Open
Description
Integrating Paseto (Platform-Agnostic Security Tokens) support as an alternative to JWTs can address some inherent JWT (JSON Web Tokens) issues and enhance Authorizer's capabilities.
Advantages of Paseto over JWT:
- Enhanced security with a simpler design preventing critical vulnerabilities.
- Mandatory secure default algorithm, reducing risks associated with algorithm misconfiguration.
- Built-in versioning for better token validation management.
- Clearer, more concise specifications leading to fewer implementation errors.
- Better error handling aiding in easier debugging.
- Reduced token size for optimized performance.
Supporting Paseto tokens will bolster security, streamline token management, and potentially optimize performance, aligning Authorizer with modern security best practices.
Support for version 3 and 4 only should be fine, no backwards compatibility for v1/2 needed.
The best known Go library for Paseto is go-paseto, which has everything authorizer would need.