Flip the logic the correct way around for alg verify

IdentityPython · Sep 9, 2024 · 80e57ec · 80e57ec
1 parent be4bc91
commit 80e57ec
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/src/idpyoidc/message/oidc/__init__.py b/src/idpyoidc/message/oidc/__init__.py
@@ -945,7 +945,7 @@ def verify(self, **kwargs):
         # Check that any alg that is not "none" is supported.
         # While OpenID Connect Core 1.0 says RS256 MUST be supported,
         # reality has moved on and more modern alg values may be required.
-        if any(lower(i) != "none" for i in self["id_token_signing_alg_values_supported"]:
+        if not any(lower(i) == "none" for i in self["id_token_signing_alg_values_supported"]:
             raise ValueError("Secure signing algorithm (for example RS256 or ES256) missing from id_token_signing_alg_values_supported")
 
         if not parts.query and not parts.fragment: