The OIDC specification makes it possible to enable Authentication Requests to be signed and optionally encrypted via request and request_uri parameters as defined here:

https://openid.net/specs/openid-connect-core-1_0.html#JWTRequests

It should be possible to specify that these parameters should be included in the Authentication Request via appropriate deployment configuration and elytron-oidc-client subsystem configuration.