[Openid-specs-ab] RP Tests: ID Token signature validation for code flow
wdenniss at google.com
Sun Mar 26 18:13:28 UTC 2017
Regarding the 'code' response type tests
<https://rp.certification.openid.net:8080/list?profile=C>, my understanding
is that it's not necessary to validate the ID Token signature as it was
obtained via a HTTPS connection to the OP.
This test follows that logic:
However, these 4 tests assume signature validation for the code flow:
Can they be made optional for the 'code' response type tests?
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Openid-specs-ab