function _doIdRes($message, $endpoint, $return_to)
{
// Checks for presence of appropriate fields (and checks
// signed list fields)
$result = $this->_idResCheckForFields($message);
if (Auth_OpenID::isFailure($result)) {
return $result;
}
if (!$this->_checkReturnTo($message, $return_to)) {
return new Auth_OpenID_FailureResponse(null, sprintf("return_to does not match return URL. Expected %s, got %s", $return_to, $message->getArg(Auth_OpenID_OPENID_NS, 'return_to')));
}
// Verify discovery information:
$result = $this->_verifyDiscoveryResults($message, $endpoint);
if (Auth_OpenID::isFailure($result)) {
return $result;
}
$endpoint = $result;
$result = $this->_idResCheckSignature($message, $endpoint->server_url);
if (Auth_OpenID::isFailure($result)) {
return $result;
}
$result = $this->_idResCheckNonce($message, $endpoint);
if (Auth_OpenID::isFailure($result)) {
return $result;
}
$signed_list_str = $message->getArg(Auth_OpenID_OPENID_NS, 'signed', Auth_OpenID_NO_DEFAULT);
if (Auth_OpenID::isFailure($signed_list_str)) {
return $signed_list_str;
}
$signed_list = explode(',', $signed_list_str);
$signed_fields = Auth_OpenID::addPrefix($signed_list, "openid.");
return new Auth_OpenID_SuccessResponse($endpoint, $message, $signed_fields);
}