oauth2.dev

introspection_encryption_enc_values_supported

IETF

Registry Context

This optional OAuth authorization server metadata parameter lists the JWE content encryption algorithms supported by the introspection endpoint for encrypting JWT introspection responses.

Technical Summary

The value is a JSON array of JWE enc values, as defined in JWA, supported for introspection response content encryption. It describes content encryption, not content-encryption-key encryption.

When Used

Resource servers use the published algorithm metadata to parameterize their client registration requests.

Normative Requirements

Authorization servers

SHOULD
1
  1. RFC 9701 - Section 7

    publish the supported algorithms for signing and encrypting JWT introspection responses using OAuth 2.0 Authorization Server Metadata parameters.

    Authorization servers SHOULD publish the supported algorithms for signing and encrypting the JWT of an introspection response

OPTIONAL
1
  1. RFC 9701 - Section 7

    include introspection_encryption_enc_values_supported as a JSON array of JWE enc values, as defined in JWA, supported by the introspection endpoint for response content encryption.

    OPTIONAL. JSON array containing a list of the JWE encryption algorithms (enc values)

Validation Guidance

info

Do not report omission of introspection_encryption_enc_values_supported as an error because the parameter is OPTIONAL.

error

If present, require introspection_encryption_enc_values_supported to be a JSON array containing JWE enc values supported by the introspection endpoint for response content encryption.

warning

Warn when an authorization server does not publish its supported JWT introspection-response encryption algorithms through OAuth 2.0 Authorization Server Metadata.

Reference

Details

Entry Id
introspection_encryption_enc_values_supported
Metadata Name
introspection_encryption_enc_values_supported
Metadata Description
JSON array containing a list of algorithms supported by the authorization server for introspection response content encryption (enc value)
Change Controller
IETF
Reference
RFC9701 - Section 7