The JWE Decrypt plugin makes it possible to decrypt an inbound token (JWE) in a request.
JWE Decrypt
Enterprise only
Related Documentation
Made by
Kong Inc.
Supported Gateway Topologies
hybrid
db-less
traditional
Supported Konnect Deployments
hybrid
cloud-gateways
serverless
Compatible Protocols
grpc
grpcs
http
https
Minimum Version
Kong Gateway - 3.1
Tags
Supported content encryption algorithms
This plugin supports the following encryption algorithms:
- v3.10+ A128GCM
- v3.10+ A192GCM
- A256GCM
- v3.10+ A128CBC-HS256
- v3.10+ A192CBC-HS384
- v3.10+ A256CBC-HS512
Failure modes
The following tables outlines how the JWE plugin behaves when encountering errors:
|
Condition |
Proxied to upstream service? |
Response code |
|---|---|---|
Has no JWE with strict=true
|
Not supported | 403 |
Has no JWE with strict=false
|
Supported | x |
| Failed to decode JWE | Not supported | 400 |
| Missing mandatory header values | Not supported | 400 |
| References key-set not found | Not supported | 403 |
| Failed to decrypt | Not supported | 403 |