oauth_jwt_secured_authorization_request.rdoc

doc/oauth_jwt_secured_authorization_request.rdoc
Last Update: 2024-09-27 06:26:06 +0000

Documentation for OAuth JWT Secured Authorization Request feature

The oauth_jwt_secured_authorization_request feature implements support for the JWT-Secured Authorization Request (JAR)

datatracker.ietf.org/doc/html/rfc9101

This feature depends on the oauth_authorize_base and oauth_jwt_base features.

Value Methods

oauth_require_request_uri_registration

whether client applications are required to define “request_uris”, false by default.

oauth_require_signed_request_object

whether client applications are required to sign the request object, false by default.

oauth_request_object_signing_alg_allow_none

whether “none” is accepted as a valid request object signing alg, false by default.

oauth_applications_request_uris_column

the db column where the allowed request uris are stored, :request_uris by default.

oauth_applications_require_signed_request_object_column

the db column storing whether request signed object is required for the oauth application, :require_signed_request_object by default.

oauth_applications_request_object_encryption_alg_column

db column where to store the encryption algorithm used for the request object JWT for the oauth application, :request_object_encryption_alg by default.

oauth_applications_request_object_encryption_enc_column

db column where to store the encryption method used for the request object JWT for the oauth application, :request_object_encryption_enc by default.

oauth_applications_request_object_signing_alg_column

db column where to store the signing algorithm used for the request object JWT for the oauth application, :request_object_signing_alg by default.

oauth_invalid_request_object_message

error description for the “invalid_request” OAuth error code, "request object is invalid" by default.