Key value parsing in VerifyAssertionAsync is not strictly correct

[xPaw]

While looking at the implementation, I noticed that response parsing will skip any lines that have more than one colon, specifically here:

AspNet.Security.OpenId.Providers/src/AspNet.Security.OpenId/OpenIdAuthenticationHandler.cs

Lines 409 to 415 in e89b097

	for (var line = await reader.ReadLineAsync(); line != null; line = await reader.ReadLineAsync())
	{
	var parameter = line.Split(':');
	if (parameter.Length != 2)
	{
	continue;
	}

As a result, a line ns:http://specs.openid.net/auth/2.0 will be skipped.

The specification says that a key or value MUST NOT contain a newline and a key also MUST NOT contain a colon. Notice that it does not say that values can't contain a colon.

Furthermore, the ns is not validated, but it should be present in the response according to the specification:

ns
Value: "http://specs.openid.net/auth/2.0"
This particular value MUST be present for the response to be a valid OpenID 2.0 response.

[kevinchalet]

As mentioned in #126 (review), this project is not funded and no longer actively developed (not to mention OpenID 2.0 is basically a dead protocol). That said, if you're interested in sending a PR to fix such issues, feel free.

Cheers.