Table of Contents
JARM (JWT Secured Authorization Response Mode for OAuth 2.0) is a response mode to encode authorization responses to JWTs. It allows authorization servers to provide secure authorization responses with signature, encryption, sender authentication, audience restriction etc.
This article describes instructions to enable JARM.
This article assumes that you have registered a set of JWK to your Authlete service. See the related KB article for the registration. The following screenshot is an example showing the registered JWK set.
Log in to Developer Console that corresponds to the service above, and you will see “Your Apps” page that includes a list of clients of the service. Click “Edit” button of the client that may ask the service to create JARM compliant authorization responses.
Go to Authorization tab and you will see “Authorization Response Signature Algorithm” in Authorization Endpoint section. Choose an appropriate algorithm that matches to the one of keys. For example, in this article, “ES256” has been selected because it is the only algorithm registered to the service.
Now that you have completed the basic JARM settings for the Authlete service, that supports authorization requests including JARM parameters e.g. response_mode=jwt . The service will make an authorization response in accordance with the request parameter, for example:
https://client.example.org/cb/example.com
?response=eyJraWQiOiIxIiwiYWxnIjoiRVMyNTYifQ.
eyJhdWQiOiIxNzU2NjE2MDYwMzc2NiIsImNvZGUiOiJF
V2RYbkE0TEZYRFNGTGVnTmlMTVRoUHlITjhwTUlaelVN
Tmo5N28wbnBJIiwiaXNzIjoiaHR0cHM6Ly9hcy5leGFt
cGxlLmNvbSIsImV4cCI6MTU5MTA4MDk0OH0.
dGi84kTrwX-5bX3S0Mca7_2f7GhEnGt6Dj01b60s67GP
VJkwzuEr9y8C2KLgEpkS35zZO41mmRNkpRo8NUlkvw