Class | OmniAuth::Strategies::WindowsLive::WindowsLiveLogin |
In: |
lib/omniauth/strategies/windows_live/windowslivelogin.rb
|
Parent: | Object |
Helper methods.
baseurl | [RW] | Sets or gets the base URL to use for the Windows Live Login server. You should not have to change this property. Furthermore, we recommend that you use the Sign In control instead of the URL methods provided here. |
consenturl | [RW] | Sets or gets the Consent Base URL to use for the Windows Live Consent server. You should not have to use or change this property directly. |
force_delauth_nonprovisioned | [RW] | Sets a flag that indicates whether Delegated Authentication is non-provisioned (i.e. does not use an application ID or secret key). |
oldsecretexpiry | [RW] | Gets the old secret key expiry time. |
secureurl | [RW] | Sets or gets the secure (HTTPS) URL to use for the Windows Live Login server. You should not have to change this property. |
securityalgorithm | [RW] | Sets or gets the version of the security algorithm being used. |
Initialize the WindowsLiveLogin module from a settings file.
‘settingsFile’ specifies the location of the XML settings file that contains the application ID, secret key, and security algorithm. The file is of the following format:
<windowslivelogin>
<appid>APPID</appid> <secret>SECRET</secret> <securityalgorithm>wsignin1.0</securityalgorithm>
</windowslivelogin>
In a Delegated Authentication scenario, you may also specify ‘returnurl’ and ‘policyurl’ in the settings file, as shown in the Delegated Authentication samples.
We recommend that you store the WindowsLiveLogin settings file in an area on your server that cannot be accessed through the Internet. This file contains important confidential information.
Initialize the WindowsLiveLogin module with the application ID, secret key, and security algorithm.
We recommend that you employ strong measures to protect the secret key. The secret key should never be exposed to the Web or other users.
Be aware that if you do not supply these settings at initialization time, you may need to set the corresponding properties manually.
For Delegated Authentication, you may optionally specify the privacy policy URL and return URL. If you do not specify these values here, the default values that you specified when you registered your application will be used.
The ‘force_delauth_nonprovisioned’ flag also indicates whether your application is registered for Delegated Authentication (that is, whether it uses an application ID and secret key). We recommend that your Delegated Authentication application always be registered for enhanced security and functionality.
Sets the application ID. Use this method if you did not specify an application ID at initialization.
Decodes the given token string; returns undef on failure.
First, the string is URL-unescaped and base64 decoded. Second, the IV is extracted from the first 16 bytes of the string. Finally, the string is decrypted using the encryption key.
Derives the key, given the secret key and prefix as described in the Web Authentication SDK documentation.
Returns the URL that is required to retrieve the application security token.
By default, the application security token is generated for the Windows Live site; a specific Site ID can optionally be specified in ‘siteid’. The IP address can also optionally be included in ‘ip’.
If ‘js’ is nil, a JavaScript Output Notation (JSON) response is returned in the following format:
{"token":"<value>"}
Otherwise, a JavaScript response is returned. It is assumed that WLIDResultCallback is a custom function implemented to handle the token value:
WLIDResultCallback("<tokenvalue>");
Returns a string that can be passed to the getTrustedParams function as the ‘retcode’ parameter. If this is specified as the ‘retcode’, the application will be used as return URL after it finishes trusted sign-in.
Retrieves the application security token for application verification from the application sign-in URL.
By default, the application security token will be generated for the Windows Live site; a specific Site ID can optionally be specified in ‘siteid’. The IP address can also optionally be included in ‘ip’.
Implementation note: The application security token is downloaded from the application sign-in URL in JSON format:
{"token":"<value>"}
Therefore we must extract <value> from the string and return it as seen here.
Returns an appropriate content type and body response that the application handler can return to signify a successful sign-out from the application.
