Hello,

I'm using the PASETO package here https://www.npmjs.com/package/paseto to generate PASETO tokens and am trying to understand if there is a standard way to generate a PASETO token that yields human-readable payload without verification.

The reason for this is, some oauth flows return a JWT "id_token" yielding user data, such as a display_name. link. Because JWT tokens are used in these flows, the data is readable without decryption or verification. If possible, I'd like to generate a PASETO id_token.

Thank you for any response you may have.

PASETO in public mode doesn't require decryption, though does require checking the signature is valid. Is this perhaps what you want? This is done using a public key (so doesn't require any secrets).

PASETO is not the right tool if you want tokens that aren't verified at all though.

@aidantwoods thank you. I think you have answered my question. I was hoping there might be another way that would not require even the public key but I understand PASETO is not meant to facilitate such scenarios.