paseto | Platform-Agnostic Security Tokens | Authentication library
kandi X-RAY | paseto Summary
kandi X-RAY | paseto Summary
Paseto is everything you love about JOSE (JWT, JWE, JWS) without any of the many design deficits that plague the JOSE standards. This library is a reference implementation of PASETO in the PHP language. Please refer to the PASETO Specification for design considerations.
Support
Quality
Security
License
Reuse
Top functions reviewed by kandi - BETA
- Parse a token .
- Return a string representation of the token .
- Decrypt a message .
- Hash a hash .
- Explode an error code .
- Validate the given key .
- Encrypts a plain text .
- Get the public key .
- Get protocol from header part
- Decode an encoded string .
paseto Key Features
paseto Examples and Code Snippets
Community Discussions
Trending Discussions on paseto
QUESTION
I am using a library which depends on libsodium (libpaseto). I have installed it on my machine and I am trying to build a nodejs addon.
I have the following binding.gyp
file:
ANSWER
Answered 2019-Sep-02 at 10:01So I finally found the answer.In the libsodium documentation it mentions that you have to pass the -lsodium
flag to be able to compile without problems.So what I had to do was to add this flag in my libraries in binding.gyp. So here is my final binding.gyp
file:
QUESTION
I am using "Platform agnostic Security Token" for oAuth in Golang - https://github.com/o1egl/paseto
I am not able to understand, why this is better than JWT even after reading README
My Major Question is:
- Can "token" generated be altered like "JWT" and pass modified or tampered data?
- Can "token" generated using "paseto" be decrypted and viewed like "JWT"?
Paseto library above uses "SET" and "GET" method inside their JSONToken method. Is that how we can verify authenticity of the user?
Sample Code:
...ANSWER
Answered 2019-Jul-16 at 02:431 - Can "token" generated be altered like "JWT" and pass modified or tampered data?
Note that token cannot be "altered" either using PASETO or JWT without knowing the signing key (which should of course be secret).
The fact you mention about being able to view the JWT token data in JWT.io page is because data is not encrypted (so you can see it without the key).
But token is signed, so if you modify any value and don't have the key, you won't be able to sign it back and the token receiver will note the token is not valid when trying to verify it.
2 - Can "token" generated using "paseto" be decrypted and viewed like "JWT"?
It depends on how you generate the PASETO token.
See here:
https://tools.ietf.org/id/draft-paragon-paseto-rfc-00.html#rfc.section.2
Format for the token is version.purpose.payload
.
And from the docs:
The payload is a string that contains the token's data. In a local token, this data is encrypted with a symmetric cipher. In a public token, this data is unencrypted.
So if you generate the token as in the code snippet you posted (local token, with a symmetric key), then payload will be encrypted (you won't be able to see it unless you know the symmetric key and use that one to decrypt it).
If you use a public/private key pair, then payload will not be encrypted, so you'll be able to see it without the key (but you'll not be able to change it and sign it again without knowing the private key).
Community Discussions, Code Snippets contain sources that include Stack Exchange Network
Vulnerabilities
No vulnerabilities reported
Install paseto
PHP requires the Visual C runtime (CRT). The Microsoft Visual C++ Redistributable for Visual Studio 2019 is suitable for all these PHP versions, see visualstudio.microsoft.com. You MUST download the x86 CRT for PHP x86 builds and the x64 CRT for PHP x64 builds. The CRT installer supports the /quiet and /norestart command-line switches, so you can also script it.
Support
Reuse Trending Solutions
Find, review, and download reusable Libraries, Code Snippets, Cloud APIs from over 650 million Knowledge Items
Find more librariesStay Updated
Subscribe to our newsletter for trending solutions and developer bootcamps
Share this Page