...
shall only establish connections to servers, including HelseID, using TLS. All TLS connections shall be set up using TLS version 1.2 or later, and follow RFC 7525.
shall be confidential clients, meaning that the client secrets used to authenticate the clients are known to HelseID prior to the authentication.
shall pass request parameters as JWT as described by OIDF in OpenID Connect, and as detailed by HelseID.
shall support client authentication using private_key_jwt”, as described by OpenID Connect for interactive sessions.
Se below for allowed algorithms
shall support sender-constrained tokens using either
Demonstrating“Demonstrating Proof-of-Possession at the Application
LayerLayer” (DPoP) as described by draft-ietf-oauth-dpop
. At the moment this specification has a draft status, so it is liable to change.
This is a future requirement and is not supported by HelseID yet
shall send access tokens in http authorization headers, as described by RFC 6750.
...