docs: add request object doc#14126
Open
ossdhaval wants to merge 1 commit into
Open
Conversation
Signed-off-by: Dhaval D <343411+ossdhaval@users.noreply.github.com>
Member
✅ Snyk checks have passed. No issues have been found so far.
💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse. |
Contributor
📝 WalkthroughWalkthroughThis PR adds comprehensive documentation for OpenID Connect Request Objects in Janssen Server. The main documentation file replaces placeholder content with detailed sections covering how to pass authorization request parameters as signed and optionally encrypted JWTs, validation rules, server and client configuration, error handling, and discovery metadata. A brief cross-reference is also added to the authorization endpoint documentation. ChangesOpenID Connect Request Objects Documentation
Estimated code review effort🎯 2 (Simple) | ⏱️ ~12 minutes Suggested labels
Suggested reviewers
🚥 Pre-merge checks | ✅ 5✅ Passed checks (5 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
mo-auto
added
area-documentation
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
Contributor
There was a problem hiding this comment.
Actionable comments posted: 2
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@docs/janssen-server/auth-server/openid-features/request-objects.md`:
- Around line 160-161: Add step-by-step CLI and TUI guidance plus screenshots to
the "Configure global Request Object settings" section that currently only
references Janssen TUI / Config API; specifically, include an example CLI
sequence using the Janssen config-api client (showing the exact command(s) to
set request object properties), a TUI walkthrough labeled "Auth Server ->
Properties -> Request Objects" with 3 annotated screenshots (open list, edit
modal, save/confirm), and a short example JSON payload for the Config API call
to mirror the CLI/TUI change. Update the text around the existing "Janssen TUI"
and "Auth Server -> Properties" references to link to the new screenshots and
the Config API example so readers can follow either path.
- Line 194: Replace the camelCase server property name with the discovery claim
name: change any occurrences of "requireRequestUriRegistration" to the discovery
claim "require_request_uri_registration" in the request_uris table/description
(and the nearby occurrences noted around lines 219-222) so the doc consistently
references the runtime discovery metadata key used by clients and discovery
responses.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Organization UI
Review profile: ASSERTIVE
Plan: Pro
Run ID: f135f480-a167-4bed-a945-e4debf3b4327
📒 Files selected for processing (2)
docs/janssen-server/auth-server/endpoints/authorization.mddocs/janssen-server/auth-server/openid-features/request-objects.md
Comment on lines
+160
to
+161
| Configure global Request Object settings using the [Janssen TUI](../../config-guide/config-tools/jans-tui/README.md) (`Auth Server` -> `Properties`) or Config API. | ||
|
|
Contributor
There was a problem hiding this comment.
Missing required command-line + screenshot guidance for configuration flow.
The issue scope asks for TUI/command-line instructions and screenshots, but this page currently only references TUI/API at a high level (Line 160 and Line 187) without actionable CLI steps or UI screenshots. Please add at least one concrete CLI path and corresponding screenshots so this can fully satisfy the linked objective.
Also applies to: 187-188
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@docs/janssen-server/auth-server/openid-features/request-objects.md` around
lines 160 - 161, Add step-by-step CLI and TUI guidance plus screenshots to the
"Configure global Request Object settings" section that currently only
references Janssen TUI / Config API; specifically, include an example CLI
sequence using the Janssen config-api client (showing the exact command(s) to
set request object properties), a TUI walkthrough labeled "Auth Server ->
Properties -> Request Objects" with 3 annotated screenshots (open list, edit
modal, save/confirm), and a short example JSON payload for the Config API call
to mirror the CLI/TUI change. Update the text around the existing "Janssen TUI"
and "Auth Server -> Properties" references to link to the new screenshots and
the Config API example so readers can follow either path.
| | `request_object_signing_alg` | JWS algorithm that must be used to sign Request Objects sent to the OP. Request Objects signed with another algorithm are rejected. Used for both `request` and `request_uri`. The value `none` may be used unless server policy forbids it. | | ||
| | `request_object_encryption_alg` | JWE `alg` the RP may use to encrypt Request Objects. Include this when symmetric encryption is used so the OP can derive the key from `client_secret`. If both signing and encryption are used, the object is signed then encrypted (nested JWT). | | ||
| | `request_object_encryption_enc` | JWE `enc` algorithm. If `request_object_encryption_alg` is set, `request_object_encryption_enc` should also be provided (default in spec: `A128CBC-HS256`). | | ||
| | `request_uris` | Pre-registered `request_uri` values. When the client defines this list, Janssen only accepts `request_uri` values that match. When [requireRequestUriRegistration](../../reference/json/properties/janssenauthserver-properties.md#requirerequesturiregistration) is `true` in discovery, pre-registration is required. If request file contents can change, include the base64url SHA-256 hash of the file as the URI fragment. | |
Contributor
There was a problem hiding this comment.
Use the discovery claim name (snake_case) instead of server property name in discovery context.
Line 194 says "requireRequestUriRegistration is true in discovery", but discovery uses require_request_uri_registration (as correctly listed at Line 221). This can confuse readers about where to check runtime metadata.
Suggested wording update
-| `request_uris` | Pre-registered `request_uri` values. When the client defines this list, Janssen only accepts `request_uri` values that match. When [requireRequestUriRegistration](../../reference/json/properties/janssenauthserver-properties.md#requirerequesturiregistration) is `true` in discovery, pre-registration is required. If request file contents can change, include the base64url SHA-256 hash of the file as the URI fragment. |
+| `request_uris` | Pre-registered `request_uri` values. When the client defines this list, Janssen only accepts `request_uri` values that match. When discovery claim `require_request_uri_registration` is `true` (controlled by [requireRequestUriRegistration](../../reference/json/properties/janssenauthserver-properties.md#requirerequesturiregistration)), pre-registration is required. If request file contents can change, include the base64url SHA-256 hash of the file as the URI fragment. |Also applies to: 219-222
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@docs/janssen-server/auth-server/openid-features/request-objects.md` at line
194, Replace the camelCase server property name with the discovery claim name:
change any occurrences of "requireRequestUriRegistration" to the discovery claim
"require_request_uri_registration" in the request_uris table/description (and
the nearby occurrences noted around lines 219-222) so the doc consistently
references the runtime discovery metadata key used by clients and discovery
responses.
mo-auto
approved these changes
May 21, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Prepare
Description
Target issue
closes #4731
Implementation Details
Test and Document the changes
Please check the below before submitting your PR. The PR will not be merged if there are no commits that start with
docs:to indicate documentation changes or if the below checklist is not selected.Summary by CodeRabbit
requestandrequest_uri.