As of OpenId spec (https://openid.net/specs/openid-connect-core-1_0.html#UserInfoResponse) UserInfo endpoint response could be produced plain (json format), signed(JWS), encrypted(JWE) and encrypted+signed(JWE containing a JWS); Keycloak only support this spec up to signing (none support for encryption).
Is there any plan to add this feature in next releases?
Otherwise we are planning to develop this feature and share implementation through a PR; do you have any suggestion on which is the best way to do that?