Open jborgland opened 4 years ago
you are correct and I'm not sure how this came about but I think you can get around it by adding the "iss" parameter and value to the "initiate_login_uri" that you register for your client; can you confirm?
I can confirm that. But in that case the test doesn't at all utilize the ability it has to verify that the RP behaves as expected (by checking that it actually gets a request back, and with the right login_hint, if it provides one, etc).
I agree and we will aim to improve that in a future release.
I've tried to execute the rp-3rd_party-init-login test and after hitting the URL that is supposed to initiate the test (in my case https://rp.certification.openid.net:8080/rp/jbd/rp-3rd_party-init-login/kXuRePwN8axr) the browser does get redirected to the login initiation endpoint of my server, but without the iss parameter (which according to the specification is required).
The certification log only shows: