Support for encrypted JWT ID tokens (JWE)


I’m interested in using origin client authentication with Istio, but I’d prefer that the claims in the JWT token are not visible to the end user, but only to the Identity provider and to the Resource server (my API) and obviously to Istio itself.
My understanding is that this is something that is normally solved by using JWE. However I haven’t found anything in the documentation or the source code about this being supported or even being planned in Istio.

Does anyone have any insights into this?