Encrypt OIDC ID tokens for app integrations

Early Access release. See Enable self-service features.

Encrypt OIDC ID tokens to ensure that the information in the token is protected from unauthorized access. For information about encrypting ID tokens using the API, see Manage keys

1. In the Admin Console, go to Applications > Applications and select an OIDC app.

2. Click the General tab.

3. In the Client Credentials section, click Edit.

4. Select Public Key / Private Key.

5. In the Public Keys section, click Edit.

6. Select either Save keys to Okta or Use a URL to fetch keys dynamically.

7. If you selected Save keys to Okta, go to the Public Keys section and click Add key.

   1. From the Generate new key dropdown menu, select For token encryption (enc) to generate a new key pair. Or, paste your own public key.

   2. Click Done. Your public key appears in the Public keys section.

8. If you selected Use a URL to fetch keys dynamically, enter the URL into the URL field.

9. From the ID Token Encryption dropdown menu, select an encryption algorithm.

10. Click Save.

11. In the Client Credentials section, click Save.

The OIDC ID tokens for this app will now be encrypted using the selected algorithm.