The use of request objects to sign authentication requests is optional in the iGov OIDC profile. It has been proposed that a new constraint be added to the CATS 3.0 OIDC profile in order to recommend their use as follows:
"[ODP-RP04] _Reference [iGov-OIDC] Section 2.4
Clients MAY optionally send requests to the authorization endpoint using the request parameter as defined by OpenID Connect. Clients MAY send requests to the authorization endpoint by reference using the request_uri parameter.
Request objects MUST be signed by the client's registered key. Request objects MAY be encrypted to the authorization server's public key.
CATS Support: Constrained
Clients SHOULD send requests to the authorization endpoint using the request parameter as defined by OpenID Connect."
The use of request objects to sign authentication requests is optional in the iGov OIDC profile. It has been proposed that a new constraint be added to the CATS 3.0 OIDC profile in order to recommend their use as follows:
"[ODP-RP04] _Reference [iGov-OIDC] Section 2.4 Clients MAY optionally send requests to the authorization endpoint using the request parameter as defined by OpenID Connect. Clients MAY send requests to the authorization endpoint by reference using the request_uri parameter.
Request objects MUST be signed by the client's registered key. Request objects MAY be encrypted to the authorization server's public key.
CATS Support: Constrained Clients SHOULD send requests to the authorization endpoint using the request parameter as defined by OpenID Connect."