|
@@ -70,6 +70,7 @@
|
70
|
70
|
$_SESSION['openid'] = array(
|
71
|
71
|
'identity' => $disc->getIdentity(),
|
72
|
72
|
'delegate' => $disc->getDelegate(),
|
|
73
|
+ 'version' => $disc->getVersion(),
|
73
|
74
|
'validated' => false,
|
74
|
75
|
'server' => $disc->getServer(),
|
75
|
76
|
'nonce' => uniqid(microtime(true), true),
|
|
@@ -80,7 +81,7 @@
|
80
|
81
|
|
81
|
82
|
$url = URLBuilder::buildRequest(defined('OPENID_IMMEDIATE') ? 'immediate' : 'setup',
|
82
|
83
|
$disc->getServer(), $disc->getDelegate(),
|
83
|
|
- $disc->getIdentity(), URLBuilder::getCurrentURL(), $handle);
|
|
84
|
+ $disc->getIdentity(), URLBuilder::getCurrentURL(), $handle, $disc->getVersion());
|
84
|
85
|
|
85
|
86
|
URLBuilder::doRedirect($url);
|
86
|
87
|
} else if (isset($_REQUEST['openid_mode'])) {
|
|
@@ -137,7 +138,7 @@
|
137
|
138
|
$disc = new Discoverer($url);
|
138
|
139
|
|
139
|
140
|
if ($disc->getServer() == null) {
|
140
|
|
- error('notvalid', 'Claimed identity is not a valid identifier');
|
|
141
|
+ error('notvalid', 'Claimed identity is not a valid identifier');
|
141
|
142
|
}
|
142
|
143
|
|
143
|
144
|
return $disc;
|
|
@@ -242,9 +243,13 @@
|
242
|
243
|
*/
|
243
|
244
|
function processPositiveResponse($valid) {
|
244
|
245
|
if ($_REQUEST['openid_identity'] != $_SESSION['openid']['delegate']) {
|
245
|
|
- error('diffid', 'Identity provider validated wrong identity. Expected it to '
|
|
246
|
+ if ($_SESSION['openid']['delegate'] == 'http://specs.openid.net/auth/2.0/identifier_select') {
|
|
247
|
+ $_SESSION['openid']['delegate'] = $_REQUEST['openid_identity'];
|
|
248
|
+ } else {
|
|
249
|
+ error('diffid', 'Identity provider validated wrong identity. Expected it to '
|
246
|
250
|
. 'validate ' . $_SESSION['openid']['delegate'] . ' but it '
|
247
|
251
|
. 'validated ' . $_REQUEST['openid_identity']);
|
|
252
|
+ }
|
248
|
253
|
}
|
249
|
254
|
|
250
|
255
|
if (!$valid) {
|