This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Get hands-on experience with 20+ free Google Cloud products and $300 in free credit for new customers.
Log in to ask a question

What is the difference between a JWE and an encrypted JWT?

Posted on 04-04-2022 11:51 AM
raketmakhim
Bronze 3
Bronze 3
Reply posted on --/--/---- --:-- AM

I have seen apigee can decrypt an encrypted JWT but cannot decrypt a JWE. I Thought they were the same thing. What is the difference? 

Solved Solved
0 1 986
Topic Labels
Jump to Solution
0 Likes
1 ACCEPTED SOLUTION

Posted on --/--/---- --:-- AM
dchiesa1
Staff
Reply posted on --/--/---- --:-- AM

Last week I wrote up a detailed description: https://www.googlecloudcommunity.com/gc/Apigee/Payload-encryption-with-JWE/m-p/408153/highlight/true... 

Basically, JWE is a way to wrap encryption around anything.  While "encrypted JWT" is a way to wrap encryption around a specific thing: a JSON payload. 

Apigee can handle, with out of the box policies, encrypted JWT, with a variety of algorithms. 

Apigee out of the box policies do not handle the general case JWE. For that, there is a Java callout, which handles specifically RSA-based encryption algorithms. If you want general-case JWE and non-RSA algorithms, there's no support for that currently in Apigee, though it is in the roadmap. 

View solution in original post

Jump to Solution
1 REPLY 1
Top Solution Authors
View all