[keycloak-dev] JWE support

Stian Thorgersen sthorger at redhat.com
Wed Apr 24 08:25:43 EDT 2019


There is already a PR open for KEYCLOAK-6768:
https://github.com/keycloak/keycloak/pull/5779. Feedback on this PR would
be welcome.

On Thu, 18 Apr 2019 at 09:13, Guillaume HOUDMON <
guillaume.houdmon at ariadnext.com> wrote:

> Hi,
>
> We are currently studying how to encrypt tokens with JWE. There is the JIRA
> KEYCLOAK-6768 that addresses this topic. But it does not seem that there
> was any work to start on it.
>
> A beginning of support has already been done to encrypt the code (see
> KEYCLOAK-5288).
>
> Inspired by what is done for the signature, I plan to add a section in the
> client page "Encryption Tokens Configuration" to select the algorithms by
> types of tokens, and set the encryption key (paste or jwks url).
> We would add 2 SPIs: jwe-key-encryption and jwe-content-encryption.
>
> With my colleagues, we would complete the algorithms (RSA-OAEP,
> RSA-OAEP-256 and A128GCM, A192GCM, A256GCM).
>
> In a second step, we could also contribute for the support in Java
> adapters.
>
> Does this approach seem relevant to you?
> Should we go through a design proposal?
>
> Regards,
> Guillaume Houdmon
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>


More information about the keycloak-dev mailing list