Skip to content

Support for accepting encrypted OIDC access tokens #47319

New issue
New issue
Closed
#47320
Closed
Support for accepting encrypted OIDC access tokens#47319
#47320
Labels
area/oidckind/enhancementNew feature or request
Milestone
3.23.0.CR1
@sberyozkin

Description

@sberyozkin
sberyozkin
opened on Apr 11, 2025

Description

Quarkus OIDC can already accept encrypted inner-signed ID tokens but in some contexts such as MCP authorization collocated RS and OIDC provider case, encrypted bearer access tokens may also have to be accepted.

Implementation ideas

Possibly reuse quarkus.oidc.token.decryption-key-location and also add quarkus.oidc.token.decryption-key for letting users inline them, as it is reasonable to expect, when the token encryption is required, the OIDC provider uses the same encryption key for encrypting either ID or access tokens or both.

Metadata

Metadata

Assignees

No one assigned

    Labels

    area/oidckind/enhancementNew feature or request

    Type

    No type

    Projects

    No projects

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions