ZF-7458: MyOpenID authentication failure: Discovery information verification failed
I've been having a problem authenticating using OpenID with the MyOpenID site.
Just as the error in the summary suggests, I have traced the problem to the Zend_OpenId_Consumer->verify function (line 316). The problem stems from the 'openid_op_endpoint' parameter not matching the stored discovered server.
During initial server discovery, MyOpenID is sending back 'http://www.myopenid.com/server' and this is stored in the consumer storage file. After authentication with MyOpenID, in the 'openid_op_endpoint' parameter, it is sending back 'https://www.myopenid.com/server'. Note that the only difference is the scheme (http vs. https) but this is enough to cause the authentication to fail because it does not match.
I don't know why MyOpenID is sending back two different endpoints and I know this isn't exactly a bug per se but perhaps the code should be changed to verify the endpoint based only upon the host and path.