Paseto is everything you love about JOSE (JWT, JWE, JWS) without any of the many design deficits that plague the JOSE standards.
Version | Implemented |
---|---|
v1.local | ✅ |
v1.public | ✅ |
v2.local | ✅ |
v2.public | ✅ |
v3.local | ✅ |
v3.public | ✅ |
v4.local | ❌ |
v4.public | ✅ |
PASERK | ❌ |
Paseto converts Token strings into Message objects. Paseto tokens are either in local mode or public mode depending on your use case.
Local mode tokens contain encrypted data, and must be decrypted.
main () async {
// The same symmetric key the token was signed with.
final secretKey = SecretKey();
// The local encrypted Paseto token.
const tokenString = 'v4.local.payloadBase64.footerBase64';
// Turns the string into a Token object.
final token = await Token.fromString(tokenString);
// Decrypts the local encrypted Token into a full Message.
final message = await token.decryptLocalMessage(secretKey: secretKey);
}
Public mode tokens are unencrypted, and the module will verify the signature.
main () async {
// The public key from the asymmetric KeyPair used to sign the token.
final publicKey = SimplePublicKey([], type: KeyPairType.ed25519);
// The public signed Paseto token.
const tokenString = 'v4.public.payloadBase64.footerBase64';
// Turns the string into a Token object.
final token = await Token.fromString(tokenString);
// Verifies the signature of the Token, using the publicKey, and returns the full Message.
final message = await token.verifyPublicMessage(publicKey: publicKey);
}
Local mode tokens contain encrypted data, and must be encrypted.
main () async {
// The symmetric key to encrypt with.
final secretKey = SecretKey();
// Encrypt the content into a Paseto Message object.
final message = await Message.encryptString(
'Hello World!',
version: Version.v2,
secretKey: secretKey,
);
// Encode the Token
final token = message.toToken.toTokenString;
}
Public mode tokens are unencrypted, and the module will sign the Message.
main () async {
// An asymmetric ED25519 KeyPair to sign and verify the message.
final keyPair = await Ed25519().newKeyPair();
// Sign the content with the Paseto version you are using.
final message = await Message.signString(
'Hello World!',
version: Version.v4,
keyPair: keyPair,
);
// Encode the Token
final token = message.toToken.toTokenString;
}