# File lib/openid/consumer.rb, line 576
    def check_auth(nonce, query, server_url)
      check_args = OpenID::Util.get_openid_params(query)
      check_args["openid.mode"] = "check_authentication"
      post_data = OpenID::Util.urlencode(check_args)

      ret = @fetcher.post(server_url, post_data)
      if ret.nil?
        return FAILURE, "unable to post to #{server_url}"
      else
        url, body = ret
      end
    
      results = OpenID::Util.parsekv(body)
      is_valid = results.fetch("is_valid", "false")
    
      if is_valid == "true"

        # we started this request with a bad association,
        # falling back to dumb mode, the invalidate_handle tells
        # us to handle of the assoc to remove from our store.
        invalidate_handle = results["invalidate_handle"]
        if invalidate_handle
          @store.remove_association(server_url, invalidate_handle)
        end

        # make sure response is not getting replayed by checking the nonce
        unless @store.use_nonce(nonce)
          return FAILURE, "#{server_url}, nonce #{nonce} already used"
        end

        # is_valid = true, and we successfully used the nonce.
        return SUCCESS, nil
      end
    
      error = results["error"]
      if error
        msg = "error from server: #{error}"
      else
        msg = "is_valid was false"
      end
      return FAILURE, msg
    end