Cannot run any oidcc-basic-certification-test-plan tests without a jwks_uri, even for an OP that only supports unsigned tokens compliant with the exception in OICC 1.0 Section 15.1

What did you do?

Ran the odcc-basic-certification-test-plan tests against an OP which meets the exception criteria in OICCC 1.0 Section 15.1 for unsigned-only ID Tokens. Since there is no public key, and therefore no jkws_uri, that field was left blank in the test plan configuration.

What did you expect would happen?

Tests able to run.

What did happen?

All tests error with FAILURE FetchServerKeys: Didn't find jwks_uri in the server configuration.

Please reference and quote any relevant OAuth2 / OpenID Connect / FAPI specification clauses that support your expectations

OpenID Connect Core 1.0, section 15.1 "Mandatory to Implement Features for All OpenID Providers" states:

https://openid.net/specs/openid-connect-core-1_0.html#ServerMTI

OPs MUST support signing ID Tokens with the RSA SHA-256 algorithm (an alg value of RS256), unless the OP only supports returning ID Tokens from the Token Endpoint (as is the case for the Authorization Code Flow) and only allows Clients to register specifying none as the requested ID Token signing algorithm.

The OP under test only supports returning ID Tokens from the Token Endpoint, does not use dynamic client registration, and per this section only supports none as the ID Token signing algorithm.

If you believe a failure the conformance suite is reporting is not a valid failure, you MUST include a hyperlink for the exact section of the relevant specification that explains how the behaviour of your software is compliant, and you MUST include a quote of the exact clause/phrase you are relying on

If the problem relates to a test, please provide a link to the log-detail.html page on our server (the test result does NOT need to be 'published')

Example log-detail.html page: https://www.certification.openid.net/log-detail.html?log=nTlq2EZ4jnU5H4O