Skip to content

Commit a385e8f

Browse files
committed
Updated README
1 parent b072abc commit a385e8f

1 file changed

Lines changed: 71 additions & 20 deletions

File tree

README.md

Lines changed: 71 additions & 20 deletions
Original file line numberDiff line numberDiff line change
@@ -21,9 +21,10 @@ This implementation doesn't support the v1 protocol. Please note that v1 should
2121
- [x] v2 local authentication (Blake2b and XChaCha20-Poly1305)
2222
- [x] v2 public authentication (Ed25519 signatures)
2323
- [x] JSON payload and footer processing
24-
- [ ] Claims validation
25-
- [ ] Integrated key ID (kid) support
24+
- [x] Registered claims validation
25+
- [x] Custom claims validation
2626
- [ ] High-level token builder API
27+
- [ ] Integrated key ID (kid) support
2728
- [ ] API documentation
2829

2930
## Installation
@@ -66,48 +67,98 @@ __v2.local__ :
6667
```
6768
local paseto = require "paseto.v2"
6869
69-
local key, payload_claims, token, footer_claims
70-
local extracted_footer_claims, extracted_footer, decrypted_claims
71-
payload_claims = {}
72-
payload_claims["clientid"] = 100099
73-
payload_claims["message"] = "secret"
74-
footer_claims = { kid = "123456789" }
70+
local key, payload_claims, token, footer_claims, claim_rules
71+
local extracted_footer_claims, extracted_footer, decrypted_claims, enforced_claims
72+
payload_claims = {
73+
iss = "paragonie.com",
74+
jti = "87IFSGFgPNtQNNuw0AtuLttP",
75+
aud = "some-audience.com",
76+
sub = "test",
77+
iat = "2018-01-01T00:00:00+00:00",
78+
nbf = "2018-01-01T00:00:00+00:00",
79+
exp = "2099-01-01T00:00:00+00:00",
80+
data = "this is a secret message",
81+
myclaim = "required value"
82+
}
83+
footer_claims = { kid = "MDlCMUIwNzU4RTA2QzZFMDQ4" }
84+
claim_rules = {
85+
IssuedBy = "paragonie.com",
86+
IdentifiedBy = "87IFSGFgPNtQNNuw0AtuLttP",
87+
ForAudience = "some-audience.com",
88+
Subject = "test",
89+
NotExpired = true,
90+
ValidAt = true,
91+
ContainsClaim = "data",
92+
myclaim = "required value"
93+
}
7594
7695
-- generate symmetric key
7796
key = paseto.generate_symmetric_key()
7897
79-
-- encrypt/decrypt without footer
98+
-- encrypt/decrypt without footer and without enforcing claim rules
8099
token = paseto.encrypt(key, payload_claims)
81100
decrypted_claims = paseto.decrypt(key, token)
82101
83-
-- encrypt/decrypt with footer
102+
-- encrypt with footer
84103
token = paseto.encrypt(key, payload_claims, footer_claims)
104+
105+
-- extract footer claims (e.g. to determine public key from kid claim)
85106
extracted_footer_claims, extracted_footer = paseto.extract_footer_claims(token)
86-
decrypted_claims = paseto.decrypt(key, token, extracted_footer)
107+
108+
-- decrypt without enforcing claim rules
109+
decrypted_claims = paseto.decrypt(key, token, nil, extracted_footer)
110+
111+
-- decrypt and enforce claim rules
112+
enforced_claims = paseto.decrypt(key, token, claim_rules, extracted_footer)
87113
```
88114

89115
__v2.public__ :
90116
```
91117
local paseto = require "paseto.v2"
92118
93-
local secret_key, public_key, payload_claims, token, footer_claims
94-
local extracted_footer_claims, extracted_footer, verified_claims
95-
payload_claims = {}
96-
payload_claims["clientid"] = 100099
97-
payload_claims["message"] = "secret"
98-
footer_claims = { kid = "123456789" }
119+
local secret_key, public_key, payload_claims, token, footer_claims, claim_rules
120+
local extracted_footer_claims, extracted_footer, verified_claims, enforced_claims
121+
payload_claims = {
122+
iss = "paragonie.com",
123+
jti = "87IFSGFgPNtQNNuw0AtuLttP",
124+
aud = "some-audience.com",
125+
sub = "test",
126+
iat = "2018-01-01T00:00:00+00:00",
127+
nbf = "2018-01-01T00:00:00+00:00",
128+
exp = "2099-01-01T00:00:00+00:00",
129+
data = "this is a signed message",
130+
myclaim = "required value"
131+
}
132+
footer_claims = { kid = "MDlCMUIwNzU4RTA2QzZFMDQ4" }
133+
claim_rules = {
134+
IssuedBy = "paragonie.com",
135+
IdentifiedBy = "87IFSGFgPNtQNNuw0AtuLttP",
136+
ForAudience = "some-audience.com",
137+
Subject = "test",
138+
NotExpired = true,
139+
ValidAt = true,
140+
ContainsClaim = "data",
141+
myclaim = "required value"
142+
}
99143
100144
-- generate key pair
101145
secret_key, public_key = paseto.generate_asymmetric_secret_key()
102146
103-
-- sign/verify without footer
147+
-- sign/verify without footer and without enforcing claim rules
104148
token = paseto.sign(secret_key, payload_claims)
105149
verified_claims = paseto.verify(public_key, token)
106150
107-
-- sign/verify with footer
151+
-- sign with footer
108152
token = paseto.sign(secret_key, payload_claims, footer_claims)
153+
154+
-- extract footer claims (e.g. to determine public key from kid claim)
109155
extracted_footer_claims, extracted_footer = paseto.extract_footer_claims(token)
110-
verified_claims = paseto.verify(public_key, token, extracted_footer)
156+
157+
-- verify without enforcing claim rules
158+
verified_claims = paseto.verify(public_key, token, nil, extracted_footer)
159+
160+
-- verify and enforce claim rules
161+
enforced_claims = paseto.verify(public_key, token, claim_rules, extracted_footer)
111162
```
112163

113164
#### Core API

0 commit comments

Comments
 (0)