For some reason the backend process seems to think that URI used as the return address after authorization is a file. This is obviously not the case and results in one of the follow HTTP errors: 400, 403, 404.
It appears to be that whenever a URL is passed as an option, i.e. /?q=http://www.example.com everything goes wrong. As it wasn't doing this before it may be due to settings in .htaccess or php.ini.
Have updated the way that arguments are handled within the code; this hasn't solved the problem though.
The problem now seems to be rooted in the request to the OpenID server after authorization.
response = is_valid:false
Fixed parsing of OpenID options allows correct verification of login token.
This bug has been closed; no more details accepted