@@ -692,10 +692,6 @@ impl ProviderMetadata {
692692 . token_endpoint_auth_signing_alg_values_supported
693693 . iter ( )
694694 . flatten ( ) ,
695- metadata
696- . token_endpoint_auth_methods_supported
697- . iter ( )
698- . flatten ( ) ,
699695 ) ?;
700696
701697 if let Some ( url) = & metadata. revocation_endpoint {
@@ -708,33 +704,18 @@ impl ProviderMetadata {
708704 . revocation_endpoint_auth_signing_alg_values_supported
709705 . iter ( )
710706 . flatten ( ) ,
711- metadata
712- . revocation_endpoint_auth_methods_supported
713- . iter ( )
714- . flatten ( ) ,
715707 ) ?;
716708
717709 if let Some ( url) = & metadata. introspection_endpoint {
718710 validate_url ( "introspection_endpoint" , url, ExtraUrlRestrictions :: None ) ?;
719711 }
720712
721- // The list can also contain token types so remove them as we don't need to
722- // check them.
723- let introspection_methods = metadata
724- . introspection_endpoint_auth_methods_supported
725- . as_ref ( )
726- . map ( |v| {
727- v. iter ( )
728- . filter_map ( AuthenticationMethodOrAccessTokenType :: authentication_method)
729- . collect :: < Vec < _ > > ( )
730- } ) ;
731713 validate_signing_alg_values_supported (
732714 "introspection_endpoint" ,
733715 metadata
734716 . introspection_endpoint_auth_signing_alg_values_supported
735717 . iter ( )
736718 . flatten ( ) ,
737- introspection_methods. into_iter ( ) . flatten ( ) ,
738719 ) ?;
739720
740721 if let Some ( url) = & metadata. userinfo_endpoint {
@@ -1099,12 +1080,6 @@ pub enum ProviderMetadataVerificationError {
10991080#[ error( "missing `implicit` grant type" ) ]
11001081 GrantTypesMissingImplicit ,
11011082
1102- /// The given endpoint is missing auth signing algorithm values, but they
1103- /// are required because it supports at least one of the `client_secret_jwt`
1104- /// or `private_key_jwt` authentication methods.
1105- #[ error( "{0} missing auth signing algorithm values" ) ]
1106- MissingAuthSigningAlgValues ( & ' static str ) ,
1107-
11081083 /// `none` is in the given endpoint's signing algorithm values, but is not
11091084/// allowed.
11101085#[ error( "{0} signing algorithm values contain `none`" ) ]
@@ -1176,32 +1151,14 @@ fn validate_url(
11761151fn validate_signing_alg_values_supported < ' a > (
11771152 endpoint : & ' static str ,
11781153 values : impl Iterator < Item = & ' a JsonWebSignatureAlg > ,
1179- mut methods : impl Iterator < Item = & ' a OAuthClientAuthenticationMethod > ,
11801154) -> Result < ( ) , ProviderMetadataVerificationError > {
1181- let mut no_values = true ;
1182-
11831155 for value in values {
11841156 if * value == JsonWebSignatureAlg :: None {
11851157 return Err ( ProviderMetadataVerificationError :: SigningAlgValuesWithNone (
11861158 endpoint,
11871159 ) ) ;
11881160 }
1189-
1190- no_values = false ;
11911161 }
1192-
1193- if no_values
1194- && methods. any ( |method| {
1195- matches ! (
1196- method,
1197- OAuthClientAuthenticationMethod :: ClientSecretJwt
1198- | OAuthClientAuthenticationMethod :: PrivateKeyJwt
1199- )
1200- } )
1201- {
1202- return Err ( ProviderMetadataVerificationError :: MissingAuthSigningAlgValues ( endpoint) ) ;
1203- }
1204-
12051162 Ok ( ( ) )
12061163}
12071164
@@ -1543,36 +1500,32 @@ mod tests {
15431500 Some ( vec ! [ JsonWebSignatureAlg :: Rs256 , JsonWebSignatureAlg :: EdDsa ] ) ;
15441501 metadata. clone ( ) . validate ( & issuer) . unwrap ( ) ;
15451502
1546- // Err - `client_secret_jwt` without signing alg values.
1503+ // Ok - `client_secret_jwt` with signing alg values.
15471504 metadata. token_endpoint_auth_methods_supported =
15481505 Some ( vec ! [ OAuthClientAuthenticationMethod :: ClientSecretJwt ] ) ;
1549- metadata. token_endpoint_auth_signing_alg_values_supported = None ;
1550- let endpoint = assert_matches ! (
1551- metadata. clone( ) . validate( & issuer) ,
1552- Err ( ProviderMetadataVerificationError :: MissingAuthSigningAlgValues ( endpoint) ) => endpoint
1553- ) ;
1554- assert_eq ! ( endpoint, "token_endpoint" ) ;
1555-
1556- // Ok - `client_secret_jwt` with signing alg values.
15571506 metadata. token_endpoint_auth_signing_alg_values_supported =
15581507 Some ( vec ! [ JsonWebSignatureAlg :: Rs256 ] ) ;
15591508 metadata. clone ( ) . validate ( & issuer) . unwrap ( ) ;
15601509
1561- // Err - `private_key_jwt` without signing alg values.
1510+ // Ok - `private_key_jwt` with signing alg values.
15621511 metadata. token_endpoint_auth_methods_supported =
15631512 Some ( vec ! [ OAuthClientAuthenticationMethod :: PrivateKeyJwt ] ) ;
1564- metadata. token_endpoint_auth_signing_alg_values_supported = None ;
1565- let endpoint = assert_matches ! (
1566- metadata. clone( ) . validate( & issuer) ,
1567- Err ( ProviderMetadataVerificationError :: MissingAuthSigningAlgValues ( endpoint) ) => endpoint
1568- ) ;
1569- assert_eq ! ( endpoint, "token_endpoint" ) ;
1570-
1571- // Ok - `private_key_jwt` with signing alg values.
15721513 metadata. token_endpoint_auth_signing_alg_values_supported =
15731514 Some ( vec ! [ JsonWebSignatureAlg :: Rs256 ] ) ;
15741515 metadata. clone ( ) . validate ( & issuer) . unwrap ( ) ;
15751516
1517+ // Ok - `client_secret_jwt` without signing alg values.
1518+ metadata. token_endpoint_auth_methods_supported =
1519+ Some ( vec ! [ OAuthClientAuthenticationMethod :: ClientSecretJwt ] ) ;
1520+ metadata. token_endpoint_auth_signing_alg_values_supported = None ;
1521+ metadata. clone ( ) . validate ( & issuer) . unwrap ( ) ;
1522+
1523+ // Ok - `private_key_jwt` without signing alg values.
1524+ metadata. token_endpoint_auth_methods_supported =
1525+ Some ( vec ! [ OAuthClientAuthenticationMethod :: PrivateKeyJwt ] ) ;
1526+ metadata. token_endpoint_auth_signing_alg_values_supported = None ;
1527+ metadata. clone ( ) . validate ( & issuer) . unwrap ( ) ;
1528+
15761529 // Ok - Other auth methods without signing alg values.
15771530 metadata. token_endpoint_auth_methods_supported = Some ( vec ! [
15781531 OAuthClientAuthenticationMethod :: ClientSecretBasic ,
0 commit comments