The AES_CBC_HMAC_SHA2 parameters specific to AES_128_CBC_HMAC_SHA_256 are:
The input key K is 32 octets long.
ENC_KEY_LEN is 16 octets.
MAC_KEY_LEN is 16 octets.
The SHA-256 hash algorithm is used for the HMAC.
The HMAC-SHA-256 output is truncated to T_LEN=16 octets, by
stripping off the final 16 octets.
However when JWE tokens are generated the full 32 octets generated by HMAC SHA256 are being appended. This is generating invalid tokens.
RFC 7518 JSON Web Algothrims specify that the authentication tag should be truncated to the first 16 octets.
However when JWE tokens are generated the full 32 octets generated by HMAC SHA256 are being appended. This is generating invalid tokens.