Class Auth_OpenID_DumbStore

Description
Description | Methods (details)

This is a store for use in the worst case, when you have no way of saving state on the consumer site. Using this store makes the consumer vulnerable to replay attacks, as it's unable to use nonces. Avoid using this store if it is at all possible.

Most of the methods of this class are implementation details. Users of this class need to worry only about the constructor.

Located in /Auth/OpenID/DumbStore.php (line 34) 

Auth_OpenID_OpenIDStore
   |
   --Auth_OpenID_DumbStore
Method Summary
Description | Methods (details)
Auth_OpenID_DumbStore Auth_OpenID_DumbStore (string $secret_phrase)
void getAssociation ( $server_url, [ $handle = null])
void getAuthKey ()
void removeAssociation ( $server_url,  $handle)
void storeAssociation ( $server_url,  $association)
void useNonce ( $server_url,  $timestamp,  $salt)
Methods
Description | Methods (details)
Constructor Auth_OpenID_DumbStore (line 53)

Creates a new Auth_OpenID_DumbStore instance. For the security of the tokens generated by the library, this class attempts to at least have a secure implementation of getAuthKey.

When you create an instance of this class, pass in a secret phrase. The phrase is hashed with sha1 to make it the correct length and form for an auth key. That allows you to use a long string as the secret phrase, which means you can make it very difficult to guess.

Each Auth_OpenID_DumbStore instance that is created for use by your consumer site needs to use the same $secret_phrase.

Auth_OpenID_DumbStore Auth_OpenID_DumbStore (string $secret_phrase)
  • string $secret_phrase: secret_phrase The phrase used to create the auth key returned by getAuthKey
getAssociation (line 68)

This implementation always returns null.

void getAssociation ( $server_url, [ $handle = null])
  • $server_url
  • $handle
Redefinition of:
Auth_OpenID_OpenIDStore::getAssociation()
This method returns an Association object from storage that matches the server URL and, if specified, handle. It returns null if no such association is found or if the matching association is expired.
getAuthKey (line 94)

This method returns the auth key generated by the constructor.

void getAuthKey ()
removeAssociation (line 76)

This implementation always returns false.

void removeAssociation ( $server_url,  $handle)
  • $server_url
  • $handle
Redefinition of:
Auth_OpenID_OpenIDStore::removeAssociation()
This method removes the matching association if it's found, and returns whether the association was removed or not.
storeAssociation (line 61)

This implementation does nothing.

void storeAssociation ( $server_url,  $association)
  • $server_url
  • $association
Redefinition of:
Auth_OpenID_OpenIDStore::storeAssociation()
This method puts an Association object into storage, retrievable by server URL and handle.
useNonce (line 86)

In a system truly limited to dumb mode, nonces must all be accepted. This therefore always returns true, which makes replay attacks feasible.

void useNonce ( $server_url,  $timestamp,  $salt)
  • $server_url
  • $timestamp
  • $salt
Redefinition of:
Auth_OpenID_OpenIDStore::useNonce()
Called when using a nonce.

Inherited Methods

Inherited From Auth_OpenID_OpenIDStore

Auth_OpenID_OpenIDStore::cleanup()
Auth_OpenID_OpenIDStore::cleanupAssociations()
Auth_OpenID_OpenIDStore::cleanupNonces()
Auth_OpenID_OpenIDStore::getAssociation()
Auth_OpenID_OpenIDStore::removeAssociation()
Auth_OpenID_OpenIDStore::reset()
Auth_OpenID_OpenIDStore::storeAssociation()
Auth_OpenID_OpenIDStore::supportsCleanup()
Auth_OpenID_OpenIDStore::useNonce()

Documentation generated on Thu, 29 Jul 2010 13:58:50 -0700 by phpDocumentor 1.4.3