introspection_ encrypted_ response_ enc
Registry Context
This optional client metadata parameter specifies the JWE content encryption algorithm for encrypted introspection responses. When encryption is configured and this parameter is omitted, the default is A128CBC-HS256. It cannot be specified unless `introspection_encrypted_response_alg` is also set.
Technical Summary
Optional dynamic client registration metadata containing the JWE `enc` value used for content encryption of introspection responses. Its default is A128CBC-HS256, and it MUST NOT be specified without `introspection_encrypted_response_alg`.
When Used
When a resource server, acting as a client during dynamic registration, configures encryption for JWT introspection responses.
Normative Requirements
Resource servers
RFC 9701 - Section 6
Specify `introspection_encrypted_response_enc` without setting `introspection_encrypted_response_alg`..
"This parameter MUST NOT be specified without setting introspection_encrypted_response_alg."
RFC 9701 - Section 6
Include the `introspection_encrypted_response_enc` client metadata parameter..
For `introspection_encrypted_response_enc`: "OPTIONAL."
Validation Guidance
Report an error when `introspection_encrypted_response_enc` is specified without `introspection_encrypted_response_alg`.
When introspection-response encryption is configured and `introspection_encrypted_response_enc` is omitted, use the documented default of A128CBC-HS256.
Accept omission of `introspection_encrypted_response_enc`; the parameter is optional.
Reference
Details
- Entry Id
introspection_encrypted_ response_ enc - Client Metadata Name
introspection_encrypted_ response_ enc - Client Metadata Description
String value specifying the desired introspection response content encryption algorithm (enc value)- Change Controller
IETF- Reference
RFC9701 - Section 6