- Access Tokens
- Refresh Tokens
- ID Tokens
- Proof-of-Possession (PoP) Tokens
- PKCE (RFC 7636)
- Client Management
- Authorization Requests
- User Authentication
- Error Handling
- Client Authentication
- Userinfo Endpoint
- Enabling JARM
- Device Flow (RFC 8628)
JARM (JWT Secured Authorization Response Mode for OAuth 2.0) is a response mode to encode authorization responses to JWTs. It allows authorization servers to provide secure authorization responses with signature, encryption, sender authentication, audience restriction etc.
This article describes instructions to enable JARM.
This article assumes that you have registered a set of JWK to your Authlete service. See the related KB article for the registration. The following screenshot is an example showing the registered JWK set.
Log in to Developer Console that corresponds to the service above, and you will see "Your Apps” page that includes a list of clients of the service. Click “Edit” button of the client that may ask the service to create JARM compliant authorization responses.
Go to Authorization tab and you will see "Authorization Response Signature Algorithm” in Authorization Endpoint section. Choose an appropriate algorithm that matches to the one of keys. For example, in this article, “ES256” has been selected because it is the only algorithm registered to the service.
Now that you have completed the basic JARM settings for the Authlete service, that supports authorization requests including JARM parameters e.g. response_mode=jwt. The service will make an authorization response in accordance with the request parameter, for example:
https://client.example.org/cb/example.com ?response=eyJraWQiOiIxIiwiYWxnIjoiRVMyNTYifQ. eyJhdWQiOiIxNzU2NjE2MDYwMzc2NiIsImNvZGUiOiJF V2RYbkE0TEZYRFNGTGVnTmlMTVRoUHlITjhwTUlaelVN Tmo5N28wbnBJIiwiaXNzIjoiaHR0cHM6Ly9hcy5leGFt cGxlLmNvbSIsImV4cCI6MTU5MTA4MDk0OH0. dGi84kTrwX-5bX3S0Mca7_2f7GhEnGt6Dj01b60s67GP VJkwzuEr9y8C2KLgEpkS35zZO41mmRNkpRo8NUlkvw
How did we do with this article?