[keycloak-dev] JWE support
Guillaume HOUDMON
guillaume.houdmon at ariadnext.com
Thu Apr 18 03:11:57 EDT 2019
Hi,
We are currently studying how to encrypt tokens with JWE. There is the JIRA
KEYCLOAK-6768 that addresses this topic. But it does not seem that there
was any work to start on it.
A beginning of support has already been done to encrypt the code (see
KEYCLOAK-5288).
Inspired by what is done for the signature, I plan to add a section in the
client page "Encryption Tokens Configuration" to select the algorithms by
types of tokens, and set the encryption key (paste or jwks url).
We would add 2 SPIs: jwe-key-encryption and jwe-content-encryption.
With my colleagues, we would complete the algorithms (RSA-OAEP,
RSA-OAEP-256 and A128GCM, A192GCM, A256GCM).
In a second step, we could also contribute for the support in Java adapters.
Does this approach seem relevant to you?
Should we go through a design proposal?
Regards,
Guillaume Houdmon
More information about the keycloak-dev
mailing list