Skip to content
/ flutter_paseto Public

Paseto is everything you love about JOSE (JWT, JWE, JWS) without any of the many design deficits that plague the JOSE standards.

paseto.io

License

BSD-3-Clause license
4 stars 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

plarson/flutter_paseto

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

23 Commits
.github
.github
 
 
lib
lib
 
 
test
test
 
 
.gitignore
.gitignore
 
 
CHANGELOG.md
CHANGELOG.md
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
analysis_options.yaml
analysis_options.yaml
 
 
pubspec.yaml
pubspec.yaml
 
 

Repository files navigation

paseto

pub license

Paseto is everything you love about JOSE (JWT, JWE, JWS) without any of the many design deficits that plague the JOSE standards.

Support

Version Implemented
v1.local
v1.public
v2.local
v2.public
v3.local
v3.public
v4.local
v4.public
PASERK

Decode a Token into a Message

Paseto converts Token strings into Message objects. Paseto tokens are either in local mode or public mode depending on your use case.

Decode Local Encrypted Tokens

Local mode tokens contain encrypted data, and must be decrypted.

main () async {
  // The same symmetric key the token was signed with.
  final secretKey = SecretKey();
  // The local encrypted Paseto token.
  const tokenString = 'v4.local.payloadBase64.footerBase64';
  // Turns the string into a Token object.
  final token = await Token.fromString(tokenString);
  // Decrypts the local encrypted Token into a full Message.
  final message = await token.decryptLocalMessage(secretKey: secretKey);
}

Decode Public Signed Tokens

Public mode tokens are unencrypted, and the module will verify the signature.

main () async {
  // The public key from the asymmetric KeyPair used to sign the token.
  final publicKey = SimplePublicKey([], type: KeyPairType.ed25519);
  // The public signed Paseto token.
  const tokenString = 'v4.public.payloadBase64.footerBase64';
  // Turns the string into a Token object.
  final token = await Token.fromString(tokenString);
  // Verifies the signature of the Token, using the publicKey, and returns the full Message.
  final message = await token.verifyPublicMessage(publicKey: publicKey);
}

Encode a Message into a Token

Local Encrypted Tokens

Local mode tokens contain encrypted data, and must be encrypted.

main () async {
  // The  symmetric key to encrypt with.
  final secretKey = SecretKey();
  // Encrypt the content into a Paseto Message object.
  final message = await Message.encryptString(
    'Hello World!',
    version: Version.v2,
    secretKey: secretKey,
  );
  // Encode the Token
  final token = message.toToken.toTokenString;
}

Public Signed Tokens

Public mode tokens are unencrypted, and the module will sign the Message.

main () async {
  // An asymmetric ED25519 KeyPair to sign and verify the message.
  final keyPair = await Ed25519().newKeyPair();
  // Sign the content with the Paseto version you are using.
  final message = await Message.signString(
    'Hello World!',
    version: Version.v4,
    keyPair: keyPair,
  );
  // Encode the Token
  final token = message.toToken.toTokenString;  
}

About

Paseto is everything you love about JOSE (JWT, JWE, JWS) without any of the many design deficits that plague the JOSE standards.

paseto.io

Resources

Readme

License

BSD-3-Clause license
Activity

Stars

4 stars

Watchers

1 watching

Forks

1 fork
Report repository

Releases

No releases published

Sponsor this project

 
Learn more about GitHub Sponsors

Packages

No packages published

Languages