Closed fireproofsocks closed 5 years ago
@fireproofsocks Thanks for bringing this up! I just went ahead and updated the README to include both of your suggestions.
Thanks! That's very helpful. How would you feel about demonstrating how to read a value from a config back for use in verifying a message, e.g.
# Reading your encoded keypair from storage in your configuration:
keypair = {Hexate.decode(Application.get_env(:myapp, :public_key)), Hexate.decode(Application.get_env(:myapp, :secret_key))}
(Since it's easy to get tripped up with how data is stored as binaries and how we tend to format it for human-readability)
I'm really hesitant to include configuration values as the recommended way of doing this because they're a kind-of poor way of handling rotating keys. I'm more inclined to not suggest because this library is meant as more of a low-level building block, whereas something like https://github.com/GrappigPanda/paseto_plug is meant to be a plug-and-play library.
With that said, there's an incoming big changeset that's adding more type info and making this library dialyzer safe, so it should be easier to determine what a keypair should represent in the future.
Unless I've totally misconfigured something, the example from the
README
for generating a token does not work:Expected: a valid string token. Actual: CompileError.
I think the line should be:
It would also be nice if you included how to convert the
pk
andsk
to a regular old copy-and-pasteable string so we could easily use it in a config file.