# File lib/openid/consumer.rb, line 451
    def do_id_res(token, query)
      ret = self.split_token(token)
      return [FAILURE, nil] if ret.nil?
      
      nonce, consumer_id, server_id, server_url = ret
      
      return_to = query["openid.return_to"]
      server_id2 = query["openid.identity"]
      assoc_handle = query["openid.assoc_handle"]
      
      if return_to.nil? or server_id.nil? or assoc_handle.nil?
        return [FAILURE, consumer_id]
      end

      if server_id != server_id2
        return [FAILURE, consumer_id]
      end

      user_setup_url = query["openid.user_setup_url"]
      unless user_setup_url.nil?
        return [SETUP_NEEDED, user_setup_url]
      end
      
      assoc = @store.get_association(server_url)
    
      if assoc.nil? or assoc.handle != assoc_handle or assoc.expires_in <= 0
        # It's not an associtaion we know about.  Dumb mode is our only recovery
        check_args = OpenID::Util.get_openid_params(query)
        check_args["openid.mode"] = "check_authentication"
        post_data = OpenID::Util.urlencode(check_args)
        return self.check_auth(nonce, consumer_id, post_data, server_url)
      end

      # Check the signature
      sig = query["openid.sig"]
      signed = query["openid.signed"]
      return [FAILURE, consumer_id] if sig.nil? or signed.nil?
      
      args = OpenID::Util.get_openid_params(query)
      signed_list = signed.split(",")
      _signed, v_sig = OpenID::Util.sign_reply(args, assoc.secret, signed_list)
      
      return [FAILURE, consumer_id] if v_sig != sig    
      return [FAILURE, consumer_id] unless @store.use_nonce(nonce)
      return [SUCCESS, consumer_id]
    end