Decrypting a A256GCM-encrypted JWT in PHP

Question

so i'm trying to decrypt a JWT (that i get in context of "German Post-ID") in PHP and i've tried a couple of libraries for that, mainly 'firebase/php-jwt' as its some easy to use library with a decryption-function.

Unfortunately it doesn't support A256GCM-algorithm so i ended up with 'spomky-labs/jose', but it seems to not support decrypting and i'm starting to believe that PHP is quiet uncommon to decrypt JWT's (unfortunately im bound to use PHP). Does someone have experience with this kind of JWT and / or have a recommendation for a working library?

Thanks in advance for any answers and, since it's my first post, feel free to leave any suggestions how i could make my posts better.

Answer 1

The spomky-labs/jose fully supports AES GCM encrypted tokens. It is tested using the test vectors from the RFC7520 and based on a library that is also tested with vector from the NIST and IEEE802.

However a bug may exist so I suggest you to open an issue on the library repository and share more information about that issue (tokens, key, error messages and so on).

It may also come from external problems (not related to the library itself) such as your private key, a corrupted JWT, a wrong format (base 64 instead of base64 url safe) or a claim that is not supported and marked as critical.

Could you provide a link to the token provider ? I tried to find information about the German Post ID you mentionned but the answers are related to the OpenID specification and there is no mention of token encryption.