Page Comparison

...

1. Shall support private_key_jwt as a token endpoint authentication mechanism (client authentication method).

2. Shall include the request_uri parameter in the authorization request as defined in the 6.2 section of OpenID Connect Core specification.

3. Shall send all parameters inside the authorization request's signed request object.

4. Shall support and require signed request objects according to the OAuth JWT-Secured Authorization Request (JAR) [RFC9101] at the PAR endpoint [RFC9126].

5. Shall send the aud claim in the request object and on the client assertion as a stringclient assertion JWT as a string equal the OP's Issuer Identifier URL.

6. Shall send an exp claim in the request object that has a lifetime of no longer than 10 minutes;

7. Shall send an nbf claim in the request object.

8. Shall send the x-fapi-interaction-id request header, with its value being a unique RFC4122 UUID for each request, to help correlate log entries between the client and server, e.g: x-fapi-interaction-id: c770aef3-6784-41f7-8e0e-ff5f97bddb3a.

...