ZF-3137: Fragments shouldn't be considered during verify() in the Consumer.
Description
The spec states this about verification in 11.2:
"If the Claimed Identifier in the assertion is a URL and contains a fragment, the fragment part and the fragment delimiter character "#" MUST NOT be used for the purposes of verifying the discovered information."
By not following this Consumer improperly doesn't verify some claimed id's that it should.
Comments
Posted by Paul Huff (phuff) on 2008-04-18T00:11:05.000+0000
This patch respects (or doesn't as it were) the hash remark
Posted by Dmitry Stogov (dmitry) on 2008-04-18T08:09:17.000+0000
According to OpenID 2.0 specification, section 7.2, fragment MUST be stripped during normalization. Please, reopen the bug if my fix doesn't work for you.
Posted by Darby Felton (darby) on 2008-04-21T13:48:02.000+0000
Marking as fixed for next minor release pending merge of changes to release-1.5 branch.
Posted by Wil Sinclair (wil) on 2008-09-02T10:38:55.000+0000
Updating for the 1.6.0 release.