Support for OAuth2 JWT-Secured Authorization Request (JAR)

Basics

Logistics

Basics

Logistics

Description

Currently the OP’s request object handling follows the OIDC core specification. The OAuth2 JAR specifies how the request objects should be handled with OAuth2 authorization requests.

Environment

None

Linked issues

is blocked by

JOIDC-225

Relocate and improve lookup functions for request message contents

is related to

JOIDC-214

Response type parameter handling in authorization endpoint

JOIDC-200

Support for OAuth2 Pushed Authorization Requests (PAR)

Activity

Henri MikkonenJune 19, 2024 at 12:02 PM

Changed authorization/authentication request lookup functions to exploit a predicate for only using request object values
- By default the predicate returns true if the request is not OIDC authentication request and contains request object
Updated authorize and PAR flows to enforce request object signing whenever non-OIDC authorization request contains request object
Improved flow tests

Completed

Details
Assignee
Henri Mikkonen
Reporter
Henri Mikkonen
Components
Fix versions
4.2.0

Created June 17, 2024 at 12:34 PM

Updated October 23, 2024 at 7:33 AM

Resolved October 23, 2024 at 7:33 AM

Support for OAuth2 JWT-Secured Authorization Request (JAR)

Description

Environment

Linked issues

is blocked by

is related to

Activity

Henri MikkonenJune 19, 2024 at 12:02 PM

DetailsAssigneeHenri MikkonenHenri MikkonenReporterHenri MikkonenHenri MikkonenComponentsFix versions4.2.0

Details

Assignee

Reporter

Components

Fix versions

Details
Assignee
Henri Mikkonen
Reporter
Henri Mikkonen
Components
Fix versions
4.2.0