[project @ Update example RP to use PAPE extension]

Author: tailor

examples/consumer/common.php

@@ -27,10 +27,22 @@ function doIncludes() {
      * Require the Simple Registration extension API.
      */
     require_once "Auth/OpenID/SReg.php";
+
+    /**
+     * Require the PAPE extension module.
+     */
+    require_once "Auth/OpenID/PAPE.php";
 }
 
 doIncludes();
 
+global $pape_policy_uris;
+$pape_policy_uris = array(
+			  PAPE_AUTH_MULTI_FACTOR_PHYSICAL,
+			  PAPE_AUTH_MULTI_FACTOR,
+			  PAPE_AUTH_PHISHING_RESISTANT
+			  );
+
 function &getStore() {
     /**
      * This is where the example will store its OpenID information.

examples/consumer/finish_auth.php

@@ -48,6 +48,35 @@ function run() {
         if (@$sreg['fullname']) {
             $success .= "  Your fullname is '".$sreg['fullname']."'.";
         }
+
+	$pape_resp = Auth_OpenID_PAPE_Response::fromSuccessResponse($response);
+
+	if ($pape_resp) {
+	  if ($pape_resp->auth_policies) {
+	    $success .= "<p>The following PAPE policies affected the authentication:</p><ul>";
+
+	    foreach ($pape_resp->auth_policies as $uri) {
+	      $success .= "<li><tt>$uri</tt></li>";
+	    }
+
+	    $success .= "</ul>";
+	  } else {
+	    $success .= "<p>No PAPE policies affected the authentication.</p>";
+	  }
+
+	  if ($pape_resp->auth_age) {
+	    $success .= "<p>The authentication age returned by the " .
+	      "server is: <tt>".$pape_resp->auth_age."</tt></p>";
+	  }
+
+	  if ($pape_resp->nist_auth_level) {
+	    $success .= "<p>The NIST auth level returned by the " .
+	      "server is: <tt>".$pape_resp->nist_auth_level."</tt></p>";
+	  }
+
+	} else {
+	  $success .= "<p>No PAPE response was sent by the provider.</p>";
+	}
     }
 
     include 'index.php';

examples/consumer/index.php

@@ -1,3 +1,8 @@
+<?php
+require_once "common.php";
+
+global $pape_policy_uris;
+?>
 <html>
   <head><title>PHP OpenID Authentication Example</title></head>
   <style type="text/css">
@@ -52,6 +57,15 @@
         Identity&nbsp;URL:
         <input type="hidden" name="action" value="verify" />
         <input type="text" name="openid_identifier" value="" />
+
+        <p>Optionally, request these PAPE policies:</p>
+        <p>
+        <?php foreach ($pape_policy_uris as $i => $uri) {
+          print "<input type=\"checkbox\" name=\"policies[]\" value=\"$uri\" />";
+          print "$uri<br/>";
+        } ?>
+        </p>
+
         <input type="submit" value="Verify" />
       </form>
     </div>

examples/consumer/try_auth.php

@@ -37,6 +37,13 @@ function run() {
         $auth_request->addExtension($sreg_request);
     }
 
+    $policy_uris = $_GET['policies'];
+
+    $pape_request = new Auth_OpenID_PAPE_Request($policy_uris);
+    if ($pape_request) {
+        $auth_request->addExtension($pape_request);
+    }
+
     // Redirect the user to the OpenID server for authentication.
     // Store the token for this authentication so we can verify the
     // response.