Encrypted-jwt (Section)#
Path: /profiles/profile{id, type}/settings/authorization-server/request-object/encrypted-jwt
The request object JWT must be encrypted and signed
Parameters#
| Name | Type | Required | Default | Description |
|---|---|---|---|---|
| front-channel-only | boolean | optional | false | Whether encrypted request objects should only be required for front-channel requests to the authorization endpoint. When enabled, request objects must be encrypted for front-channel requests, and may or may not be encrypted for back-channel requests. When disabled, request objects must always be encrypted. |
| decryption-key | leafref | required | A reference to a Decryption Keystore with a key | |
| allowed-algorithms | multi-value, allowed-key-management-algorithms | optional | Key Management Algorithm - the algorithm used to obtain the Content Encryption Key, and present in the ‘alg’ JWE header. If empty, any supported algorithm is allowed. | |
| allowed-content-encryption-algorithms | multi-value, allowed-content-encryption-algorithms | optional | Content Encryption Algorithm - the algorithm used to obtain the content, and present in the ‘enc’ JWE header If empty, any supported algorithm is allowed | |
| include-x5t-in-jwks | boolean | optional | true | Indicate whether to include the certificate thumbprint (‘x5t’) in the JWKS endpoint |
| include-x5c-in-jwks | boolean | optional | false | Indicate whether to include the certificate (‘x5c’) in the JWKS endpoint |