view tests/test.ur @ 46:72e942423f26

Based on a security suggestion by Robin Green, start a new session after authentication at an OP and after submission of a signup form
author Adam Chlipala <>
date Sun, 03 Jul 2011 17:52:29 -0400
parents f6b3fbf10dac
line wrap: on
line source
fun afterward r = return <xml><body>
  {case r of
       Openid.Canceled => <xml>You canceled that sucker.</xml>
     | Openid.Failure s => error <xml>OpenID failure: {[s]}</xml>
     | Openid.AuthenticatedAs id => <xml>I now know you as <tt>{[id]}</tt>.</xml>}

fun auth r =
    msg <- Openid.authenticate afterward
                               {Association = Openid.Stateful {AssociationType = Openid.HMAC_SHA256,
                                                               AssociationSessionType = Openid.NoEncryption},
                                Identifier = Openid.KnownIdentifier r.Id,
                                Realm = Some "http://localhost:8080/"};
    error <xml>{[msg]}</xml>

fun main () = return <xml><body>
    <submit action={auth}/>