JWE | Simple php class for JWE

I am using this code to be able to use the credentials next-auth provider along with cognito as oauth serviice: this to allow email and password auth. I am running next-auth@4.2.1:

My private key is server-side and the public one are client-side. I use them to sign JWT from my server and sent to my clients, for authorisation. I have now to also encrypt the user password client-side during the authentication using JWE and verify it from server-side.

This two use case have the same requirements: private key is server-side, public key are client-side, and encryption algorythms can be the same. This is why I am thinking to use the same key pair but I am affraid to miss something about security and I would like to have confirmation, is it safe ?

I am trying to create a JWE Token using the node-jose library's createEncrypt method. The problem is, I want to set the kid to a certain value. But when importing the key using the jose.JWK.asKey method, it's automatically calculating the kid and won't let me change/set it. Here is the sample code:

I would like to write an app that allows for both RESTful forms of interacting with the data; regular REST CRUD endpoints and a web-ui.

In the past, I have gone the route of implementing much of the functionality of the UI in JS, which would call the regular REST endpoints. This worked fine, but for this application I would like to use Qute to perform much of the basic functionalities of generating page content. However, for me to properly manage the endpoints and ensure proper RBAC control, I need jwt's to be accessed via cookie, rather than normal headers. This seems like it is possible, but not at the same time as my other endpoints that need it in header form.. (Source: https://quarkus.io/guides/security-jwt#microprofile-jwt-configuration )

What might be the best practice here as well? Should I just keep the two apps very separate, and do everything in Javascript?

For reference, on how I am using jwt in code: (example from UI qute generation, but I am using the JWT in the same way for CRUD endpoints)

I wanted to know and understand the process to generate the JWE. I have given below details:

string mod = "2737"; // this is a 618 char long string constructed only with digits.

string exp = "65537";

string kid = "APIKEY.XX.665_Priv";

string keyEncAlgo = "RSA-OAEP";

string contentEncAlgo = "A256GCM";

And a payload in json format.

As with my limited knowledge in this field I proceeded with creating a public key using RSACryptoServiceProvider. And planned to use Jose.Jwt library.

The module "AzureVideoAnalyzerEdge" seems to be asking for a JWS token. I cant find a JWS token anywhere in azure for this.

Im not sure what this is referring to and it's my first time deploying AVA to the edge.

Happy to provide more info if required. just need to be pointed in the right direction.

The error is below:

I have a generic class that i used to load some keys from my application yaml file ,here's my yaml file :

We use JWT tokens in our Rest API(Bank API) authentication with a normal payload like:

I'm new using the JWT on web-apps. I'm not sure what info should be stored in a JWT, but in my case, I'm saving sensitive user data, such as e-mail and username. I wish to safely secure this info on my JWT.

Using the pyjwt module, I was able to successfully create my tokens. Here is an example of how I've been using it.