Giters

o1egl / paseto

Platform-Agnostic Security Tokens implementation in GO (Golang)

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Unable to verify data

rebootcode opened this issue · comments

commented

I have my token, symmetric key and footer string passed

v2 := paseto.NewV2()
err := v2.Decrypt(token, symmetricKey, &newJSONToken, &newFooter)

But how do I verify data?

I found there is newJSONToken.Validate() function which basically returns an error if there is any.

I have a couple of question for this library:

  1. Is verification done by verifying "key" and "value" set using "Set" method on JSONToken?
  2. Can "token" generated be altered like "JWT" and pass modified or tampered data?
  3. Can "token" generated using "paseto" be decrypted and viewed like "JWT"?

Thanks