In self-certification processes like the OIDC certification program, it's common for developers to certify their own software. This is because the process is designed for developers to evaluate their own implementations against the established standards and requirements set by the certification program.
Self-certification doesn't mean that the process lacks validity or rigor. On the contrary, it involves thorough testing and validation against industry standards to ensure that the software meets the necessary criteria for interoperability, security, and functionality.
If you're curious about the specifics of the process, you can find more information on the OIDC certification FAQ pages. These resources provide detailed explanations of the certification process, the criteria for certification, and the testing procedures involved.
AFAIK there's no "certifying body" that would be able to provide an external "certification".
In any case Filip Skokan has essentially made a career out of building open source OAuth stuff, so even if it's a bit humorous that he certifies his own stuff, it's likely that this implementation is one of the most compliant out there.
Self-certification doesn't mean that the process lacks validity or rigor. On the contrary, it involves thorough testing and validation against industry standards to ensure that the software meets the necessary criteria for interoperability, security, and functionality.
If you're curious about the specifics of the process, you can find more information on the OIDC certification FAQ pages. These resources provide detailed explanations of the certification process, the criteria for certification, and the testing procedures involved.