A positive assertion that's returned from the provider contains a field called openid.signed
which is used on the consumer side to verify the signature held in openid.sig
. The process of generating / verifying the signature is outlined here.
From the assertion you've shown, these are the signed fields:
op_endpoint,claimed_id,identity,return_to,response_nonce,assoc_handle,ns.ext1,
ext1.mode,ext1.type.namePerson_first,ext1.value.namePerson_first,
ext1.type.namePerson_last,ext1.value.namePerson_last,ext1.type.contact_email,
ext1.value.contact_email
You can see that ext1.value.contact_email
is one of the signed fields and is therefore part of the signature, thus if the signature matches you can be sure that the value has not been tampered with.
The assoc_handle
refers to the shared secret that's established between the consumer and provider during the associate
method. This shared secret is used to generate a keyed hash of the signed field values, forming the signature to compare against.
If the shared secret cannot be found, the check_authentication
method must be used, outlined here and used here.