How to read claims cookie?

[davek804]

I'm trying to understand how to acquire the groups value for a successfully authenticated user.

The cookie _forward_auth_claims seems to contain the value, but encrypted in some manner: _forward_auth_claims=MTY3Mjc4NjY4MHxEdi1CQkFFQ180SUFBUkFCRUFBQUt2LUNBQUVHYzNSeWFXNW5EQWdBQm1keWIzVndjd2hiWFhOMGNtbHVaXy1EQWdFQ180UUFBUXdBQUVUX2hFRUFCQWhpWVc1ckxXUmxkaFJrWldaaGRXeDBMWEp2YkdWekxXMWhjM1JsY2c1dlptWnNhVzVsWDJGalkyVnpjeEYxYldGZllYVjBhRzl5YVhwaGRHbHZiZz09fJ476LugjpaV4DmcDs-StnALqs6uWNynLdOEKR6IE_72

I'd like the application that consumes this authentication to be able to read this secure cookie's value, interpret the user's groups, and present the application appropriately as a result.

time="2023-01-03T22:58:00Z" level=info msg="creating group claims session with groups: [1 2 3 4]" source_ip=...
time="2023-01-03T22:58:01Z" level=debug msg="Authenticate request" headers="map[Accept:[text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8] Accept-Encoding:[gzip, deflate, br] Accept-Language:[en-US,en;q=0.5] Cookie:[_forward_auth=...|...|...; _forward_auth_name=\"...\"; _forward_auth_claims=MTY3Mjc4NjY4MHxEdi1CQkFFQ180SUFBUkFCRUFBQUt2LUNBQUVHYzNSeWFXNW5EQWdBQm1keWIzVndjd2hiWFhOMGNtbHVaXy1EQWdFQ180UUFBUXdBQUVUX2hFRUFCQWhpWVc1ckxXUmxkaFJrWldaaGRXeDBMWEp2YkdWekxXMWhjM1JsY2c1dlptWnNhVzVsWDJGalkyVnpjeEYxYldGZllYVjBhRzl5YVhwaGRHbHZiZz09fJ476LugjpaV4DmcDs-StnALqs6uWNynLdOEKR6IE_72] ....

I've set a value for ENCRYPTION_KEY in my configuration. I'm just not sure how to use it.