PASETO (secure JWT alternative) plugin for Kong


#1

What is PASETO?

Paseto (Platform-Agnostic SEcurity TOkens) is a specification and reference implementation for secure stateless tokens.

"Paseto is everything you love about JOSE (JWT, JWE, JWS) without any of the many design deficits that plague the JOSE standards."

paragonie/paseto

Key Differences between Paseto and JWT

Unlike JSON Web Tokens (JWT), which gives developers more than enough rope with which to hang themselves, Paseto only allows secure operations. JWT gives you “algorithm agility”,
Paseto gives you “versioned protocols”. It’s incredibly unlikely that you’ll be able to use Paseto in an insecure way.

Implementations and Kong Plugin

See https://paseto.io for a full list of PASETO implementations in various languages.

This is a Kong plugin I wrote for PASETO.


#2

Hi, thank you for sharing this!