{"id":16828932,"url":"https://github.com/nbaars/paseto4j","last_synced_at":"2025-04-07T11:07:10.521Z","repository":{"id":30599233,"uuid":"125498620","full_name":"nbaars/paseto4j","owner":"nbaars","description":"Paseto implementation for Java","archived":false,"fork":false,"pushed_at":"2024-10-07T14:32:51.000Z","size":708,"stargazers_count":58,"open_issues_count":11,"forks_count":12,"subscribers_count":4,"default_branch":"main","last_synced_at":"2024-10-14T11:29:10.795Z","etag":null,"topics":["java","jose","jwt","paseto","paseto-tokens","security","token-based-authentication"],"latest_commit_sha":null,"homepage":"https://nbaars.github.io/paseto4j/","language":"Java","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/nbaars.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":".github/FUNDING.yml","license":"LICENSE.txt","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null},"funding":{"ko_fi":"nannebaars"}},"created_at":"2018-03-16T10:04:42.000Z","updated_at":"2024-09-27T22:44:01.000Z","dependencies_parsed_at":"2024-02-22T19:29:29.818Z","dependency_job_id":"0b0c8f13-a808-48a2-858a-3a68db288ee4","html_url":"https://github.com/nbaars/paseto4j","commit_stats":{"total_commits":168,"total_committers":6,"mean_commits":28.0,"dds":"0.19047619047619047","last_synced_commit":"b2055f51116242dbe4ec7ce47e39f3e20737db60"},"previous_names":[],"tags_count":42,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nbaars%2Fpaseto4j","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nbaars%2Fpaseto4j/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nbaars%2Fpaseto4j/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nbaars%2Fpaseto4j/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/nbaars","download_url":"https://codeload.github.com/nbaars/paseto4j/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247640462,"owners_count":20971557,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["java","jose","jwt","paseto","paseto-tokens","security","token-based-authentication"],"created_at":"2024-10-13T11:29:20.140Z","updated_at":"2025-04-07T11:07:10.477Z","avatar_url":"https://github.com/nbaars.png","language":"Java","readme":"# Java implementation of PASETO: Platform-Agnostic Security Tokens\n[![License](http://img.shields.io/:license-mit-blue.svg)](LICENSE)\n[![Quality Gate Status](https://sonarcloud.io/api/project_badges/measure?project=nbaars_paseto4j\u0026metric=alert_status)](https://sonarcloud.io/summary/new_code?id=nbaars_paseto4j)\n[![GitHub release](https://img.shields.io/github/release/nbaars/paseto4j.svg)](https://github.com/nbaars/paseto4j/releases/latest)\n[![java-jdk](https://img.shields.io/badge/java%20jdk-11-green.svg)](https://jdk.java.net/)\n[![Build](https://github.com/nbaars/paseto4j/actions/workflows/build.yml/badge.svg?branch=main)](https://github.com/nbaars/paseto4j/actions/workflows/build.yml)\n\nImplementation of [PASETO](https://github.com/paragonie/paseto) library written in Java. This library is focused\non taking part of the encryption/decryption part of the tokens it has a little dependencies as possible. How you\nconstruct the tokens with which JSON library is up to you. According to the specification the payload should always\nbe a JSON object.\n\n# Contents\n* [What is Paseto?](#what-is-paseto)\n  * [Key Differences between Paseto and JWT](#key-differences-between-paseto-and-jwt)\n* [Installation](#installation)\n\n# What is Paseto?\n\nPaseto is everything you love about JOSE (JWT, JWE, JWS) without any of the\n[many design deficits that plague the JOSE standards](https://paragonie.com/blog/2017/03/jwt-json-web-tokens-is-bad-standard-that-everyone-should-avoid).\nPaseto (Platform-Agnostic SEcurity TOkens) is a specification and reference implementation\nfor secure stateless tokens.\n\n## Key Differences between Paseto and JWT\n\nUnlike JSON Web Tokens (JWT), which gives developers more than enough rope with which to\nhang themselves, Paseto only allows secure operations. JWT gives you \"algorithm agility\",\nPaseto gives you \"versioned protocols\". It's incredibly unlikely that you'll be able to\nuse Paseto in [an insecure way](https://auth0.com/blog/critical-vulnerabilities-in-json-web-token-libraries).