Edit this page
Report an issue
Looking for the plugin's configuration parameters? You can find them in the JWE Decrypt configuration reference doc.
The Kong JWE Decrypt plugin makes it possible to decrypt an inbound token (JWE) in a request.
Manage keys and Key Sets
For more information, see Key and Key Set Management in Kong Gateway.
Supported Content Encryption Algorithms
This plugin supports the following encryption algorithms:
- A128GCM
- A192GCM
- A256GCM
- A128CBC-HS256
- A192CBC-HS384
- A256CBC-HS512
Failure modes
The following table describes the behavior of this plugin in the event of an error.
| Request message | Proxied to upstream service? | Response status code |
|---|---|---|
| Has no JWE with strict=true | No | 403 |
| Has no JWE with strict=false | Yes | x |
| Failed to decode JWE | No | 400 |
| Failed to decode JWE | No | 400 |
| Missing mandatory header values | No | 400 |
| References key-set not found | No | 403 |
| Failed to decrypt | No | 403 |