OpenID user error

While integrating Zend OpenID Server into MVC, I have a problem with the consumer response (on Livejournal). It says:

"naive_verify_failed_return: The provider says the signature is invalid."

Does anyone have any idea why this might show up? Thanks to


source to share

1 answer

This error occurs when the consumer is in stateless mode and the OP was unable to verify the signature. Assuming a properly implemented OP and no data corruption, this shouldn't happen. The most common reason for this these days is a long-standing bug Net::OpenID::Consumer

that causes it to send an invalid signature verification request for OpenID 2.0 to the OP.

I just pushed a fix for this in CPAN Net-OpenID-Consumer 1.030099_003

, and it will be in the stable release soon. In the meantime, you work around this by implementing an association cache to avoid using stateless mode. See this thread for more details:



All Articles