ZF-3137: Fragments shouldn't be considered during verify() in the Consumer.

Issue Type: Bug Created: 2008-04-18T00:09:44.000+0000 Last Updated: 2008-09-02T10:38:55.000+0000 Status: Resolved Fix version(s): - 1.6.0 (02/Sep/08)

Reporter: Paul Huff (phuff) Assignee: Dmitry Stogov (dmitry) Tags: - Zend_OpenId

Related issues: Attachments: - hash_respect.patch


The spec states this about verification in 11.2:

"If the Claimed Identifier in the assertion is a URL and contains a fragment, the fragment part and the fragment delimiter character "#" MUST NOT be used for the purposes of verifying the discovered information."

By not following this Consumer improperly doesn't verify some claimed id's that it should.


Posted by Paul Huff (phuff) on 2008-04-18T00:11:05.000+0000

This patch respects (or doesn't as it were) the hash remark

Posted by Dmitry Stogov (dmitry) on 2008-04-18T08:09:17.000+0000

According to OpenID 2.0 specification, section 7.2, fragment MUST be stripped during normalization. Please, reopen the bug if my fix doesn't work for you.

Posted by Darby Felton (darby) on 2008-04-21T13:48:02.000+0000

Marking as fixed for next minor release pending merge of changes to release-1.5 branch.

Posted by Wil Sinclair (wil) on 2008-09-02T10:38:55.000+0000

Updating for the 1.6.0 release.

Have you found an issue?

See the Overview section for more details.


© 2006-2018 by Zend, a Rogue Wave Company. Made with by awesome contributors.

This website is built using zend-expressive and it runs on PHP 7.