Message level encryption support?

[matti777]

Hello, I was wondering if there is a nifty way to inject message-level encryption? I am using (and loving) this library for several projects and am now facing implementing this: https://developer.signicat.com/documentation/finnish-trust-network/full-message-level-encryption-for-ftn/

If not, any bright ideas how to add support for it without breaking the current functionality? - I might be able to submit a PR for it after the summer.

I would assume there will be similar needs for message-level encryption arising soon elsewhere too.

[ericchiang]

This is the upstream spec as far as I can tell: https://openid.net/specs/openid-connect-messages-1_0-20.html

golang.org/x/oauth2 is the package that currently handles the OAuth2 requests (auth request, token request). This would likely be something to let the RemoteKeySet returned by the Provider encrypt data, then the user would be able sub out their own auth and token requests instead of having golang.org/x/oauth2 do it.

What other providers do this? Any idea what attack it's attempting to prevent?

[matti777]

As for the former, I have no answer for this. As for the latter, I am guessing mostly paranoia..