This is an unofficial initial implementation of PASETO: Platform-Agnostic Security Tokens for Python.

This is not yet production-ready; use at your own risk.

Forked from https://github.com/JimDabell/pypast, which was originally designed for an earlier spec of PASETO when it was still PAST.

pip install paseto

This is still in early development. It has not been reviewed in a security audit yet, so please be aware that it is not expected to be ready for use in production systems.

It currently only supports basic encrypt/decrypt of the "local" token type, V2. V1 is not as nice as V2, but we will accept a functional, clean, secure pull request for a V1 if you are interested.

No claims are processed yet. This means you have to implement json encode/decode yourself, as well as checking expiration.

    from paseto import PasetoV2
    import secrets
    my_key = secrets.token_bytes(32)
    # > b'M\xd48b\xe2\x9f\x1e\x01[T\xeaA1{Y\xd1y\xfdx\xb5\xb7\xbedi\xa3\x96!`\x88\xc2n\xaf'
    token = PasetoV2.encrypt(
    plaintext=b'plaintext is a bytes object that is encrypted',
    key=my_key,
    footer=b'footer is authenticated but not encrypted'
)
# > b'v2.local.ORiY6F6_uy391wB1my1LA9ANYgh7rih1bcAqswLqmuiKVaZmfmUfxB5off7gLwdHVwxc-QKIEAfEdzRNU5pHcrnefFO_aA4QQV15i_yKLyyOF9oURg.Zm9vdGVyIGlzIGF1dGhlbnRpY2F0ZWQgYnV0IG5vdCBlbmNyeXB0ZWQ'

    parsed = PasetoV2.decrypt(
            token, my_key
    )
    print(parsed['message'])
    print(parsed['footer'])