Closed panva closed 5 years ago
Status: 🆗 but 💡
The test description reads
Uses RP initiated logout to end a Session at the OP. The request has post_logout_redirect_uri and an incorrect id_token_hint
It should read something along the lines 'Sent id_token_hint is stripped of its signature and has modified "alg" header'
Similar treatment to the description should be made for OP-BackChannel-RpInitLogout-wrong-idtoken_hint
OP-BackChannel-RpInitLogout-wrong-idtoken_hint
Updated
Status: 🆗 but 💡
The test description reads
It should read something along the lines 'Sent id_token_hint is stripped of its signature and has modified "alg" header'
Similar treatment to the description should be made for
OP-BackChannel-RpInitLogout-wrong-idtoken_hint