Reputation: 2102
How to encrypt REST body with openid connect OIDC
The big picture is:
an android application which authenticate user with an external openid provider (such as azure AD)
a server which expose rest endpoints securized with the validation of the jwt token generated by the openid provider and appendend by the android application on each request
How can I implement encryption of the rest body?
I saw JWE but it seems that it encrypt only the JWT and it's not clear how to implement JWE with an openid external provider.
Upvotes: 0
Views: 31
Answers (1)
Reputation: 29301
It is usual to let SSL take care of this for you, as the most widely used and easy to manage encryption standard.
There are special cases where double encryption is used, eg a WorldPay device will do additional encryption of credit card numbers before sending them to the server.
If you have special requirements and need more than SSL, please explain them.
Upvotes: 1
Related Questions
- Encrypting JWT payload
- How JWE works with Request Object in OIDC
- How to secure an API with OIDC/OAuth
- OAuth2 flow for securing a REST API
- openid connect 2.0 and setting authentication JWT in http only cookie
- OIDC OAuth 2.0 Authentication and Authorization
- How to secure REST API with OpenID Connect
- How to more secure OAuth2 Request?
- OpenAM: RESTFUL API - Encrypt/Encode Password
- OAuth 2.0 how to encrypt client id and secret