introspection_ encrypted_ response_ alg
Registry Context
This optional client metadata parameter requests encryption of JWT introspection responses.
Technical Summary
`introspection_encrypted_response_alg` selects the JWE `alg` value used for content key encryption. When specified, the introspection response is encrypted using JWE and the content encryption algorithm configured by `introspection_encrypted_response_enc`.
When Used
Used when a resource server, acting as a client during dynamic client registration, wants encrypted JWT introspection responses.
Normative Requirements
Unspecified actor
RFC 9701 - Section 6
The `introspection_encrypted_response_enc` parameter must not be specified unless `introspection_encrypted_response_alg` is also set..
This parameter MUST NOT be specified without setting introspection_encrypted_response_alg.
RFC 9701 - Section 6
The `introspection_encrypted_response_alg` client metadata parameter is optional..
introspection_encrypted_response_alg OPTIONAL.
Validation Guidance
If present, verify that the value identifies a JWE `alg` value defined in JWA for content key encryption.
If `introspection_encrypted_response_enc` is present, require `introspection_encrypted_response_alg` to also be present.
If omitted, no encryption is performed by default.
Security Notes
RFC 9701 - Section 6
When both signing and encryption are requested, the response is signed and then encrypted as a Nested JWT.
Reference
Details
- Entry Id
introspection_encrypted_ response_ alg - Client Metadata Name
introspection_encrypted_ response_ alg - Client Metadata Description
String value specifying the desired introspection response content key encryption algorithm (alg value)- Change Controller
IETF- Reference
RFC9701 - Section 6