Issue Type: Bug Created: 2008-04-18T00:09:44.000+0000 Last Updated: 2008-09-02T10:38:55.000+0000 Status: Resolved Fix version(s): - 1.6.0 (02/Sep/08)
Reporter: Paul Huff (phuff) Assignee: Dmitry Stogov (dmitry) Tags: - Zend_OpenId
Related issues: Attachments: - hash_respect.patch
The spec states this about verification in 11.2:
"If the Claimed Identifier in the assertion is a URL and contains a fragment, the fragment part and the fragment delimiter character "#" MUST NOT be used for the purposes of verifying the discovered information."
By not following this Consumer improperly doesn't verify some claimed id's that it should.
Posted by Paul Huff (phuff) on 2008-04-18T00:11:05.000+0000
This patch respects (or doesn't as it were) the hash remark
Posted by Dmitry Stogov (dmitry) on 2008-04-18T08:09:17.000+0000
According to OpenID 2.0 specification, section 7.2, fragment MUST be stripped during normalization. Please, reopen the bug if my fix doesn't work for you.
Posted by Darby Felton (darby) on 2008-04-21T13:48:02.000+0000
Marking as fixed for next minor release pending merge of changes to release-1.5 branch.
Posted by Wil Sinclair (wil) on 2008-09-02T10:38:55.000+0000
Updating for the 1.6.0 release.
Have you found an issue?
See the Overview section for more details.