\n\n\u003e **Caution:** Neither JWT nor Paseto were designed for\n\u003e [stateless session management](http://cryto.net/~joepie91/blog/2016/06/13/stop-using-jwt-for-sessions/).\n\u003e Paseto is suitable for tamper-proof cookies, but cannot prevent replay attacks\n\u003e by itself\n\n# Installation\n\nThere are four version available in Maven Central.\n\n## Version 4\n\nAdd the following dependency to your project:\n\n```\n\u003c!-- https://mvnrepository.com/artifact/io.github.nbaars/paseto4j-version4 --\u003e\n\u003cdependency\u003e\n    \u003cgroupId\u003eio.github.nbaars\u003c/groupId\u003e\n    \u003cartifactId\u003epaseto4j-version4\u003c/artifactId\u003e\n    \u003cversion\u003e${paseto4j.version}\u003c/version\u003e\n\u003c/dependency\u003e\n```\n\n## Version 3\n\nVersion 3 is composed of NIST-approved algorithms, and will operate on tokens with the *v3* version header.\n\nAdd the following dependency to your project:\n\n```\n\u003c!-- https://mvnrepository.com/artifact/io.github.nbaars/paseto4j-version3 --\u003e\n\u003cdependency\u003e\n    \u003cgroupId\u003eio.github.nbaars\u003c/groupId\u003e\n    \u003cartifactId\u003epaseto4j-version3\u003c/artifactId\u003e\n    \u003cversion\u003e${paseto4j.version}\u003c/version\u003e\n\u003c/dependency\u003e\n```\n\n\n## Version 2\n\nVersion 2 (the recommended version by the specification) is supported, this version depends on Libsodium\nsee [here](https://download.libsodium.org/doc/installation/) on how to install this library. The Dockerfile \ncontains an example how to install it on a Linux based system.\n\nAdd the following dependency to your project:\n\n```\n\u003c!-- https://mvnrepository.com/artifact/io.github.nbaars/paseto4j-version2 --\u003e\n\u003cdependency\u003e\n    \u003cgroupId\u003eio.github.nbaars\u003c/groupId\u003e\n    \u003cartifactId\u003epaseto4j-version2\u003c/artifactId\u003e\n    \u003cversion\u003e${paseto4j.version}\u003c/version\u003e\n\u003c/dependency\u003e\n```\n\n## Version 1 \n\nAdd the following dependency to your project:\n\n```\n\u003c!-- https://mvnrepository.com/artifact/io.github.nbaars/paseto4j-version1 --\u003e\n\u003cdependency\u003e\n    \u003cgroupId\u003eio.github.nbaars\u003c/groupId\u003e\n    \u003cartifactId\u003epaseto4j-version1\u003c/artifactId\u003e\n    \u003cversion\u003e${paseto4j.version}\u003c/version\u003e\n\u003c/dependency\u003e\n```\n\n## Usage\n\nFor usage see the `examples` project which shows how to use Paseto4j in action.\n\n# Differences with other Java Paseto implementations\n\nWhy use this library over the other Java implementations?\n\n- No dependency on any JSON library. It is a lightweight library supporting the basic Paseto operations. The rest is up-to-you.\n- Easy to use API.\n- Available on Maven Central\n\n## Example usages \n\n- https://nutbutterfly.medium.com/spring-boot-quick-guide-to-replace-jwt-with-paseto-774f43c8f2c4 - This library provide a simple API, easy to use and fully flexible for developer.\n\n# Development\n\n`paseto-version2` needs Libsodium to be present, to avoid installing it on your local machine, you can use the following command to build it locally:\n\n```shell\ndocker build -t paseto4j .\ndocker run -v \"${HOME}\"/.m2:/root/.m2 -v \"${PWD}\":/workspace paseto4j ./mvnw verify     \n ```\n\nThe first command is only necessary ones, for building the Maven image.\n\n# Release\n\nWe use [Calendar Versioning](https://calver.org/) as version numbers. Creating a new tag and pushing it to GitHub will start the release process. \n\n","funding_links":["https://ko-fi.com/nannebaars"],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnbaars%2Fpaseto4j","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fnbaars%2Fpaseto4j","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnbaars%2Fpaseto4j/lists"}