# File lib/rack/auth/openid.rb, line 332
      def finish(consumer, session, req)
        oid = consumer.complete(req.params, req.url)
        pp oid if $DEBUG
        req.env['rack.auth.openid.response'] = oid

        goto = session.fetch :site_return, @realm
        body = []

        case oid.status
        when ::OpenID::Consumer::FAILURE
          session.clear
          session['authenticated'] = false
          req.env['rack.errors'].puts oid.message

          goto = @options[:login_fail] if @options.key? :login_fail
          body << "Authentication unsuccessful.\n"
        when ::OpenID::Consumer::SUCCESS
          session.clear

          ## Extension support
          extensions.each do |ext, args|
            session[ext::NS_URI] = ext::Response.
              from_success_response(oid).
              get_extension_args
          end

          session['authenticated'] = true
          # Value for unique identification and such
          session['identity'] = oid.identity_url
          # Value for display and UI labels
          session['identifier'] = oid.display_identifier

          goto = @options[:login_good] if @options.key? :login_good
          body << "Authentication successful.\n"
        when ::OpenID::Consumer::CANCEL
          session.clear
          session['authenticated'] = false

          goto = @options[:login_fail] if @options.key? :login_fail
          body << "Authentication cancelled.\n"
        when ::OpenID::Consumer::SETUP_NEEDED
          session[:setup_needed] = true
          unless o_id = session[:openid_param]
            raise('Required values missing.')
          end

          goto = req.script_name+
            '?'+@options[:openid_param]+
            '='+o_id
          body << "Reauthentication required.\n"
        end
        body << oid.message if oid.message
        [ 303, {'Location'=>goto}, body]
      end