Re: [Architecture] Support for encrypted ID tokens in OIDC

The Encryption Method mentioned here is the symmetric key encryption algorithm that is used to encrypt the JWT claims set. We used the Nimbus [1] library for the implementation and within that, they have used the name "Encryption Method" to

Re: [Architecture] Support for encrypted ID tokens in OIDC

should be corrected as "Chaining Mode". Thanks Godwin On Wed, Mar 7, 2018 at 5:26 PM, Godwin Shrimal wrote: > "Encryption Method" is the correct term/word here? AFAIK It's cipher > chaining mode. I know it's a technical word, but still, I feel like we have > to use correct

Re: [Architecture] Support for encrypted ID tokens in OIDC

"Encryption Method" is the correct term/word here? AFAIK It's cipher chaining mode. I know it's a technical word, but still, I feel like we have to use correct naming. Something like "Chaning Mode". Thanks Godwin On Wed, Mar 7, 2018 at 11:26 AM, Vihanga Liyanage wrote: > Hi

Re: [Architecture] Support for encrypted ID tokens in OIDC

On Wed, Mar 7, 2018 at 12:56 PM, Vihanga Liyanage wrote: > Even with signed id tokens, we didn't persist them in the database. Hense > I didn't either. Do you see any value in doing so? > Then there is no problem. > > On Wed, Mar 7, 2018 at 12:46 PM, Denuwanthi De Silva

Re: [Architecture] Support for encrypted ID tokens in OIDC

Even with signed id tokens, we didn't persist them in the database. Hense I didn't either. Do you see any value in doing so? On Wed, Mar 7, 2018 at 12:46 PM, Denuwanthi De Silva wrote: > > > On Wed, Mar 7, 2018 at 11:26 AM, Vihanga Liyanage > wrote: > >>

Re: [Architecture] Support for encrypted ID tokens in OIDC

Hi all, [Update] I have completed the second phase of the project, providing service provider level configurations in admin dashboard to configure encryption algorithm and encryption method. With this update, once you enable encrypting id tokens for an SP in the admin dashboard, two select boxes

Re: [Architecture] Support for encrypted ID tokens in OIDC

Hi all, [Update] I was able to complete the initial development of the proposed project, encrypted id token support in OIDC flow. Following are the links related to the development. - An issue was created in product-is repository to track the development. -

Re: [Architecture] Support for encrypted ID tokens in OIDC

Yes, Farasath. As for the offline discussions with Drashana, I came to the same conclusion and exploring the SAML sample app right now. Although I'm not sure about signing JWE. I couldn't find anything specific about that in the RFC. Also, the API in Nimbus only expects the claims set and the

Re: [Architecture] Support for encrypted ID tokens in OIDC

On Friday, February 9, 2018, Vihanga Liyanage wrote: > [- Engineering, Strategy] > [+ Architecture, Dev] > > Thanks, > Vihanga > > On Fri, Feb 9, 2018 at 8:56 AM, Vihanga Liyanage wrote: > >> Hi Farasath, >> >> For the above two points IMO it would be better

Re: [Architecture] Support for encrypted ID tokens in OIDC

[- Engineering, Strategy] [+ Architecture, Dev] Thanks, Vihanga On Fri, Feb 9, 2018 at 8:56 AM, Vihanga Liyanage wrote: > Hi Farasath, > > For the above two points IMO it would be better to provide an option at >> Service Provider OAuth/OIDC configuration. This will be