JWE を使いたい


At this time, there is no support for JWE either when JWT’s are used as ID tokens or access tokens. Like you mentioned, encrypted JWT’s do not have a very widespread use unlike their signed peers (JWS) which is also what it’s currently available in Auth0 by supporting both HS256 and RS256 signed ID tokens and access tokens (when applicable).

The use of HTTPS does imply that the actual JWT data while in-transit between client and server gets encrypted. However, as soon as the HTTPS connection is terminated the token contents could be decoded and available without any sort of decryption. In general, you will not want to include sensitive information within these tokens so the matter ends up being a non-issue.