The OIDC specification includes Request Object JWT parameter (signed JWT) that can be passed to the authorize request, see here. Quote:
OpenID Connect defines the following Authorization Request parameters to enable Authentication Requests to be signed and optionally encrypted:
request OPTIONAL. This parameter enables OpenID Connect requests to be passed in a single, self-contained parameter and to be optionally signed and/or encrypted. The parameter value is a Request Object value, as specified in Section 6.1. It represents the request as a JWT whose Claims are the request parameters.
IdentityServer4 documentation does not mention it, see here.
Question: Does IdentityServer4 support this parameter? If not, what would the best way be to extend IdentityServer4 to support it (e.g. which class should be overridden, etc)?
The answer is that there is already a feature request for this on the IdentityServer4 github.
So, IdentityServer4 does not support Request Object (signed request) at present.