oauth2.dev

introspection_encryption_alg_values_supported

IETF

Registry Context

This authorization server metadata field lists the JWE key-encryption algorithms supported by the introspection endpoint for encrypted JWT introspection responses.

Technical Summary

An optional OAuth Authorization Server Metadata parameter containing a JSON array of JWE alg values, as defined by JWA, that the introspection endpoint supports for encrypting the content encryption key of introspection responses.

When Used

Resource servers use this authorization server metadata when parameterizing their client registration requests.

Normative Requirements

Authorization servers

SHOULD
1
  1. RFC 9701 - Section 7

    Publish the supported algorithms for signing and encrypting JWT introspection responses using OAuth 2.0 Authorization Server Metadata parameters..

    Authorization servers SHOULD publish the supported algorithms for signing and encrypting the JWT of an introspection response

Unspecified actor

OPTIONAL
1
  1. RFC 9701 - Section 7

    The introspection_encryption_alg_values_supported parameter is optional and, when present, contains a JSON array of JWE alg values defined in JWA and supported by the introspection endpoint for content key encryption..

    OPTIONAL. JSON array containing a list of the JWE encryption algorithms (alg values)

Validation Guidance

info

If introspection_encryption_alg_values_supported is absent, do not report an error because the parameter is optional.

error

If introspection_encryption_alg_values_supported is present, verify that it is a JSON array of JWE alg values defined in JWA.

error

Verify that each listed algorithm is supported by the introspection endpoint for encrypting the content encryption key of introspection responses.

Reference

Details

Entry Id
introspection_encryption_alg_values_supported
Metadata Name
introspection_encryption_alg_values_supported
Metadata Description
JSON array containing a list of algorithms supported by the authorization server for introspection response content key encryption (alg value)
Change Controller
IETF
Reference
RFC9701 - Section 7