Support PASERK: Platform-Agnostic Serialized Keys

[sdelamo]

Hi,

I am working on the integration of Paseto tokens with the Micronaut Framework. I have been using JPaseto. Thanks for your library.

Are there any plans to support PASERK. For JWT, we support users exposing a /keys endpoint with a JSON Web Key Set and the consumption of such an endpoint with a remotejwks_uri to load the public keys.

I think it would be great to support the same with Paseto tokens. It would be great if Paserk was supported in JPaseto.

[bdemers]

Hi @sdelamo!
I took a quick glance at the Micronaut PR, I love the idea of making all of the claims related classes/packages more generic (and not JWT specific) there are other token formats (like PASETO) with similar concepts.

As for PASERK and the recent V3 and V4 updates to the PASETO spec, they are on the road map, if you want to help out with these let us know!

[sdelamo]

I took a quick glance at the Micronaut PR, I love the idea of making all of the claims related classes/packages more generic (and not JWT specific) there are other token formats (like PASETO) with similar concepts.

Yes, that was an oversight in our security implementation.

[bdemers]

I get it though, it's hard to know where to put the abstractions if there is only one implementation 😄