First of all, I know that passwords generally do not have to be stored in a JWT or JWS since the token in itself can be used to authenticate. My circumstances are very specific though.
In my program, I need to startup a process as the user making a request to the server. As far as I can tell, you can only do so on Windows if you have their username and password. In this situation, would it be valid and secure to store their password in the body of a JWE? Or is there a massive security risk I’m not taking into account?
Any external references would be greatly appreciated since I can’t find much info on this.
I’ve looked around for info but all I see are generic JWE explanations which say “JWEs are a type of JWT used for sensitive data.”
