oauth2.dev

introspection_signed_response_alg

IETF

Registry Context

This optional client metadata parameter lets a resource server, acting as an OAuth client, specify its desired JWS algorithm for signed introspection responses. If omitted, the default is RS256.

Technical Summary

`introspection_signed_response_alg` identifies a JWS `alg` value, as defined by JWA, for signing introspection responses. If specified, the response is signed using JWS and the configured algorithm. The default when omitted is `RS256`.

When Used

When a resource server is configured as an OAuth client, such as through dynamic client registration, and wants to specify its desired signing algorithm for JWT introspection responses.

Normative Requirements

Unspecified actor

OPTIONAL
1
  1. RFC 9701 - Section 6

    The `introspection_signed_response_alg` client metadata parameter is optional..

    `introspection_signed_response_alg` OPTIONAL.

Validation Guidance

error

If present, validate that the value identifies a JWS `alg` value defined by JWA for signing introspection responses.

info

If present, use JWS and the configured algorithm to sign the introspection response.

info

Accept omission and apply `RS256` as the default signing algorithm.

Reference

Details

Entry Id
introspection_signed_response_alg
Client Metadata Name
introspection_signed_response_alg
Client Metadata Description
String value indicating the clients desired introspection response signing algorithm
Change Controller
IETF
Reference
RFC9701 - Section 6