Encryption of JWTs

**Description**
Nice work on the JWTs. Now that all three are where they need to be, time to add some security so that they aren't sent in clear text. 

<img width="1244" height="248" alt="Image" src="https://github.com/user-attachments/assets/4e4823e1-1cb2-4219-be74-119486356757" />

**Notes**
- If we're lucky, the JWT library you have used already incorporates JWT encryption and we just need to supply a private key. 
- You can use the same private key to in the rp to encrypt both the `fp_rp_jwt`, & `int_rp_jwt`.
- The JWT signing key should be different from the JWT encryption key.
- The addition of encryption adds confidentiality to the JWTs. This is in addition to the authentication already being supplied through signing. 

**Acceptance Criteria**
- [ ] All three JWTs shown are encrypted: `int_fp_jwt`, `fp_rp_jwt`, & `int_rp_jwt` 
- [ ] A JWT encryption key is included in the .env of the FP & RP

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Encryption of JWTs #41

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Encryption of JWTs #41

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions