id_ token_ encryption_ enc_ values_ supported
Registry Context
Advertises JWE content-encryption algorithms supported for encrypted ID Tokens.
Technical Summary
An OpenID Provider metadata claim containing JWE "enc" identifiers. When included in an RFC 8414 authorization server metadata response, it is an extension claim represented as a JSON array.
When Used
Used during OpenID Provider discovery when selecting content encryption for encrypted ID Tokens.
Normative Requirements
Authorization server metadata responses
RFC 8414 - Section 3.2
omit a claim that has zero elements.
Condition: when the claim returns multiple values
Claims with zero elements MUST be omitted from the response.
RFC 8414 - Section 3.2
return claims other than the metadata values defined by RFC 8414 Section 2.
Condition: when publishing extension metadata
Other claims MAY also be returned.
JWE content encryption algorithm
RFC 7516 - Section 4.1.2
be an AEAD algorithm with a specified key length.
Condition: when identified by an "enc" Header Parameter value
This algorithm MUST be an AEAD algorithm with a specified key length.
Validation Guidance
When this claim appears in an RFC 8414 authorization server metadata response, require a non-empty JSON array; a zero-element claim must be omitted.
Ensure each value identifies a JWE content-encryption algorithm suitable for the "enc" Header Parameter and that the algorithm is AEAD with a specified key length.
Treat this as an OpenID Provider metadata claim that may be returned as extension metadata in an RFC 8414 authorization server metadata response.
Reference
Details
- Entry Id
id_token_ encryption_ enc_ values_ supported - Metadata Name
id_token_ encryption_ enc_ values_ supported - Metadata Description
JSON array containing a list of the JWE "enc" values supported by the OP for the ID Token- Change Controller
OpenID_Foundation_ Artifact_ Binding_ WG - Reference
OpenID Connect Discovery 1.0 - Section 3