> For the complete documentation index, see [llms.txt](https://svgtas-organization.gitbook.io/php-oidc-client/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://svgtas-organization.gitbook.io/php-oidc-client/advanced-topic/nested-jwt.md).

# Nested JWT

A Nested JWT is a JWT signed before encryption (a JWS in a JWE).

The library can automatically deal with Nested JWT for *userinfo response* and *id\_token*. But, the library must known the *private key* or the *secret* to be used to decrypt the token received. It's has been defined with the OP.

To verify the JWS, the library use the *client\_secret* or the OP *jwks\_uri* like the process of a JWS *id\_token*.

In the examples, you have instantiate $client like seen before. You must set the parameters below before calling *tokens* methods or *userInfo* method

Cases :

* **The key to be used is the client\_secret** : You have nothing to do
* **The key is a shared key (secret)** :

```php

$client->keysManager()
  ->use_for_encDec(),
  ->set_kid('The key Id of the key') //OPTIONNAL
  ->set_secret_key('the_secret')
  ->build();
```

* **The private key is a PEM file** :

```php

$client->keysManager()
  ->use_for_encDec(),
  ->set_kid('The key Id of the key') //OPTIONNAL
  ->set_private_key_pem_file('/path/to/privateKey.pem')
  ->build();
```

* **Use of a P12 certificate** :

```php

$client->keysManager()
  ->use_for_encDec(),
  ->set_kid('The key Id of the key') //OPTIONNAL
  ->set_p12_file('/path/to/certificate.pfx')
  ->build();
```


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://svgtas-organization.gitbook.io/php-oidc-client/advanced-topic/nested-jwt.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.