Hi, We are currently studying how to encrypt tokens with JWE. There is the JIRA KEYCLOAK-6768 that addresses this topic. But it does not seem that there was any work to start on it. A beginning of support has already been done to encrypt the code (see KEYCLOAK-5288). Inspired by what is done for the signature, I plan to add a section in the client page "Encryption Tokens Configuration" to select the algorithms by types of tokens, and set the encryption key (paste or jwks url). We would add 2 SPIs: jwe-key-encryption and jwe-content-encryption. With my colleagues, we would complete the algorithms (RSA-OAEP, RSA-OAEP-256 and A128GCM, A192GCM, A256GCM). In a second step, we could also contribute for the support in Java adapters. Does this approach seem relevant to you? Should we go through a design proposal? Regards, Guillaume Houdmon _______________________________________________ keycloak-dev mailing list keycloak-dev(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/keycloak-dev