feat: graduate jwtResponseModes (JARM) feature as stable

README.md

@@ -36,6 +36,7 @@ _Note that not all features are enabled by default, check the configuration sect
 - [RFC9126 - OAuth 2.0 Pushed Authorization Requests (PAR)][par]
 - [RFC9207 - OAuth 2.0 Authorization Server Issuer Identifier in Authorization Response][iss-auth-resp]
 - [Financial-grade API Security Profile 1.0 - Part 2: Advanced (FAPI)][fapi]
+- [JWT Secured Authorization Response Mode for OAuth 2.0 (JARM)][jarm]
 - [OpenID Connect Client Initiated Backchannel Authentication Flow - Core 1.0 (CIBA)][ciba]
 
 Supported Access Token formats:
@@ -47,7 +48,6 @@ Supported Access Token formats:
 The following draft specifications are implemented by oidc-provider:
 
 - [JWT Response for OAuth Token Introspection - draft 10][jwt-introspection]
-- [JWT Secured Authorization Response Mode for OAuth 2.0 (JARM) - Implementer's Draft 01][jarm]
 - [Financial-grade API: Client Initiated Backchannel Authentication Profile (FAPI-CIBA) - Implementer's Draft 01][fapi-ciba]
 - [OAuth 2.0 Demonstration of Proof-of-Possession at the Application Layer (DPoP) - draft 03][dpop]
 
@@ -141,7 +141,7 @@ actions and i.e. emit metrics that react to specific triggers. See the list of a
 [mtls]: https://www.rfc-editor.org/rfc/rfc8705.html
 [dpop]: https://tools.ietf.org/html/draft-ietf-oauth-dpop-03
 [resource-indicators]: https://www.rfc-editor.org/rfc/rfc8707.html
-[jarm]: https://openid.net/specs/openid-financial-api-jarm-ID1.html
+[jarm]: https://openid.net/specs/oauth-v2-jarm.html
 [jwt-at]: https://www.rfc-editor.org/rfc/rfc9068.html
 [paseto-at]: https://paseto.io
 [support-sponsor]: https://github.com/sponsors/panva

docs/README.md

@@ -1178,18 +1178,14 @@ _**default value**_:
 
 ### features.jwtResponseModes
 
-[openid-financial-api-jarm-ID1](https://openid.net/specs/openid-financial-api-jarm-ID1.html) - JWT Secured Authorization Response Mode (JARM)  
+[JWT Secured Authorization Response Mode (JARM)](https://openid.net/specs/oauth-v2-jarm.html)  
 
-Enables JWT Secured Authorization Responses   
-
-
-_**recommendation**_: Updates to draft specification versions are released as MINOR library versions, if you utilize these specification implementations consider using the tilde `~` operator in your package.json since breaking changes may be introduced as part of these version updates. Alternatively, [acknowledge](#features) the version and be notified of breaking changes as part of your CI.  
+Enables JWT Secured Authorization Responses  
 
 
 _**default value**_:
 ```js
 {
-  ack: undefined,
   enabled: false
 }
 ```

lib/helpers/defaults.js

@@ -1347,17 +1347,11 @@ function getDefaults() {
       /*
        * features.jwtResponseModes
        *
-       * title: [openid-financial-api-jarm-ID1](https://openid.net/specs/openid-financial-api-jarm-ID1.html) - JWT Secured Authorization Response Mode (JARM)
+       * title: [JWT Secured Authorization Response Mode (JARM)](https://openid.net/specs/oauth-v2-jarm.html)
        *
        * description: Enables JWT Secured Authorization Responses
-       *
-       * recommendation: Updates to draft specification versions are released as MINOR library versions,
-       * if you utilize these specification implementations consider using the tilde `~` operator
-       * in your package.json since breaking changes may be introduced as part of these version
-       * updates. Alternatively, [acknowledge](#features) the version and be notified of breaking
-       * changes as part of your CI.
        */
-      jwtResponseModes: { enabled: false, ack: undefined },
+      jwtResponseModes: { enabled: false },
 
       /*
        * features.pushedAuthorizationRequests

lib/helpers/features.js

@@ -8,6 +8,7 @@ const STABLE = new Set([
   'encryption',
   'fapi',
   'introspection',
+  'jwtResponseModes',
   'jwtUserinfo',
   'mTLS',
   'pushedAuthorizationRequests',
@@ -33,12 +34,6 @@ const DRAFTS = new Map(Object.entries({
     url: 'https://tools.ietf.org/html/draft-ietf-oauth-jwt-introspection-response-10',
     version: ['draft-09', 'draft-10'],
   },
-  jwtResponseModes: {
-    name: 'JWT Secured Authorization Response Mode for OAuth 2.0 - Implementer\'s Draft 01',
-    type: 'OIDF FAPI WG Implementer\'s Draft',
-    url: 'https://openid.net/specs/openid-financial-api-jarm-ID1.html',
-    version: [1, 2, 'draft-02', 'implementers-draft-01'],
-  },
   webMessageResponseMode: {
     name: 'OAuth 2.0 Web Message Response Mode - draft 00',
     type: 'Individual draft',