+sub auth ($$) {
+ my $q=shift;
+ my $session=shift;
+
+ if (defined $q->param('openid.mode')) {
+ my $csr=getobj($q, $session);
+
+ if (my $setup_url = $csr->user_setup_url) {
+ IkiWiki::redirect($q, $setup_url);
+ }
+ elsif ($csr->user_cancel) {
+ IkiWiki::redirect($q, IkiWiki::baseurl(undef));
+ }
+ elsif (my $vident = $csr->verified_identity) {
+ $session->param(name => $vident->url);
+
+ my @extensions;
+ if ($vident->can("signed_extension_fields")) {
+ @extensions=grep { defined } (
+ $vident->signed_extension_fields('http://openid.net/extensions/sreg/1.1'),
+ $vident->signed_extension_fields('http://openid.net/srv/ax/1.0'),
+ );
+ }
+ my $nickname;
+ foreach my $ext (@extensions) {
+ foreach my $field (qw{value.email email}) {
+ if (exists $ext->{$field} &&
+ defined $ext->{$field} &&
+ length $ext->{$field}) {
+ $session->param(email => $ext->{$field});
+ if (! defined $nickname &&
+ $ext->{$field}=~/(.+)@.+/) {
+ $nickname = $1;
+ }
+ last;
+ }
+ }
+ foreach my $field (qw{value.nickname nickname value.fullname fullname value.firstname}) {
+ if (exists $ext->{$field} &&
+ defined $ext->{$field} &&
+ length $ext->{$field}) {
+ $nickname=$ext->{$field};
+ last;
+ }
+ }
+ }
+ if (defined $nickname) {
+ $session->param(nickname =>
+ Encode::decode_utf8($nickname));
+ }
+ }
+ else {
+ error("OpenID failure: ".$csr->err);
+ }
+ }
+ elsif (defined $q->param('openid_identifier')) {
+ # myopenid.com affiliate support
+ validate($q, $session, $q->param('openid_identifier'));
+ }
+}
+
+sub getobj ($$) {