Implement Paseto Token Generation and Validation Service #12
Labels
No labels
CI/CD
MongoDB
PostgreSQL
api
authentication
bug
documentation
duplicate
enhancement
example issue
fix
good first issue
help wanted
high-level requirement
infrastructure
invalid
low-level requirement
medium-level requirement
question
security
test
wontfix
No milestone
No project
No assignees
1 participant
Notifications
Due date
No due date set.
Dependencies
No dependencies set.
Reference
AndreFerreira5/starranja#12
Loading…
Add table
Add a link
Reference in a new issue
No description provided.
Delete branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Create service to manage Paseto tokens. Create secure tokens on login and validating them on requests.
Tasks:
pasetolibrary torequirements.txt.token_service.py.generate_token(user_id, roles)that embeds user data in the token payload.verify_token(token)that validates the token and returns its payload or raises an appropriate exception (e.g.,TokenExpired,InvalidToken).nice choice!
symmetric tokens are sufficient as we will only work locally, but if, in the future, we need to expose this service to the web, asymmetric tokens should be used.