Auth_OpenID_PlainTextConsumerSession::extractSecret PHP Method

    function extractSecret($response)
    {
        if (!$response->hasKey(Auth_OpenID_OPENID_NS, 'mac_key')) {
            return null;
        }
        return base64_decode($response->getArg(Auth_OpenID_OPENID_NS, 'mac_key'));
    }

 /**
  * @access private
  */
 function _extractAssociation($assoc_response, $assoc_session)
 {
     // Extract the common fields from the response, raising an
     // exception if they are not found
     $assoc_type = $assoc_response->getArg(Auth_OpenID_OPENID_NS, 'assoc_type', Auth_OpenID_NO_DEFAULT);
     if (Auth_OpenID::isFailure($assoc_type)) {
         return $assoc_type;
     }
     $assoc_handle = $assoc_response->getArg(Auth_OpenID_OPENID_NS, 'assoc_handle', Auth_OpenID_NO_DEFAULT);
     if (Auth_OpenID::isFailure($assoc_handle)) {
         return $assoc_handle;
     }
     // expires_in is a base-10 string. The Python parsing will
     // accept literals that have whitespace around them and will
     // accept negative values. Neither of these are really in-spec,
     // but we think it's OK to accept them.
     $expires_in_str = $assoc_response->getArg(Auth_OpenID_OPENID_NS, 'expires_in', Auth_OpenID_NO_DEFAULT);
     if (Auth_OpenID::isFailure($expires_in_str)) {
         return $expires_in_str;
     }
     $expires_in = Auth_OpenID::intval($expires_in_str);
     if ($expires_in === false) {
         $err = sprintf("Could not parse expires_in from association " . "response %s", print_r($assoc_response, true));
         return new Auth_OpenID_FailureResponse(null, $err);
     }
     // OpenID 1 has funny association session behaviour.
     if ($assoc_response->isOpenID1()) {
         $session_type = $this->_getOpenID1SessionType($assoc_response);
     } else {
         $session_type = $assoc_response->getArg(Auth_OpenID_OPENID2_NS, 'session_type', Auth_OpenID_NO_DEFAULT);
         if (Auth_OpenID::isFailure($session_type)) {
             return $session_type;
         }
     }
     // Session type mismatch
     if ($assoc_session->session_type != $session_type) {
         if ($assoc_response->isOpenID1() && $session_type == 'no-encryption') {
             // In OpenID 1, any association request can result in
             // a 'no-encryption' association response. Setting
             // assoc_session to a new no-encryption session should
             // make the rest of this function work properly for
             // that case.
             $assoc_session = new Auth_OpenID_PlainTextConsumerSession();
         } else {
             // Any other mismatch, regardless of protocol version
             // results in the failure of the association session
             // altogether.
             return null;
         }
     }
     // Make sure assoc_type is valid for session_type
     if (!in_array($assoc_type, $assoc_session->allowed_assoc_types)) {
         return null;
     }
     // Delegate to the association session to extract the secret
     // from the response, however is appropriate for that session
     // type.
     $secret = $assoc_session->extractSecret($assoc_response);
     if ($secret === null) {
         return null;
     }
     return Auth_OpenID_Association::fromExpiresIn($expires_in, $assoc_handle, $secret, $assoc_type);
 }