-
First, thanks for creating Paseto.
I found it to be a really surprising aspect of Paseto that even though it's built on top of modern cryptographic libraries and is designed to be a secure replacem…
-
**Describe the bug**
Building and validating a local token does not work.
**To Reproduce**
```rust
#[cfg(test)]
mod tests {
use chrono::prelude::Utc;
use chrono::Duration;
#[test]
…
-
Currently in OAuth, the token format is negotiated privately between the RS and one AS. Changing the token format requires
a close synchronization for every AS/RS relationship.
More flexibility …
-
I want to make an logout and therefor
I want to set the token somehow to invalid or remove it, but i really don't know how to do it?
apreciating any hints.
What stands "decapsulate" module for…
-
See _[Session Authentication vs Token Authentication](https://security.stackexchange.com/a/92123/144162)_ for more details.
**tl;dr**:
- JWTs have expiry and memory implications, but are statele…
-
**Is your feature request related to a problem? Please describe.**
I have the following bit of toy code:
```rust
let state = paseto::tokens::PasetoBuilder::new()
.set_encryption_key(Vec::from("F…
-
Hi, PASETO exists for a long time now and Okta implemented it as a more secure alternative to JOSE.
- https://paragonie.com/blog/2018/03/paseto-platform-agnostic-security-tokens-is-secure-alternati…
-
Hello!
I'm using the jpaseto maven artifact :
```
dev.paseto
jpaseto-api
0.5.0
```
And when I try to run my spring boot project with *…
-
-
https://paragonie.com/blog/2017/03/jwt-json-web-tokens-is-bad-standard-that-everyone-should-avoid
"JOSE Javascript Object Signing and Encryption is a Bad Standard That Everyone Should Avoid"
Appar…