Question 1

How do I create a Paseto token in a .NET API?

Accepted Answer

Use the PasetoBuilder fluent API: instantiate a builder, specify version and purpose with Use(), add claims like Issuer and Expiration, and call Encode(). The README provides code examples for symmetric and asymmetric key scenarios.

Question 2

Paseto vs JWT: which should I use for my .NET project?

Accepted Answer

Paseto is more secure by design, avoiding common JWT vulnerabilities, but JWT has wider adoption. Choose Paseto.NET if security is critical and you can handle the setup; opt for JWT if you need extensive community support and interoperability with existing systems.

Question 3

Does Paseto.NET support key rotation?

Accepted Answer

Yes, through PASERK key serialization and the ability to generate new keys with GenerateSymmetricKey() or GenerateAsymmetricKeyPair(). However, some PASERK operations for key-wrapping are not yet implemented, as noted in the roadmap.

Question 4

How to validate Paseto tokens in ASP.NET Core middleware?

Accepted Answer

Decode tokens using PasetoBuilder with validation parameters like ValidateAudience and ValidIssuer. You can integrate this into custom middleware or controller actions, similar to the Decode() example in the README with PasetoTokenValidationParameters.

Question 5

What cryptographic algorithms does Paseto.NET use?

Accepted Answer

It leverages proven libraries: Chaos.NaCl for Ed25519, Bouncy Castle for AES-256-CTR and ECDSA over P-384, Konscious.Security.Cryptography for Blake2b, and NaCl.Core for XChaCha20-Poly1305, ensuring strong security foundations.

Question 6

Is Paseto.NET compatible with existing JWT tokens?

Accepted Answer

No, Paseto tokens are a different format and not directly compatible with JWT. You would need to implement token translation or migrate your entire authentication stack to Paseto, which may require significant effort.

Paseto.Core

What is Paseto.Core?

Overview

Use Cases

Best For

Related Projects

Found a gem we're missing?

Not Ideal For

Pros & Cons

Pros

Cons

Open Source Alternative To

Frequently Asked Questions