>From the connect registration spec id_token_encrypted_response_algOPTIONAL. JWE alg algorithm [JWA] <http://openid.net/specs/openid-connect-registration-1_0.html#JWA> REQUIRED for encrypting the ID Token issued to this Client. If this is requested, the response will be signed then encrypted, with the result being a Nested JWT, as defined in [JWT] <http://openid.net/specs/openid-connect-registration-1_0.html#JWT>. The default, if omitted, is that no encryption is performed. id_token_encrypted_response_encOPTIONAL. JWE enc algorithm [JWA] <http://openid.net/specs/openid-connect-registration-1_0.html#JWA> REQUIRED for encrypting the ID Token issued to this Client. If id_token_encrypted_response_alg is specified, the default for this value is A128CBC-HS256. When id_token_encrypted_response_enc is included, id_token_encrypted_response_alg MUST also be provided. userinfo_signed_response_algOPTIONAL. JWS alg algorithm [JWA] <http://openid.net/specs/openid-connect-registration-1_0.html#JWA> REQUIRED for signing UserInfo Responses. If this is specified, the response will be JWT <http://openid.net/specs/openid-connect-registration-1_0.html#JWT> [JWT] serialized, and signed using JWS. The default, if omitted, is for the UserInfo Response to return the Claims as a UTF-8 encoded JSON object using the application/json content-type.
I have no idea if the IDP you are registering with supports encrypted user_info responses. Most will just ignore those parameters. John B. On Jun 12, 2017 6:56 AM, "Bhathiya Jayasekara" <[email protected]> wrote: Hi all, I'm trying to receive JWT responses for userinfo requests. As per the DCR spec I have to send following values in DCR request. userinfo_encrypted_response_alg userinfo_encrypted_response_encuserinfo_signed_response_alg But I don't understand the difference between the first 2 values. Could you please be kind enough to give me some explanation. Maybe an example would be great. Thanks,Bhathiya _______________________________________________ specs mailing list [email protected] http://lists.openid.net/mailman/listinfo/openid-specs
_______________________________________________ specs mailing list [email protected] http://lists.openid.net/mailman/listinfo/openid-specs
