OP-IDToken-C-Signature should not run for 'none'

[jogu]

As per email from myself and Roland's reply on certification list:

My understanding is that a OP that doesn't support any signing can certify if it only issues id_tokens in the back channel.

Basically, if the test description does not specify any special algorithm in the registration phase or as part of the assertions then any algorithm the RP supports can be used.

Looking at https://github.com/rohe/oidctest/blob/master/test_tool/cp/test_op/flows/OP-IDToken-C-Signature.json I believe that test will be included for 'none' and will fail (as it seems to insist that the id_token is signed using RS256). Have I missed something?

No, you’re right! The test is there because RS256 is the default.

There is the OP-IDToken-anyalg test which is there to cover the ‘none’ case.

(The test does appear on the list if I configure with none & response_type=code: https://op.certification.openid.net:62070 )

I think we should remove it from that list.