id_token_hint with encrypted JWT

[istibekesi]

As per the documentation, the id_token_hint holds a previously issued ID Token.
Is there a way to use encrypted token?

Background:
AFAIK, the signed but unencrypted ID token can be retrieved from Hydra via back channel, but then the id_token_hint is supposed to be used on front channel.
If id_token_hint encryption is not supported, what can be a safe alternative for this scenario?

[istibekesi]

Meanwhile I've checked the source code and it seems ParseSigned method is used to parse token from is_token_hint parameter.
The library under the hood seems to have ParseEncrypted and ParseSignedAndEncrypted too, but they are not used in this scenario.

Is it a valid feature request to have the option to pass an encrypted id_token_hint? Do I misunderstand how the jwt id token should be handled in a secure way?

[aeneasr]

Hi, it’s a reasonable request but also a bit of work to implement! Encrypted tokens are currently not supported