paseto-spec icon indicating copy to clipboard operation
paseto-spec copied to clipboard

Published 20 hours ago verified publisher icon paseto-standard

Token Opacity

Open paragonie-security opened this issue 1 year ago • 2 comments

There are some situations in which the vX.local. header is undesirable. In these circumstances, the header MAY be stripped, provided they are provided by the configured key.

paragonie-security avatar Sep 12 '24 07:09 paragonie-security

Would this be a separate checkbox for support on paseto.io?

The only concern I'd really raise with this is interoperability of tokens in existing versions with different libraries, where only some might support opaque tokens out of the box following this change.

aidantwoods avatar Sep 12 '24 08:09 aidantwoods

Sure, we could update paseto.io to do that when we also add v5/v6 to the spec.

paragonie-security avatar Sep 12 '24 11:09 paragonie-security