Home / Kong Plugin Hub

Edit this Page Edit

Report an Issue Report

JWE Decrypt

Overview Get started Configuration reference Changelog

Related Documentation

All Gateway Documentation

Made by

Kong Inc.

Supported Gateway Topologies

hybrid db-less traditional

Supported Konnect Deployments

hybrid cloud-gateways serverless

Compatible Protocols

grpc grpcs http https

Minimum Version

Kong Gateway - 3.1

Tags

#authentication

The JWE Decrypt plugin makes it possible to decrypt an inbound token (JWE) in a request.

Supported content encryption algorithms

This plugin supports the following encryption algorithms:

v3.10+ A128GCM
v3.10+ A192GCM
A256GCM
v3.10+ A128CBC-HS256
v3.10+ A192CBC-HS384
v3.10+ A256CBC-HS512

Failure modes

The following tables outlines how the JWE plugin behaves when encountering errors:

Condition	Proxied to upstream service?	Response code
Has no JWE with `strict=true`		403
Has no JWE with `strict=false`		x
Failed to decode JWE		400
Missing mandatory header values		400
References key-set not found		403
Failed to decrypt		403

Related Documentation

All Gateway Documentation

Made by

Kong Inc.

Supported Gateway Topologies

hybrid db-less traditional

Supported Konnect Deployments

hybrid cloud-gateways serverless

Compatible Protocols

grpc grpcs http https

Minimum Version

Kong Gateway - 3.1

Tags

#authentication

JWE Decrypt
Supported content encryption algorithms
Failure modes

Something wrong?

Report an Issue | Edit this Page

Help us make these docs great!

Kong Developer docs are open source. If you find these useful and want to make them better, contribute today!

Contribute

Still need help

Ask in our Forum

Contact Support