JSON Web Proofs

This page summarizes the projects mentioned and recommended in the original post on news.ycombinator.com
Paseto Composer Repositories Authentication wg-crypto Decrypt

InfluxDB - Power Real-Time Data Analytics at Scale
Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
www.influxdata.com
featured
SaaSHub - Software Alternatives and Reviews
SaaSHub helps you find the best software and product alternatives
www.saashub.com
featured

  • Coze

    Coze is a cryptographic JSON messaging specification.

    • Sanitized, well formed JSON is generally not horribly URL encoded. It's typically less overhead than base64.

    Also, for well formed JSON (not arbitrary JSON), it also works fine in HTTP headers. I think those two situations cover about 90% of use cases.

    For example, here is a JSON payload URL encoded. It's not too bad, and much better than base64:

    https://cyphr.me/coze#?input={%22pay%22:{%22msg%22:%22Hello%...

    URL encoded that payload is 288 bytes, as base 64 it is 318 bytes. (Here's another tool just for that: https://convert.zamicol.com/#?inAlph=text&in=%257B%2522pay%2...)

  • json-web-proofs

    Specification work for JSON Web Proofs

  • InfluxDB

    Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.

    InfluxDB logo

  • paseto-ts

    PASETO v4 (encrypt, decrypt, sign & verify) in TypeScript

    • Might I suggest Paseto (https://paseto.io/) - it solves a lot of the headaches of JWT. Signing and encryption are two different things that require two different sets of keys, so you can't mess it up.

    (Full disclosure, I've written one implementation: https://github.com/auth70/paseto-ts)

  • paseto

    Platform-Agnostic Security Tokens

    • Might I suggest Paseto (https://paseto.io/) - it solves a lot of the headaches of JWT. Signing and encryption are two different things that require two different sets of keys, so you can't mess it up.

    (Full disclosure, I've written one implementation: https://github.com/auth70/paseto-ts)

NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project

Related posts

  • Biscuit 3.0

    2 projects | news.ycombinator.com | 6 Apr 2023

  • Securing Your Golang Application: Unleashing the Power of Authentication and Authorization

    3 projects | /r/golang | 3 Apr 2023

  • Why JWTs Suck as Session Tokens (2017)

    2 projects | news.ycombinator.com | 2 Oct 2022

  • Paseto is everything you love about JWT without any of the design deficits

    4 projects | news.ycombinator.com | 2 Oct 2022

  • Paseto is everything you love about JWT without any of the design deficits

    1 project | /r/hypeurls | 2 Oct 2022