/gagdets/metadata request doesn't work in PHP shindig

I tried to execute POST request to shindig/gadgets/metadata. It does
work for java version, but it doesn't work for php.

Here is a curl command
curl -i -X POST -H "Accept: application/json" -H "Content-Type:
application/json"
-d
'{"context":

{"country":"default","language":"default","view":"default","container":"default"}

,"gadgets":[

{"url":"http://hosting.gmodules.com/ig/gadgets/file/108085167802252611023/wikipedia.xml", "moduleId":0}

]}'
http://shindig/gadgets/metadata

The output is:
{"gadgets":[

{"errors":["Can't get ownerId from an anonymous token"],"moduleId":0,"url":"http:\/\/hosting.gmodules.com\/ig\/gadgets\/file\/108085167802252611023\/wikipedia.xml"}

]}
If I supply a token ?st=1:1:1:1:1:1:1, it works

It seems as the problem is in BasicSecurityToken.php.

public function isAnonymous()

{ return ($this->tokenData[$this->OWNER_KEY] === SecurityToken::$ANONYMOUS) && ($this->tokenData[$this->VIEWER_KEY] === SecurityToken::$ANONYMOUS); }

...
public function getOwnerId() {
if ($this->isAnonymous())

{ throw new Exception("Can't get ownerId from an anonymous token"); }

return $this->tokenData[$this->OWNER_KEY];
}

In java version there is different implementation.

public boolean isAnonymous()

{ return false; }

...
public String getOwnerId()

{ return tokenData.get(OWNER_KEY); }

Should we remove isAnonymous check from BasicSecurityToken.php?
Or it should be done on a higher level, and if the token is anonymous
the functions of BasicSecurityToken shouldn't be called at all?