paseto-browser
Advanced tools
This implements PASETO v4.local and v4.public in the browser, as well as PASERK k4.seal.
There are already other implementations of PASETO in JavaScript, but they're intended for Node.js.
This implementation runs in a web browser (using TweetNaCl for the elliptic curve operations).
npm install paseto-browser
Download the dist files from the GitHub releases, then embed them via <script> tags.
Please refer to the examples directory for more information.
<script src="paseto.v4.local.js" type="module"></script>
<script type="module">
(async function () {
// const encryptor = new PasetoV4Local(symmetric_key_uint8array)
const encryptor = PasetoV4Local.generate()
// You can now encode/decode tokens using encryptor
const token = await encryptor.encode({'exp': "2039-01-01T13:37:00+00:00"})
const decoded = await encryptor.decode(token)
console.log(decoded.exp) // "2039-01-01T13:37:00+00:00"
})();
</script>
<script src="tweetnacl/nacl-fast.min.js" type="module"></script>
<script src="paseto-browser/paseto.v4.public.js" type="module"></script>
<script type="module">
(async function () {
// const keypair = nacl.sign.keyPair()
// const sk = keypair.secretKey
// const pk = keypair.publicKey
// const signer = new PasetoV4Public(pk, sk)
const signer = PasetoV4Public.generate()
// You can now encode/decode tokens using signer
const token = await signer.encode({'exp': "2039-01-01T13:37:00+00:00"})
const decoded = await signer.decode(token)
console.log(decoded.exp) // "2039-01-01T13:37:00+00:00"
})();
</script>
<script src="tweetnacl/nacl-fast.min.js" type="module"></script>
<script src="paseto-browser/paseto.v4.local.js" type="module"></script>
<script src="paseto-browser/paserk.k4.seal.js" type="module"></script>
<script type="module">
(async function () {
const wrapper = PaserkK4Seal.generate()
/// Alternative 1
// const keypair = nacl.box.keyPair()
// const sk = keypair.secretKey
// const pk = keypair.publicKey
// const test = new PaserkK4Seal(pk, sk)
/// Alternative 2
// const keypair = nacl.sign.keyPair()
// const sk = keypair.secretKey
// const pk = keypair.publicKey
// const test = PaserkK4Seal.fromEdwardsKeys(pk, sk)
// One-side (only needs pk)
const p4l = PasetoV4Local.generate()
const wrapped = await wrapper.wrap(p4l)
const token = await p4l.encode({'exp': "2039-01-01T13:37:00+00:00"}, {'wpk': wrapped})
// Other side (needs pk and sk), receives `token`
const footer = PasetoV4Local.getFooter(token)
const unwrapped = await test.unwrap(footer.wpk)
const decoded = await unwrapped.decode(token)
console.log(decoded.exp) // "2039-01-01T13:37:00+00:00"
})();
</script>
To test your local changes, checkout this repository from Git then run the following commands:
npm install
npm run build
distDO NOT commit any changes to
dist; we will rebuild from source.Any pull requests that touch
distwill not be accepted.
FAQs
In-browser JavaScript implementation of PASETO
The npm package paseto-browser receives a total of 5 weekly downloads. As such, paseto-browser popularity was classified as not popular.
We found that paseto-browser demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
/Research
Malicious npm package impersonates Nodemailer and drains wallets by hijacking crypto transactions across multiple blockchains.
Security News
This episode explores the hard problem of reachability analysis, from static analysis limits to handling dynamic languages and massive dependency trees.
Security News
/Research
Malicious Nx npm versions stole secrets and wallet info using AI CLI tools; Socket’s AI scanner detected the supply chain attack and flagged the malware.