The verify method assumes the content of the token message is UTF-8

[mdimas]

In the verify method the last thing it does is call `toString('utf-8') on the data buffer. https://github.com/sjudson/paseto.js/blob/master/lib/protocol/V2.js#L321

In our case our message is binary because we are sending a compressed message. The fact that it is returned as UTF-8 breaks the message and makes it impossible for us to unzip it.

Is there anything in the Paseto spec that says the message has to be UTF-8? If not can this default be removed? Either the original data buffer could be returned, or maybe an option can be provided to specify the content encoding.

Thanks, Mark

[sjudson]

Yes, the spec notes (Section 6) that plaintext payloads must be UTF-8 --- it also notes they must be JSON objects, which is the goal of the high-level interface which is still TODO --- and recommends the use of base64url encoding to handle binary data. I will consider building some functionality into the library to help with that, but it's also something you can handle on your end. I'll leave this issue open though while I consider it.

[sjudson]

Going to close this, requiring callers format data into utf-8 before using is not too much to ask for.