6.1. JWE Encrypted Request Object

If the Request Object is encrypted, the authorization server MUST decrypt the JWT in accordance with the JSON Web Encryption [RFC7516] specification.

The result is a signed Request Object.

If decryption fails, the authorization server MUST return an invalid_request_object error to the client in response to the authorization request.