I am using Microsoft.Owin.Security.Jwt package for jwt token. Due to strict security requirement, I return an access token which is encrypted to the user during web api response, in which the user use this encrypted token to grant access.
However, the authorization bearer currently only accepts default unencrypted jwt token, which results in unauthorized access since the authorization bearer do not match.
Access token get by user : encryptAlgorithm(signed access token) <-- Which is encrypted during response of web api
Access token in the server: signed access token
So my question is: How to encrypt the signed access token/accepted authorization bearer in the server?
Note that the encryption i mention here is not JWE. Rather, it is encrypting entire jwt token to the point that user don't even recognize that it is a jwt access token.
I suspect that it has something to be done with JwtBearerAuthenticationOptions class b ...
Go to the complete details ...