introspection_ endpoint_ auth_ signing_ alg_ values_ supported
Registry Context
Lists the JWS signing algorithms an authorization server supports for JWT-based client authentication at its introspection endpoint.
Technical Summary
An optional authorization server metadata member containing a JSON array of JWS "alg" values supported for signatures on JWTs used with private_key_jwt and client_secret_jwt authentication at the introspection endpoint. It must be present when either method is advertised in introspection_endpoint_auth_methods_supported and must not contain "none".
When Used
Used by clients to discover supported JWT signing algorithms for authentication to the token introspection endpoint.
Normative Requirements
Authorization servers
RFC 8414 - Section 2
Include the value "none" in introspection_endpoint_auth_signing_alg_values_supported..
The value "none" MUST NOT be used.
RFC 8414 - Section 2
Include introspection_endpoint_auth_signing_alg_values_supported..
Condition: If private_key_jwt or client_secret_jwt is specified in introspection_endpoint_auth_methods_supported.
This metadata entry MUST be present if either of these authentication methods are specified
RFC 8414 - Section 2
Publish introspection_endpoint_auth_signing_alg_values_supported as a JSON array of supported JWS signing algorithm values..
Condition: For JWT client authentication using private_key_jwt or client_secret_jwt at the introspection endpoint.
OPTIONAL. JSON array containing a list of the JWS signing algorithms ("alg" values) supported by the introspection endpoint
Validation Guidance
If present, verify that the value is a JSON array of JWS signing algorithm identifiers supported for introspection endpoint JWT client authentication.
If introspection_endpoint_auth_methods_supported includes private_key_jwt or client_secret_jwt, require introspection_endpoint_auth_signing_alg_values_supported to be present.
Flag any occurrence of "none" in introspection_endpoint_auth_signing_alg_values_supported.
Do not infer any default signing algorithms when introspection_endpoint_auth_signing_alg_values_supported is omitted.
Reference
Details
- Entry Id
introspection_endpoint_ auth_ signing_ alg_ values_ supported - Metadata Name
introspection_endpoint_ auth_ signing_ alg_ values_ supported - Metadata Description
JSON array containing a list of the JWS signing algorithms supported by the introspection endpoint for the signature on the JWT used to authenticate the client at the introspection endpoint- Change Controller
IESG- Reference
RFC8414 - Section 2