When a user signs out of Windows Live or a Windows Live application, a best-effort attempt is made at signing the user out from all other Windows Live applications the user might be signed in to. This is done by calling the handler page for each application with ‘action’ set to ‘clearcookie’ in the query string. The application handler is then responsible for clearing any cookies or data associated with the sign-in. After successfully signing the user out, the handler should return a GIF (any GIF) image as response to the ‘action=clearcookie’ query.
Returns the consent URL to use for Delegated Authentication for the given comma-delimited list of offers.
If you specify it, ‘context’ will be returned as-is in the consent response for site-specific use.
The registered/configured return URL can also be overridden by specifying ‘ru’ here.
You can change the language in which the consent page is displayed by specifying a culture ID (For example, ‘fr-fr’ or ‘en-us’) in the ‘market’ parameter.
Returns the sign-in URL to use for the Windows Live Login server. We recommend that you use the Sign In control instead.
If you specify it, ‘context’ will be returned as-is in the sign-in response for site-specific use.
Returns the sign-out URL to use for the Windows Live Login server. We recommend that you use the Sign In control instead.
Returns the URL for the consent-management user interface. You can change the language in which the consent page is displayed by specifying a culture ID (For example, ‘fr-fr’ or ‘en-us’) in the ‘market’ parameter.
Returns the URL to use to download a new consent token, given the offers and refresh token. The registered/configured return URL can also be overridden by specifying ‘ru’ here.
Returns a table of key-value pairs that must be posted to the sign-in URL for trusted sign-in. Use HTTP POST to do this. Be aware that the values in the table are neither URL nor HTML escaped and may have to be escaped if you are inserting them in code such as an HTML form.
The user to be trusted on the local site is passed in as string ‘user’.
Optionally, ‘retcode’ specifies the resource to which successful sign-in is redirected, such as Windows Live Mail, and is typically a string in the format ‘id=2000’. If you pass in the value from getAppRetCode instead, sign-in will be redirected to the application. Otherwise, an HTTP 200 response is returned.
Returns the trusted sign-in token in the format that is needed by a control doing trusted sign-in.
The user to be trusted on the local site is passed in as string ‘user’.
Sets your old secret key.
Use this property to set your old secret key if you are in the process of transitioning to a new secret key. You may need this property because the Windows Live ID servers can take up to 24 hours to propagate a new secret key after you have updated your application settings.
If an old secret key is specified here and has not expired (as determined by the oldsecretexpiry setting), it will be used as a fallback if token decryption fails with the new secret key.
Sets the expiry time for your old secret key.
After this time has passed, the old secret key will no longer be used even if token decryption fails with the new secret key.
The old secret expiry time is represented as the number of seconds elapsed since January 1, 1970.
Parses query string and return a table {String=>String}
If a table is passed in from CGI.params, we convert it from {String=>[]} to {String=>String}. I believe Rails uses symbols instead of strings in general, so we convert from symbols to strings here also.
Sets the privacy policy URL, to which the Windows Live ID consent service redirects users to view the privacy policy of your Web site for Delegated Authentication.
Processes the POST response from the Delegated Authentication service after a user has granted consent. The processConsent function extracts the consent token string and returns the result of invoking the processConsentToken method.
Processes the consent token string that is returned in the POST response by the Delegated Authentication service after a user has granted consent.
Processes the sign-in response from the Windows Live sign-in server.
‘query’ contains the preprocessed POST table, such as that returned by CGI.params or Rails. (The unprocessed POST string could also be used here but we do not recommend it).
This method returns a User object on successful sign-in; otherwise it returns nil.
Attempts to obtain a new, refreshed token and return it. The original token is not modified.
Helper function to obtain a new, refreshed token and return it. The original token is not modified.
Sets the return URL—the URL on your site to which the consent service redirects users (along with the action, consent token, and application context) after they have successfully provided consent information for Delegated Authentication. This value will override the return URL specified during registration.
Stub implementation for logging errors. If you want to enable debugging output using the default mechanism, specify true. By default, debug information will be printed to the standard error output and should be visible in the web server logs.