I have PHP application that uses ParagonIE/Paseto v3 library generation token for auth. NOw I am building new server on Nodejs and using paseto plugin, but token generated by PHP is invalid in Nodejs and versa. I am using symmetric key for encryption. For both apps using key like this: k3.local.*********
PHP code is like this:
public function __construct() {
global $paseToKey;
$this->sharedKey = new SymmetricKey($paseToKey);
}
public function encodeToken($id, $accountId, $role) {
return Version3::encrypt(json_encode([ 'id' => $id, 'accountId' => $accountId, 'role' => $role ]), $this->sharedKey);
}
public function decodeToken($token) {
return json_decode(Version3::decrypt($token, $this->sharedKey));
}
After trying to decrypt PHP token in NodeJS server I am getting error:
PasetoDecryptionFailed: decryption failed at v3decrypt (node_modules/paseto/lib/help/crypto_worker.js:89:38) at Object.v3Decrypt [as decrypt] (paseto/lib/v3/decrypt.js:17:13) { code: 'ERR_PASETO_DECRYPTION_FAILED'
Nodejs code looks like this:
const encodeToken = async (id, accountId, role = 'user') =>
V3.encrypt({ id, accountId, role }, process.env.PASETO_KEY, { expiresIn: '10y' });
const decodeToken = async (token) =>
V3.decrypt(token, process.env.PASETO_KEY, { ignoreExp: false, clockTolerance: '1s' });
I checked that nodejs app encode/decode token and auth works there but token from nodejs also is not valid in php app.
