paseto
paseto copied to clipboard
o1egl
Platform-Agnostic Security Tokens implementation in GO (Golang)
We at awesome-go noticed that the project has been without commits for over 1 year, is the project active? ref: https://github.com/avelino/awesome-go/issues/4016
Is v3/v4 support planned? If yes, is there any ETA? If no, do you personally recommend switching to https://github.com/vk-rv/pvx?
This changes the `token_validator` to return a `ErrTokenExpiredError` instead of `ErrTokenValidationError`. This allows us to check for token expiration which differs from a regular token error. (e.g. trigger a refresh).
As alluded to in #32, keys should to be strongly bound to their parameter choices to prevent algorithm confusion attacks (so byte arrays or similar shouldn't be accepted). From the...
https://github.com/o1egl/paseto/blob/f1000e3be0ce1d221c08cebbe13e184414a092f6/v2.go#L78 https://github.com/o1egl/paseto/blob/f1000e3be0ce1d221c08cebbe13e184414a092f6/v2.go#L138 See https://github.com/paseto-standard/paseto-spec/blob/master/docs/02-Implementation-Guide/03-Algorithm-Lucidity.md Right now, byte arrays are accepted by this API. There's no mechanism to prevent a user from using a v2 public key as a v2 local...
Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.0.0-20200220183623-bac4c82f6975 to 0.1.0. Commits See full diff in compare view [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter...
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot] avatar"){kind=avatar}