yadis_XMLParser class for details on this class's methods.

This class is the interface for HTTP fetchers the Yadis library uses. This interface is only important if you need to write a new fetcher for some reason.

The Yadis service manager which stores state in a session and iterates over elements in a Yadis XRDS document and lets a caller attempt to use each one. This is used by the Yadis library internally.

A paranoid Auth_Yadis_HTTPFetcher class which uses CURL for fetching.

This class is responsible for scanning an HTML string to find META tags and their attributes. This is used by the Yadis discovery process. This class must be instantiated to be used.

The base session class used by the Auth_Yadis_Manager. This class wraps the default PHP session machinery and should be subclassed if your application doesn't use PHP sessioning.

This class implements a plain, hand-built socket-based fetcher which will be used in the event that CURL is unavailable.

This class represents a element in an XRDS document. Objects of this type are returned by Auth_Yadis_XRDS::services() and Auth_Yadis_Yadis::services(). Each object corresponds directly to a element in the XRDS and supplies a getElements($name) method which you should use to inspect the element's contents. See Auth_Yadis_Yadis for more information on the role this class plays in Yadis discovery.

A session helper class designed to translate between arrays and objects. Note that the class used must have a constructor that takes no parameters. This is not a general solution, but it works for dumb objects that just need to have attributes set. The idea is that you'll subclass this and override $this->check($data) -> bool to implement your own session data validation.

The base class for wrappers for available PHP XML-parsing extensions. To work with this Yadis library, subclasses of this class MUST implement the API as defined in the remarks for this class. Subclasses of Auth_Yadis_XMLParser are used to wrap particular PHP XML extensions such as 'domxml'. These are used internally by the library depending on the availability of supported PHP XML extensions.

This is the core of the PHP Yadis library. This is the only class a user needs to use to perform Yadis discovery. This class performs the discovery AND stores the result of the discovery.

Check an alias for invalid characters; raise AXError if any are found. Return None if the alias is valid.

Given a namespace mapping and a string containing a comma-separated list of namespace aliases, return a list of type URIs that correspond to those aliases.

Check to see that the given value is a valid simple registration data field name. Return true if so, false if not.

Auth_OpenID_getMathLib() checks for the presence of long number extension modules and returns an instance of Auth_OpenID_MathWrapper which exposes the module's functionality.

Define the supported extensions. An extension array has keys 'modules', 'extension', and 'class'. 'modules' is an array of PHP module names which the loading code will attempt to load. These values will be suffixed with a library file extension (e.g. ".so"). 'extension' is the name of a PHP extension which will be tested before 'modules' are loaded. 'class' is the string name of a Auth_OpenID_MathWrapper subclass which should be instantiated if a given extension is present.

Registers a (namespace URI, alias) mapping in a global namespace alias map. Raises NamespaceAliasRegistrationError if either the namespace URI or alias has already been registered with a different value. This function is required if you want to use a namespace with an OpenID 1 message.

Removes a (namespace_uri, alias) registration from the global namespace alias map. Returns true if the removal succeeded; false if not (if the mapping did not exist).

Does the given endpoint advertise support for simple registration?

Returns an instance of a Auth_Yadis_XMLParser subclass based on the availability of PHP extensions for XML parsing. If Auth_Yadis_setDefaultParser has been called, the parser used in that call will be returned instead.

Set a default parser to override the extension-driven selection of available parser classes. This is helpful in a test environment or one in which multiple parsers can be used but one is more desirable.