Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Paseto support #413

Open
itpropro opened this issue Oct 30, 2023 · 0 comments
Open

Paseto support #413

itpropro opened this issue Oct 30, 2023 · 0 comments
Labels
enhancement New feature or request

Comments

@itpropro
Copy link

itpropro commented Oct 30, 2023
edited

Integrating Paseto (Platform-Agnostic Security Tokens) support as an alternative to JWTs can address some inherent JWT (JSON Web Tokens) issues and enhance Authorizer's capabilities.

Advantages of Paseto over JWT:

  • Enhanced security with a simpler design preventing critical vulnerabilities.
  • Mandatory secure default algorithm, reducing risks associated with algorithm misconfiguration.
  • Built-in versioning for better token validation management.
  • Clearer, more concise specifications leading to fewer implementation errors.
  • Better error handling aiding in easier debugging.
  • Reduced token size for optimized performance.

Supporting Paseto tokens will bolster security, streamline token management, and potentially optimize performance, aligning Authorizer with modern security best practices.

Support for version 3 and 4 only should be fine, no backwards compatibility for v1/2 needed.
The best known Go library for Paseto is go-paseto, which has everything authorizer would need.
@itpropro itpropro added the enhancement New feature or request label Oct 30, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@itpropro