Nested JWT

A Nested JWT is a JWT signed before encryption (a JWS in a JWE).

The library can automatically deal with Nested JWT for userinfo response and id_token. But, the library must known the private key or the secret to be used to decrypt the token received. It's has been defined with the OP.

To verify the JWS, the library use the client_secret or the OP jwks_uri like the process of a JWS id_token.

In the examples, you have instantiate $client like seen before. You must set the parameters below before calling tokens methods or userInfo method

Cases :

The key to be used is the client_secret : You have nothing to do
The key is a shared key (secret) :


$client->keysManager()
  ->use_for_encDec(),
  ->set_kid('The key Id of the key') //OPTIONNAL
  ->set_secret_key('the_secret')
  ->build();

The private key is a PEM file :


$client->keysManager()
  ->use_for_encDec(),
  ->set_kid('The key Id of the key') //OPTIONNAL
  ->set_private_key_pem_file('/path/to/privateKey.pem')
  ->build();

Use of a P12 certificate :


$client->keysManager()
  ->use_for_encDec(),
  ->set_kid('The key Id of the key') //OPTIONNAL
  ->set_p12_file('/path/to/certificate.pfx')
  ->build();

PreviousRequest options NextUserInfo response encrypted (JWE)

Last updated 1 year ago