Support for JWE

[PataviniMa]

Any chance this amazing library will support JWE creation using algorithms such as RSA-OAEP-256?

[GlitchedPolygons]

Thanks for calling my little creation here amazing! I'm glad you like it :)

I definitively don't exclude JWE & RSA-OAEP-n integration into l8w8jwt in the future, but at the moment I'd have close to no time to implement it. Also because I honestly don't have a use case for it at all, since I kinda religiously stick to the mantra of not encrypting JWTs at all because there shouldn't be sensitive information inside the payload whatsoever.

PRs are welcome if you or anyone else wants to have a got at it and implement it themselves :D

Therefore, I'll leave this issue open.

[rajhlinux]

since I kinda religiously stick to the mantra of not encrypting JWTs at all because there shouldn't be sensitive information inside the payload whatsoever.

If this is the case, what protocol should be used to encrypt the payload?

[GlitchedPolygons]

since I kinda religiously stick to the mantra of not encrypting JWTs at all because there shouldn't be sensitive information inside the payload whatsoever.

If this is the case, what protocol should be used to encrypt the payload?

JWTs are meant for authentication, not encryption. But if you really must encrypt some of the payload, I'd probably just encrypt the payload content manually with whatever symmetric encryption algo is good atm, e.g. AES-256 in Galois/Counter mode or ChaCha20-Poly1305.

Then you need to implement the key exchange (otherwise how would the client decrypt the payload?) - Diffie-Hellman works great for that.