Closed iambumblehead closed 2 years ago
PASETO in public mode doesn't require decryption, though does require checking the signature is valid. Is this perhaps what you want? This is done using a public key (so doesn't require any secrets).
PASETO is not the right tool if you want tokens that aren't verified at all though.
@aidantwoods thank you. I think you have answered my question. I was hoping there might be another way that would not require even the public key but I understand PASETO is not meant to facilitate such scenarios.
Hello,
I'm using the PASETO package here https://www.npmjs.com/package/paseto to generate PASETO tokens and am trying to understand if there is a standard way to generate a PASETO token that yields human-readable payload without verification.
The reason for this is, some oauth flows return a JWT "id_token" yielding user data, such as a display_name. link. Because JWT tokens are used in these flows, the data is readable without decryption or verification. If possible, I'd like to generate a PASETO id_token.
Thank you for any response you may have.