fix: request_object_signing_alg_values_supported 'none' and 'RS256'

azmeuk · azmeuk · commit ca468d8d9aac · 2025-04-02T09:11:41.000+02:00
values are optional.

oidc-discovery indicates that 'Servers SHOULD support none and RS256.'
but RFC2119 indicates that 'SHOULD' is synonym of 'RECOMMENDED' and not
of 'REQUIRED'
diff --git a/authlib/oidc/discovery/models.py b/authlib/oidc/discovery/models.py
@@ -159,13 +159,6 @@ def validate_request_object_signing_alg_values_supported(self):
                 '"request_object_signing_alg_values_supported" MUST be JSON array'
             )
 
-        # Servers SHOULD support none and RS256
-        if "none" not in values or "RS256" not in values:
-            raise ValueError(
-                '"request_object_signing_alg_values_supported" '
-                "SHOULD support none and RS256"
-            )
-
     def validate_request_object_encryption_alg_values_supported(self):
         """OPTIONAL. JSON array containing a list of the JWE encryption
         algorithms (alg values) supported by the OP for Request Objects.
diff --git a/tests/core/test_oidc/test_discovery.py b/tests/core/test_oidc/test_discovery.py
@@ -94,12 +94,6 @@ def test_validate_request_object_signing_alg_values_supported(self):
         self._call_validate_array(
             "request_object_signing_alg_values_supported", ["none", "RS256"]
         )
-        metadata = OpenIDProviderMetadata(
-            {"request_object_signing_alg_values_supported": ["RS512"]}
-        )
-        with self.assertRaises(ValueError) as cm:
-            metadata.validate_request_object_signing_alg_values_supported()
-        self.assertIn("SHOULD support none and RS256", str(cm.exception))
 
     def test_validate_request_object_encryption_alg_values_supported(self):
         self._call_validate_array(
