OpenID user error
This error occurs when the consumer is in stateless mode and the OP was unable to verify the signature. Assuming a properly implemented OP and no data corruption, this shouldn't happen. The most common reason for this these days is a long-standing bug
that causes it to send an invalid signature verification request for OpenID 2.0 to the OP.
I just pushed a fix for this in CPAN
, and it will be in the stable release soon. In the meantime, you work around this by implementing an association cache to avoid using stateless mode. See this thread for more details:
source to share