#gaseto - PASETO library for Gleam

https://github.com/atomfinger/gaseto

A few weeks back, I and @grizzled ermine talked about JWTs, and he was... less than thrilled about them. I then looked into alternatives and found PASETO, but I found no Gleam PASETO library. I then thought "How hard could it be?".

A few days later I was crying in a corner.

Anyway, this is early work (V0.0.1). Nothing on Hex/Hexdoc yet. This is, in its curent form, very thrown together and experimental.

We do, however, pass all the test vectors for PASETO V1 local/public encryption/decryption.

Plans for V1 are:

• V2 support
• PASERK support
• Better code
• Better documentation
• A will to keep going (optional)

Hoping to get JS target support, but motivation is so-so.

I hope to get full support for V3 and V4 as well so Gleam can top the support list.

Cool, k thx bye

oooh I should learn abot paseto

It's kinda like JWT, but it doesn't let developers choose the algorithm

Very cool!

So developers have less of a chance to shoot themselves in the foot

always good

You've fallen guilting to commiting your .DS_Store file

Everyone must use my .DS_Store file. It is vital

oh great, i didnt know about paseto!

Neither did I a week ago

is it considered to be jwt but better?

or just different option

better, apparently

without the JWT flaws, whatever those are

Better is relative, but it is similar to jwts, but it enforces certain algorithms to ensure security. JWT leaves it up to the developer to figure out how the encryption/encoding should be performed, and most developers likes the path of least resistance, which often is the less secure one.

https://paragonie.com/blog/2017/03/jwt-json-web-tokens-is-bad-standard-that-everyone-should-avoid

damn, i guess I will give paseto a try then

So to that end, on January 1, 2022, we intend to deprecate Versions 1 and 2 of PASETO. All PASETO libraries are strongly encouraged to migrate towards support for Version 3 and/or Version 4. Tracking tickets are here: Specification, PASETO.io, PHP.

https://paragonie.com/blog/2021/09/promoting-misuse-resistance-in-paseto-libraries

Well bugger me 🔫

That's what I get for not reading up on things before implementing something.

Its fine. I'm not mad or anything.

gaseto - PASETO library for Gleam

oh boo

Much work to upgrade?

I think it is just an algorithm switch. Overall flow is most likely the same, but the underlying alhorithm is different, which is mostly erlang/crypto stuff which I don't date to implement myself

This was any more of a proof-of-concept anyway, to prove that I could make this thing, so having to implement v3/v4 should be fine I think

Btw @grizzled ermine , did we ever figure out this syntax highlight issue?

Saw it pop up a few days/weeks back, but I couldn't find the conclusion

You're using an outdated version of the tree sitter grammar

Ah, so lazyvim problem I guess?

If you're using nvim it's probably because you're using the deprecated master branch of the tree sitter plugin repo instead of the current main branch

yee lazyvim is using the old one

Boo, well.... hmmm....

Well, who needs highlighting anway. Pro devs just use ed

@harsh tapir has some code for using the master branch with the newer Gleam tree sitter grammar, though I can't find it with discord search rn.

No worries, I'll figure it out. I'm not going to bother people with my refusal to configure my own vim 😛