Merge pull request #121 from faberge-eggs/SSRF-idref-fix

Avoid SSRF for claimed_id request

Author: tobiashm

lib/openid/consumer/idres.rb

@@ -72,9 +72,9 @@ def signed_fields
       def id_res
         check_for_fields
         verify_return_to
-        verify_discovery_results
         check_signature
         check_nonce
+        verify_discovery_results
       end
 
       def server_url