OP-request_uri-Sig-any test tries to use alg:none which isn't listed in OP metadata

openid-certification / oidctest

THE CERTIFICATION TEST SUITE HAS BEEN MIGRATED TO A NEW SERVICE https://www.certificatinon.openid.net

Other

49 stars 15 forks source link

OP-request_uri-Sig-any test tries to use alg:none which isn't listed in OP metadata #182

Open yv13 opened 5 years ago

yv13 commented 5 years ago

I would like to report that the OP-request_uri-Sig-any test submits an unsecured request object when the OP doesn't list "none" in request_object_signing_alg_values_supported.

The test was passed after observing this behavior and reconfiguring the OP to accept "none".

selfissued commented 4 years ago

Mike to investigate, per 11-Oct-19 call.