Enabling JARM

Preface


This article describes instructions to enable JARM (JWT Secured Authorization Response Mode for OAuth 2.0).

Registering a JWK set to an Authlete service


This article assumes that you have registered a set of JWK to your Authlete service. See the related KB article for the registration. The following screenshot is an example showing the registered JWK set.

JWK Set Content



Enabling signing for authorization responses to a client


Log in to Developer Console that corresponds to the service above, and you will see "Your Apps” page that includes a list of clients of the service. Click “Edit” button of the client that may ask the service to create JARM compliant authorization responses.
Your Apps

Go to Authorization tab and you will see "Authorization Response Signature Algorithm” in Authorization Endpoint section. Choose an appropriate algorithm that matches to the one of keys. For example, in this article, “ES256” has been selected because it is the only algorithm registered to the service. 
Authorization Response Signature Algorithm


Testing the configuration


Now that you have completed the basic JARM settings for the Authlete service, that supports authorization requests including JARM parameters e.g. response_mode=jwt. The service will make an authorization response in accordance with the request parameter, for example:

https://client.example.org/cb/example.com
 ?response=eyJraWQiOiIxIiwiYWxnIjoiRVMyNTYifQ.
  eyJhdWQiOiIxNzU2NjE2MDYwMzc2NiIsImNvZGUiOiJF
  V2RYbkE0TEZYRFNGTGVnTmlMTVRoUHlITjhwTUlaelVN
  Tmo5N28wbnBJIiwiaXNzIjoiaHR0cHM6Ly9hcy5leGFt
  cGxlLmNvbSIsImV4cCI6MTU5MTA4MDk0OH0.
  dGi84kTrwX-5bX3S0Mca7_2f7GhEnGt6Dj01b60s67GP
  VJkwzuEr9y8C2KLgEpkS35zZO41mmRNkpRo8NUlkvw
How did we do with this article?