- Notifications
You must be signed in to change notification settings - Fork15
Paseto implementation for Java
License
nbaars/paseto4j
Folders and files
| Name | Name | Last commit message | Last commit date | |
|---|---|---|---|---|
Repository files navigation
Implementation ofPASETO library written in Java. This library is focusedon taking part of the encryption/decryption part of the tokens it has a little dependencies as possible. How youconstruct the tokens with which JSON library is up to you. According to the specification the payload should alwaysbe a JSON object.
Paseto is everything you love about JOSE (JWT, JWE, JWS) without any of themany design deficits that plague the JOSE standards.Paseto (Platform-Agnostic SEcurity TOkens) is a specification and reference implementationfor secure stateless tokens.
Unlike JSON Web Tokens (JWT), which gives developers more than enough rope with which tohang themselves, Paseto only allows secure operations. JWT gives you "algorithm agility",Paseto gives you "versioned protocols". It's incredibly unlikely that you'll be able touse Paseto inan insecure way.
Caution: Neither JWT nor Paseto were designed forstateless session management.Paseto is suitable for tamper-proof cookies, but cannot prevent replay attacksby itself
There are four version available in Maven Central.
Add the following dependency to your project:
<!-- https://mvnrepository.com/artifact/io.github.nbaars/paseto4j-version4 --><dependency> <groupId>io.github.nbaars</groupId> <artifactId>paseto4j-version4</artifactId> <version>${paseto4j.version}</version></dependency>Version 3 is composed of NIST-approved algorithms, and will operate on tokens with thev3 version header.
Add the following dependency to your project:
<!-- https://mvnrepository.com/artifact/io.github.nbaars/paseto4j-version3 --><dependency> <groupId>io.github.nbaars</groupId> <artifactId>paseto4j-version3</artifactId> <version>${paseto4j.version}</version></dependency>Version 2 (the recommended version by the specification) is supported, this version depends on Libsodiumseehere on how to install this library. The Dockerfilecontains an example how to install it on a Linux based system.
Add the following dependency to your project:
<!-- https://mvnrepository.com/artifact/io.github.nbaars/paseto4j-version2 --><dependency> <groupId>io.github.nbaars</groupId> <artifactId>paseto4j-version2</artifactId> <version>${paseto4j.version}</version></dependency>Add the following dependency to your project:
<!-- https://mvnrepository.com/artifact/io.github.nbaars/paseto4j-version1 --><dependency> <groupId>io.github.nbaars</groupId> <artifactId>paseto4j-version1</artifactId> <version>${paseto4j.version}</version></dependency>For usage see theexamples project which shows how to use Paseto4j in action.
Why use this library over the other Java implementations?
- No dependency on any JSON library. It is a lightweight library supporting the basic Paseto operations. The rest is up-to-you.
- Easy to use API.
- Available on Maven Central
- https://nutbutterfly.medium.com/spring-boot-quick-guide-to-replace-jwt-with-paseto-774f43c8f2c4 - This library provide a simple API, easy to use and fully flexible for developer.
paseto-version2 needs Libsodium to be present, to avoid installing it on your local machine, you can use the following command to build it locally:
docker build -t paseto4j.docker run -v"${HOME}"/.m2:/root/.m2 -v"${PWD}":/workspace paseto4j ./mvnw verify
The first command is only necessary ones, for building the Maven image.
We useCalendar Versioning as version numbers. Creating a new tag and pushing it to GitHub will start the release process.
About
Paseto implementation for Java
