The :oauth_jwt_secured_authorization_response_mode plugin allows for encoding authorization responses in a JWT format. This JWT is signed (and can be encrypted), where the provider signs the token, and can use previously client applicatio stored JWKs to encrypt it.
Financial-grade institutions and businesses who need to improve the security of their operations and protect customer data.
plugin :rodauth do
enable :oauth_authorization_code_grant, :oauth_jwt_secured_authorization_response_mode
end
When this feature is enabled, the authorization request supports the additional values for the response_mode parameter:
query.jwt: the JWT carrying the authorization response is returned in a response query parameter sent in the redirection request.fragment.jwt: the JWT carrying the authorization response is returned in a response fragment parameter sent in the redirection request.form_post.jwt: the JWT carrying the authorization response is returned in a response form parameter sent in the POST request.jwt: if response_type is "code", then it is the same as query.jwt; if response_type is "token", then fragment.jwt.