Hello Bahador, Yes, oxAuth supports encrypted JWE Authorization Request Object. (Also supports encrypted id_token and user_info). In the configuration endpoint you can see the list of supported algorithms: https://ce-dev4.gluu.org/.well-known/openid-configuration ``` "request_object_encryption_alg_values_supported": [ "RSA1_5", "RSA-OAEP", "A128KW", "A256KW" ], "request_object_encryption_enc_values_supported": [ "A128CBC+HS256", "A256CBC+HS512", "A128GCM", "A256GCM" ], ``` Here is a complete example that uses Alg=RSA15 and Enc=A128CBCPLUSHS256 to encrypt the Authorization Request Object, the ID Token and the User Info: https://github.com/GluuFederation/oxAuth/blob/master/Client/src/test/java/org/xdi/oxauth/ws/rs/MultivaluedClaims.java#L2584 Best Regards Javier

Thanks for your reply. I wonder why there is no key with encryption usage in jwks_uri of authorization server (The client cannot encrypt its authorization request object since there is no enc key in jwks_uri of authorization server) Should I add a new key with enc usage to the authorization server's keystore, and if yes how to? **UPDATE**: I found [this](https://github.com/GluuFederation/oxAuth/issues/91) open issue in oxAuth. It seems this feature is not yet supported.