JWT Secured Authorization Response Mode (JARM).

Builds the signed JWT an authorization server returns to a client as the single response parameter when a JWT response mode (jwt, query.jwt, fragment.jwt, form_post.jwt) is requested, giving the authorization response non-repudiation and integrity (FAPI 2.0 Message Signing §5.4).

This is conn-free core: it turns the issuer/keystore on the Attesto.Config, the client identifier, and a map of authorization-response parameters (the code/state/iss of a success, or the error/error_description/state of a failure) into a compact JWS. The transport layer (the authorization endpoint) decides the response mode and how the resulting JWT is delivered (redirect query/fragment or auto-submitting form); nothing here touches HTTP.

JWT claims (JARM §2.1)

• iss - REQUIRED, the authorization server's issuer identifier.
• aud - REQUIRED, the client the response is addressed to (client_id).
• exp - REQUIRED, expiration; the response is short-lived.
• iat - the issuance time.
• every supplied authorization-response parameter, verbatim, as a top-level claim (code, state, iss-echo for success; error, error_description, error_uri, state for failure).

Signing mirrors Attesto.IDToken: the keystore's current signing key and its algorithm (Attesto.SigningAlg.for_key/3), with the kid in the JOSE header, signed with that pinned algorithm (never none).