question over the key type required to be configured in the fapi2-security-profile-id2-test-plan tests specifically for the fapi2-security-profile-id2-dpop-negative-tests test
What did you do?
Created a test plan with the following configuration:
plan: fapi2-security-profile-id2-test-plan
test: fapi2-security-profile-id2-dpop-negative-tests
variant information: client_auth_type=private_key_jwt, sender_constrain=dpop, openid=openid_connect, fapi_profile=plain_fapi
plan link: https://www.certification.openid.net/plan-detail.html?plan=5CRNWvdyL2NBz
specific run link: https://www.certification.openid.net/log-detail.html?log=xTkJbfcDG58IyFq
plan ID: xTkJbfcDG58IyFq
What did you expect would happen?
I was under the impression that both EC and RSA keys could be configured in the configuration options for the tests yet when this specific test runs, I get a failure when the conformance suite attempts to sign an RS256 jwt with my EC key. Looking at the code it does attempt to use the client configured keys for this signature. Is this an issue where I've mis-configured or has the conformance tests made a mistake?
What did happen?
Stack trace attempting to sign
Please reference and quote any relevant OAuth2 / OpenID Connect / FAPI specification clauses that support your expectations
If you believe a failure the conformance suite is reporting is not a valid failure, you MUST include a hyperlink for the exact section of the relevant specification that explains how the behaviour of your software is compliant, and you MUST include a quote of the exact clause/phrase you are relying on