We now always insert userinfo_signed_response_alg into the client information, but the check whether signing needs to happen is done as a "if .. in ..", meaning it's not possible to not request signing.
Metadata Update from @puiterwijk: - Issue assigned to puiterwijk
Log in to comment on this ticket.