hako / branca Goto Github PK
View Code? Open in Web Editor NEW:key: Secure alternative to JWT. Authenticated Encrypted API Tokens for Go.
Home Page: https://branca.io
License: MIT License
:key: Secure alternative to JWT. Authenticated Encrypted API Tokens for Go.
Home Page: https://branca.io
License: MIT License
Is there is an upper limit?
This will untie our cgo dependency to the libsodium library, a proposal is being made to add XChaCha20 to golang.org/x/crypto
See golang/go#23885
sorry for this naive question but could you add a sentence or reference link about why JWT is insecure?
I want to refresh tokens every other day before they expire, to do this I'll probably need to get a timestamp from the token string somehow. The decoder doesn't expose this information, I'm hoping you'll perhaps add a method to get the timestamp alongside the payload.
maybe something like this
type Token struct {
Timestamp time.Time
Payload string
}
tkn, err := branca.DecodeToken(token) // -> Token, error
// what I want to do
if closeToExpiration(tkn.Timestamp) {
refreshTokenAndUpdateDB(
UserIdFromPayload(tkn.Payload)
)
}
Hi,
Your library is looking quite nice, but I noticed that you're using chacha20poly1305 from repository:
Were you planning to use the official algorithm from:
At least in your README example you're specifying the 32 byte key size, which would be the same as in the official algorithm. Aead's repository also recommends to use the official algorithm.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.