My team is making an existing product an OpenID Connect RP (relying party) and are using connect2id's Nimbus JOSE + JWT library. That library supports signed and encrypted JWTs, but only signed first, then encrypted. They have their reasons for not supporting encrypt-then-sign, but our concern is that some of the OPs we need to interact with may do encrypt-then-sign.
We are initially targeting Salesforce and Google. I have been unable to determine from their documentation whether, when acting as OpenID Connect Providers, Salesforce and Google use sign-then-encrypt or encrypt-then-sign.
Can anyone point me to pages where this is documented for these OPs? Or is it a non-issue because no one uses encrypt-then-sign? Thanks.
When/if encryption is used, Connect OPs will always sign and then encrypt, if they are following the specification. Section 2 of OpenID Connect Core says, "If the ID Token is encrypted, it MUST be signed then encrypted". Section 16.14, Signing and Encryption Order says the same thing in a little more detail.