robotdan
commented
3 years ago Is this compatible with OpenID Connect, or would it just be an option at the API level?
Open mooreds opened 3 years ago
robotdan
commented
3 years ago Is this compatible with OpenID Connect, or would it just be an option at the API level?
JuliusPC
commented
3 years ago Is this compatible with OpenID Connect, or would it just be an option at the API level?
OpenID Connect is restricted to JWT. But a client may signal support for PASETO to the OAuth Token Endpoint via the Accept-Header. This approach is compatible with clients not compatible with PASETO.
PASETO chooses the supported algorithms more wisely than JOSE did. Nobody wants RSASSA-PKCS1-v1_5 and ECDSA in 2020.
mooreds
commented
1 year ago Had a customer ask about this.
Support Paseto tokens
Problem
JWTs are complicated. Paseto looks easier.
Solution
Support generation of paseto tokens any place you support creating a JWT.
Alternatives/workarounds
I guess you could run some kind of proxy in front of FusionAuth to convert from JWT to Paseto.
Additional context
There are several open source paseto java libraries which might be a good place to start:
How to vote
Please give us a thumbs up or thumbs down as a reaction to help us prioritize this feature. Feel free to comment if you have a particular need or comment on how this feature should work.