ZF-3086 - Issues - Zend Framework

ZF-3086: Zend_OpenId_Consumer doesn't properly handle delegation

Issue Type:

Bug

Created:

2008-04-09T14:09:29.000+0000

Last Updated:

2008-09-02T10:39:03.000+0000

Status:

Resolved

Fix version(s):

1.6.0 (02/Sep/08)

Reporter:

Chris Morrell (inxilpro)

Assignee:

Dmitry Stogov (dmitry)

Tags:

Zend_OpenId

Related issues:

Attachments:

Description

When you use the Zend_OpenId_Consumer class to authenticate against an OpenID URL that uses delegation, it always passes back the delegated identity instead of the original identity.

For example, if I delegate http://mysite.com to http://myaccount.myopenid.com, the Zend_OpenId_Consumer class will return http://myaccount.myopenid.com as the identity instead of http://mysite.com.


<?php
require_once "Zend/OpenId/Consumer.php";
$consumer = new Zend_OpenId_Consumer();

// First call
$identifier = 'http://mysite.com';
$consumer->login($identifier);

// On return, call
$consumer->verify($_GET, $identifier);
echo $identifier;
    // Echoes http://myaccount.myopenid.com
    // Instead of http://mysite.com
?>

Comments

Posted by Chris Morrell (inxilpro) on 2008-04-09T14:10:14.000+0000

This also affects the OpenId adapter of Zend_Auth

Posted by Dmitry Stogov (dmitry) on 2008-04-10T08:43:11.000+0000

Fixed in SVN trunk

Posted by Darby Felton (darby) on 2008-04-21T13:51:34.000+0000

Marking as fixed for next minor release pending merge of changes to release-1.5 branch.

Posted by Wil Sinclair (wil) on 2008-09-02T10:39:03.000+0000

Updating for the 1.6.0 release.