rlittlefield
commented
3 years ago Nothing inside PASETO will stop the same token from being used multiple times before it expires.
If you need true single-use tokens for a security purpose that expiration isn't sufficient for, or if you need something that allows a token to be "revoked", you will probably want some technology other than PASETO. Something that can statefully track token usage, such as a row in a database.
The main technical reason for this is that PASETO embeds a payload of claims into the token itself, and is then signed. The bearer of the token can't be trusted to not just send the old, unmodified version of the token instead of the new one. I've heard people come up with a scheme to have a list of "used/invalid tokens", but once you are keeping state, you could probably have just used a different technology.
paragonie-security
In a lot of the reading I've done on PASETOs, it seems that they should be single use only. For example: https://developer.okta.com/blog/2019/10/17/a-thorough-introduction-to-paseto
But is there anything in the specification that actually requires them to be single use? If the same token is passed twice to the decrypt method while the token is valid, are both instances treated as valid?