paseto | Platform-Agnostic Security Tokens | Authentication library

 by   paragonie PHP Version: v3.1.0 License: Non-SPDX

kandi X-RAY | paseto Summary

kandi X-RAY | paseto Summary

paseto is a PHP library typically used in Security, Authentication applications. paseto has no bugs, it has no vulnerabilities and it has medium support. However paseto has a Non-SPDX License. You can download it from GitHub.

Paseto is everything you love about JOSE (JWT, JWE, JWS) without any of the many design deficits that plague the JOSE standards. This library is a reference implementation of PASETO in the PHP language. Please refer to the PASETO Specification for design considerations.
Support
    Quality
      Security
        License
          Reuse

            kandi-support Support

              paseto has a medium active ecosystem.
              It has 3111 star(s) with 115 fork(s). There are 74 watchers for this library.
              OutlinedDot
              It had no major release in the last 12 months.
              There are 0 open issues and 79 have been closed. On average issues are closed in 479 days. There are 1 open pull requests and 0 closed requests.
              It has a neutral sentiment in the developer community.
              The latest version of paseto is v3.1.0

            kandi-Quality Quality

              paseto has 0 bugs and 0 code smells.

            kandi-Security Security

              paseto has no vulnerabilities reported, and its dependent libraries have no vulnerabilities reported.
              paseto code analysis shows 0 unresolved vulnerabilities.
              There are 0 security hotspots that need review.

            kandi-License License

              paseto has a Non-SPDX License.
              Non-SPDX licenses can be open source with a non SPDX compliant license, or non open source licenses, and you need to review them closely before use.

            kandi-Reuse Reuse

              paseto releases are available to install and integrate.
              paseto saves you 1531 person hours of effort in developing the same functionality from scratch.
              It has 6260 lines of code, 378 functions and 70 files.
              It has medium code complexity. Code complexity directly impacts maintainability of the code.

            Top functions reviewed by kandi - BETA

            kandi has reviewed paseto and discovered the below as its top functions. This is intended to give you an instant insight into paseto implemented functionality, and help decide if they suit your requirements.
            • Parse a token .
            • Return a string representation of the token .
            • Decrypt a message .
            • Hash a hash .
            • Explode an error code .
            • Validate the given key .
            • Encrypts a plain text .
            • Get the public key .
            • Get protocol from header part
            • Decode an encoded string .
            Get all kandi verified functions for this library.

            paseto Key Features

            No Key Features are available at this moment for paseto.

            paseto Examples and Code Snippets

            No Code Snippets are available at this moment for paseto.

            Community Discussions

            QUESTION

            Use libsodium in NAPI
            Asked 2019-Sep-02 at 10:01

            I am using a library which depends on libsodium (libpaseto). I have installed it on my machine and I am trying to build a nodejs addon.

            I have the following binding.gyp file:

            ...

            ANSWER

            Answered 2019-Sep-02 at 10:01

            So I finally found the answer.In the libsodium documentation it mentions that you have to pass the -lsodium flag to be able to compile without problems.So what I had to do was to add this flag in my libraries in binding.gyp. So here is my final binding.gyp file:

            Source https://stackoverflow.com/questions/57740825

            QUESTION

            Can "token" generated using "Paseto Token" be decrypted and viewed like "JWT Token"?
            Asked 2019-Jul-16 at 02:43

            I am using "Platform agnostic Security Token" for oAuth in Golang - https://github.com/o1egl/paseto

            I am not able to understand, why this is better than JWT even after reading README

            My Major Question is:

            1. Can "token" generated be altered like "JWT" and pass modified or tampered data?
            2. Can "token" generated using "paseto" be decrypted and viewed like "JWT"?

            Paseto library above uses "SET" and "GET" method inside their JSONToken method. Is that how we can verify authenticity of the user?

            Sample Code:

            ...

            ANSWER

            Answered 2019-Jul-16 at 02:43

            1 - Can "token" generated be altered like "JWT" and pass modified or tampered data?

            Note that token cannot be "altered" either using PASETO or JWT without knowing the signing key (which should of course be secret).

            The fact you mention about being able to view the JWT token data in JWT.io page is because data is not encrypted (so you can see it without the key).

            But token is signed, so if you modify any value and don't have the key, you won't be able to sign it back and the token receiver will note the token is not valid when trying to verify it.

            2 - Can "token" generated using "paseto" be decrypted and viewed like "JWT"?

            It depends on how you generate the PASETO token.

            See here:

            https://tools.ietf.org/id/draft-paragon-paseto-rfc-00.html#rfc.section.2

            Format for the token is version.purpose.payload.

            And from the docs:

            The payload is a string that contains the token's data. In a local token, this data is encrypted with a symmetric cipher. In a public token, this data is unencrypted.

            So if you generate the token as in the code snippet you posted (local token, with a symmetric key), then payload will be encrypted (you won't be able to see it unless you know the symmetric key and use that one to decrypt it).

            If you use a public/private key pair, then payload will not be encrypted, so you'll be able to see it without the key (but you'll not be able to change it and sign it again without knowing the private key).

            Source https://stackoverflow.com/questions/57048911

            Community Discussions, Code Snippets contain sources that include Stack Exchange Network

            Vulnerabilities

            No vulnerabilities reported

            Install paseto

            You can download it from GitHub.
            PHP requires the Visual C runtime (CRT). The Microsoft Visual C++ Redistributable for Visual Studio 2019 is suitable for all these PHP versions, see visualstudio.microsoft.com. You MUST download the x86 CRT for PHP x86 builds and the x64 CRT for PHP x64 builds. The CRT installer supports the /quiet and /norestart command-line switches, so you can also script it.

            Support

            If your company uses this library in their products or services, you may be interested in purchasing a support contract from Paragon Initiative Enterprises.
            Find more information at:

            Find, review, and download reusable Libraries, Code Snippets, Cloud APIs from over 650 million Knowledge Items

            Find more libraries

            Stay Updated

            Subscribe to our newsletter for trending solutions and developer bootcamps

            Agree to Sign up and Terms & Conditions

            Share this Page

            share link

            Explore Related Topics

            Consider Popular Authentication Libraries

            supabase

            by supabase

            iosched

            by google

            monica

            by monicahq

            authelia

            by authelia

            hydra

            by ory

            Try Top Libraries by paragonie

            random_compat

            by paragoniePHP

            awesome-appsec

            by paragoniePHP

            halite

            by paragoniePHP

            sodium_compat

            by paragoniePHP

            constant_time_encoding

            by paragoniePHP