Martin von Löwis  committed dbc4c34

Document the verify function.

  • Participants
  • Parent commits 248ab3f
  • Branches default

Comments (0)

Files changed (1)

File doc/index.rst

   interpret this request in any way it pleases. Values must be URL,
   the AX object provides a shortcut notation for common attributes.
+.. function:: verify(response, discovery_cache, find_association, nonce_seen) -> signed, claimed_id
+  Process an authentication response. *response* is the query string as
+  given in the original URL (i.e. as the CGI variable QUERY_STRING).
+  *discovery_cache* is a function taking an URI and returning the
+  same result as discover would; applications should use it to cache
+  the discovery result between the start of the login process until
+  the user completes the login. If no cache information is found,
+  None shall be returned.
+  *find_association* is a function taking an assoc_handle, and returning
+  a session dictionary or None. The dictionary must minimally contain
+  the assoc_handle and the mac_key.
+  *nonce_seen* is a function taking a nonce, returning a boolean that 
+  indicates whether the nonce has been seen. It may also store the
+  nonce as a side-effect; alternatively, the application can
+  separately store it when it successfully processed the
+  authentication request. Nonces older than one hour can be deleted
+  from the storage.
 .. function:: authenticate(session, response) -> None
   Process an authentication response.  session must be the established
   Callers must check openid.response_nonce for replay attacks.
+  .. deprecated:: 1.11
+     Use :func:`verify` instead.
 Discovery Utility Functions