<div dir="auto"><div>From the connect registration spec<div dir="auto"><br></div><div dir="auto"><dt style="font-family:verdana,charcoal,helvetica,arial,sans-serif;background-color:rgb(255,255,255)">id_token_encrypted_response_alg</dt><dd style="font-family:verdana,charcoal,helvetica,arial,sans-serif;background-color:rgb(255,255,255)">OPTIONAL. JWE <tt style="color:rgb(0,51,102);font-family:'courier new','courier',monospace;font-size:small">alg</tt> algorithm <a href="http://openid.net/specs/openid-connect-registration-1_0.html#JWA" style="font-weight:bold;text-decoration-line:none;color:rgb(102,51,51);background-color:transparent">[JWA]</a> REQUIRED for encrypting the ID Token issued to this Client. If this is requested, the response will be signed then encrypted, with the result being a Nested JWT, as defined in <a href="http://openid.net/specs/openid-connect-registration-1_0.html#JWT" style="font-weight:bold;text-decoration-line:none;color:rgb(102,51,51);background-color:transparent">[JWT]</a>. The default, if omitted, is that no encryption is performed.</dd><dt style="font-family:verdana,charcoal,helvetica,arial,sans-serif;background-color:rgb(255,255,255)">id_token_encrypted_response_enc</dt><dd style="font-family:verdana,charcoal,helvetica,arial,sans-serif;background-color:rgb(255,255,255)">OPTIONAL. JWE <tt style="color:rgb(0,51,102);font-family:'courier new','courier',monospace;font-size:small">enc</tt> algorithm <a href="http://openid.net/specs/openid-connect-registration-1_0.html#JWA" style="font-weight:bold;text-decoration-line:none;color:rgb(102,51,51);background-color:transparent">[JWA]</a> REQUIRED for encrypting the ID Token issued to this Client. If <tt style="color:rgb(0,51,102);font-family:'courier new','courier',monospace;font-size:small">id_token_encrypted_response_alg</tt> is specified, the default for this value is <tt style="color:rgb(0,51,102);font-family:'courier new','courier',monospace;font-size:small">A128CBC-HS256</tt>. When <tt style="color:rgb(0,51,102);font-family:'courier new','courier',monospace;font-size:small">id_token_encrypted_response_enc</tt> is included,<tt style="color:rgb(0,51,102);font-family:'courier new','courier',monospace;font-size:small">id_token_encrypted_response_alg</tt> MUST also be provided.</dd><dt style="font-family:verdana,charcoal,helvetica,arial,sans-serif;background-color:rgb(255,255,255)">userinfo_signed_response_alg</dt><dd style="font-family:verdana,charcoal,helvetica,arial,sans-serif;background-color:rgb(255,255,255)">OPTIONAL. JWS <tt style="color:rgb(0,51,102);font-family:'courier new','courier',monospace;font-size:small">alg</tt> algorithm <a href="http://openid.net/specs/openid-connect-registration-1_0.html#JWA" style="font-weight:bold;text-decoration-line:none;color:rgb(102,51,51);background-color:transparent">[JWA]</a> REQUIRED for signing UserInfo Responses. If this is specified, the response will be <a href="http://openid.net/specs/openid-connect-registration-1_0.html#JWT" style="font-weight:bold;text-decoration-line:none;color:rgb(102,51,51);background-color:transparent">JWT</a> [JWT] serialized, and signed using JWS. The default, if omitted, is for the UserInfo Response to return the Claims as a UTF-8 encoded JSON object using the <tt style="color:rgb(0,51,102);font-family:'courier new','courier',monospace;font-size:small">application/json</tt> content-type.</dd><dd style="font-family:verdana,charcoal,helvetica,arial,sans-serif;background-color:rgb(255,255,255)"><br></dd><dd style="font-family:verdana,charcoal,helvetica,arial,sans-serif;background-color:rgb(255,255,255)"><br></dd><dd style="font-family:verdana,charcoal,helvetica,arial,sans-serif;background-color:rgb(255,255,255)"><br></dd></div>I have no idea if the IDP you are registering with supports encrypted user_info responses.  Most will just ignore those parameters.  </div><div dir="auto"><br></div><div dir="auto">John B.  <br><div class="gmail_extra" dir="auto"><br><div class="gmail_quote">On Jun 12, 2017 6:56 AM, "Bhathiya Jayasekara" <<a href="mailto:tobhathiyaj@gmail.com">tobhathiyaj@gmail.com</a>> wrote:<br type="attribution"><blockquote class="quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Hi all,<div><br></div><div>I'm trying to receive JWT responses for userinfo requests. As per the DCR spec I have to send following values in DCR request.</div><div><br></div><div><dt style="color:rgb(0,0,0);font-family:verdana,charcoal,helvetica,arial,sans-serif">userinfo_encrypted_response_<wbr>alg<br></dt><dt style="color:rgb(0,0,0);font-family:verdana,charcoal,helvetica,arial,sans-serif">userinfo_encrypted_response_<wbr>enc</dt><dt style="color:rgb(0,0,0);font-family:verdana,charcoal,helvetica,arial,sans-serif">userinfo_signed_response_alg<br></dt><dt style="color:rgb(0,0,0);font-family:verdana,charcoal,helvetica,arial,sans-serif"><br></dt><dt style="color:rgb(0,0,0);font-family:verdana,charcoal,helvetica,arial,sans-serif">But I don't understand the difference between the first 2 values. Could you please be kind enough to give me some explanation. Maybe an example would be great.</dt><dt style="color:rgb(0,0,0);font-family:verdana,charcoal,helvetica,arial,sans-serif"><br></dt><dt style="color:rgb(0,0,0);font-family:verdana,charcoal,helvetica,arial,sans-serif">Thanks,</dt><dt style="color:rgb(0,0,0);font-family:verdana,charcoal,helvetica,arial,sans-serif">Bhathiya</dt><dd style="color:rgb(0,0,0);font-family:verdana,charcoal,helvetica,arial,sans-serif"><br></dd></div></div>
<br>______________________________<wbr>_________________<br>
specs mailing list<br>
<a href="mailto:specs@lists.openid.net">specs@lists.openid.net</a><br>
<a href="http://lists.openid.net/mailman/listinfo/openid-specs" rel="noreferrer" target="_blank">http://lists.openid.net/<wbr>mailman/listinfo/openid-specs</a><br>
<br></blockquote></div><br></div></div></div>