Re: [keycloak-dev] make sending a request object mandatory for certain clients

Hi! I have a use case where the server must accept authorization requests only when they contain a signed request object (should be configurable per client). I have found a way to make the signing of the request object mandatory by specifying a 'request.object.signature.alg' attribute on the client, but this only applies if a request object exists in the first place. I would like to propose a pull request: It defines a new client attribute 'request.object.required'. If this is set to 'true', the client must send a request object when initiating an authorization request. Current code can be checked here: https://github.com/abustya/ keycloak/commit/476912906a3ad0d290220a1f54abee073dba687a What do you think? Regards, Áron Bustya