Implement Paseto Token Generation and Validation Service #12

Closed
opened 2025-10-17 22:20:47 +00:00 by Rodrigo2003-PT · 1 comment
Rodrigo2003-PT commented 2025-10-17 22:20:47 +00:00 (Migrated from github.com)

Create service to manage Paseto tokens. Create secure tokens on login and validating them on requests.

Tasks:

  • Add the paseto library to requirements.txt.
  • Securely manage the Paseto symmetric key using environment variables.
  • Create a service module token_service.py.
  • Implement a function generate_token(user_id, roles) that embeds user data in the token payload.
  • Implement a function verify_token(token) that validates the token and returns its payload or raises an appropriate exception (e.g., TokenExpired, InvalidToken).
  • Write unit tests for token generation and validation, including cases for expired and malformed tokens.
Create service to manage Paseto tokens. Create secure tokens on login and validating them on requests. ### Tasks: - Add the `paseto` library to `requirements.txt`. - Securely manage the Paseto symmetric key using environment variables. - Create a service module `token_service.py`. - Implement a function `generate_token(user_id, roles)` that embeds user data in the token payload. - Implement a function `verify_token(token)` that validates the token and returns its payload or raises an appropriate exception (e.g., `TokenExpired`, `InvalidToken`). - Write unit tests for token generation and validation, including cases for expired and malformed tokens.
AndreFerreira5 commented 2025-10-17 22:27:37 +00:00 (Migrated from github.com)

nice choice!
symmetric tokens are sufficient as we will only work locally, but if, in the future, we need to expose this service to the web, asymmetric tokens should be used.

nice choice! symmetric tokens are sufficient as we will only work locally, but if, in the future, we need to expose this service to the web, asymmetric tokens should be used.
Sign in to join this conversation.
No description provided.