Anyone who is able to intercept the token is able to decode it and read its contents. An alternative to JSON Web Signature that allows for payload encryption is JSON Web Encryption. JWE is described in RFC . Unlike JWS attempts to decode the payload will result in failure. The data contained in the token is Phone Number List encrypted and then base url encoded. Only the header will be viewable. In addition to the claims that can be defined in the header there are several new ones enc – defines the algorithm used to encrypt the payload. The suggested list of available algorithms is defined by IANA's JSON Web Signature and Encryption Algorithms.
Defining a claim enc is mandatory zip – defines whetherbefore encryption. The value suggested by the RFC is DEF referring to the DEFLATE algorithm . The use of the remaining JOSE Headers coincides with their use in JWS. A quite important difference between JWS and JWE is the difference in the token structure. JWE consists of not three but five parts JWE Protected Header – a header containing JOSE headers. It also allows you to store Additional Authenticated Data AAD which is the data you want to protect without encryption. The use of AAD allows you to verify the integrity of the data and ensure that it has not been modified during transmission. JWE Content Encryption Key CEK – The key used to encrypt the JWE payload.