|
|
|
|
|
|
by user5994461
2315 days ago
|
|
|
Author here. As a matter of fact, the world has already settled on JWT. Paseto is dead in the water and will never gain any traction. Every single company has no choice but to support JWT in some capacity. Whenever one has to use social auth (Google/Facebook/twitter), or Microsoft products (ADFS/Office365), or third party authentication solutions (Okta/auth0), they're de facto dealing with OpenID Connect + JWT (or SAML but that's a different topic). |
|
|
We'll see about that. :)
> Every single company has no choice but to support JWT in some capacity.
This will change soon.
> Whenever one has to use social auth (Google/Facebook/twitter), or Microsoft products (ADFS/Office365), or third party authentication solutions (Okta/auth0), they're de facto dealing with OpenID Connect + JWT (or SAML but that's a different topic).
The plan for PASETO has always been to make it a JWT alternative for OIDC.
First comes the XChaCha RFC.
Second comes the PASETO RFC.
Finally, the OIDC-PASETO RFC.
1. https://tools.ietf.org/html/draft-irtf-cfrg-xchacha-03
2. https://github.com/paragonie/paseto/blob/master/docs/RFC/pas...
3. https://github.com/paragonie/paseto/issues/5