release OP 2.3.6 and RP 1.2.6

The certification test suite is migrating to a new service here and will be decommissioned by the end of July 2020.
You are encouraged to run the new suite for new certifications and to provide feedback, see here for details on the migration.

• add migration note to page headers

release OP 2.3.5 and RP 1.2.5

• more logout fixes

release OP 2.3.3 and RP 1.2.3

• Update to pyoidc 1.2.0
• More session management changes

release OP 2.3.2 and RP 1.2.2

• more session management and logout fixes

release OP 2.3.1 and RP 1.2.1

• Session management and logout fixes
• Update to pyoidc 1.1.2

release OP 2.3.0 and RP 1.2.0

• Add session management and logout tests/profiles
• Update to pyoidc 1.1.1
• Create new branch stable-release-1.2.x

release OP 2.2.1 and RP 1.1.7

• OP: Handle http 401 response with or without response body.

• OP: Fix comparison of types in check_support

• Added new docker configuration for running integration tests locally.

• Update to pyoidc 0.15.1

• closes #89

• closes #93

• closes #94

release OP 2.2.0 and RP 1.1.6

• OP: Added checks to make sure that a mutually supported token endpoint auth method is used. #142
• OP: Added a try-except to prevent abrupt failures when response code is unexpected. Issue #7.
• OP: Don't require nonce for code+token; #14
• Change copyright year to 2019
• Fix pyoidc to version 0.14.0

release OP 2.1.7

• OP: This fixes OP-ClientAuth-Any-Dynamic for client authentication methods not supported by pyoidc e.g method 'none' for CI-OP
  • Generate a KeyError and default to client_secret_basic
• OP: Fix remote execution security vulnerability
  • Shell escape "iss" and "tag" values (provided by configuration) before passing those values to os.system calls
• OP: Supporting OP influencing choice of token endpoint authn method by using set_client_authn_method in the test description.
• Release was done by Serkan Özkan according to the release management document!

release OP 2.1.6 and RP 1.1.5

• OP: add OP-3rd_party-init-login and OP-3rd_party-init-login-nohttps; closes #129
• OP: fix error handling when c_hash is missing in Implicit/Hybrid flows; closes #124
• OP: add OP-IDToken-anyalg test
  • allow the ID token to be signed by whatever the provider chooses
• OP: add OP-UserInfo-sig-any, OP-request-Sig-any and OP-request_uri-Sig-any tests
  • support OP influencing choice of sign algorithm
• OP: improve error banner text and display JWx headers
• RP: improve rp-response_mode-form_post-error; closes #132
  • improve the test description on how to trigger an error
  • allow for authentication requests that don't have a state parameter
• replace underscores with hyphens in hostnames
  • underscores aren't RFC-legal characters in hostnames, so using them can cause client validation issues
• add subjectAltName to generated certs for Docker environment; thanks @dannysauer
• remove separate FAPI and OIDC tests directories
• updated/improved release management doc to version 2.1.0