request_object_encryption_enc_values_supported

OpenID_Foundation_Artifact_Binding_WG

Registry Context

Lists the JWE content-encryption algorithms an authorization server supports for encrypted Request Objects.

Technical Summary

An authorization server metadata member containing supported JWE "enc" values for Request Objects. RFC 9101 identifies it as authorization server metadata corresponding to the client metadata member request_object_encryption_enc.

When Used

Used when a client selects a mutually supported content-encryption algorithm for an encrypted Request Object.

Normative Requirements

Authorization servers

MUST

RFC 8414 - Section 3.2
omit this metadata member when its array would contain zero elements.
Condition: when no supported values would be listed
Claims with zero elements MUST be omitted from the response.

MAY

RFC 8414 - Section 3.2
return this metadata member as an additional claim in its authorization server metadata response.
Other claims MAY also be returned.

Validation Guidance

error

If present, verify that the member is a JSON array of JWE content-encryption algorithm identifiers.

error

Reject an empty array; the authorization server must omit the member when it has no values to advertise.

info

Treat the member as optional unless an applicable profile requires its publication.

Reference

OpenID Connect Discovery 1.0 - Section 3

Details

Entry Id: request_object_encryption_enc_values_supported
Metadata Name: request_object_encryption_enc_values_supported
Metadata Description: JSON array containing a list of the JWE "enc" values supported by the OP for Request Objects
Change Controller: OpenID_Foundation_Artifact_Binding_WG
Reference: OpenID Connect Discovery 1.0 - Section 3