Skip to content
A Paseto (Platform Agnostic SEcurity Token) plug for Phoenix Authentication
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Type Name Latest commit message Commit time
Failed to load latest commit information.
config Initial commit containing most of the scaffolding Jun 26, 2018
lib Adding exdoc and cleaning up docs a bit Jun 28, 2018
.credo.exs Adding credo and circleci config Jun 26, 2018
.gitignore Initial commit containing most of the scaffolding Jun 26, 2018
LICENSE Adding BSD 3-clause license Aug 8, 2018
mix.lock Upgrading to paseto 1.3 Jun 6, 2019

CircleCI HexDocs


A Phoenix authentication plug that validates Paseto (Platform Agnostic Security Tokens).


This package can be installed by adding paseto_plug to your list of dependencies in mix.exs:

def deps do
    {:paseto_plug, "~> 0.1.0"}

Considerations for using this library

There are a few library/binary requirements required in order for the Paseto library to work on any computer:

  1. Erlang version >= 20.1
    • This is required because this was the first Erlang version to introduce crypto:sign/5.
  2. libsodium >= 1.0.13
  3. openssl >= 1.1
    • This is needed for XChaCha-Poly1305 used for V2.Local Paseto

Using the plug

This plug, solely, handles taking a Paseto and validating it was issued by your key(-pair). Should you need more information on generating a Paseto, take a look at my other project over here:

So, in order to use the plug, you will need to include the following in your router.ex file.

plug PasetoPlug, key_provider: &KeyProvider.get_key/0

Moreover, you will need to write a key provider module + function. This can be as simple as the following:

defmodule KeyProvider do
  def get_key() do

Now, whenever a request goes through, the requester will either face a 401 (if they have an invalid paseto) or your conn will have a new :claims key in the assigns map.

# You can grab it by using
You can’t perform that action at this time.