README generating token example does not work
fireproofsocks opened this issue · 3 comments
Unless I've totally misconfigured something, the example from the README
for generating a token does not work:
iex(3)> {:ok, pk, sk} = Salty.Sign.Ed25519.keypair()
iex(4)> keypair = {pk, sk}
iex(5)> token = generate_token("v2", "public", "This is a test message", keypair)
** (CompileError) iex:5: undefined function generate_token/4
Expected: a valid string token.
Actual: CompileError.
I think the line should be:
token = Paseto.generate_token("v2", "public", "This is a test message", keypair)
It would also be nice if you included how to convert the pk
and sk
to a regular old copy-and-pasteable string so we could easily use it in a config file.
@fireproofsocks Thanks for bringing this up! I just went ahead and updated the README to include both of your suggestions.
Thanks! That's very helpful. How would you feel about demonstrating how to read a value from a config back for use in verifying a message, e.g.
# Reading your encoded keypair from storage in your configuration:
keypair = {Hexate.decode(Application.get_env(:myapp, :public_key)), Hexate.decode(Application.get_env(:myapp, :secret_key))}
(Since it's easy to get tripped up with how data is stored as binaries and how we tend to format it for human-readability)
I'm really hesitant to include configuration values as the recommended way of doing this because they're a kind-of poor way of handling rotating keys. I'm more inclined to not suggest because this library is meant as more of a low-level building block, whereas something like https://github.com/GrappigPanda/paseto_plug is meant to be a plug-and-play library.
With that said, there's an incoming big changeset that's adding more type info and making this library dialyzer safe, so it should be easier to determine what a keypair should represent in the future.