A Thorough Introduction to PASETO

A Thorough Introduction to PASETO

An in-depth look at the successor to JSON Web Tokens: PASETO.

Bobby Bittman

I really enjoyed this article, but like most of the “JWTs are trash!” articles out there, it identified how folks are misusing these types of tokens (they should never replace ‘sessions’) without touching on APIs whatsoever, which is a perfectly valid usecase for these types of tokens. When developing APIs alongside apps that require authentication and then consume that API, I was forever in a panic about using JWTs (and PASETO) “improperly” because everyone was so quick to trash them… but used properly (with signing, not letting them last longer than a traditional session/authentication on the main site) they are just fine. Nice article though, and we are for sure moving to PASETO for our API/app authentication.

Emmanuel Otieno

Can we use Paseto in email verification when registering users