This article aims to clarify whether Okta supports JSON Web Encryption (JWE) for its tokens. JWE is commonly used to encrypt tokens, with the plaintext JSON payload being encrypted using the Content Encryption Key (CEK). For more information, refer to RFC 7516.

• OAuth 2.0
• JSON Web Encryption (JWE)
• JSON Web Token (JWT)

Okta has an early access feature called "JSON Web Encryption of OIDC Tokens", which is available under Account > Features.

Once it is enabled, it is possible to configure Public keys for a given OpenID Connect (OIDC)/OAuth2, which is able to support client authentication.

Related References

• OIDC Token Encryption
• Manage Keys for Token Encryption
• RFC 7516