From 80e57ec7e935e7d0704fd7c41d75dd1d33cbc9c1 Mon Sep 17 00:00:00 2001 From: Jinna Kiisuo Date: Mon, 9 Sep 2024 21:50:38 +0300 Subject: [PATCH] Flip the logic the correct way around for alg verify --- src/idpyoidc/message/oidc/__init__.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/idpyoidc/message/oidc/__init__.py b/src/idpyoidc/message/oidc/__init__.py index 7ac39c11..da8cd844 100644 --- a/src/idpyoidc/message/oidc/__init__.py +++ b/src/idpyoidc/message/oidc/__init__.py @@ -945,7 +945,7 @@ def verify(self, **kwargs): # Check that any alg that is not "none" is supported. # While OpenID Connect Core 1.0 says RS256 MUST be supported, # reality has moved on and more modern alg values may be required. - if any(lower(i) != "none" for i in self["id_token_signing_alg_values_supported"]: + if not any(lower(i) == "none" for i in self["id_token_signing_alg_values_supported"]: raise ValueError("Secure signing algorithm (for example RS256 or ES256) missing from id_token_signing_alg_values_supported") if not parts.query and not parts.fragment: