Is it possible to use this with JWE encrypted access token?

[jag-eagle-technology]

Checklist

• I have looked into the Readme and Examples, and have not found a suitable solution or answer.
• I have searched the issues and have not found a suitable solution or answer.
• I have searched the Auth0 Community forums and have not found a suitable solution or answer.
• I agree to the terms within the Auth0 Code of Conduct.

Describe the problem you'd like to have solved

I'm trying to use this library with my OpenIddict Auth server - which issues encrypted tokens.

Describe the ideal solution

I'd like a straightforward, documented way to decrypt and use these tokens for protecting my resource server.

Alternatives and current workarounds

No response

Additional context

No response

[arpit-jn]

Hi @sanderpick,

I apologize for the delay in responding to your inquiry.

After reviewing our codebase, I can confirm that express-oauth2-jwt-bearer currently only supports JWS (signed) tokens and doesn't handle JWE (encrypted) tokens. The library uses jose's jwtVerify function specifically, which is for signed tokens.

I'm moving this to discussions since this could be a valuable feature addition. If you'd like to share more about your use case with OpenIddict and JWE tokens, it would help us understand the requirements better.

Thank you for your interest in the library.