[CRITICAL] Authentication bypass via attacker provided openid server

PKSA-jf39-s84q-9xn1 GHSA-hhw9-35p2-q2c5

Affected version: <1.1

Reported by:
GitHub, FriendsOfPHP/security-advisories