function answer($signatory)
{
$is_valid = $signatory->verify($this->assoc_handle, $this->signed);
// Now invalidate that assoc_handle so it this checkAuth
// message cannot be replayed.
$signatory->invalidate($this->assoc_handle, true);
$response = new Auth_OpenID_ServerResponse($this);
$response->fields->setArg(Auth_OpenID_OPENID_NS, 'is_valid', $is_valid ? "true" : "false");
if ($this->invalidate_handle) {
$assoc = $signatory->getAssociation($this->invalidate_handle, false);
if (!$assoc) {
$response->fields->setArg(Auth_OpenID_OPENID_NS, 'invalidate_handle', $this->invalidate_handle);
}
}
return $response;
}