Imagine serverless frontend application which heavily uses scripts and APIs from multiple domains (specified in Content Security Policy Headers)
JWT can be abused to track user activity across multiple sessions (and in some non best practice cases expose user identify)
JWE can improve this situation significantly.
Any plans to support JWE in near future?
This will allow people to build platforms for multiple users collaborations in a really secure way.
Currently, we have support for JWT and JWK but not JWE. We will discuss this with the team and let you know.