Add tests for non-RS256 sign-alg & failing a none-only sign-alg

IdentityPython · Sep 9, 2024 · 01c22cf · 01c22cf
1 parent 1897cc3
commit 01c22cf
Showing 1 changed file with 26 additions and 0 deletions.
diff --git a/tests/test_06_oidc.py b/tests/test_06_oidc.py
@@ -516,6 +516,32 @@ def test_token_endpoint_is_required_for_other_than_implicit_flow_only(self):
         with pytest.raises(MissingRequiredAttribute):
             ProviderConfigurationResponse(**provider_config).verify()
 
+    def test_required_parameters_without_rs256(self):
+        provider_config = {
+            "issuer": "https://server.example.com",
+            "authorization_endpoint": "https://server.example.com/connect/authorize",
+            "jwks_uri": "https://server.example.com/jwks.json",
+            "response_types_supported": ["code", "code id_token", "id_token", "token id_token"],
+            "subject_types_supported": ["public", "pairwise"],
+            "id_token_signing_alg_values_supported": ["none", "ES256", "HS256"],
+        }
+
+        with pytest.raises(MissingRequiredAttribute):
+            ProviderConfigurationResponse(**provider_config).verify()
+
+    def test_required_parameters_only_none_signing_alg(self):
+        provider_config = {
+            "issuer": "https://server.example.com",
+            "authorization_endpoint": "https://server.example.com/connect/authorize",
+            "jwks_uri": "https://server.example.com/jwks.json",
+            "response_types_supported": ["code", "code id_token", "id_token", "token id_token"],
+            "subject_types_supported": ["public", "pairwise"],
+            "id_token_signing_alg_values_supported": ["none"],
+        }
+
+        with pytest.raises(ValueError):
+            ProviderConfigurationResponse(**provider_config).verify()
+
 
 class TestRegistrationRequest(object):
     def test_deserialize(self):