These two token modes solve at least 80% of use cases for secure tokens. You can even solve unencrypted symmetric-key authentication by storing your c

paseto-standard / paserk

submited by
Style Pass
2021-07-29 12:30:07

These two token modes solve at least 80% of use cases for secure tokens. You can even solve unencrypted symmetric-key authentication by storing your claims in the unencrypted footer, rather than encrypting them.

PASERK aims to provide an answer for these circumstances, as well as provide a consistent standard for the encoding of PASETO keys.

Where [version] is an integer, [data] is the (typically base64url-encoded) payload data, and [type] is one of the items in the following table:

The version of a PASERK MUST match the version of the PASETO it's used with. For example, a k2.local. PASERK must be used with v2.local. tokens. Cross-version support is explicitly NOT permitted.

As one of the design criteria, it must be safe for PASERKs to be sent out-of-band with its associated PASETO, or included in the footer of a PASETO.

When PASERKs are not included in the footer, users SHOULD include the PASERK ID in the footer (or, in v3/v4 of PASETO, as an implicit assertion).

Leave a Comment
Related Posts