How to decrypt,verify and validate a JWE token in a lua plugin

I receive a JWE (encrypted JWT token) from our IDP server with the API request for authorisation. I need to decrypt the JWE token, verify the signature validity and validate the claims/scopes from the JWE token. I would like to implement the above steps in a lua plugin in my kong instance and have been looking for any modules or libraries that has some implementation using lua code.

I am aware of the JWT kong plugin, is it possible to use the JWT parser to decrypt and decode the JWE token?

Is there any module or plugin available that can achieve JWE token handling?

1 Like

I believe JWE is a separate protocol then JWT? My understanding is JWE is just a method for encrypting JSON encoded objects.

My expectation would be that you would need to decrypt the payload first, then utilize the JWT plugin for validation.