How to decrypt,verify and validate a JWE token in a lua plugin

Mathachan · July 18, 2019, 4:33am

I receive a JWE (encrypted JWT token) from our IDP server with the API request for authorisation. I need to decrypt the JWE token, verify the signature validity and validate the claims/scopes from the JWE token. I would like to implement the above steps in a lua plugin in my kong instance and have been looking for any modules or libraries that has some implementation using lua code.

I am aware of the JWT kong plugin, is it possible to use the JWT parser to decrypt and decode the JWE token?

Is there any module or plugin available that can achieve JWE token handling?

michael.bowers · July 29, 2019, 4:17pm

I believe JWE is a separate protocol then JWT? My understanding is JWE is just a method for encrypting JSON encoded objects.

My expectation would be that you would need to decrypt the payload first, then utilize the JWT plugin for validation.

Topic		Replies	Views
[plugin] Kong JWT to Backend API Providers Feature Suggestions	6	1518	December 22, 2017
JWT RS256 Token Validation Questions	4	2644	June 18, 2019
JWT verification via JWKS Installation/Setup	2	324	February 27, 2024
RS384 & RS512 support for JWT plugin, potential upstream contribution	1	475	October 10, 2020
How to make external REST API calls in lua for custom plugin logic? Questions	0	38	April 4, 2024

How to decrypt,verify and validate a JWE token in a lua plugin

Related Topics