Skip to content

curityio/website-with-encrypted-id-tokens

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

26 Commits
src/main
src/main
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
create-keys.sh
create-keys.sh
 
 
pom.xml
pom.xml
 
 

Repository files navigation

Website with Encrypted ID Tokens

A code example showing a method for protecting Personally Identifiable Information (PII) in ID tokens.

Overview

A website application receives ID tokens that are encrypted using JSON Web Encryption (JWE).
The example shows how to use the jose4j library in Spring Boot to perform decryption of a Nested JWT.

Create Encryption Keys

Run a script that uses OpenSSL to create some development encryption keys:

./create-keys.sh

Build the Website

Ensure that Java 8 or later is installed, along with Maven, then build and run the app:

mnv package
java -jar target/example-website-0.0.1-SNAPSHOT.jar

Use the Website

Browse to http://localhost:8080 to sign a user in.
The app will then decrypt ID tokens and the UI will render user name claims.

Further Information

  • See the Website Tutorial for further information on the setup.
  • Please visit curity.io for more information about the Curity Identity Server.

About

How to use JWEs for ID tokens in a website secured by OAuth 2.0 and OpenID Connect

curity.io/resources/learn/encrypted-id-tokens/

Topics

website oauth2 jwe openid-connect code-example financial-grade

Resources

Readme

License

Apache-2.0 license
Activity
Custom properties

Stars

0 stars

Watchers

4 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages