paseto
Module: token::paseto
Section titled “Module: token::paseto”Contents
Section titled “Contents”Structs
PasetoV4Signer- PASETO v4.public token signer using Ed25519.PasetoV4Verifier- PASETO v4.public token verifier using Ed25519.
firma_core::token::paseto::PasetoV4Signer
Section titled “firma_core::token::paseto::PasetoV4Signer”Struct
PASETO v4.public token signer using Ed25519.
Implements [TokenSigner] by serializing [CapabilityClaims] into
a PASETO v4.public token signed with an Ed25519 private key.
Methods:
fn try_new(secret_key_bytes: &[u8]) -> Result<Self, TokenError>- Construct from raw Ed25519 secret key bytes (64 bytes: 32-byte seed + 32-byte public key).
Trait Implementations:
- Debug
fn fmt(self: &Self, f: & mut $crate::fmt::Formatter) -> $crate::fmt::Result
- TokenSigner
fn sign(self: &Self, claims: &CapabilityClaims) -> Result<String, TokenError>
firma_core::token::paseto::PasetoV4Verifier
Section titled “firma_core::token::paseto::PasetoV4Verifier”Struct
PASETO v4.public token verifier using Ed25519.
Implements [TokenVerifier] by verifying the Ed25519 signature,
checking expiration with a configurable clock skew leeway, and
deserializing claims from the token payload.
The leeway absorbs NTP drift and scheduling jitter between the Authority (issuer) and the Sidecar (verifier).
Methods:
fn try_new(public_key_bytes: &[u8]) -> Result<Self, TokenError>- Construct from raw Ed25519 public key bytes (32 bytes).fn with_leeway(self: Self, leeway: chrono::Duration) -> Self- Override the leeway applied during expiry validation.
Trait Implementations:
- Debug
fn fmt(self: &Self, f: & mut $crate::fmt::Formatter) -> $crate::fmt::Result
- TokenVerifier
fn verify(self: &Self, raw_token: &str) -> Result<CapabilityClaims, TokenError>