Skip to content
Kong Docs are moving soon! Our docs are migrating to a new home. You'll be automatically redirected to the new site in the future. In the meantime, view this page on the new site!
|
Plugin Hub
github-edit-pageEdit this page
report-issueReport an issue
header icon

JWE Decrypt

By Kong Inc.

Looking for the plugin's configuration parameters? You can find them in the JWE Decrypt configuration reference doc.

The Kong JWE Decrypt plugin makes it possible to decrypt an inbound token (JWE) in a request.

Manage keys and Key Sets

For more information, see Key and Key Set Management in Kong Gateway.

Supported Content Encryption Algorithms

This plugin supports the following encryption algorithms:

  • A128GCM
  • A192GCM
  • A256GCM
  • A128CBC-HS256
  • A192CBC-HS384
  • A256CBC-HS512

Failure modes

The following table describes the behavior of this plugin in the event of an error.

Request message Proxied to upstream service? Response status code
Has no JWE with strict=true No 403
Has no JWE with strict=false Yes x
Failed to decode JWE No 400
Failed to decode JWE No 400
Missing mandatory header values No 400
References key-set not found No 403
Failed to decrypt No 403