Signed and encrypted response

The provider may sign and encrypt ID Token, UserInfo Response and Introspection Response messages.

Client registration parameters control what signing and encryption algorithms the client expects the provider to use.

ID Token

Registration parameters

NameDescription
id_token_signed_response_alg
id_token_encrypted_response_alg
id_token_encrypted_response_enc

UserInfo and Introspection response

Registration parameters

NameDescription
userinfo_signed_response_alg
userinfo_encrypted_response_alg
userinfo_encrypted_response_enc

References