Does Thinktecture.IdentityServer support encrypting the JWT tokens it issues, for example to protect the token from being used in a reply attack?
If yes, how can a client decrypt the encrypted token?
I have tried to enabling "Require Token Encryption" in the IdentityServer General Configuration, however after doing so when I try to login I get a "No encryption key available" message at the identity server web page.
Is there a problem or am I missing a required setting?
Encryption is for confidentiality, not for preventing replay attacks.
The Microsoft jwt library does not support encryption. And we rely on that library.