Request-object (Section)#
Path: /profiles/profile{id, type}/settings/authorization-server/request-object
The settings for allowing a request to be provided through a by-value or by-reference request object. By-value request objects are passed using the ‘request’ parameter whereas by-reference ones are provided in the ‘request-uri’ parameter. When enabled, a client can be required to provide a request object JWT. Additional restrictions per the relevant specifications are applied when used at the CIBA and PAR endpoints.
Parameters#
| Name | Type | Required | Default | Description |
|---|---|---|---|---|
| maximum-lifetime | int16 | optional | The maximum number of minutes (from the ‘nbf’ claims to the ‘exp’ claim) that a request object should be valid for | |
| required-claim | multi-value, non-empty-string | optional | The list of claims that must be inside the request object. | |
| require-parameters-as-claims | boolean | optional | DEPRECATED: If enabled, all authorization request parameters must be inside the request object, as claims, with the exception of request and request_uri. If a parameter is also present in the query string or form then it needs to have the same value as the claim inside the request object. | |
| request-object-parameter-handling | enumeration | optional | How claims in request objects and (form or query string) parameters are combined |
Subsections#
| Name | Type | Description |
|---|---|---|
| encrypted-jwt | Section | The request object JWT must be encrypted and signed |
| asymmetrically-signed-jwt | Section | Allowed asymmetric signing algorithms for request object JWTs |